pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/gnutls



Module Name:    pkgsrc
Committed By:   leot
Date:           Wed Mar 27 16:46:40 UTC 2019

Modified Files:
        pkgsrc/security/gnutls: Makefile distinfo

Log Message:
gnutls: Update to 3.6.7

Bug fix and security release on the stable 3.6.x branch.
OK during the freeze by <jperkin>, thanks!

Changes:
3.6.7
-----

 - libgnutls, gnutls tools: Every gnutls_free() will automatically set
   the free'd pointer to NULL. This prevents possible use-after-free and
   double free issues. Use-after-free will be turned into NULL dereference.
   The counter-measure does not extend to applications using gnutls_free().
 - libgnutls: Fixed a memory corruption (double free) vulnerability in the
   certificate verification API. Reported by Tavis Ormandy; addressed with
   the change above. [GNUTLS-SA-2019-03-27, #694]
 - libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
   Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
 - libgnutls: enforce key usage limitations on certificates more actively.
   Previously we would enforce it for TLS1.2 protocol, now we enforce it
   even when TLS1.3 is negotiated, or on client certificates as well. When
   an inappropriate for TLS1.3 certificate is seen on the credentials structure
   GnuTLS will disable TLS1.3 support for that session (#690).
 - libgnutls: the default number of tickets sent under TLS 1.3 was increased to
   two. This makes it easier for clients which perform multiple connections
   to the server to use the tickets sent by a default server.
 - libgnutls: enforce the equality of the two signature parameters fields in
   a certificate. We were already enforcing the signature algorithm, but there
   was a bug in parameter checking code.
 - libgnutls: fixed issue preventing sending and receiving from different
   threads when false start was enabled (#713).
 - libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
   session, as non-writeable security officer sessions are undefined in PKCS#11
   (#721).
 - libgnutls: no longer send downgrade sentinel in TLS 1.3.
   Previously the sentinel value was embedded to early in version
   negotiation and was sent even on TLS 1.3. It is now sent only when
   TLS 1.2 or earlier is negotiated (#689).
 - gnutls-cli: Added option --logfile to redirect informational messages output.

 - No API and ABI modifications since last version.


To generate a diff of this commit:
cvs rdiff -u -r1.194 -r1.195 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.133 -r1.134 pkgsrc/security/gnutls/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.194 pkgsrc/security/gnutls/Makefile:1.195
--- pkgsrc/security/gnutls/Makefile:1.194       Wed Mar 20 06:27:11 2019
+++ pkgsrc/security/gnutls/Makefile     Wed Mar 27 16:46:40 2019
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.194 2019/03/20 06:27:11 adam Exp $
+# $NetBSD: Makefile,v 1.195 2019/03/27 16:46:40 leot Exp $
 
-DISTNAME=      gnutls-3.6.6
+DISTNAME=      gnutls-3.6.7
 CATEGORIES=    security devel
 MASTER_SITES=  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.133 pkgsrc/security/gnutls/distinfo:1.134
--- pkgsrc/security/gnutls/distinfo:1.133       Wed Mar 20 06:27:11 2019
+++ pkgsrc/security/gnutls/distinfo     Wed Mar 27 16:46:40 2019
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.133 2019/03/20 06:27:11 adam Exp $
+$NetBSD: distinfo,v 1.134 2019/03/27 16:46:40 leot Exp $
 
-SHA1 (gnutls-3.6.6.tar.xz) = d094f3c554b40d76dac2d2d75a8a141c008dc6c4
-RMD160 (gnutls-3.6.6.tar.xz) = b83342901fc4d0f597d4d97e1d853431a27cc162
-SHA512 (gnutls-3.6.6.tar.xz) = 4ff34f38d7dc543bc5750d8fdfe9be84af60c66e8d41da45f6cffc11d6c6c726784fd2d471b3416604ca1f3f9efb22ff7a290d5c92c96deda38df6ae3e794cc1
-Size (gnutls-3.6.6.tar.xz) = 8257612 bytes
+SHA1 (gnutls-3.6.7.tar.xz) = 71f73b9829e44c947bb668b25b8b2e594a065345
+RMD160 (gnutls-3.6.7.tar.xz) = 0def1ae12df5f6dd30e3b2b853e0426837c6247e
+SHA512 (gnutls-3.6.7.tar.xz) = ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3
+Size (gnutls-3.6.7.tar.xz) = 8153728 bytes
 SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
 SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c
 SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4



Home | Main Index | Thread Index | Old Index