Wed Sep 28 13:25:58 2022 UTC ()
gnutls: updated to 3.7.8

ersion 3.7.8 (released 2022-09-27)

** libgnutls: In FIPS140 mode, RSA signature verification is an approved
   operation if the key has modulus with known sizes (1024, 1280,
   1536, and 1792 bits), in addition to any modulus sizes larger than
   2048 bits, according to SP800-131A rev2.

** libgnutls: gnutls_session_channel_binding performs additional checks when
   GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
   "tls-exporter" channel binding is only usable when the handshake is
   bound to a unique master secret (i.e., either TLS 1.3 or extended
   master secret extension is negotiated). Otherwise the function now
   returns error.

** libgnutls: usage of the following functions, which are designed to
   loosen restrictions imposed by allowlisting mode of configuration,
   has been additionally restricted. Invoking them is now only allowed
   if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled

** API and ABI modifications:
No changes since last version.


(adam)
diff -r1.234 -r1.235 pkgsrc/security/gnutls/Makefile
diff -r1.155 -r1.156 pkgsrc/security/gnutls/distinfo
diff -r1.6 -r1.7 pkgsrc/security/gnutls/patches/patch-configure
cvs diff -r1.234 -r1.235 pkgsrc/security/gnutls/Makefile (expand / switch to unified diff)

--- pkgsrc/security/gnutls/Makefile 2022/07/29 08:04:47 1.234
+++ pkgsrc/security/gnutls/Makefile 2022/09/28 13:25:57 1.235
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.234 2022/07/29 08:04:47 adam Exp $ 1# $NetBSD: Makefile,v 1.235 2022/09/28 13:25:57 adam Exp $
2 2
3DISTNAME= gnutls-3.7.7 3DISTNAME= gnutls-3.7.8
4CATEGORIES= security devel 4CATEGORIES= security devel
5MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ 5MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
6EXTRACT_SUFX= .tar.xz 6EXTRACT_SUFX= .tar.xz
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= https://www.gnutls.org/ 9HOMEPAGE= https://www.gnutls.org/
10COMMENT= Transport Layer Security library 10COMMENT= Transport Layer Security library
11LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 11LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1
12 12
13DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts 13DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
14 14
15PLIST_SRC= PLIST 15PLIST_SRC= PLIST
16 16
cvs diff -r1.155 -r1.156 pkgsrc/security/gnutls/distinfo (expand / switch to unified diff)

--- pkgsrc/security/gnutls/distinfo 2022/07/29 08:04:47 1.155
+++ pkgsrc/security/gnutls/distinfo 2022/09/28 13:25:57 1.156
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
1$NetBSD: distinfo,v 1.155 2022/07/29 08:04:47 adam Exp $ 1$NetBSD: distinfo,v 1.156 2022/09/28 13:25:57 adam Exp $
2 2
3BLAKE2s (gnutls-3.7.7.tar.xz) = 07d831b44b5803abfaa5d8b04727e5b80e43132ea28d837761286c95d4d693d5 3BLAKE2s (gnutls-3.7.8.tar.xz) = a0f16a832acf448fd3a92c3c7389dbb962bf5a847c2637b1c865e40ef3bec1a0
4SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08 4SHA512 (gnutls-3.7.8.tar.xz) = 4199bcf7c9e3aab2f52266aadceefc563dfe2d938d0ea1f3ec3be95d66f4a8c8e5494d3a800c03dd02ad386dec1738bd63e1fe0d8b394a2ccfc7d6c6a0cc9359
5Size (gnutls-3.7.7.tar.xz) = 6351664 bytes 5Size (gnutls-3.7.8.tar.xz) = 6029220 bytes
6SHA1 (patch-configure) = c00675e61b23ee337d2ecedd4dc7a358fc712fcb 6SHA1 (patch-configure) = 6a4a78de339d4958557bba1dfea77a249237cabd
7SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc 7SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
cvs diff -r1.6 -r1.7 pkgsrc/security/gnutls/patches/patch-configure (expand / switch to unified diff)

--- pkgsrc/security/gnutls/patches/patch-configure 2022/07/29 08:04:48 1.6
+++ pkgsrc/security/gnutls/patches/patch-configure 2022/09/28 13:25:57 1.7
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1$NetBSD: patch-configure,v 1.6 2022/07/29 08:04:48 adam Exp $ 1$NetBSD: patch-configure,v 1.7 2022/09/28 13:25:57 adam Exp $
2 2
3Fix linking on Darwin. 3Fix linking on Darwin.
4 4
5--- configure.orig 2022-07-28 11:23:32.000000000 +0000 5--- configure.orig 2022-09-27 12:46:24.000000000 +0000
6+++ configure 6+++ configure
7@@ -11448,7 +11448,6 @@ printf "%s\n" "#define DYN_NCRYPT 1" >>c 7@@ -11379,7 +11379,6 @@ $as_echo "#define DYN_NCRYPT 1" >>confde
8 *darwin*) 8 *darwin*)
9 have_macosx=yes 9 have_macosx=yes
10 save_LDFLAGS="$LDFLAGS" 10 save_LDFLAGS="$LDFLAGS"
11- LDFLAGS="$LDFLAGS -Wl,-no_weak_imports" 11- LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
12 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5 12 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
13 printf %s "checking whether the linker supports -Wl,-no_weak_imports... " >&6; } 13 $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
14 cat confdefs.h - <<_ACEOF >conftest.$ac_ext 14 cat confdefs.h - <<_ACEOF >conftest.$ac_ext