summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2018-08-16 11:05:47 +0000
committerwiz <wiz@pkgsrc.org>2018-08-16 11:05:47 +0000
commit6e4108a7f3c198ce9f3dfb806e19479111b1293f (patch)
tree72bb45b710c50751d3c7d7d960a3c8b2bbaae9d7 /security
parent7ab22f91c6a6039d892a04103e016890a6954435 (diff)
downloadpkgsrc-6e4108a7f3c198ce9f3dfb806e19479111b1293f.tar.gz
gnutls: update to 3.6.3.
* Version 3.6.3 (released 2018-07-16) ** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version negotiation, post handshake authentication, length hiding, multiple OCSP support, consistent ciphersuite support across protocols, hello retry requests, ability to adjust key shares via gnutls_init() flags, certificate authorities extension, and key usage limits. TLS1.3 draft-28 support can be enabled by default if the option --enable-tls13-support is given to configure script. ** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority strings, then TLS 1.3 negotiation will be disabled if the session is associated only with an anonymous credentials structure. ** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12, and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA 256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357), and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836). ** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default priority strings, as they are undefined under TLS1.3 and they provide not advantage over other options in earlier protocols. ** The SSL 3.0 protocol is disabled on compile-time by default. It can be re-enabled by specifying --enable-ssl3-support on configure script. ** libgnutls: Introduced function to switch the current FIPS140-2 operational mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2 operations. ** libgnutls: Introduced low-level function to assist applications attempting client hello extension parsing, prior to GnuTLS' parsing of the message. ** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no modifications to the certificate. That prevents DER re-encoding issues with incorrectly encoded certificates, or other DER incompatibilities to affect a TLS session. Relates with #403 ** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups which are preferred by the server. That unfortunately has complicated semantics as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering, which could make group order unpredictable if TLS1.3 is negotiated. ** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen and Adi Shamir reported that the existing counter-measures had certain issues and were insufficient when the attacker has additional access to the CPU cache and performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium] ** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. ** libgnutls: gnutls_privkey_import_ext4() was enhanced with the GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. ** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API change for these functions which make them err towards safety. ** libgnutls: improved aarch64 cpu features detection by using getauxval(). ** certtool: It is now possible to specify certificate and serial CRL numbers greater than 2**63-2 as a hex-encoded string both when prompted and in a template file. Default certificate serial numbers are now fully random. Default CRL numbers include more random bits and are larger than in previous GnuTLS versions. Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually if you intend to later downgrade to previous versions as it was not possible to specify large CRL numbers in previous versions of certtool.
Diffstat (limited to 'security')
-rw-r--r--security/gnutls/Makefile6
-rw-r--r--security/gnutls/PLIST41
-rw-r--r--security/gnutls/distinfo11
-rw-r--r--security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c24
4 files changed, 71 insertions, 11 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile
index be335d9ba39..2d7f7faf0af 100644
--- a/security/gnutls/Makefile
+++ b/security/gnutls/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.183 2018/07/06 16:15:28 prlw1 Exp $
+# $NetBSD: Makefile,v 1.184 2018/08/16 11:05:47 wiz Exp $
-DISTNAME= gnutls-3.6.2
+DISTNAME= gnutls-3.6.3
CATEGORIES= security devel
MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/
EXTRACT_SUFX= .tar.xz
@@ -39,9 +39,9 @@ TEST_TARGET= check
INFO_FILES= yes
REPLACE_BASH+= tests/danetool.sh
+REPLACE_BASH+= tests/gnutls-cli-debug.sh
REPLACE_BASH+= tests/ocsp-tests/ocsp-must-staple-connection
REPLACE_BASH+= tests/ocsp-tests/ocsp-tls-connection
-REPLACE_BASH+= tests/key-tests/dsa
REPLACE_BASH+= tests/suite/testcompat-main-polarssl
REPLACE_BASH+= tests/suite/testcompat-main-openssl
REPLACE_BASH+= tests/fastopen.sh
diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST
index f784bbc1cd2..14ea8f29f8a 100644
--- a/security/gnutls/PLIST
+++ b/security/gnutls/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.59 2018/04/17 13:28:53 wiz Exp $
+@comment $NetBSD: PLIST,v 1.60 2018/08/16 11:05:47 wiz Exp $
bin/certtool
bin/gnutls-cli
bin/gnutls-cli-debug
@@ -69,6 +69,7 @@ man/man3/dane_verify_session_crt.3
man/man3/gnutls_aead_cipher_decrypt.3
man/man3/gnutls_aead_cipher_deinit.3
man/man3/gnutls_aead_cipher_encrypt.3
+man/man3/gnutls_aead_cipher_encryptv.3
man/man3/gnutls_aead_cipher_init.3
man/man3/gnutls_alert_get.3
man/man3/gnutls_alert_get_name.3
@@ -103,6 +104,7 @@ man/man3/gnutls_certificate_free_crls.3
man/man3/gnutls_certificate_free_keys.3
man/man3/gnutls_certificate_get_crt_raw.3
man/man3/gnutls_certificate_get_issuer.3
+man/man3/gnutls_certificate_get_ocsp_expiration.3
man/man3/gnutls_certificate_get_ours.3
man/man3/gnutls_certificate_get_peers.3
man/man3/gnutls_certificate_get_peers_subkey_id.3
@@ -117,12 +119,15 @@ man/man3/gnutls_certificate_set_flags.3
man/man3/gnutls_certificate_set_key.3
man/man3/gnutls_certificate_set_known_dh_params.3
man/man3/gnutls_certificate_set_ocsp_status_request_file.3
+man/man3/gnutls_certificate_set_ocsp_status_request_file2.3
man/man3/gnutls_certificate_set_ocsp_status_request_function.3
man/man3/gnutls_certificate_set_ocsp_status_request_function2.3
+man/man3/gnutls_certificate_set_ocsp_status_request_mem.3
man/man3/gnutls_certificate_set_params_function.3
man/man3/gnutls_certificate_set_pin_function.3
man/man3/gnutls_certificate_set_retrieve_function.3
man/man3/gnutls_certificate_set_retrieve_function2.3
+man/man3/gnutls_certificate_set_retrieve_function3.3
man/man3/gnutls_certificate_set_trust_list.3
man/man3/gnutls_certificate_set_verify_flags.3
man/man3/gnutls_certificate_set_verify_function.3
@@ -192,6 +197,7 @@ man/man3/gnutls_db_set_remove_function.3
man/man3/gnutls_db_set_retrieve_function.3
man/man3/gnutls_db_set_store_function.3
man/man3/gnutls_decode_ber_digest_info.3
+man/man3/gnutls_decode_gost_rs_value.3
man/man3/gnutls_decode_rs_value.3
man/man3/gnutls_deinit.3
man/man3/gnutls_dh_get_group.3
@@ -232,16 +238,20 @@ man/man3/gnutls_ecc_curve_get_pk.3
man/man3/gnutls_ecc_curve_get_size.3
man/man3/gnutls_ecc_curve_list.3
man/man3/gnutls_encode_ber_digest_info.3
+man/man3/gnutls_encode_gost_rs_value.3
man/man3/gnutls_encode_rs_value.3
man/man3/gnutls_error_is_fatal.3
man/man3/gnutls_error_to_alert.3
man/man3/gnutls_est_record_overhead_size.3
+man/man3/gnutls_ext_get_current_msg.3
man/man3/gnutls_ext_get_data.3
man/man3/gnutls_ext_get_name.3
+man/man3/gnutls_ext_raw_parse.3
man/man3/gnutls_ext_register.3
man/man3/gnutls_ext_set_data.3
man/man3/gnutls_fingerprint.3
man/man3/gnutls_fips140_mode_enabled.3
+man/man3/gnutls_fips140_set_mode.3
man/man3/gnutls_global_deinit.3
man/man3/gnutls_global_init.3
man/man3/gnutls_global_set_audit_log_function.3
@@ -250,6 +260,8 @@ man/man3/gnutls_global_set_log_level.3
man/man3/gnutls_global_set_mem_functions.3
man/man3/gnutls_global_set_mutex.3
man/man3/gnutls_global_set_time_function.3
+man/man3/gnutls_gost_paramset_get_name.3
+man/man3/gnutls_gost_paramset_get_oid.3
man/man3/gnutls_group_get.3
man/man3/gnutls_group_get_id.3
man/man3/gnutls_group_get_name.3
@@ -322,6 +334,7 @@ man/man3/gnutls_ocsp_req_set_nonce.3
man/man3/gnutls_ocsp_resp_check_crt.3
man/man3/gnutls_ocsp_resp_deinit.3
man/man3/gnutls_ocsp_resp_export.3
+man/man3/gnutls_ocsp_resp_export2.3
man/man3/gnutls_ocsp_resp_get_certs.3
man/man3/gnutls_ocsp_resp_get_extension.3
man/man3/gnutls_ocsp_resp_get_nonce.3
@@ -336,15 +349,19 @@ man/man3/gnutls_ocsp_resp_get_single.3
man/man3/gnutls_ocsp_resp_get_status.3
man/man3/gnutls_ocsp_resp_get_version.3
man/man3/gnutls_ocsp_resp_import.3
+man/man3/gnutls_ocsp_resp_import2.3
man/man3/gnutls_ocsp_resp_init.3
+man/man3/gnutls_ocsp_resp_list_import2.3
man/man3/gnutls_ocsp_resp_print.3
man/man3/gnutls_ocsp_resp_verify.3
man/man3/gnutls_ocsp_resp_verify_direct.3
man/man3/gnutls_ocsp_status_request_enable_client.3
man/man3/gnutls_ocsp_status_request_get.3
+man/man3/gnutls_ocsp_status_request_get2.3
man/man3/gnutls_ocsp_status_request_is_checked.3
man/man3/gnutls_oid_to_digest.3
man/man3/gnutls_oid_to_ecc_curve.3
+man/man3/gnutls_oid_to_gost_paramset.3
man/man3/gnutls_oid_to_mac.3
man/man3/gnutls_oid_to_pk.3
man/man3/gnutls_oid_to_sign.3
@@ -360,6 +377,7 @@ man/man3/gnutls_pcert_import_openpgp_raw.3
man/man3/gnutls_pcert_import_x509.3
man/man3/gnutls_pcert_import_x509_list.3
man/man3/gnutls_pcert_import_x509_raw.3
+man/man3/gnutls_pcert_list_import_x509_file.3
man/man3/gnutls_pcert_list_import_x509_raw.3
man/man3/gnutls_pem_base64_decode.3
man/man3/gnutls_pem_base64_decode2.3
@@ -398,6 +416,7 @@ man/man3/gnutls_pkcs11_obj_flags_get_str.3
man/man3/gnutls_pkcs11_obj_get_exts.3
man/man3/gnutls_pkcs11_obj_get_flags.3
man/man3/gnutls_pkcs11_obj_get_info.3
+man/man3/gnutls_pkcs11_obj_get_ptr.3
man/man3/gnutls_pkcs11_obj_get_type.3
man/man3/gnutls_pkcs11_obj_import_url.3
man/man3/gnutls_pkcs11_obj_init.3
@@ -425,6 +444,7 @@ man/man3/gnutls_pkcs11_token_check_mechanism.3
man/man3/gnutls_pkcs11_token_get_flags.3
man/man3/gnutls_pkcs11_token_get_info.3
man/man3/gnutls_pkcs11_token_get_mechanism.3
+man/man3/gnutls_pkcs11_token_get_ptr.3
man/man3/gnutls_pkcs11_token_get_random.3
man/man3/gnutls_pkcs11_token_get_url.3
man/man3/gnutls_pkcs11_token_init.3
@@ -501,6 +521,7 @@ man/man3/gnutls_priority_ecc_curve_list.3
man/man3/gnutls_priority_get_cipher_suite_index.3
man/man3/gnutls_priority_group_list.3
man/man3/gnutls_priority_init.3
+man/man3/gnutls_priority_init2.3
man/man3/gnutls_priority_kx_list.3
man/man3/gnutls_priority_mac_list.3
man/man3/gnutls_priority_protocol_list.3
@@ -514,6 +535,7 @@ man/man3/gnutls_privkey_export_dsa_raw.3
man/man3/gnutls_privkey_export_dsa_raw2.3
man/man3/gnutls_privkey_export_ecc_raw.3
man/man3/gnutls_privkey_export_ecc_raw2.3
+man/man3/gnutls_privkey_export_gost_raw2.3
man/man3/gnutls_privkey_export_openpgp.3
man/man3/gnutls_privkey_export_pkcs11.3
man/man3/gnutls_privkey_export_rsa_raw.3
@@ -531,6 +553,7 @@ man/man3/gnutls_privkey_import_ext.3
man/man3/gnutls_privkey_import_ext2.3
man/man3/gnutls_privkey_import_ext3.3
man/man3/gnutls_privkey_import_ext4.3
+man/man3/gnutls_privkey_import_gost_raw.3
man/man3/gnutls_privkey_import_openpgp.3
man/man3/gnutls_privkey_import_openpgp_raw.3
man/man3/gnutls_privkey_import_pkcs11.3
@@ -580,6 +603,7 @@ man/man3/gnutls_pubkey_export_dsa_raw2.3
man/man3/gnutls_pubkey_export_ecc_raw.3
man/man3/gnutls_pubkey_export_ecc_raw2.3
man/man3/gnutls_pubkey_export_ecc_x962.3
+man/man3/gnutls_pubkey_export_gost_raw2.3
man/man3/gnutls_pubkey_export_rsa_raw.3
man/man3/gnutls_pubkey_export_rsa_raw2.3
man/man3/gnutls_pubkey_get_key_id.3
@@ -592,6 +616,7 @@ man/man3/gnutls_pubkey_import.3
man/man3/gnutls_pubkey_import_dsa_raw.3
man/man3/gnutls_pubkey_import_ecc_raw.3
man/man3/gnutls_pubkey_import_ecc_x962.3
+man/man3/gnutls_pubkey_import_gost_raw.3
man/man3/gnutls_pubkey_import_openpgp.3
man/man3/gnutls_pubkey_import_openpgp_raw.3
man/man3/gnutls_pubkey_import_pkcs11.3
@@ -613,6 +638,7 @@ man/man3/gnutls_pubkey_verify_hash2.3
man/man3/gnutls_pubkey_verify_params.3
man/man3/gnutls_random_art.3
man/man3/gnutls_range_split.3
+man/man3/gnutls_reauth.3
man/man3/gnutls_record_can_use_length_hiding.3
man/man3/gnutls_record_check_corked.3
man/man3/gnutls_record_check_pending.3
@@ -628,6 +654,7 @@ man/man3/gnutls_record_recv.3
man/man3/gnutls_record_recv_packet.3
man/man3/gnutls_record_recv_seq.3
man/man3/gnutls_record_send.3
+man/man3/gnutls_record_send2.3
man/man3/gnutls_record_send_range.3
man/man3/gnutls_record_set_max_size.3
man/man3/gnutls_record_set_state.3
@@ -660,6 +687,7 @@ man/man3/gnutls_session_get_ptr.3
man/man3/gnutls_session_get_random.3
man/man3/gnutls_session_get_verify_cert_status.3
man/man3/gnutls_session_is_resumed.3
+man/man3/gnutls_session_key_update.3
man/man3/gnutls_session_resumption_requested.3
man/man3/gnutls_session_set_data.3
man/man3/gnutls_session_set_id.3
@@ -672,7 +700,9 @@ man/man3/gnutls_session_supplemental_register.3
man/man3/gnutls_session_ticket_enable_client.3
man/man3/gnutls_session_ticket_enable_server.3
man/man3/gnutls_session_ticket_key_generate.3
+man/man3/gnutls_session_ticket_send.3
man/man3/gnutls_set_default_priority.3
+man/man3/gnutls_set_default_priority_append.3
man/man3/gnutls_sign_algorithm_get.3
man/man3/gnutls_sign_algorithm_get_client.3
man/man3/gnutls_sign_algorithm_get_requested.3
@@ -919,6 +949,7 @@ man/man3/gnutls_x509_crt_get_name_constraints.3
man/man3/gnutls_x509_crt_get_pk_algorithm.3
man/man3/gnutls_x509_crt_get_pk_dsa_raw.3
man/man3/gnutls_x509_crt_get_pk_ecc_raw.3
+man/man3/gnutls_x509_crt_get_pk_gost_raw.3
man/man3/gnutls_x509_crt_get_pk_oid.3
man/man3/gnutls_x509_crt_get_pk_rsa_raw.3
man/man3/gnutls_x509_crt_get_policy.3
@@ -947,6 +978,7 @@ man/man3/gnutls_x509_crt_init.3
man/man3/gnutls_x509_crt_list_import.3
man/man3/gnutls_x509_crt_list_import2.3
man/man3/gnutls_x509_crt_list_import_pkcs11.3
+man/man3/gnutls_x509_crt_list_import_url.3
man/man3/gnutls_x509_crt_list_verify.3
man/man3/gnutls_x509_crt_print.3
man/man3/gnutls_x509_crt_privkey_sign.3
@@ -1060,6 +1092,7 @@ man/man3/gnutls_x509_privkey_export2.3
man/man3/gnutls_x509_privkey_export2_pkcs8.3
man/man3/gnutls_x509_privkey_export_dsa_raw.3
man/man3/gnutls_x509_privkey_export_ecc_raw.3
+man/man3/gnutls_x509_privkey_export_gost_raw.3
man/man3/gnutls_x509_privkey_export_pkcs8.3
man/man3/gnutls_x509_privkey_export_rsa_raw.3
man/man3/gnutls_x509_privkey_export_rsa_raw2.3
@@ -1075,6 +1108,7 @@ man/man3/gnutls_x509_privkey_import.3
man/man3/gnutls_x509_privkey_import2.3
man/man3/gnutls_x509_privkey_import_dsa_raw.3
man/man3/gnutls_x509_privkey_import_ecc_raw.3
+man/man3/gnutls_x509_privkey_import_gost_raw.3
man/man3/gnutls_x509_privkey_import_openssl.3
man/man3/gnutls_x509_privkey_import_pkcs8.3
man/man3/gnutls_x509_privkey_import_rsa_raw.3
@@ -1159,15 +1193,16 @@ share/examples/gnutls/udp.c
share/examples/gnutls/verify.c
share/locale/cs/LC_MESSAGES/gnutls.mo
share/locale/de/LC_MESSAGES/gnutls.mo
-share/locale/en@boldquot/LC_MESSAGES/gnutls.mo
-share/locale/en@quot/LC_MESSAGES/gnutls.mo
share/locale/eo/LC_MESSAGES/gnutls.mo
+share/locale/es/LC_MESSAGES/gnutls.mo
share/locale/fi/LC_MESSAGES/gnutls.mo
share/locale/fr/LC_MESSAGES/gnutls.mo
share/locale/it/LC_MESSAGES/gnutls.mo
share/locale/ms/LC_MESSAGES/gnutls.mo
share/locale/nl/LC_MESSAGES/gnutls.mo
share/locale/pl/LC_MESSAGES/gnutls.mo
+share/locale/pt_BR/LC_MESSAGES/gnutls.mo
+share/locale/sr/LC_MESSAGES/gnutls.mo
share/locale/sv/LC_MESSAGES/gnutls.mo
share/locale/uk/LC_MESSAGES/gnutls.mo
share/locale/vi/LC_MESSAGES/gnutls.mo
diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo
index 25da7045469..1d135052874 100644
--- a/security/gnutls/distinfo
+++ b/security/gnutls/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.129 2018/07/06 16:15:28 prlw1 Exp $
+$NetBSD: distinfo,v 1.130 2018/08/16 11:05:47 wiz Exp $
-SHA1 (gnutls-3.6.2.tar.xz) = 24e5a416ce320945a2515619f3c2f0f6f2290ddc
-RMD160 (gnutls-3.6.2.tar.xz) = 8f08c2f8e4957338b5efcb40d3584870a53741e1
-SHA512 (gnutls-3.6.2.tar.xz) = 6a574d355226bdff6198ab3f70633ff2a3cff4b5d06793bdaf19d007063bd4dd515d1bd3f331a9eb1a9ad01f83007801cfa55e5fd16c1cd3461ac33d1813fb06
-Size (gnutls-3.6.2.tar.xz) = 8093304 bytes
+SHA1 (gnutls-3.6.3.tar.xz) = ac96787a7fbd550a2b201e64c0e752821e90fed7
+RMD160 (gnutls-3.6.3.tar.xz) = 108848d1b51e0d81ac1b2fdce596222d486fc737
+SHA512 (gnutls-3.6.3.tar.xz) = 6238502464d229a9777e3076f4c745d16deaada83c9da756ecdcd370947576e0446bda3a7f85d5a099b745bbf8c0134ebdf6632e4b26d61daf170792fb4f5abe
+Size (gnutls-3.6.3.tar.xz) = 8010284 bytes
+SHA1 (patch-doc_examples_tlsproxy_tlsproxy.c) = 42f2cfbf77cb6169d733a1f56c6f141f66e055cd
SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c
SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4
diff --git a/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c b/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c
new file mode 100644
index 00000000000..7e40af45ab9
--- /dev/null
+++ b/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-doc_examples_tlsproxy_tlsproxy.c,v 1.1 2018/08/16 11:05:47 wiz Exp $
+
+Improve portability outside Linux.
+
+--- doc/examples/tlsproxy/tlsproxy.c.orig 2018-07-02 18:00:33.000000000 +0000
++++ doc/examples/tlsproxy/tlsproxy.c
+@@ -67,7 +67,7 @@ bindtoaddress (char *addrport)
+ hints.ai_socktype = SOCK_STREAM; /* Stream socket */
+ hints.ai_protocol = 0; /* any protocol */
+
+- char *addr = strdupa (addrport);
++ char *addr = strdup (addrport);
+ char *colon = strrchr (addr, ':');
+ char *port = defaultport;
+ if (colon)
+@@ -134,7 +134,7 @@ connecttoaddress (char *addrport)
+ hints.ai_socktype = SOCK_STREAM; /* Stream socket */
+ hints.ai_protocol = 0; /* any protocol */
+
+- char *addr = strdupa (addrport);
++ char *addr = strdup (addrport);
+ char *colon = strrchr (addr, ':');
+ char *port = defaultport;
+ if (colon)