Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2020Q1]: pkgsrc/security/gnutls Pullup ticket #6232 - requeste...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5d4e6af837af
branches: pkgsrc-2020Q1
changeset: 433981:5d4e6af837af
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Jun 09 11:55:34 2020 +0000
description:
Pullup ticket #6232 - requested by maya
security/gnutls: security fix
Revisions pulled up:
- security/gnutls/Makefile 1.210-1.213
- security/gnutls/PLIST 1.70-1.71
- security/gnutls/PLIST.guile 1.1
- security/gnutls/buildlink3.mk 1.37
- security/gnutls/distinfo 1.143-1.144
- security/gnutls/options.mk 1.3
- security/gnutls/patches/patch-configure 1.5
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 1 08:24:07 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-configure
Log Message:
gnutls: updated to 3.6.13
Version 3.6.13:
** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
The DTLS client would not contribute any randomness to the DTLS negotiation,
breaking the security guarantees of the DTLS protocol
[GNUTLS-SA-2020-03-31, CVSS: high]
** libgnutls: Added new APIs to access KDF algorithms.
** libgnutls: Added new callback gnutls_keylog_func that enables a custom
logging functionality.
** libgnutls: Added support for non-null terminated usernames in PSK
negotiation.
** gnutls-cli-debug: Improved support for old servers that only support
SSL 3.0.
** API and ABI modifications:
gnutls_hkdf_extract: Added
gnutls_hkdf_expand: Added
gnutls_pbkdf2: Added
gnutls_session_get_keylog_function: Added
gnutls_session_set_keylog_function: Added
gnutls_prf_hash_get: Added
gnutls_psk_server_get_username2: Added
gnutls_psk_set_client_credentials2: Added
gnutls_psk_set_client_credentials_function2: Added
gnutls_psk_set_server_credentials_function2: Added
---
Module Name: pkgsrc
Committed By: nikita
Date: Thu May 14 14:30:02 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk
Added Files:
pkgsrc/security/gnutls: PLIST.guile
Log Message:
security/gnutls: revbump, add support for building guile bindings
---
Module Name: pkgsrc
Committed By: leot
Date: Mon Jun 8 19:48:14 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
gnutls: Update to 3.6.14
Changes:
3.6.14
------
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011).
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008).
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Added several improvements on Windows Vista and later releases
(!1257, !1254, !1256). Most notably the system random number generator now
uses Windows BCrypt* API if available (!1255).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
diffstat:
security/gnutls/Makefile | 6 ++----
security/gnutls/PLIST | 14 +++++++++++++-
security/gnutls/PLIST.guile | 10 ++++++++++
security/gnutls/buildlink3.mk | 8 +++++++-
security/gnutls/distinfo | 11 ++++++-----
security/gnutls/options.mk | 12 ++++++++++--
security/gnutls/patches/patch-configure | 14 ++++++++++++++
7 files changed, 62 insertions(+), 13 deletions(-)
diffs (201 lines):
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/Makefile
--- a/security/gnutls/Makefile Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/Makefile Tue Jun 09 11:55:34 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.209 2020/03/22 12:21:59 rillig Exp $
+# $NetBSD: Makefile,v 1.209.2.1 2020/06/09 11:55:34 bsiegert Exp $
-DISTNAME= gnutls-3.6.12
-PKGREVISION= 1
+DISTNAME= gnutls-3.6.14
CATEGORIES= security devel
MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
EXTRACT_SUFX= .tar.xz
@@ -22,7 +21,6 @@
GNU_CONFIGURE= yes
# this library duplicates (and conflicts with) openssl
CONFIGURE_ARGS+= --disable-openssl-compatibility
-CONFIGURE_ARGS+= --disable-guile
CONFIGURE_ARGS+= --disable-libdane
CONFIGURE_ARGS+= --without-idn
CONFIGURE_ARGS+= --without-tpm
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/PLIST
--- a/security/gnutls/PLIST Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/PLIST Tue Jun 09 11:55:34 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.69 2020/02/09 13:56:28 wiz Exp $
+@comment $NetBSD: PLIST,v 1.69.2.1 2020/06/09 11:55:34 bsiegert Exp $
bin/certtool
bin/gnutls-cli
bin/gnutls-cli-debug
@@ -261,6 +261,7 @@
man/man3/gnutls_ext_get_current_msg.3
man/man3/gnutls_ext_get_data.3
man/man3/gnutls_ext_get_name.3
+man/man3/gnutls_ext_get_name2.3
man/man3/gnutls_ext_raw_parse.3
man/man3/gnutls_ext_register.3
man/man3/gnutls_ext_set_data.3
@@ -310,6 +311,8 @@
man/man3/gnutls_hex_decode2.3
man/man3/gnutls_hex_encode.3
man/man3/gnutls_hex_encode2.3
+man/man3/gnutls_hkdf_expand.3
+man/man3/gnutls_hkdf_extract.3
man/man3/gnutls_hmac.3
man/man3/gnutls_hmac_copy.3
man/man3/gnutls_hmac_deinit.3
@@ -388,6 +391,7 @@
man/man3/gnutls_openpgp_send_cert.3
man/man3/gnutls_packet_deinit.3
man/man3/gnutls_packet_get.3
+man/man3/gnutls_pbkdf2.3
man/man3/gnutls_pcert_deinit.3
man/man3/gnutls_pcert_export_openpgp.3
man/man3/gnutls_pcert_export_x509.3
@@ -520,6 +524,7 @@
man/man3/gnutls_pkcs7_import.3
man/man3/gnutls_pkcs7_init.3
man/man3/gnutls_pkcs7_print.3
+man/man3/gnutls_pkcs7_print_signature_info.3
man/man3/gnutls_pkcs7_set_crl.3
man/man3/gnutls_pkcs7_set_crl_raw.3
man/man3/gnutls_pkcs7_set_crt.3
@@ -533,6 +538,7 @@
man/man3/gnutls_pkcs_schema_get_oid.3
man/man3/gnutls_prf.3
man/man3/gnutls_prf_early.3
+man/man3/gnutls_prf_hash_get.3
man/man3/gnutls_prf_raw.3
man/man3/gnutls_prf_rfc5705.3
man/man3/gnutls_priority_certificate_type_list.3
@@ -609,11 +615,15 @@
man/man3/gnutls_psk_free_client_credentials.3
man/man3/gnutls_psk_free_server_credentials.3
man/man3/gnutls_psk_server_get_username.3
+man/man3/gnutls_psk_server_get_username2.3
man/man3/gnutls_psk_set_client_credentials.3
+man/man3/gnutls_psk_set_client_credentials2.3
man/man3/gnutls_psk_set_client_credentials_function.3
+man/man3/gnutls_psk_set_client_credentials_function2.3
man/man3/gnutls_psk_set_params_function.3
man/man3/gnutls_psk_set_server_credentials_file.3
man/man3/gnutls_psk_set_server_credentials_function.3
+man/man3/gnutls_psk_set_server_credentials_function2.3
man/man3/gnutls_psk_set_server_credentials_hint.3
man/man3/gnutls_psk_set_server_dh_params.3
man/man3/gnutls_psk_set_server_known_dh_params.3
@@ -711,6 +721,7 @@
man/man3/gnutls_session_get_flags.3
man/man3/gnutls_session_get_id.3
man/man3/gnutls_session_get_id2.3
+man/man3/gnutls_session_get_keylog_function.3
man/man3/gnutls_session_get_master_secret.3
man/man3/gnutls_session_get_ptr.3
man/man3/gnutls_session_get_random.3
@@ -720,6 +731,7 @@
man/man3/gnutls_session_resumption_requested.3
man/man3/gnutls_session_set_data.3
man/man3/gnutls_session_set_id.3
+man/man3/gnutls_session_set_keylog_function.3
man/man3/gnutls_session_set_premaster.3
man/man3/gnutls_session_set_ptr.3
man/man3/gnutls_session_set_verify_cert.3
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/PLIST.guile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/PLIST.guile Tue Jun 09 11:55:34 2020 +0000
@@ -0,0 +1,10 @@
+@comment $NetBSD: PLIST.guile,v 1.1.2.2 2020/06/09 11:55:34 bsiegert Exp $
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.a
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.la
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so.0
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so.0.0.0
+guile/2.2/lib/guile/2.2/site-ccache/gnutls.go
+guile/2.2/lib/guile/2.2/site-ccache/gnutls/extra.go
+guile/2.2/share/guile/site/2.2/gnutls.scm
+guile/2.2/share/guile/site/2.2/gnutls/extra.scm
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/buildlink3.mk
--- a/security/gnutls/buildlink3.mk Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/buildlink3.mk Tue Jun 09 11:55:34 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.36 2020/03/08 16:48:06 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.36.2.1 2020/06/09 11:55:34 bsiegert Exp $
BUILDLINK_TREE+= gnutls
@@ -18,6 +18,12 @@
.include "../../security/nettle/buildlink3.mk"
.include "../../security/p11-kit/buildlink3.mk"
.include "../../textproc/libunistring/buildlink3.mk"
+.if !empty(PKG_BUILD_OPTIONS.gnutls:Mdane)
+.include "../../net/unbound/buildlink3.mk"
+.endif
+.if !empty(PKG_BUILD_OPTIONS.gnutls:Mguile)
+.include "../../lang/guile22/buildlink3.mk"
+.endif
.endif # GNUTLS_BUILDLINK3_MK
BUILDLINK_TREE+= -gnutls
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/distinfo
--- a/security/gnutls/distinfo Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/distinfo Tue Jun 09 11:55:34 2020 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.142 2020/02/09 13:56:28 wiz Exp $
+$NetBSD: distinfo,v 1.142.2.1 2020/06/09 11:55:34 bsiegert Exp $
-SHA1 (gnutls-3.6.12.tar.xz) = fa498b4d026e3ddfa74aa79adac27bfcd14e8b76
-RMD160 (gnutls-3.6.12.tar.xz) = f76e05c4a5f6c15277259b874bca475089c02630
-SHA512 (gnutls-3.6.12.tar.xz) = e1031fd1239d8b0f056a6b736e4c72c9268fb635f273527f310771c608b841cad7b6631401382ec3040d9b539180bf421882bf43427ad3549a5787d2864c2fa5
-Size (gnutls-3.6.12.tar.xz) = 5942064 bytes
+SHA1 (gnutls-3.6.14.tar.xz) = bea1b5abcb691acf014e592f41d0a9580a41216a
+RMD160 (gnutls-3.6.14.tar.xz) = 89c4f89e4453c2d08ad0918fbf099d9fbcfe9cba
+SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
+Size (gnutls-3.6.14.tar.xz) = 6069088 bytes
+SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e
SHA1 (patch-src_libopts_compat_compat.h) = 6e88b5e73a56c296f356aa5ce7e6048e1bcff450
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/options.mk
--- a/security/gnutls/options.mk Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/options.mk Tue Jun 09 11:55:34 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: options.mk,v 1.2 2019/10/04 17:25:53 nia Exp $
+# $NetBSD: options.mk,v 1.2.2.1 2020/06/09 11:55:34 bsiegert Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.gnutls
-PKG_SUPPORTED_OPTIONS= dane
+PKG_SUPPORTED_OPTIONS= dane guile
.include "../../mk/bsd.options.mk"
@@ -12,3 +12,11 @@
.else
CONFIGURE_ARGS+= --disable-libdane
.endif
+
+.if !empty(PKG_OPTIONS:Mguile)
+.include "../../lang/guile22/buildlink3.mk"
+CONFIGURE_ARGS+= --enable-guile
+PLIST_SRC+= PLIST.guile
+.else
+CONFIGURE_ARGS+= --disable-guile
+.endif
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/patches/patch-configure
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/patches/patch-configure Tue Jun 09 11:55:34 2020 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-configure,v 1.5.2.2 2020/06/09 11:55:34 bsiegert Exp $
+
+Fix linking on Darwin.
+
+--- configure.orig 2020-03-19 15:24:05.000000000 +0000
++++ configure
+@@ -9698,7 +9698,6 @@ $as_echo "#define _UNICODE 1" >>confdefs
+ *darwin*)
+ have_macosx=yes
+ save_LDFLAGS="$LDFLAGS"
+- LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
Home |
Main Index |
Thread Index |
Old Index