Fri Oct 4 17:25:54 2019 UTC ()
gnutls: Update to 3.6.10

* Version 3.6.10 (released 2019-09-29)

** libgnutls: Added support for deterministic ECDSA/DSA (RFC6979)
   Deterministic signing can be enabled by setting
   GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*()
   functions (#94).

** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2
   functions that will perform in-place encryption/decryption on data buffers (#718).

** libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under
   TLS1.3, if a timeout callback was not set using gnutls_transport_set_pull_timeout_function()
   (#823).

** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
   issue with large record handling due to random padding (#811).

** libgnutls: the server now selects the highest TLS protocol version,
   if TLS 1.3 is enabled and the client advertises an older protocol version first (#837).

** libgnutls: fix non-PIC assembly on i386 (#818).

** libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode
   and MAC generation based on GOST 28147-89 (IMIT). For description of the
   modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in
   RFC 7836.

** certtool: when outputting an encrypted private key do not insert the textual description
   of it. This fixes a regression since 3.6.5 (#840).

** API and ABI modifications:
gnutls_aead_cipher_encryptv2: Added
gnutls_aead_cipher_decryptv2: Added
GNUTLS_CIPHER_GOST28147_TC26Z_CNT: Added
GNUTLS_MAC_GOST28147_TC26Z_IMIT: Added


(nia)
diff -r1.202 -r1.203 pkgsrc/security/gnutls/Makefile
diff -r1.67 -r1.68 pkgsrc/security/gnutls/PLIST
diff -r0 -r1.1 pkgsrc/security/gnutls/PLIST.dane
diff -r1.139 -r1.140 pkgsrc/security/gnutls/distinfo
diff -r1.1 -r1.2 pkgsrc/security/gnutls/options.mk
diff -r1.1 -r0 pkgsrc/security/gnutls/patches/patch-cfg.mk
diff -r1.1 -r0 pkgsrc/security/gnutls/patches/patch-config.h.in
diff -r1.1 -r0 pkgsrc/security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s
diff -r1.3 -r0 pkgsrc/security/gnutls/patches/patch-configure
diff -r1.3 -r0 pkgsrc/security/gnutls/patches/patch-lib_accelerated_x86_x86-common.c
cvs diff -r1.202 -r1.203 pkgsrc/security/gnutls/Makefile (expand / switch to unified diff)

--- pkgsrc/security/gnutls/Makefile 2019/10/01 14:34:08 1.202
+++ pkgsrc/security/gnutls/Makefile 2019/10/04 17:25:53 1.203
@@ -1,28 +1,29 @@ @@ -1,28 +1,29 @@
1# $NetBSD: Makefile,v 1.202 2019/10/01 14:34:08 nia Exp $ 1# $NetBSD: Makefile,v 1.203 2019/10/04 17:25:53 nia Exp $
2 2
3DISTNAME= gnutls-3.6.9 3DISTNAME= gnutls-3.6.10
4PKGREVISION= 2 
5CATEGORIES= security devel 4CATEGORIES= security devel
6MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/ 5MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
7EXTRACT_SUFX= .tar.xz 6EXTRACT_SUFX= .tar.xz
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.gnutls.org/ 9HOMEPAGE= https://www.gnutls.org/
11COMMENT= Transport Layer Security library 10COMMENT= Transport Layer Security library
12LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 11LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1
13 12
14DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts 13DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
15 14
 15PLIST_SRC= PLIST
 16
16USE_LANGUAGES= c c++ 17USE_LANGUAGES= c c++
17USE_LIBTOOL= yes 18USE_LIBTOOL= yes
18USE_PKGLOCALEDIR= yes 19USE_PKGLOCALEDIR= yes
19USE_TOOLS+= gmake gsed perl pkg-config bash 20USE_TOOLS+= gmake gsed perl pkg-config bash
20GNU_CONFIGURE= yes 21GNU_CONFIGURE= yes
21# this library duplicates (and conflicts with) openssl 22# this library duplicates (and conflicts with) openssl
22CONFIGURE_ARGS+= --disable-openssl-compatibility 23CONFIGURE_ARGS+= --disable-openssl-compatibility
23CONFIGURE_ARGS+= --disable-guile 24CONFIGURE_ARGS+= --disable-guile
24CONFIGURE_ARGS+= --disable-libdane 25CONFIGURE_ARGS+= --disable-libdane
25CONFIGURE_ARGS+= --without-idn 26CONFIGURE_ARGS+= --without-idn
26CONFIGURE_ARGS+= --without-tpm 27CONFIGURE_ARGS+= --without-tpm
27CONFIGURE_ARGS+= --disable-valgrind-tests 28CONFIGURE_ARGS+= --disable-valgrind-tests
28CONFIGURE_ARGS+= --with-default-trust-store-file=${PREFIX}/share/mozilla-rootcerts/cacert.pem 29CONFIGURE_ARGS+= --with-default-trust-store-file=${PREFIX}/share/mozilla-rootcerts/cacert.pem
cvs diff -r1.67 -r1.68 pkgsrc/security/gnutls/PLIST (expand / switch to unified diff)

--- pkgsrc/security/gnutls/PLIST 2019/09/18 19:00:13 1.67
+++ pkgsrc/security/gnutls/PLIST 2019/10/04 17:25:53 1.68
@@ -1,60 +1,55 @@ @@ -1,60 +1,55 @@
1@comment $NetBSD: PLIST,v 1.67 2019/09/18 19:00:13 tnn Exp $ 1@comment $NetBSD: PLIST,v 1.68 2019/10/04 17:25:53 nia Exp $
2bin/certtool 2bin/certtool
3${PLIST.dane}bin/danetool 
4bin/gnutls-cli 3bin/gnutls-cli
5bin/gnutls-cli-debug 4bin/gnutls-cli-debug
6bin/gnutls-serv 5bin/gnutls-serv
7bin/ocsptool 6bin/ocsptool
8bin/p11tool 7bin/p11tool
9bin/psktool 8bin/psktool
10bin/srptool 9bin/srptool
11include/gnutls/abstract.h 10include/gnutls/abstract.h
12include/gnutls/compat.h 11include/gnutls/compat.h
13include/gnutls/crypto.h 12include/gnutls/crypto.h
14${PLIST.dane}include/gnutls/dane.h 
15include/gnutls/dtls.h 13include/gnutls/dtls.h
16include/gnutls/gnutls.h 14include/gnutls/gnutls.h
17include/gnutls/gnutlsxx.h 15include/gnutls/gnutlsxx.h
18include/gnutls/ocsp.h 16include/gnutls/ocsp.h
19include/gnutls/openpgp.h 17include/gnutls/openpgp.h
20include/gnutls/pkcs11.h 18include/gnutls/pkcs11.h
21include/gnutls/pkcs12.h 19include/gnutls/pkcs12.h
22include/gnutls/pkcs7.h 20include/gnutls/pkcs7.h
23include/gnutls/self-test.h 21include/gnutls/self-test.h
24include/gnutls/socket.h 22include/gnutls/socket.h
25include/gnutls/system-keys.h 23include/gnutls/system-keys.h
26include/gnutls/tpm.h 24include/gnutls/tpm.h
27include/gnutls/urls.h 25include/gnutls/urls.h
28include/gnutls/x509-ext.h 26include/gnutls/x509-ext.h
29include/gnutls/x509.h 27include/gnutls/x509.h
30info/gnutls-client-server-use-case.png 28info/gnutls-client-server-use-case.png
31info/gnutls-guile.info 29info/gnutls-guile.info
32info/gnutls-handshake-sequence.png 30info/gnutls-handshake-sequence.png
33info/gnutls-handshake-state.png 31info/gnutls-handshake-state.png
34info/gnutls-internals.png 32info/gnutls-internals.png
35info/gnutls-layers.png 33info/gnutls-layers.png
36info/gnutls-logo.png 34info/gnutls-logo.png
37info/gnutls-modauth.png 35info/gnutls-modauth.png
38info/gnutls-x509.png 36info/gnutls-x509.png
39info/gnutls.info 37info/gnutls.info
40info/pkcs11-vision.png 38info/pkcs11-vision.png
41${PLIST.dane}lib/libgnutls-dane.la 
42lib/libgnutls.la 39lib/libgnutls.la
43lib/libgnutlsxx.la 40lib/libgnutlsxx.la
44${PLIST.dane}lib/pkgconfig/gnutls-dane.pc 
45lib/pkgconfig/gnutls.pc 41lib/pkgconfig/gnutls.pc
46man/man1/certtool.1 42man/man1/certtool.1
47${PLIST.dane}man/man1/danetool.1 
48man/man1/gnutls-cli-debug.1 43man/man1/gnutls-cli-debug.1
49man/man1/gnutls-cli.1 44man/man1/gnutls-cli.1
50man/man1/gnutls-serv.1 45man/man1/gnutls-serv.1
51man/man1/ocsptool.1 46man/man1/ocsptool.1
52man/man1/p11tool.1 47man/man1/p11tool.1
53man/man1/psktool.1 48man/man1/psktool.1
54man/man1/srptool.1 49man/man1/srptool.1
55man/man1/tpmtool.1 50man/man1/tpmtool.1
56man/man3/dane_cert_type_name.3 51man/man3/dane_cert_type_name.3
57man/man3/dane_cert_usage_name.3 52man/man3/dane_cert_usage_name.3
58man/man3/dane_match_type_name.3 53man/man3/dane_match_type_name.3
59man/man3/dane_query_data.3 54man/man3/dane_query_data.3
60man/man3/dane_query_deinit.3 55man/man3/dane_query_deinit.3
@@ -62,29 +57,31 @@ man/man3/dane_query_entries.3 @@ -62,29 +57,31 @@ man/man3/dane_query_entries.3
62man/man3/dane_query_status.3 57man/man3/dane_query_status.3
63man/man3/dane_query_tlsa.3 58man/man3/dane_query_tlsa.3
64man/man3/dane_query_to_raw_tlsa.3 59man/man3/dane_query_to_raw_tlsa.3
65man/man3/dane_raw_tlsa.3 60man/man3/dane_raw_tlsa.3
66man/man3/dane_state_deinit.3 61man/man3/dane_state_deinit.3
67man/man3/dane_state_init.3 62man/man3/dane_state_init.3
68man/man3/dane_state_set_dlv_file.3 63man/man3/dane_state_set_dlv_file.3
69man/man3/dane_strerror.3 64man/man3/dane_strerror.3
70man/man3/dane_verification_status_print.3 65man/man3/dane_verification_status_print.3
71man/man3/dane_verify_crt.3 66man/man3/dane_verify_crt.3
72man/man3/dane_verify_crt_raw.3 67man/man3/dane_verify_crt_raw.3
73man/man3/dane_verify_session_crt.3 68man/man3/dane_verify_session_crt.3
74man/man3/gnutls_aead_cipher_decrypt.3 69man/man3/gnutls_aead_cipher_decrypt.3
 70man/man3/gnutls_aead_cipher_decryptv2.3
75man/man3/gnutls_aead_cipher_deinit.3 71man/man3/gnutls_aead_cipher_deinit.3
76man/man3/gnutls_aead_cipher_encrypt.3 72man/man3/gnutls_aead_cipher_encrypt.3
77man/man3/gnutls_aead_cipher_encryptv.3 73man/man3/gnutls_aead_cipher_encryptv.3
 74man/man3/gnutls_aead_cipher_encryptv2.3
78man/man3/gnutls_aead_cipher_init.3 75man/man3/gnutls_aead_cipher_init.3
79man/man3/gnutls_alert_get.3 76man/man3/gnutls_alert_get.3
80man/man3/gnutls_alert_get_name.3 77man/man3/gnutls_alert_get_name.3
81man/man3/gnutls_alert_get_strname.3 78man/man3/gnutls_alert_get_strname.3
82man/man3/gnutls_alert_send.3 79man/man3/gnutls_alert_send.3
83man/man3/gnutls_alert_send_appropriate.3 80man/man3/gnutls_alert_send_appropriate.3
84man/man3/gnutls_alpn_get_selected_protocol.3 81man/man3/gnutls_alpn_get_selected_protocol.3
85man/man3/gnutls_alpn_set_protocols.3 82man/man3/gnutls_alpn_set_protocols.3
86man/man3/gnutls_anon_allocate_client_credentials.3 83man/man3/gnutls_anon_allocate_client_credentials.3
87man/man3/gnutls_anon_allocate_server_credentials.3 84man/man3/gnutls_anon_allocate_server_credentials.3
88man/man3/gnutls_anon_free_client_credentials.3 85man/man3/gnutls_anon_free_client_credentials.3
89man/man3/gnutls_anon_free_server_credentials.3 86man/man3/gnutls_anon_free_server_credentials.3
90man/man3/gnutls_anon_set_params_function.3 87man/man3/gnutls_anon_set_params_function.3
File Added: pkgsrc/security/gnutls/PLIST.dane
@comment $NetBSD: PLIST.dane,v 1.1 2019/10/04 17:25:53 nia Exp $
bin/danetool
include/gnutls/dane.h
lib/libgnutls-dane.la
lib/pkgconfig/gnutls-dane.pc
man/man1/danetool.1
cvs diff -r1.139 -r1.140 pkgsrc/security/gnutls/distinfo (expand / switch to unified diff)

--- pkgsrc/security/gnutls/distinfo 2019/09/30 09:51:16 1.139
+++ pkgsrc/security/gnutls/distinfo 2019/10/04 17:25:53 1.140
@@ -1,18 +1,13 @@ @@ -1,18 +1,13 @@
1$NetBSD: distinfo,v 1.139 2019/09/30 09:51:16 maya Exp $ 1$NetBSD: distinfo,v 1.140 2019/10/04 17:25:53 nia Exp $
2 2
3SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296 3SHA1 (gnutls-3.6.10.tar.xz) = c073c6b0c57506a592854471576321be80f809d4
4RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513 4RMD160 (gnutls-3.6.10.tar.xz) = fe2df3aead55853711a0dbd80ef5dd648a4e09a7
5SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 5SHA512 (gnutls-3.6.10.tar.xz) = fe0481f9e4219e983b01b91e69ffd95819a4c0d0c09028509106d561967e9c5d900bc5e3a48140a34fa4467feda2a619085adf3fa8fdade96c8debf125e91ae8
6Size (gnutls-3.6.9.tar.xz) = 5773928 bytes 6Size (gnutls-3.6.10.tar.xz) = 5795984 bytes
7SHA1 (patch-cfg.mk) = c91374a0f9c3031ea90d7f8c455d9e7e42de464b 
8SHA1 (patch-config.h.in) = 9f403bd91ddb90d970ba56f91a56e0339848c026 
9SHA1 (patch-configure) = 0fcfa9255f15a43aced7262bc2c5084945910aec 
10SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7 7SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
11SHA1 (patch-lib_accelerated_x86_elf_aesni-x86.s) = 834fe259954c1806185d95a5029ba0379bd31cce 
12SHA1 (patch-lib_accelerated_x86_x86-common.c) = ccbf4e01f5bcb01b998e80294ecae2f0413680b8 
13SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc 8SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
14SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4 9SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4
15SHA1 (patch-src_libopts_compat_compat.h) = 240fbfc0ba20af35e0634ba873fe9e34bfbcc921 10SHA1 (patch-src_libopts_compat_compat.h) = 240fbfc0ba20af35e0634ba873fe9e34bfbcc921
16SHA1 (patch-src_libopts_libopts.c) = ce5e7681def882e95ed5ab770564d1f999b97039 11SHA1 (patch-src_libopts_libopts.c) = ce5e7681def882e95ed5ab770564d1f999b97039
17SHA1 (patch-src_libopts_makeshell.c) = e5b7d66caaec45e12ae5490d515fc9fc75de3d92 12SHA1 (patch-src_libopts_makeshell.c) = e5b7d66caaec45e12ae5490d515fc9fc75de3d92
18SHA1 (patch-src_libopts_proto.h) = 78f845bdcbac8de74953a3cee0b77fa9c5b05386 13SHA1 (patch-src_libopts_proto.h) = 78f845bdcbac8de74953a3cee0b77fa9c5b05386
cvs diff -r1.1 -r1.2 pkgsrc/security/gnutls/options.mk (expand / switch to unified diff)

--- pkgsrc/security/gnutls/options.mk 2019/09/18 15:27:05 1.1
+++ pkgsrc/security/gnutls/options.mk 2019/10/04 17:25:53 1.2
@@ -1,15 +1,14 @@ @@ -1,15 +1,14 @@
1# $NetBSD: options.mk,v 1.1 2019/09/18 15:27:05 ng0 Exp $ 1# $NetBSD: options.mk,v 1.2 2019/10/04 17:25:53 nia Exp $
2 2
3PKG_OPTIONS_VAR= PKG_OPTIONS.gnutls 3PKG_OPTIONS_VAR= PKG_OPTIONS.gnutls
4PKG_SUPPORTED_OPTIONS= dane 4PKG_SUPPORTED_OPTIONS= dane
5PLIST_VARS+= dane 
6 5
7.include "../../mk/bsd.options.mk" 6.include "../../mk/bsd.options.mk"
8 7
9.if !empty(PKG_OPTIONS:Mdane) 8.if !empty(PKG_OPTIONS:Mdane)
10.include "../../net/unbound/buildlink3.mk" 9.include "../../net/unbound/buildlink3.mk"
11CONFIGURE_ARGS+= --enable-libdane 10CONFIGURE_ARGS+= --enable-libdane
12PLIST.dane= yes 11PLIST_SRC+= PLIST.dane
13.else 12.else
14CONFIGURE_ARGS+= --disable-libdane 13CONFIGURE_ARGS+= --disable-libdane
15.endif 14.endif
File Deleted: pkgsrc/security/gnutls/patches/Attic/patch-cfg.mk
File Deleted: pkgsrc/security/gnutls/patches/Attic/patch-config.h.in
File Deleted: pkgsrc/security/gnutls/patches/Attic/patch-lib_accelerated_x86_elf_aesni-x86.s
File Deleted: pkgsrc/security/gnutls/patches/patch-configure
File Deleted: pkgsrc/security/gnutls/patches/Attic/patch-lib_accelerated_x86_x86-common.c