pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/gnutls gnutls: Update to 3.6.10
details: https://anonhg.NetBSD.org/pkgsrc/rev/8e46922a70ec
branches: trunk
changeset: 415287:8e46922a70ec
user: nia <nia%pkgsrc.org@localhost>
date: Fri Oct 04 17:25:53 2019 +0000
description:
gnutls: Update to 3.6.10
* Version 3.6.10 (released 2019-09-29)
** libgnutls: Added support for deterministic ECDSA/DSA (RFC6979)
Deterministic signing can be enabled by setting
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*()
functions (#94).
** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2
functions that will perform in-place encryption/decryption on data buffers (#718).
** libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under
TLS1.3, if a timeout callback was not set using gnutls_transport_set_pull_timeout_function()
(#823).
** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
issue with large record handling due to random padding (#811).
** libgnutls: the server now selects the highest TLS protocol version,
if TLS 1.3 is enabled and the client advertises an older protocol version first (#837).
** libgnutls: fix non-PIC assembly on i386 (#818).
** libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode
and MAC generation based on GOST 28147-89 (IMIT). For description of the
modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in
RFC 7836.
** certtool: when outputting an encrypted private key do not insert the textual description
of it. This fixes a regression since 3.6.5 (#840).
** API and ABI modifications:
gnutls_aead_cipher_encryptv2: Added
gnutls_aead_cipher_decryptv2: Added
GNUTLS_CIPHER_GOST28147_TC26Z_CNT: Added
GNUTLS_MAC_GOST28147_TC26Z_IMIT: Added
diffstat:
security/gnutls/Makefile | 7 +-
security/gnutls/PLIST | 9 +-
security/gnutls/PLIST.dane | 6 +
security/gnutls/distinfo | 15 +-
security/gnutls/options.mk | 5 +-
security/gnutls/patches/patch-cfg.mk | 90 ---------
security/gnutls/patches/patch-config.h.in | 15 -
security/gnutls/patches/patch-configure | 95 ----------
security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s | 27 --
security/gnutls/patches/patch-lib_accelerated_x86_x86-common.c | 59 ------
10 files changed, 20 insertions(+), 308 deletions(-)
diffs (truncated from 428 to 300 lines):
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/Makefile
--- a/security/gnutls/Makefile Fri Oct 04 17:02:16 2019 +0000
+++ b/security/gnutls/Makefile Fri Oct 04 17:25:53 2019 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.202 2019/10/01 14:34:08 nia Exp $
+# $NetBSD: Makefile,v 1.203 2019/10/04 17:25:53 nia Exp $
-DISTNAME= gnutls-3.6.9
-PKGREVISION= 2
+DISTNAME= gnutls-3.6.10
CATEGORIES= security devel
MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
EXTRACT_SUFX= .tar.xz
@@ -13,6 +12,8 @@
DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
+PLIST_SRC= PLIST
+
USE_LANGUAGES= c c++
USE_LIBTOOL= yes
USE_PKGLOCALEDIR= yes
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/PLIST
--- a/security/gnutls/PLIST Fri Oct 04 17:02:16 2019 +0000
+++ b/security/gnutls/PLIST Fri Oct 04 17:25:53 2019 +0000
@@ -1,6 +1,5 @@
-@comment $NetBSD: PLIST,v 1.67 2019/09/18 19:00:13 tnn Exp $
+@comment $NetBSD: PLIST,v 1.68 2019/10/04 17:25:53 nia Exp $
bin/certtool
-${PLIST.dane}bin/danetool
bin/gnutls-cli
bin/gnutls-cli-debug
bin/gnutls-serv
@@ -11,7 +10,6 @@
include/gnutls/abstract.h
include/gnutls/compat.h
include/gnutls/crypto.h
-${PLIST.dane}include/gnutls/dane.h
include/gnutls/dtls.h
include/gnutls/gnutls.h
include/gnutls/gnutlsxx.h
@@ -38,13 +36,10 @@
info/gnutls-x509.png
info/gnutls.info
info/pkcs11-vision.png
-${PLIST.dane}lib/libgnutls-dane.la
lib/libgnutls.la
lib/libgnutlsxx.la
-${PLIST.dane}lib/pkgconfig/gnutls-dane.pc
lib/pkgconfig/gnutls.pc
man/man1/certtool.1
-${PLIST.dane}man/man1/danetool.1
man/man1/gnutls-cli-debug.1
man/man1/gnutls-cli.1
man/man1/gnutls-serv.1
@@ -72,9 +67,11 @@
man/man3/dane_verify_crt_raw.3
man/man3/dane_verify_session_crt.3
man/man3/gnutls_aead_cipher_decrypt.3
+man/man3/gnutls_aead_cipher_decryptv2.3
man/man3/gnutls_aead_cipher_deinit.3
man/man3/gnutls_aead_cipher_encrypt.3
man/man3/gnutls_aead_cipher_encryptv.3
+man/man3/gnutls_aead_cipher_encryptv2.3
man/man3/gnutls_aead_cipher_init.3
man/man3/gnutls_alert_get.3
man/man3/gnutls_alert_get_name.3
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/PLIST.dane
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/PLIST.dane Fri Oct 04 17:25:53 2019 +0000
@@ -0,0 +1,6 @@
+@comment $NetBSD: PLIST.dane,v 1.1 2019/10/04 17:25:53 nia Exp $
+bin/danetool
+include/gnutls/dane.h
+lib/libgnutls-dane.la
+lib/pkgconfig/gnutls-dane.pc
+man/man1/danetool.1
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/distinfo
--- a/security/gnutls/distinfo Fri Oct 04 17:02:16 2019 +0000
+++ b/security/gnutls/distinfo Fri Oct 04 17:25:53 2019 +0000
@@ -1,15 +1,10 @@
-$NetBSD: distinfo,v 1.139 2019/09/30 09:51:16 maya Exp $
+$NetBSD: distinfo,v 1.140 2019/10/04 17:25:53 nia Exp $
-SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296
-RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513
-SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07
-Size (gnutls-3.6.9.tar.xz) = 5773928 bytes
-SHA1 (patch-cfg.mk) = c91374a0f9c3031ea90d7f8c455d9e7e42de464b
-SHA1 (patch-config.h.in) = 9f403bd91ddb90d970ba56f91a56e0339848c026
-SHA1 (patch-configure) = 0fcfa9255f15a43aced7262bc2c5084945910aec
+SHA1 (gnutls-3.6.10.tar.xz) = c073c6b0c57506a592854471576321be80f809d4
+RMD160 (gnutls-3.6.10.tar.xz) = fe2df3aead55853711a0dbd80ef5dd648a4e09a7
+SHA512 (gnutls-3.6.10.tar.xz) = fe0481f9e4219e983b01b91e69ffd95819a4c0d0c09028509106d561967e9c5d900bc5e3a48140a34fa4467feda2a619085adf3fa8fdade96c8debf125e91ae8
+Size (gnutls-3.6.10.tar.xz) = 5795984 bytes
SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
-SHA1 (patch-lib_accelerated_x86_elf_aesni-x86.s) = 834fe259954c1806185d95a5029ba0379bd31cce
-SHA1 (patch-lib_accelerated_x86_x86-common.c) = ccbf4e01f5bcb01b998e80294ecae2f0413680b8
SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4
SHA1 (patch-src_libopts_compat_compat.h) = 240fbfc0ba20af35e0634ba873fe9e34bfbcc921
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/options.mk
--- a/security/gnutls/options.mk Fri Oct 04 17:02:16 2019 +0000
+++ b/security/gnutls/options.mk Fri Oct 04 17:25:53 2019 +0000
@@ -1,15 +1,14 @@
-# $NetBSD: options.mk,v 1.1 2019/09/18 15:27:05 ng0 Exp $
+# $NetBSD: options.mk,v 1.2 2019/10/04 17:25:53 nia Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.gnutls
PKG_SUPPORTED_OPTIONS= dane
-PLIST_VARS+= dane
.include "../../mk/bsd.options.mk"
.if !empty(PKG_OPTIONS:Mdane)
.include "../../net/unbound/buildlink3.mk"
CONFIGURE_ARGS+= --enable-libdane
-PLIST.dane= yes
+PLIST_SRC+= PLIST.dane
.else
CONFIGURE_ARGS+= --disable-libdane
.endif
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/patches/patch-cfg.mk
--- a/security/gnutls/patches/patch-cfg.mk Fri Oct 04 17:02:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,90 +0,0 @@
-$NetBSD: patch-cfg.mk,v 1.1 2019/09/30 09:51:16 maya Exp $
-
-Avoid text relocations.
-
-commit 56b333df895475b202780add2e873c7cf5ade0d3
-Author: Andreas Metzler <ametzler%debian.org@localhost>
-Date: Sat Sep 28 14:28:12 2019 +0200
-
- Regenerate asm files with -fPIC
-
- CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
- as option. Set -fPIC for the same files as openssl does.
-
- Closes #818
-
---- cfg.mk.orig 2019-06-28 19:06:07.000000000 +0000
-+++ cfg.mk
-@@ -143,6 +143,12 @@ ASM_SOURCES_XXX := \
- lib/accelerated/x86/XXX/aes-ssse3-x86.s \
- lib/accelerated/x86/XXX/aes-ssse3-x86_64.s
-
-+# CRYPTOGAMS' perl-scripts can produce different output if -fPIC
-+# is passed as option. List the files that seem to need it:
-+PL_NEEDS_FPIC := aesni-x86.pl aes-ssse3-x86.pl e_padlock-x86.pl \
-+ ghash-x86.pl sha1-ssse3-x86.pl sha256-ssse3-x86.pl \
-+ sha512-ssse3-x86.pl
-+
- ASM_SOURCES_ELF := $(subst XXX,elf,$(ASM_SOURCES_XXX))
- ASM_SOURCES_COFF := $(subst XXX,coff,$(ASM_SOURCES_XXX))
- ASM_SOURCES_MACOSX := $(subst XXX,macosx,$(ASM_SOURCES_XXX))
-@@ -193,33 +199,43 @@ lib/accelerated/x86/files.mk: $(ASM_SOUR
-
- # Appro's code
- lib/accelerated/x86/elf/%.s: devel/perlasm/%.pl .submodule.stamp
-- CC=gcc perl $< elf $@.tmp
-+ CC=gcc perl $< elf \
-+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
-+ $@.tmp
- cat $<.license $@.tmp > $@ && rm -f $@.tmp
- echo "" >> $@
- echo ".section .note.GNU-stack,\"\",%progbits" >> $@
- sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
-
- lib/accelerated/x86/coff/%-x86.s: devel/perlasm/%-x86.pl .submodule.stamp
-- CC=gcc perl $< coff $@.tmp
-+ CC=gcc perl $< coff \
-+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
-+ $@.tmp
- cat $<.license $@.tmp > $@ && rm -f $@.tmp
- echo "" >> $@
- sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
-
- lib/accelerated/x86/coff/%-x86_64.s: devel/perlasm/%-x86_64.pl .submodule.stamp
-- CC=gcc perl $< mingw64 $@.tmp
-+ CC=gcc perl $< mingw64 \
-+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
-+ $@.tmp
- cat $<.license $@.tmp > $@ && rm -f $@.tmp
- echo "" >> $@
- sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
-
- lib/accelerated/x86/macosx/%.s: devel/perlasm/%.pl .submodule.stamp
-- CC=gcc perl $< macosx $@.tmp
-+ CC=gcc perl $< macosx \
-+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
-+ $@.tmp
- cat $<.license $@.tmp > $@ && rm -f $@.tmp
- echo "" >> $@
- sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
-
- lib/accelerated/aarch64/elf/%.s: devel/perlasm/%.pl .submodule.stamp
- rm -f $@tmp
-- CC=aarch64-linux-gnu-gcc perl $< linux64 $@.tmp
-+ CC=aarch64-linux-gnu-gcc perl $< linux64 \
-+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
-+ $@.tmp
- cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S
- echo "" >> $@.tmp.S
- sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S
-@@ -231,7 +247,9 @@ lib/accelerated/aarch64/elf/%.s: devel/p
-
- lib/accelerated/aarch64/macosx/%.s: devel/perlasm/%.pl .submodule.stamp
- rm -f $@tmp
-- CC=aarch64-linux-gnu-gcc perl $< ios64 $@.tmp
-+ CC=aarch64-linux-gnu-gcc perl $< ios64 \
-+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
-+ $@.tmp
- cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S
- echo "" >> $@.tmp.S
- sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/patches/patch-config.h.in
--- a/security/gnutls/patches/patch-config.h.in Fri Oct 04 17:02:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-config.h.in,v 1.1 2019/09/16 17:01:46 nros Exp $
-Fix compilation on gcc and clang versions missing __get_cpuid_count
-taken from upstream:
-https://gitlab.com/gnutls/gnutls/commit/ef80617d1e17e0878a909baad62a75ba265c0e00
-This is fixed in 3.6.10 so remove this if updating to 3.6.10 or above
---- config.h.in.orig 2019-07-25 18:39:21.000000000 +0000
-+++ config.h.in
-@@ -1,5 +1,7 @@
- /* config.h.in. Generated from configure.ac by autoheader. */
-
-+#undef HAVE_GET_CPUID_COUNT
-+
- /* Define if building universal (internal helper macro) */
- #undef AC_APPLE_UNIVERSAL_BUILD
-
diff -r 1e1b045b89c2 -r 8e46922a70ec security/gnutls/patches/patch-configure
--- a/security/gnutls/patches/patch-configure Fri Oct 04 17:02:16 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-$NetBSD: patch-configure,v 1.3 2019/09/16 17:01:46 nros Exp $
-Fix compilation on gcc and clang versions missing __get_cpuid_count
-taken from upstream:
-https://gitlab.com/gnutls/gnutls/commit/ef80617d1e17e0878a909baad62a75ba265c0e00
-This is fixed in 3.6.10 so remove this if updating to 3.6.10 or above
---- configure.orig 2019-09-16 16:20:13.879358983 +0000
-+++ configure
-@@ -2036,7 +2036,6 @@ infodir
- docdir
- oldincludedir
- includedir
--runstatedir
- localstatedir
- sharedstatedir
- sysconfdir
-@@ -2226,7 +2225,6 @@ datadir='${datarootdir}'
- sysconfdir='${prefix}/etc'
- sharedstatedir='${prefix}/com'
- localstatedir='${prefix}/var'
--runstatedir='${localstatedir}/run'
- includedir='${prefix}/include'
- oldincludedir='/usr/include'
- docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-@@ -2479,15 +2477,6 @@ do
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
-- -runstatedir | --runstatedir | --runstatedi | --runstated \
-- | --runstate | --runstat | --runsta | --runst | --runs \
-- | --run | --ru | --r)
-- ac_prev=runstatedir ;;
-- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-- | --run=* | --ru=* | --r=*)
-- runstatedir=$ac_optarg ;;
--
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-@@ -2625,7 +2614,7 @@ fi
- for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-- libdir localedir mandir runstatedir
-+ libdir localedir mandir
- do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
-@@ -2778,7 +2767,6 @@ Fine tuning of the installation director
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
-- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
-@@ -9782,6 +9770,29 @@ done
- ;;
- esac
-
-+# check for gcc's __get_cpuid_count functionality
Home |
Main Index |
Thread Index |
Old Index