diff options
author | nia <nia@pkgsrc.org> | 2019-09-16 00:28:48 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2019-09-16 00:28:48 +0000 |
commit | e6347a9c2ded11bb7a0e264f0dcc869af7e9606d (patch) | |
tree | faa154928b4c3c7389e27b84de1f2071f4b71e45 /security | |
parent | 4ac2b49dbfe60e5d4c1b1736f11c45b4fe8d6c57 (diff) | |
download | pkgsrc-e6347a9c2ded11bb7a0e264f0dcc869af7e9606d.tar.gz |
gnutls: Update to 3.6.9
* Version 3.6.9 (released 2019-07-25)
** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
of digest or MAC context. Copying contexts for externally-registered digest and MAC
contexts is unupported (#787).
** Marked the crypto implementation override APIs as deprecated. These APIs are rarely
used, are for a niche use case, but have significant side effects, such as preventing
any internal re-organization and extension of the internal cipher API. The APIs remain
functional though a compiler warning will be issued, and a future minor version update
may transform them to a no-op while keeping ABI compatibility (#789).
** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781).
** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash().
** libgnutls: Added support for Generalname registeredID.
** The priority configuration was enhanced to allow more elaborate
system-wide configuration of the library (#587).
The following changes were included:
- The file is read as an ini file with '#' indicating a comment.
- The section "[priorities]" or global follows the existing semantics of
the configuration file, and allows to specify system-wide priority strings
which are accessed with the '@' prefix.
- The section "[overrides]" is added with the parameters "insecure-hash",
"insecure-sig", "insecure-sig-for-cert", "disabled-curve",
"disabled-version", "min-verification-profile", "tls-disabled-cipher",
"tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit
specific algorithms or options globally. Existing algorithms in the
library can be marked as disabled and insecure, but no hard-coded
insecure algorithm can be marked as secure (so that the configuration
cannot be abused to make the system vulnerable).
- Unknown sections or options are skipped with a debug message, unless
the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is
set to 1.
** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE
- 0x20: Enable SHA_NI instruction set
** API and ABI modifications:
gnutls_crypto_register_cipher: Deprecated
gnutls_crypto_register_aead_cipher: Deprecated
gnutls_crypto_register_digest: Deprecated
gnutls_crypto_register_mac: Deprecated
gnutls_get_system_config_file: Added
gnutls_hash_copy: Added
gnutls_hmac_copy: Added
GNUTLS_MAC_AES_GMAC_128: Added
GNUTLS_MAC_AES_GMAC_192: Added
GNUTLS_MAC_AES_CMAC_256: Added
GNUTLS_SAN_REGISTERED_ID: Added
Diffstat (limited to 'security')
-rw-r--r-- | security/gnutls/Makefile | 9 | ||||
-rw-r--r-- | security/gnutls/PLIST | 5 | ||||
-rw-r--r-- | security/gnutls/distinfo | 10 |
3 files changed, 13 insertions, 11 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index e182920a483..bff0711b604 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,13 +1,12 @@ -# $NetBSD: Makefile,v 1.198 2019/08/11 13:22:46 wiz Exp $ +# $NetBSD: Makefile,v 1.199 2019/09/16 00:28:48 nia Exp $ -DISTNAME= gnutls-3.6.8 -PKGREVISION= 2 +DISTNAME= gnutls-3.6.9 CATEGORIES= security devel -MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/ +MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/ EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= http://www.gnutls.org/ +HOMEPAGE= https://www.gnutls.org/ COMMENT= GNU Transport Layer Security library LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST index cfcf9215943..11230420db7 100644 --- a/security/gnutls/PLIST +++ b/security/gnutls/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.64 2019/07/11 14:53:36 sevan Exp $ +@comment $NetBSD: PLIST,v 1.65 2019/09/16 00:28:48 nia Exp $ bin/certtool bin/gnutls-cli bin/gnutls-cli-debug @@ -263,6 +263,7 @@ man/man3/gnutls_ext_set_data.3 man/man3/gnutls_fingerprint.3 man/man3/gnutls_fips140_mode_enabled.3 man/man3/gnutls_fips140_set_mode.3 +man/man3/gnutls_get_system_config_file.3 man/man3/gnutls_global_deinit.3 man/man3/gnutls_global_init.3 man/man3/gnutls_global_set_audit_log_function.3 @@ -288,6 +289,7 @@ man/man3/gnutls_handshake_set_private_extensions.3 man/man3/gnutls_handshake_set_random.3 man/man3/gnutls_handshake_set_timeout.3 man/man3/gnutls_hash.3 +man/man3/gnutls_hash_copy.3 man/man3/gnutls_hash_deinit.3 man/man3/gnutls_hash_fast.3 man/man3/gnutls_hash_get_len.3 @@ -305,6 +307,7 @@ man/man3/gnutls_hex_decode2.3 man/man3/gnutls_hex_encode.3 man/man3/gnutls_hex_encode2.3 man/man3/gnutls_hmac.3 +man/man3/gnutls_hmac_copy.3 man/man3/gnutls_hmac_deinit.3 man/man3/gnutls_hmac_fast.3 man/man3/gnutls_hmac_get_len.3 diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index eff2f2542c1..54e996994c8 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.136 2019/08/15 15:46:15 sevan Exp $ +$NetBSD: distinfo,v 1.137 2019/09/16 00:28:48 nia Exp $ -SHA1 (gnutls-3.6.8.tar.xz) = e1243188791af409bca118d31faf3ec3d5f0a5ab -RMD160 (gnutls-3.6.8.tar.xz) = a834679524f95a38a8a1ea77394906db637d33fe -SHA512 (gnutls-3.6.8.tar.xz) = 71f0899de0ffb2a39b25928042114e2bbfde7fbf2029d9f91f60bf60794916d13f544fc97337e4e3282e7faa17e79a8012b0e08f98805bee543c0ba4e5d5a905 -Size (gnutls-3.6.8.tar.xz) = 5712580 bytes +SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296 +RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513 +SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 +Size (gnutls-3.6.9.tar.xz) = 5773928 bytes SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7 SHA1 (patch-lib_accelerated_x86_x86-common.c) = eaf3c473b1ca83c5b15be26f8c06a82d7961420c SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc |