Commit graph

28 commits

Author SHA1 Message Date
wiz
c30c5fbc0b *: recursive bump for nettle 3.5.1 2019-07-20 22:45:58 +00:00
ryoon
6fc378bce9 Recursive revbump from textproc/icu 2019-04-03 00:32:25 +00:00
adam
16dd5de231 revbump after updating textproc/icu 2018-12-09 18:51:58 +00:00
ryoon
b9c1e1d533 Recursive revbump from textproc/icu-62.1 2018-07-20 03:33:47 +00:00
wiz
e5209a786e Add p11-kit to gnutls/bl3.mk and bump dependencies. 2018-04-17 22:29:31 +00:00
adam
299d329d51 revbump after icu update 2018-04-14 07:33:52 +00:00
adam
8977d31a36 Revbump after textproc/icu update 2017-11-30 16:45:00 +00:00
maya
33ebf687dc revbump for requiring ICU 59.x 2017-09-18 09:52:56 +00:00
wiz
ef141a6b79 Reset maintainer 2017-09-16 19:26:41 +00:00
wiz
7909ca8cec Comment out dead sites. 2017-08-16 20:45:30 +00:00
adam
75a9285105 Revbump after icu update 2017-04-22 21:03:07 +00:00
ryoon
36ed025474 Recursive revbump from textproc/icu 58.1 2016-12-04 05:17:03 +00:00
wiz
a82aa43c18 Recursive PKGREVISION bump for gnutls shlib major bump. 2016-09-19 13:04:18 +00:00
ryoon
ac20a93574 Recursive revbump from textproc/icu 57.1 2016-04-11 19:01:33 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
203292f73e Add SHA512 digests for distfiles for net category
Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 00:34:51 +00:00
ryoon
b141232e29 Recursive revbump from textproc/icu 2015-10-10 01:57:50 +00:00
wiz
1a8b91542f Bump PKGREVISION for nettle shlib major bump. 2015-08-23 14:30:35 +00:00
rodent
ff44be253e Add sqlite3 PKG_OPTION. USE_CMAKE instead of autotools. Update openssl
dependency. Bump BUILDLINK_A{B,P}I* in buildlink3.mk due to API changes.

From NEWS:

== GNU ZRTP 4.4.0 ==

Changes the handling of HMAC and Hash contexts to avoild tool
many malloc/free calls and thus memory pointer problems.

Enhance the handling an check the nonce when using multi-stream
mode. This required a modification to the class file and some
modifications on the API. The old functions are now deprecated
but still usable. Nevertheless you should change your application
to use the new fuctions which support the new nonce handling and
checks.

Some bug fixing as well.

== GNU ZRTP 4.3.1 ==

This is a bugfix release. It fixes several compiler issues in
iOS8 Clang, Mircosoft C++ compiler (VS 2012) etc.

This release also adds a fix to address a possible problem when
using 'memset(...)' on a memory area immediately followed by a
'free(...)' call to free this memory area. Some compilers may
otpimize the code and do not call 'memset(...)'. That's bad for
software that deals with secure keys :-) . The fix removes this
possible vulnerability.


== GNU ZRTP 4.3.0 ==

This version adds some new API that provide to set retry timer
values and to get some retry counters.

Application may now set some values of the retry counters during
the discovery (Hello) and the negotiation phase. Applications may
increase the number of retries or modify the capping to support
slow or bad networks.

To get some idea about the actual number of retries during ZRTP
negotiation an application may now use the new API to get an array
of counters. The ZRTP state engine records how many retries occured
during the different protocol states.

Note: only the ZRTP initiator performs packet retries after the
discovery (Hello) phase. The responder would always return zero
alues for the other retry counters.

Because we have a new set of functions the API changed, thus it's
necessary to recompile applications that use the new library version.


== GNU ZRTP 4.2.4 ==

Only small changes to enable Android X86 (see clients/tivi/android)
as an example.

Rename functions aes_init() to aes_init_zrtp() to avoid names clashes
with other libreries that may include own AES modules.


== GNU ZRTP 4.2.3 ==

The optional SAS relay feature (refer to RFC6189, chapter 7.3) is
not longer compiled by default. If your project needs this support
then modify the CMakeLists.txt file and uncomment a 'add_definition'
statments. See comment in the CMakelists.txt file.

The reasons to disable this optional feature in the default build:
it's rarely used and some concerns about misusing this feature.


== GNU ZRTP 4.2.2 ==

A small enhancement in SRTP handling to provide a longer bit-shift
register with 128 bits. The replay now check accepts packets which
are up to 127 sequence number behing the current packet. The upper
layer (codecs) gets more packets on slower/bad networks that we may
see on mobile 3G/4G connections.

If the codecs do not remove silence then this may lead to some longer
audio replay, similar to sattelite communication.


== GNU ZRTP 4.2.1 ==

Bug fixes in the SRTP part that checks for replay and updates the ROC.

The wrong computations lead to false replay indications and to wrong
HMAC, thus they dropped to much packets, in particular under bad network
conditions.

Changed the handling the the zrtp_getSasType function the the ZrtpCWrapper.
Please check the inline documentation and the compiler warning how to
use the return value of the function.
2015-04-18 03:36:23 +00:00
rodent
a8bed6de74 Bumping BUILDLINK_ABI_DEPENDS.libzrtpcpp. 2014-04-07 05:34:23 +00:00
rodent
ae1c8c109a Updated to latest release, 4.2.0. Shared library name change. From NEWS:
Implemented a new function to read the ZID file if the ZID file backend
is SQlite3. This is not a security problem because the ZRTP cache was
always public and readable, refer to RFC6189.

SQL statement returns all ZID records, sorted by date, newest on top. The
function can then step thru the DB cursor and read the records.

The version also include sevral fixes, usually compiler warnings, some
small problems reported by 'cppcheck' analyser.

Because we have a new set of functions the API changed, thus it's necessary
to recompile applications that use the new library version.
2014-04-07 04:11:22 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
wiz
a0176db1ee Remove FETCH_USING, not a package-setable variable. 2014-01-12 10:46:15 +00:00
rodent
043a1c5c47 Updated to latest release, 4.1.2. Resolves:
http://secunia.com/advisories/53818/ From NEWS:
== GNU ZRTP 4.1.1 ==

Is a bug fix release that fixes some problems when building a standalone
version of the library, i.e. with embedded crypto algorithms and not using
on openSSL.

Another fix was necessary for NetBSD thread handling.


== GNU ZRTP 4.1.0 ==

Small enhancements when dealing with non-NIST algorithms. An application may
set a ''algorithm selection policy'' to control the selection behaviour. In
addition the the standrad selection policy (as per RFC6189) this version
provides a _non-NIST_ selection policy: if the selected public key algorithm
is a non-NIST ECC algorithm then the other selection functions prefer non-NIST
HASH algorithms (Skein etc).


== GNU ZRTP 4.0.0 ==

For this version I added some new algorithms for the DH key agreement
and the Skein Hash for ZRTP. Not further functional enhancments.

Added a new (old) build parameter -DCORE_LIB that will build a ZRTP core
library. This was available in V2.3 but I somehow lost this for 3.0
You may add other build parameters, such as SQLITE and CRYPTO_STANDALONE
if you build the core library.


== GNU ZRTP 3.2.0 ==

The main ZRTP modules contain fixes for three vulnerabilities found by Mark
Dowd. Thus we advise application developers to use this version of the
library. The vulnerabilities may lead to application crashes during ZRTP
negotiation if an attacker sends prepared ZRTP packets. The fixes remove these
attack vectors.

Some small other enhancements and cleanup, mainly inside client code.

Some enhancements in cache handling and the handling of retained shared
secrets. This change was proposed by Phil, is a slight security enhacement and
is fully backward comaptible.

Because of some API changes clients must be compiled and linked with the new
library.

For details please refer to the Git logs.


== GNU ZRTP 3.1.0 ==

This version adds some new features and code that supports some other
client and this accounts for the most changes inside this release.

The ZRTP core functionality was not changed as much (bug fixes, cleanup
mainly) and remains fully backward compatible with older library
versions. However, one nice enhancement was done: the addition of a standalone
SDES support module. This module supports basic SDES only without the fancy
stuff like many other SDES implementations. Thus it's pretty interoperable.

Some other features are:
- add some android support for a client, may serve as template for others
- documentation and code cleanup

Because of some API changes clients must be compiled and linked with the new
library.


== GNU ZRTP 3.0.0 ==

This is a major enhancement and restructuring of the overall ZRTP
distribution. This was necessary because more and more other clients use ZRTP
and add their specific glue code. Also some clients are not prepared to use
openSSL or other crypto libraries to their code and distributions.

Here a summary of the changes
- a new directory layout to accomodate various clients
- add standalone crypto modules, for example for AES, to have a real
  standalone ZRTP/SRTP library that does not require any other crypto library
  (optional via CMake configuration)
- Re-structure ZRTP cache and add SQlite3 as optional storage backend

The default settings for CMake build the normal ZRTP library that use openSSL
as crypto backend, use the normal file based cache and include the GNU ccRTP
modules. This is a librray that is to a large degree compatible with the
earlier builds.

Please refer to the top level CMakeFile.txt for options how to switch on the
standalone crypto mode or the SQlite3 based cache storage.
2014-01-10 02:58:51 +00:00
wiz
e03c03b6dc Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump. 2014-01-01 11:52:02 +00:00
rodent
4332516351 Updated to latest release. No functional differences in pkgsrc files. From
ChangeLog:
2.3.3:

- fallback to gcrypt if no openssl elliptical support
2013-06-27 01:40:45 +00:00
rodent
8f16a3b3a3 Reduce included dependencies. 2013-04-22 06:10:42 +00:00
rodent
e4e417472f Import libzrtpcpp-2.3.2 as net/libzrtpcpp.
libzrtpcpp, a separate extension package to ccrtp, provides support for the ZRTP
protocol (as defined in the Internet draft draft-zimmermann-avt-zrtp).
2013-04-17 00:55:35 +00:00