Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2020Q1]: pkgsrc/security/gnutls Pullup ticket #6232 - requeste...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/5d4e6af837af
branches:  pkgsrc-2020Q1
changeset: 433981:5d4e6af837af
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue Jun 09 11:55:34 2020 +0000

description:
Pullup ticket #6232 - requested by maya
security/gnutls: security fix

Revisions pulled up:
- security/gnutls/Makefile                                      1.210-1.213
- security/gnutls/PLIST                                         1.70-1.71
- security/gnutls/PLIST.guile                                   1.1
- security/gnutls/buildlink3.mk                                 1.37
- security/gnutls/distinfo                                      1.143-1.144
- security/gnutls/options.mk                                    1.3
- security/gnutls/patches/patch-configure                       1.5

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed Apr  1 08:24:07 UTC 2020

   Modified Files:
           pkgsrc/security/gnutls: Makefile PLIST distinfo
   Added Files:
           pkgsrc/security/gnutls/patches: patch-configure

   Log Message:
   gnutls: updated to 3.6.13

   Version 3.6.13:

   ** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
      The DTLS client would not contribute any randomness to the DTLS negotiation,
      breaking the security guarantees of the DTLS protocol
      [GNUTLS-SA-2020-03-31, CVSS: high]

   ** libgnutls: Added new APIs to access KDF algorithms.

   ** libgnutls: Added new callback gnutls_keylog_func that enables a custom
      logging functionality.

   ** libgnutls: Added support for non-null terminated usernames in PSK
      negotiation.

   ** gnutls-cli-debug: Improved support for old servers that only support
      SSL 3.0.

   ** API and ABI modifications:
   gnutls_hkdf_extract: Added
   gnutls_hkdf_expand: Added
   gnutls_pbkdf2: Added
   gnutls_session_get_keylog_function: Added
   gnutls_session_set_keylog_function: Added
   gnutls_prf_hash_get: Added
   gnutls_psk_server_get_username2: Added
   gnutls_psk_set_client_credentials2: Added
   gnutls_psk_set_client_credentials_function2: Added
   gnutls_psk_set_server_credentials_function2: Added

---
   Module Name:    pkgsrc
   Committed By:   nikita
   Date:           Thu May 14 14:30:02 UTC 2020

   Modified Files:
           pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk
   Added Files:
           pkgsrc/security/gnutls: PLIST.guile

   Log Message:
   security/gnutls: revbump, add support for building guile bindings

---
   Module Name:    pkgsrc
   Committed By:   leot
   Date:           Mon Jun  8 19:48:14 UTC 2020

   Modified Files:
           pkgsrc/security/gnutls: Makefile PLIST distinfo

   Log Message:
   gnutls: Update to 3.6.14

   Changes:
   3.6.14
   ------
    * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
      The TLS server would not bind the session ticket encryption key with a
      value supplied by the application until the initial key rotation, allowing
      attacker to bypass authentication in TLS 1.3 and recover previous
      conversations in TLS 1.2 (#1011).
      [GNUTLS-SA-2020-06-03, CVSS: high]

    * libgnutls: Fixed handling of certificate chain with cross-signed
      intermediate CA certificates (#1008).

    * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

    * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
      (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
      Key Identifier (AKI) properly (#989, #991).

    * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

    * libgnutls: Added several improvements on Windows Vista and later releases
      (!1257, !1254, !1256). Most notably the system random number generator now
      uses Windows BCrypt* API if available (!1255).

    * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
      Also both accelerated and non-accelerated implementations check key block
      according to FIPS-140-2 IG A.9 (!1233).

    * libgnutls: Added support for AES-SIV ciphers (#463).

    * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

    * libgnutls: No longer use internal symbols exported from Nettle (!1235)

    * API and ABI modifications:
        GNUTLS_CIPHER_AES_128_SIV: Added
        GNUTLS_CIPHER_AES_256_SIV: Added
        GNUTLS_CIPHER_AES_192_GCM: Added
        gnutls_pkcs7_print_signature_info: Added

diffstat:

 security/gnutls/Makefile                |   6 ++----
 security/gnutls/PLIST                   |  14 +++++++++++++-
 security/gnutls/PLIST.guile             |  10 ++++++++++
 security/gnutls/buildlink3.mk           |   8 +++++++-
 security/gnutls/distinfo                |  11 ++++++-----
 security/gnutls/options.mk              |  12 ++++++++++--
 security/gnutls/patches/patch-configure |  14 ++++++++++++++
 7 files changed, 62 insertions(+), 13 deletions(-)

diffs (201 lines):

diff -r c50404be00cf -r 5d4e6af837af security/gnutls/Makefile
--- a/security/gnutls/Makefile  Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/Makefile  Tue Jun 09 11:55:34 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.209 2020/03/22 12:21:59 rillig Exp $
+# $NetBSD: Makefile,v 1.209.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
-DISTNAME=      gnutls-3.6.12
-PKGREVISION=   1
+DISTNAME=      gnutls-3.6.14
 CATEGORIES=    security devel
 MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz
@@ -22,7 +21,6 @@
 GNU_CONFIGURE=                 yes
 # this library duplicates (and conflicts with) openssl
 CONFIGURE_ARGS+=               --disable-openssl-compatibility
-CONFIGURE_ARGS+=               --disable-guile
 CONFIGURE_ARGS+=               --disable-libdane
 CONFIGURE_ARGS+=               --without-idn
 CONFIGURE_ARGS+=               --without-tpm
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/PLIST
--- a/security/gnutls/PLIST     Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/PLIST     Tue Jun 09 11:55:34 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.69 2020/02/09 13:56:28 wiz Exp $
+@comment $NetBSD: PLIST,v 1.69.2.1 2020/06/09 11:55:34 bsiegert Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -261,6 +261,7 @@
 man/man3/gnutls_ext_get_current_msg.3
 man/man3/gnutls_ext_get_data.3
 man/man3/gnutls_ext_get_name.3
+man/man3/gnutls_ext_get_name2.3
 man/man3/gnutls_ext_raw_parse.3
 man/man3/gnutls_ext_register.3
 man/man3/gnutls_ext_set_data.3
@@ -310,6 +311,8 @@
 man/man3/gnutls_hex_decode2.3
 man/man3/gnutls_hex_encode.3
 man/man3/gnutls_hex_encode2.3
+man/man3/gnutls_hkdf_expand.3
+man/man3/gnutls_hkdf_extract.3
 man/man3/gnutls_hmac.3
 man/man3/gnutls_hmac_copy.3
 man/man3/gnutls_hmac_deinit.3
@@ -388,6 +391,7 @@
 man/man3/gnutls_openpgp_send_cert.3
 man/man3/gnutls_packet_deinit.3
 man/man3/gnutls_packet_get.3
+man/man3/gnutls_pbkdf2.3
 man/man3/gnutls_pcert_deinit.3
 man/man3/gnutls_pcert_export_openpgp.3
 man/man3/gnutls_pcert_export_x509.3
@@ -520,6 +524,7 @@
 man/man3/gnutls_pkcs7_import.3
 man/man3/gnutls_pkcs7_init.3
 man/man3/gnutls_pkcs7_print.3
+man/man3/gnutls_pkcs7_print_signature_info.3
 man/man3/gnutls_pkcs7_set_crl.3
 man/man3/gnutls_pkcs7_set_crl_raw.3
 man/man3/gnutls_pkcs7_set_crt.3
@@ -533,6 +538,7 @@
 man/man3/gnutls_pkcs_schema_get_oid.3
 man/man3/gnutls_prf.3
 man/man3/gnutls_prf_early.3
+man/man3/gnutls_prf_hash_get.3
 man/man3/gnutls_prf_raw.3
 man/man3/gnutls_prf_rfc5705.3
 man/man3/gnutls_priority_certificate_type_list.3
@@ -609,11 +615,15 @@
 man/man3/gnutls_psk_free_client_credentials.3
 man/man3/gnutls_psk_free_server_credentials.3
 man/man3/gnutls_psk_server_get_username.3
+man/man3/gnutls_psk_server_get_username2.3
 man/man3/gnutls_psk_set_client_credentials.3
+man/man3/gnutls_psk_set_client_credentials2.3
 man/man3/gnutls_psk_set_client_credentials_function.3
+man/man3/gnutls_psk_set_client_credentials_function2.3
 man/man3/gnutls_psk_set_params_function.3
 man/man3/gnutls_psk_set_server_credentials_file.3
 man/man3/gnutls_psk_set_server_credentials_function.3
+man/man3/gnutls_psk_set_server_credentials_function2.3
 man/man3/gnutls_psk_set_server_credentials_hint.3
 man/man3/gnutls_psk_set_server_dh_params.3
 man/man3/gnutls_psk_set_server_known_dh_params.3
@@ -711,6 +721,7 @@
 man/man3/gnutls_session_get_flags.3
 man/man3/gnutls_session_get_id.3
 man/man3/gnutls_session_get_id2.3
+man/man3/gnutls_session_get_keylog_function.3
 man/man3/gnutls_session_get_master_secret.3
 man/man3/gnutls_session_get_ptr.3
 man/man3/gnutls_session_get_random.3
@@ -720,6 +731,7 @@
 man/man3/gnutls_session_resumption_requested.3
 man/man3/gnutls_session_set_data.3
 man/man3/gnutls_session_set_id.3
+man/man3/gnutls_session_set_keylog_function.3
 man/man3/gnutls_session_set_premaster.3
 man/man3/gnutls_session_set_ptr.3
 man/man3/gnutls_session_set_verify_cert.3
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/PLIST.guile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/PLIST.guile       Tue Jun 09 11:55:34 2020 +0000
@@ -0,0 +1,10 @@
+@comment $NetBSD: PLIST.guile,v 1.1.2.2 2020/06/09 11:55:34 bsiegert Exp $
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.a
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.la
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so.0
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so.0.0.0
+guile/2.2/lib/guile/2.2/site-ccache/gnutls.go
+guile/2.2/lib/guile/2.2/site-ccache/gnutls/extra.go
+guile/2.2/share/guile/site/2.2/gnutls.scm
+guile/2.2/share/guile/site/2.2/gnutls/extra.scm
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/buildlink3.mk
--- a/security/gnutls/buildlink3.mk     Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/buildlink3.mk     Tue Jun 09 11:55:34 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.36 2020/03/08 16:48:06 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.36.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
 BUILDLINK_TREE+=       gnutls
 
@@ -18,6 +18,12 @@
 .include "../../security/nettle/buildlink3.mk"
 .include "../../security/p11-kit/buildlink3.mk"
 .include "../../textproc/libunistring/buildlink3.mk"
+.if !empty(PKG_BUILD_OPTIONS.gnutls:Mdane)
+.include "../../net/unbound/buildlink3.mk"
+.endif
+.if !empty(PKG_BUILD_OPTIONS.gnutls:Mguile)
+.include "../../lang/guile22/buildlink3.mk"
+.endif
 .endif # GNUTLS_BUILDLINK3_MK
 
 BUILDLINK_TREE+=       -gnutls
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/distinfo
--- a/security/gnutls/distinfo  Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/distinfo  Tue Jun 09 11:55:34 2020 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.142 2020/02/09 13:56:28 wiz Exp $
+$NetBSD: distinfo,v 1.142.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
-SHA1 (gnutls-3.6.12.tar.xz) = fa498b4d026e3ddfa74aa79adac27bfcd14e8b76
-RMD160 (gnutls-3.6.12.tar.xz) = f76e05c4a5f6c15277259b874bca475089c02630
-SHA512 (gnutls-3.6.12.tar.xz) = e1031fd1239d8b0f056a6b736e4c72c9268fb635f273527f310771c608b841cad7b6631401382ec3040d9b539180bf421882bf43427ad3549a5787d2864c2fa5
-Size (gnutls-3.6.12.tar.xz) = 5942064 bytes
+SHA1 (gnutls-3.6.14.tar.xz) = bea1b5abcb691acf014e592f41d0a9580a41216a
+RMD160 (gnutls-3.6.14.tar.xz) = 89c4f89e4453c2d08ad0918fbf099d9fbcfe9cba
+SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
+Size (gnutls-3.6.14.tar.xz) = 6069088 bytes
+SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
 SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e
 SHA1 (patch-src_libopts_compat_compat.h) = 6e88b5e73a56c296f356aa5ce7e6048e1bcff450
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/options.mk
--- a/security/gnutls/options.mk        Tue Jun 09 11:53:31 2020 +0000
+++ b/security/gnutls/options.mk        Tue Jun 09 11:55:34 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: options.mk,v 1.2 2019/10/04 17:25:53 nia Exp $
+# $NetBSD: options.mk,v 1.2.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.gnutls
-PKG_SUPPORTED_OPTIONS= dane
+PKG_SUPPORTED_OPTIONS= dane guile
 
 .include "../../mk/bsd.options.mk"
 
@@ -12,3 +12,11 @@
 .else
 CONFIGURE_ARGS+=       --disable-libdane
 .endif
+
+.if !empty(PKG_OPTIONS:Mguile)
+.include "../../lang/guile22/buildlink3.mk"
+CONFIGURE_ARGS+=       --enable-guile
+PLIST_SRC+=            PLIST.guile
+.else
+CONFIGURE_ARGS+=       --disable-guile
+.endif
diff -r c50404be00cf -r 5d4e6af837af security/gnutls/patches/patch-configure
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/patches/patch-configure   Tue Jun 09 11:55:34 2020 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-configure,v 1.5.2.2 2020/06/09 11:55:34 bsiegert Exp $
+
+Fix linking on Darwin.
+
+--- configure.orig     2020-03-19 15:24:05.000000000 +0000
++++ configure
+@@ -9698,7 +9698,6 @@ $as_echo "#define _UNICODE 1" >>confdefs
+   *darwin*)
+     have_macosx=yes
+     save_LDFLAGS="$LDFLAGS"
+-                LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext



Home | Main Index | Thread Index | Old Index