Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 59FDC1A9239 for ; Mon, 18 Oct 2021 14:33:07 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 63DB084E5F; Mon, 18 Oct 2021 14:33:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 9B1AF84D0D for ; Mon, 18 Oct 2021 14:33:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id DBeH_JFwSjrs for ; Mon, 18 Oct 2021 14:33:05 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id EABC784CE1 for ; Mon, 18 Oct 2021 14:33:04 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id E3D82FA97; Mon, 18 Oct 2021 14:33:04 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1634567584288330" MIME-Version: 1.0 Date: Mon, 18 Oct 2021 14:33:04 +0000 From: "Amitai Schleier" Subject: CVS commit: pkgsrc/security/libretls To: pkgsrc-changes@NetBSD.org Reply-To: schmonz@netbsd.org X-Mailer: log_accum Message-Id: <20211018143304.E3D82FA97@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1634567584288330 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: schmonz Date: Mon Oct 18 14:33:04 UTC 2021 Modified Files: pkgsrc/security/libretls: Makefile distinfo Log Message: Update to 3.4.1. From the changelog: The shared library major version of libtls has been bumped to 22. tls_connect(3) and friends now strip a trailing dot from servername. This patch imports the missing scripts/wrap-compiler-for-flag-check file, which was incorrectly causing compiler flags to not be used. >From the upstream LibreSSL changelog: * New Features - Added support for OpenSSL 1.1.1 TLSv1.3 APIs. - Enabled the new X.509 validator to allow verification of modern certificate chains. * Portable Improvements - Added Universal Windows Platform (UWP) build support. - Fixed mingw-w64 builds on newer versions with missing SSP support. * API and Documentation Enhancements - Added the following APIs from OpenSSL BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve EC_GROUP_order_bits EC_GROUP_set_curve EC_POINT_get_affine_coordinates EC_POINT_set_affine_coordinates EC_POINT_set_compressed_coordinates EVP_DigestSign EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable SSL_SESSION_set_max_early_data SSL_get_early_data_status SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio SSL_set_ciphersuites SSL_set_max_early_data SSL_set_post_handshake_auth SSL_set_psk_use_session_callback SSL_verify_client_post_handshake SSL_write_early_data - Added AES-GCM constants from RFC 7714 for SRTP. * Compatibility Changes - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache. - Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay. - Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE. - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback. * Testing and Proactive Security - Added additional state machine test coverage. - Improved integration test support with ruby/openssl tests. - Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests. * Internal Improvements - Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes and callback support compatible with the legacy OpenSSL validator. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/libretls/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/libretls/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1634567584288330 Content-Disposition: inline Content-Length: 1494 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/libretls/Makefile diff -u pkgsrc/security/libretls/Makefile:1.4 pkgsrc/security/libretls/Makefile:1.5 --- pkgsrc/security/libretls/Makefile:1.4 Sat May 22 09:12:31 2021 +++ pkgsrc/security/libretls/Makefile Mon Oct 18 14:33:04 2021 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.4 2021/05/22 09:12:31 schmonz Exp $ +# $NetBSD: Makefile,v 1.5 2021/10/18 14:33:04 schmonz Exp $ -DISTNAME= libretls-3.3.3 +DISTNAME= libretls-3.4.1 CATEGORIES= security MASTER_SITES= https://causal.agency/libretls/ Index: pkgsrc/security/libretls/distinfo diff -u pkgsrc/security/libretls/distinfo:1.5 pkgsrc/security/libretls/distinfo:1.6 --- pkgsrc/security/libretls/distinfo:1.5 Thu Oct 7 14:53:59 2021 +++ pkgsrc/security/libretls/distinfo Mon Oct 18 14:33:04 2021 @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.5 2021/10/07 14:53:59 nia Exp $ +$NetBSD: distinfo,v 1.6 2021/10/18 14:33:04 schmonz Exp $ -RMD160 (libretls-3.3.3.tar.gz) = 7e74978ec65dc104d0becb96abb8d8129c379339 -SHA512 (libretls-3.3.3.tar.gz) = 21128107ce833690f43400b11c2a841373bbe1f045a6db5ad6cbcbee181ddf97c173bb05ba41805ee0324d7435a52ad3027551f20083df9a3d052956a412bccd -Size (libretls-3.3.3.tar.gz) = 434208 bytes +RMD160 (libretls-3.4.1.tar.gz) = ef9634114bece359b905185735131c34b83ce91e +SHA512 (libretls-3.4.1.tar.gz) = 5d8b8d6cafd4b3c7e97eb417dad35a415bd69d599e9ee720f5598452a6750589b570ffa52718062d2ae3477df81b2316064577a25d2c68fa673082bb766b16ad +Size (libretls-3.4.1.tar.gz) = 435404 bytes --_----------=_1634567584288330--