Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This requires a dependency on www/neon, which performs the validation.
The CA bundle path is advertised by www/neon/MESSSAGE and depends
whether openssl is native or from pkgsrc.
|
|
|
|
Changes in release 0.32.4:
* Fix Digest regression in allowing implicit algorithm= (issue #88)
* Fix Digest to safely allow spaces in usernames (without userhash)
* ne_ssl_trust_default_ca() now uses the system's trusted CAs
with GnuTLS where supported (matching behaviour of OpenSSL)
|
|
Changes in release 0.32.3:
* Improvements and fixes to Windows build (Chun-wei Fan)
* Fix finding pkg-config when cross-compiling (Hugh McMaster)
* Fix Digest cnonce entropy sources in non-SSL builds
* Fix cases where Digest usernames were rejected as non-ASCII
* Fix build failures with OpenSSL 1.1 on some platforms
|
|
This is now handled centrally via OPSYS_EXPLICIT_LIBDEPS support in libiconv
and gettext-lib.
|
|
|
|
Changes in release 0.32.2:
* Fix auth handling for request-target of "*" (regressed since 0.31.x)
* Fix bindtextdomain() detection on OS X (Daniel Macks)
* Fix regeneration of docs in "make install" (Lonnie Abelbeck)
* Fixes for NetBSD build (Thomas Klausner)
|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts):
www/nghttp2/distinfo
Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
|
|
its buildlink3.mk now includes openssl's buildlink3.mk
|
|
|
|
Changes in release 0.32.1:
* Fix configure CFLAGS handling in Kerberos detection.
* Various spelling fixes.
Changes in release 0.32.0:
* Interface changes:
- API and ABI backwards-compatible with 0.27.x and later
- NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default;
to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST
(treated as a security enhancement, not an API/ABI break)
* Interface clarifications:
- ne_auth.h: use of non-ASCII usernames with the ne_auth_creds
callback type is now rejected for Digest auth since the
encoding is not specified. ne_add_auth() can be used instead.
- ne_request.h: the ne_create_request_fn callback is passed the
request-target using RFC 7230 terminology
* New interfaces and features:
- ne_string.h: added ne_strhash(), ne_vstrhash(), ne_strparam()
- ne_auth.h: added RFC 7616 (Digest authentication) support,
including userhash=, username*= and SHA-2 algorithms
(SHA-2 requires GnuTLS/OpenSSL). added NE_AUTH_LEGACY_DIGEST
- ne_auth.h: added ne_add_auth() unified auth callback interface,
accepts (only) UTF-8 usernames, uses a larger password buffer,
and has different/improved attempt counter semantics.
- RFC 7617 scoping rules are now applied for Basic authentication.
- ne_ssl.h: added ne_ssl_cert_hdigest()
- ne_socket.h: added ne_sock_shutdown()
- sendmsg()/send() are used with the MSG_NOSIGNAL flag to write to
sockets on Unix, rather than write()/writev(), avoiding SIGPIPE
- explicit_bzero() is used where available to clear credentials
* Bug fixes:
- fixed TLS connection shutdown handling for OpenSSL 3
- fix various Coverity and cppcheck warnings (Sebastian Reschke)
- Kerberos library detection uses pkg-config where possible.
- fix some configure checks on Win32 (Christopher Degawa)
- fix some configure errors on MacOS (Ryan Schmidt)
|
|
|
|
|
|
|
|
|
|
* Set new HOMEPAGE and MASTER_SITES.
Changelog:
Changes in release neon 0.31.2, 20th June 2020
Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures.
Fix GCC 10 warning in PKCS#11 build.
Fix OpenSSL build w/o deprecated APIs (Rosen Penev).
Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke).
Fix hang on SSL connection close with IIS (issue #11).
Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich).
Changes in release neon 0.31.1, 17th April 2020
ADMIN: The neon website has moved to https://notroj.github.io/neon/
Restore ne_md5_read_ctx() in OpenSSL build.
Fix gcc warnings on Ubuntu (Jan-Marek Glogowski).
Fix various spelling mistakes in docs and headers (thanks to FOSSIES).
Fix ne_asctime_parse() (Eugenij-W).
Fix build with LibreSSL (Juan RP).
Changes in release neon 0.31.0, 24th March 2020
Interface changes:
none, API and ABI backwards-compatible with 0.27.x and later
New interfaces and features:
add more gcc “nonnull” attributes to ne_request_* functions.
for OpenSSL builds, ne_md5 code uses the OpenSSL implementation
add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds< for RFC non-compliance issues in Sharepoint (thanks to Jan-Marek Glogowski and Giuseppe Castagno)
ne_uri.h: add ne_path_escapef() in support of above
ne_207.h: add ne_207_set_flags() likewise in support of above
API clarification:
ne_version_match() behaviour now matches actual 0.27+ ABI history
Bug fixes:
fixes for OpenSSL 1.1.1 and TLSv1.3 support
fix crash with GnuTLS in client cert support (Henrik Holst)
fix possible crash in ne_set_request_flag()
fix build with libxml2 2.9.10 and later
fix handling lock timeouts >LONG_MAX (Giuseppe Castagno)
|
|
|
|
|
|
|
|
This probably makes more sense as a default given that neon is GPLv2.
|
|
|
|
|
|
|
|
|
|
Changes in release 0.30.2:
* Add support for OpenSSL 1.1.x (Kurt Roeckx).
* Fix PKCS#11 support under GnuTLS 3.x.
- PKCS#11 API no longer supported with GnuTLS 2.x
|
|
|
|
|
|
Problems found locating distfiles:
Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
|
|
Changes in release 0.30.1:
* Fix memory leak with GnuTLS (Werner Baumann, Patrick Ohly).
* Fix possible crash after DNS lookup errors on Windows (Olivier Goffart).
* Don't fail if the SSL cert changes between connections with OpenSSL,
behaviour now matches that with GnuTLS.
* Fix PKCS#11 support under OpenSSL with TLS 1.2.
* Fix static linking with pkg-config file (Alan H).
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
|
|
From Hakan Engvall in PR 48519.
Bump PKGREVISION.
|
|
Changes in release 0.30.0:
* Interface changes:
- none, API and ABI backwards-compatible with 0.27.x and later
* New interfaces and features:
- ne_ssl.h: added ne_ssl_clicert_import, ne_ssl_context_get_flag
- ne_session.h: added ne_set_addrlist2
- ne_socket.h: added ne_addr_canonical
- ne_auth.h: added NE_AUTH_GSSAPI_ONLY, NE_AUTH_SSPI (Nathanael Rensen)
- ne_basic.h: added NE_CAP_EXT_MKCOL options test
- ne_request.h: support chunked bodies with negative length passed to
ne_set_request_body_provider (Julien Reichel)
* Bug fixes:
- ne_path_escape: fix excessive memory allocation (Pierre Crokaert)
- SSPI auth: use canonical server hostname, clear SSPI context after
successful auth (Nathanael Rensen)
- build fixes for Open Watcom compiler (NormW)
- fix Win32 error code handling for local ne_sock_prebind bind failure
- Win32: support LFS, thread-safe OpenSSL (Diego Santa Cruz)
- GnuTLS: fix GnuTLS 3.x support (Matthias Petschick, Bartosz Brachaczek)
|
|
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
|
|
are called p5-*.
I hope that's all of them.
|
|
Bump PKGREVISION.
|
|
changes:
-bugfixes (mostly SSL releated)
-docs updates
|
|
|
|
* Change ne_sock_close() to no longer wait for SSL closure alert:
o fixes possible hang with IIS servers when closing SSL connection
o this reverts the behaviour with OpenSSL to match 0.28.x,
and changes the behaviour with GnuTLS to match that with
OpenSSL
* Fix memory leak with GnuTLS
* API clarification in ne_sock_close():
o SSL closure handling now documented
o return value semantics fixed to describe the implementation
|
|
Changes in release neon 0.29.2, 30 December 2009 (PGP signature)
* Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C)
* Fix unnecessary re-authentication with SSPI (Danil Shopyrin)
o Note that this change was previously listed in the 0.29.1 changes, however the patch had not been merged.
Changes in release neon 0.29.1, 15 December 2009 (PGP signature)
* Fixes for (Unix) NTLM implementation:
o fix handling of session timeout (Kai Sommerfeld)
o fix possible crash (basic@mozdev.org)
* Build fixes for Win32:
o fix use of socklen_t with recent SDKs (Stefan Kung)
o fix USE_GETADDRINFO on Win2K (Kai Sommerfeld)
* Fix build with versions of GnuTLS older than 2.8.0.
|
|
|
|
* Interface changes:
o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
* New interfaces and features:
o added NTLM auth support for Unix builds (Kai Sommerfeld,
Daniel Stenberg)
o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
and ne_session.h:ne_session_socks_proxy()
o added support for system-default proxies: ne_session_system_proxy(),
implemented using libproxy where available
o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
SSL verification failure bits extended by NE_SSL_BADCHAIN and
NE_SSL_REVOKED, better handling of failures within the cert chain
(thanks to Ludwig Nussel)
o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
ne_iaddr_raw(), ne_iaddr_parse()
o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
* Deprecated interfaces:
o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
o obsolete feature "NE_FEATURE_SOCKS" now never marked present
* Other changes:
o fix handling of "stale" flag in RFC2069-style Digest auth challenge
o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
o symbol versioning used for new symbols, where supported
o ensure SSL connections are closed cleanly with OpenSSL
o fix build with OpenSSL 1.0 beta
o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
certificate subject name; could allow an undetected MITM attack against
an SSL server if a trusted CA issues such a cert.
Tested by Daniel Horecki with SVN client.
|