diff options
| author | adam <adam@pkgsrc.org> | 2022-05-18 18:26:14 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2022-05-18 18:26:14 +0000 |
| commit | 9be9d604e0d2051782d5fefa8c14f337b12d75e0 (patch) | |
| tree | d300187e06afa491a8f11de0275a88d2cc2501d1 | |
| parent | 0bf3c480d0a443a134e51257404654ae09513a96 (diff) | |
| download | pkgsrc-9be9d604e0d2051782d5fefa8c14f337b12d75e0.tar.gz | |
gnutls: updated to 3.7.5
Version 3.7.5 (released 2022-05-15)
** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority
modifier have been added to disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy. On the other hand, since session
tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now
only disables session tickets in TLS 1.2. Future backward incompatibility:
in the next major release of GnuTLS, we plan to remove those flag and
modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2.
** gnutls-cli, gnutls-serv: Channel binding for printing information
has been changed from tls-unique to tls-exporter as tls-unique is
not supported in TLS 1.3.
** libgnutls: Certificate sanity checks has been enhanced to make
gnutls more RFC 5280 compliant (!1583).
Following changes were included:
- critical extensions are parsed when loading x509
certificate to prohibit any random octet strings.
Requires strict-x509 configure option to be enabled
- garbage bits in Key Usage extension are prohibited
- empty DirectoryStrings in Distinguished name structures
of Issuer and Subject name are prohibited
** libgnutls: Removed 3DES from FIPS approved algorithms.
According to the section 2 of SP800-131A Rev.2, 3DES algorithm
will be disallowed for encryption after December 31, 2023:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
** libgnutls: Optimized support for AES-SIV-CMAC algorithms.
The existing AEAD API that works in a scatter-gather fashion
(gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
For further optimization, new function (gnutls_aead_cipher_set_key) has been
added to set key on the existing AEAD handle without re-allocation.
** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode
when used in TLS.
** The configure arguments for Brotli and Zstandard (zstd) support
have changed to reflect the previous help text: they are now
--with-brotli/--with-zstd respectively.
** Detecting the Zstandard (zstd) library in configure has been
fixed.
** API and ABI modifications:
GNUTLS_NO_TICKETS_TLS12: New flag
gnutls_aead_cipher_set_key: New function
| -rw-r--r-- | security/gnutls/Makefile | 4 | ||||
| -rw-r--r-- | security/gnutls/PLIST | 3 | ||||
| -rw-r--r-- | security/gnutls/distinfo | 8 |
3 files changed, 8 insertions, 7 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index cc66bdc36ac..44e0eca078f 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.230 2022/03/17 21:16:25 adam Exp $ +# $NetBSD: Makefile,v 1.231 2022/05/18 18:26:14 adam Exp $ -DISTNAME= gnutls-3.7.4 +DISTNAME= gnutls-3.7.5 CATEGORIES= security devel MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ EXTRACT_SUFX= .tar.xz diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST index 7cef495c055..f685815e2da 100644 --- a/security/gnutls/PLIST +++ b/security/gnutls/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.75 2022/03/17 21:16:25 adam Exp $ +@comment $NetBSD: PLIST,v 1.76 2022/05/18 18:26:14 adam Exp $ bin/certtool bin/gnutls-cli bin/gnutls-cli-debug @@ -74,6 +74,7 @@ man/man3/gnutls_aead_cipher_encrypt.3 man/man3/gnutls_aead_cipher_encryptv.3 man/man3/gnutls_aead_cipher_encryptv2.3 man/man3/gnutls_aead_cipher_init.3 +man/man3/gnutls_aead_cipher_set_key.3 man/man3/gnutls_alert_get.3 man/man3/gnutls_alert_get_name.3 man/man3/gnutls_alert_get_strname.3 diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index eb998940e29..3cf9969ac6c 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.152 2022/03/17 21:16:25 adam Exp $ +$NetBSD: distinfo,v 1.153 2022/05/18 18:26:14 adam Exp $ -BLAKE2s (gnutls-3.7.4.tar.xz) = 12888540cd6d75baa40b32bd4bcbc896e39c02d91b331cd979d3a477751b192d -SHA512 (gnutls-3.7.4.tar.xz) = 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6 -Size (gnutls-3.7.4.tar.xz) = 6131772 bytes +BLAKE2s (gnutls-3.7.5.tar.xz) = e6a818e9f5e44970e01639f3506620279befc63b8a72304527dcd2cb52d968b1 +SHA512 (gnutls-3.7.5.tar.xz) = 2e4898e6aeff4f82abd48e6a442f5c9ebe4ecaeb0c038b76e2da8e468f6a7ae37fef5e8de17d90346f29aa0b56a08abf67fe8b81ba09dcf4612cc3b97b830bec +Size (gnutls-3.7.5.tar.xz) = 6321392 bytes SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc |