Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1659081888241980"
MIME-Version: 1.0
Date: Fri, 29 Jul 2022 08:04:48 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/security/gnutls
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20220729080448.3B486FB1A@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1659081888241980
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	adam
Date:		Fri Jul 29 08:04:48 UTC 2022

Modified Files:
	pkgsrc/security/gnutls: Makefile PLIST distinfo
	pkgsrc/security/gnutls/patches: patch-configure

Log Message:
gnutls: updated to 3.7.7

Version 3.7.7 (released 2022-07-28)

** libgnutls: Fixed double free during verification of pkcs7 signatures.
   [CVE-2022-2509]

** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
   equal to 255 times hash digest size, to comply with RFC 5869 2.3.

** libgnutls: Length limit for TLS PSK usernames has been increased
   from 128 to 65535 characters.

** libgnutls: AES-GCM encryption function now limits plaintext
   length to 2^39-256 bits, according to SP800-38D 5.2.1.1.

** libgnutls: New block cipher functions have been added to transparently
   handle padding.  gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
   used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
   add/remove padding if the length of the original plaintext is not a multiple
   of the block size.

** libgnutls: New function for manual FIPS self-testing.

** API and ABI modifications:
gnutls_fips140_run_self_tests: New function
gnutls_cipher_encrypt3: New function
gnutls_cipher_decrypt3: New function
gnutls_cipher_padding_flags_t: New enum

** guile: Guile 1.8 is no longer supported

** guile: Session record port treats premature termination as EOF
   Previously, a ‘gnutls-error’ exception with the
   ‘error/premature-termination’ value would be thrown while reading from a
   session record port when the underlying session was terminated
   prematurely.  This was inconvenient since users of the port may not be
   prepared to handle such an exception.
   Reading from the session record port now returns the end-of-file object
   instead of throwing an exception, just like it would for a proper
   session termination.

** guile: Session record ports can have a ‘close’ procedure.
   The ‘session-record-port’ procedure now takes an optional second
   parameter, and a new ‘set-session-record-port-close!’ procedure is
   provided to specify a ‘close’ procedure for a session record port.
   This ‘close’ procedure lets users specify cleanup operations for when
   the port is closed, such as closing the file descriptor or port that
   backs the underlying session.


To generate a diff of this commit:
cvs rdiff -u -r1.233 -r1.234 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.76 -r1.77 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.154 -r1.155 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/gnutls/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1659081888241980
Content-Disposition: inline
Content-Length: 4317
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.233 pkgsrc/security/gnutls/Makefile:1.234
--- pkgsrc/security/gnutls/Makefile:1.233	Tue Jun 28 11:35:35 2022
+++ pkgsrc/security/gnutls/Makefile	Fri Jul 29 08:04:47 2022
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.233 2022/06/28 11:35:35 wiz Exp $
+# $NetBSD: Makefile,v 1.234 2022/07/29 08:04:47 adam Exp $
 
-DISTNAME=	gnutls-3.7.6
-PKGREVISION=	1
+DISTNAME=	gnutls-3.7.7
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=	.tar.xz

Index: pkgsrc/security/gnutls/PLIST
diff -u pkgsrc/security/gnutls/PLIST:1.76 pkgsrc/security/gnutls/PLIST:1.77
--- pkgsrc/security/gnutls/PLIST:1.76	Wed May 18 18:26:14 2022
+++ pkgsrc/security/gnutls/PLIST	Fri Jul 29 08:04:47 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.76 2022/05/18 18:26:14 adam Exp $
+@comment $NetBSD: PLIST,v 1.77 2022/07/29 08:04:47 adam Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -175,9 +175,11 @@ man/man3/gnutls_check_version.3
 man/man3/gnutls_cipher_add_auth.3
 man/man3/gnutls_cipher_decrypt.3
 man/man3/gnutls_cipher_decrypt2.3
+man/man3/gnutls_cipher_decrypt3.3
 man/man3/gnutls_cipher_deinit.3
 man/man3/gnutls_cipher_encrypt.3
 man/man3/gnutls_cipher_encrypt2.3
+man/man3/gnutls_cipher_encrypt3.3
 man/man3/gnutls_cipher_get.3
 man/man3/gnutls_cipher_get_block_size.3
 man/man3/gnutls_cipher_get_id.3
@@ -282,6 +284,7 @@ man/man3/gnutls_fips140_get_operation_st
 man/man3/gnutls_fips140_mode_enabled.3
 man/man3/gnutls_fips140_pop_context.3
 man/man3/gnutls_fips140_push_context.3
+man/man3/gnutls_fips140_run_self_tests.3
 man/man3/gnutls_fips140_set_mode.3
 man/man3/gnutls_get_library_config.3
 man/man3/gnutls_get_system_config_file.3

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.154 pkgsrc/security/gnutls/distinfo:1.155
--- pkgsrc/security/gnutls/distinfo:1.154	Sat May 28 06:03:42 2022
+++ pkgsrc/security/gnutls/distinfo	Fri Jul 29 08:04:47 2022
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.154 2022/05/28 06:03:42 adam Exp $
+$NetBSD: distinfo,v 1.155 2022/07/29 08:04:47 adam Exp $
 
-BLAKE2s (gnutls-3.7.6.tar.xz) = 58d8a3d58663d0fd29fe8c29826cb82ff693e2a9de1d5d08341e4f2ddd7e6bba
-SHA512 (gnutls-3.7.6.tar.xz) = f872339df80ec31d292821ff00eaafbe50e0bd4cdbb86e21e4f78541cd0a26d843596d5e69c91de4db8ce7d027fc639ae6462b57d89fb116162ae63c5a97486a
-Size (gnutls-3.7.6.tar.xz) = 6338276 bytes
-SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
+BLAKE2s (gnutls-3.7.7.tar.xz) = 07d831b44b5803abfaa5d8b04727e5b80e43132ea28d837761286c95d4d693d5
+SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08
+Size (gnutls-3.7.7.tar.xz) = 6351664 bytes
+SHA1 (patch-configure) = c00675e61b23ee337d2ecedd4dc7a358fc712fcb
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc

Index: pkgsrc/security/gnutls/patches/patch-configure
diff -u pkgsrc/security/gnutls/patches/patch-configure:1.5 pkgsrc/security/gnutls/patches/patch-configure:1.6
--- pkgsrc/security/gnutls/patches/patch-configure:1.5	Wed Apr  1 08:24:07 2020
+++ pkgsrc/security/gnutls/patches/patch-configure	Fri Jul 29 08:04:48 2022
@@ -1,14 +1,14 @@
-$NetBSD: patch-configure,v 1.5 2020/04/01 08:24:07 adam Exp $
+$NetBSD: patch-configure,v 1.6 2022/07/29 08:04:48 adam Exp $
 
 Fix linking on Darwin.
 
---- configure.orig	2020-03-19 15:24:05.000000000 +0000
+--- configure.orig	2022-07-28 11:23:32.000000000 +0000
 +++ configure
-@@ -9698,7 +9698,6 @@ $as_echo "#define _UNICODE 1" >>confdefs
+@@ -11448,7 +11448,6 @@ printf "%s\n" "#define DYN_NCRYPT 1" >>c
    *darwin*)
      have_macosx=yes
      save_LDFLAGS="$LDFLAGS"
 -                LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
- $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ printf %s "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext


--_----------=_1659081888241980--