From 6996a5d1f7d72cf20af77fcf570f6057d2468064 Mon Sep 17 00:00:00 2001 From: salo Date: Mon, 2 May 2005 20:14:06 +0000 Subject: Pullup ticket 479 - requested by Thomas Klausner security update for gnutls Revisions pulled up: - pkgsrc/security/gnutls/Makefile 1.26, 1.28 - pkgsrc/security/gnutls/PLIST 1.13-1.14 - pkgsrc/security/gnutls/buildlink3.mk 1.8 - pkgsrc/security/gnutls/distinfo 1.15-1.16 - pkgsrc/security/gnutls/patches/patch-aa removed Module Name: pkgsrc Committed By: wiz Date: Fri Apr 8 15:50:41 UTC 2005 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Removed Files: pkgsrc/security/gnutls/patches: patch-aa Log Message: Update to 1.2.1: * Version 1.2.1 (2005-04-04) - gnutls_bye() will no longer fail when RDWR is used and application data are available for reading. - Added more strict checks for the SRP parameters (g,n), when they are not in the included list. - Added warning to certtool when MD5 is being used for digital signatures. - Optimizations ("-O2 -finline-functions") are not enabled by default, instead the standard autoconf defaults are used. Use `./configure CFLAGS="-O2 -finline-functions"' to get the old optimizations. - Added the option --get-dh-params to certtool, in order to get the included in the library primes and generators. - Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to allow only trusted Version 1 CAs and introduced GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. - Nettle self tests now build properly, reported by Pierre - Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. Reported by Yoann Vandoorselaere - Added the functions: gnutls_x509_crt_list_import(), gnutls_x509_crq_get_attribute_by_oid(), gnutls_x509_crq_set_attribute_by_oid() and gnutls_x509_crt_set_extension_by_oid(). - If the library has been compiled with features disabled, a warning is issued during the compilation of any program. --- Module Name: pkgsrc Committed By: wiz Date: Mon May 2 12:59:24 UTC 2005 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Log Message: Update to 1.2.3: * Version 1.2.3 - Corrected bug in record packet parsing that could lead to a denial of service attack. - Corrected bug in RSA key export. Previously exported keys can be fixed using certtool. Use certtool -k outfile - API and ABI modifications: gnutls_x509_privkey_fix(): Add. * Version 1.2.2 (2005-04-25) - gnutls_error_to_alert() now considers GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. - Fixed error in session resuming that could cause a crash in a session. - Fixed pkcs12 friendly name and local key identifier decoding. - Internal cleanups, removed duplicate typedef/struct definitions, and made source code include external include file, to check function prototypes during compile time. - API and ABI modifications: No changes since last version. At least not intentional, but due to the include header changes, there may be inadvertant changes, please let us know if you find any. --- Module Name: pkgsrc Committed By: salo Date: Mon May 2 19:48:37 UTC 2005 Modified Files: pkgsrc/security/gnutls: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!) --- security/gnutls/Makefile | 5 +++-- security/gnutls/PLIST | 12 +++++++++--- security/gnutls/buildlink3.mk | 4 ++-- security/gnutls/distinfo | 9 ++++----- security/gnutls/patches/patch-aa | 13 ------------- 5 files changed, 18 insertions(+), 25 deletions(-) delete mode 100644 security/gnutls/patches/patch-aa (limited to 'security') diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 3bd926fe893..414012c0b15 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.25 2005/02/25 15:23:24 wiz Exp $ +# $NetBSD: Makefile,v 1.25.2.1 2005/05/02 20:14:06 salo Exp $ -DISTNAME= gnutls-1.2.0 +DISTNAME= gnutls-1.2.3 CATEGORIES= security devel MASTER_SITES= http://josefsson.org/gnutls/releases/ \ ftp://ftp.gnutls.org/pub/gnutls/ \ @@ -18,6 +18,7 @@ PKG_INSTALLATION_TYPES= overwrite pkgviews USE_BUILDLINK3= YES USE_LIBTOOL= YES GNU_CONFIGURE= YES +TEST_TARGET= check INFO_FILES= gnutls.info diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST index 78d66803584..7adc3f3ae9d 100644 --- a/security/gnutls/PLIST +++ b/security/gnutls/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.12 2005/02/19 00:14:23 wiz Exp $ +@comment $NetBSD: PLIST,v 1.12.2.1 2005/05/02 20:14:06 salo Exp $ bin/certtool bin/gnutls-cli bin/gnutls-cli-debug @@ -23,8 +23,6 @@ man/man1/gnutls-cli-debug.1 man/man1/gnutls-cli.1 man/man1/gnutls-serv.1 man/man1/srptool.1 -man/man3/_gnutls_x509_get_raw_crt_activation_time.3 -man/man3/_gnutls_x509_get_raw_crt_expiration_time.3 man/man3/gnutls_alert_get.3 man/man3/gnutls_alert_get_name.3 man/man3/gnutls_alert_send.3 @@ -286,6 +284,7 @@ man/man3/gnutls_x509_crl_sign2.3 man/man3/gnutls_x509_crl_verify.3 man/man3/gnutls_x509_crq_deinit.3 man/man3/gnutls_x509_crq_export.3 +man/man3/gnutls_x509_crq_get_attribute_by_oid.3 man/man3/gnutls_x509_crq_get_challenge_password.3 man/man3/gnutls_x509_crq_get_dn.3 man/man3/gnutls_x509_crq_get_dn_by_oid.3 @@ -294,6 +293,7 @@ man/man3/gnutls_x509_crq_get_pk_algorithm.3 man/man3/gnutls_x509_crq_get_version.3 man/man3/gnutls_x509_crq_import.3 man/man3/gnutls_x509_crq_init.3 +man/man3/gnutls_x509_crq_set_attribute_by_oid.3 man/man3/gnutls_x509_crq_set_challenge_password.3 man/man3/gnutls_x509_crq_set_dn_by_oid.3 man/man3/gnutls_x509_crq_set_key.3 @@ -333,6 +333,7 @@ man/man3/gnutls_x509_crt_get_subject_key_id.3 man/man3/gnutls_x509_crt_get_version.3 man/man3/gnutls_x509_crt_import.3 man/man3/gnutls_x509_crt_init.3 +man/man3/gnutls_x509_crt_list_import.3 man/man3/gnutls_x509_crt_list_verify.3 man/man3/gnutls_x509_crt_set_activation_time.3 man/man3/gnutls_x509_crt_set_authority_key_id.3 @@ -341,6 +342,7 @@ man/man3/gnutls_x509_crt_set_crl_dist_points.3 man/man3/gnutls_x509_crt_set_crq.3 man/man3/gnutls_x509_crt_set_dn_by_oid.3 man/man3/gnutls_x509_crt_set_expiration_time.3 +man/man3/gnutls_x509_crt_set_extension_by_oid.3 man/man3/gnutls_x509_crt_set_issuer_dn_by_oid.3 man/man3/gnutls_x509_crt_set_key.3 man/man3/gnutls_x509_crt_set_key_purpose_oid.3 @@ -361,6 +363,7 @@ man/man3/gnutls_x509_privkey_export.3 man/man3/gnutls_x509_privkey_export_dsa_raw.3 man/man3/gnutls_x509_privkey_export_pkcs8.3 man/man3/gnutls_x509_privkey_export_rsa_raw.3 +man/man3/gnutls_x509_privkey_fix.3 man/man3/gnutls_x509_privkey_generate.3 man/man3/gnutls_x509_privkey_get_key_id.3 man/man3/gnutls_x509_privkey_get_pk_algorithm.3 @@ -382,9 +385,12 @@ share/examples/gnutls/ex-alert.c share/examples/gnutls/ex-cert-select.c share/examples/gnutls/ex-client-resume.c share/examples/gnutls/ex-client-srp.c +share/examples/gnutls/ex-client1.c share/examples/gnutls/ex-client2.c share/examples/gnutls/ex-crq.c share/examples/gnutls/ex-pkcs12.c +share/examples/gnutls/ex-rfc2818.c +share/examples/gnutls/ex-serv-anon.c share/examples/gnutls/ex-serv-export.c share/examples/gnutls/ex-serv-pgp.c share/examples/gnutls/ex-serv-srp.c diff --git a/security/gnutls/buildlink3.mk b/security/gnutls/buildlink3.mk index 24b8b453d39..18cfe7a9017 100644 --- a/security/gnutls/buildlink3.mk +++ b/security/gnutls/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.7 2004/10/03 00:18:08 tv Exp $ +# $NetBSD: buildlink3.mk,v 1.7.4.1 2005/05/02 20:14:06 salo Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ GNUTLS_BUILDLINK3_MK:= ${GNUTLS_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= gnutls .if !empty(GNUTLS_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.gnutls+= gnutls>=1.0.13 -BUILDLINK_RECOMMENDED.gnutls+= gnutls>=1.0.20nb2 +BUILDLINK_RECOMMENDED.gnutls+= gnutls>=1.2.3 BUILDLINK_PKGSRCDIR.gnutls?= ../../security/gnutls .endif # GNUTLS_BUILDLINK3_MK diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index 485139c9d01..8e3d2c6671c 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,7 +1,6 @@ -$NetBSD: distinfo,v 1.13.2.1 2005/04/03 17:36:27 salo Exp $ +$NetBSD: distinfo,v 1.13.2.2 2005/05/02 20:14:06 salo Exp $ -SHA1 (gnutls-1.2.0.tar.bz2) = 618d502fc872530b726e791a818af5a95ee39d00 -RMD160 (gnutls-1.2.0.tar.bz2) = 1f03385047112721173f116821dc92680d60b687 -Size (gnutls-1.2.0.tar.bz2) = 2417909 bytes -SHA1 (patch-aa) = 3b4adf0b6acde5a56c0a7f3003a0a1e90bfbd672 +SHA1 (gnutls-1.2.3.tar.bz2) = 78e1b92a9d818479faca9042d446eed61770fb17 +RMD160 (gnutls-1.2.3.tar.bz2) = 8e796bcd3f303f52f6c2c9dad18814a467b550eb +Size (gnutls-1.2.3.tar.bz2) = 2446437 bytes SHA1 (patch-ab) = a3327de3052375acd569ee8541c90e2555e73f2d diff --git a/security/gnutls/patches/patch-aa b/security/gnutls/patches/patch-aa deleted file mode 100644 index 52cedce1fe8..00000000000 --- a/security/gnutls/patches/patch-aa +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-aa,v 1.3 2005/02/19 00:14:23 wiz Exp $ - ---- configure.orig 2005-01-27 14:16:39.000000000 +0100 -+++ configure -@@ -3651,8 +3651,6 @@ rm -f conftest.err conftest.$ac_objext c - if test $ac_cv_c_compiler_gnu != no; then - if test x$opt_developer_mode = xyes; then - CFLAGS="${CFLAGS} -g -Wno-format-y2k -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Winline -Wstrict-prototypes" -- else -- CFLAGS="${CFLAGS} -O2 -finline-functions" - fi - - if test x$opt_dmalloc_mode = xyes; then -- cgit v1.2.3