Mon Oct 18 14:33:04 2021 UTC ()
Update to 3.4.1. From the changelog:

The shared library major version of libtls has been bumped to 22.

tls_connect(3) and friends now strip a trailing dot from servername.

This patch imports the missing scripts/wrap-compiler-for-flag-check
file, which was incorrectly causing compiler flags to not be used.

>From the upstream LibreSSL changelog:

* New Features
  - Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
  - Enabled the new X.509 validator to allow verification of
    modern certificate chains.
* Portable Improvements
  - Added Universal Windows Platform (UWP) build support.
  - Fixed mingw-w64 builds on newer versions with missing SSP support.
* API and Documentation Enhancements
  - Added the following APIs from OpenSSL
    BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
    EC_GROUP_order_bits EC_GROUP_set_curve
    EC_POINT_get_affine_coordinates
    EC_POINT_set_affine_coordinates
    EC_POINT_set_compressed_coordinates EVP_DigestSign
    EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
    SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
    SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
    SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
    SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
    SSL_SESSION_set_max_early_data SSL_get_early_data_status
    SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
    SSL_set_ciphersuites SSL_set_max_early_data
    SSL_set_post_handshake_auth
    SSL_set_psk_use_session_callback
    SSL_verify_client_post_handshake SSL_write_early_data
  - Added AES-GCM constants from RFC 7714 for SRTP.
* Compatibility Changes
  - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
  - Call the info callback on connect/accept exit in TLSv1.3,
    needed for p5-Net-SSLeay.
  - Default to using named curve parameter encoding from
    pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
  - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
* Testing and Proactive Security
  - Added additional state machine test coverage.
  - Improved integration test support with ruby/openssl tests.
  - Error codes and callback support in new X.509 validator made
    compatible with p5-Net_SSLeay tests.
* Internal Improvements
  - Numerous fixes and improvements to the new X.509 validator to
    ensure compatible error codes and callback support compatible
    with the legacy OpenSSL validator.


(schmonz)
diff -r1.4 -r1.5 pkgsrc/security/libretls/Makefile
diff -r1.5 -r1.6 pkgsrc/security/libretls/distinfo
cvs diff -r1.4 -r1.5 pkgsrc/security/libretls/Makefile (expand / switch to unified diff)

--- pkgsrc/security/libretls/Makefile 2021/05/22 09:12:31 1.4
+++ pkgsrc/security/libretls/Makefile 2021/10/18 14:33:04 1.5
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.4 2021/05/22 09:12:31 schmonz Exp $ 1# $NetBSD: Makefile,v 1.5 2021/10/18 14:33:04 schmonz Exp $
2 2
3DISTNAME= libretls-3.3.3 3DISTNAME= libretls-3.4.1
4CATEGORIES= security 4CATEGORIES= security
5MASTER_SITES= https://causal.agency/libretls/ 5MASTER_SITES= https://causal.agency/libretls/
6 6
7MAINTAINER= pkgsrc-users@NetBSD.org 7MAINTAINER= pkgsrc-users@NetBSD.org
8HOMEPAGE= https://git.causal.agency/libretls/about 8HOMEPAGE= https://git.causal.agency/libretls/about
9COMMENT= Port of libtls for OpenSSL 9COMMENT= Port of libtls for OpenSSL
10LICENSE= isc 10LICENSE= isc
11 11
12GNU_CONFIGURE= yes 12GNU_CONFIGURE= yes
13USE_LIBTOOL= yes 13USE_LIBTOOL= yes
14USE_TOOLS+= pkg-config 14USE_TOOLS+= pkg-config
15 15
16PKGCONFIG_OVERRIDE+= libtls.pc.in 16PKGCONFIG_OVERRIDE+= libtls.pc.in
cvs diff -r1.5 -r1.6 pkgsrc/security/libretls/distinfo (expand / switch to unified diff)

--- pkgsrc/security/libretls/distinfo 2021/10/07 14:53:59 1.5
+++ pkgsrc/security/libretls/distinfo 2021/10/18 14:33:04 1.6
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.5 2021/10/07 14:53:59 nia Exp $ 1$NetBSD: distinfo,v 1.6 2021/10/18 14:33:04 schmonz Exp $
2 2
3RMD160 (libretls-3.3.3.tar.gz) = 7e74978ec65dc104d0becb96abb8d8129c379339 3RMD160 (libretls-3.4.1.tar.gz) = ef9634114bece359b905185735131c34b83ce91e
4SHA512 (libretls-3.3.3.tar.gz) = 21128107ce833690f43400b11c2a841373bbe1f045a6db5ad6cbcbee181ddf97c173bb05ba41805ee0324d7435a52ad3027551f20083df9a3d052956a412bccd 4SHA512 (libretls-3.4.1.tar.gz) = 5d8b8d6cafd4b3c7e97eb417dad35a415bd69d599e9ee720f5598452a6750589b570ffa52718062d2ae3477df81b2316064577a25d2c68fa673082bb766b16ad
5Size (libretls-3.3.3.tar.gz) = 434208 bytes 5Size (libretls-3.4.1.tar.gz) = 435404 bytes