diff options
author | leot <leot@pkgsrc.org> | 2020-09-07 15:47:15 +0000 |
---|---|---|
committer | leot <leot@pkgsrc.org> | 2020-09-07 15:47:15 +0000 |
commit | 9f99b2fece75545e43b5c2255d7ea2b263855436 (patch) | |
tree | 91785c673f771617183e336e70f93cb407e7e27a /security | |
parent | 14ec51db530fb58a60ec38d94a507c9b61dda542 (diff) | |
download | pkgsrc-9f99b2fece75545e43b5c2255d7ea2b263855436.tar.gz |
gnutls: Update to 3.6.15
Changes:
3.6.15
------
** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3 client to
crash via a null-pointer dereference. The crash happens in the application's
error handling path, where the gnutls_deinit function is called after
detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium]
** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
indicates that with a false return value (!1306).
** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
accordingly to SP800-56A rev 3 (!1295, !1299).
** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
the size of the internal base64 blob (#1025). The new behavior aligns to the
existing documentation.
** libgnutls: Certificate verification failue due to OCSP must-stapling is not
honered is now correctly marked with the GNUTLS_CERT_INVALID flag
(!1317). The new behavior aligns to the existing documentation.
** libgnutls: The audit log message for weak hashes is no longer printed twice
(!1301).
** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
disabled in the priority string. Previously, even when TLS 1.2 is explicitly
disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
enabled (#1054).
** API and ABI modifications:
No changes since last version.
Diffstat (limited to 'security')
-rw-r--r-- | security/gnutls/Makefile | 5 | ||||
-rw-r--r-- | security/gnutls/distinfo | 10 |
2 files changed, 7 insertions, 8 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 64580d2cf62..28b4ee84283 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.216 2020/08/31 18:11:07 wiz Exp $ +# $NetBSD: Makefile,v 1.217 2020/09/07 15:47:15 leot Exp $ -DISTNAME= gnutls-3.6.14 -PKGREVISION= 2 +DISTNAME= gnutls-3.6.15 CATEGORIES= security devel MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/ EXTRACT_SUFX= .tar.xz diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index b1eabc31f6d..1a17df26dfe 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.144 2020/06/08 19:48:14 leot Exp $ +$NetBSD: distinfo,v 1.145 2020/09/07 15:47:15 leot Exp $ -SHA1 (gnutls-3.6.14.tar.xz) = bea1b5abcb691acf014e592f41d0a9580a41216a -RMD160 (gnutls-3.6.14.tar.xz) = 89c4f89e4453c2d08ad0918fbf099d9fbcfe9cba -SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604 -Size (gnutls-3.6.14.tar.xz) = 6069088 bytes +SHA1 (gnutls-3.6.15.tar.xz) = 00ef7d93347df586c3d1a00f13c326706c0c59ba +RMD160 (gnutls-3.6.15.tar.xz) = 870c338ae8c2b6acd7000eb7daa287082ab04609 +SHA512 (gnutls-3.6.15.tar.xz) = f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c +Size (gnutls-3.6.15.tar.xz) = 6081656 bytes SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e |