gnutls: updated to 3.7.8 ersion 3.7.8 (released 2022-09-27) ** libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. ** libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. ** libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: gnutls_digest_set_secure gnutls_sign_set_secure gnutls_sign_set_secure_for_certs gnutls_protocol_set_enabled ** API and ABI modifications: No changes since last version.diff -r1.234 -r1.235 pkgsrc/security/gnutls/Makefile
(adam)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.234 2022/07/29 08:04:47 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.235 2022/09/28 13:25:57 adam Exp $ | |
2 | 2 | |||
3 | DISTNAME= gnutls-3.7.7 | 3 | DISTNAME= gnutls-3.7.8 | |
4 | CATEGORIES= security devel | 4 | CATEGORIES= security devel | |
5 | MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ | 5 | MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ | |
6 | EXTRACT_SUFX= .tar.xz | 6 | EXTRACT_SUFX= .tar.xz | |
7 | 7 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= https://www.gnutls.org/ | 9 | HOMEPAGE= https://www.gnutls.org/ | |
10 | COMMENT= Transport Layer Security library | 10 | COMMENT= Transport Layer Security library | |
11 | LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 | 11 | LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 | |
12 | 12 | |||
13 | DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts | 13 | DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts | |
14 | 14 | |||
15 | PLIST_SRC= PLIST | 15 | PLIST_SRC= PLIST | |
16 | 16 |
@@ -1,7 +1,7 @@ | @@ -1,7 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.155 2022/07/29 08:04:47 adam Exp $ | 1 | $NetBSD: distinfo,v 1.156 2022/09/28 13:25:57 adam Exp $ | |
2 | 2 | |||
3 | BLAKE2s (gnutls-3.7.7.tar.xz) = 07d831b44b5803abfaa5d8b04727e5b80e43132ea28d837761286c95d4d693d5 | 3 | BLAKE2s (gnutls-3.7.8.tar.xz) = a0f16a832acf448fd3a92c3c7389dbb962bf5a847c2637b1c865e40ef3bec1a0 | |
4 | SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08 | 4 | SHA512 (gnutls-3.7.8.tar.xz) = 4199bcf7c9e3aab2f52266aadceefc563dfe2d938d0ea1f3ec3be95d66f4a8c8e5494d3a800c03dd02ad386dec1738bd63e1fe0d8b394a2ccfc7d6c6a0cc9359 | |
5 | Size (gnutls-3.7.7.tar.xz) = 6351664 bytes | 5 | Size (gnutls-3.7.8.tar.xz) = 6029220 bytes | |
6 | SHA1 (patch-configure) = c00675e61b23ee337d2ecedd4dc7a358fc712fcb | 6 | SHA1 (patch-configure) = 6a4a78de339d4958557bba1dfea77a249237cabd | |
7 | SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc | 7 | SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | $NetBSD: patch-configure,v 1.6 2022/07/29 08:04:48 adam Exp $ | 1 | $NetBSD: patch-configure,v 1.7 2022/09/28 13:25:57 adam Exp $ | |
2 | 2 | |||
3 | Fix linking on Darwin. | 3 | Fix linking on Darwin. | |
4 | 4 | |||
5 | --- configure.orig 2022-07-28 11:23:32.000000000 +0000 | 5 | --- configure.orig 2022-09-27 12:46:24.000000000 +0000 | |
6 | +++ configure | 6 | +++ configure | |
7 | @@ -11448,7 +11448,6 @@ printf "%s\n" "#define DYN_NCRYPT 1" >>c | 7 | @@ -11379,7 +11379,6 @@ $as_echo "#define DYN_NCRYPT 1" >>confde | |
8 | *darwin*) | 8 | *darwin*) | |
9 | have_macosx=yes | 9 | have_macosx=yes | |
10 | save_LDFLAGS="$LDFLAGS" | 10 | save_LDFLAGS="$LDFLAGS" | |
11 | - LDFLAGS="$LDFLAGS -Wl,-no_weak_imports" | 11 | - LDFLAGS="$LDFLAGS -Wl,-no_weak_imports" | |
12 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5 | 12 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5 | |
13 | printf %s "checking whether the linker supports -Wl,-no_weak_imports... " >&6; } | 13 | $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; } | |
14 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | 14 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext |