pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/gnutls gnutls: Update security/gnutls to 3.6.5



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1c897ff5b58b
branches:  trunk
changeset: 388540:1c897ff5b58b
user:      leot <leot%pkgsrc.org@localhost>
date:      Sun Dec 09 20:12:41 2018 +0000

description:
gnutls: Update security/gnutls to 3.6.5

pkgsrc changes:
- Remove comments regarding bash and tests (bash was added
  unconditionally due REPLACE_BASH usages)

Changes:
3.6.5
-----
** libgnutls: Provide the option of transparent re-handshake/reauthentication
   when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
** libgnutls: The priority functions will ignore and not enable TLS1.3 if
   requested with legacy TLS versions enabled but not TLS1.2. That is because
   if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
   servers which do not support TLS1.3 will negotiate TLS1.2 which will be
   rejected by the client as disabled (#621).
** libgnutls: Change RSA decryption to use a new side-channel silent function.
   This addresses a security issue where memory access patterns as well as timing
   on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
   attacks. Side-channel resistant code is slower due to the need to mask
   access and timings. When used in TLS the new functions cause RSA based
   handshakes to be between 13% and 28% slower on average (Numbers are indicative,
   the tests where performed on a relatively modern Intel CPU, results vary
   depending on the CPU and architecture used). This change makes nettle 3.4.1
   the minimum requirement of gnutls (#630). [CVSS: medium]
** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
   in the priority string. It is only accepted as legacy option and is ignored.
** libgnutls: Added support for EdDSA under PKCS#11 (#417)
** libgnutls: Added support for AES-CFB8 cipher (#357)
** libgnutls: Added support for AES-CMAC MAC (#351)
** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
   have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
   S-BOXes). They are fixed now.
** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
   keys parsing, as specified in R 50.1.112-2016.
** gnutls-serv: It applies the default settings when no --priority option is given,
   using gnutls_set_default_priority().
** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
   option (#561)
** certtool: Add parameter --no-text that prevents certtool from outputting
   text before PEM-encoded private key, public key, certificate, CRL or CSR.

** API and ABI modifications:
GNUTLS_AUTO_REAUTH: Added
GNUTLS_CIPHER_AES_128_CFB8: Added
GNUTLS_CIPHER_AES_192_CFB8: Added
GNUTLS_CIPHER_AES_256_CFB8: Added
GNUTLS_MAC_AES_CMAC_128: Added
GNUTLS_MAC_AES_CMAC_256: Added
gnutls_record_get_max_early_data_size: Added
gnutls_record_send_early_data: Added
gnutls_record_recv_early_data: Added
gnutls_db_check_entry_expire_time: Added
gnutls_anti_replay_set_add_function: Added
gnutls_anti_replay_init: Added
gnutls_anti_replay_deinit: Added
gnutls_anti_replay_set_window: Added
gnutls_anti_replay_enable: Added
gnutls_privkey_decrypt_data2: Added

diffstat:

 security/gnutls/Makefile      |  12 +++---------
 security/gnutls/PLIST         |  13 ++++++++++++-
 security/gnutls/buildlink3.mk |   3 ++-
 security/gnutls/distinfo      |  10 +++++-----
 4 files changed, 22 insertions(+), 16 deletions(-)

diffs (126 lines):

diff -r 2a4dddd4c250 -r 1c897ff5b58b security/gnutls/Makefile
--- a/security/gnutls/Makefile  Sun Dec 09 20:12:04 2018 +0000
+++ b/security/gnutls/Makefile  Sun Dec 09 20:12:41 2018 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.191 2018/11/09 18:03:45 nia Exp $
+# $NetBSD: Makefile,v 1.192 2018/12/09 20:12:41 leot Exp $
 
-DISTNAME=      gnutls-3.6.4
+DISTNAME=      gnutls-3.6.5
 CATEGORIES=    security devel
 MASTER_SITES=  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz
@@ -28,13 +28,7 @@
 CONFIGURE_ARGS.SunOS+=         --disable-hardware-acceleration
 CONFIGURE_ARGS.FreeBSD+=       ac_cv_type_max_align_t=yes
 
-# as of 3.5.8, 0 test failures
 TEST_TARGET=           check
-# without the USE_TOOLS line below, the fastopen.sh test fails
-# but when this line is added, the tool path for bash is embedded
-# in to the binaries, so only enable this for testing and
-# disable before commit
-#USE_TOOLS+=           bash
 
 INFO_FILES=            yes
 
@@ -85,7 +79,7 @@
 #.include "../../lang/guile20/buildlink3.mk"
 BUILDLINK_API_DEPENDS.libtasn1+=       libtasn1>=4.9
 .include "../../security/libtasn1/buildlink3.mk"
-BUILDLINK_API_DEPENDS.nettle+=         nettle>=3.1
+BUILDLINK_API_DEPENDS.nettle+=         nettle>=3.4.1
 .include "../../security/nettle/buildlink3.mk"
 BUILDLINK_API_DEPENDS.p11-kit+=        p11-kit>=0.23.1
 .include "../../security/p11-kit/buildlink3.mk"
diff -r 2a4dddd4c250 -r 1c897ff5b58b security/gnutls/PLIST
--- a/security/gnutls/PLIST     Sun Dec 09 20:12:04 2018 +0000
+++ b/security/gnutls/PLIST     Sun Dec 09 20:12:41 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.61 2018/11/09 18:03:45 nia Exp $
+@comment $NetBSD: PLIST,v 1.62 2018/12/09 20:12:41 leot Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -86,6 +86,12 @@
 man/man3/gnutls_anon_set_server_dh_params.3
 man/man3/gnutls_anon_set_server_known_dh_params.3
 man/man3/gnutls_anon_set_server_params_function.3
+man/man3/gnutls_anti_replay_deinit.3
+man/man3/gnutls_anti_replay_enable.3
+man/man3/gnutls_anti_replay_init.3
+man/man3/gnutls_anti_replay_set_add_function.3
+man/man3/gnutls_anti_replay_set_ptr.3
+man/man3/gnutls_anti_replay_set_window.3
 man/man3/gnutls_auth_client_get_type.3
 man/man3/gnutls_auth_get_type.3
 man/man3/gnutls_auth_server_get_type.3
@@ -188,6 +194,7 @@
 man/man3/gnutls_crypto_register_digest.3
 man/man3/gnutls_crypto_register_mac.3
 man/man3/gnutls_db_check_entry.3
+man/man3/gnutls_db_check_entry_expire_time.3
 man/man3/gnutls_db_check_entry_time.3
 man/man3/gnutls_db_get_default_cache_expiration.3
 man/man3/gnutls_db_get_ptr.3
@@ -532,6 +539,7 @@
 man/man3/gnutls_priority_sign_list.3
 man/man3/gnutls_priority_string_list.3
 man/man3/gnutls_privkey_decrypt_data.3
+man/man3/gnutls_privkey_decrypt_data2.3
 man/man3/gnutls_privkey_deinit.3
 man/man3/gnutls_privkey_export_dsa_raw.3
 man/man3/gnutls_privkey_export_dsa_raw2.3
@@ -649,14 +657,17 @@
 man/man3/gnutls_record_discard_queued.3
 man/man3/gnutls_record_get_direction.3
 man/man3/gnutls_record_get_discarded.3
+man/man3/gnutls_record_get_max_early_data_size.3
 man/man3/gnutls_record_get_max_size.3
 man/man3/gnutls_record_get_state.3
 man/man3/gnutls_record_overhead_size.3
 man/man3/gnutls_record_recv.3
+man/man3/gnutls_record_recv_early_data.3
 man/man3/gnutls_record_recv_packet.3
 man/man3/gnutls_record_recv_seq.3
 man/man3/gnutls_record_send.3
 man/man3/gnutls_record_send2.3
+man/man3/gnutls_record_send_early_data.3
 man/man3/gnutls_record_send_range.3
 man/man3/gnutls_record_set_max_early_data_size.3
 man/man3/gnutls_record_set_max_size.3
diff -r 2a4dddd4c250 -r 1c897ff5b58b security/gnutls/buildlink3.mk
--- a/security/gnutls/buildlink3.mk     Sun Dec 09 20:12:04 2018 +0000
+++ b/security/gnutls/buildlink3.mk     Sun Dec 09 20:12:41 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.33 2018/04/19 22:12:25 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.34 2018/12/09 20:12:41 leot Exp $
 
 BUILDLINK_TREE+=       gnutls
 
@@ -14,6 +14,7 @@
 .include "../../devel/libcfg+/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/libtasn1/buildlink3.mk"
+BUILDLINK_API_DEPENDS.nettle+=         nettle>=3.4.1
 .include "../../security/nettle/buildlink3.mk"
 .include "../../security/p11-kit/buildlink3.mk"
 .include "../../textproc/libunistring/buildlink3.mk"
diff -r 2a4dddd4c250 -r 1c897ff5b58b security/gnutls/distinfo
--- a/security/gnutls/distinfo  Sun Dec 09 20:12:04 2018 +0000
+++ b/security/gnutls/distinfo  Sun Dec 09 20:12:41 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.131 2018/11/09 18:03:45 nia Exp $
+$NetBSD: distinfo,v 1.132 2018/12/09 20:12:41 leot Exp $
 
-SHA1 (gnutls-3.6.4.tar.xz) = cb3e25d477a8821b05ba8e0596093ddb64c3f702
-RMD160 (gnutls-3.6.4.tar.xz) = fee56aaf3ecb6e7e7e18c804592dadac555ec517
-SHA512 (gnutls-3.6.4.tar.xz) = f39ac09b48ebf230653cbf82b29ded39a1403313067135495b23f428b35783f9ef073993157d1f284678abedd19e2cf1fd01af843001b88320ca17b346b219ab
-Size (gnutls-3.6.4.tar.xz) = 8076364 bytes
+SHA1 (gnutls-3.6.5.tar.xz) = 749fcaba23f63b523ec2ad262caeca6f1e62fc6f
+RMD160 (gnutls-3.6.5.tar.xz) = a7194f821deb3b1cd9efa7be8382bf893e317a8e
+SHA512 (gnutls-3.6.5.tar.xz) = 127f053ce45c63cd745fa5a654a2d8e4fbc322f5e17dcc3740fb2e7b376dd18dad59318d66e6e93e37d6a179fca4b35cf2ae62d13be5645cd2d06badd79d4dce
+Size (gnutls-3.6.5.tar.xz) = 8192888 bytes
 SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
 SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c
 SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4



Home | Main Index | Thread Index | Old Index