Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1664371558174580"
MIME-Version: 1.0
Date: Wed, 28 Sep 2022 13:25:58 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/security/gnutls
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20220928132558.1CFD2FA90@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1664371558174580
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	adam
Date:		Wed Sep 28 13:25:58 UTC 2022

Modified Files:
	pkgsrc/security/gnutls: Makefile distinfo
	pkgsrc/security/gnutls/patches: patch-configure

Log Message:
gnutls: updated to 3.7.8

ersion 3.7.8 (released 2022-09-27)

** libgnutls: In FIPS140 mode, RSA signature verification is an approved
   operation if the key has modulus with known sizes (1024, 1280,
   1536, and 1792 bits), in addition to any modulus sizes larger than
   2048 bits, according to SP800-131A rev2.

** libgnutls: gnutls_session_channel_binding performs additional checks when
   GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
   "tls-exporter" channel binding is only usable when the handshake is
   bound to a unique master secret (i.e., either TLS 1.3 or extended
   master secret extension is negotiated). Otherwise the function now
   returns error.

** libgnutls: usage of the following functions, which are designed to
   loosen restrictions imposed by allowlisting mode of configuration,
   has been additionally restricted. Invoking them is now only allowed
   if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled

** API and ABI modifications:
No changes since last version.


To generate a diff of this commit:
cvs rdiff -u -r1.234 -r1.235 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.155 -r1.156 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/gnutls/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1664371558174580
Content-Disposition: inline
Content-Length: 3105
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/gnutls/Makefile
diff -u pkgsrc/security/gnutls/Makefile:1.234 pkgsrc/security/gnutls/Makefile:1.235
--- pkgsrc/security/gnutls/Makefile:1.234	Fri Jul 29 08:04:47 2022
+++ pkgsrc/security/gnutls/Makefile	Wed Sep 28 13:25:57 2022
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.234 2022/07/29 08:04:47 adam Exp $
+# $NetBSD: Makefile,v 1.235 2022/09/28 13:25:57 adam Exp $
 
-DISTNAME=	gnutls-3.7.7
+DISTNAME=	gnutls-3.7.8
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=	.tar.xz

Index: pkgsrc/security/gnutls/distinfo
diff -u pkgsrc/security/gnutls/distinfo:1.155 pkgsrc/security/gnutls/distinfo:1.156
--- pkgsrc/security/gnutls/distinfo:1.155	Fri Jul 29 08:04:47 2022
+++ pkgsrc/security/gnutls/distinfo	Wed Sep 28 13:25:57 2022
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.155 2022/07/29 08:04:47 adam Exp $
+$NetBSD: distinfo,v 1.156 2022/09/28 13:25:57 adam Exp $
 
-BLAKE2s (gnutls-3.7.7.tar.xz) = 07d831b44b5803abfaa5d8b04727e5b80e43132ea28d837761286c95d4d693d5
-SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08
-Size (gnutls-3.7.7.tar.xz) = 6351664 bytes
-SHA1 (patch-configure) = c00675e61b23ee337d2ecedd4dc7a358fc712fcb
+BLAKE2s (gnutls-3.7.8.tar.xz) = a0f16a832acf448fd3a92c3c7389dbb962bf5a847c2637b1c865e40ef3bec1a0
+SHA512 (gnutls-3.7.8.tar.xz) = 4199bcf7c9e3aab2f52266aadceefc563dfe2d938d0ea1f3ec3be95d66f4a8c8e5494d3a800c03dd02ad386dec1738bd63e1fe0d8b394a2ccfc7d6c6a0cc9359
+Size (gnutls-3.7.8.tar.xz) = 6029220 bytes
+SHA1 (patch-configure) = 6a4a78de339d4958557bba1dfea77a249237cabd
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc

Index: pkgsrc/security/gnutls/patches/patch-configure
diff -u pkgsrc/security/gnutls/patches/patch-configure:1.6 pkgsrc/security/gnutls/patches/patch-configure:1.7
--- pkgsrc/security/gnutls/patches/patch-configure:1.6	Fri Jul 29 08:04:48 2022
+++ pkgsrc/security/gnutls/patches/patch-configure	Wed Sep 28 13:25:57 2022
@@ -1,14 +1,14 @@
-$NetBSD: patch-configure,v 1.6 2022/07/29 08:04:48 adam Exp $
+$NetBSD: patch-configure,v 1.7 2022/09/28 13:25:57 adam Exp $
 
 Fix linking on Darwin.
 
---- configure.orig	2022-07-28 11:23:32.000000000 +0000
+--- configure.orig	2022-09-27 12:46:24.000000000 +0000
 +++ configure
-@@ -11448,7 +11448,6 @@ printf "%s\n" "#define DYN_NCRYPT 1" >>c
+@@ -11379,7 +11379,6 @@ $as_echo "#define DYN_NCRYPT 1" >>confde
    *darwin*)
      have_macosx=yes
      save_LDFLAGS="$LDFLAGS"
 -                LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
-     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
- printf %s "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext


--_----------=_1664371558174580--