Commit graph

155 commits

Author SHA1 Message Date
drochner
7200cc5463 update to 3.0.25
changes:
--bugfixes
-added an OCSP function
2012-11-06 19:01:36 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
adam
2eb65d47b8 MASTER_SITES fix 2012-10-12 15:37:12 +00:00
drochner
fbe4403ddf update to 3.0.24
changes:
-better IPv6 support
-bugfixes
-minor improvements
2012-10-10 11:44:30 +00:00
wiz
8b5d49eb78 Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.
2012-10-03 21:53:53 +00:00
wiz
e2ba6e8af3 Explicitly disable guile. PR 46830 by Sergey Litvinov. 2012-08-24 13:36:52 +00:00
drochner
412500875c update to 3.0.22
changes: bugfixes
2012-08-09 18:58:11 +00:00
jperkin
e74bfc77b2 Avoid conflict between gets() and std::gets().
Fixes build on at least Solaris.
2012-08-02 09:37:32 +00:00
drochner
97105d25b5 update to 3.0.21
changes
-DTLS improvements
-bugfixes
2012-07-24 18:34:06 +00:00
drochner
2ff8452a3b update to 3.0,20
This switches to the new stable release branch.
2012-07-02 18:53:02 +00:00
drochner
b5d205e771 update to 1.12.20
changes: bugfixes:
-Fixed memory leak in PKCS #8 key import
-Check key identifiers when checking for an issuer

pkgsrc note: This is just a last checkpoint on the 2.x branch, in case
 it will be needed for the Q2 branch. Will update to 3.x RSN.
2012-07-02 16:30:01 +00:00
adam
c8cf04a8aa Changes 2.12.19:
* libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be
  a file that stores the pin.
* libgnutls: Added strict tests in Diffie-Hellman and SRP key exchange public
  keys.
* minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
2012-05-30 06:51:37 +00:00
drochner
22a9361d94 update to 2.12.18
changes:
-Corrected SRP-RSA ciphersuites when used under TLS 1.2
-Fixed leaks in key generation
2012-04-17 17:53:01 +00:00
adam
a7c64a1ebe Changes 2.12.17:
* libgnutls: Corrections in record packet parsing.
* libgnutls: Fixes in SRP authentication.
* libgnutls: Added function to force explicit reinitialization of PKCS 11
  modules. This is required on the child process after a fork.
* libgnutls: PKCS 11 objects that do not have ID no longer crash listing.
* API and ABI modifications: gnutls_pkcs11_reinit: Added
2012-03-15 16:41:48 +00:00
drochner
7ae3e3003a update to 2.12.16
changes: bugfixes
2012-01-17 14:54:19 +00:00
sbd
03d28ed8ca Add missing devel/readline buildlinks.
Bump PKGREVISIONs
2011-11-16 08:23:48 +00:00
drochner
02aef9fdab update to 2.12.14
This fixes a Possible buffer overflow/Denial of service problem
(CVE-2011-4128)
2011-11-09 18:41:46 +00:00
drochner
b81cf06b12 update to 2.12.12
changes: minor fixes and cleanup
2011-10-30 18:07:55 +00:00
drochner
5fa6eded3d update to 2.12.11
changes: bugfixes
2011-10-06 17:56:25 +00:00
drochner
c3490369fe update to 2.12.10
changes: bugfixes
2011-09-12 17:31:40 +00:00
wiz
cd2533457e Update to 2.12.9:
* Version 2.12.9 (released 2011-08-21)

** libgnutls-extra: Replaced enumeration with unsigned
int, in openssl.h to make it identical to the 3.0.0 version.
This shouldn't introduce binary incompatibility.

** libgnutls: When asking for a PIN multiple times, the
flags in the callback were not being updated to reflect
for PIN low count or final try.

** API and ABI modifications:
GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback
2011-08-22 15:14:58 +00:00
adam
eac8399df5 Changes 2.12.8:
* libgnutls: PKCS-11 back-end was replaced by p11-kit
* libgnutls: gcrypt: replaced occurences of gcry_sexp_nth_mpi (..., 0)
  with gcry_sexp_nth_mpi (..., GCRYMPI_FMT_USG) to fix errors with 1.5.0.
* libgnutls: Verify that a certificate liste specified using
  gnutls_certificate_set_x509_key*(), is sorted according to TLS specification
* libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
  gnutls_x509_crt_list_import. It checks whether the list to be imported is
  properly sorted.
* libgnutls: writev_emu: stop on the first incomplete write.
* libgnutls: Fix zlib handling in gnutls.pc.
* certtool: bug fixes in certificate request generation.
* API and ABI modifications: GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED:
  New element in gnutls_certificate_import_flags
2011-08-11 11:03:35 +00:00
drochner
7e747b8e1c update to 2.12.7
changes:
-bugfixes
-minor feature additions
pkgsrc change: since the pkg was changed to build against "nettle"
instead of libgcrypt (whether this was a good idea or not...), the
latter isn't needed anymore, so remove the stale dependency
This can cause build breakage -- in this case addition of a local
dependency should restore the old state. (This dependency is technically
unnecessary often, but the assumption that gnutls needs libgcrypt
is sometimes hardwired in configure scripts and/or code.)
2011-07-11 16:10:29 +00:00
obache
fd208e2f14 Add a patch for lack of posix standard AF_LOCAL, fall back to AF_UNIX.
for PR#44924.
2011-05-02 09:27:43 +00:00
tnn
f3fb7683e8 "pkg-config --cflags gnutls" failed with:
Package zlib was not found in the pkg-config search path.

... there is no zlib.pc, so comment out the part of the configure
script that adds that to the pkg-config file.
Bump PKGREVISION.
2011-04-27 16:56:43 +00:00
obache
306257aa5f need to buildlink with security/nettle.
fixes PR#44909.
2011-04-27 07:19:06 +00:00
adam
cd4fcaa944 Changes 2.12.3:
* libgnutls: Several minor bugfixes.
* libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak,
  several sites require it for connection. It is enabled for "NORMAL" and
  "PERFORMANCE" priority strings.
* libgnutls: depend on libdl.
* libgnutls: gnutls_transport_set_global_errno() was deprecated. Use your
  system's errno fascility or gnutls_transport_set_errno().
* gnutls-cli: Correction with usage of select to check for pending data in
  gnutls sessions. It now uses gnutls_record_check_pending().
* tests: More fixes and updates for win32. Patches by LRN.
* libgnutls: Several files unnecessarily included <gcrypt.h>; this has been
  fixed.
** API and ABI modifications: gnutls_transport_set_global_errno: DEPRECATED

Changes 2.12.2:
* libgnutls: Several updates and fixes for win32. Patches by LRN.
* libgnutls: Several bug and memory leak fixes.
* srptool: Accepts the -d option to enable debugging.
* libgnutls: Corrected bug in gnutls_srp_verifier() that prevented the
  allocation of a verifier. Reported by Andrew Wiseman.

Changes 2.12.1:
* certtool: Generated certificate request with stricter permissions.
* libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov.
* libgnutls: Corrected windows system_errno() function prototype.
* libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand.
* libgnutls: Fix size of gnutls_openpgp_keyid_t by using the
  GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler.
2011-04-26 10:35:29 +00:00
obache
1d9df3258a recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
drochner
4d3e3d06e8 fix installed pkgconfig .pc file: Don't refer to zlib.pc -- this
fails with system libz. We propagate a dependency per bl3 file,
this should be sufficient.
bump PKGREV
2011-03-09 10:52:25 +00:00
adam
98fcd08aea Changes 2.10.5:
* libgnutls: Corrected verification of finished messages.
* libgnutls: Corrected signature generation and verification in the Certificate
  Verify message when in TLS 1.2.
* pkg-config gnutls.pc improvements.
* API and ABI modifications: No changes since last version.
2011-03-07 13:45:34 +00:00
tron
da81e5cc97 Get this close to build under Mac OS X by removing some horrible use
of the C pre-processor.
2010-12-13 16:03:20 +00:00
wiz
31302fc06f Update to 2.10.4:
* Version 2.10.4 (released 2010-12-06)

** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.

** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
This makes us comply with RFC3279. Reported by Michael Rommel.

** libgnutls: Reverted default behavior for verification and
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
V1 trusted CAs are allowed, unless the new flag is specified.

** minitasn1: Updated to Libtasn1 2.9.

** API and ABI modifications:
No changes since last version.
2010-12-12 11:58:53 +00:00
drochner
2069879c55 update to 2.10.3
changes: bugfixes
2010-11-26 17:56:14 +00:00
wiz
50e9dd4d98 Update to 2.10.2:
* Version 2.10.2 (released 2010-09-30)

** Use Libtool 2.2.10 to ease MinGW64 builds.

** libgnutls: Add new extended key usage ipsecIKE.

** libgnutls: Is now more liberal in the PEM decoding.
That is spaces and tabs are being skipped.

** libgnutls: Renamed NULL MAC to MAC-NULL to prevent clash with NULL cipher.
This prevented the usage of the TLS ciphersuites with NULL cipher.
See <http://thread.gmane.org/gmane.network.gnutls.general/2093>.

** libgnutls: The %COMPAT flag now allows larger records that violate the
TLS spec.

** libgnutls: Fix asynchronous API handling.
The code was clearing session hash data on EAGAIN.  Problem reported
by Sjoerd Simons <sjoerd.simons@collabora.co.uk> and Vivek
Dasmohapatra <vivek@collabora.co.uk>.  See
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4531>.

** gnutls-cli: Flush stdout/stderr before removing buffering.
Reported by Knut Anders Hatlen see
<http://savannah.gnu.org/support/?107481>.
2010-10-16 16:43:42 +00:00
drochner
417c0701c1 update to 2.10.1
many fixes and API extensions, but still binary compatible afaict
2010-09-01 16:32:17 +00:00
drochner
ed9b7d21b9 update to 2.8.6
changes:
-interoperability improvements (especially for VeriSign)
-misc fixes
-translation updates
2010-04-13 16:31:27 +00:00
asau
00708ce7e3 Recursive revision bump for GMP update. 2010-03-24 19:43:21 +00:00
joerg
4cbfb4a358 Craete libgnutls-extra-config in .buildlink/bin, not the WRAPPER_DIR. 2009-11-26 14:18:26 +00:00
wiz
16513ccf69 Update to 2.8.5:
* Version 2.8.5 (released 2009-11-02)

** libgnutls: In server side when resuming a session do not overwrite the
** initial session data with the resumed session data.

** libgnutls: Fix PKCS#12 encoding.
The error you would get was "The OID is not supported.".  Problem
introduced for the v2.8.x branch in 2.7.6.

** guile: Compatibility with guile 2.x.
By Ludovic Courtes <ludovic.courtes@laas.fr>.

** tests: Fix expired cert in chainverify self-test.

** tests: Fix time bomb in chainverify self-test.
Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.

** API and ABI modifications:
No changes since last version.
2009-11-03 00:15:41 +00:00
wiz
c3b72c8ff7 Update to 2.8.4:
* Version 2.8.4 (released 2009-09-18)

** libgnutls: Enable Camellia ciphers by default.

** libgnutls: Make OpenPGP hostname checking work again.
The patch to resolve the X.509 CN/SAN issue accidentally broken
OpenPGP hostname comparison.

** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
Reported by Howard Chu <hyc@symas.com> in
<https://savannah.gnu.org/support/?106975>.

** API and ABI modifications:
No changes since last version.
2009-10-31 01:16:42 +00:00
reed
cdcef4c516 Increase the BUILDLINK_API_DEPENDS.libgcrypt requirement.
The configure requires GCRY_CIPHER_CAMELLIA128.
(Not bumping PKGREVISION as this is a build issue.)
2009-10-12 15:25:14 +00:00
joerg
a4b5902266 Don't abuse WRAPPER_DIR, libgnutls-config belongs into BUILDLINK_DIR. 2009-09-01 17:48:14 +00:00
snj
00462a6e26 Update to 2.8.3. Changes:
* Version 2.8.3 (released 2009-08-13)

** libgnutls: Fix patch for NUL in CN/SAN in last release.
Code intended to be removed would lead to an read-out-bound error in
some situations.  Reported by Tomas Hoger <thoger@redhat.com>.  A CVE
code have been allocated for the vulnerability: [CVE-2009-2730].

** libgnutls: Fix rare failure in gnutls_x509_crt_import.
The function may fail incorrectly when an earlier certificate was
imported to the same gnutls_x509_crt_t structure.

** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build
error.

** tests: Made self-test mini-eagain take less time.

** doc: Typo fixes.

** API and ABI modifications:
No changes since last version.

* Version 2.8.2 (released 2009-08-10)

** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
into 1) not printing the entire CN/SAN field value when printing a
certificate and 2) cause incorrect positive matches when matching a
hostname against a certificate.  Some CAs apparently have poor
checking of CN/SAN values and issue these (arguable invalid)
certificates.  Combined, this can be used by attackers to become a
MITM on server-authenticated TLS sessions.  The problem is mitigated
since attackers needs to get one certificate per site they want to
attack, and the attacker reveals his tracks by applying for a
certificate at the CA.  It does not apply to client authenticated TLS
sessions.  Research presented independently by Dan Kaminsky and Moxie
Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger@redhat.com>
for providing one part of the patch.  [GNUTLS-SA-2009-4].

** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
Before it always returned false.  Reported by Peter Hendrickson
<pdh@wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.

** libgnutls: Fix off-by-one size computation error in unknown DN printing.
The error resulted in truncated strings when printing unknown OIDs in
X.509 certificate DNs.  Reported by Tim Kosse
<tim.kosse@filezilla-project.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.

** libgnutls: Return correct bit lengths of some MPIs.
gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
gnutls_dh_get_peers_public_bits.  Before the reported value was
overestimated.  Reported by Peter Hendrickson <pdh@wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.

** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
and
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.

** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
Before we required that the runtime library used the same (or more
recent) libgcrypt/libtasn1 as it was compiled with.  Now we just check
that the runtime usage is above the minimum required.  Reported by
Marco d'Itri <md@linux.it> via Andreas Metzler
<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.

** minitasn1: Internal copy updated to libtasn1 v2.3.

** tests: Fix failure in "chainverify" because a certificate have expired.

** API and ABI modifications:
No changes since last version.
2009-08-13 18:56:32 +00:00
drochner
c2955f31c6 disable the openssl compatibility library -- no pkg I know of needs
it, and it only has a potential to conflict with the real openssl
(bad things will happen if a program links or dlopen()s both)
bump PKGREVISION
(the bug fixed in the added patches is already fixed upstream, will
be in the next release)
2009-07-22 16:50:07 +00:00
wiz
f6abeed402 Update to 2.8.1:
* Version 2.8.1 (released 2009-06-10)

** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
<http://bugs.gentoo.org/272388>.

** libgnutls: Fix PKCS#12 decryption from password.
The encryption key derived from the password was incorrect for (on
average) 1 in every 128 input for random inputs.  Reported by "Kukosa,
Tomas" <tomas.kukosa@siemens-enterprise.com> in
<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.

** API and ABI modifications:
No changes since last version.
2009-07-18 10:32:32 +00:00
drochner
f619581511 also add a makefile snippet to fake up a "libgnutls-extra-config"
script which disappeared in gnutls-2.8, similar to "libgnutls-config.mk"
2009-07-03 11:00:05 +00:00
tnn
3be3d2df5c Makefile intended to be included by packages that need "libgnutls-config"
during build time.
Tested with net/lftp.
2009-07-02 18:53:46 +00:00
drochner
efbf9d3adc Don't build in the doc/examples subdir, as suggested by Joern Clausen
in PRs pkg/39612 and pkg/41610.
The examples are not installed anyway, and this way build problems
on Solaris are avoided.
2009-06-18 10:19:46 +00:00
drochner
8fb8f27b60 fix build for systems without sys/ioctl.h (as Solaris 10),
addresses the first half of PR pkg/41610 by Joern Clausen
2009-06-17 17:54:46 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00