head 1.5; access; symbols pkgsrc-2015Q1:1.4.0.2 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.2.0.12 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.10 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.8 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.6 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.4 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.2 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.1.0.6 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.4 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.2 pkgsrc-2012Q4-base:1.1; locks; strict; comment @# @; 1.5 date 2015.06.14.17.42.50; author fhajny; state dead; branches; next 1.4; commitid NDHxeSLWwC2piqpy; 1.4 date 2015.03.28.19.00.28; author rodent; state Exp; branches; next 1.3; commitid myUuQEh25FgRdpfy; 1.3 date 2015.03.27.23.30.42; author rodent; state Exp; branches; next 1.2; commitid ALt3pXdbwFEZIify; 1.2 date 2013.09.11.13.17.25; author obache; state Exp; branches; next 1.1; commitid mpeYJfqhILvSq15x; 1.1 date 2012.12.11.23.29.27; author gdt; state Exp; branches; next ; desc @@ 1.5 log @Remove security/polarssl, it's been superseded by security/mbedtls. @ text @@@comment $NetBSD: PLIST,v 1.4 2015/03/28 19:00:28 rodent Exp $ bin/aescrypt2 bin/benchmark bin/cert_app bin/cert_req bin/cert_write bin/crl_app bin/crypt_and_hash bin/dh_client bin/dh_genprime bin/dh_server bin/gen_entropy bin/gen_key bin/gen_random_ctr_drbg bin/gen_random_havege bin/generic_sum bin/hello bin/key_app bin/md5sum bin/mpi_demo ${PLIST.tests}bin/o_p_test bin/pem2der bin/pk_decrypt bin/pk_encrypt bin/pk_sign bin/pk_verify bin/req_app bin/rsa_decrypt bin/rsa_encrypt bin/rsa_genkey bin/rsa_sign bin/rsa_verify bin/selftest bin/sha1sum bin/sha2sum bin/ssl_cert_test bin/ssl_client1 bin/ssl_client2 bin/ssl_fork_server bin/ssl_mail_client bin/ssl_pthread_server bin/ssl_server bin/ssl_test bin/strerror include/polarssl/aes.h include/polarssl/aesni.h include/polarssl/arc4.h include/polarssl/asn1.h include/polarssl/asn1write.h include/polarssl/base64.h include/polarssl/bignum.h include/polarssl/blowfish.h include/polarssl/bn_mul.h include/polarssl/camellia.h include/polarssl/ccm.h include/polarssl/certs.h include/polarssl/check_config.h include/polarssl/cipher.h include/polarssl/cipher_wrap.h include/polarssl/compat-1.2.h include/polarssl/config.h include/polarssl/ctr_drbg.h include/polarssl/debug.h include/polarssl/des.h include/polarssl/dhm.h include/polarssl/ecdh.h include/polarssl/ecdsa.h include/polarssl/ecp.h include/polarssl/entropy.h include/polarssl/entropy_poll.h include/polarssl/error.h include/polarssl/gcm.h include/polarssl/havege.h include/polarssl/hmac_drbg.h include/polarssl/md.h include/polarssl/md2.h include/polarssl/md4.h include/polarssl/md5.h include/polarssl/md_wrap.h include/polarssl/memory.h include/polarssl/memory_buffer_alloc.h include/polarssl/net.h include/polarssl/oid.h include/polarssl/openssl.h include/polarssl/padlock.h include/polarssl/pbkdf2.h include/polarssl/pem.h include/polarssl/pk.h include/polarssl/pk_wrap.h include/polarssl/pkcs11.h include/polarssl/pkcs12.h include/polarssl/pkcs5.h include/polarssl/platform.h include/polarssl/ripemd160.h include/polarssl/rsa.h include/polarssl/sha1.h include/polarssl/sha256.h include/polarssl/sha512.h include/polarssl/ssl.h include/polarssl/ssl_cache.h include/polarssl/ssl_ciphersuites.h include/polarssl/threading.h include/polarssl/timing.h include/polarssl/version.h include/polarssl/x509.h include/polarssl/x509_crl.h include/polarssl/x509_crt.h include/polarssl/x509_csr.h include/polarssl/xtea.h lib/libpolarssl.a lib/libpolarssl.so lib/libpolarssl.so.${PKGVERSION} lib/libpolarssl.so.7 @ 1.4 log @Add patch to make OpenSSL ("tests") optional. The package wants this by default and users of other package management systems might imagine this package functioning the same way. However, the PLIST differs by one item without it, which users may change at their discretion. Add zlib option too which I'd missed during the previous update. Bump PKGREVISION. @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.3 2015/03/27 23:30:42 rodent Exp $ @ 1.3 log @Update to last stable release under the polarssl brand. The list of changes is very long and, if you're interested, they can be found here: https://tls.mbed.org/download-archive by reading all the ChangeLogs from 1.2.12-1.3.9. The pkgsrc changes are: Use cmake for build, as that's what upstream recommends and is less likely to fail cross-platform for future releases. Needs pkg-config due to that. Build and install shared library. Remove executable permission from static library during post-install. Needs pthreads and openssl. Tested this build against the build of latest version of powerdns (update coming). @ text @d1 1 a1 1 @@comment $NetBSD$ d21 1 a21 1 bin/o_p_test @ 1.2 log @Update PolarSSL to 1.2.8 = Version 1.2.8 released 2013-06-19 Features * Parsing of PKCS#8 encrypted private key files * PKCS#12 PBE and derivation functions * Centralized module option values in config.h to allow user-defined settings without editing header files by using POLARSSL_CONFIG_OPTIONS Changes * HAVEGE random generator disabled by default * Internally split up x509parse_key() into a (PEM) handler function and specific DER parser functions for the PKCS#1 and unencrypted PKCS#8 private key formats * Added mechanism to provide alternative implementations for all symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in config.h) * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated old PBKDF2 module Bugfix * Secure renegotiation extension should only be sent in case client supports secure renegotiation * Fixed offset for cert_type list in ssl_parse_certificate_request() * Fixed const correctness issues that have no impact on the ABI * x509parse_crt() now better handles PEM error situations * ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM certificates * x509parse_crtpath() is now reentrant and uses more portable stat() * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler * Fixed values for 2-key Triple DES in cipher layer * ssl_write_certificate_request() can handle empty ca_chain Security * A possible DoS during the SSL Handshake, due to faulty parsing of PEM-encoded certificates has been fixed (found by Jack Lloyd) = Version 1.2.7 released 2013-04-13 Features * Ability to specify allowed ciphersuites based on the protocol version. Changes * Default Blowfish keysize is now 128-bits * Test suites made smaller to accommodate Raspberry Pi Bugfix * Fix for MPI assembly for ARM * GCM adapted to support sizes > 2^29 = Version 1.2.6 released 2013-03-11 Bugfix * Fixed memory leak in ssl_free() and ssl_reset() for active session * Corrected GCM counter incrementation to use only 32-bits instead of 128-bits (found by Yawning Angel) * Fixes for 64-bit compilation with MS Visual Studio * Fixed net_bind() for specified IP addresses on little endian systems * Fixed assembly code for ARM (Thumb and regular) for some compilers Changes * Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(), rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and PKCS#1 v2.1 functions * Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() * Re-added handling for SSLv2 Client Hello when the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set * The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain) Security * Removed further timing differences during SSL message decryption in ssl_decrypt_buf() * Removed timing differences due to bad padding from rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 operations = Version 1.2.5 released 2013-02-02 Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES Security * Removed timing differences during SSL message decryption in ssl_decrypt_buf() due to badly formatted padding = Version 1.2.4 released 2013-01-25 Changes * Added ssl_handshake_step() to allow single stepping the handshake process Bugfix * Memory leak when using RSA_PKCS_V21 operations fixed * Handle future version properly in ssl_write_certificate_request() * Correctly handle CertificateRequest message in client for <= TLS 1.1 without DN list = Version 1.2.3 released 2012-11-26 Bugfix * Server not always sending correct CertificateRequest message = Version 1.2.2 released 2012-11-24 Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility * Fixed dependency on POLARSSL_SHA4_C in SSL modules = Version 1.2.1 released 2012-11-20 Changes * Depth that the certificate verify callback receives is now numbered bottom-up (Peer cert depth is 0) Bugfixes * Fixes for MSVC6 * Moved mpi_inv_mod() outside POLARSSL_GENPRIME * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel Pégourié-Gonnard) * Fixed possible segfault in mpi_shift_r() (found by Manuel Pégourié-Gonnard) * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 @ text @d1 44 a44 1 @@comment $NetBSD: PLIST,v 1.1 2012/12/11 23:29:27 gdt Exp $ d46 1 d55 1 d57 1 d60 1 d66 3 d74 1 d80 2 d83 1 d88 2 d93 2 d97 2 a98 2 include/polarssl/sha2.h include/polarssl/sha4.h d101 2 d106 3 a108 1 include/polarssl/x509write.h d111 3 @ 1.1 log @Import polarssl-1.2.0 as security/polarssl. PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. This package includes headers/libs only, not the demo programs. PolarSSL is GPLv2, but offers exceptions to be distributed with other works licensed as Apache, BSD, CC0, EUPL, LGPL, ISC, WTFPL, X11, zlib/libpng. @ text @d1 1 a1 1 @@comment $NetBSD$ d35 2 @