Mon May 31 11:08:45 2021 UTC ()
gnutls: update to 3.7.2.

* Version 3.7.2 (released 2021-05-29)

** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
   to disable TLS 1.3 middlebox compatibility mode

** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
   This can be enabled with --enable-afalg configure option, when libkcapi
   package is installed (#308).

** libgnutls: Fixed timing of early data exchange. Previously, the client was
   sending early data after receiving Server Hello, which not only negates the
   benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
   same ciphersuite is selected in initial and resumption handshake) (#1146).

** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
   copied from the signing CA by default (#1126).

** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
   GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
   deprecated and will be removed in the future releases.

** certtool: When producing certificates and certificate requests, subject DN
   components that are provided individually will now be ordered by
   assumed scale (e.g. Country before State, Organization before
   OrganizationalUnit).  This change also affects the order in which
   certtool prompts interactively.  Please rely on the template
   mechanism for automated use of certtool! (#1243)

** API and ABI modifications:
gnutls_early_cipher_get: Added
gnutls_early_prf_hash_get: Added


(wiz)
diff -r1.221 -r1.222 pkgsrc/security/gnutls/Makefile
diff -r1.72 -r1.73 pkgsrc/security/gnutls/PLIST
diff -r1.147 -r1.148 pkgsrc/security/gnutls/distinfo
cvs diff -r1.221 -r1.222 pkgsrc/security/gnutls/Makefile (expand / switch to unified diff)

--- pkgsrc/security/gnutls/Makefile 2021/05/24 19:53:52 1.221
+++ pkgsrc/security/gnutls/Makefile 2021/05/31 11:08:45 1.222
@@ -1,17 +1,16 @@ @@ -1,17 +1,16 @@
1# $NetBSD: Makefile,v 1.221 2021/05/24 19:53:52 wiz Exp $ 1# $NetBSD: Makefile,v 1.222 2021/05/31 11:08:45 wiz Exp $
2 2
3DISTNAME= gnutls-3.7.1 3DISTNAME= gnutls-3.7.2
4PKGREVISION= 2 
5CATEGORIES= security devel 4CATEGORIES= security devel
6MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ 5MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
7EXTRACT_SUFX= .tar.xz 6EXTRACT_SUFX= .tar.xz
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.gnutls.org/ 9HOMEPAGE= https://www.gnutls.org/
11COMMENT= Transport Layer Security library 10COMMENT= Transport Layer Security library
12LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 11LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1
13 12
14DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts 13DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
15 14
16PLIST_SRC= PLIST 15PLIST_SRC= PLIST
17 16
cvs diff -r1.72 -r1.73 pkgsrc/security/gnutls/PLIST (expand / switch to unified diff)

--- pkgsrc/security/gnutls/PLIST 2020/12/03 12:27:38 1.72
+++ pkgsrc/security/gnutls/PLIST 2021/05/31 11:08:45 1.73
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.72 2020/12/03 12:27:38 nia Exp $ 1@comment $NetBSD: PLIST,v 1.73 2021/05/31 11:08:45 wiz Exp $
2bin/certtool 2bin/certtool
3bin/gnutls-cli 3bin/gnutls-cli
4bin/gnutls-cli-debug 4bin/gnutls-cli-debug
5bin/gnutls-serv 5bin/gnutls-serv
6bin/ocsptool 6bin/ocsptool
7bin/p11tool 7bin/p11tool
8bin/psktool 8bin/psktool
9bin/srptool 9bin/srptool
10include/gnutls/abstract.h 10include/gnutls/abstract.h
11include/gnutls/compat.h 11include/gnutls/compat.h
12include/gnutls/crypto.h 12include/gnutls/crypto.h
13include/gnutls/dtls.h 13include/gnutls/dtls.h
14include/gnutls/gnutls.h 14include/gnutls/gnutls.h
@@ -16,26 +16,27 @@ include/gnutls/gnutlsxx.h @@ -16,26 +16,27 @@ include/gnutls/gnutlsxx.h
16include/gnutls/ocsp.h 16include/gnutls/ocsp.h
17include/gnutls/openpgp.h 17include/gnutls/openpgp.h
18include/gnutls/pkcs11.h 18include/gnutls/pkcs11.h
19include/gnutls/pkcs12.h 19include/gnutls/pkcs12.h
20include/gnutls/pkcs7.h 20include/gnutls/pkcs7.h
21include/gnutls/self-test.h 21include/gnutls/self-test.h
22include/gnutls/socket.h 22include/gnutls/socket.h
23include/gnutls/system-keys.h 23include/gnutls/system-keys.h
24include/gnutls/tpm.h 24include/gnutls/tpm.h
25include/gnutls/urls.h 25include/gnutls/urls.h
26include/gnutls/x509-ext.h 26include/gnutls/x509-ext.h
27include/gnutls/x509.h 27include/gnutls/x509.h
28info/gnutls-client-server-use-case.png 28info/gnutls-client-server-use-case.png
 29info/gnutls-crypto-layers.png
29info/gnutls-guile.info 30info/gnutls-guile.info
30info/gnutls-handshake-sequence.png 31info/gnutls-handshake-sequence.png
31info/gnutls-handshake-state.png 32info/gnutls-handshake-state.png
32info/gnutls-internals.png 33info/gnutls-internals.png
33info/gnutls-layers.png 34info/gnutls-layers.png
34info/gnutls-logo.png 35info/gnutls-logo.png
35info/gnutls-modauth.png 36info/gnutls-modauth.png
36info/gnutls-x509.png 37info/gnutls-x509.png
37info/gnutls.info 38info/gnutls.info
38info/pkcs11-vision.png 39info/pkcs11-vision.png
39lib/libgnutls.la 40lib/libgnutls.la
40lib/libgnutlsxx.la 41lib/libgnutlsxx.la
41lib/pkgconfig/gnutls.pc 42lib/pkgconfig/gnutls.pc
@@ -236,26 +237,28 @@ man/man3/gnutls_dh_set_prime_bits.3 @@ -236,26 +237,28 @@ man/man3/gnutls_dh_set_prime_bits.3
236man/man3/gnutls_digest_get_id.3 237man/man3/gnutls_digest_get_id.3
237man/man3/gnutls_digest_get_name.3 238man/man3/gnutls_digest_get_name.3
238man/man3/gnutls_digest_get_oid.3 239man/man3/gnutls_digest_get_oid.3
239man/man3/gnutls_digest_list.3 240man/man3/gnutls_digest_list.3
240man/man3/gnutls_dtls_cookie_send.3 241man/man3/gnutls_dtls_cookie_send.3
241man/man3/gnutls_dtls_cookie_verify.3 242man/man3/gnutls_dtls_cookie_verify.3
242man/man3/gnutls_dtls_get_data_mtu.3 243man/man3/gnutls_dtls_get_data_mtu.3
243man/man3/gnutls_dtls_get_mtu.3 244man/man3/gnutls_dtls_get_mtu.3
244man/man3/gnutls_dtls_get_timeout.3 245man/man3/gnutls_dtls_get_timeout.3
245man/man3/gnutls_dtls_prestate_set.3 246man/man3/gnutls_dtls_prestate_set.3
246man/man3/gnutls_dtls_set_data_mtu.3 247man/man3/gnutls_dtls_set_data_mtu.3
247man/man3/gnutls_dtls_set_mtu.3 248man/man3/gnutls_dtls_set_mtu.3
248man/man3/gnutls_dtls_set_timeouts.3 249man/man3/gnutls_dtls_set_timeouts.3
 250man/man3/gnutls_early_cipher_get.3
 251man/man3/gnutls_early_prf_hash_get.3
249man/man3/gnutls_ecc_curve_get.3 252man/man3/gnutls_ecc_curve_get.3
250man/man3/gnutls_ecc_curve_get_id.3 253man/man3/gnutls_ecc_curve_get_id.3
251man/man3/gnutls_ecc_curve_get_name.3 254man/man3/gnutls_ecc_curve_get_name.3
252man/man3/gnutls_ecc_curve_get_oid.3 255man/man3/gnutls_ecc_curve_get_oid.3
253man/man3/gnutls_ecc_curve_get_pk.3 256man/man3/gnutls_ecc_curve_get_pk.3
254man/man3/gnutls_ecc_curve_get_size.3 257man/man3/gnutls_ecc_curve_get_size.3
255man/man3/gnutls_ecc_curve_list.3 258man/man3/gnutls_ecc_curve_list.3
256man/man3/gnutls_encode_ber_digest_info.3 259man/man3/gnutls_encode_ber_digest_info.3
257man/man3/gnutls_encode_gost_rs_value.3 260man/man3/gnutls_encode_gost_rs_value.3
258man/man3/gnutls_encode_rs_value.3 261man/man3/gnutls_encode_rs_value.3
259man/man3/gnutls_error_is_fatal.3 262man/man3/gnutls_error_is_fatal.3
260man/man3/gnutls_error_to_alert.3 263man/man3/gnutls_error_to_alert.3
261man/man3/gnutls_est_record_overhead_size.3 264man/man3/gnutls_est_record_overhead_size.3
@@ -1195,26 +1198,27 @@ man/man3/gnutls_x509_trust_list_get_issu @@ -1195,26 +1198,27 @@ man/man3/gnutls_x509_trust_list_get_issu
1195man/man3/gnutls_x509_trust_list_get_ptr.3 1198man/man3/gnutls_x509_trust_list_get_ptr.3
1196man/man3/gnutls_x509_trust_list_init.3 1199man/man3/gnutls_x509_trust_list_init.3
1197man/man3/gnutls_x509_trust_list_iter_deinit.3 1200man/man3/gnutls_x509_trust_list_iter_deinit.3
1198man/man3/gnutls_x509_trust_list_iter_get_ca.3 1201man/man3/gnutls_x509_trust_list_iter_get_ca.3
1199man/man3/gnutls_x509_trust_list_remove_cas.3 1202man/man3/gnutls_x509_trust_list_remove_cas.3
1200man/man3/gnutls_x509_trust_list_remove_trust_file.3 1203man/man3/gnutls_x509_trust_list_remove_trust_file.3
1201man/man3/gnutls_x509_trust_list_remove_trust_mem.3 1204man/man3/gnutls_x509_trust_list_remove_trust_mem.3
1202man/man3/gnutls_x509_trust_list_set_getissuer_function.3 1205man/man3/gnutls_x509_trust_list_set_getissuer_function.3
1203man/man3/gnutls_x509_trust_list_set_ptr.3 1206man/man3/gnutls_x509_trust_list_set_ptr.3
1204man/man3/gnutls_x509_trust_list_verify_crt.3 1207man/man3/gnutls_x509_trust_list_verify_crt.3
1205man/man3/gnutls_x509_trust_list_verify_crt2.3 1208man/man3/gnutls_x509_trust_list_verify_crt2.3
1206man/man3/gnutls_x509_trust_list_verify_named_crt.3 1209man/man3/gnutls_x509_trust_list_verify_named_crt.3
1207share/doc/gnutls/gnutls-client-server-use-case.png 1210share/doc/gnutls/gnutls-client-server-use-case.png
 1211share/doc/gnutls/gnutls-crypto-layers.png
1208share/doc/gnutls/gnutls-handshake-sequence.png 1212share/doc/gnutls/gnutls-handshake-sequence.png
1209share/doc/gnutls/gnutls-handshake-state.png 1213share/doc/gnutls/gnutls-handshake-state.png
1210share/doc/gnutls/gnutls-internals.png 1214share/doc/gnutls/gnutls-internals.png
1211share/doc/gnutls/gnutls-layers.png 1215share/doc/gnutls/gnutls-layers.png
1212share/doc/gnutls/gnutls-logo.png 1216share/doc/gnutls/gnutls-logo.png
1213share/doc/gnutls/gnutls-modauth.png 1217share/doc/gnutls/gnutls-modauth.png
1214share/doc/gnutls/gnutls-x509.png 1218share/doc/gnutls/gnutls-x509.png
1215share/doc/gnutls/pkcs11-vision.png 1219share/doc/gnutls/pkcs11-vision.png
1216share/examples/gnutls/ex-alert.c 1220share/examples/gnutls/ex-alert.c
1217share/examples/gnutls/ex-cert-select-pkcs11.c 1221share/examples/gnutls/ex-cert-select-pkcs11.c
1218share/examples/gnutls/ex-cert-select.c 1222share/examples/gnutls/ex-cert-select.c
1219share/examples/gnutls/ex-client-anon.c 1223share/examples/gnutls/ex-client-anon.c
1220share/examples/gnutls/ex-client-dtls.c 1224share/examples/gnutls/ex-client-dtls.c
cvs diff -r1.147 -r1.148 pkgsrc/security/gnutls/distinfo (expand / switch to unified diff)

--- pkgsrc/security/gnutls/distinfo 2021/03/14 07:58:20 1.147
+++ pkgsrc/security/gnutls/distinfo 2021/05/31 11:08:45 1.148
@@ -1,13 +1,13 @@ @@ -1,13 +1,13 @@
1$NetBSD: distinfo,v 1.147 2021/03/14 07:58:20 wiz Exp $ 1$NetBSD: distinfo,v 1.148 2021/05/31 11:08:45 wiz Exp $
2 2
3SHA1 (gnutls-3.7.1.tar.xz) = 5de5d25534ee5910ea9ee6aaeeb6af1af4350c1e 3SHA1 (gnutls-3.7.2.tar.xz) = 02e12259680b6ad3ec973e0df6bf2cf0c5ef1100
4RMD160 (gnutls-3.7.1.tar.xz) = 134c7cbe291cb640afa834daa91ba087b9d9966f 4RMD160 (gnutls-3.7.2.tar.xz) = a095231e93c7e4e94d78e442e7f816b9748b24b1
5SHA512 (gnutls-3.7.1.tar.xz) = 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95 5SHA512 (gnutls-3.7.2.tar.xz) = 5d01d561a05379da71e4847e30ba13c2abe09f7a5c4359fd539d8bd19abad0ce87120f82ee7b6264e787bd3edbc5ae16beffa892983cbc3d59f11a1811c10329
6Size (gnutls-3.7.1.tar.xz) = 6038388 bytes 6Size (gnutls-3.7.2.tar.xz) = 6091508 bytes
7SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa 7SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
8SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc 8SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
9SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e 9SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e
10SHA1 (patch-src_libopts_compat_compat.h) = 6e88b5e73a56c296f356aa5ce7e6048e1bcff450 10SHA1 (patch-src_libopts_compat_compat.h) = 6e88b5e73a56c296f356aa5ce7e6048e1bcff450
11SHA1 (patch-src_libopts_libopts.c) = 6e2453a886aa4be0a17dfbdb8a23ef9d7a0f62f8 11SHA1 (patch-src_libopts_libopts.c) = 6e2453a886aa4be0a17dfbdb8a23ef9d7a0f62f8
12SHA1 (patch-src_libopts_makeshell.c) = 1b08ab63e6e382bd471699530e5d8bff075b3f24 12SHA1 (patch-src_libopts_makeshell.c) = 1b08ab63e6e382bd471699530e5d8bff075b3f24
13SHA1 (patch-src_libopts_proto.h) = 7601830e5ff45632ae337a387548f9ed5e591c4f 13SHA1 (patch-src_libopts_proto.h) = 7601830e5ff45632ae337a387548f9ed5e591c4f