pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/gnutls
Module Name: pkgsrc
Committed By: wiz
Date: Wed Sep 6 13:41:26 UTC 2017
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
pkgsrc/security/gnutls/patches: patch-lib_Makefile.in
Added Files:
pkgsrc/security/gnutls/patches: patch-fuzz_Makefile.in
patch-lib_atomic.h patch-tests_suite_Makefile.in
Removed Files:
pkgsrc/security/gnutls/patches: patch-ae
Log Message:
Updated gnutls to 3.6.0.
* Version 3.6.0 (released 2017-08-21)
** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and
fuzzying toolkit, allowing for corner case testing, and ensuring that the
behavior of the library will not change across releases.
https://github.com/tomato42/tlsfuzzer
** libgnutls: Introduced a lock-free random generator which operates per-thread
and eliminates random-generator related bottlenecks in multi-threaded operation.
Resolves gitlab issue #141.
http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html
** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA.
The goal is to reduce code needed in cache (CHACHA is also used for TLS),
and the number of primitives used by the library. That does not affect the
AES-DRBG random generator used in FIPS140-2 mode.
** libgnutls: Added support for RSA-PSS key type as well as signatures in
certificates, and TLS key exchange. Contributed by Daiki Ueno.
RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys,
but not vice-versa. The feature includes:
* RSA-PSS key generation and key handling (in PKCS#8 form)
* RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech)
* Handling of RSA-PSS subjectPublicKeyInfo parameters, when present
in either the private key or certificate.
* RSA-PSS signing and verification of PKIX certificates
* RSA-PSS signing and verification of TLS 1.2 handshake
* RSA-PSS signing and verification of PKCS#7 structures
* RSA-PSS and RSA key combinations for TLS credentials. That is, when
multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS
TLS signatures, to contain risks of cross-protocol attacks between the algorithms.
* RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa)
Note that RSA-PSS signatures with SHA1 are (intentionally) not supported.
** libgnutls: Added support for Ed25519 signing in certificates and TLS key
exchange following draft-ietf-tls-rfc4492bis-17. The feature includes:
* Ed25519 key generation and key handling (in PKCS#8 form)
* Ed25519 signing and verification of PKIX certificates
* Ed25519 signing and verification of TLS 1.2 handshake
* Ed25519 signing and verification of PKCS#7 structures
** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17.
** libgnutls: Added support for Diffie-Hellman group negotiation following RFC7919.
That makes the DH parameters negotiation more robust and less prone to errors
due to insecure parameters. Servers are no longer required to specific explicit
DH parameters, though if they do these parameters will be used. Group
selection can be done via priority strings. The introduced strings are
GROUP-ALL, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and
GROUP-FFDHE8192, as well as the corresponding to curves groups. Note that
the 6144 group from RFC7919 is not supported.
** libgnutls: Introduced various sanity checks on certificate import. Refuse
to import certificates which have fractional seconds in Time fields, X.509v1
certificates which have the unique identifiers set, and certificates with illegal
version numbers. All of these are prohibited by RFC5280.
** libgnutls: Introduced gnutls_x509_crt_set_flags(). This function can set flags
in the crt structure. The only flag supported at the moment is
GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity
checks on import.
** libgnutls: PKIX certificates with unknown critical extensions are rejected
on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This
behavior can be overriden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
to verification functions. Resolves gitlab issue #177.
** libgnutls: Refuse to generate a certificate with an illegal version, or an
illegal serial number. That is, gnutls_x509_crt_set_version() and
gnutls_x509_crt_set_serial(), will fail on input considered to be invalid
in RFC5280.
** libgnutls: Calls to gnutls_record_send() and gnutls_record_recv()
prior to handshake being complete are now refused. Addresses gitlab issue #158.
** libgnutls: Added support for PKCS#12 files with no salt (zero length) in their
password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC.
** libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values.
** libgnutls: Added new callback setting function to gnutls_privkey_t for external
keys. The new function (gnutls_privkey_import_ext4), allows signing in addition
to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519
keys.
** libgnutls: Introduced the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1
priority string options. These allows enabling all broken and SHA1-based signature
algorithms in certificate verification, respectively.
** libgnutls: 3DES-CBC is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+3DES-CBC".
** libgnutls: SHA1 was marked as insecure for signing certificates. Verification
of certificates signed with SHA1 is now considered insecure and will
fail, unless flags intended to enable broken algorithms are set. Other uses
of SHA1 are still allowed. This can be reverted on compile time with the configure
flag --enable-sha1-support.
** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification
of certificates signed with RIPEMD160 hash algorithm is now considered insecure and
will fail, unless flags intended to enable broken algorithms are set.
** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes.
These curves were rarely used for that purpose, provide no advantage over
x25519 and were deprecated by TLS 1.3.
** libgnutls: Removed support for DEFLATE, or any other compression method.
** libgnutls: OpenPGP authentication was removed; the resulting library is ABI
compatible, with the openpgp related functions being stubs that fail
on invocation.
** libgnutls: Removed support for libidn (i.e., IDNA2003); gnutls can now be compiled
only with libidn2 which provides IDNA2008.
** certtool: The option '--load-ca-certificate' can now accept PKCS#11
URLs in addition to files.
** certtool: The option '--load-crl' can now be used when generating PKCS#12
files (i.e., in conjunction with '--to-p12' option).
** certtool: Keys with provable RSA and DSA parameters are now only read and
exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
This removes support for the previous a non-standard key format.
** certtool: Added support for generating, printing and handling RSA-PSS and
Ed25519 keys and certificates.
** certtool: the parameters --rsa, --dsa and --ecdsa to --generate-privkey are now
deprecated, replaced by the --key-type option.
** p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were
replaced by the --generate-privkey option.
** psktool: Generate 256-bit keys by default.
** gnutls-server: Increase request buffer size to 16kb, and added the --alpn and
--alpn-fatal options, allowing testing of ALPN negotiation.
** API and ABI modifications:
gnutls_encode_rs_value: Added
gnutls_decode_rs_value: Added
gnutls_base64_encode2: Added
gnutls_base64_decode2: Added
gnutls_x509_crt_set_flags: Added
gnutls_x509_crt_check_ip: Added
gnutls_x509_ext_import_inhibit_anypolicy: Added
gnutls_x509_ext_export_inhibit_anypolicy: Added
gnutls_x509_crt_get_inhibit_anypolicy: Added
gnutls_x509_crt_set_inhibit_anypolicy: Added
gnutls_pubkey_export_rsa_raw2: Added
gnutls_pubkey_export_dsa_raw2: Added
gnutls_pubkey_export_ecc_raw2: Added
gnutls_privkey_export_rsa_raw2: Added
gnutls_privkey_export_dsa_raw2: Added
gnutls_privkey_export_ecc_raw2: Added
gnutls_x509_spki_init: Added
gnutls_x509_spki_deinit: Added
gnutls_x509_spki_get_pk_algorithm: Added
gnutls_x509_spki_set_pk_algorithm: Added
gnutls_x509_spki_get_digest_algorithm: Added
gnutls_x509_spki_set_digest_algorithm: Added
gnutls_x509_spki_get_salt_size: Added
gnutls_x509_spki_set_salt_size: Added
gnutls_x509_crt_set_spki: Added
gnutls_x509_crt_get_spki: Added
gnutls_x509_privkey_get_spki: Added
gnutls_x509_privkey_set_spki: Added
gnutls_x509_crq_get_spki: Added
gnutls_x509_crq_set_spki: Added
gnutls_pubkey_set_spki: Added
gnutls_pubkey_get_spki: Added
gnutls_privkey_set_spki: Added
gnutls_privkey_get_spki: Added
gnutls_privkey_import_ext4: Added
GNUTLS_EXPORT_FLAG_NO_LZ: Added
GNUTLS_DT_IP_ADDRESS: Added
GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added
GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES: Added
GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added
GNUTLS_SFLAGS_RFC7919: Added
To generate a diff of this commit:
cvs rdiff -u -r1.175 -r1.176 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.127 -r1.128 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.6 -r0 pkgsrc/security/gnutls/patches/patch-ae
cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-fuzz_Makefile.in \
pkgsrc/security/gnutls/patches/patch-lib_atomic.h \
pkgsrc/security/gnutls/patches/patch-tests_suite_Makefile.in
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/gnutls/patches/patch-lib_Makefile.in
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.175 pkgsrc/security/gnutls/Makefile:1.176
--- pkgsrc/security/gnutls/Makefile:1.175 Thu Aug 31 10:18:12 2017
+++ pkgsrc/security/gnutls/Makefile Wed Sep 6 13:41:26 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.175 2017/08/31 10:18:12 wiz Exp $
+# $NetBSD: Makefile,v 1.176 2017/09/06 13:41:26 wiz Exp $
-DISTNAME= gnutls-3.5.15
+DISTNAME= gnutls-3.6.0
CATEGORIES= security devel
-MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/
+MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/
EXTRACT_SUFX= .tar.xz
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
@@ -37,7 +37,6 @@ TEST_TARGET= check
INFO_FILES= yes
-REPLACE_BASH+= tests/cert-tests/openpgp-certs
REPLACE_BASH+= tests/danetool.sh
REPLACE_BASH+= tests/ocsp-tests/ocsp-must-staple-connection
REPLACE_BASH+= tests/ocsp-tests/ocsp-tls-connection
Index: pkgsrc/security/gnutls/PLIST
diff -u pkgsrc/security/gnutls/PLIST:1.57 pkgsrc/security/gnutls/PLIST:1.58
--- pkgsrc/security/gnutls/PLIST:1.57 Fri Jun 30 06:15:44 2017
+++ pkgsrc/security/gnutls/PLIST Wed Sep 6 13:41:26 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.57 2017/06/30 06:15:44 wiz Exp $
+@comment $NetBSD: PLIST,v 1.58 2017/09/06 13:41:26 wiz Exp $
bin/certtool
bin/gnutls-cli
bin/gnutls-cli-debug
@@ -87,6 +87,8 @@ man/man3/gnutls_anon_set_server_params_f
man/man3/gnutls_auth_client_get_type.3
man/man3/gnutls_auth_get_type.3
man/man3/gnutls_auth_server_get_type.3
+man/man3/gnutls_base64_decode2.3
+man/man3/gnutls_base64_encode2.3
man/man3/gnutls_buffer_append_data.3
man/man3/gnutls_bye.3
man/man3/gnutls_certificate_activation_time_peers.3
@@ -189,6 +191,7 @@ man/man3/gnutls_db_set_remove_function.3
man/man3/gnutls_db_set_retrieve_function.3
man/man3/gnutls_db_set_store_function.3
man/man3/gnutls_decode_ber_digest_info.3
+man/man3/gnutls_decode_rs_value.3
man/man3/gnutls_deinit.3
man/man3/gnutls_dh_get_group.3
man/man3/gnutls_dh_get_peers_public_bits.3
@@ -228,6 +231,7 @@ man/man3/gnutls_ecc_curve_get_pk.3
man/man3/gnutls_ecc_curve_get_size.3
man/man3/gnutls_ecc_curve_list.3
man/man3/gnutls_encode_ber_digest_info.3
+man/man3/gnutls_encode_rs_value.3
man/man3/gnutls_error_is_fatal.3
man/man3/gnutls_error_to_alert.3
man/man3/gnutls_est_record_overhead_size.3
@@ -245,6 +249,10 @@ man/man3/gnutls_global_set_log_level.3
man/man3/gnutls_global_set_mem_functions.3
man/man3/gnutls_global_set_mutex.3
man/man3/gnutls_global_set_time_function.3
+man/man3/gnutls_group_get.3
+man/man3/gnutls_group_get_id.3
+man/man3/gnutls_group_get_name.3
+man/man3/gnutls_group_list.3
man/man3/gnutls_handshake.3
man/man3/gnutls_handshake_description_get_name.3
man/man3/gnutls_handshake_get_last_in.3
@@ -412,6 +420,7 @@ man/man3/gnutls_pkcs11_privkey_status.3
man/man3/gnutls_pkcs11_reinit.3
man/man3/gnutls_pkcs11_set_pin_function.3
man/man3/gnutls_pkcs11_set_token_function.3
+man/man3/gnutls_pkcs11_token_check_mechanism.3
man/man3/gnutls_pkcs11_token_get_flags.3
man/man3/gnutls_pkcs11_token_get_info.3
man/man3/gnutls_pkcs11_token_get_mechanism.3
@@ -489,6 +498,7 @@ man/man3/gnutls_priority_compression_lis
man/man3/gnutls_priority_deinit.3
man/man3/gnutls_priority_ecc_curve_list.3
man/man3/gnutls_priority_get_cipher_suite_index.3
+man/man3/gnutls_priority_group_list.3
man/man3/gnutls_priority_init.3
man/man3/gnutls_priority_kx_list.3
man/man3/gnutls_priority_mac_list.3
@@ -500,21 +510,26 @@ man/man3/gnutls_priority_string_list.3
man/man3/gnutls_privkey_decrypt_data.3
man/man3/gnutls_privkey_deinit.3
man/man3/gnutls_privkey_export_dsa_raw.3
+man/man3/gnutls_privkey_export_dsa_raw2.3
man/man3/gnutls_privkey_export_ecc_raw.3
+man/man3/gnutls_privkey_export_ecc_raw2.3
man/man3/gnutls_privkey_export_openpgp.3
man/man3/gnutls_privkey_export_pkcs11.3
man/man3/gnutls_privkey_export_rsa_raw.3
+man/man3/gnutls_privkey_export_rsa_raw2.3
man/man3/gnutls_privkey_export_x509.3
man/man3/gnutls_privkey_generate.3
man/man3/gnutls_privkey_generate2.3
man/man3/gnutls_privkey_get_pk_algorithm.3
man/man3/gnutls_privkey_get_seed.3
+man/man3/gnutls_privkey_get_spki.3
man/man3/gnutls_privkey_get_type.3
man/man3/gnutls_privkey_import_dsa_raw.3
man/man3/gnutls_privkey_import_ecc_raw.3
man/man3/gnutls_privkey_import_ext.3
man/man3/gnutls_privkey_import_ext2.3
man/man3/gnutls_privkey_import_ext3.3
+man/man3/gnutls_privkey_import_ext4.3
man/man3/gnutls_privkey_import_openpgp.3
man/man3/gnutls_privkey_import_openpgp_raw.3
man/man3/gnutls_privkey_import_pkcs11.3
@@ -528,8 +543,11 @@ man/man3/gnutls_privkey_import_x509_raw.
man/man3/gnutls_privkey_init.3
man/man3/gnutls_privkey_set_flags.3
man/man3/gnutls_privkey_set_pin_function.3
+man/man3/gnutls_privkey_set_spki.3
man/man3/gnutls_privkey_sign_data.3
+man/man3/gnutls_privkey_sign_data2.3
man/man3/gnutls_privkey_sign_hash.3
+man/man3/gnutls_privkey_sign_hash2.3
man/man3/gnutls_privkey_status.3
man/man3/gnutls_privkey_verify_params.3
man/man3/gnutls_privkey_verify_seed.3
@@ -557,14 +575,18 @@ man/man3/gnutls_pubkey_encrypt_data.3
man/man3/gnutls_pubkey_export.3
man/man3/gnutls_pubkey_export2.3
man/man3/gnutls_pubkey_export_dsa_raw.3
+man/man3/gnutls_pubkey_export_dsa_raw2.3
man/man3/gnutls_pubkey_export_ecc_raw.3
+man/man3/gnutls_pubkey_export_ecc_raw2.3
man/man3/gnutls_pubkey_export_ecc_x962.3
man/man3/gnutls_pubkey_export_rsa_raw.3
+man/man3/gnutls_pubkey_export_rsa_raw2.3
man/man3/gnutls_pubkey_get_key_id.3
man/man3/gnutls_pubkey_get_key_usage.3
man/man3/gnutls_pubkey_get_openpgp_key_id.3
man/man3/gnutls_pubkey_get_pk_algorithm.3
man/man3/gnutls_pubkey_get_preferred_hash_algorithm.3
+man/man3/gnutls_pubkey_get_spki.3
man/man3/gnutls_pubkey_import.3
man/man3/gnutls_pubkey_import_dsa_raw.3
man/man3/gnutls_pubkey_import_ecc_raw.3
@@ -584,6 +606,7 @@ man/man3/gnutls_pubkey_init.3
man/man3/gnutls_pubkey_print.3
man/man3/gnutls_pubkey_set_key_usage.3
man/man3/gnutls_pubkey_set_pin_function.3
+man/man3/gnutls_pubkey_set_spki.3
man/man3/gnutls_pubkey_verify_data2.3
man/man3/gnutls_pubkey_verify_hash2.3
man/man3/gnutls_pubkey_verify_params.3
@@ -658,7 +681,9 @@ man/man3/gnutls_sign_get_name.3
man/man3/gnutls_sign_get_oid.3
man/man3/gnutls_sign_get_pk_algorithm.3
man/man3/gnutls_sign_is_secure.3
+man/man3/gnutls_sign_is_secure2.3
man/man3/gnutls_sign_list.3
+man/man3/gnutls_sign_supports_pk_algorithm.3
man/man3/gnutls_srp_allocate_client_credentials.3
man/man3/gnutls_srp_allocate_server_credentials.3
man/man3/gnutls_srp_base64_decode.3
@@ -813,6 +838,7 @@ man/man3/gnutls_x509_crq_get_pk_oid.3
man/man3/gnutls_x509_crq_get_private_key_usage_period.3
man/man3/gnutls_x509_crq_get_signature_algorithm.3
man/man3/gnutls_x509_crq_get_signature_oid.3
+man/man3/gnutls_x509_crq_get_spki.3
man/man3/gnutls_x509_crq_get_subject_alt_name.3
man/man3/gnutls_x509_crq_get_subject_alt_othername_oid.3
man/man3/gnutls_x509_crq_get_tlsfeatures.3
@@ -833,6 +859,7 @@ man/man3/gnutls_x509_crq_set_key_rsa_raw
man/man3/gnutls_x509_crq_set_key_usage.3
man/man3/gnutls_x509_crq_set_private_key_usage_period.3
man/man3/gnutls_x509_crq_set_pubkey.3
+man/man3/gnutls_x509_crq_set_spki.3
man/man3/gnutls_x509_crq_set_subject_alt_name.3
man/man3/gnutls_x509_crq_set_subject_alt_othername.3
man/man3/gnutls_x509_crq_set_tlsfeatures.3
@@ -843,6 +870,7 @@ man/man3/gnutls_x509_crq_verify.3
man/man3/gnutls_x509_crt_check_email.3
man/man3/gnutls_x509_crt_check_hostname.3
man/man3/gnutls_x509_crt_check_hostname2.3
+man/man3/gnutls_x509_crt_check_ip.3
man/man3/gnutls_x509_crt_check_issuer.3
man/man3/gnutls_x509_crt_check_key_purpose.3
man/man3/gnutls_x509_crt_check_revocation.3
@@ -872,6 +900,7 @@ man/man3/gnutls_x509_crt_get_extension_d
man/man3/gnutls_x509_crt_get_extension_info.3
man/man3/gnutls_x509_crt_get_extension_oid.3
man/man3/gnutls_x509_crt_get_fingerprint.3
+man/man3/gnutls_x509_crt_get_inhibit_anypolicy.3
man/man3/gnutls_x509_crt_get_issuer.3
man/man3/gnutls_x509_crt_get_issuer_alt_name.3
man/man3/gnutls_x509_crt_get_issuer_alt_name2.3
@@ -901,6 +930,7 @@ man/man3/gnutls_x509_crt_get_serial.3
man/man3/gnutls_x509_crt_get_signature.3
man/man3/gnutls_x509_crt_get_signature_algorithm.3
man/man3/gnutls_x509_crt_get_signature_oid.3
+man/man3/gnutls_x509_crt_get_spki.3
man/man3/gnutls_x509_crt_get_subject.3
man/man3/gnutls_x509_crt_get_subject_alt_name.3
man/man3/gnutls_x509_crt_get_subject_alt_name2.3
@@ -933,6 +963,8 @@ man/man3/gnutls_x509_crt_set_dn.3
man/man3/gnutls_x509_crt_set_dn_by_oid.3
man/man3/gnutls_x509_crt_set_expiration_time.3
man/man3/gnutls_x509_crt_set_extension_by_oid.3
+man/man3/gnutls_x509_crt_set_flags.3
+man/man3/gnutls_x509_crt_set_inhibit_anypolicy.3
man/man3/gnutls_x509_crt_set_issuer_alt_name.3
man/man3/gnutls_x509_crt_set_issuer_alt_othername.3
man/man3/gnutls_x509_crt_set_issuer_dn.3
@@ -949,6 +981,7 @@ man/man3/gnutls_x509_crt_set_proxy.3
man/man3/gnutls_x509_crt_set_proxy_dn.3
man/man3/gnutls_x509_crt_set_pubkey.3
man/man3/gnutls_x509_crt_set_serial.3
+man/man3/gnutls_x509_crt_set_spki.3
man/man3/gnutls_x509_crt_set_subject_alt_name.3
man/man3/gnutls_x509_crt_set_subject_alt_othername.3
man/man3/gnutls_x509_crt_set_subject_alternative_name.3
@@ -976,6 +1009,7 @@ man/man3/gnutls_x509_ext_export_aia.3
man/man3/gnutls_x509_ext_export_authority_key_id.3
man/man3/gnutls_x509_ext_export_basic_constraints.3
man/man3/gnutls_x509_ext_export_crl_dist_points.3
+man/man3/gnutls_x509_ext_export_inhibit_anypolicy.3
man/man3/gnutls_x509_ext_export_key_purposes.3
man/man3/gnutls_x509_ext_export_key_usage.3
man/man3/gnutls_x509_ext_export_name_constraints.3
@@ -989,6 +1023,7 @@ man/man3/gnutls_x509_ext_import_aia.3
man/man3/gnutls_x509_ext_import_authority_key_id.3
man/man3/gnutls_x509_ext_import_basic_constraints.3
man/man3/gnutls_x509_ext_import_crl_dist_points.3
+man/man3/gnutls_x509_ext_import_inhibit_anypolicy.3
man/man3/gnutls_x509_ext_import_key_purposes.3
man/man3/gnutls_x509_ext_import_key_usage.3
man/man3/gnutls_x509_ext_import_name_constraints.3
@@ -1034,6 +1069,7 @@ man/man3/gnutls_x509_privkey_get_key_id.
man/man3/gnutls_x509_privkey_get_pk_algorithm.3
man/man3/gnutls_x509_privkey_get_pk_algorithm2.3
man/man3/gnutls_x509_privkey_get_seed.3
+man/man3/gnutls_x509_privkey_get_spki.3
man/man3/gnutls_x509_privkey_import.3
man/man3/gnutls_x509_privkey_import2.3
man/man3/gnutls_x509_privkey_import_dsa_raw.3
@@ -1046,6 +1082,7 @@ man/man3/gnutls_x509_privkey_init.3
man/man3/gnutls_x509_privkey_sec_param.3
man/man3/gnutls_x509_privkey_set_flags.3
man/man3/gnutls_x509_privkey_set_pin_function.3
+man/man3/gnutls_x509_privkey_set_spki.3
man/man3/gnutls_x509_privkey_sign_data.3
man/man3/gnutls_x509_privkey_sign_hash.3
man/man3/gnutls_x509_privkey_verify_params.3
@@ -1054,6 +1091,10 @@ man/man3/gnutls_x509_rdn_get.3
man/man3/gnutls_x509_rdn_get2.3
man/man3/gnutls_x509_rdn_get_by_oid.3
man/man3/gnutls_x509_rdn_get_oid.3
+man/man3/gnutls_x509_spki_deinit.3
+man/man3/gnutls_x509_spki_get_rsa_pss_params.3
+man/man3/gnutls_x509_spki_init.3
+man/man3/gnutls_x509_spki_set_rsa_pss_params.3
man/man3/gnutls_x509_tlsfeatures_add.3
man/man3/gnutls_x509_tlsfeatures_check_crt.3
man/man3/gnutls_x509_tlsfeatures_deinit.3
Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.127 pkgsrc/security/gnutls/distinfo:1.128
--- pkgsrc/security/gnutls/distinfo:1.127 Thu Aug 31 10:18:12 2017
+++ pkgsrc/security/gnutls/distinfo Wed Sep 6 13:41:26 2017
@@ -1,14 +1,16 @@
-$NetBSD: distinfo,v 1.127 2017/08/31 10:18:12 wiz Exp $
+$NetBSD: distinfo,v 1.128 2017/09/06 13:41:26 wiz Exp $
-SHA1 (gnutls-3.5.15.tar.xz) = 9b7466434332b92dc3ca704b9211370370814fac
-RMD160 (gnutls-3.5.15.tar.xz) = 29c45e4710b27d2f0c6e8d02692fb400b333b7ea
-SHA512 (gnutls-3.5.15.tar.xz) = 046cf3adf6cc3d38fd431f2ff28ddabb65f3c13379516d105316a04c7128be89c5f7ed3df6a034fc06e9ab2e154c2cde2f5cbe8530a1e58cc4b4fb72e158134b
-Size (gnutls-3.5.15.tar.xz) = 7238928 bytes
-SHA1 (patch-ae) = 5e020483ac14ef6ccc45a53e351242ab16c860f1
-SHA1 (patch-lib_Makefile.in) = d0e292e632a91a9f19e39bd2c2d205a086ba5588
+SHA1 (gnutls-3.6.0.tar.xz) = 7526804877a555b0bd136dfaa8a2ade738018301
+RMD160 (gnutls-3.6.0.tar.xz) = e2346506096e63a5a622a18c72c4269302ec4003
+SHA512 (gnutls-3.6.0.tar.xz) = e5f36d7e8d64e8432098e30549c321745d3605eeb85aba2a04bfa92146ca771961f0e2f3682bcae36be5b6095acd25996104a4213ce7b3466d61332a5188dc03
+Size (gnutls-3.6.0.tar.xz) = 8024972 bytes
+SHA1 (patch-fuzz_Makefile.in) = 8123ed5ac06c338a7ce0fb6da9533defaf93169f
+SHA1 (patch-lib_Makefile.in) = 3320a7ffa6252d116037974b6de8f5d9cd3bc610
SHA1 (patch-lib_accelerated_x86_x86-common.c) = 7a46ef6892b3a06ff4c949a965073c720a2491a4
+SHA1 (patch-lib_atomic.h) = c59748108d6379fe09d2b5f7c2e31b2616ff40cb
SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4
SHA1 (patch-src_libopts_compat_compat.h) = 240fbfc0ba20af35e0634ba873fe9e34bfbcc921
SHA1 (patch-src_libopts_libopts.c) = ce5e7681def882e95ed5ab770564d1f999b97039
SHA1 (patch-src_libopts_makeshell.c) = e5b7d66caaec45e12ae5490d515fc9fc75de3d92
SHA1 (patch-src_libopts_proto.h) = 78f845bdcbac8de74953a3cee0b77fa9c5b05386
+SHA1 (patch-tests_suite_Makefile.in) = 69aac0ebae7fa8b755497d3ebe6145be118c6a52
Index: pkgsrc/security/gnutls/patches/patch-lib_Makefile.in
diff -u pkgsrc/security/gnutls/patches/patch-lib_Makefile.in:1.7 pkgsrc/security/gnutls/patches/patch-lib_Makefile.in:1.8
--- pkgsrc/security/gnutls/patches/patch-lib_Makefile.in:1.7 Mon Jun 1 21:50:22 2015
+++ pkgsrc/security/gnutls/patches/patch-lib_Makefile.in Wed Sep 6 13:41:26 2017
@@ -1,10 +1,10 @@
-$NetBSD: patch-lib_Makefile.in,v 1.7 2015/06/01 21:50:22 spz Exp $
+$NetBSD: patch-lib_Makefile.in,v 1.8 2017/09/06 13:41:26 wiz Exp $
Correct path to locale files.
--- lib/Makefile.in.orig 2015-05-03 17:30:56.000000000 +0000
+++ lib/Makefile.in
-@@ -361,7 +361,7 @@ am__v_lt_0 = --silent
+@@ -386,7 +386,7 @@ am__v_lt_0 = --silent
am__v_lt_1 =
libgnutls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
Added files:
Index: pkgsrc/security/gnutls/patches/patch-fuzz_Makefile.in
diff -u /dev/null pkgsrc/security/gnutls/patches/patch-fuzz_Makefile.in:1.1
--- /dev/null Wed Sep 6 13:41:26 2017
+++ pkgsrc/security/gnutls/patches/patch-fuzz_Makefile.in Wed Sep 6 13:41:26 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-fuzz_Makefile.in,v 1.1 2017/09/06 13:41:26 wiz Exp $
+
+Use autoconf variable for libdl.
+https://gitlab.com/gnutls/gnutls/issues/270
+
+--- fuzz/Makefile.in.orig 2017-09-06 12:15:06.271496815 +0000
++++ fuzz/Makefile.in
+@@ -1797,7 +1797,7 @@ gnutls_srp_client_fuzzer_SOURCES = gnutl
+ gnutls_srp_server_fuzzer_SOURCES = gnutls_srp_server_fuzzer.c main.c fuzzer.h mem.h srp.h
+ gnutls_set_trust_file_fuzzer_SOURCES = gnutls_set_trust_file_fuzzer.c main.c fuzzer.h
+ gnutls_x509_parser_fuzzer_SOURCES = gnutls_x509_parser_fuzzer.c main.c fuzzer.h
+-gnutls_set_trust_file_fuzzer_LDADD = $(LDADD) -ldl
++gnutls_set_trust_file_fuzzer_LDADD = $(LDADD) $(LIBDL)
+ TESTS = $(FUZZERS)
+ LCOV_INFO = coverage.info
+ all: all-am
Index: pkgsrc/security/gnutls/patches/patch-lib_atomic.h
diff -u /dev/null pkgsrc/security/gnutls/patches/patch-lib_atomic.h:1.1
--- /dev/null Wed Sep 6 13:41:26 2017
+++ pkgsrc/security/gnutls/patches/patch-lib_atomic.h Wed Sep 6 13:41:26 2017
@@ -0,0 +1,38 @@
+$NetBSD: patch-lib_atomic.h,v 1.1 2017/09/06 13:41:26 wiz Exp $
+
+Fix lock arguments.
+https://gitlab.com/gnutls/gnutls/commit/72d25d427078d3de5c25c3b5406b0313ffd813ab
+
+--- lib/atomic.h.orig 2017-07-31 06:22:37.000000000 +0000
++++ lib/atomic.h
+@@ -47,24 +47,24 @@ typedef struct gnutls_atomic_uint_st *gn
+ inline static unsigned gnutls_atomic_val(gnutls_atomic_uint_t x)
+ {
+ unsigned int t;
+- gnutls_mutex_lock(x->lock);
++ gnutls_mutex_lock(&x->lock);
+ t = x->value;
+- gnutls_mutex_unlock(x->lock);
++ gnutls_mutex_unlock(&x->lock);
+ return t;
+ }
+
+ inline static void gnutls_atomic_increment(gnutls_atomic_uint_t x)
+ {
+- gnutls_mutex_lock(x->lock);
++ gnutls_mutex_lock(&x->lock);
+ x->value++;
+- gnutls_mutex_unlock(x->lock);
++ gnutls_mutex_unlock(&x->lock);
+ }
+
+ inline static void gnutls_atomic_decrement(gnutls_atomic_uint_t x)
+ {
+- gnutls_mutex_lock(x->lock);
++ gnutls_mutex_lock(&x->lock);
+ x->value--;
+- gnutls_mutex_unlock(x->lock);
++ gnutls_mutex_unlock(&x->lock);
+ }
+
+ inline static void gnutls_atomic_init(gnutls_atomic_uint_t x)
Index: pkgsrc/security/gnutls/patches/patch-tests_suite_Makefile.in
diff -u /dev/null pkgsrc/security/gnutls/patches/patch-tests_suite_Makefile.in:1.1
--- /dev/null Wed Sep 6 13:41:26 2017
+++ pkgsrc/security/gnutls/patches/patch-tests_suite_Makefile.in Wed Sep 6 13:41:26 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-tests_suite_Makefile.in,v 1.1 2017/09/06 13:41:26 wiz Exp $
+
+Use autoconf variable for libdl.
+https://gitlab.com/gnutls/gnutls/issues/270
+
+--- tests/suite/Makefile.in.orig 2017-09-06 12:15:07.888159011 +0000
++++ tests/suite/Makefile.in
+@@ -1710,7 +1710,7 @@ TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) LC_
+ $(am__append_2) $(am__append_3)
+ @MACOSX_FALSE@@WINDOWS_FALSE@noinst_LTLIBRARIES = libecore.la
+ @MACOSX_FALSE@@WINDOWS_FALSE@mini_record_timing_LDADD = -lrt $(LDADD)
+-@MACOSX_FALSE@@WINDOWS_FALSE@eagain_cli_LDADD = libecore.la -lrt -lm -ldl -lpthread $(LDADD)
++@MACOSX_FALSE@@WINDOWS_FALSE@eagain_cli_LDADD = libecore.la -lrt -lm $(LIBDL) -lpthread $(LDADD)
+ @MACOSX_FALSE@@WINDOWS_FALSE@nodist_eagain_cli_SOURCES = mini-eagain2.c
+ prime_check_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS)
+ TEST_EXTENSIONS = .sh
Home |
Main Index |
Thread Index |
Old Index