Commit graph

20 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
nia
4e64aba61a libp11: update to 0.4.11
- fixed installation location of openssl engine
- avoid regenerating autoconf bits

New in 0.4.11; 2020-10-11; Michał Trojnara
* Fixed "EVP_PKEY_derive:buffer too small" EC errors (Luka Logar)
* Fixed various memory leaks (Mateusz Kwiatkowski)
* Fixed Windows VERSIONINFO (Pavol Misik)
* Fixed builds with OpenSSL older than 1.0.2 (Michał Trojnara)
* Fixed a double free in EVP_PKEY_meth_free() (Mikhail Durnev)
* Added CKA_VALUE_LEN to EC key derivation template (Michał Trojnara)
* Fixed handling keys without label attribute (efternavn)
* Updated the tests (Anderson Toshiyuki Sasaki)
* Made ECDH-derived keys extractable (Bent Bisballe Nyeng)
* Added support for pin-source within PKCS#11 URI (Stanislav Levin)
* Improved LibreSSL compatibility (patchMonkey156)
* Fixed handling RSA private keys in BIND (Stanislav Levin)
* Added macOS testing support (Stanislav Levin)
* Fixed engine object search algorithm (Anderson Toshiyuki Sasaki)
2021-04-10 08:25:08 +00:00
manu
ca2e1994c1 Update libp11 to 0.4.10
This is required to work around a crash in pam-p11 on NetBSD 9.0

Changes since last version in pkgsrc:

New in 0.4.10; 2019-04-03; Michał Trojnara
* Added EC signing through EVP API (Bryan Hunt)
* Added an empty EC private key required by OpenSSL 1.1.1 (Doug Engert)
* Stored additional certificate attributes (FdLSifu, Michał Trojnara)
* Engine allowed to use private keys without a PIN (Michał Trojnara)
* Lazy binding used as a workaround for buggy modules (Michał Trojnara)
* MinGW build fixes and documentation (Michał Trojnara)
* LibreSSL 2.8.3 build fixes (patchMonkey156)
* Error handling fixes (Michał Trojnara)

New in 0.4.9; 2018-09-03; Michał Trojnara
* Fixed EVP_PKEY ENGINE reference count with the EC EVP_PKEY_METHOD
  (Michał Trojnara, Anderson Sasaki)
* Fixed a leak of RSA object in pkcs11_store_key() (lbonn)
* Added atfork checks for RSA and EC_KEY methods (Michał Trojnara)

New in 0.4.8; 2018-08-05; Michał Trojnara
* RSA key generation on the token (n3wtron)
* PSS signature support (Doug Engert, Michał Trojnara)
* RSA-OAEP and RSA-PKCS encryption support (Mouse, Michał Trojnara)
* Engine no longer set as default for all methods (Anderson Sasaki)
* Added PKCS11_remove_key and PKCS11_remove_certificate (n3wtron)
* Added PKCS11_find_next_token interface (Frank Morgner)
* Added support for OpenSSL 1.1.1 beta (Michał Trojnara)
* Removed support for OpenSSL 0.9.8 (Michał Trojnara)
* Case insensitive PKCS#11 URI scheme (Anderson Sasaki)
* Testing framework improvements (Anderson Sasaki)
* Coverity scanning and defect fixes (Frank Morgner)
* Backward compatibility for new error handling introduced
  in libp11 0.4.7 (Michał Trojnara)
* Memory leak fixes (Frank Morgner, Doug Engert)
* Added an integer overflow protection (Eric Sesterhenn, Michał Trojnara)
* Several bugfixes (Michał Trojnara, Emmanuel Deloget, Anderson Sasaki)

New in 0.4.7; 2017-07-03; Michał Trojnara
* Added OpenSSL-style engine error reporting (Michał Trojnara)
* Added the FORCE_LOGIN engine ctrl command (Michał Trojnara)
* Implemented the QUIET engine ctrl command (Michał Trojnara)
* Modified CKU_CONTEXT_SPECIFIC PIN requests to be based
  on the CKA_ALWAYS_AUTHENTICATE attribute rather than the
  CKR_USER_NOT_LOGGED_IN error (Michał Trojnara)
* Fixed printing hex values (Michał Trojnara)
* Fixed build error with OPENSSL_NO_EC (Kai Kang)

New in 0.4.6; 2017-04-23; Michał Trojnara
* Updated ex_data on EVP_PKEYs after enumerating keys (Matt Hauck)
* Token/key labels added into PIN prompts (Matt Hauck)

New in 0.4.5; 2017-03-29; Michał Trojnara
* Prevented destroying existing keys/certs at login (Michał Trojnara)
* Fixed synchronization of PKCS#11 module calls (Matt Hauck)
* Added LibreSSL compatibility (Bernard Spil)
* Added SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands
  for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
* Fixed error handling in RSA key generation (Michał Trojnara)
2020-04-16 12:42:27 +00:00
manu
9ff92677df Update libp11 to 0.4.4 so that we can build with NetBSD-9.0 newer OpenSSL
Changes since libp11-0.2.8 from the NEWS file:

New in 0.4.4; 2017-01-26; Michal Trojnara
* Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
  fixes #141 (Michal Trojnara)
* "?" and "&" allowed as URI separators; fixes #142 (Michal Trojnara)
* engine: Unified private/public key and certificate enumeration
  to be performed without login if possible (Michal Trojnara)

New in 0.4.3; 2016-12-04; Michal Trojnara
* Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michal Trojnara)
* Added graceful handling of alien (non-PKCS#11) keys (Michal Trojnara)
* Added symbol versioning (Nikos Mavrogiannopoulos)
* Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos)
* Added MSYS2, Cygwin, and MinGW/MSYS support (Pawel Witas)
* Workaround implemented for a deadlock in PKCS#11 modules that
  internally use OpenSSL engines (Michal Trojnara, Pawel Witas)
* Fixed an EVP_PKEY reference count leak (David Woodhouse)
* Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert,
  Michal Trojnara)
* Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michal Trojnara)
* Fixed retrieving PIN values from certificate URIs (Andrei Korikov)
* Fixed symlink installation (Alon Bar-Lev)

New in 0.4.2; 2016-09-25; Michal Trojnara
* Fixed a 0.4.0 regression bug causing the engine finish function to
  remove any configured engine parameters; fixes #104 (Michal Trojnara)
New in 0.4.1; 2016-09-17; Michal Trojnara
* Use enginesdir provided by libcrypto.pc if available (David Woodhouse)
* Certificate cache destroyed on login/logout (David Woodhouse)
* Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse)
* Directly included libp11 code into the engine (Matt Hauck)
* Fixed handling simultaneous make jobs (Derek Straka)
* Reverted an old hack that broke engine initialization (Michal Trojnara)
* Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck)
* Makefile fixes and improvements (Nikos Mavrogiannopoulos)
* Fixed several certificate selection bugs (Michal Trojnara)
* The signed message digest is truncated if it is too long for the
  signing curve (David von Oheimb)
* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
  in the ASN1_OCTET_STRING format (Michal Trojnara)
* OpenSSL 1.1.0 build fixes (Michal Trojnara)

New in 0.4.0; 2016-03-28; Michal Trojnara
* Merged engine_pkcs11 (Michal Trojnara)
* Added ECDSA support for OpenSSL < 1.0.2 (Michal Trojnara)
* Added ECDH key derivation support (Doug Engert and Michal Trojnara)
* Added support for RSA_NO_PADDING RSA private key decryption, used
  by OpenSSL for various features including OAEP (Michal Trojnara)
* Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding
  (Michal Trojnara)
* Added support for RSA encryption (not only signing) (Michal Trojnara)
* Added CKA_ALWAYS_AUTHENTICATE support (Michal Trojnara)
* Fixed double locking the global engine lock (Michal Trojnara)
* Fixed incorrect errors reported on signing/encryption/decryption
  (Michal Trojnara)
* Fixed deadlocks in keys and certificates listing (Brian Hinz)
* Use PKCS11_MODULE_PATH environment variable (Doug Engert)
* Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
* Returned EVP_PKEY objects are no longer "const" (Michal Trojnara)
* Fixed building against OpenSSL 0.9.8 (Michal Trojnara)
* Removed support for OpenSSL 0.9.7 (Michal Trojnara)

New in 0.3.1; 2016-01-22; Michal Trojnara
* Added PKCS11_is_logged_in to the API (Mikhail Denisenko)
* Added PKCS11_enumerate_public_keys to the API (Michal Trojnara)
* Fixed EVP_PKEY handling of public keys (Michal Trojnara)
* Added thread safety based on OpenSSL dynamic locks (Michal Trojnara)
* A private index is allocated for ex_data access (RSA and ECDSA classes)
  instead of using the reserved index zero (app_data) (Michal Trojnara)
* Fixes in reinitialization after fork; addresses #39
  (Michal Trojnara)
* Improved searching for dlopen() (Christoph Moench-Tegeder)
* MSVC build fixes (Michal Trojnara)
* Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michal Trojnara)

New in 0.3.0; 2015-10-09; Nikos Mavrogiannopoulos
* Added small test suite based on softhsm (run on make check)
* Memory leak fixes (Christian Heimes)
* On module initialization tell the module to that the OS locking
  primitives are OK to use (Mike Gerow)
* Transparently handle applications that fork. That is call C_Initialize()
  and reopen any handles if a fork is detected.
* Eliminated any hard coded limits for certificate size (Doug Engert)
* Added support for ECDSA (Doug Engert)
* Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt
  (Stephane Adenot)
* Eliminated several hard-coded limits in parameter sizes.
2020-03-29 02:13:32 +00:00
jperkin
982c63fe94 *: Remove obsolete BUILDLINK_API_DEPENDS.openssl. 2020-01-25 10:45:10 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
gdt
1230949958 Update to 0.2.8.
Packaging changes:
 - adapt to non-standardly-named github WRKSRC
 - bootstrap automake (this is a git snapshot, not "make distribution"
   output)

Upstream changes:

New in 0.2.8; 2011-04-15; Martin Paljak
* Bumped soname for PKCS11_token struct size changes (Martin Paljak).
* Display the number of available slots (Ludovic Rousseau).
* Add openssl libcrypto to pkg-config private libs list (Kalev Lember).
* Fix building examples with --no-add-needed which is the default in Fedora
  (Kalev Lember).
* Expose more token flags in PKCS11_token structure (Kalev Lember).
* Check that private data is not NULL in pkcs11_release_slot (Robin Bryce,
  ticket #137).

New in 0.2.7; 2009-10-20; Andreas Jellinghaus
* If CKR_CRYPTOKI_ALREADY_INITIALIZED is returned from C_Initialize(): ignore.
  (Needed for unloaded/reloaded engines e.g. in wpa_supplicant.) By David Smith.
2014-04-02 20:14:19 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
wiz
e2f84ad43f Reset maintainer for retired developers. 2011-02-28 14:52:37 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
joerg
3fbb207985 Recursive bump for libltdl 2009-12-15 21:54:17 +00:00
hasso
5f6352b28f Update to 0.2.6. Changes include fixes in the export file is fixed, now
includes the new function we added in 0.2.5. Also the MSVC build was fixed.
2009-08-03 18:43:00 +00:00
hasso
3c370e2a3e More license info to my packages. 2009-06-08 19:11:30 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
hasso
01e775f711 Libp11 is a library implementing a small layer on top of PKCS#11 API to make
using PKCS#11 implementations easier.
2009-03-05 20:28:24 +00:00