ucspi-ssl: update to 0.12.10. Changes:

0.12.8: - Added new x509 certs and key material; all ECC now. - Fixed wrong evaluation of peer cert in ssl_verify (none-critical). 0.12.9: - Included IP info in sslserver's TLS error messages for a quick lookup. - Fixed sslhandle's wrong if nesting. - sslserver return FATAL (and not ERROR) in case TLS is requested but missing. - Enhanced compatibility with OpenSSL 3.x.y. 0.12.10: - Added argument '-y cdb' to sslserver in order to allow a rule checking for IP addresses prior of the DNS/IDENT lookup (to cope with DDos attacks).
2023-12-09 19:10:12 +00:00 · 2023-12-09 19:10:12 +00:00 · 9b62392159
parent 276d9205af
commit 9b62392159
3 changed files with 12 additions and 14 deletions
--- a/net/ucspi-ssl/Makefile
+++ b/net/ucspi-ssl/Makefile
@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.62 2023/10/24 22:10:36 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2023/12/09 19:10:12 schmonz Exp $
 #

-DISTNAME=		ucspi-ssl-0.12.7
+DISTNAME=		ucspi-ssl-0.12.10
 PKGNAME=		${DISTNAME:S/-0./-0.999./}
-PKGREVISION=		3
 CATEGORIES=		net
 MASTER_SITES=		https://www.fehcom.de/ipnet/ucspi-ssl/
 EXTRACT_SUFX=		.tgz
@ -32,13 +31,13 @@ PKG_SYSCONFSUBDIR=	${PKGBASE}

 EGDIR=			${PREFIX}/share/examples/${PKGBASE}
 MAKE_DIRS+=		${PKG_SYSCONFDIR}
-CONF_FILES+=		${EGDIR}/dh1024.pem ${PKG_SYSCONFDIR}/dh1024.pem
+CONF_FILES+=		${EGDIR}/dh2048.pem ${PKG_SYSCONFDIR}/dh2048.pem

 DJB_CONFIG_DIR=		${WRKSRC}
 DJB_CONFIG_CMDS=							\
 	${ECHO} > conf-ssl;						\
 	${ECHO} ${SSLDIR}/certs > conf-cadir;				\
-	${ECHO} ${PKG_SYSCONFDIR}/dh1024.pem > conf-dhfile;		\
+	${ECHO} ${PKG_SYSCONFDIR}/dh2048.pem > conf-dhfile;		\
 	${ECHO} ${DEFAULT_MEDIUM_CIPHERS} > conf-ciphers;		\
 	${ECHO} it-base > src/it=d;

@ -70,11 +69,11 @@ do-install: do-install-sslperl
 	  ${INSTALL_MAN} ${WRKSRC}/man/${i} ${DESTDIR}${PREFIX}/${PKGMANDIR}/man2
 .endfor

-.for i in dh1024.pem
+.for i in dh2048.pem
 	  ${INSTALL_DATA} ${WRKSRC}/etc/${i} ${DESTDIR}${EGDIR}
 .endfor

-.for i in CERTS CHAIN-SSL CHANGES TLSVERSION_CIPHERSUITES TLS_1_3 TODO UCSPI-SSL
+.for i in CHAIN-SSL CHANGES TLSVERSION_CIPHERSUITES TLS_1_3 TODO UCSPI-SSL
 	  ${INSTALL_DATA} ${WRKSRC}/doc/${i} \
 	    ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
 .endfor
--- a/net/ucspi-ssl/PLIST
+++ b/net/ucspi-ssl/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2019/08/03 10:44:07 schmonz Exp $
+@comment $NetBSD: PLIST,v 1.7 2023/12/09 19:10:12 schmonz Exp $
 bin/https@
 bin/sslcat
 bin/sslclient
@ -12,11 +12,10 @@ man/man1/sslconnect.1
 man/man1/sslhandle.1
 man/man1/sslserver.1
 man/man2/ucspi-tls.2
-share/doc/ucspi-ssl/CERTS
 share/doc/ucspi-ssl/CHAIN-SSL
 share/doc/ucspi-ssl/CHANGES
 share/doc/ucspi-ssl/TLSVERSION_CIPHERSUITES
 share/doc/ucspi-ssl/TLS_1_3
 share/doc/ucspi-ssl/TODO
 share/doc/ucspi-ssl/UCSPI-SSL
-share/examples/ucspi-ssl/dh1024.pem
+share/examples/ucspi-ssl/dh2048.pem
--- a/net/ucspi-ssl/distinfo
+++ b/net/ucspi-ssl/distinfo
@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.31 2023/05/29 11:52:59 schmonz Exp $
+$NetBSD: distinfo,v 1.32 2023/12/09 19:10:12 schmonz Exp $

-BLAKE2s (ucspi-ssl-0.12.7.tgz) = 769e207fd5d57a1cfbc4966ea8e7021d542d222218d931727754b334327b559c
-SHA512 (ucspi-ssl-0.12.7.tgz) = a2a8ba4ebe05f7e88e4416df0d77b79c98d6968e89ec72e84834825a4978c3432afc5dcc109bcde61216bae48d1d84ba42814dba9f1d582b6d3d7d24c2dee905
-Size (ucspi-ssl-0.12.7.tgz) = 81920 bytes
+BLAKE2s (ucspi-ssl-0.12.10.tgz) = f7a1722367a8009e8d37bdba78b54637331a691c01bed6ae10418abc162012fc
+SHA512 (ucspi-ssl-0.12.10.tgz) = 3d71b6aa636528abcf5b1cedb47b95c89f974cb1e8275d70922cb09eafbe41bf630afa77f904252b4d4a1c1858fdbe6c75c5fe209128e20a94ed53081b516a84
+Size (ucspi-ssl-0.12.10.tgz) = 81920 bytes
 SHA1 (patch-src_print-dl.sh) = 456ae878c5116bbdfab1e9b4c049f6e4e80bc2b1
 SHA1 (patch-src_print-ld.sh) = f05f316eb6b95a3a9cb5726c9e7bb2d27dfc1b7b
 SHA1 (patch-src_ucspissl.h) = 4f9724be72a9fa9310bd5969f84767ff1b88260c