Commit graph

9432 commits

Author SHA1 Message Date
tm
1c54964c87 gnupg2: add options for bzip2 and zlib 2018-05-08 11:56:21 +00:00
gavan
6d487782e4 sshpass: update to 1.06 and patch to fix tty issue
Changes since 1.0.5:

Version 1.06
	* Add -P for overriding the password prompt we search for
	* Add -v for verbose logging of the prompt detection prompt.
	* Allow packagers and compilers to change the default password prompt.
	* When giving -V, also print the default password prompt.

Also, add patch from FreeBSD to fix tty issue which prevents sshpass from
seeing the password prompt.
2018-05-06 17:45:30 +00:00
leot
be31306ead password-store: Update security/password-store to 1.7.1
pkgsrc changes:
 - Rename `xclip' PKG_OPTION to `x11' (and add a PKG_OPTIONS_LEGACY_OPTS
   accordingly) and also depends on converters/base64 (needed by the `--clip'
   option, like xclip) and qrencode (needed by the new `--qrcode' option).
 - Add support for `test' target and adjust the part of the test suite for
   gnupg>=2.2.5 via patches/patch-tests_t0300-reencryption.sh.
 - sysutils/pwgen is no more needed, remove it from DEPENDS
   (now `tr -dc '<characters>' < /dev/urandom' is used instead)
 - Add patches/patch-contrib_dmenu_passmenu to fix `passmenu --type'
   (at least xdotool-2.20110530.1 does not support any `--file' option used by
   passmenu)
 - Adjust PAX invocations in `do-install' target to ignore possible `*.orig'
   and `.gitignore' files.

Changes
1.7.1
-----
== Bug Fixes ==
* Fix test suite on OS X
* Add compatibility with GnuPG 2.2.19
* Uniformly use the $GPG variable
* Do the correct thing with subkeys when reencrypting

1.7
---
== New Features ==
* Extensions: pass can now load user-defined extensions from a system
  directory or a user directory. There's already a nice ecosystem of
  extensions being built, even at this early stage. See the pass man page for
  more information.
* Signatures: there is now an option to enforce signatures of the .gpg-id file
  and extensions using an environment variable.
* QRCodes: generate and show have now learned the --qrcode/-q switch. Note to
  package maintainers: this adds a dependency on the popular qrencode package.
* Password generation: rather than use pwgen, we now use /dev/urandom more
  directly, which results in more assured password security, as well as
  customizable character sets, via an environment variable. See the pass man
  page for more information on this customization. Package maintainers: you
  may now drop the dependency on pwgen.
* Importers: there now are several more importers. More and more folks are
  moving to pass!
* Selectable clipping: you can now specify which line you wish to copy to the
  clipboard or display with a qrcode when using -c or -q.
* Git discovery: The PASSWORD_STORE_GIT environment variable has been removed,
  and instead pass will automatically choose the git repository closest to the
  file being modified (but not out of the actual password store itself). This
  should help people who like to nest git repos for different organizations.
* Bug fixes: too many to count.

== Note To Distros ==
* Drop the dependency of pwgen.
* Add the dependency of qrencode.
* The Makefile now does the right thing with DESTDIR, so you might want to
  double check that your package recipe does the right thing.
* The semantics for auto-detection of bash completion has changed, with new
  environment variables for such things. See INSTALL for details.
2018-05-06 11:56:58 +00:00
wiz
7245fefc33 p5-Net-OpenSSH: update to 0.78.
0.78  May 5, 2018
	- Free master pty when the user calls disconnect (bug report
          by Jaroslav Reindl, #rt125240).
2018-05-06 06:55:59 +00:00
he
0706bc1bbf Add this file now that we have a patch.
My "make mps" and subsequent "cvs commit" didn't add this file
as it would "normally" have done...
2018-05-04 21:51:18 +00:00
he
c326a3785e Add a patch fixing a typo and potential 10-byte buffer overrun. 2018-05-04 14:52:26 +00:00
adam
d3ade54ed8 gnupg2: updated to 2.2.7
changes in version 2.2.7:
* gpg: New option --no-symkey-cache to disable the passphrase cache
  for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
  of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile.
* ssh: Return an error for unknown ssh-agent flags.
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
  caches under Windows.
* dirmngr: Fix a CNAME problem with pools and TLS.  Also use a fixed
  mapping of keys.gnupg.net to sks-keyservers.net.
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https.  Here a redirection to
  http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
  This stopped working with 2.1.
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
  debugging.
2018-05-04 06:08:40 +00:00
adam
eba825232a libgpg-error: updated to 1.31
changes in version 1.31:
* Fixes another problem with gpgrt_poll under Windows.
* New translation for Spanish.
2018-05-04 05:43:42 +00:00
minskim
f537b8af50 security/Makefile: Add ruby-openssl-ccm 2018-05-03 22:13:49 +00:00
minskim
11d9feff78 security/ruby-openssl-ccm: Import version 1.2.1
Ruby Gem for RFC 3610 - Counter with CBC-MAC (CCM).
2018-05-03 22:13:47 +00:00
wiz
2f284593e8 sudo: bump PKGREVISION for PLIST change. 2018-05-02 21:21:10 +00:00
wiz
a8336fb2ed p5-Digest-SHA: update to 6.02.
6.02  Fri Apr 20 16:25:30 MST 2018
	- silenced compiler warnings from VS2017
		-- ref. rt.cpan.org #124477
		-- thanks to Sergey Aleynikov for diagnostics
	- modified addfile to return error when given a directory name
		-- makes behavior consistent with GNU coreutils shaXsum
		-- thanks to Scott Baker for pointing this out
2018-05-02 13:27:50 +00:00
wiz
93892dd77f p5-CryptX: update to 0.060.
0.060   2018-05-01
        - bundled libtomcrypt update
        - Math::BigInt::LTM - remove buggy tests failing with the latest Math::BigInt
        - basically no changes to the perl modules
2018-05-02 13:27:09 +00:00
wiz
7d37bc4d80 p5-Crypt-OpenSSL-Random: update to 0.15.
0.15  2018-04-22 rurban
        - fix mingw hints for pkg-config support (akiym, PR #7)
2018-05-02 13:23:54 +00:00
wiz
b139994fe6 p5-Crypt-OpenSSL-RSA: update to 0.30.
0.30 Tue May 1 2018
        - Working windows library detection
        - Actively testing on appveyor for windows now.
        - work correctly on LibreSSL

0.29_03  Mon Apr 16 2018
        - Add whirlpool hash support.
        - Crypt::OpenSSL::Random is now required at comnpile-time.
        - Use the new interface to RSA_generate_key if available
        - Add library paths to LIBS from Crypt::OpenSSL::Guess
2018-05-02 13:22:44 +00:00
markd
1081ff3d83 py-requests-kerberos: s/pykerberos/kerberos/
Make sure python requires matches dependencies, to keep pip happy.
2018-05-02 10:59:49 +00:00
triaxx
6b02c37227 sudo: fix PR 53248 2018-05-02 07:33:13 +00:00
wiz
8f95006bff libtasn1: add bison build dependency.
Fixes build on -current after patch-lib_ASN1.y was added.
2018-05-01 06:58:07 +00:00
wiz
acdf231c2d libgpg-error: update to 1.30.
Remove hack for DragonFly/i386, DragonFly is 64-bit only nowadays.

Noteworthy changes in version 1.30 (2018-04-30) [C24/A24/R1]
-----------------------------------------------

 * Fix for a hang on Windows when using gpgrt_poll under nPth.

 * Build fix for Solaris.  [#3869]
2018-04-30 10:34:23 +00:00
adam
bd6dd8b3bb py-m2crypto: updated to 0.30.1
0.30.1:
- Fix packaging (missed packaging testing file)
2018-04-30 08:51:15 +00:00
ryoon
a1a1d3360a Remove required version 2018-04-30 06:52:06 +00:00
ryoon
9444e74415 Revert previous security/openssl is 1.0
Pointed by wiz@, thank you.
2018-04-30 06:50:58 +00:00
ryoon
1826aedfab Fix build with OpenSSL 1.1
* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS
2018-04-30 05:25:24 +00:00
adam
35aa3efc12 revbump for boost-libs update 2018-04-29 21:31:17 +00:00
dholland
8a8150b5cb Bump PKGREVISION for previous. 2018-04-29 06:00:39 +00:00
wiz
e3801e2eb0 polkit: update to 0.114.
--------------
polkit 0.114
--------------

WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.

This is polkit 0.114.

Highlights:
 Port to mozjs 52, the latest version of the firefox JavaScript engine.

 Add gettext support for policy files

 Fixes for various memory leaks

Build requirements

 glib, gobject, gio    >= 2.32
 mozjs-52
 gobject-introspection >= 0.6.2 (optional)
 pam (optional)
 ConsoleKit OR systemd

Changes since polkit 0.113:

Anders Jonsson (2):
      pkcheck: fix man typos
      Add Swedish translation

Antoine Jacoutot (1):
      Add support for OpenBSD

Christian Kirbach (1):
      Add German translation

Colin Walters (3):
      build: Pull in GCC warning infra from ostree
      build: Use AC_USE_SYSTEM_EXTENSIONS
      tests: Correct boundary test for overflow

Dariusz Gadomski (2):
      Fix multi-line pam text info.
      Refactor send_to_helper usage

Gabor Kelemen (1):
      Add initial Hungarian translation, and add hu to LINGUAS

Jeremy Linton (5):
      change mozjs interface module to c++
      Switch to hard requiring mozjs24
      Fix warnings caused by building with C++
      Replace autocompartment
      test: Add a test case to handle actions without explicit rules

Jiří Klimeš (1):
      trivial: fix deprecated indication for polkit_agent_register_listener()

Matthias Clasen (1):
      Add gettext support for .policy files

Miloslav Trmač (21):
      Post-release version bump to 0.114
      Consistently use HAVE_NETGROUP_H instead of HAVE_OPENBSD
      Fix a memory leak of PolkitAgentListener's Server object
      Remove polkitbackendconfigsource.[ch]
      Add Slovak translation by Dusan Kazik <prescott66@gmail.com>
      Add Indonesian translation by Andika Triwidada
      Add Chinese (Taiwan) translation
      Fix a typo in polkit(8)
      Simplify GVariant reference counting
      Fix a memory leak on an error path of lookup_asv (twice)
      Fix a memory leak in server_handle_register_authentication_agent_with_options
      Fix a memory leak in server_handle_unregister_authentication_agent
      Fix a memory leak in server_handle_authentication_agent_response{,2}
      Fix memory leaks in server_handle_*_temporary_authorizations
      Fix error handling in polkit_authority_enumerate_temporary_authorizations_finish
      Fix a memory leak per agent authentication
      Fix a memory leak on agent authentication cancellation
      Audit and fix GVariant reference counting
      Fix help for (pkttyagent -s)
      Fix a race condition when terminating runaway_killer_thread
      Move to current GLib

Mingye Wang (Arthur2e5) (1):
      Add zh_CN translation

Muhammet Kara (1):
      Added Turkish translation

OBATA Akio (1):
      Add support for NetBSD

Peter Hutterer (1):
      gettext: switch to default-translate "no"

Philip Withnall (3):
      polkit: Add g_autoptr() support for GObject-derived polkit types
      data: Set GIO_USE_VFS=local in the environment
      polkitbackend: Fix typos in a couple of initialisation error messages

Piotr Drąg (1):
      Add Polish translation

Rafael Fontenelle (1):
      Add Brazilian Portuguese translation

Ray Strode (34):
      configure: bump mozjs requirement to 52
      jsauthority: fix how classes are defined
      jsauthority: use JS_FN instead of JS_FS
      jsauthority: get rid of JSRuntime
      jsauthority: change how setVersion is called
      jsauthority: call JS_Init
      jsauthority: call JS_InitSelfHostedCode
      jsauthority: change how JIT is disabled
      jsauthority: JS::SetWarningReporter instead of JS_SetErrorReporter
      jsauthority: add UTF8 suffix to renamed functions
      jsauthority: pass "%s" format string to report functions
      jsauthority: s/JSBool/bool/
      jsauthority: s/jsval/JS::Value/
      jsauthority: s/JSVAL_NULL/JS::NullValue()/
      jsauthority: s/JSVAL_VOID/JS::UndefinedValue()/
      jsauthority: s/OBJECT_TO_JSVAL/JS::ObjectValue/
      jsauthority: s/STRING_TO_JSVAL/JS::StringValue/
      jsauthority: s/BOOLEAN_TO_JSVAL/JS::BooleanValue/
      jsauthority: JSVAL_TO_OBJECT (o) to o.toObjectOrNull()
      jsauthority: JSVAL_TO_STRING (s) to s.toString()
      jsauthority: JSVAL_IS_STRING (s) to s.isString()
      jsauthority: JSVAL_IS_NULL (o) to o.isNull()
      jsauthority: Fix up JS_CallFunctionName invocations
      jsauthority: use InterruptCallback api instead of OperationCallback
      jsauthority: redo how global objects are set up
      jsauthority: root some locals to the context
      jsauthority: adapt arguments for new JS::Compile API
      jsauthority: adapt arguments for new JS_ExecuteScript API
      jsauthority: use JS::Evaluate instead of JS_EvaluateScript
      jsauthority: fix up set_property methods
      jsauthority: stop using JS_GetStringCharsZ
      jsauthority: switch from JS_ConvertArguments to JS::CallArgsFromVp
      jsauthority: re-enable JIT
      Port JavaScript authority to mozjs52

Rui Matos (1):
      polkitpermission: Fix a memory leak on authority changes

Sebastien Bacher (1):
      Support polkit session agent running outside user session

Stef Walter (2):
      polkitagent: Fix access after dereference on hashtable
      polkitagent: No double warnings in polkit_agent_listener_register()

Sven Eden (1):
      configure: enable elogind support in PolicyKit

Yuri Chornoivan (1):
      Add Ukrainian translation

enkore (1):
      Fix abnomal formatting of authentication header lines

muzena (1):
      Add hr.po

Thanks to our contributors.

Colin Walters and Miloslav Trmač,
April 2, 2017
2018-04-29 05:14:36 +00:00
dholland
aad8206af6 Set BUILDLINK_API_DEPENDS.gmp to require gmp>=5.0, per PR 52250.
Otherwise on Solaris it finds a really old builtin gmp and fails.
2018-04-29 04:09:08 +00:00
dholland
943e97a438 Use <ctype.h> properly. Noted in PR 51821. 2018-04-29 03:41:42 +00:00
wiz
7b8f46957d py-certifi: update to 2018.4.16.
No changelog found, assuming update to latest mozilla certs.
2018-04-27 14:38:41 +00:00
fhajny
d509f30245 security/vault: Update to 0.10.1.
DEPRECATIONS/CHANGES:

- `vault kv` and Vault versions: In 0.10.1 some issues with `vault kv` against
  v1 K/V engine mounts are fixed. However, using 0.10.1 for both the server
  and CLI versions is required.
- Mount information visibility: Users that have access to any path within a
  mount can now see information about that mount, such as its type and
  options, via some API calls.
- Identity and Local Mounts: Local mounts would allow creating Identity
  entities but these would not be able to be used successfully (even locally)
  in replicated scenarios. We have now disallowed entities and groups from
  being created for local mounts in the first place.

FEATURES:

- X-Forwarded-For support: `X-Forwarded-For` headers can now be used to set the
  client IP seen by Vault. See the TCP listener configuration
  page for details.
- CIDR IP Binding for Tokens: Tokens now support being bound to specific
  CIDR(s) for usage. Currently this is implemented in Token Roles; usage can be
  expanded to other authentication backends over time.
- `vault kv patch` command: A new `kv patch` helper command that allows
  modifying only some values in existing data at a K/V path, but uses
  check-and-set to ensure that this modification happens safely.
- AppRole Local Secret IDs: Roles can now be configured to generate secret IDs
  local to the cluster. This enables performance secondaries to generate and
  consume secret IDs without contacting the primary.
- AES-GCM Support for PKCS#11 [BETA] (Enterprise): For supporting HSMs,
  AES-GCM can now be used in lieu of AES-CBC/HMAC-SHA256. This has currently
  only been fully tested on AWS CloudHSM.
- Auto Unseal/Seal Wrap Key Rotation Support (Enterprise): Auto Unseal
  mechanisms, including PKCS#11 HSMs, now support rotation of encryption keys,
  and migration between key and encryption types, such as from AES-CBC to
  AES-GCM, can be performed at the same time (where supported).

IMPROVEMENTS:

- auth/approle: Support for cluster local secret IDs. This enables secondaries
  to generate secret IDs without contacting the primary
- auth/token: Add to the token lookup response, the policies inherited due to
  identity associations
- auth/token: Add CIDR binding to token roles
- cli: Add `vault kv patch`
- core: Add X-Forwarded-For support
- core: Add token CIDR-binding support
- identity: Add the ability to disable an entity. Disabling an entity does not
  revoke associated tokens, but while the entity is disabled they cannot be
  used.
- physical/consul: Allow tuning of session TTL and lock wait time
- replication: Dynamically adjust WAL cleanup over a period of time based on
  the rate of writes committed
- secret/ssh: Update dynamic key install script to use shell locking to avoid
  concurrent modifications
- ui: Access to `sys/mounts` is no longer needed to use the UI - the list of
  engines will show you the ones you implicitly have access to (because you have
  access to to secrets in those engines)

BUG FIXES:

- cli: Fix `vault kv` backwards compatibility with KV v1 engine mounts
- identity: Persist entity memberships in external identity groups across
  mounts
- identity: Fix error preventing authentication using local mounts on
  performance secondary replication clusters
- replication: Fix issue causing secondaries to not connect properly to a
  pre-0.10 primary until the primary was upgraded
- secret/gcp: Fix panic on rollback when a roleset wasn't created properly
- secret/gcp: Fix panic on renewal
- ui: Fix IE11 form submissions in a few parts of the application
- ui: Fix IE file saving on policy pages and init screens
- ui: Fixed an issue where the AWS secret backend would show the wrong menu
- ui: Fixed an issue where policies with commas would not render in the
  interface properly
- ui: Corrected the saving of mount tune ttls for auth methods
- ui: Credentials generation no longer checks capabilities before making
  api calls. This should fix needing "update" capabilites to read IAM
  credentials in the AWS secrets engine
2018-04-27 14:02:41 +00:00
adam
7f3c9ca1c4 py-m2crypto: updated to 0.30.0
0.30.0:
- Various small typos (Windows builds, Fix SSL.Connection.__del__)
- The project is now Linux-distribution agnostic
- Replace all old-style classes with the new ones (it shouldn't cause
  any problems, but feel free to file an issue, if it does)
- Do not by-pass a potential transfer decoding in m2urllib2
- Update M2Crypto.six with 1.11.0 and replace our local workarounds with
  new functions.
- SSLv3 just removed.
- Don't support Python 2.6 on Windows anymore. Windows users don't have
  python as a system package, so they are usually more likely to upgrade
  anyway.
2018-04-27 06:47:25 +00:00
wen
b0494ef5ce Update to 1.04
Upstream changes:
1.04  Fri Apr 20 16:25:30 MST 2018
	- silenced compiler warnings from VS2017
		-- ref. rt.cpan.org #124477
		-- thanks to Sergey Aleynikov for diagnostics
	- modified addfile to return error when given a directory name
		-- makes behavior consistent with GNU coreutils shaXsum
		-- thanks to Scott Baker for pointing this out
2018-04-22 11:41:36 +00:00
wiz
f367007762 *: gd.tuwien.ac.at/ftp.tuwien.ac.at is gone, remove it from various mastersites 2018-04-21 13:38:04 +00:00
wiz
a81318c607 Commit missing part of gnutls recursive bump.
Noted by Patrick Welche.
2018-04-19 22:12:25 +00:00
wen
0ed03edbbb Update to 0.14
Add missing DEPENDS

Upstream changes:
0.14  2018-04-17 rurban
        - add library paths to LIBS from Crypt::OpenSSL::Guess (akiym, PR #6)

0.13  2018-04-14 rurban
        - move Crypt::OpenSSL::Guess to configure dependency. (grinnz, PR #4)

0.12  2018-04-13 rurban
        - use Crypt::OpenSSL::Guess to resolve OpenSSL include path,
          fixes MacOS's homebrew OpenSSL installation problem. (akiym, PR #3)
2018-04-19 06:57:57 +00:00
wen
2e0dcf4164 Add p5-Crypt-OpenSSL-Guess. 2018-04-19 06:50:42 +00:00
wen
e0f62c277d Import Crypt::OpenSSL::Guess-0.11 as security/p5-Crypt-OpenSSL-Guess.
Crypt::OpenSSL::Guess provides helpers to guess OpenSSL include path
on any platforms.
2018-04-19 06:49:11 +00:00
wen
81cfd26475 Update to 0.059
Upstream changes:
0.059   2018-03-25
        - new Crypt::Digest::Keccak(224|256|384|512)
        - new methods sign_hash_rfc7518 + verify_hash_rfc7518 (Crypt::PK::ECC)
        - improved import of pkcs#8 private keys (Crypt::PK::ECC)
        - improved export allowing "compressed" variants (Crypt::PK::ECC)
        - fix #28 Apple's APNS pkcs8 auth key import fails (Crypt::PK::ECC)
        - fix cpantesters failure (5.8.1 related)
2018-04-19 03:12:32 +00:00
kamil
46528288c1 py-libtaxii: Improve distinfo
Reuse the GitHub framework and stop using plain ${PKGVERSION_NOREV}.zip for
distfile name.

No functional change intended.
2018-04-18 19:59:36 +00:00
kamil
c39007dcc5 sign: Improve distinfo
Reuse the GitHub framework and stop using plain ${PKGVERSION_NOREV}.zip for
distfile name.

No functional change intended.
2018-04-18 19:56:42 +00:00
kamil
89217a857c keychain: Improve distinfo
Reuse the GitHub framework and stop using plain ${PKGVERSION_NOREV}.zip for
distfile name.

No functional change intended.
2018-04-18 19:25:27 +00:00
adam
676d6e7c91 py-asn1-modules: updated to 0.2.1
Revision 0.2.1, released 23-11-2017
- Allow ANY DEFINED BY objects expanding automatically if requested
- Imports PEP8'ed

Revision 0.1.5, released 10-10-2017
- OCSP response blob fixed in test
- Fixed wrong OCSP ResponderID components tagging

Revision 0.1.4, released 07-09-2017
- Typo fixed in the dependency spec

Revision 0.1.3, released 07-09-2017
- Apparently, pip>=1.5.6 is still widely used and it is not PEP440
  compliant. Had to replace the `~=` version dependency spec with a
  sequence of simple comparisons to remain compatible with the aging pip.

Revision 0.1.2, released 07-09-2017
- Pinned to pyasn1 ~0.3.4

Revision 0.1.1, released 27-08-2017
- Tests refactored into proper unit tests
- pem.readBase64fromText() convenience function added
- Pinned to pyasn1 0.3.3
2018-04-18 09:43:27 +00:00
adam
3267424711 py-asyncssh: updated to 1.12.2
Release 1.12.2:
Added support for using pathlib objects as paths in calls to SFTP methods, in addition to Unicode and byte strings. This is mainly intended for use in constructing local paths, but it can also be used for remote paths as long as POSIX-style pathlib objects are used and an appropriate path encoding is set to handle the conversion from Unicode to bytes.
Changed server EXT_INFO message to only be sent after the first SSH key exchange, to match the specification recently published in RFC 8308.
Fixed edge case in TCP connection forwarding where data received on a forward TCP connection was not delivered if the connection was closed or half-closed before the corresponding SSH tunnel was fully established.
Made note about OpenSSH not properly handling send_signal more visible.
2018-04-18 07:01:23 +00:00
adam
48e82d850f py-cryptodome: updated to 3.6.1
3.6.1:
New features
Added Google Wycheproof tests (https://github.com/google/wycheproof) for RSA, DSA, ECDSA, GCM, SIV, EAX, CMAC.
New parameter mac_len (length of MAC tag) for CMAC.

Resolved issues
In certain circumstances (at counter wrapping, which happens on average after 32 GBi) AES GCM produced wrong ciphertexts.
Method encrypt() of AES SIV cipher could be still called, whereas only encrypt_and_digest() should be allowed.
2018-04-18 04:34:13 +00:00
schmonz
3460c0e6cd Fix PLIST on Darwin. 2018-04-18 00:46:25 +00:00
wiz
e5209a786e Add p11-kit to gnutls/bl3.mk and bump dependencies. 2018-04-17 22:29:31 +00:00
wiz
e03e208e97 gnutls: enable p11-kit.
PKCS#11 support is needed by glib-networking.
2018-04-17 13:28:53 +00:00
wiz
e632701894 p11-kit: update to 0.23.10.
This is a development release, but gnutls needs at least 0.23.x,
so take the latest development release.

0.23.10 (devel)
 * filter: Respect "write-protected" vendor-specific attribute in
   PKCS#11 URI [PR#129]
 * server: Improve shell integration and documentation [PR#107, PR#108]
 * proxy: Reuse existing slot ID mapping in after fork() [PR#120]
 * trust: Forcibly mark "Default Trust" read-only [PR#123]
 * New function p11_kit_override_system_files() which can be used for
   testing [PR#110]
 * trust: Filter out duplicate extensions [PR#69]
 * Update translations [PR#128]
 * Bug fixes [PR#125, PR#126]

0.23.9 (devel)
 * Fix p11-kit server regressions [PR#103, PR#104]
 * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99]
 * Build fixes related to reallocarray [PR#96, PR#98, PR#100]

0.23.8 (devel)
 * Improve vendor query attributes handling in PKCS#11 URI [PR#92]
 * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91]
 * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user
   configurations [PR#87]
 * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86]

0.23.7 (devel)
 * Fix memory issues with "p11-kit server" [PR#78]
 * Build fixes [PR#77 ...]

0.23.6 (devel)
 * Port "p11-kit server" to Windows and portability fixes of the RPC
   protocol [PR#67, PR#72, PR#74]
 * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71]
 * Build fixes [PR#63 ...]

0.23.5 (devel)
 * Fix license notice of common/unix-peer.c [PR#58]
 * Remove systemd unit files for now [PR#60]
 * Build fixes for FreeBSD [PR#56]

0.23.4 (devel)
 * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31,
   PR#37, PR#52]
 * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY
   attribute, used by Firefox [#99453, PR#46]
 * Add 'trust dump' command to dump all PKCS#11 objects in the
   persistence format [PR#44]
 * New experimental 'p11-kit server' command that allows PKCS#11
   forwarding through a Unix domain socket.  A client-side module
   p11-kit-client.so is also provided [PR#15]
 * Add systemd unit files for exporting the proxy module through a
   Unix domain socket [PR#35]
 * New P11KitIter API to iterate over slots, tokens, and modules in
   addition to objects [PR#28]
 * libffi dependency is now optional [PR#9]
 * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]

0.23.3 (devel)
 * Install private executables in libexecdir [#98817]
 * Fix link error of proxy module on macOS [#98022]
 * Use new PKCS#11 URI specification for URIs [#97245]
 * Support x-init-reserved argument of C_Initialize() in remote modules [#80519]
 * Incorporate changes from PKCS#11 2.40 specification
 * Bump libtool library version
 * Documentation fixes
 * Build fixes [#87192 ...]

0.23.2 (devel)
 * Fix forking issues with libffi [#90289 ...]
 * Updated translations
 * Build fixes [#90827 #89081 #92434 #92520 #92445 #92551 #92843 #92842 #92807 #93211 ...]

0.23.1 (devel)
 * Use new PKCS#11 URI draft fields for URIs [#86474 #87582]
 * Add pem-directory-hash extract format
 * Build fixes
2018-04-17 13:26:15 +00:00
christos
ffdec1b556 upgrade to 2.1.27-rc7 so that we can use it with openssl-1.1 2018-04-17 01:57:17 +00:00
wiz
8ee21bdcf0 Recursive bump for new fribidi dependency in pango. 2018-04-16 14:33:44 +00:00