diff options
author | wiz <wiz@pkgsrc.org> | 2018-08-16 11:05:47 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2018-08-16 11:05:47 +0000 |
commit | 6e4108a7f3c198ce9f3dfb806e19479111b1293f (patch) | |
tree | 72bb45b710c50751d3c7d7d960a3c8b2bbaae9d7 /security | |
parent | 7ab22f91c6a6039d892a04103e016890a6954435 (diff) | |
download | pkgsrc-6e4108a7f3c198ce9f3dfb806e19479111b1293f.tar.gz |
gnutls: update to 3.6.3.
* Version 3.6.3 (released 2018-07-16)
** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version
negotiation, post handshake authentication, length hiding, multiple OCSP support,
consistent ciphersuite support across protocols, hello retry requests, ability
to adjust key shares via gnutls_init() flags, certificate authorities extension,
and key usage limits. TLS1.3 draft-28 support can be enabled by default if
the option --enable-tls13-support is given to configure script.
** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or
earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings
TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority
strings, then TLS 1.3 negotiation will be disabled if the session is associated
only with an anonymous credentials structure.
** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836.
This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12,
and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA
256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357),
and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836).
** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers
as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
priority strings, as they are undefined under TLS1.3 and they provide not advantage
over other options in earlier protocols.
** The SSL 3.0 protocol is disabled on compile-time by default. It can be re-enabled
by specifying --enable-ssl3-support on configure script.
** libgnutls: Introduced function to switch the current FIPS140-2 operational
mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2
operations.
** libgnutls: Introduced low-level function to assist applications attempting client
hello extension parsing, prior to GnuTLS' parsing of the message.
** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no
modifications to the certificate. That prevents DER re-encoding issues with incorrectly
encoded certificates, or other DER incompatibilities to affect a TLS session.
Relates with #403
** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups
which are preferred by the server. That unfortunately has complicated semantics
as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering,
which could make group order unpredictable if TLS1.3 is negotiated.
** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
and Adi Shamir reported that the existing counter-measures had certain issues and
were insufficient when the attacker has additional access to the CPU cache and
performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]
** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation
of legacy CBC ciphersuites unless encrypt-then-mac is negotiated.
** libgnutls: gnutls_privkey_import_ext4() was enhanced with the
GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag.
** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2,
gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default
unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
change for these functions which make them err towards safety.
** libgnutls: improved aarch64 cpu features detection by using getauxval().
** certtool: It is now possible to specify certificate and serial CRL numbers greater
than 2**63-2 as a hex-encoded string both when prompted and in a template file.
Default certificate serial numbers are now fully random. Default CRL
numbers include more random bits and are larger than in previous GnuTLS versions.
Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually
if you intend to later downgrade to previous versions as it was not possible
to specify large CRL numbers in previous versions of certtool.
Diffstat (limited to 'security')
-rw-r--r-- | security/gnutls/Makefile | 6 | ||||
-rw-r--r-- | security/gnutls/PLIST | 41 | ||||
-rw-r--r-- | security/gnutls/distinfo | 11 | ||||
-rw-r--r-- | security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c | 24 |
4 files changed, 71 insertions, 11 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index be335d9ba39..2d7f7faf0af 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.183 2018/07/06 16:15:28 prlw1 Exp $ +# $NetBSD: Makefile,v 1.184 2018/08/16 11:05:47 wiz Exp $ -DISTNAME= gnutls-3.6.2 +DISTNAME= gnutls-3.6.3 CATEGORIES= security devel MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/ EXTRACT_SUFX= .tar.xz @@ -39,9 +39,9 @@ TEST_TARGET= check INFO_FILES= yes REPLACE_BASH+= tests/danetool.sh +REPLACE_BASH+= tests/gnutls-cli-debug.sh REPLACE_BASH+= tests/ocsp-tests/ocsp-must-staple-connection REPLACE_BASH+= tests/ocsp-tests/ocsp-tls-connection -REPLACE_BASH+= tests/key-tests/dsa REPLACE_BASH+= tests/suite/testcompat-main-polarssl REPLACE_BASH+= tests/suite/testcompat-main-openssl REPLACE_BASH+= tests/fastopen.sh diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST index f784bbc1cd2..14ea8f29f8a 100644 --- a/security/gnutls/PLIST +++ b/security/gnutls/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.59 2018/04/17 13:28:53 wiz Exp $ +@comment $NetBSD: PLIST,v 1.60 2018/08/16 11:05:47 wiz Exp $ bin/certtool bin/gnutls-cli bin/gnutls-cli-debug @@ -69,6 +69,7 @@ man/man3/dane_verify_session_crt.3 man/man3/gnutls_aead_cipher_decrypt.3 man/man3/gnutls_aead_cipher_deinit.3 man/man3/gnutls_aead_cipher_encrypt.3 +man/man3/gnutls_aead_cipher_encryptv.3 man/man3/gnutls_aead_cipher_init.3 man/man3/gnutls_alert_get.3 man/man3/gnutls_alert_get_name.3 @@ -103,6 +104,7 @@ man/man3/gnutls_certificate_free_crls.3 man/man3/gnutls_certificate_free_keys.3 man/man3/gnutls_certificate_get_crt_raw.3 man/man3/gnutls_certificate_get_issuer.3 +man/man3/gnutls_certificate_get_ocsp_expiration.3 man/man3/gnutls_certificate_get_ours.3 man/man3/gnutls_certificate_get_peers.3 man/man3/gnutls_certificate_get_peers_subkey_id.3 @@ -117,12 +119,15 @@ man/man3/gnutls_certificate_set_flags.3 man/man3/gnutls_certificate_set_key.3 man/man3/gnutls_certificate_set_known_dh_params.3 man/man3/gnutls_certificate_set_ocsp_status_request_file.3 +man/man3/gnutls_certificate_set_ocsp_status_request_file2.3 man/man3/gnutls_certificate_set_ocsp_status_request_function.3 man/man3/gnutls_certificate_set_ocsp_status_request_function2.3 +man/man3/gnutls_certificate_set_ocsp_status_request_mem.3 man/man3/gnutls_certificate_set_params_function.3 man/man3/gnutls_certificate_set_pin_function.3 man/man3/gnutls_certificate_set_retrieve_function.3 man/man3/gnutls_certificate_set_retrieve_function2.3 +man/man3/gnutls_certificate_set_retrieve_function3.3 man/man3/gnutls_certificate_set_trust_list.3 man/man3/gnutls_certificate_set_verify_flags.3 man/man3/gnutls_certificate_set_verify_function.3 @@ -192,6 +197,7 @@ man/man3/gnutls_db_set_remove_function.3 man/man3/gnutls_db_set_retrieve_function.3 man/man3/gnutls_db_set_store_function.3 man/man3/gnutls_decode_ber_digest_info.3 +man/man3/gnutls_decode_gost_rs_value.3 man/man3/gnutls_decode_rs_value.3 man/man3/gnutls_deinit.3 man/man3/gnutls_dh_get_group.3 @@ -232,16 +238,20 @@ man/man3/gnutls_ecc_curve_get_pk.3 man/man3/gnutls_ecc_curve_get_size.3 man/man3/gnutls_ecc_curve_list.3 man/man3/gnutls_encode_ber_digest_info.3 +man/man3/gnutls_encode_gost_rs_value.3 man/man3/gnutls_encode_rs_value.3 man/man3/gnutls_error_is_fatal.3 man/man3/gnutls_error_to_alert.3 man/man3/gnutls_est_record_overhead_size.3 +man/man3/gnutls_ext_get_current_msg.3 man/man3/gnutls_ext_get_data.3 man/man3/gnutls_ext_get_name.3 +man/man3/gnutls_ext_raw_parse.3 man/man3/gnutls_ext_register.3 man/man3/gnutls_ext_set_data.3 man/man3/gnutls_fingerprint.3 man/man3/gnutls_fips140_mode_enabled.3 +man/man3/gnutls_fips140_set_mode.3 man/man3/gnutls_global_deinit.3 man/man3/gnutls_global_init.3 man/man3/gnutls_global_set_audit_log_function.3 @@ -250,6 +260,8 @@ man/man3/gnutls_global_set_log_level.3 man/man3/gnutls_global_set_mem_functions.3 man/man3/gnutls_global_set_mutex.3 man/man3/gnutls_global_set_time_function.3 +man/man3/gnutls_gost_paramset_get_name.3 +man/man3/gnutls_gost_paramset_get_oid.3 man/man3/gnutls_group_get.3 man/man3/gnutls_group_get_id.3 man/man3/gnutls_group_get_name.3 @@ -322,6 +334,7 @@ man/man3/gnutls_ocsp_req_set_nonce.3 man/man3/gnutls_ocsp_resp_check_crt.3 man/man3/gnutls_ocsp_resp_deinit.3 man/man3/gnutls_ocsp_resp_export.3 +man/man3/gnutls_ocsp_resp_export2.3 man/man3/gnutls_ocsp_resp_get_certs.3 man/man3/gnutls_ocsp_resp_get_extension.3 man/man3/gnutls_ocsp_resp_get_nonce.3 @@ -336,15 +349,19 @@ man/man3/gnutls_ocsp_resp_get_single.3 man/man3/gnutls_ocsp_resp_get_status.3 man/man3/gnutls_ocsp_resp_get_version.3 man/man3/gnutls_ocsp_resp_import.3 +man/man3/gnutls_ocsp_resp_import2.3 man/man3/gnutls_ocsp_resp_init.3 +man/man3/gnutls_ocsp_resp_list_import2.3 man/man3/gnutls_ocsp_resp_print.3 man/man3/gnutls_ocsp_resp_verify.3 man/man3/gnutls_ocsp_resp_verify_direct.3 man/man3/gnutls_ocsp_status_request_enable_client.3 man/man3/gnutls_ocsp_status_request_get.3 +man/man3/gnutls_ocsp_status_request_get2.3 man/man3/gnutls_ocsp_status_request_is_checked.3 man/man3/gnutls_oid_to_digest.3 man/man3/gnutls_oid_to_ecc_curve.3 +man/man3/gnutls_oid_to_gost_paramset.3 man/man3/gnutls_oid_to_mac.3 man/man3/gnutls_oid_to_pk.3 man/man3/gnutls_oid_to_sign.3 @@ -360,6 +377,7 @@ man/man3/gnutls_pcert_import_openpgp_raw.3 man/man3/gnutls_pcert_import_x509.3 man/man3/gnutls_pcert_import_x509_list.3 man/man3/gnutls_pcert_import_x509_raw.3 +man/man3/gnutls_pcert_list_import_x509_file.3 man/man3/gnutls_pcert_list_import_x509_raw.3 man/man3/gnutls_pem_base64_decode.3 man/man3/gnutls_pem_base64_decode2.3 @@ -398,6 +416,7 @@ man/man3/gnutls_pkcs11_obj_flags_get_str.3 man/man3/gnutls_pkcs11_obj_get_exts.3 man/man3/gnutls_pkcs11_obj_get_flags.3 man/man3/gnutls_pkcs11_obj_get_info.3 +man/man3/gnutls_pkcs11_obj_get_ptr.3 man/man3/gnutls_pkcs11_obj_get_type.3 man/man3/gnutls_pkcs11_obj_import_url.3 man/man3/gnutls_pkcs11_obj_init.3 @@ -425,6 +444,7 @@ man/man3/gnutls_pkcs11_token_check_mechanism.3 man/man3/gnutls_pkcs11_token_get_flags.3 man/man3/gnutls_pkcs11_token_get_info.3 man/man3/gnutls_pkcs11_token_get_mechanism.3 +man/man3/gnutls_pkcs11_token_get_ptr.3 man/man3/gnutls_pkcs11_token_get_random.3 man/man3/gnutls_pkcs11_token_get_url.3 man/man3/gnutls_pkcs11_token_init.3 @@ -501,6 +521,7 @@ man/man3/gnutls_priority_ecc_curve_list.3 man/man3/gnutls_priority_get_cipher_suite_index.3 man/man3/gnutls_priority_group_list.3 man/man3/gnutls_priority_init.3 +man/man3/gnutls_priority_init2.3 man/man3/gnutls_priority_kx_list.3 man/man3/gnutls_priority_mac_list.3 man/man3/gnutls_priority_protocol_list.3 @@ -514,6 +535,7 @@ man/man3/gnutls_privkey_export_dsa_raw.3 man/man3/gnutls_privkey_export_dsa_raw2.3 man/man3/gnutls_privkey_export_ecc_raw.3 man/man3/gnutls_privkey_export_ecc_raw2.3 +man/man3/gnutls_privkey_export_gost_raw2.3 man/man3/gnutls_privkey_export_openpgp.3 man/man3/gnutls_privkey_export_pkcs11.3 man/man3/gnutls_privkey_export_rsa_raw.3 @@ -531,6 +553,7 @@ man/man3/gnutls_privkey_import_ext.3 man/man3/gnutls_privkey_import_ext2.3 man/man3/gnutls_privkey_import_ext3.3 man/man3/gnutls_privkey_import_ext4.3 +man/man3/gnutls_privkey_import_gost_raw.3 man/man3/gnutls_privkey_import_openpgp.3 man/man3/gnutls_privkey_import_openpgp_raw.3 man/man3/gnutls_privkey_import_pkcs11.3 @@ -580,6 +603,7 @@ man/man3/gnutls_pubkey_export_dsa_raw2.3 man/man3/gnutls_pubkey_export_ecc_raw.3 man/man3/gnutls_pubkey_export_ecc_raw2.3 man/man3/gnutls_pubkey_export_ecc_x962.3 +man/man3/gnutls_pubkey_export_gost_raw2.3 man/man3/gnutls_pubkey_export_rsa_raw.3 man/man3/gnutls_pubkey_export_rsa_raw2.3 man/man3/gnutls_pubkey_get_key_id.3 @@ -592,6 +616,7 @@ man/man3/gnutls_pubkey_import.3 man/man3/gnutls_pubkey_import_dsa_raw.3 man/man3/gnutls_pubkey_import_ecc_raw.3 man/man3/gnutls_pubkey_import_ecc_x962.3 +man/man3/gnutls_pubkey_import_gost_raw.3 man/man3/gnutls_pubkey_import_openpgp.3 man/man3/gnutls_pubkey_import_openpgp_raw.3 man/man3/gnutls_pubkey_import_pkcs11.3 @@ -613,6 +638,7 @@ man/man3/gnutls_pubkey_verify_hash2.3 man/man3/gnutls_pubkey_verify_params.3 man/man3/gnutls_random_art.3 man/man3/gnutls_range_split.3 +man/man3/gnutls_reauth.3 man/man3/gnutls_record_can_use_length_hiding.3 man/man3/gnutls_record_check_corked.3 man/man3/gnutls_record_check_pending.3 @@ -628,6 +654,7 @@ man/man3/gnutls_record_recv.3 man/man3/gnutls_record_recv_packet.3 man/man3/gnutls_record_recv_seq.3 man/man3/gnutls_record_send.3 +man/man3/gnutls_record_send2.3 man/man3/gnutls_record_send_range.3 man/man3/gnutls_record_set_max_size.3 man/man3/gnutls_record_set_state.3 @@ -660,6 +687,7 @@ man/man3/gnutls_session_get_ptr.3 man/man3/gnutls_session_get_random.3 man/man3/gnutls_session_get_verify_cert_status.3 man/man3/gnutls_session_is_resumed.3 +man/man3/gnutls_session_key_update.3 man/man3/gnutls_session_resumption_requested.3 man/man3/gnutls_session_set_data.3 man/man3/gnutls_session_set_id.3 @@ -672,7 +700,9 @@ man/man3/gnutls_session_supplemental_register.3 man/man3/gnutls_session_ticket_enable_client.3 man/man3/gnutls_session_ticket_enable_server.3 man/man3/gnutls_session_ticket_key_generate.3 +man/man3/gnutls_session_ticket_send.3 man/man3/gnutls_set_default_priority.3 +man/man3/gnutls_set_default_priority_append.3 man/man3/gnutls_sign_algorithm_get.3 man/man3/gnutls_sign_algorithm_get_client.3 man/man3/gnutls_sign_algorithm_get_requested.3 @@ -919,6 +949,7 @@ man/man3/gnutls_x509_crt_get_name_constraints.3 man/man3/gnutls_x509_crt_get_pk_algorithm.3 man/man3/gnutls_x509_crt_get_pk_dsa_raw.3 man/man3/gnutls_x509_crt_get_pk_ecc_raw.3 +man/man3/gnutls_x509_crt_get_pk_gost_raw.3 man/man3/gnutls_x509_crt_get_pk_oid.3 man/man3/gnutls_x509_crt_get_pk_rsa_raw.3 man/man3/gnutls_x509_crt_get_policy.3 @@ -947,6 +978,7 @@ man/man3/gnutls_x509_crt_init.3 man/man3/gnutls_x509_crt_list_import.3 man/man3/gnutls_x509_crt_list_import2.3 man/man3/gnutls_x509_crt_list_import_pkcs11.3 +man/man3/gnutls_x509_crt_list_import_url.3 man/man3/gnutls_x509_crt_list_verify.3 man/man3/gnutls_x509_crt_print.3 man/man3/gnutls_x509_crt_privkey_sign.3 @@ -1060,6 +1092,7 @@ man/man3/gnutls_x509_privkey_export2.3 man/man3/gnutls_x509_privkey_export2_pkcs8.3 man/man3/gnutls_x509_privkey_export_dsa_raw.3 man/man3/gnutls_x509_privkey_export_ecc_raw.3 +man/man3/gnutls_x509_privkey_export_gost_raw.3 man/man3/gnutls_x509_privkey_export_pkcs8.3 man/man3/gnutls_x509_privkey_export_rsa_raw.3 man/man3/gnutls_x509_privkey_export_rsa_raw2.3 @@ -1075,6 +1108,7 @@ man/man3/gnutls_x509_privkey_import.3 man/man3/gnutls_x509_privkey_import2.3 man/man3/gnutls_x509_privkey_import_dsa_raw.3 man/man3/gnutls_x509_privkey_import_ecc_raw.3 +man/man3/gnutls_x509_privkey_import_gost_raw.3 man/man3/gnutls_x509_privkey_import_openssl.3 man/man3/gnutls_x509_privkey_import_pkcs8.3 man/man3/gnutls_x509_privkey_import_rsa_raw.3 @@ -1159,15 +1193,16 @@ share/examples/gnutls/udp.c share/examples/gnutls/verify.c share/locale/cs/LC_MESSAGES/gnutls.mo share/locale/de/LC_MESSAGES/gnutls.mo -share/locale/en@boldquot/LC_MESSAGES/gnutls.mo -share/locale/en@quot/LC_MESSAGES/gnutls.mo share/locale/eo/LC_MESSAGES/gnutls.mo +share/locale/es/LC_MESSAGES/gnutls.mo share/locale/fi/LC_MESSAGES/gnutls.mo share/locale/fr/LC_MESSAGES/gnutls.mo share/locale/it/LC_MESSAGES/gnutls.mo share/locale/ms/LC_MESSAGES/gnutls.mo share/locale/nl/LC_MESSAGES/gnutls.mo share/locale/pl/LC_MESSAGES/gnutls.mo +share/locale/pt_BR/LC_MESSAGES/gnutls.mo +share/locale/sr/LC_MESSAGES/gnutls.mo share/locale/sv/LC_MESSAGES/gnutls.mo share/locale/uk/LC_MESSAGES/gnutls.mo share/locale/vi/LC_MESSAGES/gnutls.mo diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index 25da7045469..1d135052874 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.129 2018/07/06 16:15:28 prlw1 Exp $ +$NetBSD: distinfo,v 1.130 2018/08/16 11:05:47 wiz Exp $ -SHA1 (gnutls-3.6.2.tar.xz) = 24e5a416ce320945a2515619f3c2f0f6f2290ddc -RMD160 (gnutls-3.6.2.tar.xz) = 8f08c2f8e4957338b5efcb40d3584870a53741e1 -SHA512 (gnutls-3.6.2.tar.xz) = 6a574d355226bdff6198ab3f70633ff2a3cff4b5d06793bdaf19d007063bd4dd515d1bd3f331a9eb1a9ad01f83007801cfa55e5fd16c1cd3461ac33d1813fb06 -Size (gnutls-3.6.2.tar.xz) = 8093304 bytes +SHA1 (gnutls-3.6.3.tar.xz) = ac96787a7fbd550a2b201e64c0e752821e90fed7 +RMD160 (gnutls-3.6.3.tar.xz) = 108848d1b51e0d81ac1b2fdce596222d486fc737 +SHA512 (gnutls-3.6.3.tar.xz) = 6238502464d229a9777e3076f4c745d16deaada83c9da756ecdcd370947576e0446bda3a7f85d5a099b745bbf8c0134ebdf6632e4b26d61daf170792fb4f5abe +Size (gnutls-3.6.3.tar.xz) = 8010284 bytes +SHA1 (patch-doc_examples_tlsproxy_tlsproxy.c) = 42f2cfbf77cb6169d733a1f56c6f141f66e055cd SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7 SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4 diff --git a/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c b/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c new file mode 100644 index 00000000000..7e40af45ab9 --- /dev/null +++ b/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c @@ -0,0 +1,24 @@ +$NetBSD: patch-doc_examples_tlsproxy_tlsproxy.c,v 1.1 2018/08/16 11:05:47 wiz Exp $ + +Improve portability outside Linux. + +--- doc/examples/tlsproxy/tlsproxy.c.orig 2018-07-02 18:00:33.000000000 +0000 ++++ doc/examples/tlsproxy/tlsproxy.c +@@ -67,7 +67,7 @@ bindtoaddress (char *addrport) + hints.ai_socktype = SOCK_STREAM; /* Stream socket */ + hints.ai_protocol = 0; /* any protocol */ + +- char *addr = strdupa (addrport); ++ char *addr = strdup (addrport); + char *colon = strrchr (addr, ':'); + char *port = defaultport; + if (colon) +@@ -134,7 +134,7 @@ connecttoaddress (char *addrport) + hints.ai_socktype = SOCK_STREAM; /* Stream socket */ + hints.ai_protocol = 0; /* any protocol */ + +- char *addr = strdupa (addrport); ++ char *addr = strdup (addrport); + char *colon = strrchr (addr, ':'); + char *port = defaultport; + if (colon) |