Commit graph

58 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
wen
1062017b4a Update to 1.18
Upstream changes:
1.18 Oct 2, 2020

        Eliminate bareword filehandle usage.
        Eliminate indirect object syntax.
        Eliminate grep/map <expression>.
2021-07-06 07:53:03 +00:00
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
wiz
b4ccaaf138 p5-Net-DNS-SEC: update to 1.17.
**** 1.17 Jun 26, 2020

	Recognise BIND private key accessed via symbolic link.


**** 1.16 May 11, 2020

	Improve testing of verify() functions.

	Rework code in Digest.pm

	SEC.xs code reduction.


**** 1.15 February 3, 2020

	Provide access to OpenSSL message digest implementations.


**** 1.14 October 14, 2019

	Improve exception capture in test scripts.

	Support more efficient algorithm mapping in Net::DNS.


**** 1.13 May 6, 2019

	Tweaks to resolve compilation errors with BoringSSL.
2020-09-07 14:30:22 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
rillig
c0d2817632 security/p5-Net-DNS-SEC: remove no-op SUBST block
There is no chance that line 1 contains an include argument, after being
sent through REPLACE_PERL. And even then, including a relative path would
not make sense.
2020-03-22 20:48:34 +00:00
rillig
9637f7852e all: migrate homepages from http to https
pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
2020-01-26 17:30:40 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
wen
ac2c6dd163 Update to 1.12
Upstream changes:
**** 1.12 Mar 19, 2019

        Avoid use of EC_POINT_set_affine_coordinates_GFp which is
        deprecated in OpenSSL 3.0.0

        Reduce level of support for OpenSSL non-LTS releases.
2019-04-20 12:32:26 +00:00
wen
58458cb3d3 Update to 1.11
Upstream changes:
1.11 Dec 11, 2018

        Explain why compilation aborted in Net::DNS::SEC::DSA et al.

        Fix Makefile.PL to suppress parallel test execution.
2019-01-27 13:58:25 +00:00
wiz
3ecfc489ce p5-Net-DNS-SEC: update to 1.10.
**** 1.10 Aug 31, 2018

	make test_cover
	now collects SEC.xs test coverage metrics using gcc and gcov.
2018-09-02 07:36:05 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
jperkin
0f262c076b p5-Net-DNS-SEC: Requires openssl. 2018-07-27 20:37:05 +00:00
wen
768d856aba Update to 1.09
Upstream changes:
**** 1.09 Jun 4, 2018

        Avoid use of EC_GROUP_new, EC_GROUP_set_curve_GFp, and
        EC_GFp_mont_method which are expected to disappear.

        Fix filename conflict when tests run in parallel using make -j


**** 1.08 May 11, 2018

        Internal reorganisation to use OpenSSL EVP interface
2018-06-06 11:06:53 +00:00
wen
a46b63d8f3 Update to 1.07
Upstream changes:
*** 1.07 April 5, 2018

Fix: rt.cpan.org #124880
	1.06 will not install on macOS

Feature
	Support for Ed25519 and Ed448 algorithms
2018-04-10 10:58:12 +00:00
wiz
befbf78317 p5-Net-DNS-SEC: update to 1.06.
**** 1.06 March 22, 2018

	Functionally identical to 1.05
	All changes address build/test issues on some platforms
2018-03-25 15:54:01 +00:00
wiz
0473185595 p5-Net-DNS-SEC: update to 1.05.
**** 1.05 March 20, Tuesday

Feature
	Support added for Ed25519 and Ed448 algorithms

Fix: rt.cpan.org #124650
	Net::DNS::SEC::Private must not die if attribute is not present
2018-03-21 12:42:37 +00:00
wiz
0e6ab98fb8 p5-Net-DNS-SEC: update to 1.04.
**** 1.04 February 15, 2018

Feature
	Cryptographic library access re-engineered using PerlXS
	directly instead of CPAN Crypt::OpenSSL::(DSA|EDSA|RSA)
	distributions which have fallen into disrepair.
2018-02-25 18:56:14 +00:00
ryoon
543e538acd Recursive revbump from lang/perl5 5.26.0 2017-06-05 14:24:20 +00:00
mef
e443e49992 Updated security/p5-Net-DNS-SEC to 1.03
---------------------------------------
**** 1.03 August 26, 2016
Fix: rt.cpan.org #108908
        Tests break when Net::DNS gets shadowed by existing pre-1.01 version.
2017-04-06 13:47:45 +00:00
mef
7b1bb942d5 (pkgsrc)
- Drop patch-Makefile.PL, see below at 1.01 Feature item.
(Upsteam)
 - Updated devel/p5-Net-DNS-SEC 0.22 to 1.02
-----------------------------------------
**** 1.02 September 16, 2015
Fix:    Bug in t/10-keyset.t raises exception in Net::DNS

**** 1.01 August 3, 2015
Feature
        The RRs previously implemented in Net::DNS::SEC are now
        integrated with Net::DNS.

Fix: rt.cpan.org #105808
        Version test for Pod::Test is broken

Fix: rt.cpan.org #105698
        Net-DNS 1.01 conflicts with Net-DNS-SEC 0.22
2016-08-05 23:34:17 +00:00
wiz
86a78fce2e Bump PKGREVISION for perl-5.24. 2016-06-08 19:22:13 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
he
4b88f1bc6e Add a patch so that p5-Net-DNS-SEC doesn't try to install RR modules
which are after 1.01 of p5-Net-DNS part of that package instead.
Fixes https://rt.cpan.org/Public/Bug/Display.html?id=105698 while
we wait for version 1.01 of Net::DNS::SEC.

PKGREVISION bumped.
2015-07-27 08:22:33 +00:00
wiz
40bbad7ac6 Comment out dependencies of the style
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.

No effective change for the above reason.

Ok joerg
2015-07-12 18:56:06 +00:00
wiz
93b1dc39c6 Update to 0.22:
**** 0.22 February 11, 2015

   Fix: rt.cpan.org #101184
   make siginception and sigexpiration available as time() values

   Fix: rt.cpan.org #101183
   wrong URL for blog in README

   Fix: rt.cpan.org #83031
   [RRSIG] lack of ECDSA support


***0.21 October 24, 2014

   Fix: rt.cpan.org #99250
   [RRSIG] validation fails when Signer's Name is upper case

   Fix: rt.cpan.org #99106
   Premature end of base64 data  (in 14-misc.t test script)


***0.20 August 15, 2014

   Fix: rt.cpan.org #97457
   !hex! error when parsing NSEC3 with empty salt


***0.19 Jun 6, 2014

   Remove inappropriate deprecation warning in DNSKEY.pm


***0.18 May 8, 2014

   Recode RR implementations to provide Net::DNS 0.69+ interface.

   Fix: rt.cpan.org #95034
   Failure to parse NSEC3PARAM record with null salt

   Fix: rt.cpan.org #81289
   Failure to handle GOST DS records


***0.17 November 29, 2013

   Fix: rt.cpan.org #90270
   NSEC3->covered() should use case-insensitive comparisons

   Fix: rt.cpan.org #79606
   Lower case zone-name part with DNSKEY::privatename

   Allow to specify algorithms with ::Private->new_rsa_private and
   ::Private->generate_rsa instead of assuming RSASHA1.

   Fix: rt.cpan.org #55621
   Specify license type (mit) in META.yml

   Fix: rt.cpan.org #60269
   Remove Digest::SHA1 prerequirement

   Fix: rt.cpan.org #62387 & #63273
   Typo fixes

   Fix: rt.cpan.org #62386
   Make Net::DNS::RR::DS::digtype method work

   Fix: rt.cpan.org #62385
   Do not compress Next Domain Name in NSEC rdata.

   Fix: rt.cpan.org #61104
   Spelling correction in DS.pm and fix of key2ds demo program

   Fix: rt.cpan.org #60185
   Make sure %main::SIG hash keeps its values when compiling Net::DNS::RR::SIG
   in perl versions before 5.14.  See also: rt.perl.org #76138

   Fix: rt.cpan.org #64552 and rt.cpan.org #79606
   Support for private-key-format v1.3

   Fix: rt.cpan.org #75892
   Do not canonicalize the "Next Domain Name" rdata field of a NSEC RR
   for draft-ietf-dnsext-dnssec-bis-updates-17 compliance.

   BUG FIX/FEATURE: validation of wildcard RRs now available. Duane
   Wessels is acknowledged for submitting the initial code on which
   this fix is based.

   FIX: case sensitivity of ownername during DS generation
        (Acknowledgements Jens Wagner)
2015-07-12 14:43:23 +00:00
wiz
2e65d464e8 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:50:58 +00:00
wiz
e8647fedbb Remove SVR4_PKGNAME, per discussion on tech-pkg. 2014-10-09 13:44:32 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
tron
19fd9a3b46 Reset maintainer to "pkgsrc-users@NetBSD.org". 2013-03-02 10:44:33 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
wiz
8b5d49eb78 Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.
2012-10-03 21:53:53 +00:00
wiz
efd3373f7a Since p5-Crypt-OpenSSL-RSA versions before 0.27 are broken with
perl-5.14, and perl-5.14 is pkgsrc's default, depend on at least that
version. Bump PKGREVISION.
2012-05-09 06:21:39 +00:00
obache
9b0c7b655d Revision bump after updating perl5 to 5.14.1. 2011-08-14 14:42:45 +00:00
seb
c3f1e700ad Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.

The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.

sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
2010-08-21 16:32:42 +00:00
sno
b514ea696f Updating security/p5-Net-DNS-SEC from 0.15 to 0.16
pkgsrc changes:
- Adjust dependencies
- Add license definition

Upstream changes:
***0.16 March 12, 2010
   Feature: KEY inherits DNSKEY
   This helps maintenance in one part of the code.

   Feature: keylength methode rt.cpan.org #53468
   Added keylength method for RSA and DSA
   Acknowledgements Hugo Salgado

   Fix: rt.cpan.org #51778
   Empty bitmap would cause error about undefined ARRAY in NSEC/NSEC3.
   Now the code will allow empty bitmaps gracefully

   Feature: New Algorithm Support (rt.cpan.org #51092)
   SHA2 algorithm support, including NSEC3 algorithm parameters updated
   Acknowledgement Jakob Shlyter

   Fix: rt.cpan.org #42089
   NSEC3 Algorithm support in NSEC3 broken
   patch by Wes Hardaker
2010-03-16 10:32:38 +00:00
sno
d608f7737c pkgsrc changes:
- Updating package for p5 module Net::DNS::SEC from 0.14nb1 to 0.15
  - Adjusting / reordering dependencies according to META.yml

Upstream changes:
***0.15 December 31, 2008

   Fix: digestbin not set when an empty value passed to hash.

   Feature: Added DLV (rfcc 4431). The RR object is simply a clone of
   the DS RR and inherits ... everything

   Feature: Added NSEC3 and NSEC3PARAM support (RFC5155).
   This adds Mime::Base32 to the module dependency list.
   The RR type was still experimental at that time and is maintained
   in Net::DNS::RR.

   Fix: Test script recognizes change in Time::Local. Note that
   Time::Local does not deal with dates beyond 03:14:07 UTC on
   Tuesday, 19 January 2038. Therefore this code has a year 2038
   problem.

   Fix: DS create_from_hash now produces objects that can create
   wireformat.

   Other: minor changes to the debug statements
          added t/05-rr.t (and identified a couple of bugs using it)

   Fix: a few inconsistencies with respect to parsing of trailing dots.

   During development the test signatures generated with the BIND tools
   were re-generated in order to troubleshoot a bug that (most
   probably) was caused by a version incompatibility between Net::DNS
   and Net::DNS::SEC.  Before release the original test from the 0.14
   release were ran against this version too.
2009-07-08 14:10:18 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
he
b021813da0 Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.

The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
2008-10-19 19:17:40 +00:00
heinz
120c892176 Updated to version 0.14.
Pkgsrc changes:
  - Added support for installation to DESTDIR.
  - p5-Digest-SHA is a new requirement.

Changes since version 0.12:
===========================
0.14 February 14, 2005

   FIX: The introducion of the keytag warning triggered a bug with RSAMD5
        keys, causing RSAMD5 keys not to be loaded.

0.13 December 9, 2005

   FEAT: rt.cpan.org 14588
        Added support for passing (a reference to) an array of keys to the
	RRSIG verify function.

   FIX/FEAT:
	The Net::DNS::SEC::Private function will for RSA based keys verify if
	the keytag in the filename is actually correct.
	Since at parsing the value of the DNSKEY RR flags is not known we
	test against the currently defined flag values 256 and 257.

	If we cannot find a keytag match a warning is printed and Private
	key generation fails

        This inconsistency was spotted by Jakob Shlyter.

   FEAT: Added support for SHA256 to the DS RR. Assigned the expected
        digest type2 for SHA256 type hashes.

        Note that this makes the Net::DNS::SEC depend on Digest::SHA instead
        of Digest::SHA1.

        The default digest type is still set to 1.

        NB. The code makes assumptions about the IANA assignment of the
            digest type. The assignment may change. Do not use SHA256 in
	    production zones!!

   FIX: rt.cpan.org #15662
	Roy Arends noticed and patched the label counting did not ignore
        an initial asterisk label.

   FIX: Wes Hardaker noticed the default TTL values for created signatures to
        be different from the TTLs from the data that is being signed.

   FIX: Wes Hardaker reported there was a problem with validating
        RRsets that had ownernames with capitals.
	The fix depends on a fix in Net::DNS::RR that is available in
	version 0.53_03 or later of the Net::DNS distribution.


  FEAT: Propper dealing with mnemonics for algorithm and digest type
	added to DS

  FIX/FEAT: Mnemonics were written as RSA/MD5 and RSA/SHA1. This has been
        corrected tp RSASHA1 and RSAMD5, as in the IANA registry.

0.12_02 June 6, 2005 (beta 2 release for 0.13)

   Bug: new_from_hash would not correctly create the RR since internally
	typebm is used to store the data this has been fixed so that
        the following works

        Net::DNS::RR->new(name=>$name,
                    ttl=>$ttl,
                    type=>"NSEC",
                    nxtdname=>$nxtdname,
                    typelist=>join(" ",@types)
                   );

   FEAT: Introduced the "use bytes" pragma to force character interpretation
         of all the scalars. Any utf processing by perl makes the code behave
         unpredictable.

0.12_01 April 18, 2005. (beta release for version 0.13)

   FEAT (!!!): Changed the symantics of the Net::DNS::Keyset::verify method.
	 Read the perldoc for details. The requirement that each key in a
         keyset has to be selfsigned has been loosened.

   FEAT: Added a "carp" to the new methods of the NXT RR. Warning that
	 that record is depricated.

   FEAT: Cleaned the tests so that RRSIG and DNSKEY are used except for
         SIG0 based tests.

   FEAT: Changed the name of the siginceptation[SIC] to siginception.
	 Thanks Jakob Schlyter for notifying me of this mistyping.
	 An alias for the method remains available.

   FEAT: Renamed unset_sep() to clear_sep().


   NOTE: To avoid confusion the Net::DNS::SIG::Private class has been
         removed. Use Net::DNS::SEC::Private!

   DOC:  Added references to RFC 4033, RFC 4034 and RFC 4035. Rewrote parts
         of the perlpod.
2007-05-17 17:30:21 +00:00
reed
5abef9be14 Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).
2006-04-06 06:21:32 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
heinz
87e3e96f9a The home page changed. 2005-10-22 20:05:01 +00:00
jlam
7fbb8d9527 Bump the PKGREVISIONs of all (638) packages that hardcode the locations
of Perl files to deal with the perl-5.8.7 update that moved all
pkgsrc-installed Perl files into the "vendor" directories.
2005-08-06 06:19:03 +00:00
jlam
7a6521287b Turn PERL5_PACKLIST into a relative path instead of an absolute path.
These paths are now relative to PERL5_PACKLIST_DIR, which currently
defaults to ${PERL5_SITEARCH}.  There is no change to the binary
packages.
2005-07-13 18:01:18 +00:00
heinz
f5bdaed4b1 Updated to version 0.12
OWN_DIRS was incorrectly used (did not work when PKG_CONFIG=no).
INSTALLATION_DIRS creates the directories now and the PLIST removes them.

Needs at least net/p5-Net-DNS 0.44 (see changes below).
--

Changes since 0.11
==================
   FEAT: Added utility function key_difference() to Net::DNS::SEC. See
         perlpod for details. I needed this in other software and
         figured they are generic enough to make them available
         through this module.

   FEAT: Modified some functions to use DNSKEY and RRSIG instead off
         KEY and SIG.
         - Net::DNS::Keyset now uses DNSKEY and RRSIG.
	 - the demo function getkeyset.pl now uses DNSKEY too.

   FEAT: Added the possibility to create a keyset out of two arrays of
         dnskey and rrsig object.

   FEAT: Added some helperfunctions to Net::DNS::SEC::Private to read X509
         formated private keys and dump them into bind format.
	 This functionality has not been tested well.

   BUG : When reading a RRSIG from a packet the signame would not have
         a trailing dot.

   FEAT:  Removed critical dependency on bubblebabble. It is available to
          DS if installed but not critically dependend.

   BUG: - Fixed minor in signing unknown RR types.

   FEAT: - Prelimanary support for draf-ietf-dnssec-nsec-rdata-02. This
	   depends on support for unknown RR types (Net::DNS version
           0.44)

   FEAT: - To be able to deal with argument supplied as either mnemonics or
           by value the Net::DNS::SEC::argument method was created. It can
           be used as a class method but it is also inherited by
	   Net::DNS::RR::RRSIG and Net::DNS::RR::DNSKEY.
2005-04-20 16:22:38 +00:00