diff options
| author | wiz <wiz@pkgsrc.org> | 2013-11-29 22:55:29 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2013-11-29 22:55:29 +0000 |
| commit | 0ef59c404c011aa8fdb3d7911467be4129365446 (patch) | |
| tree | b0a406ef7f6e09abd1c8f15b45415a094cee7a6c /security | |
| parent | 9ca550c0c32a892d425243b304daa73f5436fd9e (diff) | |
| download | pkgsrc-0ef59c404c011aa8fdb3d7911467be4129365446.tar.gz | |
Update to 3.2.7:
* Version 3.2.7 (released 2013-11-23)
** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).
** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.
** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.
** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.
** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.
** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.
** libgnutls: Session tickets are encrypted using AES-GCM.
** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.
** libgnutls: Forbid all compression methods in DTLS.
** gnutls-serv: Fixed issue with IPv6 address in UDP mode.
** certtool: When exporting an encrypted PEM private key do not output the key
parameters.
** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.
** certtool: Added new template options: 'activation_date', and
'expiration_date'.
** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.
** tools: The installed version of libopts is used if the autogen tool is
present.
** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
Diffstat (limited to 'security')
| -rw-r--r-- | security/gnutls/Makefile | 4 | ||||
| -rw-r--r-- | security/gnutls/PLIST | 19 | ||||
| -rw-r--r-- | security/gnutls/distinfo | 14 | ||||
| -rw-r--r-- | security/gnutls/patches/patch-configure | 13 | ||||
| -rw-r--r-- | security/gnutls/patches/patch-lib_Makefile.in | 15 | ||||
| -rw-r--r-- | security/gnutls/patches/patch-lib_nettle_egd.c | 69 | ||||
| -rw-r--r-- | security/gnutls/patches/patch-lib_nettle_rnd.c | 26 |
7 files changed, 136 insertions, 24 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index d50da0b540f..652019e8971 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.134 2013/11/04 08:22:54 wiz Exp $ +# $NetBSD: Makefile,v 1.135 2013/11/29 22:55:29 wiz Exp $ -DISTNAME= gnutls-3.2.6 +DISTNAME= gnutls-3.2.7 CATEGORIES= security devel MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/ EXTRACT_SUFX= .tar.xz diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST index 1f22fe68a08..f939f1e3172 100644 --- a/security/gnutls/PLIST +++ b/security/gnutls/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.48 2013/10/31 14:41:48 wiz Exp $ +@comment $NetBSD: PLIST,v 1.49 2013/11/29 22:55:29 wiz Exp $ bin/certtool bin/danetool bin/gnutls-cli @@ -66,6 +66,7 @@ man/man3/gnutls_bye.3 man/man3/gnutls_certificate_activation_time_peers.3 man/man3/gnutls_certificate_allocate_credentials.3 man/man3/gnutls_certificate_client_get_request_status.3 +man/man3/gnutls_certificate_client_set_retrieve_function.3 man/man3/gnutls_certificate_expiration_time_peers.3 man/man3/gnutls_certificate_free_ca_names.3 man/man3/gnutls_certificate_free_cas.3 @@ -79,6 +80,7 @@ man/man3/gnutls_certificate_get_peers.3 man/man3/gnutls_certificate_get_peers_subkey_id.3 man/man3/gnutls_certificate_send_x509_rdn_sequence.3 man/man3/gnutls_certificate_server_set_request.3 +man/man3/gnutls_certificate_server_set_retrieve_function.3 man/man3/gnutls_certificate_set_dh_params.3 man/man3/gnutls_certificate_set_key.3 man/man3/gnutls_certificate_set_ocsp_status_request_file.3 @@ -339,6 +341,7 @@ man/man3/gnutls_openpgp_privkey_get_preferred_key_id.3 man/man3/gnutls_openpgp_privkey_get_revoked_status.3 man/man3/gnutls_openpgp_privkey_get_subkey_count.3 man/man3/gnutls_openpgp_privkey_get_subkey_creation_time.3 +man/man3/gnutls_openpgp_privkey_get_subkey_expiration_time.3 man/man3/gnutls_openpgp_privkey_get_subkey_fingerprint.3 man/man3/gnutls_openpgp_privkey_get_subkey_id.3 man/man3/gnutls_openpgp_privkey_get_subkey_idx.3 @@ -375,10 +378,12 @@ man/man3/gnutls_pkcs11_copy_x509_privkey.3 man/man3/gnutls_pkcs11_deinit.3 man/man3/gnutls_pkcs11_delete_url.3 man/man3/gnutls_pkcs11_get_pin_function.3 +man/man3/gnutls_pkcs11_get_raw_issuer.3 man/man3/gnutls_pkcs11_init.3 man/man3/gnutls_pkcs11_obj_deinit.3 man/man3/gnutls_pkcs11_obj_export.3 man/man3/gnutls_pkcs11_obj_export2.3 +man/man3/gnutls_pkcs11_obj_export3.3 man/man3/gnutls_pkcs11_obj_export_url.3 man/man3/gnutls_pkcs11_obj_get_info.3 man/man3/gnutls_pkcs11_obj_get_type.3 @@ -898,6 +903,18 @@ man/man3/gnutls_x509_trust_list_remove_trust_file.3 man/man3/gnutls_x509_trust_list_remove_trust_mem.3 man/man3/gnutls_x509_trust_list_verify_crt.3 man/man3/gnutls_x509_trust_list_verify_named_crt.3 +man/man3/xssl_client_init.3 +man/man3/xssl_cred_deinit.3 +man/man3/xssl_cred_init.3 +man/man3/xssl_deinit.3 +man/man3/xssl_flush.3 +man/man3/xssl_get_session.3 +man/man3/xssl_getdelim.3 +man/man3/xssl_printf.3 +man/man3/xssl_read.3 +man/man3/xssl_server_init.3 +man/man3/xssl_sinit.3 +man/man3/xssl_write.3 share/examples/gnutls/ex-alert.c share/examples/gnutls/ex-cert-select-pkcs11.c share/examples/gnutls/ex-cert-select.c diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index 24959f87e38..af6e9c7133d 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,11 +1,13 @@ -$NetBSD: distinfo,v 1.99 2013/10/31 14:41:48 wiz Exp $ +$NetBSD: distinfo,v 1.100 2013/11/29 22:55:29 wiz Exp $ -SHA1 (gnutls-3.2.6.tar.xz) = eb5a404d297e8ee2f344bcd9cdeea86fe8977287 -RMD160 (gnutls-3.2.6.tar.xz) = df4105b28241eac7ac18206e24ea3dc9723dc697 -Size (gnutls-3.2.6.tar.xz) = 4992204 bytes +SHA1 (gnutls-3.2.7.tar.xz) = 8c86048e7c01abb25f9285188d629f1f0f2bc6be +RMD160 (gnutls-3.2.7.tar.xz) = 3a3135441555b1c67a06696d973895b68a11c68a +Size (gnutls-3.2.7.tar.xz) = 5098572 bytes SHA1 (patch-ae) = 71fbbeb43ac1689fca6fec7f8348d8534c1dc38a +SHA1 (patch-configure) = 66927d81a0d22624d70181e73e6a2b856483118e SHA1 (patch-gl_stdio.in.h) = b5802da2cccddd6fab73bd39c49f7d62bef58464 -SHA1 (patch-lib_Makefile.in) = 949df8644a1f6085d8ad63984188cee0518a837a -SHA1 (patch-lib_nettle_egd.c) = b7e9769e8c620519c43ca7b7481a558e9d389c68 +SHA1 (patch-lib_Makefile.in) = 00cbff0bfaf8f5b8ec6db8dbe12d14a1cb3ffb9b +SHA1 (patch-lib_nettle_egd.c) = 7c04ce0e731ad55b3baae3d1d53dda29c50972c1 +SHA1 (patch-lib_nettle_rnd.c) = c0b0bd744e2370abd111f5418668bbf4dc0ea35d SHA1 (patch-src_libopts_autoopts_options.h) = 60be5b43f23ba5978759c1e245781da7f9125071 SHA1 (patch-src_libopts_compat_compat.h) = 2e0a1be460917b2d7a8f6bdac698dad405143013 diff --git a/security/gnutls/patches/patch-configure b/security/gnutls/patches/patch-configure new file mode 100644 index 00000000000..c0ebbdd0aee --- /dev/null +++ b/security/gnutls/patches/patch-configure @@ -0,0 +1,13 @@ +$NetBSD: patch-configure,v 1.1 2013/11/29 22:55:29 wiz Exp $ + +--- configure.orig 2013-11-29 17:00:05.000000000 +0000 ++++ configure +@@ -48402,7 +48402,7 @@ $as_echo "#define NO_OPTIONAL_OPT_ARGS 1 + + fi # end of AC_DEFUN of LIBOPTS_CHECK + +-if test "$NEED_LIBOPTS_DIR" == "true";then ++if test "$NEED_LIBOPTS_DIR" = "true";then + for i in ${srcdir}/src/*-args.c.bak ${srcdir}/src/*-args.h.bak; do + nam=`echo $i|sed 's/.bak//g'` + if test -f $i;then diff --git a/security/gnutls/patches/patch-lib_Makefile.in b/security/gnutls/patches/patch-lib_Makefile.in index 76b3e0ed752..36ce244b954 100644 --- a/security/gnutls/patches/patch-lib_Makefile.in +++ b/security/gnutls/patches/patch-lib_Makefile.in @@ -1,8 +1,8 @@ -$NetBSD: patch-lib_Makefile.in,v 1.3 2013/08/01 20:00:59 adam Exp $ +$NetBSD: patch-lib_Makefile.in,v 1.4 2013/11/29 22:55:29 wiz Exp $ ---- lib/Makefile.in.orig 2013-07-29 14:23:14.000000000 +0000 +--- lib/Makefile.in.orig 2013-11-23 10:09:55.000000000 +0000 +++ lib/Makefile.in -@@ -369,7 +369,7 @@ am_libgnutls_la_OBJECTS = $(am__objects_ +@@ -362,7 +362,7 @@ am_libgnutls_la_OBJECTS = $(am__objects_ libgnutls_la_OBJECTS = $(am_libgnutls_la_OBJECTS) libgnutls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -11,3 +11,12 @@ $NetBSD: patch-lib_Makefile.in,v 1.3 2013/08/01 20:00:59 adam Exp $ @ENABLE_CXX_TRUE@libgnutlsxx_la_DEPENDENCIES = libgnutls.la am__libgnutlsxx_la_SOURCES_DIST = gnutlsxx.cpp @ENABLE_CXX_TRUE@am_libgnutlsxx_la_OBJECTS = \ +@@ -1445,7 +1445,7 @@ infodir = @infodir@ + install_sh = @install_sh@ + libdir = @libdir@ + libexecdir = @libexecdir@ +-localedir = $(datadir)/locale ++localedir = /usr/pkg/share/locale + localstatedir = @localstatedir@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ diff --git a/security/gnutls/patches/patch-lib_nettle_egd.c b/security/gnutls/patches/patch-lib_nettle_egd.c index 779c3052ccd..e914de92fdb 100644 --- a/security/gnutls/patches/patch-lib_nettle_egd.c +++ b/security/gnutls/patches/patch-lib_nettle_egd.c @@ -1,17 +1,62 @@ -$NetBSD: patch-lib_nettle_egd.c,v 1.1 2011/05/02 09:27:44 obache Exp $ +$NetBSD: patch-lib_nettle_egd.c,v 1.2 2013/11/29 22:55:29 wiz Exp $ -* for backward compatibility for lack of AF_LOCAL. +http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html ---- lib/nettle/egd.c.orig 2011-04-08 00:30:45.000000000 +0000 +--- lib/nettle/egd.c.orig 2013-11-10 17:59:14.000000000 +0000 +++ lib/nettle/egd.c -@@ -37,6 +37,10 @@ - #define offsetof(type, member) ((size_t) &((type *)0)->member) - #endif +@@ -155,12 +155,10 @@ int _rndegd_connect_socket(void) -+#ifndef AF_LOCAL -+#define AF_LOCAL AF_UNIX -+#endif -+ - static int egd_socket = -1; + fd = socket(LOCAL_SOCKET_TYPE, SOCK_STREAM, 0); + if (fd == -1) { +- _gnutls_debug_log("can't create unix domain socket: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("can't create unix domain socket\n"); + return -1; + } else if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) { +- _gnutls_debug_log("can't connect to EGD socket `%s': %s\n", +- name, strerror(errno)); ++ _gnutls_debug_log("can't connect to EGD socket `%s'\n", name); + close(fd); + fd = -1; + } +@@ -202,13 +200,11 @@ int _rndegd_read(int *fd, void *_output, + buffer[1] = nbytes; - static int + if (do_write(*fd, buffer, 2) == -1) +- _gnutls_debug_log("can't write to the EGD: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("can't write to the EGD\n"); + + n = do_read(*fd, buffer, 1); + if (n == -1) { +- _gnutls_debug_log("read error on EGD: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("read error on EGD\n"); + do_restart = 1; + goto restart; + } +@@ -217,8 +213,7 @@ int _rndegd_read(int *fd, void *_output, + if (n) { + n = do_read(*fd, buffer, n); + if (n == -1) { +- _gnutls_debug_log("read error on EGD: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("read error on EGD\n"); + do_restart = 1; + goto restart; + } +@@ -240,12 +235,10 @@ int _rndegd_read(int *fd, void *_output, + buffer[0] = 2; /* blocking */ + buffer[1] = nbytes; + if (do_write(*fd, buffer, 2) == -1) +- _gnutls_debug_log("can't write to the EGD: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("can't write to the EGD\n"); + n = do_read(*fd, buffer, nbytes); + if (n == -1) { +- _gnutls_debug_log("read error on EGD: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("read error on EGD\n"); + do_restart = 1; + goto restart; + } diff --git a/security/gnutls/patches/patch-lib_nettle_rnd.c b/security/gnutls/patches/patch-lib_nettle_rnd.c new file mode 100644 index 00000000000..237704def7a --- /dev/null +++ b/security/gnutls/patches/patch-lib_nettle_rnd.c @@ -0,0 +1,26 @@ +$NetBSD: patch-lib_nettle_rnd.c,v 1.1 2013/11/29 22:55:29 wiz Exp $ + +http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html + +--- lib/nettle/rnd.c.orig 2013-11-10 17:59:14.000000000 +0000 ++++ lib/nettle/rnd.c +@@ -90,8 +90,7 @@ static int do_trivia_source(int init) + memcpy(&event.now, ¤t_time, sizeof(event.now)); + #ifdef HAVE_GETRUSAGE + if (getrusage(RUSAGE_SELF, &event.rusage) < 0) { +- _gnutls_debug_log("getrusage failed: %s\n", +- strerror(errno)); ++ _gnutls_debug_log("getrusage failed\n"); + abort(); + } + #endif +@@ -244,8 +243,7 @@ static int do_device_source_urandom(int + if (res <= 0) { + if (res < 0) { + _gnutls_debug_log +- ("Failed to read /dev/urandom: %s\n", +- strerror(errno)); ++ ("Failed to read /dev/urandom\n"); + } else { + _gnutls_debug_log + ("Failed to read /dev/urandom: end of file\n"); |