Update to 3.4.1. From the changelog: The shared library major version of libtls has been bumped to 22. tls_connect(3) and friends now strip a trailing dot from servername. This patch imports the missing scripts/wrap-compiler-for-flag-check file, which was incorrectly causing compiler flags to not be used. >From the upstream LibreSSL changelog: * New Features - Added support for OpenSSL 1.1.1 TLSv1.3 APIs. - Enabled the new X.509 validator to allow verification of modern certificate chains. * Portable Improvements - Added Universal Windows Platform (UWP) build support. - Fixed mingw-w64 builds on newer versions with missing SSP support. * API and Documentation Enhancements - Added the following APIs from OpenSSL BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve EC_GROUP_order_bits EC_GROUP_set_curve EC_POINT_get_affine_coordinates EC_POINT_set_affine_coordinates EC_POINT_set_compressed_coordinates EVP_DigestSign EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable SSL_SESSION_set_max_early_data SSL_get_early_data_status SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio SSL_set_ciphersuites SSL_set_max_early_data SSL_set_post_handshake_auth SSL_set_psk_use_session_callback SSL_verify_client_post_handshake SSL_write_early_data - Added AES-GCM constants from RFC 7714 for SRTP. * Compatibility Changes - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache. - Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay. - Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE. - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback. * Testing and Proactive Security - Added additional state machine test coverage. - Improved integration test support with ruby/openssl tests. - Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests. * Internal Improvements - Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes and callback support compatible with the legacy OpenSSL validator.diff -r1.4 -r1.5 pkgsrc/security/libretls/Makefile
(schmonz)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.4 2021/05/22 09:12:31 schmonz Exp $ | 1 | # $NetBSD: Makefile,v 1.5 2021/10/18 14:33:04 schmonz Exp $ | |
2 | 2 | |||
3 | DISTNAME= libretls-3.3.3 | 3 | DISTNAME= libretls-3.4.1 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= https://causal.agency/libretls/ | 5 | MASTER_SITES= https://causal.agency/libretls/ | |
6 | 6 | |||
7 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
8 | HOMEPAGE= https://git.causal.agency/libretls/about | 8 | HOMEPAGE= https://git.causal.agency/libretls/about | |
9 | COMMENT= Port of libtls for OpenSSL | 9 | COMMENT= Port of libtls for OpenSSL | |
10 | LICENSE= isc | 10 | LICENSE= isc | |
11 | 11 | |||
12 | GNU_CONFIGURE= yes | 12 | GNU_CONFIGURE= yes | |
13 | USE_LIBTOOL= yes | 13 | USE_LIBTOOL= yes | |
14 | USE_TOOLS+= pkg-config | 14 | USE_TOOLS+= pkg-config | |
15 | 15 | |||
16 | PKGCONFIG_OVERRIDE+= libtls.pc.in | 16 | PKGCONFIG_OVERRIDE+= libtls.pc.in |
@@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
1 | $NetBSD: distinfo,v 1.5 2021/10/07 14:53:59 nia Exp $ | 1 | $NetBSD: distinfo,v 1.6 2021/10/18 14:33:04 schmonz Exp $ | |
2 | 2 | |||
3 | RMD160 (libretls-3.3.3.tar.gz) = 7e74978ec65dc104d0becb96abb8d8129c379339 | 3 | RMD160 (libretls-3.4.1.tar.gz) = ef9634114bece359b905185735131c34b83ce91e | |
4 | SHA512 (libretls-3.3.3.tar.gz) = 21128107ce833690f43400b11c2a841373bbe1f045a6db5ad6cbcbee181ddf97c173bb05ba41805ee0324d7435a52ad3027551f20083df9a3d052956a412bccd | 4 | SHA512 (libretls-3.4.1.tar.gz) = 5d8b8d6cafd4b3c7e97eb417dad35a415bd69d599e9ee720f5598452a6750589b570ffa52718062d2ae3477df81b2316064577a25d2c68fa673082bb766b16ad | |
5 | Size (libretls-3.3.3.tar.gz) = 434208 bytes | 5 | Size (libretls-3.4.1.tar.gz) = 435404 bytes |