summaryrefslogtreecommitdiff
path: root/security/libksba
AgeCommit message (Collapse)AuthorFilesLines
2022-10-09libksba: updated to 1.6.2adam2-6/+6
Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2] ------------------------------------------------ * Fix integer overflow in the CRL parser.
2022-09-27libksba: updated to 1.6.1adam2-6/+6
Noteworthy changes in version 1.6.1 (2022-09-16) ------------------------------------------------ * Allow an OCSP server not to return the sent nonce.
2022-01-13libksba: updated to 1.6.0adam2-7/+6
Noteworthy changes in version 1.6.0 (2021-06-10) [C22/A14/R0] ------------------------------------------------ * Limited support for the Authenticated-Enveloped-Data content type. [81fdcd680c12] * Support password based decryption. [cb7f2484a09c] * Fix build problem on macOS. * Silence warnings from static analyzers. * Interface changes relative to the 1.5.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ KSBA_CT_AUTHENVELOPED_DATA NEW. Release-info: https://dev.gnupg.org/T5479 Noteworthy changes in version 1.5.1 (2021-04-06) [C21/A13/R1] ------------------------------------------------ * Support Brainpool curves specified by ECDomainParameters. Release-info: https://dev.gnupg.org/T5379 Noteworthy changes in version 1.5.0 (2020-11-18) [C21/A13/R0] ------------------------------------------------ * ksba_cms_identify now identifies OpenPGP keyblock content. * Supports TR-03111 plain format ECDSA signature verification. * Fixes a CMS signed data parser bug exhibited by a somewhat strange CMS message. [b6438e768c] * Interface changes relative to the 1.4.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ KSBA_CT_OPENPGP_KEYBLOCK NEW. Release-info: https://dev.gnupg.org/T5146
2021-10-26security: Replace RMD160 checksums with BLAKE2s checksumsnia1-2/+2
All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-07security: Remove SHA1 hashes for distfilesnia1-2/+1
2020-08-03libksba: updated to 1.4.0adam5-91/+11
Noteworthy changes in version 1.4.0 ----------------------------------- * Supports ECDSA and EdDSA certificate creation and parsing. * Supports ECDH enveloped data. * Supports ECDSA and EdDSA signed data. * Supports rsaPSS signature verification. * Supports standard file descriptors in ksba_reader_read. * New configure flag --disable-doc. * Improves supports for reproducible builds. * Allows for optional elements in keyinfo objects. * Updates the config and M4 scripts to the latest version. * Fixes error detection in the CMS parser. * Fixes memory leak in ksba_cms_identify. * Fixes build warnings on macOS. * Uses --disable-new-dtags if LD_LIBRARY_PATH is defined. * New constants KSBA_VERSION and KSBA_VERSION_NUMBER. * New API to make creation of DER objects easy. * Interface changes relative to the 1.3.5 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ KSBA_VERSION NEW. KSBA_VERSION_NUMBER NEW. KSBA_CT_SPC_IND_DATA_CTX NEW. KSBA_CLASS_* NEW. KSBA_TYPE_* NEW. ksba_der_t NEW. ksba_der_release NEW. ksba_der_builder_new NEW. ksba_der_builder_reset NEW. ksba_der_add_ptr NEW. ksba_der_add_val NEW. ksba_der_add_int NEW. ksba_der_add_oid NEW. ksba_der_add_bts NEW. ksba_der_add_der NEW. ksba_der_add_tag NEW. ksba_der_add_end NEW. ksba_der_builder_get NEW.
2017-05-30Add patch to resolve gpgsm S/MIME failuresgdt3-2/+68
S/MIME messages encrypted with gpgsm are sometimes not decodable by other implementations. Discussion on gnupg-devel indicates that gpg (via libksba) is incorrectly dropping leading zeros from the encrypted session key. This commit adds a patch by Daiki Ueno from the mailinglist that appears to improve interoperability. Upstream has not yet applied it, but also has not said that it is wrong.
2016-08-22Updated libksba to 1.3.5.wiz2-7/+7
Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6] ------------------------------------------------ * Limit the allowed size of complex ASN.1 objects (e.g. certificates) to 16MiB. * Avoid read access to unitialized memory. * Improve detection of invalid RDNs. * Encode the OCSP nonce value as an octet string as described by RFC-6960.
2016-06-18Update libksba to 1.3.4, fixing several vulnerabilities.bsiegert2-8/+8
Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4] ------------------------------------------------ * Fixed two OOB read access bugs which could be used to force a DoS. * Fixed a crash due to faulty curve OID lookup code. * Synced the list of supported curves with those of Libgcrypt. * New configure option --enable-build-timestamp; a build timestamp is not anymore used by default.
2015-11-04Add SHA512 digests for distfiles for security categoryagc1-1/+2
Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2015-07-05Update to 1.3.3:wiz2-6/+6
Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4] ------------------------------------------------ * Fixed an integer overflow in the DN decoder. * Now returns an error instead of terminating the process for certain bad BER encodings. * Improved the parsing of utf-8 strings in DNs. * Allow building with newer versions of Bison. * Improvement building on Windows with newer versions of Mingw.
2014-11-25Update to 1.3.2. Add comment to patch.wiz3-9/+10
Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3] ------------------------------------------------ * Fixed a buffer overflow in ksba_oid_to_str. Noteworthy changes in version 1.3.1 (2014-09-18) ------------------------------------------------ * Fixed memory leak in CRL parsing. * Build fixes for Windows, Android, and ppc64el.
2014-01-01Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.wiz2-3/+4
2013-05-12Fix recent change to security/libksba for cross-compilation.riastradh1-1/+3
Need to include bsd.prefs.mk before testing USE_CROSS_COMPILE. Not sure how this slipped through -- could've sworn I tested this.
2013-05-10Fix cross-build of libksba with CC_FOR_BUILD=NATIVE_CC.riastradh1-1/+5
2013-03-15update to 1.3.0drochner2-8/+7
changes: -licensing change: gplv3 -> lgplv3 + gplv2 -minor fixes
2013-02-01Reset MAINTAINER/OWNER (became observers)wiz1-2/+2
2012-10-23Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.asau1-3/+1
2011-04-22recursive bump from gettext-lib shlib bump.obache2-3/+4
2011-03-11Changes 1.2.0:adam3-16/+29
* New functions to allow the creation of X.509 certificates. * Interface changes relative to the 1.1.0 release: ksba_certreq_set_serial NEW ksba_certreq_set_issuer NEW ksba_certreq_set_validity NEW ksba_certreq_set_siginfo NEW
2010-11-26update to 1.1.0drochner2-6/+6
change: New functions to fix a leak in dirmngr
2010-09-01update to 1.0.8drochner2-6/+6
change: Fixed a CMS parsing bug exhibited by Lotus Notes
2009-12-21Not MAKE_JOBS_SAFE.joerg1-1/+2
2009-12-15update to 1.0.7drochner2-6/+6
changes: -misc fixes and improvements -Support DSA -Support SHA-{384,512} based signature generation reviewed by John R. Shannon
2009-03-20Simply and speed up buildlink3.mk files and processing.joerg1-13/+6
This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
2008-07-14Mark as destdir ready.joerg1-1/+3
2007-08-04Update to 1.0.2 as required by gnupg 2.0.5.shannonjr3-20/+6
2007-01-11Make this package build on Darwin. Patch from Darwinports.minskim2-1/+15
This fixes PR 35400.
2006-10-12Fix dependency. No cookie for shannonjr.joerg1-2/+2
2006-10-11Update to 1.0.0. After about 5 years of beta testing, I am pleased to ↵shannonjr2-9/+10
announce the availability of libksba 1.0.0. Libksba is an X.509 and CMS (pkcs#7) library. It is for example required to build the S/MIME part of GnuPG (gpgsm)
2006-07-08Change the format of BUILDLINK_ORDER to contain depth information as well,jlam1-2/+2
and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
2006-07-08Track information in a new variable BUILDLINK_ORDER that informs usjlam1-1/+2
of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
2006-04-12Aligned the last line of the buildlink3.mk files with the first line, sorillig1-2/+2
that they look nicer.
2006-04-06Over 1200 files touched but no revisions bumped :)reed1-3/+3
RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
2006-03-31List the info pages directly in the PLIST and ensure that we honorjlam2-3/+4
PKGINFODIR.
2006-02-05Recursive revision bump / recommended bump for gettext ABI change.joerg2-3/+4
2006-01-06Update to 0.9.13. This is a bug fix release.shannonjr2-6/+7
2005-04-23Update from 0.9.10 to 0.9.11. This is part of a multi-package updateshannonjr3-8/+8
for S/MIME capability involving gnupg-devel and dirmngr also. The changes to this pkg are bug fixes.
2005-04-11Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.tv1-2/+1
2005-02-24Add RMD160 digests.agc1-1/+2
2004-12-03Update to release 0.9.10. This is a bugfix release.shannonjr2-5/+5
2004-10-111) Taking over maintainance of package on agreement with previousshannonjr3-10/+9
maintainer Klaus Klein. 2) Update to version 0.9.7 to satisfy version requirements for, soon to be committed, gnupg2 (1.9.10) that provides SMIME support. Libksba is a library to make the tasks of working with X.509 certificates, CMS data and related objects more easy. It a highlevel interface to the implemented protocols and presents the data in a consistent way.
2004-10-03Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10tv2-2/+4
in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
2004-09-22Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST.jlam1-5/+1
All library names listed by *.la files no longer need to be listed in the PLIST, e.g., instead of: lib/libfoo.a lib/libfoo.la lib/libfoo.so lib/libfoo.so.0 lib/libfoo.so.0.1 one simply needs: lib/libfoo.la and bsd.pkg.mk will automatically ensure that the additional library names are listed in the installed package +CONTENTS file. Also make LIBTOOLIZE_PLIST default to "yes".
2004-03-18Fix serious bug where BUILDLINK_PACKAGES wasn't being ordered properlyjlam1-3/+2
by moving the inclusion of buildlink3.mk files outside of the protected region. This bug would be seen by users that have set PREFER_PKGSRC or PREFER_NATIVE to non-default values. BUILDLINK_PACKAGES should be ordered so that for any package in the list, that package doesn't depend on any packages to the left of it in the list. This ordering property is used to check for builtin packages in the correct order. The problem was that including a buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed from BUILDLINK_PACKAGES and appended to the end. However, since the inclusion of any other buildlink3.mk files within that buildlink3.mk was in a region that was protected against multiple inclusion, those dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
2004-03-05Reorder location and setting of BUILDLINK_PACKAGES to match templatejlam1-5/+8
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
2004-02-25Not used any more.minskim1-27/+0
2004-02-25Bump BUILDLINK_DEPENDS due to library major bump.minskim2-4/+4
2004-02-25Update libksba to 0.9.4.minskim3-10/+8
Changes since 0.9.1: * Support for Extended Key Usage. * ksba_cms_identify may no return a pseudo content type for pkcs#12 files. * Cleaned up the DN label table. * Fixed a bug in creating CMS signed data. * Interface changes: ksba_reader_clear NEW. ksba_cert_get_ext_key_usages NEW. KSBA_CT_PKCS12 NEW.
2004-02-25Bump PKGREVISION due to the update of libgcrypt.minskim1-2/+2
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-14 02:35:21 +0000