head 1.9; access; symbols pkgsrc-2023Q4:1.9.0.10 pkgsrc-2023Q4-base:1.9 pkgsrc-2023Q3:1.9.0.8 pkgsrc-2023Q3-base:1.9 pkgsrc-2023Q2:1.9.0.6 pkgsrc-2023Q2-base:1.9 pkgsrc-2023Q1:1.9.0.4 pkgsrc-2023Q1-base:1.9 pkgsrc-2022Q4:1.9.0.2 pkgsrc-2022Q4-base:1.9 pkgsrc-2022Q3:1.8.0.8 pkgsrc-2022Q3-base:1.8 pkgsrc-2022Q2:1.8.0.6 pkgsrc-2022Q2-base:1.8 pkgsrc-2022Q1:1.8.0.4 pkgsrc-2022Q1-base:1.8 pkgsrc-2021Q4:1.8.0.2 pkgsrc-2021Q4-base:1.8 pkgsrc-2021Q3:1.6.0.48 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.46 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.6.0.44 pkgsrc-2021Q1-base:1.6 pkgsrc-2020Q4:1.6.0.42 pkgsrc-2020Q4-base:1.6 pkgsrc-2020Q3:1.6.0.40 pkgsrc-2020Q3-base:1.6 pkgsrc-2020Q2:1.6.0.36 pkgsrc-2020Q2-base:1.6 pkgsrc-2020Q1:1.6.0.16 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.6.0.38 pkgsrc-2019Q4-base:1.6 pkgsrc-2019Q3:1.6.0.34 pkgsrc-2019Q3-base:1.6 pkgsrc-2019Q2:1.6.0.32 pkgsrc-2019Q2-base:1.6 pkgsrc-2019Q1:1.6.0.30 pkgsrc-2019Q1-base:1.6 pkgsrc-2018Q4:1.6.0.28 pkgsrc-2018Q4-base:1.6 pkgsrc-2018Q3:1.6.0.26 pkgsrc-2018Q3-base:1.6 pkgsrc-2018Q2:1.6.0.24 pkgsrc-2018Q2-base:1.6 pkgsrc-2018Q1:1.6.0.22 pkgsrc-2018Q1-base:1.6 pkgsrc-2017Q4:1.6.0.20 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.6.0.18 pkgsrc-2017Q3-base:1.6 pkgsrc-2017Q2:1.6.0.14 pkgsrc-2017Q2-base:1.6 pkgsrc-2017Q1:1.6.0.12 pkgsrc-2017Q1-base:1.6 pkgsrc-2016Q4:1.6.0.10 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q3:1.6.0.8 pkgsrc-2016Q3-base:1.6 pkgsrc-2016Q2:1.6.0.6 pkgsrc-2016Q2-base:1.6 pkgsrc-2016Q1:1.6.0.4 pkgsrc-2016Q1-base:1.6 pkgsrc-2015Q4:1.6.0.2 pkgsrc-2015Q4-base:1.6 pkgsrc-2015Q3:1.5.0.4 pkgsrc-2015Q3-base:1.5 pkgsrc-2015Q2:1.5.0.2 pkgsrc-2015Q2-base:1.5 pkgsrc-2015Q1:1.4.0.8 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.6 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.4 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.2 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.3.0.2 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.2.0.6 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.4 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.2 pkgsrc-2013Q2-base:1.2; locks; strict; comment @# @; 1.9 date 2022.10.21.16.10.37; author nros; state Exp; branches; next 1.8; commitid PzQgFmodOaEUrBYD; 1.8 date 2021.10.26.11.05.57; author nia; state Exp; branches; next 1.7; commitid G83yJyZF8er6kjeD; 1.7 date 2021.10.07.14.41.47; author nia; state Exp; branches; next 1.6; commitid EMvsIaZgYm1t8TbD; 1.6 date 2015.11.04.00.35.10; author agc; state Exp; branches; next 1.5; commitid K5R8pkzReRJy0IHy; 1.5 date 2015.04.18.03.36.23; author rodent; state Exp; branches; next 1.4; commitid XO0WOZACmV5Yq1iy; 1.4 date 2014.04.07.04.11.22; author rodent; state Exp; branches; next 1.3; commitid cIuUfb0GPqkUIHvx; 1.3 date 2014.01.10.02.58.51; author rodent; state Exp; branches; next 1.2; commitid H2NZGuxySsks6wkx; 1.2 date 2013.06.27.01.40.45; author rodent; state Exp; branches; next 1.1; commitid zINhjAWPqeuc1cVw; 1.1 date 2013.04.17.00.55.35; author rodent; state Exp; branches; next ; desc @@ 1.9 log @Update libzrtpcpp to version 4.7.0 Pkgsrc changes: Github and pkglint fixes. Changes from NEWS: ## GNU ZRTP 4.6.6 ## Small fix in zrtp/crypto/zrtpDh.cpp to fix a small memory leak. ## GNU ZRTP 4.6.5 ## Cleanup compiler flags, reduce visibility for Android build, check some buffer length. No functional enhancements, no changes in API. ## GNU ZRTP 4.6.4 ## Some fixes to slience Windows C/C++ compiler, fix a few include statements when using openSSL, small fixes to check disclosure flag. Reset valid flags when adding a new cache record to avoid wrong security message. ## GNU ZRTP 4.6.3 ## A small fix inside the ZRTP main module to ignore malformed DH1 packets and avoid an NULL pointer access. ## GNU ZRTP 4.6.2 ## A small fix in the ZrtpCWrapper to fix an issue within 4.6.1 ;-) ## GNU ZRTP 4.6.1 ## A small fix in the ZrtpCWrapper to initialize and use the ZRTP master instance in case of multi-stream usage. Does not affect the main ZRTP usage, only projects that use the wrapper such as PJSIP or Gstreamer projects. These project should re-compile if they use the multi-stream feature. ## GNU ZRTP 4.6.0 ## Only a small add-on to the code to implement handling of the disclosure flag. See RFC6189, chapter 11 for more details about the disclosure flag. Because the API changed, thus it's necessary to recompile applications that use the new library version. ## GNU ZRTP 4.5.0 ## Added a new SAS algorithm 'B32E' that uses 32 Unicode Emoji code points instead of 32 ASCII characters. Application that are able to display Emojis may use this new SAS algorithm to display nice Emojis instead of 'boring' ASCII letters and digits. Some technical details: * the 32 selected emojis are easily distinguishable, known to everyone, not offending etc, and use standard Unicode code points * select colored emojis that look good on white and on black backgrounds (most emojis look good on white only) * select emojis that are available on iOS, Android, Mac OS X (Windows not checked) * the resulting SAS string is UTF-8 encoded, suitable for most platforms except Java. To use the codes for Java the application needs to translate the UTF-8 encoding into UTF-16 encoding. Because most of the emojis are Unicode supplementary characters the UTF-8 to UTF-16 conversion must generate the necessary UTF-16 surrogate pairs. To support the UTF-8 / UTF-16 conversion the common directory contains conversion functions that I extracted from ICU C/C++ library source. Because the API changed, thus it's necessary to recompile applications that use the new library version. @ text @$NetBSD: distinfo,v 1.8 2021/10/26 11:05:57 nia Exp $ BLAKE2s (libzrtpcpp-4.7.0.tar.gz) = 5c3d4fb9aed62b3a368aeed5ace6fa8c047177b68979e42dbde4c2a619186bc7 SHA512 (libzrtpcpp-4.7.0.tar.gz) = 7ea7458edf06944c5248973ece871af7a44319935fb7e761ffee256c83ca6feeb887c108ed7193563a7cd2be29b79657e659c69c46bc3a27b94b4eb4c664fac4 Size (libzrtpcpp-4.7.0.tar.gz) = 2235691 bytes SHA1 (patch-CMakeLists.txt) = 96540d42cd0ff7cbf837d337fb62a0ca0deccdc2 SHA1 (patch-cryptcommon_ZrtpRandom.h) = e0724c674ce528afd1803585268ce92be0488101 @ 1.8 log @ net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2021/10/07 14:41:47 nia Exp $ d3 5 a7 4 BLAKE2s (libzrtpcpp/V4.4.0.tar.gz) = 6be8b9adacc5b69a7d1d8f93e875c0cd55d995165e512bcebfddea52c2b1af5f SHA512 (libzrtpcpp/V4.4.0.tar.gz) = 56cc44cf05a505b6d62043f4ee621bc00fd38d1b0f27f9d21ed6169aae3d08f948cf2af91f8a094f24db82080fc9c553aa50c34d06926b68cd767f258454c204 Size (libzrtpcpp/V4.4.0.tar.gz) = 1933037 bytes SHA1 (patch-CMakeLists.txt) = 1c56d64b67a381cda790bbdab3892f3be408231f @ 1.7 log @net: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2015/11/04 00:35:10 agc Exp $ d3 1 a3 1 RMD160 (libzrtpcpp/V4.4.0.tar.gz) = 7018a4507aaa67debb52d54a428750e9f9e01eef @ 1.6 log @Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2015/04/18 03:36:23 rodent Exp $ a2 1 SHA1 (libzrtpcpp/V4.4.0.tar.gz) = edbd5484f476439dff3692aed85680173bb78d65 @ 1.5 log @Add sqlite3 PKG_OPTION. USE_CMAKE instead of autotools. Update openssl dependency. Bump BUILDLINK_A{B,P}I* in buildlink3.mk due to API changes. From NEWS: == GNU ZRTP 4.4.0 == Changes the handling of HMAC and Hash contexts to avoild tool many malloc/free calls and thus memory pointer problems. Enhance the handling an check the nonce when using multi-stream mode. This required a modification to the class file and some modifications on the API. The old functions are now deprecated but still usable. Nevertheless you should change your application to use the new fuctions which support the new nonce handling and checks. Some bug fixing as well. == GNU ZRTP 4.3.1 == This is a bugfix release. It fixes several compiler issues in iOS8 Clang, Mircosoft C++ compiler (VS 2012) etc. This release also adds a fix to address a possible problem when using 'memset(...)' on a memory area immediately followed by a 'free(...)' call to free this memory area. Some compilers may otpimize the code and do not call 'memset(...)'. That's bad for software that deals with secure keys :-) . The fix removes this possible vulnerability. == GNU ZRTP 4.3.0 == This version adds some new API that provide to set retry timer values and to get some retry counters. Application may now set some values of the retry counters during the discovery (Hello) and the negotiation phase. Applications may increase the number of retries or modify the capping to support slow or bad networks. To get some idea about the actual number of retries during ZRTP negotiation an application may now use the new API to get an array of counters. The ZRTP state engine records how many retries occured during the different protocol states. Note: only the ZRTP initiator performs packet retries after the discovery (Hello) phase. The responder would always return zero alues for the other retry counters. Because we have a new set of functions the API changed, thus it's necessary to recompile applications that use the new library version. == GNU ZRTP 4.2.4 == Only small changes to enable Android X86 (see clients/tivi/android) as an example. Rename functions aes_init() to aes_init_zrtp() to avoid names clashes with other libreries that may include own AES modules. == GNU ZRTP 4.2.3 == The optional SAS relay feature (refer to RFC6189, chapter 7.3) is not longer compiled by default. If your project needs this support then modify the CMakeLists.txt file and uncomment a 'add_definition' statments. See comment in the CMakelists.txt file. The reasons to disable this optional feature in the default build: it's rarely used and some concerns about misusing this feature. == GNU ZRTP 4.2.2 == A small enhancement in SRTP handling to provide a longer bit-shift register with 128 bits. The replay now check accepts packets which are up to 127 sequence number behing the current packet. The upper layer (codecs) gets more packets on slower/bad networks that we may see on mobile 3G/4G connections. If the codecs do not remove silence then this may lead to some longer audio replay, similar to sattelite communication. == GNU ZRTP 4.2.1 == Bug fixes in the SRTP part that checks for replay and updates the ROC. The wrong computations lead to false replay indications and to wrong HMAC, thus they dropped to much packets, in particular under bad network conditions. Changed the handling the the zrtp_getSasType function the the ZrtpCWrapper. Please check the inline documentation and the compiler warning how to use the return value of the function. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2014/04/07 04:11:22 rodent Exp $ d5 1 @ 1.4 log @Updated to latest release, 4.2.0. Shared library name change. From NEWS: Implemented a new function to read the ZID file if the ZID file backend is SQlite3. This is not a security problem because the ZRTP cache was always public and readable, refer to RFC6189. SQL statement returns all ZID records, sorted by date, newest on top. The function can then step thru the DB cursor and read the records. The version also include sevral fixes, usually compiler warnings, some small problems reported by 'cppcheck' analyser. Because we have a new set of functions the API changed, thus it's necessary to recompile applications that use the new library version. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2014/01/10 02:58:51 rodent Exp $ d3 4 a6 4 SHA1 (libzrtpcpp/V4.2.0.tar.gz) = fdba0ac3a849279ece82fe7e78172f3709bde6a8 RMD160 (libzrtpcpp/V4.2.0.tar.gz) = a48238527518078a08e5d733dddac619ce46d1c0 Size (libzrtpcpp/V4.2.0.tar.gz) = 1922243 bytes SHA1 (patch-CMakeLists.txt) = 4635e03e618872e75c2081e8247b77cff1d0d339 @ 1.3 log @Updated to latest release, 4.1.2. Resolves: http://secunia.com/advisories/53818/ From NEWS: == GNU ZRTP 4.1.1 == Is a bug fix release that fixes some problems when building a standalone version of the library, i.e. with embedded crypto algorithms and not using on openSSL. Another fix was necessary for NetBSD thread handling. == GNU ZRTP 4.1.0 == Small enhancements when dealing with non-NIST algorithms. An application may set a ''algorithm selection policy'' to control the selection behaviour. In addition the the standrad selection policy (as per RFC6189) this version provides a _non-NIST_ selection policy: if the selected public key algorithm is a non-NIST ECC algorithm then the other selection functions prefer non-NIST HASH algorithms (Skein etc). == GNU ZRTP 4.0.0 == For this version I added some new algorithms for the DH key agreement and the Skein Hash for ZRTP. Not further functional enhancments. Added a new (old) build parameter -DCORE_LIB that will build a ZRTP core library. This was available in V2.3 but I somehow lost this for 3.0 You may add other build parameters, such as SQLITE and CRYPTO_STANDALONE if you build the core library. == GNU ZRTP 3.2.0 == The main ZRTP modules contain fixes for three vulnerabilities found by Mark Dowd. Thus we advise application developers to use this version of the library. The vulnerabilities may lead to application crashes during ZRTP negotiation if an attacker sends prepared ZRTP packets. The fixes remove these attack vectors. Some small other enhancements and cleanup, mainly inside client code. Some enhancements in cache handling and the handling of retained shared secrets. This change was proposed by Phil, is a slight security enhacement and is fully backward comaptible. Because of some API changes clients must be compiled and linked with the new library. For details please refer to the Git logs. == GNU ZRTP 3.1.0 == This version adds some new features and code that supports some other client and this accounts for the most changes inside this release. The ZRTP core functionality was not changed as much (bug fixes, cleanup mainly) and remains fully backward compatible with older library versions. However, one nice enhancement was done: the addition of a standalone SDES support module. This module supports basic SDES only without the fancy stuff like many other SDES implementations. Thus it's pretty interoperable. Some other features are: - add some android support for a client, may serve as template for others - documentation and code cleanup Because of some API changes clients must be compiled and linked with the new library. == GNU ZRTP 3.0.0 == This is a major enhancement and restructuring of the overall ZRTP distribution. This was necessary because more and more other clients use ZRTP and add their specific glue code. Also some clients are not prepared to use openSSL or other crypto libraries to their code and distributions. Here a summary of the changes - a new directory layout to accomodate various clients - add standalone crypto modules, for example for AES, to have a real standalone ZRTP/SRTP library that does not require any other crypto library (optional via CMake configuration) - Re-structure ZRTP cache and add SQlite3 as optional storage backend The default settings for CMake build the normal ZRTP library that use openSSL as crypto backend, use the normal file based cache and include the GNU ccRTP modules. This is a librray that is to a large degree compatible with the earlier builds. Please refer to the top level CMakeFile.txt for options how to switch on the standalone crypto mode or the SQlite3 based cache storage. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2013/06/27 01:40:45 rodent Exp $ d3 3 a5 3 SHA1 (V4.1.2.tar.gz) = 4dd9a916437e6a9d82ccc86fb566e40f801f8340 RMD160 (V4.1.2.tar.gz) = 6b51a90a036baf9c965fb22c5aa2d5adf130bd03 Size (V4.1.2.tar.gz) = 1919843 bytes @ 1.2 log @Updated to latest release. No functional differences in pkgsrc files. From ChangeLog: 2.3.3: - fallback to gcrypt if no openssl elliptical support @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2013/04/17 00:55:35 rodent Exp $ d3 4 a6 4 SHA1 (libzrtpcpp-2.3.3.tar.gz) = b1bdf9d54f8170f9bfac396b590608e08cfba1b5 RMD160 (libzrtpcpp-2.3.3.tar.gz) = 1f7bf6734036e6b62b94be530fb7ea299e124728 Size (libzrtpcpp-2.3.3.tar.gz) = 256971 bytes SHA1 (patch-CMakeLists.txt) = 4c47e69e4b1d48748c14268a25e192e7bb1ae953 @ 1.1 log @Import libzrtpcpp-2.3.2 as net/libzrtpcpp. libzrtpcpp, a separate extension package to ccrtp, provides support for the ZRTP protocol (as defined in the Internet draft draft-zimmermann-avt-zrtp). @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (libzrtpcpp-2.3.2.tar.gz) = 75714bf9eb705bb4e430119f5d2527d5dcfa6f26 RMD160 (libzrtpcpp-2.3.2.tar.gz) = 5a30d848b755afe3036e67d7fe881d0ec9c71fd4 Size (libzrtpcpp-2.3.2.tar.gz) = 256951 bytes @