Commit graph

55 commits

Author SHA1 Message Date
adam
6b82056761 libksba: updated to 1.6.2
Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2]
------------------------------------------------

 * Fix integer overflow in the CRL parser.
2022-10-09 07:51:10 +00:00
adam
fb88339cd7 libksba: updated to 1.6.1
Noteworthy changes in version 1.6.1 (2022-09-16)
------------------------------------------------
* Allow an OCSP server not to return the sent nonce.
2022-09-27 12:47:26 +00:00
adam
8aa072822e libksba: updated to 1.6.0
Noteworthy changes in version 1.6.0 (2021-06-10) [C22/A14/R0]
------------------------------------------------

 * Limited support for the Authenticated-Enveloped-Data content type.
   [81fdcd680c12]

 * Support password based decryption.  [cb7f2484a09c]

 * Fix build problem on macOS.

 * Silence warnings from static analyzers.

 * Interface changes relative to the 1.5.0 release:
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   KSBA_CT_AUTHENVELOPED_DATA       NEW.

 Release-info: https://dev.gnupg.org/T5479


Noteworthy changes in version 1.5.1 (2021-04-06) [C21/A13/R1]
------------------------------------------------

 * Support Brainpool curves specified by ECDomainParameters.

 Release-info: https://dev.gnupg.org/T5379


Noteworthy changes in version 1.5.0 (2020-11-18) [C21/A13/R0]
------------------------------------------------

 * ksba_cms_identify now identifies OpenPGP keyblock content.

 * Supports TR-03111 plain format ECDSA signature verification.

 * Fixes a CMS signed data parser bug exhibited by a somewhat strange
   CMS message.  [b6438e768c]

 * Interface changes relative to the 1.4.0 release:
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   KSBA_CT_OPENPGP_KEYBLOCK         NEW.

 Release-info: https://dev.gnupg.org/T5146
2022-01-13 08:07:20 +00:00
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
adam
fd33f1baf8 libksba: updated to 1.4.0
Noteworthy changes in version 1.4.0
-----------------------------------
 * Supports ECDSA and EdDSA certificate creation and parsing.
 * Supports ECDH enveloped data.
 * Supports ECDSA and EdDSA signed data.
 * Supports rsaPSS signature verification.
 * Supports standard file descriptors in ksba_reader_read.
 * New configure flag --disable-doc.
 * Improves supports for reproducible builds.
 * Allows for optional elements in keyinfo objects.
 * Updates the config and M4 scripts to the latest version.
 * Fixes error detection in the CMS parser.
 * Fixes memory leak in ksba_cms_identify.
 * Fixes build warnings on macOS.
 * Uses --disable-new-dtags if LD_LIBRARY_PATH is defined.
 * New constants KSBA_VERSION and KSBA_VERSION_NUMBER.
 * New API to make creation of DER objects easy.
 * Interface changes relative to the 1.3.5 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 KSBA_VERSION                     NEW.
 KSBA_VERSION_NUMBER              NEW.
 KSBA_CT_SPC_IND_DATA_CTX         NEW.
 KSBA_CLASS_*                     NEW.
 KSBA_TYPE_*                      NEW.
 ksba_der_t                       NEW.
 ksba_der_release                 NEW.
 ksba_der_builder_new             NEW.
 ksba_der_builder_reset           NEW.
 ksba_der_add_ptr                 NEW.
 ksba_der_add_val                 NEW.
 ksba_der_add_int                 NEW.
 ksba_der_add_oid                 NEW.
 ksba_der_add_bts                 NEW.
 ksba_der_add_der                 NEW.
 ksba_der_add_tag                 NEW.
 ksba_der_add_end                 NEW.
 ksba_der_builder_get             NEW.
2020-08-03 15:30:06 +00:00
gdt
d17744c27a Add patch to resolve gpgsm S/MIME failures
S/MIME messages encrypted with gpgsm are sometimes not decodable by
other implementations.  Discussion on gnupg-devel indicates that gpg
(via libksba) is incorrectly dropping leading zeros from the encrypted
session key.  This commit adds a patch by Daiki Ueno from the
mailinglist that appears to improve interoperability.  Upstream has
not yet applied it, but also has not said that it is wrong.
2017-05-30 22:40:17 +00:00
wiz
e364797441 Updated libksba to 1.3.5.
Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6]
------------------------------------------------

 * Limit the allowed size of complex ASN.1 objects (e.g. certificates)
   to 16MiB.

 * Avoid read access to unitialized memory.

 * Improve detection of invalid RDNs.

 * Encode the OCSP nonce value as an octet string as described by
   RFC-6960.
2016-08-22 12:32:11 +00:00
bsiegert
06a3818f9b Update libksba to 1.3.4, fixing several vulnerabilities.
Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4]
------------------------------------------------

 * Fixed two OOB read access bugs which could be used to force a DoS.

 * Fixed a crash due to faulty curve OID lookup code.

 * Synced the list of supported curves with those of Libgcrypt.

 * New configure option --enable-build-timestamp; a build timestamp is
   not anymore used by default.
2016-06-18 07:25:13 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
wiz
df48884e15 Update to 1.3.3:
Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
------------------------------------------------

 * Fixed an integer overflow in the DN decoder.

 * Now returns an error instead of terminating the process for certain
   bad BER encodings.

 * Improved the parsing of utf-8 strings in DNs.

 * Allow building with newer versions of Bison.

 * Improvement building on Windows with newer versions of Mingw.
2015-07-05 18:24:10 +00:00
wiz
474de5a155 Update to 1.3.2. Add comment to patch.
Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
------------------------------------------------

 * Fixed a buffer overflow in ksba_oid_to_str.


Noteworthy changes in version 1.3.1 (2014-09-18)
------------------------------------------------

 * Fixed memory leak in CRL parsing.

 * Build fixes for Windows, Android, and ppc64el.
2014-11-25 14:35:37 +00:00
wiz
e03c03b6dc Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump. 2014-01-01 11:52:02 +00:00
riastradh
becba70bd6 Fix recent change to security/libksba for cross-compilation.
Need to include bsd.prefs.mk before testing USE_CROSS_COMPILE.

Not sure how this slipped through -- could've sworn I tested this.
2013-05-12 00:28:52 +00:00
riastradh
56edfffde9 Fix cross-build of libksba with CC_FOR_BUILD=NATIVE_CC. 2013-05-10 20:24:17 +00:00
drochner
d2d9b52ac0 update to 1.3.0
changes:
-licensing change: gplv3 -> lgplv3 + gplv2
-minor fixes
2013-03-15 18:17:55 +00:00
wiz
bd06e1cb46 Reset MAINTAINER/OWNER (became observers) 2013-02-01 22:21:05 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
obache
1d9df3258a recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
adam
35f76384c9 Changes 1.2.0:
* New functions to allow the creation of X.509 certificates.
* Interface changes relative to the 1.1.0 release:
  ksba_certreq_set_serial          NEW
  ksba_certreq_set_issuer          NEW
  ksba_certreq_set_validity        NEW
  ksba_certreq_set_siginfo         NEW
2011-03-11 07:22:05 +00:00
drochner
86be3a7ef6 update to 1.1.0
change: New functions to fix a leak in dirmngr
2010-11-26 18:00:17 +00:00
drochner
da422cb954 update to 1.0.8
change: Fixed a CMS parsing bug exhibited by Lotus Notes
2010-09-01 16:35:15 +00:00
joerg
1d5ac0ccd3 Not MAKE_JOBS_SAFE. 2009-12-21 18:58:40 +00:00
drochner
dd6bc89388 update to 1.0.7
changes:
-misc fixes and improvements
-Support DSA
-Support SHA-{384,512} based signature generation
reviewed by John R. Shannon
2009-12-15 19:27:36 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
joerg
f605fec2db Mark as destdir ready. 2008-07-14 12:55:56 +00:00
shannonjr
65ba8191db Update to 1.0.2 as required by gnupg 2.0.5. 2007-08-04 11:57:16 +00:00
minskim
162b528f42 Make this package build on Darwin. Patch from Darwinports.
This fixes PR 35400.
2007-01-11 00:02:53 +00:00
joerg
815a56579d Fix dependency. No cookie for shannonjr. 2006-10-12 16:19:03 +00:00
shannonjr
513e992735 Update to 1.0.0. After about 5 years of beta testing, I am pleased to announce the
availability of libksba 1.0.0.

Libksba is an X.509 and CMS (pkcs#7) library.  It is for example
required to build the S/MIME part of GnuPG (gpgsm)
2006-10-11 11:14:33 +00:00
jlam
c16221a4db Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.

For example, "make show-buildlink3" in fonts/Xft2 displays:

	zlib
	fontconfig
	    iconv
	    zlib
	    freetype2
	    expat
	freetype2
	Xrender
	    renderproto
2006-07-08 23:10:35 +00:00
jlam
9430e49307 Track information in a new variable BUILDLINK_ORDER that informs us
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
2006-07-08 22:38:58 +00:00
rillig
96fc47c14f Aligned the last line of the buildlink3.mk files with the first line, so
that they look nicer.
2006-04-12 10:26:59 +00:00
reed
5abef9be14 Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).
2006-04-06 06:21:32 +00:00
jlam
739ade02f5 List the info pages directly in the PLIST and ensure that we honor
PKGINFODIR.
2006-03-31 23:56:28 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
shannonjr
1d61d6adb1 Update to 0.9.13. This is a bug fix release. 2006-01-06 09:55:52 +00:00
shannonjr
2e5cdad2a5 Update from 0.9.10 to 0.9.11. This is part of a multi-package update
for S/MIME capability involving gnupg-devel and dirmngr also. The
changes to this pkg are bug fixes.
2005-04-23 12:25:05 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
shannonjr
dcc7d5dc1e Update to release 0.9.10. This is a bugfix release. 2004-12-03 21:58:54 +00:00
shannonjr
748155ca2e 1) Taking over maintainance of package on agreement with previous
maintainer Klaus Klein.
2) Update to version 0.9.7 to satisfy version requirements for, soon to
   be committed, gnupg2 (1.9.10) that provides SMIME support.
Libksba is a library to make the tasks of working with X.509 certificates,
CMS data and related objects more easy. It a highlevel interface to the
implemented protocols and presents the data in a consistent way.
2004-10-11 09:46:44 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
jlam
1a280185e1 Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:

	lib/libfoo.a
	lib/libfoo.la
	lib/libfoo.so
	lib/libfoo.so.0
	lib/libfoo.so.0.1

one simply needs:

	lib/libfoo.la

and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.

Also make LIBTOOLIZE_PLIST default to "yes".
2004-09-22 08:09:14 +00:00
jlam
7db11b582a Fix serious bug where BUILDLINK_PACKAGES wasn't being ordered properly
by moving the inclusion of buildlink3.mk files outside of the protected
region.  This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.

BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list.  This ordering property is used to check for builtin
packages in the correct order.  The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end.  However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
2004-03-18 09:12:08 +00:00
jlam
9ff0e10340 Reorder location and setting of BUILDLINK_PACKAGES to match template
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
2004-03-05 19:25:06 +00:00
minskim
3976305efb Not used any more. 2004-02-25 18:16:28 +00:00
minskim
62b096c9c5 Bump BUILDLINK_DEPENDS due to library major bump. 2004-02-25 18:10:49 +00:00
minskim
6d3ec2b779 Update libksba to 0.9.4.
Changes since 0.9.1:
 * Support for Extended Key Usage.
 * ksba_cms_identify may no return a pseudo content type for pkcs#12
   files.
 * Cleaned up the DN label table.
 * Fixed a bug in creating CMS signed data.
 * Interface changes:
	ksba_reader_clear             NEW.
	ksba_cert_get_ext_key_usages  NEW.
	KSBA_CT_PKCS12                NEW.
2004-02-25 18:08:27 +00:00
minskim
f5e93c14ab Bump PKGREVISION due to the update of libgcrypt. 2004-02-25 15:53:17 +00:00