![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / security / gnutls
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.27 / (download) - annotate - [select for diffs], Mon Jul 11 16:10:29 2011 UTC (10 months, 2 weeks ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
HEAD
Changes since 1.26: +1 -2
lines
Diff to previous 1.26 (colored)
update to 2.12.7 changes: -bugfixes -minor feature additions pkgsrc change: since the pkg was changed to build against "nettle" instead of libgcrypt (whether this was a good idea or not...), the latter isn't needed anymore, so remove the stale dependency This can cause build breakage -- in this case addition of a local dependency should restore the old state. (This dependency is technically unnecessary often, but the assumption that gnutls needs libgcrypt is sometimes hardwired in configure scripts and/or code.)
Revision 1.26 / (download) - annotate - [select for diffs], Wed Apr 27 07:19:06 2011 UTC (12 months, 4 weeks ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored)
need to buildlink with security/nettle. fixes PR#44909.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Apr 26 10:35:29 2011 UTC (13 months ago) by adam
Branch: MAIN
Changes since 1.24: +3 -3
lines
Diff to previous 1.24 (colored)
Changes 2.12.3: * libgnutls: Several minor bugfixes. * libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings. * libgnutls: depend on libdl. * libgnutls: gnutls_transport_set_global_errno() was deprecated. Use your system's errno fascility or gnutls_transport_set_errno(). * gnutls-cli: Correction with usage of select to check for pending data in gnutls sessions. It now uses gnutls_record_check_pending(). * tests: More fixes and updates for win32. Patches by LRN. * libgnutls: Several files unnecessarily included <gcrypt.h>; this has been fixed. ** API and ABI modifications: gnutls_transport_set_global_errno: DEPRECATED Changes 2.12.2: * libgnutls: Several updates and fixes for win32. Patches by LRN. * libgnutls: Several bug and memory leak fixes. * srptool: Accepts the -d option to enable debugging. * libgnutls: Corrected bug in gnutls_srp_verifier() that prevented the allocation of a verifier. Reported by Andrew Wiseman. Changes 2.12.1: * certtool: Generated certificate request with stricter permissions. * libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. * libgnutls: Corrected windows system_errno() function prototype. * libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. * libgnutls: Fix size of gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler.
Revision 1.24 / (download) - annotate - [select for diffs], Fri Apr 22 13:42:00 2011 UTC (13 months ago) by obache
Branch: MAIN
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored)
recursive bump from gettext-lib shlib bump.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Sep 1 16:32:17 2010 UTC (20 months, 3 weeks ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Changes since 1.22: +1 -2
lines
Diff to previous 1.22 (colored)
update to 2.10.1 many fixes and API extensions, but still binary compatible afaict
Revision 1.22 / (download) - annotate - [select for diffs], Fri Mar 20 19:25:17 2009 UTC (3 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.21: +6 -13
lines
Diff to previous 1.21 (colored)
Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Mar 6 14:52:12 2008 UTC (4 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored)
Update to 2.2.2:
* Version 2.2.2 (released 2008-02-21)
** Cipher priority string handling now handle strings that starts with NULL.
Thanks to Laurence Withers <l@lwithers.me.uk>.
** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
by Daniel Stenberg.
** Increased the default certificate verification chain limits and allowed
for checks without limitation.
** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
strings and return the proper size.
** API and ABI modifications:
No changes since last version.
* Version 2.2.1 (released 2008-01-17)
** Prevent linking libextra against previously installed libgnutls.
Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see
<http://bugs.gentoo.org/show_bug.cgi?id=202269>.
** Fixes the post_client_hello_function(). The extensions are now parsed
in a callback friendly way.
** Fix for certificate selection in servers with certificate callbacks.
** API and ABI modifications:
No changes since last version.
* Version 2.2.0 (released 2007-12-14)
Major changes compared to the v2.0 branch:
* SRP support aligned with newly published RFC 5054.
* OpenPGP support aligned with newly published RFC 5081.
* Support for DSA2 keys.
* Support for Camellia cipher.
* Support for Opaque PRF Input extension.
* PKCS#8 parser now handle DSA keys.
* Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra,
etc. Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier
versions, such as 2.01 which is included with GnuTLS, is available under
GPLv2 or later. If this incompatibility causes problems, we recommend
you to disable LZO using --without-lzo. LZO compression is not a
standard TLS compression algorithm, so the impact should be minimal.
* Functions for disabling record protocol padding.
Works around bugs on Nokia/Ericsson phones.
* New functions gnutls_priority_set() for setting cipher priorities easily.
Priorities like "COMPAT" also enables other work arounds, such as
disabling padding.
* Other minor improvements and bug fixes.
Minor changes compared to the latest v2.1.8 release candidate:
* Update internal copy of libtasn1 to version 1.2.
* Certtool --verify-chain now handle inputs larger than 64kb.
This fixes the self-test "rsa-md5-collision" under MinGW+Wine with
recent versions of libgcrypt. The problem was that Wine with the
libgcrypt RNG generates huge amounts of debugging output.
* Translation updates.
Added Dutch translation. Updated Polish and Swedish translation.
Backwards incompatible API/ABI changes in GnuTLS 2.2
====================================================
To adapt to changes in the TLS extension specifications for OpenPGP
and SRP, the GnuTLS API had to be modified. This means breaking the
API and ABI backwards compatibility. That is something we try to
avoid unless it is necessary. We decided to also remove the already
deprecated stub functions for X.509 to XML conversion and TLS
authorization (see below) when we had the opportunity.
Generally, most applications does not need to be modified. Just
re-compile them against the latest GnuTLS release, and it should work
fine.
Applications that use the OpenPGP or SRP features needs to be
modified. Below is a list of the modified APIs and discussion of what
the minimal things you need to modify in your application to make it
work with GnuTLS 2.2.
Note that GnuTLS 2.2 also introduces new APIs -- such as
gnutls_set_priority() that is superior to
gnutls_set_default_priority() -- that you may want to start using.
However, using those new APIs is not required to use GnuTLS 2.2 since
the old functions continue are still supported. This text only
discuss what you minimally have to modify.
XML related changes
-------------------
The function `gnutls_x509_crt_to_xml' has been removed. It has been
deprecated and only returned an error code since GnuTLS version
1.2.11. Nobody has complained, so users doesn't seem to miss the
functionality. We don't know of any other library to convert X.509
certificates into XML format, but we decided (long ago) that GnuTLS
isn't the right place for this kind of functionality. If you want
help to find some other library to use here, please explain and
discuss your use case on help-gnutls <at> gnu.org.
TLS Authorization related changes
---------------------------------
Everything related to TLS authorizations have been removed, they were
only stub functions that returned an error code:
GNUTLS_SUPPLEMENTAL_AUTHZ_DATA
gnutls_authz_data_format_type_t
gnutls_authz_recv_callback_func
gnutls_authz_send_callback_func
gnutls_authz_enable
gnutls_authz_send_x509_attr_cert
gnutls_authz_send_saml_assertion
gnutls_authz_send_x509_attr_cert_url
gnutls_authz_send_saml_assertion_url
SRP related changes
-------------------
The callback gnutls_srp_client_credentials_function has a new
prototype, and its semantic has changed. You need to rewrite the
callback, see the updated function documentation and SRP example code
(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more
information.
The alert codes GNUTLS_A_MISSING_SRP_USERNAME and
GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP
specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is
used. There are #define's to map the old names to the new. You may
run into problems if you have a switch-case with cases for both SRP
alerts, since they are now mapped to the same value. The solution is
to drop the SRP alerts from such switch cases, as they are now
deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY.
OpenPGP related changes
-----------------------
The function `gnutls_certificate_set_openpgp_keyserver' have been
removed. There is no replacement functionality inside GnuTLS. If you
need keyserver functionality, consider using the GnuPG tools.
All functions, types, and error codes related to OpenPGP trustdb
format have been removed. The trustdb format is a non-standard
GnuPG-specific format, and we recommend you to use key rings instead.
The following have been removed:
gnutls_certificate_set_openpgp_trustdb
gnutls_openpgp_trustdb_init
gnutls_openpgp_trustdb_deinit
gnutls_openpgp_trustdb_import
gnutls_openpgp_key_verify_trustdb
gnutls_openpgp_trustdb_t
GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED
The following functions has an added parameter of the (new) type
`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data
(binary or base64). The functions are:
gnutls_certificate_set_openpgp_key_file
gnutls_certificate_set_openpgp_key_mem
gnutls_certificate_set_openpgp_keyring_mem
gnutls_certificate_set_openpgp_keyring_file
To improve terminology and align with the X.509 interface, some
functions have been renamed. Compatibility mappings exists. The old
and new names of the affected functions and types are:
Old name New name
gnutls_openpgp_key_t gnutls_openpgp_crt_t
gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
gnutls_openpgp_key_init gnutls_openpgp_crt_init
gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
gnutls_openpgp_key_import gnutls_openpgp_crt_import
gnutls_openpgp_key_export gnutls_openpgp_crt_export
gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
gnutls_openpgp_send_key gnutls_openpgp_send_cert
* Version 2.0.0 (released 2007-09-04)
The following changes have been made since GnuTLS 1.6:
* Support for external RSA/DSA signing for TLS client authentication.
This allows you to secure the private key better, for example by using
privilege-separation techniques between the private key and the
network client/server.
* Support for signing X.509 certificates using RSA with SHA-256/384/512.
* Experimental support for TLS 1.2 (disabled by default). The TLS 1.2
specification is not finalized yet, but we implement a draft version
for testing.
* Support for X.509 Proxy Certificates (RFC 3820)
* Support for Supplemental handshakes messages (RFC 4680).
* Support for TLS authorization extension (draft-housley-tls-authz-extns-07).
* Support for the X.509 'otherName' Subject Altnerative Names (for XMPP).
* Guile bindings for GnuTLS have been added, thanks to Ludovic Courtes.
* Improve logic of gnutls_set_default_priority() which can now be more
recommended.
* New APIs to enumerate supported algorithms in the library.
* New APIs to access X.509 Certificate extension sequentially.
* New APIs to print X.509 Certificates and CRLs in human readable formats.
* New APIs to extract X.509 Distinguished Names from certificates.
* New APIs to handle pathLenConstraint in X.509 Basic Constraints.
* Certtool can export more than one certificate to PKCS#12.
* Several message translation improvements.
* Instructions and improvements to easily set up a HTTPS test server.
* Included copies updated to Libtasn1 1.1 and OpenCDK 0.6.4.
* Build improvements for Windows, Mac OS X, uClinux, etc.
* GnuTLS is now developed in GIT.
* Improved manual
* Many bugfixes and minor improvements.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 31 01:04:26 2008 UTC (4 years, 3 months ago) by reed
Branch: MAIN
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Increase the BUILDLINK_API_DEPENDS.gnutls to at least gnutls>=1.2.6 which is still very old. This fixes problem where building something depending on gnutls when old gnutls is already installed using liblzo won't buildlink because lzo is not installed. This forces a newer gnutls to be installed that uses lzo instead.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Sep 5 21:51:21 2007 UTC (4 years, 8 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
update to 2.0.0 While an update to a .0 version is somehow risky, it finishes the unfortunate state that the pkgsrc gnutls didn't work with the pkgsrc opencdk, which I wouldn't like to go into the next stable branch. Release candidates have worked for me, and there is some time left before the Q3 branch, so I'm confident. changes: * Support for external RSA/DSA signing for TLS client authentication -many X.509 enhancements Support for Supplemental handshakes messages (RFC 4680) * Support for TLS authorization extension (draft-housley-tls-authz-extns-07) * Improve logic of gnutls_set_default_priority() * New APIs to enumerate supported algorithms in the library * Certtool can export more than one certificate to PKCS#12 * Several message translation improvements * Improved manual * Many bugfixes and minor improvements
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 6 06:23:59 2007 UTC (4 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored)
Use included opencdk for now, opencdk-0.6.x is not compatible with gnutls-1.6.x (the stable branch). No further PKGREVISION bumps necessary, because opencdk caused recursive PKGREVISION bumps and afterwards gnutls wouldn't build. Addresses PR pkg/36448.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Jun 5 05:36:59 2007 UTC (4 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.16: +2 -2
lines
Diff to previous 1.16 (colored)
opencdk shlib major changed; bump ABI depends and PKGREVISIONs of affected packages.
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jul 8 23:11:06 2006 UTC (5 years, 10 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jul 8 22:39:36 2006 UTC (5 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Apr 6 06:22:38 2006 UTC (6 years, 1 month ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Changes since 1.13: +3 -3
lines
Diff to previous 1.13 (colored)
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Revision 1.13 / (download) - annotate - [select for diffs], Mon Mar 6 00:18:10 2006 UTC (6 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
Belatedly bump PKGREVISION for all libtasn1 dependencies, since libtasn1 had a shlib major bump. Also update dependencies in bl3.mk files. Addresses PR 32998 by Robert Elz.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:43 2006 UTC (6 years, 3 months ago) by joerg
Branch: MAIN
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored)
Recursive revision bump / recommended bump for gettext ABI change.
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jan 20 21:14:04 2006 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Changes 1.3.3: ** New API to access the TLS master secret. When possible, you should use the TLS PRF functions instead. ** Improved handling when multiple libraries use GnuTLS at the same time. Now gnutls_global_init() can be called multiple times, and gnutls_global_deinit() will only deallocate the structure when it has been called as many times as gnutls_global_init() was called. ** Added a self test of TLS resume functionality. ** Fix crash in TLS resume code, caused by TLS/IA changes. ** Add 'const' keywords in various places, from Frediano ZIGLIO. ** The code was indented again, including the external header files. ** API and ABI modifications: New functions to retrieve the master secret value: gnutls_session_get_master_secret Add a 'const' keyword to existing API: gnutls_x509_crq_get_challenge_password
Revision 1.10 / (download) - annotate - [select for diffs], Sat Dec 31 11:20:11 2005 UTC (6 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
Update to 1.3.2 bumped library major version -- bump BUILDLINK_RECOMMENDED.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Sep 5 07:34:05 2005 UTC (6 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.8: +3 -2
lines
Diff to previous 1.8 (colored)
buildlink3.mk matches Makefile now
Revision 1.7.4.1 / (download) - annotate - [select for diffs], Mon May 2 20:14:06 2005 UTC (7 years ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Pullup ticket 479 - requested by Thomas Klausner
security update for gnutls
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.26, 1.28
- pkgsrc/security/gnutls/PLIST 1.13-1.14
- pkgsrc/security/gnutls/buildlink3.mk 1.8
- pkgsrc/security/gnutls/distinfo 1.15-1.16
- pkgsrc/security/gnutls/patches/patch-aa removed
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 8 15:50:41 UTC 2005
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-aa
Log Message:
Update to 1.2.1:
* Version 1.2.1 (2005-04-04)
- gnutls_bye() will no longer fail when RDWR is used and application
data are available for reading.
- Added more strict checks for the SRP parameters (g,n), when they
are not in the included list.
- Added warning to certtool when MD5 is being used for digital
signatures.
- Optimizations ("-O2 -finline-functions") are not enabled by default,
instead the standard autoconf defaults are used. Use `./configure
CFLAGS="-O2 -finline-functions"' to get the old optimizations.
- Added the option --get-dh-params to certtool, in order to get the
included in the library primes and generators.
- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
allow only trusted Version 1 CAs and introduced
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
- Nettle self tests now build properly, reported by Pierre
- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
Reported by Yoann Vandoorselaere
- Added the functions:
gnutls_x509_crt_list_import(),
gnutls_x509_crq_get_attribute_by_oid(),
gnutls_x509_crq_set_attribute_by_oid() and
gnutls_x509_crt_set_extension_by_oid().
- If the library has been compiled with features disabled, a warning is
issued during the compilation of any program.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon May 2 12:59:24 UTC 2005
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
Update to 1.2.3:
* Version 1.2.3
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
* Version 1.2.2 (2005-04-25)
- gnutls_error_to_alert() now considers
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
- Fixed error in session resuming that could cause a crash in
a session.
- Fixed pkcs12 friendly name and local key identifier decoding.
- Internal cleanups, removed duplicate typedef/struct definitions,
and made source code include external include file, to check
function prototypes during compile time.
- API and ABI modifications:
No changes since last version. At least not intentional, but due
to the include header changes, there may be inadvertant changes,
please let us know if you find any.
---
Module Name: pkgsrc
Committed By: salo
Date: Mon May 2 19:48:37 UTC 2005
Modified Files:
pkgsrc/security/gnutls: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!)
Revision 1.8 / (download) - annotate - [select for diffs], Mon May 2 19:48:37 2005 UTC (7 years ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!)
Revision 1.7 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:08 2004 UTC (7 years, 7 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Branch point for: pkgsrc-2005Q1
Changes since 1.6: +2 -1
lines
Diff to previous 1.6 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.6 / (download) - annotate - [select for diffs], Sat May 22 10:17:47 2004 UTC (8 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Shared library major version change, so buildlink3.mk has to be updated, right?
Revision 1.5 / (download) - annotate - [select for diffs], Thu Mar 18 09:12:14 2004 UTC (8 years, 2 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.4: +2 -3
lines
Diff to previous 1.4 (colored)
Fix serious bug where BUILDLINK_PACKAGES wasn't being ordered properly by moving the inclusion of buildlink3.mk files outside of the protected region. This bug would be seen by users that have set PREFER_PKGSRC or PREFER_NATIVE to non-default values. BUILDLINK_PACKAGES should be ordered so that for any package in the list, that package doesn't depend on any packages to the left of it in the list. This ordering property is used to check for builtin packages in the correct order. The problem was that including a buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed from BUILDLINK_PACKAGES and appended to the end. However, since the inclusion of any other buildlink3.mk files within that buildlink3.mk was in a region that was protected against multiple inclusion, those dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Mar 16 17:58:01 2004 UTC (8 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
BUILDLINK_DEPENDS.<pkg> should be appended to, not set.
Revision 1.3 / (download) - annotate - [select for diffs], Fri Mar 5 19:25:39 2004 UTC (8 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.2: +12 -9
lines
Diff to previous 1.2 (colored)
Reorder location and setting of BUILDLINK_PACKAGES to match template buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Mar 1 15:14:45 2004 UTC (8 years, 2 months ago) by jmmv
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Update to 1.0.8. Changes since 1.0.6: Version 1.0.8 (28/02/2004) - Corrected bug in mutual certificate authentication in SSL 3.0. - Several other minor bugfixes. Version 1.0.7 (25/02/2004) - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack). - Some updates in the documentation.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 10 00:21:28 2004 UTC (8 years, 3 months ago) by jlam
Branch: MAIN
buildlink3.mk file for security/gnutls (used by mail/dovecot).