head 1.15; access; symbols pkgsrc-2026Q1:1.15.0.26 pkgsrc-2026Q1-base:1.15 pkgsrc-2025Q4:1.15.0.24 pkgsrc-2025Q4-base:1.15 pkgsrc-2025Q3:1.15.0.22 pkgsrc-2025Q3-base:1.15 pkgsrc-2025Q2:1.15.0.20 pkgsrc-2025Q2-base:1.15 pkgsrc-2025Q1:1.15.0.18 pkgsrc-2025Q1-base:1.15 pkgsrc-2024Q4:1.15.0.16 pkgsrc-2024Q4-base:1.15 pkgsrc-2024Q3:1.15.0.14 pkgsrc-2024Q3-base:1.15 pkgsrc-2024Q2:1.15.0.12 pkgsrc-2024Q2-base:1.15 pkgsrc-2024Q1:1.15.0.10 pkgsrc-2024Q1-base:1.15 pkgsrc-2023Q4:1.15.0.8 pkgsrc-2023Q4-base:1.15 pkgsrc-2023Q3:1.15.0.6 pkgsrc-2023Q3-base:1.15 pkgsrc-2023Q2:1.15.0.4 pkgsrc-2023Q2-base:1.15 pkgsrc-2023Q1:1.15.0.2 pkgsrc-2023Q1-base:1.15 pkgsrc-2022Q4:1.14.0.10 pkgsrc-2022Q4-base:1.14 pkgsrc-2022Q3:1.14.0.8 pkgsrc-2022Q3-base:1.14 pkgsrc-2022Q2:1.14.0.6 pkgsrc-2022Q2-base:1.14 pkgsrc-2022Q1:1.14.0.4 pkgsrc-2022Q1-base:1.14 pkgsrc-2021Q4:1.14.0.2 pkgsrc-2021Q4-base:1.14 pkgsrc-2021Q3:1.12.0.46 pkgsrc-2021Q3-base:1.12 pkgsrc-2021Q2:1.12.0.44 pkgsrc-2021Q2-base:1.12 pkgsrc-2021Q1:1.12.0.42 pkgsrc-2021Q1-base:1.12 pkgsrc-2020Q4:1.12.0.40 pkgsrc-2020Q4-base:1.12 pkgsrc-2020Q3:1.12.0.38 pkgsrc-2020Q3-base:1.12 pkgsrc-2020Q2:1.12.0.34 pkgsrc-2020Q2-base:1.12 pkgsrc-2020Q1:1.12.0.14 pkgsrc-2020Q1-base:1.12 pkgsrc-2019Q4:1.12.0.36 pkgsrc-2019Q4-base:1.12 pkgsrc-2019Q3:1.12.0.32 pkgsrc-2019Q3-base:1.12 pkgsrc-2019Q2:1.12.0.30 pkgsrc-2019Q2-base:1.12 pkgsrc-2019Q1:1.12.0.28 pkgsrc-2019Q1-base:1.12 pkgsrc-2018Q4:1.12.0.26 pkgsrc-2018Q4-base:1.12 pkgsrc-2018Q3:1.12.0.24 pkgsrc-2018Q3-base:1.12 pkgsrc-2018Q2:1.12.0.22 pkgsrc-2018Q2-base:1.12 pkgsrc-2018Q1:1.12.0.20 pkgsrc-2018Q1-base:1.12 pkgsrc-2017Q4:1.12.0.18 pkgsrc-2017Q4-base:1.12 pkgsrc-2017Q3:1.12.0.16 pkgsrc-2017Q3-base:1.12 pkgsrc-2017Q2:1.12.0.12 pkgsrc-2017Q2-base:1.12 pkgsrc-2017Q1:1.12.0.10 pkgsrc-2017Q1-base:1.12 pkgsrc-2016Q4:1.12.0.8 pkgsrc-2016Q4-base:1.12 pkgsrc-2016Q3:1.12.0.6 pkgsrc-2016Q3-base:1.12 pkgsrc-2016Q2:1.12.0.4 pkgsrc-2016Q2-base:1.12 pkgsrc-2016Q1:1.12.0.2 pkgsrc-2016Q1-base:1.12 pkgsrc-2015Q4:1.11.0.2 pkgsrc-2015Q4-base:1.11 pkgsrc-2015Q3:1.10.0.8 pkgsrc-2015Q3-base:1.10 pkgsrc-2015Q2:1.10.0.6 pkgsrc-2015Q2-base:1.10 pkgsrc-2015Q1:1.10.0.4 pkgsrc-2015Q1-base:1.10 pkgsrc-2014Q4:1.10.0.2 pkgsrc-2014Q4-base:1.10 pkgsrc-2014Q3:1.9.0.18 pkgsrc-2014Q3-base:1.9 pkgsrc-2014Q2:1.9.0.16 pkgsrc-2014Q2-base:1.9 pkgsrc-2014Q1:1.9.0.14 pkgsrc-2014Q1-base:1.9 pkgsrc-2013Q4:1.9.0.12 pkgsrc-2013Q4-base:1.9 pkgsrc-2013Q3:1.9.0.10 pkgsrc-2013Q3-base:1.9 pkgsrc-2013Q2:1.9.0.8 pkgsrc-2013Q2-base:1.9 pkgsrc-2013Q1:1.9.0.6 pkgsrc-2013Q1-base:1.9 pkgsrc-2012Q4:1.9.0.4 pkgsrc-2012Q4-base:1.9 pkgsrc-2012Q3:1.9.0.2 pkgsrc-2012Q3-base:1.9 pkgsrc-2012Q2:1.6.0.38 pkgsrc-2012Q2-base:1.6 pkgsrc-2012Q1:1.6.0.36 pkgsrc-2012Q1-base:1.6 pkgsrc-2011Q4:1.6.0.34 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q3:1.6.0.32 pkgsrc-2011Q3-base:1.6 pkgsrc-2011Q2:1.6.0.30 pkgsrc-2011Q2-base:1.6 pkgsrc-2011Q1:1.6.0.28 pkgsrc-2011Q1-base:1.6 pkgsrc-2010Q4:1.6.0.26 pkgsrc-2010Q4-base:1.6 pkgsrc-2010Q3:1.6.0.24 pkgsrc-2010Q3-base:1.6 pkgsrc-2010Q2:1.6.0.22 pkgsrc-2010Q2-base:1.6 pkgsrc-2010Q1:1.6.0.20 pkgsrc-2010Q1-base:1.6 pkgsrc-2009Q4:1.6.0.18 pkgsrc-2009Q4-base:1.6 pkgsrc-2009Q3:1.6.0.16 pkgsrc-2009Q3-base:1.6 pkgsrc-2009Q2:1.6.0.14 pkgsrc-2009Q2-base:1.6 pkgsrc-2009Q1:1.6.0.12 pkgsrc-2009Q1-base:1.6 pkgsrc-2008Q4:1.6.0.10 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.8 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.6 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.4 pkgsrc-2008Q2-base:1.6 cwrapper:1.6.0.2 pkgsrc-2008Q1:1.5.0.6 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.4 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.2 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.4.0.12 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.10 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.8 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.6 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.4 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.2 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.3.0.4 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.2 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.1.1.1.0.2 pkgsrc-2005Q2-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.15 date 2023.01.04.18.46.09; author vins; state Exp; branches; next 1.14; commitid cfgWUHCo3Z7JTf8E; 1.14 date 2021.10.26.10.05.19; author nia; state Exp; branches; next 1.13; commitid NSG51tx5OFzLZieD; 1.13 date 2021.10.07.13.23.27; author nia; state Exp; branches; next 1.12; commitid 8H0x5mNEoqMOHSbD; 1.12 date 2016.03.09.18.04.17; author gdt; state Exp; branches; next 1.11; commitid sHPxCFMTdDBKLZXy; 1.11 date 2015.11.03.01.20.21; author agc; state Exp; branches 1.11.2.1; next 1.10; commitid 5WE43j4sc9g1iAHy; 1.10 date 2014.10.21.11.46.31; author gdt; state Exp; branches; next 1.9; commitid mAbhtauQgn5kU3Vx; 1.9 date 2012.09.06.00.23.18; author gdt; state Exp; branches; next 1.8; 1.8 date 2012.08.14.22.08.09; author gdt; state Exp; branches; next 1.7; 1.7 date 2012.08.09.10.06.47; author drochner; state Exp; branches; next 1.6; 1.6 date 2008.06.17.13.58.08; author gdt; state Exp; branches; next 1.5; 1.5 date 2007.08.02.11.26.29; author gdt; state Exp; branches; next 1.4; 1.4 date 2006.02.13.14.44.31; author salo; state Exp; branches; next 1.3; 1.3 date 2005.07.30.21.30.53; author rillig; state Exp; branches; next 1.2; 1.2 date 2005.07.27.19.17.35; author gdt; state Exp; branches; next 1.1; 1.1 date 2005.03.24.21.24.12; author nathanw; state Exp; branches 1.1.1.1; next ; 1.11.2.1 date 2016.03.22.19.04.34; author bsiegert; state Exp; branches; next ; commitid GMiRLoREEJnwGFZy; 1.1.1.1 date 2005.03.24.21.24.12; author nathanw; state Exp; branches; next ; desc @@ 1.15 log @chat/libotr: fix build. @ text @$NetBSD: distinfo,v 1.14 2021/10/26 10:05:19 nia Exp $ BLAKE2s (libotr-4.1.1.tar.gz) = c0da7ccb7e5c28d02d6295668b63f3551e9dd840662f8f0e91e70bf9b0a4e483 SHA512 (libotr-4.1.1.tar.gz) = c957206235b9f627542f23a645c822ea1b318d83fa655f41ed8d9a3c0dddf30b88f0ca82060026af155e48ecb13969dc9270831f20304669794151f666ae5cb0 Size (libotr-4.1.1.tar.gz) = 655791 bytes SHA1 (patch-client.c) = 3effb1ec33c3ef91c34b4e72437371a2743f3f44 @ 1.14 log @chat: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2021/10/07 13:23:27 nia Exp $ d6 1 @ 1.13 log @chat: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2016/03/09 18:04:17 gdt Exp $ d3 1 a3 1 RMD160 (libotr-4.1.1.tar.gz) = 528c5ad4ba89f3225bebf5b5ecadf815239fed88 @ 1.12 log @Update to 4.1.1. This is a security release addressing CVE-2016-2851. - Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms - Fix possible free() of an uninitialized pointer - Be stricter about parsing v3 fragments - Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll - Fix a memory leak when reading a malformed instance tag file - Protocol documentation clarifications @ text @d1 1 a1 1 $NetBSD$ a2 1 SHA1 (libotr-4.1.1.tar.gz) = 3894b82a6c307ad011681ad342d69b18344933ae @ 1.11 log @Add SHA512 digests for distfiles for chat category Problems found with existing distfiles: distfiles/icb-5.0.9.tar.gz distfiles/icb.2.1.4.tar.Z distfiles/zenicb-19981202.tar.gz No changes made to these /distinfo files. Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2014/10/21 11:46:31 gdt Exp $ d3 4 a6 4 SHA1 (libotr-4.1.0.tar.gz) = df30bc87a7a8f37678dd679d17fa1f9638ea247e RMD160 (libotr-4.1.0.tar.gz) = addbde1d9b4f423025ee14481961c580fbe6b9e6 SHA512 (libotr-4.1.0.tar.gz) = 3c6a6bf8ee64467484519187d1bc86001d5ae6ceb169e9c828f7750a1db3dadfef677b828a5d292e5caa12f874711df4fd2db977d48dc968e9f0edc2eab58e3e Size (libotr-4.1.0.tar.gz) = 576771 bytes @ 1.11.2.1 log @Pullup ticket #4954 - requested by gdt chat/libotr: security fix Revisions pulled up: - chat/libotr/Makefile 1.18 - chat/libotr/distinfo 1.12 --- Module Name: pkgsrc Committed By: gdt Date: Wed Mar 9 18:04:17 UTC 2016 Modified Files: pkgsrc/chat/libotr: Makefile distinfo Log Message: Update to 4.1.1. This is a security release addressing CVE-2016-2851. - Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms - Fix possible free() of an uninitialized pointer - Be stricter about parsing v3 fragments - Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll - Fix a memory leak when reading a malformed instance tag file - Protocol documentation clarifications @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (libotr-4.1.1.tar.gz) = 3894b82a6c307ad011681ad342d69b18344933ae RMD160 (libotr-4.1.1.tar.gz) = 528c5ad4ba89f3225bebf5b5ecadf815239fed88 SHA512 (libotr-4.1.1.tar.gz) = c957206235b9f627542f23a645c822ea1b318d83fa655f41ed8d9a3c0dddf30b88f0ca82060026af155e48ecb13969dc9270831f20304669794151f666ae5cb0 Size (libotr-4.1.1.tar.gz) = 655791 bytes @ 1.10 log @Update to 4.1.0. 21 Oct 2014: - Release 4.1.0 - Modernized autoconf build system - Use constant-time comparisons where needed - Use gcrypt secure memory allocation - Correctly reject attempts to fragment a message into too many pieces - Fix a missing opdata when sending message fragments - Don't lose the first user message when REQUIRE_ENCRYPTION is set - Fix some memory leaks - Correctly check for children contexts' state when forgetting a context - API Changes: - Added API functions otrl_context_find_recent_instance and otrl_context_find_recent_secure_instance. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2012/09/06 00:23:18 gdt Exp $ d5 1 @ 1.9 log @Update to 4.0.0. Note that while the protocol is compatible, the API is not, and hence there will be a pidgin-otr update within minutes. There is an apparent gcc 4.1.3 -O2/SSP bug, which is avoided by disabling SSP in libotr (which libotr finds and turns on). This is temporary pending more fine-grained control and/or a fix. Update to libotr 4.0.0. Note that libotr 4.x is API-incompatible with libotr 3.x; upstream thinks this is ok, so pkgsrc won't try to work around it. 24 Aug 2012: - Release 4.0.0 - Support v3 of the OTR protocol - The main new feature: sensibly handle the case where a user is logged in multiple times to the same IM account - API changes: - instance tags, to support multiple simultaneous logins - support for asynchronous private key generation - the ability to provide an "extra" symmetric key to applications (with forward secrecy) - applications can supply a formation conversion callback if they do not natively use XHTML-style UTF8 markup - error messages formerly provided by libotr are now handled using callbacks to the application, for better i18n support - otrl_message_sending now handles message fragmentation internally @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2012/08/14 22:08:09 gdt Exp $ d3 3 a5 3 SHA1 (libotr-4.0.0.tar.gz) = 8865e9011b8674290837afcf7caf90c492ae09cc RMD160 (libotr-4.0.0.tar.gz) = 802147fa58437b7c971f0c62ea7781e783672e97 Size (libotr-4.0.0.tar.gz) = 441441 bytes @ 1.8 log @Update to 3.2.1. (This is a security release, but pkgsrc already had patches from upstream.) This version corrects two heap overflows reported by our users: - A small write overflow, reported by Justin Ferguson - A large read overflow, reported by Ben Hawkes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2012/08/09 10:06:47 drochner Exp $ d3 3 a5 3 SHA1 (libotr-3.2.1.tar.gz) = 898bf00d019f49ca34cd0116dd2e22685c67c394 RMD160 (libotr-3.2.1.tar.gz) = 07deab0a7f63680e44c3a631666b9b4a21bd66cf Size (libotr-3.2.1.tar.gz) = 414684 bytes @ 1.7 log @att patches from upstream to fix buffer overflow in the base64 decoder which can lead to crashes or potentially code injection (CVE-2012-3461) bump PKGREV @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2008/06/17 13:58:08 gdt Exp $ d3 3 a5 7 SHA1 (libotr-3.2.0.tar.gz) = e5e10b8ddaf59b0ada6046d156d0431cd2790db9 RMD160 (libotr-3.2.0.tar.gz) = 937f512415eb3b82d5730b1aafbe5d55f4f153da Size (libotr-3.2.0.tar.gz) = 430299 bytes SHA1 (patch-CVE-2012-3461-aa) = f1faa1e43da256d44194817aeb59b3e92ddaffb2 SHA1 (patch-CVE-2012-3461-ab) = 2827193d1cd440700f09cd7312ec9954a81aea11 SHA1 (patch-CVE-2012-3461-ac) = abbecb337f3a7109b4a41debb2109528c64e22a0 SHA1 (patch-CVE-2012-3461-ad) = 13edba7d8f16fc122ce2fd4fb2579e7e70056d5a @ 1.6 log @Update to 3.2.0. - Added support for one-way authentication using an explicit question, based on the SOUPS 2008 user study. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2007/08/02 11:26:29 gdt Exp $ d6 4 @ 1.5 log @Update to 3.1.0. Override libtool; otherwise the distfile libtool inexplicably gets the wrong shlib version. Changes since 3.0.0: - Added fragmentation support for large messages - Added new method for buddy authentication which does not require the (explicit) use of fingerprints. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2006/02/13 14:44:31 salo Exp $ d3 3 a5 3 SHA1 (libotr-3.1.0.tar.gz) = bf8b8e9ab6f76daf08380eb732ac02c8da4050d8 RMD160 (libotr-3.1.0.tar.gz) = 8a0e1a4f84aa2b50773eddaf6b7461536842682a Size (libotr-3.1.0.tar.gz) = 428444 bytes @ 1.4 log @Update to version 3.0.0 From Jason White, via PR pkg/32451 Changes: - Support for OTR protocol version 2; will still interoperate with version 1 clients (though with a warning to the user), fixes identity-binding flaw http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2005/07/30 21:30:53 rillig Exp $ d3 3 a5 3 SHA1 (libotr-3.0.0.tar.gz) = 5835acdf80549d1895a842245f99c559b5b9d6cd RMD160 (libotr-3.0.0.tar.gz) = 04574a468d096b23ad63ee026498ebe6b2a23ca1 Size (libotr-3.0.0.tar.gz) = 392431 bytes @ 1.3 log @Added a patch to fix void* arithmetic. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2005/07/27 19:17:35 gdt Exp $ d3 3 a5 4 SHA1 (libotr-2.0.2.tar.gz) = da8c0ce6bf23e65c094f003b8654f96be9c81b1b RMD160 (libotr-2.0.2.tar.gz) = 8f35c5ac0ce5743bca075eb517119a85fce5351d Size (libotr-2.0.2.tar.gz) = 368896 bytes SHA1 (patch-aa) = 5bd53e9eb7eeec29940debf63a0851c9197a5687 @ 1.2 log @update to 2.0.2: * src/privkey.c (otrl_privkey_hash_to_human): Avoid writing a NUL one byte past the end of the buffer @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2005/03/24 21:24:12 nathanw Exp $ d6 1 @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (libotr-2.0.1.tar.gz) = 92c7c3452ea5d5acf31807b734e93fafcbb0d6eb RMD160 (libotr-2.0.1.tar.gz) = e32a75db355fef01705865d298a82a5f93b1634e Size (libotr-2.0.1.tar.gz) = 370863 bytes @ 1.1.1.1 log @Initial import of libotr-2.0.1. This is the portable OTR Messaging Library, as well as the toolkit to help you forge messages. Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: Encryption No one else can read your instant messages. Authentication You are assured the correspondent is who you think it is. Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised. @ text @@