CVS commit: pkgsrc/security/gnutls

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/gnutls
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Fri, 29 Jul 2022 08:04:48 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Jul 29 08:04:48 UTC 2022

Modified Files:
        pkgsrc/security/gnutls: Makefile PLIST distinfo
        pkgsrc/security/gnutls/patches: patch-configure

Log Message:
gnutls: updated to 3.7.7

Version 3.7.7 (released 2022-07-28)

** libgnutls: Fixed double free during verification of pkcs7 signatures.
   [CVE-2022-2509]

** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
   equal to 255 times hash digest size, to comply with RFC 5869 2.3.

** libgnutls: Length limit for TLS PSK usernames has been increased
   from 128 to 65535 characters.

** libgnutls: AES-GCM encryption function now limits plaintext
   length to 2^39-256 bits, according to SP800-38D 5.2.1.1.

** libgnutls: New block cipher functions have been added to transparently
   handle padding.  gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
   used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
   add/remove padding if the length of the original plaintext is not a multiple
   of the block size.

** libgnutls: New function for manual FIPS self-testing.

** API and ABI modifications:
gnutls_fips140_run_self_tests: New function
gnutls_cipher_encrypt3: New function
gnutls_cipher_decrypt3: New function
gnutls_cipher_padding_flags_t: New enum

** guile: Guile 1.8 is no longer supported

** guile: Session record port treats premature termination as EOF
   Previously, a ‘gnutls-error’ exception with the
   ‘error/premature-termination’ value would be thrown while reading from a
   session record port when the underlying session was terminated
   prematurely.  This was inconvenient since users of the port may not be
   prepared to handle such an exception.
   Reading from the session record port now returns the end-of-file object
   instead of throwing an exception, just like it would for a proper
   session termination.

** guile: Session record ports can have a ‘close’ procedure.
   The ‘session-record-port’ procedure now takes an optional second
   parameter, and a new ‘set-session-record-port-close!’ procedure is
   provided to specify a ‘close’ procedure for a session record port.
   This ‘close’ procedure lets users specify cleanup operations for when
   the port is closed, such as closing the file descriptor or port that
   backs the underlying session.


To generate a diff of this commit:
cvs rdiff -u -r1.233 -r1.234 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.76 -r1.77 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.154 -r1.155 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/gnutls/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.233 pkgsrc/security/gnutls/Makefile:1.234
--- pkgsrc/security/gnutls/Makefile:1.233       Tue Jun 28 11:35:35 2022
+++ pkgsrc/security/gnutls/Makefile     Fri Jul 29 08:04:47 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.233 2022/06/28 11:35:35 wiz Exp $
+# $NetBSD: Makefile,v 1.234 2022/07/29 08:04:47 adam Exp $
 
-DISTNAME=      gnutls-3.7.6
-PKGREVISION=   1
+DISTNAME=      gnutls-3.7.7
 CATEGORIES=    security devel
 MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/security/gnutls/PLIST
diff -u pkgsrc/security/gnutls/PLIST:1.76 pkgsrc/security/gnutls/PLIST:1.77
--- pkgsrc/security/gnutls/PLIST:1.76   Wed May 18 18:26:14 2022
+++ pkgsrc/security/gnutls/PLIST        Fri Jul 29 08:04:47 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.76 2022/05/18 18:26:14 adam Exp $
+@comment $NetBSD: PLIST,v 1.77 2022/07/29 08:04:47 adam Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -175,9 +175,11 @@ man/man3/gnutls_check_version.3
 man/man3/gnutls_cipher_add_auth.3
 man/man3/gnutls_cipher_decrypt.3
 man/man3/gnutls_cipher_decrypt2.3
+man/man3/gnutls_cipher_decrypt3.3
 man/man3/gnutls_cipher_deinit.3
 man/man3/gnutls_cipher_encrypt.3
 man/man3/gnutls_cipher_encrypt2.3
+man/man3/gnutls_cipher_encrypt3.3
 man/man3/gnutls_cipher_get.3
 man/man3/gnutls_cipher_get_block_size.3
 man/man3/gnutls_cipher_get_id.3
@@ -282,6 +284,7 @@ man/man3/gnutls_fips140_get_operation_st
 man/man3/gnutls_fips140_mode_enabled.3
 man/man3/gnutls_fips140_pop_context.3
 man/man3/gnutls_fips140_push_context.3
+man/man3/gnutls_fips140_run_self_tests.3
 man/man3/gnutls_fips140_set_mode.3
 man/man3/gnutls_get_library_config.3
 man/man3/gnutls_get_system_config_file.3

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.154 pkgsrc/security/gnutls/distinfo:1.155
--- pkgsrc/security/gnutls/distinfo:1.154       Sat May 28 06:03:42 2022
+++ pkgsrc/security/gnutls/distinfo     Fri Jul 29 08:04:47 2022
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.154 2022/05/28 06:03:42 adam Exp $
+$NetBSD: distinfo,v 1.155 2022/07/29 08:04:47 adam Exp $
 
-BLAKE2s (gnutls-3.7.6.tar.xz) = 58d8a3d58663d0fd29fe8c29826cb82ff693e2a9de1d5d08341e4f2ddd7e6bba
-SHA512 (gnutls-3.7.6.tar.xz) = f872339df80ec31d292821ff00eaafbe50e0bd4cdbb86e21e4f78541cd0a26d843596d5e69c91de4db8ce7d027fc639ae6462b57d89fb116162ae63c5a97486a
-Size (gnutls-3.7.6.tar.xz) = 6338276 bytes
-SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
+BLAKE2s (gnutls-3.7.7.tar.xz) = 07d831b44b5803abfaa5d8b04727e5b80e43132ea28d837761286c95d4d693d5
+SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08
+Size (gnutls-3.7.7.tar.xz) = 6351664 bytes
+SHA1 (patch-configure) = c00675e61b23ee337d2ecedd4dc7a358fc712fcb
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc

Index: pkgsrc/security/gnutls/patches/patch-configure
diff -u pkgsrc/security/gnutls/patches/patch-configure:1.5 pkgsrc/security/gnutls/patches/patch-configure:1.6
--- pkgsrc/security/gnutls/patches/patch-configure:1.5  Wed Apr  1 08:24:07 2020
+++ pkgsrc/security/gnutls/patches/patch-configure      Fri Jul 29 08:04:48 2022
@@ -1,14 +1,14 @@
-$NetBSD: patch-configure,v 1.5 2020/04/01 08:24:07 adam Exp $
+$NetBSD: patch-configure,v 1.6 2022/07/29 08:04:48 adam Exp $
 
 Fix linking on Darwin.
 
---- configure.orig     2020-03-19 15:24:05.000000000 +0000
+--- configure.orig     2022-07-28 11:23:32.000000000 +0000
 +++ configure
-@@ -9698,7 +9698,6 @@ $as_echo "#define _UNICODE 1" >>confdefs
+@@ -11448,7 +11448,6 @@ printf "%s\n" "#define DYN_NCRYPT 1" >>c
    *darwin*)
      have_macosx=yes
      save_LDFLAGS="$LDFLAGS"
 -                LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
- $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ printf %s "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext

Prev by Date: CVS commit: pkgsrc/net/wireshark
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/net/wireshark
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index