CVS commit: pkgsrc/security/gnutls

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/gnutls
From: "Nia Alarie" <nia%netbsd.org@localhost>
Date: Mon, 16 Sep 2019 00:28:48 +0000

Module Name:    pkgsrc
Committed By:   nia
Date:           Mon Sep 16 00:28:48 UTC 2019

Modified Files:
        pkgsrc/security/gnutls: Makefile PLIST distinfo

Log Message:
gnutls: Update to 3.6.9

* Version 3.6.9 (released 2019-07-25)

** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
   of digest or MAC context. Copying contexts for externally-registered digest and MAC
   contexts is unupported (#787).

** Marked the crypto implementation override APIs as deprecated. These APIs are rarely
   used, are for a niche use case, but have significant side effects, such as preventing
   any internal re-organization and extension of the internal cipher API. The APIs remain
   functional though a compiler warning will be issued, and a future minor version update
   may transform them to a no-op while keeping ABI compatibility (#789).

** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781).

** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
   flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash().

** libgnutls: Added support for Generalname registeredID.

** The priority configuration was enhanced to allow more elaborate
   system-wide configuration of the library (#587).
   The following changes were included:
    - The file is read as an ini file with '#' indicating a comment.
    - The section "[priorities]" or global follows the existing semantics of
      the configuration file, and allows to specify system-wide priority strings
      which are accessed with the '@' prefix.
    - The section "[overrides]" is added with the parameters "insecure-hash",
      "insecure-sig", "insecure-sig-for-cert", "disabled-curve",
      "disabled-version", "min-verification-profile", "tls-disabled-cipher",
      "tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit
      specific algorithms or options globally. Existing algorithms in the
      library can be marked as disabled and insecure, but no hard-coded
      insecure algorithm can be marked as secure (so that the configuration
      cannot be abused to make the system vulnerable).
    - Unknown sections or options are skipped with a debug message, unless
      the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is
      set to 1.

** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE
    - 0x20: Enable SHA_NI instruction set

** API and ABI modifications:
gnutls_crypto_register_cipher: Deprecated
gnutls_crypto_register_aead_cipher: Deprecated
gnutls_crypto_register_digest: Deprecated
gnutls_crypto_register_mac: Deprecated
gnutls_get_system_config_file: Added
gnutls_hash_copy: Added
gnutls_hmac_copy: Added
GNUTLS_MAC_AES_GMAC_128: Added
GNUTLS_MAC_AES_GMAC_192: Added
GNUTLS_MAC_AES_CMAC_256: Added
GNUTLS_SAN_REGISTERED_ID: Added


To generate a diff of this commit:
cvs rdiff -u -r1.198 -r1.199 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.64 -r1.65 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.136 -r1.137 pkgsrc/security/gnutls/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.198 pkgsrc/security/gnutls/Makefile:1.199
--- pkgsrc/security/gnutls/Makefile:1.198       Sun Aug 11 13:22:46 2019
+++ pkgsrc/security/gnutls/Makefile     Mon Sep 16 00:28:48 2019
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.198 2019/08/11 13:22:46 wiz Exp $
+# $NetBSD: Makefile,v 1.199 2019/09/16 00:28:48 nia Exp $
 
-DISTNAME=      gnutls-3.6.8
-PKGREVISION=   2
+DISTNAME=      gnutls-3.6.9
 CATEGORIES=    security devel
-MASTER_SITES=  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/
+MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=      http://www.gnutls.org/
+HOMEPAGE=      https://www.gnutls.org/
 COMMENT=       GNU Transport Layer Security library
 LICENSE=       gnu-gpl-v3 AND gnu-lgpl-v2.1
 

Index: pkgsrc/security/gnutls/PLIST
diff -u pkgsrc/security/gnutls/PLIST:1.64 pkgsrc/security/gnutls/PLIST:1.65
--- pkgsrc/security/gnutls/PLIST:1.64   Thu Jul 11 14:53:36 2019
+++ pkgsrc/security/gnutls/PLIST        Mon Sep 16 00:28:48 2019
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.64 2019/07/11 14:53:36 sevan Exp $
+@comment $NetBSD: PLIST,v 1.65 2019/09/16 00:28:48 nia Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -263,6 +263,7 @@ man/man3/gnutls_ext_set_data.3
 man/man3/gnutls_fingerprint.3
 man/man3/gnutls_fips140_mode_enabled.3
 man/man3/gnutls_fips140_set_mode.3
+man/man3/gnutls_get_system_config_file.3
 man/man3/gnutls_global_deinit.3
 man/man3/gnutls_global_init.3
 man/man3/gnutls_global_set_audit_log_function.3
@@ -288,6 +289,7 @@ man/man3/gnutls_handshake_set_private_ex
 man/man3/gnutls_handshake_set_random.3
 man/man3/gnutls_handshake_set_timeout.3
 man/man3/gnutls_hash.3
+man/man3/gnutls_hash_copy.3
 man/man3/gnutls_hash_deinit.3
 man/man3/gnutls_hash_fast.3
 man/man3/gnutls_hash_get_len.3
@@ -305,6 +307,7 @@ man/man3/gnutls_hex_decode2.3
 man/man3/gnutls_hex_encode.3
 man/man3/gnutls_hex_encode2.3
 man/man3/gnutls_hmac.3
+man/man3/gnutls_hmac_copy.3
 man/man3/gnutls_hmac_deinit.3
 man/man3/gnutls_hmac_fast.3
 man/man3/gnutls_hmac_get_len.3

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.136 pkgsrc/security/gnutls/distinfo:1.137
--- pkgsrc/security/gnutls/distinfo:1.136       Thu Aug 15 15:46:15 2019
+++ pkgsrc/security/gnutls/distinfo     Mon Sep 16 00:28:48 2019
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.136 2019/08/15 15:46:15 sevan Exp $
+$NetBSD: distinfo,v 1.137 2019/09/16 00:28:48 nia Exp $
 
-SHA1 (gnutls-3.6.8.tar.xz) = e1243188791af409bca118d31faf3ec3d5f0a5ab
-RMD160 (gnutls-3.6.8.tar.xz) = a834679524f95a38a8a1ea77394906db637d33fe
-SHA512 (gnutls-3.6.8.tar.xz) = 71f0899de0ffb2a39b25928042114e2bbfde7fbf2029d9f91f60bf60794916d13f544fc97337e4e3282e7faa17e79a8012b0e08f98805bee543c0ba4e5d5a905
-Size (gnutls-3.6.8.tar.xz) = 5712580 bytes
+SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296
+RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513
+SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07
+Size (gnutls-3.6.9.tar.xz) = 5773928 bytes
 SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
 SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc

Prev by Date: CVS commit: pkgsrc/www/p5-Plack-Middleware-Test-StashWarnings
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/www/p5-Plack-Middleware-Test-StashWarnings
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index