Received: by mail.netbsd.org (Postfix, from userid 605)
	id C7A4584D7E; Tue,  9 Jun 2020 11:55:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 4F0E484D6E
	for <pkgsrc-changes@NetBSD.org>; Tue,  9 Jun 2020 11:55:36 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id A7cibWgQF8-6 for <pkgsrc-changes@netbsd.org>;
	Tue,  9 Jun 2020 11:55:35 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 393DC84CEA
	for <pkgsrc-changes@NetBSD.org>; Tue,  9 Jun 2020 11:55:35 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 32A7AFB27; Tue,  9 Jun 2020 11:55:35 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1591703735269840"
MIME-Version: 1.0
Date: Tue, 9 Jun 2020 11:55:35 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/security/gnutls
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20200609115535.32A7AFB27@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1591703735269840
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Tue Jun  9 11:55:35 UTC 2020

Modified Files:
	pkgsrc/security/gnutls [pkgsrc-2020Q1]: Makefile PLIST buildlink3.mk
	    distinfo options.mk
Added Files:
	pkgsrc/security/gnutls [pkgsrc-2020Q1]: PLIST.guile
	pkgsrc/security/gnutls/patches [pkgsrc-2020Q1]: patch-configure

Log Message:
Pullup ticket #6232 - requested by maya
security/gnutls: security fix

Revisions pulled up:
- security/gnutls/Makefile                                      1.210-1.213
- security/gnutls/PLIST                                         1.70-1.71
- security/gnutls/PLIST.guile                                   1.1
- security/gnutls/buildlink3.mk                                 1.37
- security/gnutls/distinfo                                      1.143-1.144
- security/gnutls/options.mk                                    1.3
- security/gnutls/patches/patch-configure                       1.5

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed Apr  1 08:24:07 UTC 2020

   Modified Files:
           pkgsrc/security/gnutls: Makefile PLIST distinfo
   Added Files:
           pkgsrc/security/gnutls/patches: patch-configure

   Log Message:
   gnutls: updated to 3.6.13

   Version 3.6.13:

   ** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
      The DTLS client would not contribute any randomness to the DTLS negotiation,
      breaking the security guarantees of the DTLS protocol
      [GNUTLS-SA-2020-03-31, CVSS: high]

   ** libgnutls: Added new APIs to access KDF algorithms.

   ** libgnutls: Added new callback gnutls_keylog_func that enables a custom
      logging functionality.

   ** libgnutls: Added support for non-null terminated usernames in PSK
      negotiation.

   ** gnutls-cli-debug: Improved support for old servers that only support
      SSL 3.0.

   ** API and ABI modifications:
   gnutls_hkdf_extract: Added
   gnutls_hkdf_expand: Added
   gnutls_pbkdf2: Added
   gnutls_session_get_keylog_function: Added
   gnutls_session_set_keylog_function: Added
   gnutls_prf_hash_get: Added
   gnutls_psk_server_get_username2: Added
   gnutls_psk_set_client_credentials2: Added
   gnutls_psk_set_client_credentials_function2: Added
   gnutls_psk_set_server_credentials_function2: Added

---
   Module Name:    pkgsrc
   Committed By:   nikita
   Date:           Thu May 14 14:30:02 UTC 2020

   Modified Files:
           pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk
   Added Files:
           pkgsrc/security/gnutls: PLIST.guile

   Log Message:
   security/gnutls: revbump, add support for building guile bindings

---
   Module Name:    pkgsrc
   Committed By:   leot
   Date:           Mon Jun  8 19:48:14 UTC 2020

   Modified Files:
           pkgsrc/security/gnutls: Makefile PLIST distinfo

   Log Message:
   gnutls: Update to 3.6.14

   Changes:
   3.6.14
   ------
    * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
      The TLS server would not bind the session ticket encryption key with a
      value supplied by the application until the initial key rotation, allowing
      attacker to bypass authentication in TLS 1.3 and recover previous
      conversations in TLS 1.2 (#1011).
      [GNUTLS-SA-2020-06-03, CVSS: high]

    * libgnutls: Fixed handling of certificate chain with cross-signed
      intermediate CA certificates (#1008).

    * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

    * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
      (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
      Key Identifier (AKI) properly (#989, #991).

    * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

    * libgnutls: Added several improvements on Windows Vista and later releases
      (!1257, !1254, !1256). Most notably the system random number generator now
      uses Windows BCrypt* API if available (!1255).

    * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
      Also both accelerated and non-accelerated implementations check key block
      according to FIPS-140-2 IG A.9 (!1233).

    * libgnutls: Added support for AES-SIV ciphers (#463).

    * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

    * libgnutls: No longer use internal symbols exported from Nettle (!1235)

    * API and ABI modifications:
        GNUTLS_CIPHER_AES_128_SIV: Added
        GNUTLS_CIPHER_AES_256_SIV: Added
        GNUTLS_CIPHER_AES_192_GCM: Added
        gnutls_pkcs7_print_signature_info: Added


To generate a diff of this commit:
cvs rdiff -u -r1.209 -r1.209.2.1 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.69 -r1.69.2.1 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/security/gnutls/PLIST.guile
cvs rdiff -u -r1.36 -r1.36.2.1 pkgsrc/security/gnutls/buildlink3.mk
cvs rdiff -u -r1.142 -r1.142.2.1 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.2 -r1.2.2.1 pkgsrc/security/gnutls/options.mk
cvs rdiff -u -r0 -r1.5.2.2 pkgsrc/security/gnutls/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1591703735269840
Content-Disposition: inline
Content-Length: 9119
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.209 pkgsrc/security/gnutls/Makefile:1.209.2.1
--- pkgsrc/security/gnutls/Makefile:1.209	Sun Mar 22 12:21:59 2020
+++ pkgsrc/security/gnutls/Makefile	Tue Jun  9 11:55:34 2020
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.209 2020/03/22 12:21:59 rillig Exp $
+# $NetBSD: Makefile,v 1.209.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
-DISTNAME=	gnutls-3.6.12
-PKGREVISION=	1
+DISTNAME=	gnutls-3.6.14
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=	.tar.xz
@@ -22,7 +21,6 @@ USE_TOOLS+=			msgfmt msgmerge xgettext
 GNU_CONFIGURE=			yes
 # this library duplicates (and conflicts with) openssl
 CONFIGURE_ARGS+=		--disable-openssl-compatibility
-CONFIGURE_ARGS+=		--disable-guile
 CONFIGURE_ARGS+=		--disable-libdane
 CONFIGURE_ARGS+=		--without-idn
 CONFIGURE_ARGS+=		--without-tpm

Index: pkgsrc/security/gnutls/PLIST
diff -u pkgsrc/security/gnutls/PLIST:1.69 pkgsrc/security/gnutls/PLIST:1.69.2.1
--- pkgsrc/security/gnutls/PLIST:1.69	Sun Feb  9 13:56:28 2020
+++ pkgsrc/security/gnutls/PLIST	Tue Jun  9 11:55:34 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.69 2020/02/09 13:56:28 wiz Exp $
+@comment $NetBSD: PLIST,v 1.69.2.1 2020/06/09 11:55:34 bsiegert Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -261,6 +261,7 @@ man/man3/gnutls_est_record_overhead_size
 man/man3/gnutls_ext_get_current_msg.3
 man/man3/gnutls_ext_get_data.3
 man/man3/gnutls_ext_get_name.3
+man/man3/gnutls_ext_get_name2.3
 man/man3/gnutls_ext_raw_parse.3
 man/man3/gnutls_ext_register.3
 man/man3/gnutls_ext_set_data.3
@@ -310,6 +311,8 @@ man/man3/gnutls_hex_decode.3
 man/man3/gnutls_hex_decode2.3
 man/man3/gnutls_hex_encode.3
 man/man3/gnutls_hex_encode2.3
+man/man3/gnutls_hkdf_expand.3
+man/man3/gnutls_hkdf_extract.3
 man/man3/gnutls_hmac.3
 man/man3/gnutls_hmac_copy.3
 man/man3/gnutls_hmac_deinit.3
@@ -388,6 +391,7 @@ man/man3/gnutls_openpgp_privkey_sign_has
 man/man3/gnutls_openpgp_send_cert.3
 man/man3/gnutls_packet_deinit.3
 man/man3/gnutls_packet_get.3
+man/man3/gnutls_pbkdf2.3
 man/man3/gnutls_pcert_deinit.3
 man/man3/gnutls_pcert_export_openpgp.3
 man/man3/gnutls_pcert_export_x509.3
@@ -520,6 +524,7 @@ man/man3/gnutls_pkcs7_get_signature_info
 man/man3/gnutls_pkcs7_import.3
 man/man3/gnutls_pkcs7_init.3
 man/man3/gnutls_pkcs7_print.3
+man/man3/gnutls_pkcs7_print_signature_info.3
 man/man3/gnutls_pkcs7_set_crl.3
 man/man3/gnutls_pkcs7_set_crl_raw.3
 man/man3/gnutls_pkcs7_set_crt.3
@@ -533,6 +538,7 @@ man/man3/gnutls_pkcs_schema_get_name.3
 man/man3/gnutls_pkcs_schema_get_oid.3
 man/man3/gnutls_prf.3
 man/man3/gnutls_prf_early.3
+man/man3/gnutls_prf_hash_get.3
 man/man3/gnutls_prf_raw.3
 man/man3/gnutls_prf_rfc5705.3
 man/man3/gnutls_priority_certificate_type_list.3
@@ -609,11 +615,15 @@ man/man3/gnutls_psk_client_get_hint.3
 man/man3/gnutls_psk_free_client_credentials.3
 man/man3/gnutls_psk_free_server_credentials.3
 man/man3/gnutls_psk_server_get_username.3
+man/man3/gnutls_psk_server_get_username2.3
 man/man3/gnutls_psk_set_client_credentials.3
+man/man3/gnutls_psk_set_client_credentials2.3
 man/man3/gnutls_psk_set_client_credentials_function.3
+man/man3/gnutls_psk_set_client_credentials_function2.3
 man/man3/gnutls_psk_set_params_function.3
 man/man3/gnutls_psk_set_server_credentials_file.3
 man/man3/gnutls_psk_set_server_credentials_function.3
+man/man3/gnutls_psk_set_server_credentials_function2.3
 man/man3/gnutls_psk_set_server_credentials_hint.3
 man/man3/gnutls_psk_set_server_dh_params.3
 man/man3/gnutls_psk_set_server_known_dh_params.3
@@ -711,6 +721,7 @@ man/man3/gnutls_session_get_desc.3
 man/man3/gnutls_session_get_flags.3
 man/man3/gnutls_session_get_id.3
 man/man3/gnutls_session_get_id2.3
+man/man3/gnutls_session_get_keylog_function.3
 man/man3/gnutls_session_get_master_secret.3
 man/man3/gnutls_session_get_ptr.3
 man/man3/gnutls_session_get_random.3
@@ -720,6 +731,7 @@ man/man3/gnutls_session_key_update.3
 man/man3/gnutls_session_resumption_requested.3
 man/man3/gnutls_session_set_data.3
 man/man3/gnutls_session_set_id.3
+man/man3/gnutls_session_set_keylog_function.3
 man/man3/gnutls_session_set_premaster.3
 man/man3/gnutls_session_set_ptr.3
 man/man3/gnutls_session_set_verify_cert.3

Index: pkgsrc/security/gnutls/buildlink3.mk
diff -u pkgsrc/security/gnutls/buildlink3.mk:1.36 pkgsrc/security/gnutls/buildlink3.mk:1.36.2.1
--- pkgsrc/security/gnutls/buildlink3.mk:1.36	Sun Mar  8 16:48:06 2020
+++ pkgsrc/security/gnutls/buildlink3.mk	Tue Jun  9 11:55:34 2020
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.36 2020/03/08 16:48:06 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.36.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
 BUILDLINK_TREE+=	gnutls
 
@@ -18,6 +18,12 @@ BUILDLINK_API_DEPENDS.nettle+=		nettle>=
 .include "../../security/nettle/buildlink3.mk"
 .include "../../security/p11-kit/buildlink3.mk"
 .include "../../textproc/libunistring/buildlink3.mk"
+.if !empty(PKG_BUILD_OPTIONS.gnutls:Mdane)
+.include "../../net/unbound/buildlink3.mk"
+.endif
+.if !empty(PKG_BUILD_OPTIONS.gnutls:Mguile)
+.include "../../lang/guile22/buildlink3.mk"
+.endif
 .endif # GNUTLS_BUILDLINK3_MK
 
 BUILDLINK_TREE+=	-gnutls

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.142 pkgsrc/security/gnutls/distinfo:1.142.2.1
--- pkgsrc/security/gnutls/distinfo:1.142	Sun Feb  9 13:56:28 2020
+++ pkgsrc/security/gnutls/distinfo	Tue Jun  9 11:55:34 2020
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.142 2020/02/09 13:56:28 wiz Exp $
+$NetBSD: distinfo,v 1.142.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
-SHA1 (gnutls-3.6.12.tar.xz) = fa498b4d026e3ddfa74aa79adac27bfcd14e8b76
-RMD160 (gnutls-3.6.12.tar.xz) = f76e05c4a5f6c15277259b874bca475089c02630
-SHA512 (gnutls-3.6.12.tar.xz) = e1031fd1239d8b0f056a6b736e4c72c9268fb635f273527f310771c608b841cad7b6631401382ec3040d9b539180bf421882bf43427ad3549a5787d2864c2fa5
-Size (gnutls-3.6.12.tar.xz) = 5942064 bytes
+SHA1 (gnutls-3.6.14.tar.xz) = bea1b5abcb691acf014e592f41d0a9580a41216a
+RMD160 (gnutls-3.6.14.tar.xz) = 89c4f89e4453c2d08ad0918fbf099d9fbcfe9cba
+SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
+Size (gnutls-3.6.14.tar.xz) = 6069088 bytes
+SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
 SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e
 SHA1 (patch-src_libopts_compat_compat.h) = 6e88b5e73a56c296f356aa5ce7e6048e1bcff450

Index: pkgsrc/security/gnutls/options.mk
diff -u pkgsrc/security/gnutls/options.mk:1.2 pkgsrc/security/gnutls/options.mk:1.2.2.1
--- pkgsrc/security/gnutls/options.mk:1.2	Fri Oct  4 17:25:53 2019
+++ pkgsrc/security/gnutls/options.mk	Tue Jun  9 11:55:34 2020
@@ -1,7 +1,7 @@
-# $NetBSD: options.mk,v 1.2 2019/10/04 17:25:53 nia Exp $
+# $NetBSD: options.mk,v 1.2.2.1 2020/06/09 11:55:34 bsiegert Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.gnutls
-PKG_SUPPORTED_OPTIONS=	dane
+PKG_SUPPORTED_OPTIONS=	dane guile
 
 .include "../../mk/bsd.options.mk"
 
@@ -12,3 +12,11 @@ PLIST_SRC+=		PLIST.dane
 .else
 CONFIGURE_ARGS+=	--disable-libdane
 .endif
+
+.if !empty(PKG_OPTIONS:Mguile)
+.include "../../lang/guile22/buildlink3.mk"
+CONFIGURE_ARGS+=	--enable-guile
+PLIST_SRC+=		PLIST.guile
+.else
+CONFIGURE_ARGS+=	--disable-guile
+.endif

Added files:

Index: pkgsrc/security/gnutls/PLIST.guile
diff -u /dev/null pkgsrc/security/gnutls/PLIST.guile:1.1.2.2
--- /dev/null	Tue Jun  9 11:55:35 2020
+++ pkgsrc/security/gnutls/PLIST.guile	Tue Jun  9 11:55:34 2020
@@ -0,0 +1,10 @@
+@comment $NetBSD: PLIST.guile,v 1.1.2.2 2020/06/09 11:55:34 bsiegert Exp $
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.a
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.la
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so.0
+guile/2.2/lib/guile/2.2/extensions/guile-gnutls-v-2.so.0.0.0
+guile/2.2/lib/guile/2.2/site-ccache/gnutls.go
+guile/2.2/lib/guile/2.2/site-ccache/gnutls/extra.go
+guile/2.2/share/guile/site/2.2/gnutls.scm
+guile/2.2/share/guile/site/2.2/gnutls/extra.scm

Index: pkgsrc/security/gnutls/patches/patch-configure
diff -u /dev/null pkgsrc/security/gnutls/patches/patch-configure:1.5.2.2
--- /dev/null	Tue Jun  9 11:55:35 2020
+++ pkgsrc/security/gnutls/patches/patch-configure	Tue Jun  9 11:55:34 2020
@@ -0,0 +1,14 @@
+$NetBSD: patch-configure,v 1.5.2.2 2020/06/09 11:55:34 bsiegert Exp $
+
+Fix linking on Darwin.
+
+--- configure.orig	2020-03-19 15:24:05.000000000 +0000
++++ configure
+@@ -9698,7 +9698,6 @@ $as_echo "#define _UNICODE 1" >>confdefs
+   *darwin*)
+     have_macosx=yes
+     save_LDFLAGS="$LDFLAGS"
+-                LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext


--_----------=_1591703735269840--