Up to [cvs.NetBSD.org] / pkgsrc / security / gnutls
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.49 / (download) - annotate - [select for diffs], Wed Nov 8 13:20:45 2023 UTC (4 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
HEAD
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored) to selected 1.25 (colored)
*: recursive bump for icu 74.1
Revision 1.48 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:48 2023 UTC (5 months ago) by wiz
Branch: MAIN
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored) to selected 1.25 (colored)
*: bump for openssl 3
Revision 1.47 / (download) - annotate - [select for diffs], Wed Apr 19 08:08:40 2023 UTC (11 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.46: +2 -2
lines
Diff to previous 1.46 (colored) to selected 1.25 (colored)
revbump after textproc/icu update
Revision 1.46 / (download) - annotate - [select for diffs], Wed Feb 15 07:40:52 2023 UTC (13 months, 1 week ago) by nikita
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.45: +1 -4
lines
Diff to previous 1.45 (colored) to selected 1.25 (colored)
gnutls: remove guile bindings, dropped and moved to https://gitlab.com/gnutls/guile/
Revision 1.45 / (download) - annotate - [select for diffs], Wed Oct 26 10:31:07 2022 UTC (17 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.44: +2 -2
lines
Diff to previous 1.44 (colored) to selected 1.25 (colored)
*: bump PKGREVISION for libunistring shlib major bump
Revision 1.44 / (download) - annotate - [select for diffs], Tue Jun 28 11:35:35 2022 UTC (21 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.43: +2 -2
lines
Diff to previous 1.43 (colored) to selected 1.25 (colored)
*: recursive bump for perl 5.36
Revision 1.43 / (download) - annotate - [select for diffs], Thu Mar 17 21:16:25 2022 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.42: +1 -4
lines
Diff to previous 1.42 (colored) to selected 1.25 (colored)
gnutls: updated to 3.7.4 Version 3.7.4 (released 2022-03-17) ** libgnutls: Added support for certificate compression as defined in RFC8879. ** certtool: Added option --compress-cert that allows user to specify compression methods for certificate compression. ** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure option to enforce stricter certificate sanity checks that are compliant with RFC5280. ** libgnutls: Removed IA5String type from DirectoryString within issuer and subject name to make DirectoryString RFC5280 compliant. ** libgnutls: Added function to retrieve the name of current ciphersuite from session. ** API and ABI modifications: GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member gnutls_compress_certificate_get_selected_method: Added gnutls_compress_certificate_set_methods: Added
Revision 1.42 / (download) - annotate - [select for diffs], Mon Jan 3 12:36:53 2022 UTC (2 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.41: +4 -2
lines
Diff to previous 1.41 (colored) to selected 1.25 (colored)
gnutls: add lzo option Based on PR 56601 by Vladimir Stupin.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Sep 29 19:00:12 2021 UTC (2 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.40: +2 -2
lines
Diff to previous 1.40 (colored) to selected 1.25 (colored)
revbump for boost-libs
Revision 1.40 / (download) - annotate - [select for diffs], Wed Apr 21 13:24:15 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.39: +2 -2
lines
Diff to previous 1.39 (colored) to selected 1.25 (colored)
revbump for boost-libs
Revision 1.36.2.1 / (download) - annotate - [select for diffs], Tue Jun 9 11:55:34 2020 UTC (3 years, 9 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.36: +7 -1
lines
Diff to previous 1.36 (colored) next main 1.37 (colored) to selected 1.25 (colored)
Pullup ticket #6232 - requested by maya security/gnutls: security fix Revisions pulled up: - security/gnutls/Makefile 1.210-1.213 - security/gnutls/PLIST 1.70-1.71 - security/gnutls/PLIST.guile 1.1 - security/gnutls/buildlink3.mk 1.37 - security/gnutls/distinfo 1.143-1.144 - security/gnutls/options.mk 1.3 - security/gnutls/patches/patch-configure 1.5 --- Module Name: pkgsrc Committed By: adam Date: Wed Apr 1 08:24:07 UTC 2020 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Added Files: pkgsrc/security/gnutls/patches: patch-configure Log Message: gnutls: updated to 3.6.13 Version 3.6.13: ** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol [GNUTLS-SA-2020-03-31, CVSS: high] ** libgnutls: Added new APIs to access KDF algorithms. ** libgnutls: Added new callback gnutls_keylog_func that enables a custom logging functionality. ** libgnutls: Added support for non-null terminated usernames in PSK negotiation. ** gnutls-cli-debug: Improved support for old servers that only support SSL 3.0. ** API and ABI modifications: gnutls_hkdf_extract: Added gnutls_hkdf_expand: Added gnutls_pbkdf2: Added gnutls_session_get_keylog_function: Added gnutls_session_set_keylog_function: Added gnutls_prf_hash_get: Added gnutls_psk_server_get_username2: Added gnutls_psk_set_client_credentials2: Added gnutls_psk_set_client_credentials_function2: Added gnutls_psk_set_server_credentials_function2: Added --- Module Name: pkgsrc Committed By: nikita Date: Thu May 14 14:30:02 UTC 2020 Modified Files: pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk Added Files: pkgsrc/security/gnutls: PLIST.guile Log Message: security/gnutls: revbump, add support for building guile bindings --- Module Name: pkgsrc Committed By: leot Date: Mon Jun 8 19:48:14 UTC 2020 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Log Message: gnutls: Update to 3.6.14 Changes: 3.6.14 ------ * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). [GNUTLS-SA-2020-06-03, CVSS: high] * libgnutls: Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority Key Identifier (AKI) properly (#989, #991). * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). * libgnutls: Added several improvements on Windows Vista and later releases (!1257, !1254, !1256). Most notably the system random number generator now uses Windows BCrypt* API if available (!1255). * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). Also both accelerated and non-accelerated implementations check key block according to FIPS-140-2 IG A.9 (!1233). * libgnutls: Added support for AES-SIV ciphers (#463). * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). * libgnutls: No longer use internal symbols exported from Nettle (!1235) * API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added
Revision 1.39 / (download) - annotate - [select for diffs], Tue Jun 9 09:53:11 2020 UTC (3 years, 9 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.38: +5 -3
lines
Diff to previous 1.38 (colored) to selected 1.25 (colored)
gnutls: fix detection of build options
Revision 1.38 / (download) - annotate - [select for diffs], Fri May 22 10:55:50 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored) to selected 1.25 (colored)
revbump after updating security/nettle
Revision 1.37 / (download) - annotate - [select for diffs], Thu May 14 14:30:02 2020 UTC (3 years, 10 months ago) by nikita
Branch: MAIN
Changes since 1.36: +7 -1
lines
Diff to previous 1.36 (colored) to selected 1.25 (colored)
security/gnutls: revbump, add support for building guile bindings
Revision 1.36 / (download) - annotate - [select for diffs], Sun Mar 8 16:48:06 2020 UTC (4 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base
Branch point for: pkgsrc-2020Q1
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored) to selected 1.25 (colored)
*: recursive bump for libffi
Revision 1.35 / (download) - annotate - [select for diffs], Sat Jul 20 22:46:04 2019 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.34: +2 -2
lines
Diff to previous 1.34 (colored) to selected 1.25 (colored)
*: recursive bump for nettle 3.5.1
Revision 1.34 / (download) - annotate - [select for diffs], Sun Dec 9 20:12:41 2018 UTC (5 years, 3 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.33: +2 -1
lines
Diff to previous 1.33 (colored) to selected 1.25 (colored)
gnutls: Update security/gnutls to 3.6.5 pkgsrc changes: - Remove comments regarding bash and tests (bash was added unconditionally due REPLACE_BASH usages) Changes: 3.6.5 ----- ** libgnutls: Provide the option of transparent re-handshake/reauthentication when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) ** libgnutls: The priority functions will ignore and not enable TLS1.3 if requested with legacy TLS versions enabled but not TLS1.2. That is because if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). ** libgnutls: Change RSA decryption to use a new side-channel silent function. This addresses a security issue where memory access patterns as well as timing on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher attacks. Side-channel resistant code is slower due to the need to mask access and timings. When used in TLS the new functions cause RSA based handshakes to be between 13% and 28% slower on average (Numbers are indicative, the tests where performed on a relatively modern Intel CPU, results vary depending on the CPU and architecture used). This change makes nettle 3.4.1 the minimum requirement of gnutls (#630). [CVSS: medium] ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword in the priority string. It is only accepted as legacy option and is ignored. ** libgnutls: Added support for EdDSA under PKCS#11 (#417) ** libgnutls: Added support for AES-CFB8 cipher (#357) ** libgnutls: Added support for AES-CMAC MAC (#351) ** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D S-BOXes). They are fixed now. ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private keys parsing, as specified in R 50.1.112-2016. ** gnutls-serv: It applies the default settings when no --priority option is given, using gnutls_set_default_priority(). ** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin option (#561) ** certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. ** API and ABI modifications: GNUTLS_AUTO_REAUTH: Added GNUTLS_CIPHER_AES_128_CFB8: Added GNUTLS_CIPHER_AES_192_CFB8: Added GNUTLS_CIPHER_AES_256_CFB8: Added GNUTLS_MAC_AES_CMAC_128: Added GNUTLS_MAC_AES_CMAC_256: Added gnutls_record_get_max_early_data_size: Added gnutls_record_send_early_data: Added gnutls_record_recv_early_data: Added gnutls_db_check_entry_expire_time: Added gnutls_anti_replay_set_add_function: Added gnutls_anti_replay_init: Added gnutls_anti_replay_deinit: Added gnutls_anti_replay_set_window: Added gnutls_anti_replay_enable: Added gnutls_privkey_decrypt_data2: Added
Revision 1.33 / (download) - annotate - [select for diffs], Thu Apr 19 22:12:25 2018 UTC (5 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.32: +3 -2
lines
Diff to previous 1.32 (colored) to selected 1.25 (colored)
Commit missing part of gnutls recursive bump. Noted by Patrick Welche.
Revision 1.31.4.1 / (download) - annotate - [select for diffs], Thu Jan 19 19:56:48 2017 UTC (7 years, 2 months ago) by bsiegert
Branch: pkgsrc-2016Q4
Changes since 1.31: +2 -1
lines
Diff to previous 1.31 (colored) next main 1.32 (colored) to selected 1.25 (colored)
Pullup ticket #5185 (second part) - requested by wiz security/gnutls: build fix Revisions pulled up: - security/gnutls/buildlink3.mk 1.32 --- Module Name: pkgsrc Committed By: wiz Date: Wed Jan 11 17:06:52 UTC 2017 Modified Files: pkgsrc/security/gnutls: buildlink3.mk Log Message: Add libunistring to bl3.mk, it's linked into libgnutls{,xx}.so. PR 51830
Revision 1.32 / (download) - annotate - [select for diffs], Wed Jan 11 17:06:52 2017 UTC (7 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.31: +2 -1
lines
Diff to previous 1.31 (colored) to selected 1.25 (colored)
Add libunistring to bl3.mk, it's linked into libgnutls{,xx}.so. PR 51830
Revision 1.31 / (download) - annotate - [select for diffs], Mon Sep 19 13:02:35 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Branch point for: pkgsrc-2016Q4
Changes since 1.30: +2 -2
lines
Diff to previous 1.30 (colored) to selected 1.25 (colored)
Remove another obsolete patch.
Revision 1.30 / (download) - annotate - [select for diffs], Sun Aug 23 14:30:35 2015 UTC (8 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored) to selected 1.25 (colored)
Bump PKGREVISION for nettle shlib major bump.
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jun 1 21:50:22 2015 UTC (8 years, 9 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.28: +3 -3
lines
Diff to previous 1.28 (colored) to selected 1.25 (colored)
update to gnutls 3.3.15 patch refresh grace of mkpatches upstream notable changes list since the 3.2 to 3.3 branch point (excerpt of the NEWS file): * Version 3.3.15 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** API and ABI modifications: No changes since last version. * Version 3.3.14 (released 2015-03-30) ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. ** libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. ** libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert wicki. ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). ** libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. ** libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 ** API and ABI modifications: No changes since last version. * Version 3.3.13 (released 2015-02-25) ** libgnutls: Enable AESNI in GCM on x86 ** libgnutls: Fixes in DTLS message handling ** libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. ** gnutls-cli: Fixes in OCSP verification. ** API and ABI modifications: No changes since last version. * Version 3.3.12 (released 2015-01-17) ** libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html ** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. ** libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. ** libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 ** libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 ** libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. ** libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. ** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** guile: Fix harmless warning during compilation of gnutls.scm Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. ** certtool: --pubkey-info will also attempt to load a public key from stdin. ** gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. ** API and ABI modifications: No changes since last version. * Version 3.3.11 (released 2014-12-11) ** libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. ** libgnutls: Corrected parsing issue with OCSP responses. ** API and ABI modifications: No changes since last version. * Version 3.3.10 (released 2014-11-10) ** libgnutls: Refuse to import v1 or v2 certificates that contain extensions. ** libgnutls: Fixes in usage of PKCS #11 token callback ** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. ** libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. ** libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. ** libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. ** libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. ** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. ** API and ABI modifications: No changes since last version. * Version 3.3.9 (released 2014-10-13) ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. ** libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. ** libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. ** libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. ** libgnutls-dane: Do not require the CA on a ca match to be direct CA. ** libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. ** guile: new 'set-session-server-name!' procedure; see the manual for details. ** certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. ** API and ABI modifications: No changes since last version. * Version 3.3.8 (released 2014-09-18) ** libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. ** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. ** libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. ** libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. ** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. ** libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. ** libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). ** libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. ** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. ** libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. ** libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. ** p11tool: when listing tokens, list their type as well. ** p11tool: when listing objects from a trust module print any attached extensions on certificates. ** API and ABI modifications: gnutls_x509_crq_get_extension_by_oid2: Added gnutls_x509_crt_get_extension_by_oid2: Added gnutls_x509_trust_list_verify_crt2: Added gnutls_x509_ext_print: Added gnutls_x509_ext_deinit: Added gnutls_x509_othername_to_virtual: Added gnutls_pkcs11_obj_get_exts: Added * Version 3.3.7 (released 2014-08-24) ** libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. ** libgnutls: bundle replacements of inet_pton and inet_aton if not available. ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. ** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** p11tool: Added --info parameter. ** certtool: Added --mark-wrap parameter. ** danetool: --check will attempt to retrieve the server's certificate chain and verify against it. ** danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. ** danetool: Added openssl linking exception, to allow linking with libunbound. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added gnutls_pkcs11_privkey_export_pubkey: Added gnutls_pkcs11_obj_flags_get_str: Added gnutls_pkcs11_obj_get_flags: Added * Version 3.3.6 (released 2014-07-23) ** libgnutls: Use inet_ntop to print IP addresses when available ** libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. ** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. ** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. ** libgnutls: fixed PKCS #11 private key operations after a fork. ** libgnutls: fixed PKCS #11 ECDSA key generation. ** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 ** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. ** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. ** p11tool: ask for label when one isn't provided. ** p11tool: added --batch parameter to disable any interactivity. ** p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. ** certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. ** API and ABI modifications: gnutls_certificate_set_x509_trust_dir: Added gnutls_x509_trust_list_add_trust_dir: Added * Version 3.3.5 (released 2014-06-26) ** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. ** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. ** libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. ** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. ** libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. ** certtool: option --to-p12 will now consider --load-ca-certificate ** certtol: Added option to specify the PKCS #12 friendly name on command line. ** p11tool: Allow marking a certificate copied to a token as a CA. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added gnutls_x509_crl_iter_deinit: Added gnutls_x509_crl_iter_crt_serial: Added gnutls_record_recv_packet: Added gnutls_packet_deinit: Added gnutls_packet_get: Added * Version 3.3.4 (released 2014-05-31) ** libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. ** API and ABI modifications: No changes since last version. * Version 3.3.3 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 ** gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. ** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. ** certtool: Allow multiple organizations and organizational unit names to be specified in a template. ** certtool: Warn when invalid configuration options are set to a template. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: gnutls_credentials_get: Added * Version 3.3.2 (released 2014-05-06) ** libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. ** libgnutls: Corrected file descriptor leak on random generator initialization. ** libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. ** libgnutls: Avoid deinitialization if initialization has failed. ** libgnutls: null-terminate othername alternative names. ** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** libgnutls-guile: Fixed compilation issue. ** certtool: Allow exporting a CRL on DER format. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: GNUTLS_PROFILE_VERY_WEAK: Added * Version 3.3.1 (released 2014-04-19) ** libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. ** libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls: The conditionally available self-test functions were moved to self-test.h. ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Corrected the *get_*_othername_oid() functions. ** API and ABI modifications: No changes since last version. * Version 3.3.0 (released 2014-04-10) ** libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. ** libgnutls: static libraries are not built by default. ** libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). ** libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. ** libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. ** libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). ** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. ** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). ** libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). ** libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. ** libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. ** libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. ** libgnutls: Depend on p11-kit 0.20.0 or later. ** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. ** libgnutls: The experimental xssl library is removed from the gnutls distribution. ** libgnutls: Reduced the number of gnulib modules used in the main library. ** libgnutls: Added priority string %DISABLE_WILDCARDS. ** libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). ** certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). ** certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. ** certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. ** libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT). ** API and ABI modifications: GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added gnutls_certificate_verify_peers: Added gnutls_privkey_generate: Added gnutls_pkcs11_crt_is_known: Added gnutls_fips140_mode_enabled: Added gnutls_sec_param_to_symmetric_bits: Added gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) gnutls_pubkey_verify_params: Added gnutls_privkey_export_ecc_raw: Added gnutls_privkey_export_dsa_raw: Added gnutls_privkey_export_rsa_raw: Added gnutls_privkey_import_ecc_raw: Added gnutls_privkey_import_dsa_raw: Added gnutls_privkey_import_rsa_raw: Added gnutls_privkey_verify_params: Added gnutls_x509_crt_check_hostname2: Added gnutls_openpgp_crt_check_hostname2: Added gnutls_x509_name_constraints_init: Added gnutls_x509_name_constraints_deinit: Added gnutls_x509_crt_get_name_constraints: Added gnutls_x509_name_constraints_add_permitted: Added gnutls_x509_name_constraints_add_excluded: Added gnutls_x509_crt_set_name_constraints: Added gnutls_x509_name_constraints_get_permitted: Added gnutls_x509_name_constraints_get_excluded: Added gnutls_x509_name_constraints_check: Added gnutls_x509_name_constraints_check_crt: Added gnutls_x509_crl_get_extension_data2: Added gnutls_x509_crt_get_extension_data2: Added gnutls_x509_crq_get_extension_data2: Added gnutls_subject_alt_names_init: Added gnutls_subject_alt_names_deinit: Added gnutls_subject_alt_names_get: Added gnutls_subject_alt_names_set: Added gnutls_x509_ext_import_subject_alt_names: Added gnutls_x509_ext_export_subject_alt_names: Added gnutls_x509_crl_dist_points_init: Added gnutls_x509_crl_dist_points_deinit: Added gnutls_x509_crl_dist_points_get: Added gnutls_x509_crl_dist_points_set: Added gnutls_x509_ext_import_crl_dist_points: Added gnutls_x509_ext_export_crl_dist_points: Added gnutls_x509_ext_import_name_constraints: Added gnutls_x509_ext_export_name_constraints: Added gnutls_x509_aia_init: Added gnutls_x509_aia_deinit: Added gnutls_x509_aia_get: Added gnutls_x509_aia_set: Added gnutls_x509_ext_import_aia: Added gnutls_x509_ext_export_aia: Added gnutls_x509_ext_import_subject_key_id: Added gnutls_x509_ext_export_subject_key_id: Added gnutls_x509_ext_export_authority_key_id: Added gnutls_x509_ext_import_authority_key_id: Added gnutls_x509_aki_init: Added gnutls_x509_aki_get_id: Added gnutls_x509_aki_get_cert_issuer: Added gnutls_x509_aki_set_id: Added gnutls_x509_aki_set_cert_issuer: Added gnutls_x509_aki_deinit: Added gnutls_x509_ext_import_private_key_usage_period: Added gnutls_x509_ext_export_private_key_usage_period: Added gnutls_x509_ext_import_basic_constraints: Added gnutls_x509_ext_export_basic_constraints: Added gnutls_x509_ext_import_key_usage: Added gnutls_x509_ext_export_key_usage: Added gnutls_x509_ext_import_proxy: Added gnutls_x509_ext_export_proxy: Added gnutls_x509_policies_init: Added gnutls_x509_policies_deinit: Added gnutls_x509_policies_get: Added gnutls_x509_policies_set: Added gnutls_x509_ext_import_policies: Added gnutls_x509_ext_export_policies: Added gnutls_x509_key_purpose_init: Added gnutls_x509_key_purpose_deinit: Added gnutls_x509_key_purpose_set: Added gnutls_x509_key_purpose_get: Added gnutls_x509_ext_import_key_purposes: Added gnutls_x509_ext_export_key_purposes: Added gnutls_digest_self_test: Added (conditionally) gnutls_mac_self_test: Added (conditionally) gnutls_pk_self_test: Added (conditionally) gnutls_cipher_self_test: Added (conditionally) gnutls_global_set_mem_functions: Deprecated
Revision 1.28 / (download) - annotate - [select for diffs], Mon Jul 2 18:53:02 2012 UTC (11 years, 8 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored) to selected 1.25 (colored)
update to 3.0,20 This switches to the new stable release branch.
Revision 1.27 / (download) - annotate - [select for diffs], Mon Jul 11 16:10:29 2011 UTC (12 years, 8 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.26: +1 -2
lines
Diff to previous 1.26 (colored) to selected 1.25 (colored)
update to 2.12.7 changes: -bugfixes -minor feature additions pkgsrc change: since the pkg was changed to build against "nettle" instead of libgcrypt (whether this was a good idea or not...), the latter isn't needed anymore, so remove the stale dependency This can cause build breakage -- in this case addition of a local dependency should restore the old state. (This dependency is technically unnecessary often, but the assumption that gnutls needs libgcrypt is sometimes hardwired in configure scripts and/or code.)
Revision 1.26 / (download) - annotate - [select for diffs], Wed Apr 27 07:19:06 2011 UTC (12 years, 11 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored)
need to buildlink with security/nettle. fixes PR#44909.
Revision 1.25 / (download) - annotate - [selected], Tue Apr 26 10:35:29 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.24: +3 -3
lines
Diff to previous 1.24 (colored)
Changes 2.12.3: * libgnutls: Several minor bugfixes. * libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings. * libgnutls: depend on libdl. * libgnutls: gnutls_transport_set_global_errno() was deprecated. Use your system's errno fascility or gnutls_transport_set_errno(). * gnutls-cli: Correction with usage of select to check for pending data in gnutls sessions. It now uses gnutls_record_check_pending(). * tests: More fixes and updates for win32. Patches by LRN. * libgnutls: Several files unnecessarily included <gcrypt.h>; this has been fixed. ** API and ABI modifications: gnutls_transport_set_global_errno: DEPRECATED Changes 2.12.2: * libgnutls: Several updates and fixes for win32. Patches by LRN. * libgnutls: Several bug and memory leak fixes. * srptool: Accepts the -d option to enable debugging. * libgnutls: Corrected bug in gnutls_srp_verifier() that prevented the allocation of a verifier. Reported by Andrew Wiseman. Changes 2.12.1: * certtool: Generated certificate request with stricter permissions. * libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. * libgnutls: Corrected windows system_errno() function prototype. * libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. * libgnutls: Fix size of gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler.
Revision 1.24 / (download) - annotate - [select for diffs], Fri Apr 22 13:42:00 2011 UTC (12 years, 11 months ago) by obache
Branch: MAIN
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored) to selected 1.25 (colored)
recursive bump from gettext-lib shlib bump.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Sep 1 16:32:17 2010 UTC (13 years, 6 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Changes since 1.22: +1 -2
lines
Diff to previous 1.22 (colored) to selected 1.25 (colored)
update to 2.10.1 many fixes and API extensions, but still binary compatible afaict
Revision 1.22 / (download) - annotate - [select for diffs], Fri Mar 20 19:25:17 2009 UTC (15 years ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.21: +6 -13
lines
Diff to previous 1.21 (colored) to selected 1.25 (colored)
Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Mar 6 14:52:12 2008 UTC (16 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored) to selected 1.25 (colored)
Update to 2.2.2: * Version 2.2.2 (released 2008-02-21) ** Cipher priority string handling now handle strings that starts with NULL. Thanks to Laurence Withers <l@lwithers.me.uk>. ** Corrected memory leaks in session resuming and DHE ciphersuites. Reported by Daniel Stenberg. ** Increased the default certificate verification chain limits and allowed for checks without limitation. ** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. ** API and ABI modifications: No changes since last version. * Version 2.2.1 (released 2008-01-17) ** Prevent linking libextra against previously installed libgnutls. Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see <http://bugs.gentoo.org/show_bug.cgi?id=202269>. ** Fixes the post_client_hello_function(). The extensions are now parsed in a callback friendly way. ** Fix for certificate selection in servers with certificate callbacks. ** API and ABI modifications: No changes since last version. * Version 2.2.0 (released 2007-12-14) Major changes compared to the v2.0 branch: * SRP support aligned with newly published RFC 5054. * OpenPGP support aligned with newly published RFC 5081. * Support for DSA2 keys. * Support for Camellia cipher. * Support for Opaque PRF Input extension. * PKCS#8 parser now handle DSA keys. * Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc. Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier versions, such as 2.01 which is included with GnuTLS, is available under GPLv2 or later. If this incompatibility causes problems, we recommend you to disable LZO using --without-lzo. LZO compression is not a standard TLS compression algorithm, so the impact should be minimal. * Functions for disabling record protocol padding. Works around bugs on Nokia/Ericsson phones. * New functions gnutls_priority_set() for setting cipher priorities easily. Priorities like "COMPAT" also enables other work arounds, such as disabling padding. * Other minor improvements and bug fixes. Minor changes compared to the latest v2.1.8 release candidate: * Update internal copy of libtasn1 to version 1.2. * Certtool --verify-chain now handle inputs larger than 64kb. This fixes the self-test "rsa-md5-collision" under MinGW+Wine with recent versions of libgcrypt. The problem was that Wine with the libgcrypt RNG generates huge amounts of debugging output. * Translation updates. Added Dutch translation. Updated Polish and Swedish translation. Backwards incompatible API/ABI changes in GnuTLS 2.2 ==================================================== To adapt to changes in the TLS extension specifications for OpenPGP and SRP, the GnuTLS API had to be modified. This means breaking the API and ABI backwards compatibility. That is something we try to avoid unless it is necessary. We decided to also remove the already deprecated stub functions for X.509 to XML conversion and TLS authorization (see below) when we had the opportunity. Generally, most applications does not need to be modified. Just re-compile them against the latest GnuTLS release, and it should work fine. Applications that use the OpenPGP or SRP features needs to be modified. Below is a list of the modified APIs and discussion of what the minimal things you need to modify in your application to make it work with GnuTLS 2.2. Note that GnuTLS 2.2 also introduces new APIs -- such as gnutls_set_priority() that is superior to gnutls_set_default_priority() -- that you may want to start using. However, using those new APIs is not required to use GnuTLS 2.2 since the old functions continue are still supported. This text only discuss what you minimally have to modify. XML related changes ------------------- The function `gnutls_x509_crt_to_xml' has been removed. It has been deprecated and only returned an error code since GnuTLS version 1.2.11. Nobody has complained, so users doesn't seem to miss the functionality. We don't know of any other library to convert X.509 certificates into XML format, but we decided (long ago) that GnuTLS isn't the right place for this kind of functionality. If you want help to find some other library to use here, please explain and discuss your use case on help-gnutls <at> gnu.org. TLS Authorization related changes --------------------------------- Everything related to TLS authorizations have been removed, they were only stub functions that returned an error code: GNUTLS_SUPPLEMENTAL_AUTHZ_DATA gnutls_authz_data_format_type_t gnutls_authz_recv_callback_func gnutls_authz_send_callback_func gnutls_authz_enable gnutls_authz_send_x509_attr_cert gnutls_authz_send_saml_assertion gnutls_authz_send_x509_attr_cert_url gnutls_authz_send_saml_assertion_url SRP related changes ------------------- The callback gnutls_srp_client_credentials_function has a new prototype, and its semantic has changed. You need to rewrite the callback, see the updated function documentation and SRP example code (doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more information. The alert codes GNUTLS_A_MISSING_SRP_USERNAME and GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is used. There are #define's to map the old names to the new. You may run into problems if you have a switch-case with cases for both SRP alerts, since they are now mapped to the same value. The solution is to drop the SRP alerts from such switch cases, as they are now deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY. OpenPGP related changes ----------------------- The function `gnutls_certificate_set_openpgp_keyserver' have been removed. There is no replacement functionality inside GnuTLS. If you need keyserver functionality, consider using the GnuPG tools. All functions, types, and error codes related to OpenPGP trustdb format have been removed. The trustdb format is a non-standard GnuPG-specific format, and we recommend you to use key rings instead. The following have been removed: gnutls_certificate_set_openpgp_trustdb gnutls_openpgp_trustdb_init gnutls_openpgp_trustdb_deinit gnutls_openpgp_trustdb_import gnutls_openpgp_key_verify_trustdb gnutls_openpgp_trustdb_t GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED The following functions has an added parameter of the (new) type `gnutls_openpgp_crt_fmt_t'. The type specify the format of the data (binary or base64). The functions are: gnutls_certificate_set_openpgp_key_file gnutls_certificate_set_openpgp_key_mem gnutls_certificate_set_openpgp_keyring_mem gnutls_certificate_set_openpgp_keyring_file To improve terminology and align with the X.509 interface, some functions have been renamed. Compatibility mappings exists. The old and new names of the affected functions and types are: Old name New name gnutls_openpgp_key_t gnutls_openpgp_crt_t gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT gnutls_openpgp_key_init gnutls_openpgp_crt_init gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit gnutls_openpgp_key_import gnutls_openpgp_crt_import gnutls_openpgp_key_export gnutls_openpgp_crt_export gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname gnutls_openpgp_send_key gnutls_openpgp_send_cert * Version 2.0.0 (released 2007-09-04) The following changes have been made since GnuTLS 1.6: * Support for external RSA/DSA signing for TLS client authentication. This allows you to secure the private key better, for example by using privilege-separation techniques between the private key and the network client/server. * Support for signing X.509 certificates using RSA with SHA-256/384/512. * Experimental support for TLS 1.2 (disabled by default). The TLS 1.2 specification is not finalized yet, but we implement a draft version for testing. * Support for X.509 Proxy Certificates (RFC 3820) * Support for Supplemental handshakes messages (RFC 4680). * Support for TLS authorization extension (draft-housley-tls-authz-extns-07). * Support for the X.509 'otherName' Subject Altnerative Names (for XMPP). * Guile bindings for GnuTLS have been added, thanks to Ludovic Courtes. * Improve logic of gnutls_set_default_priority() which can now be more recommended. * New APIs to enumerate supported algorithms in the library. * New APIs to access X.509 Certificate extension sequentially. * New APIs to print X.509 Certificates and CRLs in human readable formats. * New APIs to extract X.509 Distinguished Names from certificates. * New APIs to handle pathLenConstraint in X.509 Basic Constraints. * Certtool can export more than one certificate to PKCS#12. * Several message translation improvements. * Instructions and improvements to easily set up a HTTPS test server. * Included copies updated to Libtasn1 1.1 and OpenCDK 0.6.4. * Build improvements for Windows, Mac OS X, uClinux, etc. * GnuTLS is now developed in GIT. * Improved manual * Many bugfixes and minor improvements.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 31 01:04:26 2008 UTC (16 years, 2 months ago) by reed
Branch: MAIN
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored) to selected 1.25 (colored)
Increase the BUILDLINK_API_DEPENDS.gnutls to at least gnutls>=1.2.6 which is still very old. This fixes problem where building something depending on gnutls when old gnutls is already installed using liblzo won't buildlink because lzo is not installed. This forces a newer gnutls to be installed that uses lzo instead.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Sep 5 21:51:21 2007 UTC (16 years, 6 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored) to selected 1.25 (colored)
update to 2.0.0 While an update to a .0 version is somehow risky, it finishes the unfortunate state that the pkgsrc gnutls didn't work with the pkgsrc opencdk, which I wouldn't like to go into the next stable branch. Release candidates have worked for me, and there is some time left before the Q3 branch, so I'm confident. changes: * Support for external RSA/DSA signing for TLS client authentication -many X.509 enhancements Support for Supplemental handshakes messages (RFC 4680) * Support for TLS authorization extension (draft-housley-tls-authz-extns-07) * Improve logic of gnutls_set_default_priority() * New APIs to enumerate supported algorithms in the library * Certtool can export more than one certificate to PKCS#12 * Several message translation improvements * Improved manual * Many bugfixes and minor improvements
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 6 06:23:59 2007 UTC (16 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored) to selected 1.25 (colored)
Use included opencdk for now, opencdk-0.6.x is not compatible with gnutls-1.6.x (the stable branch). No further PKGREVISION bumps necessary, because opencdk caused recursive PKGREVISION bumps and afterwards gnutls wouldn't build. Addresses PR pkg/36448.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Jun 5 05:36:59 2007 UTC (16 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.16: +2 -2
lines
Diff to previous 1.16 (colored) to selected 1.25 (colored)
opencdk shlib major changed; bump ABI depends and PKGREVISIONs of affected packages.
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jul 8 23:11:06 2006 UTC (17 years, 8 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored) to selected 1.25 (colored)
Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jul 8 22:39:36 2006 UTC (17 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored) to selected 1.25 (colored)
Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Apr 6 06:22:38 2006 UTC (17 years, 11 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Changes since 1.13: +3 -3
lines
Diff to previous 1.13 (colored) to selected 1.25 (colored)
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Revision 1.13 / (download) - annotate - [select for diffs], Mon Mar 6 00:18:10 2006 UTC (18 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored) to selected 1.25 (colored)
Belatedly bump PKGREVISION for all libtasn1 dependencies, since libtasn1 had a shlib major bump. Also update dependencies in bl3.mk files. Addresses PR 32998 by Robert Elz.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:43 2006 UTC (18 years, 1 month ago) by joerg
Branch: MAIN
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored) to selected 1.25 (colored)
Recursive revision bump / recommended bump for gettext ABI change.
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jan 20 21:14:04 2006 UTC (18 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored) to selected 1.25 (colored)
Changes 1.3.3: ** New API to access the TLS master secret. When possible, you should use the TLS PRF functions instead. ** Improved handling when multiple libraries use GnuTLS at the same time. Now gnutls_global_init() can be called multiple times, and gnutls_global_deinit() will only deallocate the structure when it has been called as many times as gnutls_global_init() was called. ** Added a self test of TLS resume functionality. ** Fix crash in TLS resume code, caused by TLS/IA changes. ** Add 'const' keywords in various places, from Frediano ZIGLIO. ** The code was indented again, including the external header files. ** API and ABI modifications: New functions to retrieve the master secret value: gnutls_session_get_master_secret Add a 'const' keyword to existing API: gnutls_x509_crq_get_challenge_password
Revision 1.10 / (download) - annotate - [select for diffs], Sat Dec 31 11:20:11 2005 UTC (18 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored) to selected 1.25 (colored)
Update to 1.3.2 bumped library major version -- bump BUILDLINK_RECOMMENDED.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Sep 5 07:34:05 2005 UTC (18 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.8: +3 -2
lines
Diff to previous 1.8 (colored) to selected 1.25 (colored)
buildlink3.mk matches Makefile now
Revision 1.7.4.1 / (download) - annotate - [select for diffs], Mon May 2 20:14:06 2005 UTC (18 years, 11 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) next main 1.8 (colored) to selected 1.25 (colored)
Pullup ticket 479 - requested by Thomas Klausner security update for gnutls Revisions pulled up: - pkgsrc/security/gnutls/Makefile 1.26, 1.28 - pkgsrc/security/gnutls/PLIST 1.13-1.14 - pkgsrc/security/gnutls/buildlink3.mk 1.8 - pkgsrc/security/gnutls/distinfo 1.15-1.16 - pkgsrc/security/gnutls/patches/patch-aa removed Module Name: pkgsrc Committed By: wiz Date: Fri Apr 8 15:50:41 UTC 2005 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Removed Files: pkgsrc/security/gnutls/patches: patch-aa Log Message: Update to 1.2.1: * Version 1.2.1 (2005-04-04) - gnutls_bye() will no longer fail when RDWR is used and application data are available for reading. - Added more strict checks for the SRP parameters (g,n), when they are not in the included list. - Added warning to certtool when MD5 is being used for digital signatures. - Optimizations ("-O2 -finline-functions") are not enabled by default, instead the standard autoconf defaults are used. Use `./configure CFLAGS="-O2 -finline-functions"' to get the old optimizations. - Added the option --get-dh-params to certtool, in order to get the included in the library primes and generators. - Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to allow only trusted Version 1 CAs and introduced GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. - Nettle self tests now build properly, reported by Pierre - Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. Reported by Yoann Vandoorselaere - Added the functions: gnutls_x509_crt_list_import(), gnutls_x509_crq_get_attribute_by_oid(), gnutls_x509_crq_set_attribute_by_oid() and gnutls_x509_crt_set_extension_by_oid(). - If the library has been compiled with features disabled, a warning is issued during the compilation of any program. --- Module Name: pkgsrc Committed By: wiz Date: Mon May 2 12:59:24 UTC 2005 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Log Message: Update to 1.2.3: * Version 1.2.3 - Corrected bug in record packet parsing that could lead to a denial of service attack. - Corrected bug in RSA key export. Previously exported keys can be fixed using certtool. Use certtool -k <infile >outfile - API and ABI modifications: gnutls_x509_privkey_fix(): Add. * Version 1.2.2 (2005-04-25) - gnutls_error_to_alert() now considers GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. - Fixed error in session resuming that could cause a crash in a session. - Fixed pkcs12 friendly name and local key identifier decoding. - Internal cleanups, removed duplicate typedef/struct definitions, and made source code include external include file, to check function prototypes during compile time. - API and ABI modifications: No changes since last version. At least not intentional, but due to the include header changes, there may be inadvertant changes, please let us know if you find any. --- Module Name: pkgsrc Committed By: salo Date: Mon May 2 19:48:37 UTC 2005 Modified Files: pkgsrc/security/gnutls: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!)
Revision 1.8 / (download) - annotate - [select for diffs], Mon May 2 19:48:37 2005 UTC (18 years, 11 months ago) by salo
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) to selected 1.25 (colored)
Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!)
Revision 1.7 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:08 2004 UTC (19 years, 5 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Branch point for: pkgsrc-2005Q1
Changes since 1.6: +2 -1
lines
Diff to previous 1.6 (colored) to selected 1.25 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.6 / (download) - annotate - [select for diffs], Sat May 22 10:17:47 2004 UTC (19 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored) to selected 1.25 (colored)
Shared library major version change, so buildlink3.mk has to be updated, right?
Revision 1.5 / (download) - annotate - [select for diffs], Thu Mar 18 09:12:14 2004 UTC (20 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.4: +2 -3
lines
Diff to previous 1.4 (colored) to selected 1.25 (colored)
Fix serious bug where BUILDLINK_PACKAGES wasn't being ordered properly by moving the inclusion of buildlink3.mk files outside of the protected region. This bug would be seen by users that have set PREFER_PKGSRC or PREFER_NATIVE to non-default values. BUILDLINK_PACKAGES should be ordered so that for any package in the list, that package doesn't depend on any packages to the left of it in the list. This ordering property is used to check for builtin packages in the correct order. The problem was that including a buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed from BUILDLINK_PACKAGES and appended to the end. However, since the inclusion of any other buildlink3.mk files within that buildlink3.mk was in a region that was protected against multiple inclusion, those dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Mar 16 17:58:01 2004 UTC (20 years ago) by jlam
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored) to selected 1.25 (colored)
BUILDLINK_DEPENDS.<pkg> should be appended to, not set.
Revision 1.3 / (download) - annotate - [select for diffs], Fri Mar 5 19:25:39 2004 UTC (20 years ago) by jlam
Branch: MAIN
Changes since 1.2: +12 -9
lines
Diff to previous 1.2 (colored) to selected 1.25 (colored)
Reorder location and setting of BUILDLINK_PACKAGES to match template buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Mar 1 15:14:45 2004 UTC (20 years, 1 month ago) by jmmv
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored) to selected 1.25 (colored)
Update to 1.0.8. Changes since 1.0.6: Version 1.0.8 (28/02/2004) - Corrected bug in mutual certificate authentication in SSL 3.0. - Several other minor bugfixes. Version 1.0.7 (25/02/2004) - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack). - Some updates in the documentation.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 10 00:21:28 2004 UTC (20 years, 1 month ago) by jlam
Branch: MAIN
Diff to selected 1.25 (colored)
buildlink3.mk file for security/gnutls (used by mail/dovecot).