Thu Nov 16 12:31:11 2023 UTC ()
gnutls: updated to 3.8.2

Version 3.8.2 (released 2023-11-14)

** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
   [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]

** libgnutls: Add API functions to perform ECDH and DH key agreement
   The functionality has been there for a long time though they were
   not available as part of the public API.  This enables applications
   to implement custom protocols leveraging non-interactive key
   agreement with ECDH and DH.

** libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452)
   The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and
   GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through
   the AEAD interface.  Note that, unlike
   GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is
   appended to the ciphertext, not prepended.

** libgnutls: transparent KTLS support is extended to FreeBSD kernel
   The kernel TLS feature can now be enabled on FreeBSD as well as
   Linux when compiled with the --enable-ktls configure option.

** gnutls-cli: New option --starttls-name
   Depending on deployment, application protocols such as XMPP may
   require a different origin address than the external address to be
   presented prior to STARTTLS negotiation.  The --starttls-name can
   be used to specify specify the addresses separately.


(adam)
diff -r1.244 -r1.245 pkgsrc/security/gnutls/Makefile
diff -r1.79 -r1.80 pkgsrc/security/gnutls/PLIST
diff -r1.158 -r1.159 pkgsrc/security/gnutls/distinfo
cvs diff -r1.244 -r1.245 pkgsrc/security/gnutls/Makefile (expand / switch to unified diff)

--- pkgsrc/security/gnutls/Makefile 2023/11/08 13:20:45 1.244
+++ pkgsrc/security/gnutls/Makefile 2023/11/16 12:31:11 1.245
@@ -1,17 +1,16 @@ @@ -1,17 +1,16 @@
1# $NetBSD: Makefile,v 1.244 2023/11/08 13:20:45 wiz Exp $ 1# $NetBSD: Makefile,v 1.245 2023/11/16 12:31:11 adam Exp $
2 2
3DISTNAME= gnutls-3.8.1 3DISTNAME= gnutls-3.8.2
4PKGREVISION= 2 
5CATEGORIES= security devel 4CATEGORIES= security devel
6MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ 5MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
7EXTRACT_SUFX= .tar.xz 6EXTRACT_SUFX= .tar.xz
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.gnutls.org/ 9HOMEPAGE= https://www.gnutls.org/
11COMMENT= Transport Layer Security library 10COMMENT= Transport Layer Security library
12LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 11LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1
13 12
14DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts 13DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
15 14
16PLIST_SRC= PLIST 15PLIST_SRC= PLIST
17 16
cvs diff -r1.79 -r1.80 pkgsrc/security/gnutls/PLIST (expand / switch to unified diff)

--- pkgsrc/security/gnutls/PLIST 2023/08/08 09:33:54 1.79
+++ pkgsrc/security/gnutls/PLIST 2023/11/16 12:31:11 1.80
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.79 2023/08/08 09:33:54 adam Exp $ 1@comment $NetBSD: PLIST,v 1.80 2023/11/16 12:31:11 adam Exp $
2bin/certtool 2bin/certtool
3bin/gnutls-cli 3bin/gnutls-cli
4bin/gnutls-cli-debug 4bin/gnutls-cli-debug
5bin/gnutls-serv 5bin/gnutls-serv
6bin/ocsptool 6bin/ocsptool
7bin/p11tool 7bin/p11tool
8bin/psktool 8bin/psktool
9include/gnutls/abstract.h 9include/gnutls/abstract.h
10include/gnutls/compat.h 10include/gnutls/compat.h
11include/gnutls/crypto.h 11include/gnutls/crypto.h
12include/gnutls/dtls.h 12include/gnutls/dtls.h
13include/gnutls/gnutls.h 13include/gnutls/gnutls.h
14include/gnutls/gnutlsxx.h 14include/gnutls/gnutlsxx.h
@@ -570,42 +570,45 @@ man/man3/gnutls_priority_get_cipher_suit @@ -570,42 +570,45 @@ man/man3/gnutls_priority_get_cipher_suit
570man/man3/gnutls_priority_group_list.3 570man/man3/gnutls_priority_group_list.3
571man/man3/gnutls_priority_init.3 571man/man3/gnutls_priority_init.3
572man/man3/gnutls_priority_init2.3 572man/man3/gnutls_priority_init2.3
573man/man3/gnutls_priority_kx_list.3 573man/man3/gnutls_priority_kx_list.3
574man/man3/gnutls_priority_mac_list.3 574man/man3/gnutls_priority_mac_list.3
575man/man3/gnutls_priority_protocol_list.3 575man/man3/gnutls_priority_protocol_list.3
576man/man3/gnutls_priority_set.3 576man/man3/gnutls_priority_set.3
577man/man3/gnutls_priority_set_direct.3 577man/man3/gnutls_priority_set_direct.3
578man/man3/gnutls_priority_sign_list.3 578man/man3/gnutls_priority_sign_list.3
579man/man3/gnutls_priority_string_list.3 579man/man3/gnutls_priority_string_list.3
580man/man3/gnutls_privkey_decrypt_data.3 580man/man3/gnutls_privkey_decrypt_data.3
581man/man3/gnutls_privkey_decrypt_data2.3 581man/man3/gnutls_privkey_decrypt_data2.3
582man/man3/gnutls_privkey_deinit.3 582man/man3/gnutls_privkey_deinit.3
 583man/man3/gnutls_privkey_derive_secret.3
 584man/man3/gnutls_privkey_export_dh_raw.3
583man/man3/gnutls_privkey_export_dsa_raw.3 585man/man3/gnutls_privkey_export_dsa_raw.3
584man/man3/gnutls_privkey_export_dsa_raw2.3 586man/man3/gnutls_privkey_export_dsa_raw2.3
585man/man3/gnutls_privkey_export_ecc_raw.3 587man/man3/gnutls_privkey_export_ecc_raw.3
586man/man3/gnutls_privkey_export_ecc_raw2.3 588man/man3/gnutls_privkey_export_ecc_raw2.3
587man/man3/gnutls_privkey_export_gost_raw2.3 589man/man3/gnutls_privkey_export_gost_raw2.3
588man/man3/gnutls_privkey_export_openpgp.3 590man/man3/gnutls_privkey_export_openpgp.3
589man/man3/gnutls_privkey_export_pkcs11.3 591man/man3/gnutls_privkey_export_pkcs11.3
590man/man3/gnutls_privkey_export_rsa_raw.3 592man/man3/gnutls_privkey_export_rsa_raw.3
591man/man3/gnutls_privkey_export_rsa_raw2.3 593man/man3/gnutls_privkey_export_rsa_raw2.3
592man/man3/gnutls_privkey_export_x509.3 594man/man3/gnutls_privkey_export_x509.3
593man/man3/gnutls_privkey_generate.3 595man/man3/gnutls_privkey_generate.3
594man/man3/gnutls_privkey_generate2.3 596man/man3/gnutls_privkey_generate2.3
595man/man3/gnutls_privkey_get_pk_algorithm.3 597man/man3/gnutls_privkey_get_pk_algorithm.3
596man/man3/gnutls_privkey_get_seed.3 598man/man3/gnutls_privkey_get_seed.3
597man/man3/gnutls_privkey_get_spki.3 599man/man3/gnutls_privkey_get_spki.3
598man/man3/gnutls_privkey_get_type.3 600man/man3/gnutls_privkey_get_type.3
 601man/man3/gnutls_privkey_import_dh_raw.3
599man/man3/gnutls_privkey_import_dsa_raw.3 602man/man3/gnutls_privkey_import_dsa_raw.3
600man/man3/gnutls_privkey_import_ecc_raw.3 603man/man3/gnutls_privkey_import_ecc_raw.3
601man/man3/gnutls_privkey_import_ext.3 604man/man3/gnutls_privkey_import_ext.3
602man/man3/gnutls_privkey_import_ext2.3 605man/man3/gnutls_privkey_import_ext2.3
603man/man3/gnutls_privkey_import_ext3.3 606man/man3/gnutls_privkey_import_ext3.3
604man/man3/gnutls_privkey_import_ext4.3 607man/man3/gnutls_privkey_import_ext4.3
605man/man3/gnutls_privkey_import_gost_raw.3 608man/man3/gnutls_privkey_import_gost_raw.3
606man/man3/gnutls_privkey_import_openpgp.3 609man/man3/gnutls_privkey_import_openpgp.3
607man/man3/gnutls_privkey_import_openpgp_raw.3 610man/man3/gnutls_privkey_import_openpgp_raw.3
608man/man3/gnutls_privkey_import_pkcs11.3 611man/man3/gnutls_privkey_import_pkcs11.3
609man/man3/gnutls_privkey_import_pkcs11_url.3 612man/man3/gnutls_privkey_import_pkcs11_url.3
610man/man3/gnutls_privkey_import_rsa_raw.3 613man/man3/gnutls_privkey_import_rsa_raw.3
611man/man3/gnutls_privkey_import_tpm_raw.3 614man/man3/gnutls_privkey_import_tpm_raw.3
@@ -645,41 +648,43 @@ man/man3/gnutls_psk_set_client_credentia @@ -645,41 +648,43 @@ man/man3/gnutls_psk_set_client_credentia
645man/man3/gnutls_psk_set_params_function.3 648man/man3/gnutls_psk_set_params_function.3
646man/man3/gnutls_psk_set_server_credentials_file.3 649man/man3/gnutls_psk_set_server_credentials_file.3
647man/man3/gnutls_psk_set_server_credentials_function.3 650man/man3/gnutls_psk_set_server_credentials_function.3
648man/man3/gnutls_psk_set_server_credentials_function2.3 651man/man3/gnutls_psk_set_server_credentials_function2.3
649man/man3/gnutls_psk_set_server_credentials_function3.3 652man/man3/gnutls_psk_set_server_credentials_function3.3
650man/man3/gnutls_psk_set_server_credentials_hint.3 653man/man3/gnutls_psk_set_server_credentials_hint.3
651man/man3/gnutls_psk_set_server_dh_params.3 654man/man3/gnutls_psk_set_server_dh_params.3
652man/man3/gnutls_psk_set_server_known_dh_params.3 655man/man3/gnutls_psk_set_server_known_dh_params.3
653man/man3/gnutls_psk_set_server_params_function.3 656man/man3/gnutls_psk_set_server_params_function.3
654man/man3/gnutls_pubkey_deinit.3 657man/man3/gnutls_pubkey_deinit.3
655man/man3/gnutls_pubkey_encrypt_data.3 658man/man3/gnutls_pubkey_encrypt_data.3
656man/man3/gnutls_pubkey_export.3 659man/man3/gnutls_pubkey_export.3
657man/man3/gnutls_pubkey_export2.3 660man/man3/gnutls_pubkey_export2.3
 661man/man3/gnutls_pubkey_export_dh_raw.3
658man/man3/gnutls_pubkey_export_dsa_raw.3 662man/man3/gnutls_pubkey_export_dsa_raw.3
659man/man3/gnutls_pubkey_export_dsa_raw2.3 663man/man3/gnutls_pubkey_export_dsa_raw2.3
660man/man3/gnutls_pubkey_export_ecc_raw.3 664man/man3/gnutls_pubkey_export_ecc_raw.3
661man/man3/gnutls_pubkey_export_ecc_raw2.3 665man/man3/gnutls_pubkey_export_ecc_raw2.3
662man/man3/gnutls_pubkey_export_ecc_x962.3 666man/man3/gnutls_pubkey_export_ecc_x962.3
663man/man3/gnutls_pubkey_export_gost_raw2.3 667man/man3/gnutls_pubkey_export_gost_raw2.3
664man/man3/gnutls_pubkey_export_rsa_raw.3 668man/man3/gnutls_pubkey_export_rsa_raw.3
665man/man3/gnutls_pubkey_export_rsa_raw2.3 669man/man3/gnutls_pubkey_export_rsa_raw2.3
666man/man3/gnutls_pubkey_get_key_id.3 670man/man3/gnutls_pubkey_get_key_id.3
667man/man3/gnutls_pubkey_get_key_usage.3 671man/man3/gnutls_pubkey_get_key_usage.3
668man/man3/gnutls_pubkey_get_openpgp_key_id.3 672man/man3/gnutls_pubkey_get_openpgp_key_id.3
669man/man3/gnutls_pubkey_get_pk_algorithm.3 673man/man3/gnutls_pubkey_get_pk_algorithm.3
670man/man3/gnutls_pubkey_get_preferred_hash_algorithm.3 674man/man3/gnutls_pubkey_get_preferred_hash_algorithm.3
671man/man3/gnutls_pubkey_get_spki.3 675man/man3/gnutls_pubkey_get_spki.3
672man/man3/gnutls_pubkey_import.3 676man/man3/gnutls_pubkey_import.3
 677man/man3/gnutls_pubkey_import_dh_raw.3
673man/man3/gnutls_pubkey_import_dsa_raw.3 678man/man3/gnutls_pubkey_import_dsa_raw.3
674man/man3/gnutls_pubkey_import_ecc_raw.3 679man/man3/gnutls_pubkey_import_ecc_raw.3
675man/man3/gnutls_pubkey_import_ecc_x962.3 680man/man3/gnutls_pubkey_import_ecc_x962.3
676man/man3/gnutls_pubkey_import_gost_raw.3 681man/man3/gnutls_pubkey_import_gost_raw.3
677man/man3/gnutls_pubkey_import_openpgp.3 682man/man3/gnutls_pubkey_import_openpgp.3
678man/man3/gnutls_pubkey_import_openpgp_raw.3 683man/man3/gnutls_pubkey_import_openpgp_raw.3
679man/man3/gnutls_pubkey_import_pkcs11.3 684man/man3/gnutls_pubkey_import_pkcs11.3
680man/man3/gnutls_pubkey_import_privkey.3 685man/man3/gnutls_pubkey_import_privkey.3
681man/man3/gnutls_pubkey_import_rsa_raw.3 686man/man3/gnutls_pubkey_import_rsa_raw.3
682man/man3/gnutls_pubkey_import_tpm_raw.3 687man/man3/gnutls_pubkey_import_tpm_raw.3
683man/man3/gnutls_pubkey_import_tpm_url.3 688man/man3/gnutls_pubkey_import_tpm_url.3
684man/man3/gnutls_pubkey_import_url.3 689man/man3/gnutls_pubkey_import_url.3
685man/man3/gnutls_pubkey_import_x509.3 690man/man3/gnutls_pubkey_import_x509.3
@@ -1171,26 +1176,27 @@ man/man3/gnutls_x509_privkey_export_gost @@ -1171,26 +1176,27 @@ man/man3/gnutls_x509_privkey_export_gost
1171man/man3/gnutls_x509_privkey_export_pkcs8.3 1176man/man3/gnutls_x509_privkey_export_pkcs8.3
1172man/man3/gnutls_x509_privkey_export_rsa_raw.3 1177man/man3/gnutls_x509_privkey_export_rsa_raw.3
1173man/man3/gnutls_x509_privkey_export_rsa_raw2.3 1178man/man3/gnutls_x509_privkey_export_rsa_raw2.3
1174man/man3/gnutls_x509_privkey_fix.3 1179man/man3/gnutls_x509_privkey_fix.3
1175man/man3/gnutls_x509_privkey_generate.3 1180man/man3/gnutls_x509_privkey_generate.3
1176man/man3/gnutls_x509_privkey_generate2.3 1181man/man3/gnutls_x509_privkey_generate2.3
1177man/man3/gnutls_x509_privkey_get_key_id.3 1182man/man3/gnutls_x509_privkey_get_key_id.3
1178man/man3/gnutls_x509_privkey_get_pk_algorithm.3 1183man/man3/gnutls_x509_privkey_get_pk_algorithm.3
1179man/man3/gnutls_x509_privkey_get_pk_algorithm2.3 1184man/man3/gnutls_x509_privkey_get_pk_algorithm2.3
1180man/man3/gnutls_x509_privkey_get_seed.3 1185man/man3/gnutls_x509_privkey_get_seed.3
1181man/man3/gnutls_x509_privkey_get_spki.3 1186man/man3/gnutls_x509_privkey_get_spki.3
1182man/man3/gnutls_x509_privkey_import.3 1187man/man3/gnutls_x509_privkey_import.3
1183man/man3/gnutls_x509_privkey_import2.3 1188man/man3/gnutls_x509_privkey_import2.3
 1189man/man3/gnutls_x509_privkey_import_dh_raw.3
1184man/man3/gnutls_x509_privkey_import_dsa_raw.3 1190man/man3/gnutls_x509_privkey_import_dsa_raw.3
1185man/man3/gnutls_x509_privkey_import_ecc_raw.3 1191man/man3/gnutls_x509_privkey_import_ecc_raw.3
1186man/man3/gnutls_x509_privkey_import_gost_raw.3 1192man/man3/gnutls_x509_privkey_import_gost_raw.3
1187man/man3/gnutls_x509_privkey_import_openssl.3 1193man/man3/gnutls_x509_privkey_import_openssl.3
1188man/man3/gnutls_x509_privkey_import_pkcs8.3 1194man/man3/gnutls_x509_privkey_import_pkcs8.3
1189man/man3/gnutls_x509_privkey_import_rsa_raw.3 1195man/man3/gnutls_x509_privkey_import_rsa_raw.3
1190man/man3/gnutls_x509_privkey_import_rsa_raw2.3 1196man/man3/gnutls_x509_privkey_import_rsa_raw2.3
1191man/man3/gnutls_x509_privkey_init.3 1197man/man3/gnutls_x509_privkey_init.3
1192man/man3/gnutls_x509_privkey_sec_param.3 1198man/man3/gnutls_x509_privkey_sec_param.3
1193man/man3/gnutls_x509_privkey_set_flags.3 1199man/man3/gnutls_x509_privkey_set_flags.3
1194man/man3/gnutls_x509_privkey_set_pin_function.3 1200man/man3/gnutls_x509_privkey_set_pin_function.3
1195man/man3/gnutls_x509_privkey_set_spki.3 1201man/man3/gnutls_x509_privkey_set_spki.3
1196man/man3/gnutls_x509_privkey_sign_data.3 1202man/man3/gnutls_x509_privkey_sign_data.3
cvs diff -r1.158 -r1.159 pkgsrc/security/gnutls/distinfo (expand / switch to unified diff)

--- pkgsrc/security/gnutls/distinfo 2023/08/08 09:33:54 1.158
+++ pkgsrc/security/gnutls/distinfo 2023/11/16 12:31:11 1.159
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.158 2023/08/08 09:33:54 adam Exp $ 1$NetBSD: distinfo,v 1.159 2023/11/16 12:31:11 adam Exp $
2 2
3BLAKE2s (gnutls-3.8.1.tar.xz) = 60446b094b25207f8a77a88cc7aac1c6e6a643f6d7a8f50a677a4b5ee25a64c6 3BLAKE2s (gnutls-3.8.2.tar.xz) = dcfa9d5ff11b94b54201386d216c3e6f3a9a1fd66c3685401a89bc5b51a96db9
4SHA512 (gnutls-3.8.1.tar.xz) = 22e78db86b835843df897d14ad633d8a553c0f9b1389daa0c2f864869c6b9ca889028d434f9552237dc4f1b37c978fbe0cce166e3768e5d4e8850ff69a6fc872 4SHA512 (gnutls-3.8.2.tar.xz) = b3aa6e0fa7272cfca0bb0d364fe5dc9ca70cfd41878631d57271ba0a597cf6020a55a19e97a2c02f13a253455b119d296cf6f701be2b4e6880ebeeb07c93ef38
5Size (gnutls-3.8.1.tar.xz) = 6447056 bytes 5Size (gnutls-3.8.2.tar.xz) = 6456540 bytes
6SHA1 (patch-configure) = 866d8a365b8338348230e47518788f494279b139 6SHA1 (patch-configure) = 866d8a365b8338348230e47518788f494279b139