Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/gnutls gnutls: Update to 3.6.15



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a4b965dff173
branches:  trunk
changeset: 438539:a4b965dff173
user:      leot <leot%pkgsrc.org@localhost>
date:      Mon Sep 07 15:47:15 2020 +0000

description:
gnutls: Update to 3.6.15

Changes:
3.6.15
------
** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
   The server sending a "no_renegotiation" alert in an unexpected timing,
   followed by an invalid second handshake was able to cause a TLS 1.3 client to
   crash via a null-pointer dereference. The crash happens in the application's
   error handling path, where the gnutls_deinit function is called after
   detecting a handshake failure (#1071).  [GNUTLS-SA-2020-09-04, CVSS: medium]

** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
   indicates that with a false return value (!1306).

** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
   accordingly to SP800-56A rev 3 (!1295, !1299).

** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
   the size of the internal base64 blob (#1025). The new behavior aligns to the
   existing documentation.

** libgnutls: Certificate verification failue due to OCSP must-stapling is not
   honered is now correctly marked with the GNUTLS_CERT_INVALID flag
   (!1317). The new behavior aligns to the existing documentation.

** libgnutls: The audit log message for weak hashes is no longer printed twice
   (!1301).

** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
   disabled in the priority string. Previously, even when TLS 1.2 is explicitly
   disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
   enabled (#1054).

** API and ABI modifications:
No changes since last version.

diffstat:

 security/gnutls/Makefile |   5 ++---
 security/gnutls/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diffs (31 lines):

diff -r 803d67b24bbc -r a4b965dff173 security/gnutls/Makefile
--- a/security/gnutls/Makefile  Mon Sep 07 15:18:07 2020 +0000
+++ b/security/gnutls/Makefile  Mon Sep 07 15:47:15 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.216 2020/08/31 18:11:07 wiz Exp $
+# $NetBSD: Makefile,v 1.217 2020/09/07 15:47:15 leot Exp $
 
-DISTNAME=      gnutls-3.6.14
-PKGREVISION=   2
+DISTNAME=      gnutls-3.6.15
 CATEGORIES=    security devel
 MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz
diff -r 803d67b24bbc -r a4b965dff173 security/gnutls/distinfo
--- a/security/gnutls/distinfo  Mon Sep 07 15:18:07 2020 +0000
+++ b/security/gnutls/distinfo  Mon Sep 07 15:47:15 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.144 2020/06/08 19:48:14 leot Exp $
+$NetBSD: distinfo,v 1.145 2020/09/07 15:47:15 leot Exp $
 
-SHA1 (gnutls-3.6.14.tar.xz) = bea1b5abcb691acf014e592f41d0a9580a41216a
-RMD160 (gnutls-3.6.14.tar.xz) = 89c4f89e4453c2d08ad0918fbf099d9fbcfe9cba
-SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
-Size (gnutls-3.6.14.tar.xz) = 6069088 bytes
+SHA1 (gnutls-3.6.15.tar.xz) = 00ef7d93347df586c3d1a00f13c326706c0c59ba
+RMD160 (gnutls-3.6.15.tar.xz) = 870c338ae8c2b6acd7000eb7daa287082ab04609
+SHA512 (gnutls-3.6.15.tar.xz) = f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
+Size (gnutls-3.6.15.tar.xz) = 6081656 bytes
 SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
 SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e



Home | Main Index | Thread Index | Old Index