diff options
author | obache <obache> | 2013-09-11 13:17:25 +0000 |
---|---|---|
committer | obache <obache> | 2013-09-11 13:17:25 +0000 |
commit | b11993fc9d9127352bf9609d6884b34d645b463b (patch) | |
tree | f17b07b977cc43417906bcdd4c50678fd52aaa81 /security/polarssl | |
parent | 7189fd3095085f69c6c0d21cb8537867806fff14 (diff) | |
download | pkgsrc-b11993fc9d9127352bf9609d6884b34d645b463b.tar.gz |
Update PolarSSL to 1.2.8
= Version 1.2.8 released 2013-06-19
Features
* Parsing of PKCS#8 encrypted private key files
* PKCS#12 PBE and derivation functions
* Centralized module option values in config.h to allow user-defined
settings without editing header files by using POLARSSL_CONFIG_OPTIONS
Changes
* HAVEGE random generator disabled by default
* Internally split up x509parse_key() into a (PEM) handler function
and specific DER parser functions for the PKCS#1 and unencrypted
PKCS#8 private key formats
* Added mechanism to provide alternative implementations for all
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
config.h)
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module
Bugfix
* Secure renegotiation extension should only be sent in case client
supports secure renegotiation
* Fixed offset for cert_type list in ssl_parse_certificate_request()
* Fixed const correctness issues that have no impact on the ABI
* x509parse_crt() now better handles PEM error situations
* ssl_parse_certificate() now calls x509parse_crt_der() directly
instead of the x509parse_crt() wrapper that can also parse PEM
certificates
* x509parse_crtpath() is now reentrant and uses more portable stat()
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
* Fixed values for 2-key Triple DES in cipher layer
* ssl_write_certificate_request() can handle empty ca_chain
Security
* A possible DoS during the SSL Handshake, due to faulty parsing of
PEM-encoded certificates has been fixed (found by Jack Lloyd)
= Version 1.2.7 released 2013-04-13
Features
* Ability to specify allowed ciphersuites based on the protocol version.
Changes
* Default Blowfish keysize is now 128-bits
* Test suites made smaller to accommodate Raspberry Pi
Bugfix
* Fix for MPI assembly for ARM
* GCM adapted to support sizes > 2^29
= Version 1.2.6 released 2013-03-11
Bugfix
* Fixed memory leak in ssl_free() and ssl_reset() for active session
* Corrected GCM counter incrementation to use only 32-bits instead of
128-bits (found by Yawning Angel)
* Fixes for 64-bit compilation with MS Visual Studio
* Fixed net_bind() for specified IP addresses on little endian systems
* Fixed assembly code for ARM (Thumb and regular) for some compilers
Changes
* Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(),
rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and
PKCS#1 v2.1 functions
* Added support for custom labels when using rsa_rsaes_oaep_encrypt()
or rsa_rsaes_oaep_decrypt()
* Re-added handling for SSLv2 Client Hello when the define
POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set
* The SSL session cache module (ssl_cache) now also retains peer_cert
information (not the entire chain)
Security
* Removed further timing differences during SSL message decryption in
ssl_decrypt_buf()
* Removed timing differences due to bad padding from
rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5
operations
= Version 1.2.5 released 2013-02-02
Changes
* Allow enabling of dummy error_strerror() to support some use-cases
* Debug messages about padding errors during SSL message decryption are
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
* Sending of security-relevant alert messages that do not break
interoperability can be switched on/off with the flag
POLARSSL_SSL_ALL_ALERT_MESSAGES
Security
* Removed timing differences during SSL message decryption in
ssl_decrypt_buf() due to badly formatted padding
= Version 1.2.4 released 2013-01-25
Changes
* Added ssl_handshake_step() to allow single stepping the handshake process
Bugfix
* Memory leak when using RSA_PKCS_V21 operations fixed
* Handle future version properly in ssl_write_certificate_request()
* Correctly handle CertificateRequest message in client for <= TLS 1.1
without DN list
= Version 1.2.3 released 2012-11-26
Bugfix
* Server not always sending correct CertificateRequest message
= Version 1.2.2 released 2012-11-24
Changes
* Added p_hw_data to ssl_context for context specific hardware acceleration
data
* During verify trust-CA is only checked for expiration and CRL presence
Bugfixes
* Fixed client authentication compatibility
* Fixed dependency on POLARSSL_SHA4_C in SSL modules
= Version 1.2.1 released 2012-11-20
Changes
* Depth that the certificate verify callback receives is now numbered
bottom-up (Peer cert depth is 0)
Bugfixes
* Fixes for MSVC6
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
Pégourié-Gonnard)
* Fixed possible segfault in mpi_shift_r() (found by Manuel
Pégourié-Gonnard)
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
Diffstat (limited to 'security/polarssl')
-rw-r--r-- | security/polarssl/Makefile | 6 | ||||
-rw-r--r-- | security/polarssl/PLIST | 4 | ||||
-rw-r--r-- | security/polarssl/distinfo | 10 | ||||
-rw-r--r-- | security/polarssl/patches/patch-Makefile | 38 |
4 files changed, 36 insertions, 22 deletions
diff --git a/security/polarssl/Makefile b/security/polarssl/Makefile index 11f76250426..76d6cdfba43 100644 --- a/security/polarssl/Makefile +++ b/security/polarssl/Makefile @@ -1,13 +1,11 @@ -# $NetBSD: Makefile,v 1.2 2013/05/31 12:41:57 wiz Exp $ +# $NetBSD: Makefile,v 1.3 2013/09/11 13:17:25 obache Exp $ # -DISTNAME= polarssl-1.2.0-gpl +DISTNAME= polarssl-1.2.8-gpl PKGNAME= ${DISTNAME:-gpl=} -PKGREVISION= 1 CATEGORIES= security devel MASTER_SITES= http://polarssl.org/code/releases/ EXTRACT_SUFX= .tgz -FETCH_USING= curl MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://polarssl.org/ diff --git a/security/polarssl/PLIST b/security/polarssl/PLIST index 5867000d2ff..90c2903723d 100644 --- a/security/polarssl/PLIST +++ b/security/polarssl/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2012/12/11 23:29:27 gdt Exp $ +@comment $NetBSD: PLIST,v 1.2 2013/09/11 13:17:25 obache Exp $ include/polarssl/aes.h include/polarssl/arc4.h include/polarssl/asn1.h @@ -32,6 +32,8 @@ include/polarssl/padlock.h include/polarssl/pbkdf2.h include/polarssl/pem.h include/polarssl/pkcs11.h +include/polarssl/pkcs12.h +include/polarssl/pkcs5.h include/polarssl/rsa.h include/polarssl/sha1.h include/polarssl/sha2.h diff --git a/security/polarssl/distinfo b/security/polarssl/distinfo index 6d5dc4b82e4..c5c8f52c1c0 100644 --- a/security/polarssl/distinfo +++ b/security/polarssl/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.1 2012/12/11 23:29:27 gdt Exp $ +$NetBSD: distinfo,v 1.2 2013/09/11 13:17:25 obache Exp $ -SHA1 (polarssl-1.2.0-gpl.tgz) = e7a9d3897c656feafdd48eb1a9836ee81a58a741 -RMD160 (polarssl-1.2.0-gpl.tgz) = 74137580162a7293b61205c3dcaf4b802815b8f7 -Size (polarssl-1.2.0-gpl.tgz) = 973427 bytes -SHA1 (patch-Makefile) = c0d015a0b35d8a0394503d4e66897c14e76cfd0b +SHA1 (polarssl-1.2.8-gpl.tgz) = a3e69d4e9302529c5006dcb7d8ecab9c99488036 +RMD160 (polarssl-1.2.8-gpl.tgz) = e86bda2371c258a8b26703199128df64c7d2e3c9 +Size (polarssl-1.2.8-gpl.tgz) = 998609 bytes +SHA1 (patch-Makefile) = d35397c1df60e384c2a0826844ac8765fd1fef1a diff --git a/security/polarssl/patches/patch-Makefile b/security/polarssl/patches/patch-Makefile index 1ff853ef8d3..ef7a3031547 100644 --- a/security/polarssl/patches/patch-Makefile +++ b/security/polarssl/patches/patch-Makefile @@ -1,10 +1,11 @@ -$NetBSD: patch-Makefile,v 1.1 2012/12/11 23:29:28 gdt Exp $ +$NetBSD: patch-Makefile,v 1.2 2013/09/11 13:17:26 obache Exp $ Fix DESTDIR for pkgsrc, and suppress building test programs. ---- Makefile.orig 2012-04-05 07:07:50.000000000 -0500 -+++ Makefile 2012-11-14 23:27:47.000000000 -0600 -@@ -1,37 +1,24 @@ -- + +--- Makefile.orig 2013-06-21 13:11:10.000000000 +0000 ++++ Makefile +@@ -1,48 +1,28 @@ + -DESTDIR=/usr/local -PREFIX=polarssl_ +APPNAME_PRE=polarssl_ @@ -26,14 +27,12 @@ Fix DESTDIR for pkgsrc, and suppress building test programs. install: - mkdir -p $(DESTDIR)/include/polarssl - cp -r include/polarssl $(DESTDIR)/include -+ mkdir -p ${DESTDIR}${PREFIX}/include/polarssl -+ cp -r include/polarssl ${DESTDIR}${PREFIX}/include ++ mkdir -p $(DESTDIR)${PREFIX}/include/polarssl ++ cp -r include/polarssl $(DESTDIR)${PREFIX}/include - mkdir -p $(DESTDIR)/lib - cp library/libpolarssl.* $(DESTDIR)/lib -+ mkdir -p ${DESTDIR}${PREFIX}/lib -+ cp library/libpolarssl.* ${DESTDIR}${PREFIX}/lib - +- - mkdir -p $(DESTDIR)/bin - for p in programs/*/* ; do \ - if [ -x $$p ] && [ ! -d $$p ] ; \ @@ -42,7 +41,22 @@ Fix DESTDIR for pkgsrc, and suppress building test programs. - cp $$p $(DESTDIR)/bin/$$f ; \ - fi \ - done -- ++ mkdir -p $(DESTDIR)${PREFIX}/lib ++ cp library/libpolarssl.* $(DESTDIR)${PREFIX}/lib + + uninstall: +- rm -rf $(DESTDIR)/include/polarssl +- rm -f $(DESTDIR)/lib/libpolarssl.* +- +- for p in programs/*/* ; do \ +- if [ -x $$p ] && [ ! -d $$p ] ; \ +- then \ +- f=$(PREFIX)`basename $$p` ; \ +- rm -f $(DESTDIR)/bin/$$f ; \ +- fi \ +- done ++ rm -rf $(DESTDIR)${PREFIX}/include/polarssl ++ rm -f $(DESTDIR)${PREFIX}/lib/libpolarssl.* + clean: cd library && $(MAKE) clean && cd .. - cd programs && $(MAKE) clean && cd .. |