diff options
| author | tijl <tijl@FreeBSD.org> | 2016-03-27 22:57:59 +0800 |
|---|---|---|
| committer | tijl <tijl@FreeBSD.org> | 2016-03-27 22:57:59 +0800 |
| commit | 15fde8d043c6a14c4c0afdc5b4202bd64ec72d0d (patch) | |
| tree | 95ab4f85bf7bf8cb530a6cecc47ac36a30dcab4b /sysutils/heartbeat | |
| parent | a26520fa167c589a0112b75f59be7ad0d3255855 (diff) | |
| download | freebsd-ports-gnome-15fde8d043c6a14c4c0afdc5b4202bd64ec72d0d.tar.gz freebsd-ports-gnome-15fde8d043c6a14c4c0afdc5b4202bd64ec72d0d.tar.zst freebsd-ports-gnome-15fde8d043c6a14c4c0afdc5b4202bd64ec72d0d.zip | |
- Update security/gnutls to 3.4.10.
- Rename the LIBDANE option DANE because that's the name of the protocol
supported by libgnutls-dane and gnutls-cli. Also clarify the option
description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4. Some ports used this library
in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed. Ports that used these have been
updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.
net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.
www/hydra: Mark BROKEN. This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.
PR: 207768
Exp-run by: antoine
Approved by: portmgr (antoine)
Diffstat (limited to 'sysutils/heartbeat')
5 files changed, 92 insertions, 8 deletions
diff --git a/sysutils/heartbeat/Makefile b/sysutils/heartbeat/Makefile index 3985711fe331..cf8db3741e08 100644 --- a/sysutils/heartbeat/Makefile +++ b/sysutils/heartbeat/Makefile @@ -3,7 +3,7 @@ PORTNAME= heartbeat PORTVERSION= 2.1.4 -PORTREVISION= 26 +PORTREVISION= 27 CATEGORIES= sysutils #MASTER_SITES= http://hg.linux-ha.org/lha-2.1/archive/STABLE-2.1.4.tar.bz2 MASTER_SITES= LOCAL/kuriyama/heartbeat diff --git a/sysutils/heartbeat/files/patch-crm-cib-remote.c b/sysutils/heartbeat/files/patch-crm-cib-remote.c new file mode 100644 index 000000000000..641029ba997d --- /dev/null +++ b/sysutils/heartbeat/files/patch-crm-cib-remote.c @@ -0,0 +1,26 @@ +--- crm/cib/remote.c.orig 2008-08-18 12:32:19 UTC ++++ crm/cib/remote.c +@@ -45,13 +45,6 @@ void cib_send_remote_msg(void *session, + + #ifdef HAVE_GNUTLS_GNUTLS_H + # define DH_BITS 1024 +-const int tls_kx_order[] = { +- GNUTLS_KX_ANON_DH, +- GNUTLS_KX_DHE_RSA, +- GNUTLS_KX_DHE_DSS, +- GNUTLS_KX_RSA, +- 0 +-}; + gnutls_dh_params dh_params; + gnutls_anon_server_credentials anon_cred; + char *cib_send_tls(gnutls_session *session, HA_Message *msg); +@@ -83,8 +76,7 @@ create_tls_session(int csock) + session = (gnutls_session*)gnutls_malloc(sizeof(gnutls_session)); + + gnutls_init(session, GNUTLS_SERVER); +- gnutls_set_default_priority(*session); +- gnutls_kx_set_priority (*session, tls_kx_order); ++ gnutls_priority_set_direct (*session, "NORMAL:-KX-ALL:+ANON-DH:+DHE-RSA:+DHE-DSS:+RSA", NULL); + gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anon_cred); + gnutls_transport_set_ptr(*session, + (gnutls_transport_ptr) GINT_TO_POINTER(csock)); diff --git a/sysutils/heartbeat/files/patch-lib-mgmt-mgmt_tls_lib.c b/sysutils/heartbeat/files/patch-lib-mgmt-mgmt_tls_lib.c new file mode 100644 index 000000000000..691fff34c276 --- /dev/null +++ b/sysutils/heartbeat/files/patch-lib-mgmt-mgmt_tls_lib.c @@ -0,0 +1,34 @@ +--- lib/mgmt/mgmt_tls_lib.c.orig 2008-08-18 12:32:19 UTC ++++ lib/mgmt/mgmt_tls_lib.c +@@ -38,11 +38,6 @@ static gnutls_dh_params dh_params; + gnutls_anon_server_credentials anoncred_server; + gnutls_anon_client_credentials anoncred_client; + +-const int kx_prio[] = +-{ +- GNUTLS_KX_ANON_DH, +- 0 +-}; + + int + tls_init_client(void) +@@ -58,8 +53,7 @@ tls_attach_client(int sock) + int ret; + gnutls_session* session = (gnutls_session*)gnutls_malloc(sizeof(gnutls_session)); + gnutls_init(session, GNUTLS_CLIENT); +- gnutls_set_default_priority(*session); +- gnutls_kx_set_priority (*session, kx_prio); ++ gnutls_priority_set_direct(*session, "NORMAL:-KX-ALL:+ANON-DH", NULL); + gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anoncred_client); + gnutls_transport_set_ptr(*session, (gnutls_transport_ptr) GINT_TO_POINTER(sock)); + ret = gnutls_handshake(*session); +@@ -131,8 +125,7 @@ tls_attach_server(int sock) + int ret; + gnutls_session* session = (gnutls_session*)gnutls_malloc(sizeof(gnutls_session)); + gnutls_init(session, GNUTLS_SERVER); +- gnutls_set_default_priority(*session); +- gnutls_kx_set_priority (*session, kx_prio); ++ gnutls_priority_set_direct(*session, "NORMAL:-KX-ALL:+ANON-DH", NULL); + gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anoncred_server); + gnutls_dh_set_prime_bits(*session, DH_BITS); + gnutls_transport_set_ptr(*session, (gnutls_transport_ptr) GINT_TO_POINTER(sock)); diff --git a/sysutils/heartbeat/files/patch-lib__plugins__quorum__quorumd.c b/sysutils/heartbeat/files/patch-lib__plugins__quorum__quorumd.c index d16768cba841..3c57e2e0d01f 100644 --- a/sysutils/heartbeat/files/patch-lib__plugins__quorum__quorumd.c +++ b/sysutils/heartbeat/files/patch-lib__plugins__quorum__quorumd.c @@ -1,9 +1,21 @@ ---- lib/plugins/quorum/quorumd.c.orig +--- lib/plugins/quorum/quorumd.c.orig 2008-08-18 12:32:19 UTC +++ lib/plugins/quorum/quorumd.c -@@ -353,15 +353,28 @@ +@@ -327,11 +327,9 @@ initialize_tls_session (int sd) + { + int ret; + gnutls_session session; +- const int cert_type_priority[2] = { GNUTLS_CRT_X509,0}; + + gnutls_init (&session, GNUTLS_CLIENT); + gnutls_set_default_priority (session); +- gnutls_certificate_type_set_priority (session, cert_type_priority); + gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_transport_set_ptr (session, (gnutls_transport_ptr) GINT_TO_POINTER(sd)); + ret = gnutls_handshake (session); +@@ -353,15 +351,28 @@ verify_certificate (gnutls_session sessi unsigned int cert_list_size; const gnutls_datum *cert_list; - int ret; + int ret; + int status; gnutls_x509_crt cert; diff --git a/sysutils/heartbeat/files/patch-membership__quorumd__quorumdtest.c b/sysutils/heartbeat/files/patch-membership__quorumd__quorumdtest.c index ddbc2cce3565..017600ef4e44 100644 --- a/sysutils/heartbeat/files/patch-membership__quorumd__quorumdtest.c +++ b/sysutils/heartbeat/files/patch-membership__quorumd__quorumdtest.c @@ -1,9 +1,21 @@ ---- membership/quorumd/quorumdtest.c.orig +--- membership/quorumd/quorumdtest.c.orig 2008-08-18 12:32:19 UTC +++ membership/quorumd/quorumdtest.c -@@ -162,16 +162,16 @@ +@@ -136,11 +136,9 @@ initialize_tls_session (int sd) + { + int ret; + gnutls_session session; +- const int cert_type_priority[2] = { GNUTLS_CRT_X509,0}; + + gnutls_init (&session, GNUTLS_CLIENT); + gnutls_set_default_priority (session); +- gnutls_certificate_type_set_priority (session, cert_type_priority); + gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_transport_set_ptr (session, (gnutls_transport_ptr) GINT_TO_POINTER(sd)); + ret = gnutls_handshake (session); +@@ -162,16 +160,16 @@ verify_certificate (gnutls_session sessi unsigned int cert_list_size; const gnutls_datum *cert_list; - int ret; + int ret; + int status; gnutls_x509_crt cert; @@ -19,7 +31,7 @@ if (status & GNUTLS_CERT_INVALID) { printf("The certificate is not trusted.\n"); return -1; -@@ -184,7 +184,6 @@ +@@ -184,7 +182,6 @@ verify_certificate (gnutls_session sessi printf("The certificate has been revoked.\n"); return -1; } |