After this port was updated to 3.1.22 to address some vulnerabilities, I found that it wanted to install security/openssl from ports as a dependency. But, installing security/openssl from ports conflicts with other ports on my system, I avoid ports that need this. Plus doesn't it seem strange that gnutls needs openssl? Fix: The default options for dns/unbound, makes it need openssl-1.0+, which has become a required dependency for gnutls3. Even though its a feature auto-activation in the configure script. The inclusion from dns/unbound is to add DNSSEC Verification support to DANE. And, for the '--check' option of danetool3. So, I have made it an option, default to disabled, to not inconvenience people just needing this as an auto pkg. Don't know why the man page for danetool3 is omitted if --disable-libdane is set.
Responsible Changed From-To: freebsd-ports-bugs->bdrewery Over to maintainer (via the GNATS Auto Assign Tool)
Author: bdrewery Date: Wed Apr 2 01:16:02 2014 New Revision: 349899 URL: http://svnweb.freebsd.org/changeset/ports/349899 QAT: https://qat.redports.org/buildarchive/r349899/ Log: - Hide libdane support behind option LIBDANE - Disable by default as it ends up pulling in openssl via unbound, which is odd for gnutls3 to do. PR: ports/188184 Submitted by: Lawrence "The Dreamer" Chen <beastie@tardisi.com> (based on) Discussed with: wg Modified: head/UPDATING head/security/gnutls3/Makefile head/security/gnutls3/pkg-plist Modified: head/UPDATING ============================================================================== --- head/UPDATING Wed Apr 2 00:51:01 2014 (r349898) +++ head/UPDATING Wed Apr 2 01:16:02 2014 (r349899) @@ -5,6 +5,13 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20140401: + AFFECTS: users of security/gnutls3 + AUTHOR: bdrewery@FreeBSD.org + + Libdane support is no longer enabled by default. Rebuild the port with + the LIBDANE option if danetool is desired. + 20140331: AFFECTS: users of print/cups-client and print/cups-image AUTHOR: bsam@FreeBSD.org Modified: head/security/gnutls3/Makefile ============================================================================== --- head/security/gnutls3/Makefile Wed Apr 2 00:51:01 2014 (r349898) +++ head/security/gnutls3/Makefile Wed Apr 2 01:16:02 2014 (r349899) @@ -3,6 +3,7 @@ PORTNAME= gnutls PORTVERSION= 3.1.22 +PORTREVISION= 1 CATEGORIES= security net MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/ PKGNAMESUFFIX= ${GNUTLS_SUFFIX} @@ -15,7 +16,6 @@ LIB_DEPENDS= libgpg-error.so:${PORTSDIR} libnettle.so:${PORTSDIR}/security/nettle \ libp11-kit.so:${PORTSDIR}/security/p11-kit \ libidn.so:${PORTSDIR}/dns/libidn \ - libunbound.so:${PORTSDIR}/dns/unbound \ libtspi.so:${PORTSDIR}/security/trousers GNUTLS_SUFFIX= 3 @@ -42,11 +42,14 @@ DOCSDIR= ${PREFIX}/share/doc/${PORTNAME} EXAMPLESDIR= ${PREFIX}/share/examples/${PORTNAME}${GNUTLS_SUFFIX} INFO_SUBDIR= gnutls${GNUTLS_SUFFIX} -OPTIONS_DEFINE= CXX DOCS EXAMPLES LIBTASN1 +OPTIONS_DEFINE= CXX DOCS EXAMPLES LIBTASN1 LIBDANE OPTIONS_DEFAULT= CXX OPTIONS_SUB= yes LIBTASN1_DESC= Use libtasn1 from ports +LIBDANE_DESC= DNSSEC support for DANE (danetool3 --check) +LIBDANE_LIB_DEPENDS= libunbound.so:${PORTSDIR}/dns/unbound +LIBDANE_CONFIGURE_OFF= --disable-libdane CXX_CONFIGURE_ENABLE= cxx Modified: head/security/gnutls3/pkg-plist ============================================================================== --- head/security/gnutls3/pkg-plist Wed Apr 2 00:51:01 2014 (r349898) +++ head/security/gnutls3/pkg-plist Wed Apr 2 01:16:02 2014 (r349899) @@ -12,7 +12,7 @@ bin/tpmtool3 include/gnutls3/gnutls/abstract.h include/gnutls3/gnutls/compat.h include/gnutls3/gnutls/crypto.h -include/gnutls3/gnutls/dane.h +%%LIBDANE%%include/gnutls3/gnutls/dane.h include/gnutls3/gnutls/dtls.h include/gnutls3/gnutls/gnutls.h %%CXX%%include/gnutls3/gnutls/gnutlsxx.h @@ -42,10 +42,10 @@ info/gnutls3/gnutls.info-3 info/gnutls3/gnutls.info-4 info/gnutls3/gnutls.info-5 info/gnutls3/pkcs11-vision.png -lib/gnutls3/libgnutls-dane.a -lib/gnutls3/libgnutls-dane.la -lib/gnutls3/libgnutls-dane.so -lib/gnutls3/libgnutls-dane.so.0 +%%LIBDANE%%lib/gnutls3/libgnutls-dane.a +%%LIBDANE%%lib/gnutls3/libgnutls-dane.la +%%LIBDANE%%lib/gnutls3/libgnutls-dane.so +%%LIBDANE%%lib/gnutls3/libgnutls-dane.so.0 lib/gnutls3/libgnutls-openssl.a lib/gnutls3/libgnutls-openssl.la lib/gnutls3/libgnutls-openssl.so @@ -63,8 +63,8 @@ lib/gnutls3/libgnutls.so.28 %%CXX%%lib/gnutls3/libgnutlsxx.so %%CXX%%lib/gnutls3/libgnutlsxx.so.28 libdata/pkgconfig/gnutls3.pc -libdata/pkgconfig/gnutls3-dane.pc -man/man1/danetool3.1.gz +%%LIBDANE%%libdata/pkgconfig/gnutls3-dane.pc +%%LIBDANE%%man/man1/danetool3.1.gz man/man1/certtool3.1.gz man/man1/gnutls-cli-debug3.1.gz man/man1/gnutls-cli3.1.gz _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed (note the LIBDANE_* helper macros I used instead). Default is no libdane now.