CVS commit: pkgsrc/security/gnutls

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed May 18 18:26:14 UTC 2022

Modified Files:
        pkgsrc/security/gnutls: Makefile PLIST distinfo

Log Message:
gnutls: updated to 3.7.5

Version 3.7.5 (released 2022-05-15)

** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority
   modifier have been added to disable session ticket usage in TLS 1.2 because
   it does not provide forward secrecy.  On the other hand, since session
   tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now
   only disables session tickets in TLS 1.2.  Future backward incompatibility:
   in the next major release of GnuTLS, we plan to remove those flag and
   modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2.

** gnutls-cli, gnutls-serv: Channel binding for printing information
   has been changed from tls-unique to tls-exporter as tls-unique is
   not supported in TLS 1.3.

** libgnutls: Certificate sanity checks has been enhanced to make
   gnutls more RFC 5280 compliant (!1583).
   Following changes were included:
   - critical extensions are parsed when loading x509
     certificate to prohibit any random octet strings.
     Requires strict-x509 configure option to be enabled
   - garbage bits in Key Usage extension are prohibited
   - empty DirectoryStrings in Distinguished name structures
     of Issuer and Subject name are prohibited

** libgnutls: Removed 3DES from FIPS approved algorithms.
   According to the section 2 of SP800-131A Rev.2, 3DES algorithm
   will be disallowed for encryption after December 31, 2023:
   https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final

** libgnutls: Optimized support for AES-SIV-CMAC algorithms.
   The existing AEAD API that works in a scatter-gather fashion
   (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
   For further optimization, new function (gnutls_aead_cipher_set_key) has been
   added to set key on the existing AEAD handle without re-allocation.

** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode
   when used in TLS.

** The configure arguments for Brotli and Zstandard (zstd) support
   have changed to reflect the previous help text: they are now
   --with-brotli/--with-zstd respectively.

** Detecting the Zstandard (zstd) library in configure has been
   fixed.

** API and ABI modifications:
GNUTLS_NO_TICKETS_TLS12: New flag
gnutls_aead_cipher_set_key: New function


To generate a diff of this commit:
cvs rdiff -u -r1.230 -r1.231 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.75 -r1.76 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.152 -r1.153 pkgsrc/security/gnutls/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.230 pkgsrc/security/gnutls/Makefile:1.231
--- pkgsrc/security/gnutls/Makefile:1.230       Thu Mar 17 21:16:25 2022
+++ pkgsrc/security/gnutls/Makefile     Wed May 18 18:26:14 2022
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.230 2022/03/17 21:16:25 adam Exp $
+# $NetBSD: Makefile,v 1.231 2022/05/18 18:26:14 adam Exp $
 
-DISTNAME=      gnutls-3.7.4
+DISTNAME=      gnutls-3.7.5
 CATEGORIES=    security devel
 MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/security/gnutls/PLIST
diff -u pkgsrc/security/gnutls/PLIST:1.75 pkgsrc/security/gnutls/PLIST:1.76
--- pkgsrc/security/gnutls/PLIST:1.75   Thu Mar 17 21:16:25 2022
+++ pkgsrc/security/gnutls/PLIST        Wed May 18 18:26:14 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.75 2022/03/17 21:16:25 adam Exp $
+@comment $NetBSD: PLIST,v 1.76 2022/05/18 18:26:14 adam Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -74,6 +74,7 @@ man/man3/gnutls_aead_cipher_encrypt.3
 man/man3/gnutls_aead_cipher_encryptv.3
 man/man3/gnutls_aead_cipher_encryptv2.3
 man/man3/gnutls_aead_cipher_init.3
+man/man3/gnutls_aead_cipher_set_key.3
 man/man3/gnutls_alert_get.3
 man/man3/gnutls_alert_get_name.3
 man/man3/gnutls_alert_get_strname.3

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.152 pkgsrc/security/gnutls/distinfo:1.153
--- pkgsrc/security/gnutls/distinfo:1.152       Thu Mar 17 21:16:25 2022
+++ pkgsrc/security/gnutls/distinfo     Wed May 18 18:26:14 2022
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.152 2022/03/17 21:16:25 adam Exp $
+$NetBSD: distinfo,v 1.153 2022/05/18 18:26:14 adam Exp $
 
-BLAKE2s (gnutls-3.7.4.tar.xz) = 12888540cd6d75baa40b32bd4bcbc896e39c02d91b331cd979d3a477751b192d
-SHA512 (gnutls-3.7.4.tar.xz) = 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6
-Size (gnutls-3.7.4.tar.xz) = 6131772 bytes
+BLAKE2s (gnutls-3.7.5.tar.xz) = e6a818e9f5e44970e01639f3506620279befc63b8a72304527dcd2cb52d968b1
+SHA512 (gnutls-3.7.5.tar.xz) = 2e4898e6aeff4f82abd48e6a442f5c9ebe4ecaeb0c038b76e2da8e468f6a7ae37fef5e8de17d90346f29aa0b56a08abf67fe8b81ba09dcf4612cc3b97b830bec
+Size (gnutls-3.7.5.tar.xz) = 6321392 bytes
 SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc