pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2018Q3]: pkgsrc/security/gnutls Pullup ticket #5880 - requeste...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4119675c40df
branches: pkgsrc-2018Q3
changeset: 334139:4119675c40df
user: spz <spz%pkgsrc.org@localhost>
date: Thu Nov 22 05:45:13 2018 +0000
description:
Pullup ticket #5880 - requested by nia
security/gnutls: security update
Revisions pulled up:
- security/gnutls/Makefile 1.191
- security/gnutls/PLIST 1.61
- security/gnutls/distinfo 1.131
- security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Nov 9 18:03:45 UTC 2018
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-doc_examples_tlsproxy_tlsproxy.c
Log Message:
gnutls: update to 3.6.4.
* Version 3.6.4 (released 2018-09-24)
** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
gnutls_certificate_set_retrieve_function() which could not handle the case where
no certificates were returned, or the callbacks were set to NULL (see #528).
** libgnutls: gnutls_handshake() on server returns early on handshake when no
certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
is specified.
** libgnutls: Added session ticket key rotation on server side with TOTP.
The key set with gnutls_session_ticket_enable_server() is used as a
master key to generate time-based keys for tickets. The rotation
relates to the gnutls_db_set_cache_expiration() period.
** libgnutls: The 'record size limit' extension is added and preferred to the
'max record size' extension when possible.
** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
This addresses the problem where the CA certificate doesn't have a subject key
identifier whereas the end certificates have an authority key identifier (#569)
** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
and export GOST parameters in the "native" little endian format used for these
curves. This is an intentional incompatible change with 3.6.3.
** libgnutls: Added support for seperately negotiating client and server certificate types
as defined in RFC7250. This mechanism must be explicitly enabled via the
GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
** gnutls-cli: enable CRL validation on startup (#564)
** API and ABI modifications:
GNUTLS_ENABLE_EARLY_START: Added
GNUTLS_ENABLE_CERT_TYPE_NEG: Added
GNUTLS_TL_FAIL_ON_INVALID_CRL: Added
GNUTLS_CERTIFICATE_VERIFY_CRLS: Added
gnutls_ctype_target_t: New enumeration
gnutls_record_set_max_early_data_size: Added
gnutls_certificate_type_get2: Added
gnutls_priority_certificate_type_list2: Added
gnutls_ffdhe_6144_group_prime: Added
gnutls_ffdhe_6144_group_generator: Added
gnutls_ffdhe_6144_key_bits: Added
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.60 -r1.61 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.130 -r1.131 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c
diffstat:
security/gnutls/Makefile | 5 +-
security/gnutls/PLIST | 5 +-
security/gnutls/distinfo | 11 ++--
security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c | 24 ----------
4 files changed, 11 insertions(+), 34 deletions(-)
diffs (93 lines):
diff -r d247a75fe04f -r 4119675c40df security/gnutls/Makefile
--- a/security/gnutls/Makefile Fri Nov 09 18:57:59 2018 +0000
+++ b/security/gnutls/Makefile Thu Nov 22 05:45:13 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.190 2018/09/27 18:32:35 tnn Exp $
+# $NetBSD: Makefile,v 1.190.2.1 2018/11/22 05:45:13 spz Exp $
-DISTNAME= gnutls-3.6.3
-PKGREVISION= 2
+DISTNAME= gnutls-3.6.4
CATEGORIES= security devel
MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/
EXTRACT_SUFX= .tar.xz
diff -r d247a75fe04f -r 4119675c40df security/gnutls/PLIST
--- a/security/gnutls/PLIST Fri Nov 09 18:57:59 2018 +0000
+++ b/security/gnutls/PLIST Thu Nov 22 05:45:13 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.60 2018/08/16 11:05:47 wiz Exp $
+@comment $NetBSD: PLIST,v 1.60.2.1 2018/11/22 05:45:13 spz Exp $
bin/certtool
bin/gnutls-cli
bin/gnutls-cli-debug
@@ -148,6 +148,7 @@
man/man3/gnutls_certificate_set_x509_trust_file.3
man/man3/gnutls_certificate_set_x509_trust_mem.3
man/man3/gnutls_certificate_type_get.3
+man/man3/gnutls_certificate_type_get2.3
man/man3/gnutls_certificate_type_get_id.3
man/man3/gnutls_certificate_type_get_name.3
man/man3/gnutls_certificate_type_list.3
@@ -514,6 +515,7 @@
man/man3/gnutls_prf_raw.3
man/man3/gnutls_prf_rfc5705.3
man/man3/gnutls_priority_certificate_type_list.3
+man/man3/gnutls_priority_certificate_type_list2.3
man/man3/gnutls_priority_cipher_list.3
man/man3/gnutls_priority_compression_list.3
man/man3/gnutls_priority_deinit.3
@@ -656,6 +658,7 @@
man/man3/gnutls_record_send.3
man/man3/gnutls_record_send2.3
man/man3/gnutls_record_send_range.3
+man/man3/gnutls_record_set_max_early_data_size.3
man/man3/gnutls_record_set_max_size.3
man/man3/gnutls_record_set_state.3
man/man3/gnutls_record_set_timeout.3
diff -r d247a75fe04f -r 4119675c40df security/gnutls/distinfo
--- a/security/gnutls/distinfo Fri Nov 09 18:57:59 2018 +0000
+++ b/security/gnutls/distinfo Thu Nov 22 05:45:13 2018 +0000
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.130 2018/08/16 11:05:47 wiz Exp $
+$NetBSD: distinfo,v 1.130.2.1 2018/11/22 05:45:13 spz Exp $
-SHA1 (gnutls-3.6.3.tar.xz) = ac96787a7fbd550a2b201e64c0e752821e90fed7
-RMD160 (gnutls-3.6.3.tar.xz) = 108848d1b51e0d81ac1b2fdce596222d486fc737
-SHA512 (gnutls-3.6.3.tar.xz) = 6238502464d229a9777e3076f4c745d16deaada83c9da756ecdcd370947576e0446bda3a7f85d5a099b745bbf8c0134ebdf6632e4b26d61daf170792fb4f5abe
-Size (gnutls-3.6.3.tar.xz) = 8010284 bytes
-SHA1 (patch-doc_examples_tlsproxy_tlsproxy.c) = 42f2cfbf77cb6169d733a1f56c6f141f66e055cd
+SHA1 (gnutls-3.6.4.tar.xz) = cb3e25d477a8821b05ba8e0596093ddb64c3f702
+RMD160 (gnutls-3.6.4.tar.xz) = fee56aaf3ecb6e7e7e18c804592dadac555ec517
+SHA512 (gnutls-3.6.4.tar.xz) = f39ac09b48ebf230653cbf82b29ded39a1403313067135495b23f428b35783f9ef073993157d1f284678abedd19e2cf1fd01af843001b88320ca17b346b219ab
+Size (gnutls-3.6.4.tar.xz) = 8076364 bytes
SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c
SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4
diff -r d247a75fe04f -r 4119675c40df security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c
--- a/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c Fri Nov 09 18:57:59 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-doc_examples_tlsproxy_tlsproxy.c,v 1.1 2018/08/16 11:05:47 wiz Exp $
-
-Improve portability outside Linux.
-
---- doc/examples/tlsproxy/tlsproxy.c.orig 2018-07-02 18:00:33.000000000 +0000
-+++ doc/examples/tlsproxy/tlsproxy.c
-@@ -67,7 +67,7 @@ bindtoaddress (char *addrport)
- hints.ai_socktype = SOCK_STREAM; /* Stream socket */
- hints.ai_protocol = 0; /* any protocol */
-
-- char *addr = strdupa (addrport);
-+ char *addr = strdup (addrport);
- char *colon = strrchr (addr, ':');
- char *port = defaultport;
- if (colon)
-@@ -134,7 +134,7 @@ connecttoaddress (char *addrport)
- hints.ai_socktype = SOCK_STREAM; /* Stream socket */
- hints.ai_protocol = 0; /* any protocol */
-
-- char *addr = strdupa (addrport);
-+ char *addr = strdup (addrport);
- char *colon = strrchr (addr, ':');
- char *port = defaultport;
- if (colon)
Home |
Main Index |
Thread Index |
Old Index