gnutls: updated to 3.7.7

Version 3.7.7 (released 2022-07-28)

** libgnutls: Fixed double free during verification of pkcs7 signatures.
   [CVE-2022-2509]

** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
   equal to 255 times hash digest size, to comply with RFC 5869 2.3.

** libgnutls: Length limit for TLS PSK usernames has been increased
   from 128 to 65535 characters.

** libgnutls: AES-GCM encryption function now limits plaintext
   length to 2^39-256 bits, according to SP800-38D 5.2.1.1.

** libgnutls: New block cipher functions have been added to transparently
   handle padding.  gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
   used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
   add/remove padding if the length of the original plaintext is not a multiple
   of the block size.

** libgnutls: New function for manual FIPS self-testing.

** API and ABI modifications:
gnutls_fips140_run_self_tests: New function
gnutls_cipher_encrypt3: New function
gnutls_cipher_decrypt3: New function
gnutls_cipher_padding_flags_t: New enum

** guile: Guile 1.8 is no longer supported

** guile: Session record port treats premature termination as EOF
   Previously, a ‘gnutls-error’ exception with the
   ‘error/premature-termination’ value would be thrown while reading from a
   session record port when the underlying session was terminated
   prematurely.  This was inconvenient since users of the port may not be
   prepared to handle such an exception.
   Reading from the session record port now returns the end-of-file object
   instead of throwing an exception, just like it would for a proper
   session termination.

** guile: Session record ports can have a ‘close’ procedure.
   The ‘session-record-port’ procedure now takes an optional second
   parameter, and a new ‘set-session-record-port-close!’ procedure is
   provided to specify a ‘close’ procedure for a session record port.
   This ‘close’ procedure lets users specify cleanup operations for when
   the port is closed, such as closing the file descriptor or port that
   backs the underlying session.

4 files changed, 16 insertions, 14 deletions

diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile
index 4f32c53dfce..1bcf9656932 100644
--- a/security/gnutls/Makefile
+++ b/security/gnutls/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.233 2022/06/28 11:35:35 wiz Exp $
+# $NetBSD: Makefile,v 1.234 2022/07/29 08:04:47 adam Exp $
 
-DISTNAME=	gnutls-3.7.6
-PKGREVISION=	1
+DISTNAME=	gnutls-3.7.7
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/
 EXTRACT_SUFX=	.tar.xz
diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST
index f685815e2da..331f09cdcc2 100644
--- a/security/gnutls/PLIST
+++ b/security/gnutls/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.76 2022/05/18 18:26:14 adam Exp $
+@comment $NetBSD: PLIST,v 1.77 2022/07/29 08:04:47 adam Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -175,9 +175,11 @@ man/man3/gnutls_check_version.3
 man/man3/gnutls_cipher_add_auth.3
 man/man3/gnutls_cipher_decrypt.3
 man/man3/gnutls_cipher_decrypt2.3
+man/man3/gnutls_cipher_decrypt3.3
 man/man3/gnutls_cipher_deinit.3
 man/man3/gnutls_cipher_encrypt.3
 man/man3/gnutls_cipher_encrypt2.3
+man/man3/gnutls_cipher_encrypt3.3
 man/man3/gnutls_cipher_get.3
 man/man3/gnutls_cipher_get_block_size.3
 man/man3/gnutls_cipher_get_id.3
@@ -282,6 +284,7 @@ man/man3/gnutls_fips140_get_operation_state.3
 man/man3/gnutls_fips140_mode_enabled.3
 man/man3/gnutls_fips140_pop_context.3
 man/man3/gnutls_fips140_push_context.3
+man/man3/gnutls_fips140_run_self_tests.3
 man/man3/gnutls_fips140_set_mode.3
 man/man3/gnutls_get_library_config.3
 man/man3/gnutls_get_system_config_file.3
diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo
index 6e04dafa1f5..5371feef9cf 100644
--- a/security/gnutls/distinfo
+++ b/security/gnutls/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.154 2022/05/28 06:03:42 adam Exp $
+$NetBSD: distinfo,v 1.155 2022/07/29 08:04:47 adam Exp $
 
-BLAKE2s (gnutls-3.7.6.tar.xz) = 58d8a3d58663d0fd29fe8c29826cb82ff693e2a9de1d5d08341e4f2ddd7e6bba
-SHA512 (gnutls-3.7.6.tar.xz) = f872339df80ec31d292821ff00eaafbe50e0bd4cdbb86e21e4f78541cd0a26d843596d5e69c91de4db8ce7d027fc639ae6462b57d89fb116162ae63c5a97486a
-Size (gnutls-3.7.6.tar.xz) = 6338276 bytes
-SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa
+BLAKE2s (gnutls-3.7.7.tar.xz) = 07d831b44b5803abfaa5d8b04727e5b80e43132ea28d837761286c95d4d693d5
+SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08
+Size (gnutls-3.7.7.tar.xz) = 6351664 bytes
+SHA1 (patch-configure) = c00675e61b23ee337d2ecedd4dc7a358fc712fcb
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
diff --git a/security/gnutls/patches/patch-configure b/security/gnutls/patches/patch-configure
index de6c2622d0f..704b41efd3b 100644
--- a/security/gnutls/patches/patch-configure
+++ b/security/gnutls/patches/patch-configure
@@ -1,14 +1,14 @@
-$NetBSD: patch-configure,v 1.5 2020/04/01 08:24:07 adam Exp $
+$NetBSD: patch-configure,v 1.6 2022/07/29 08:04:48 adam Exp $
 
 Fix linking on Darwin.
 
---- configure.orig	2020-03-19 15:24:05.000000000 +0000
+--- configure.orig	2022-07-28 11:23:32.000000000 +0000
 +++ configure
-@@ -9698,7 +9698,6 @@ $as_echo "#define _UNICODE 1" >>confdefs
+@@ -11448,7 +11448,6 @@ printf "%s\n" "#define DYN_NCRYPT 1" >>c
    *darwin*)
      have_macosx=yes
      save_LDFLAGS="$LDFLAGS"
 -                LDFLAGS="$LDFLAGS -Wl,-no_weak_imports"
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
- $as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
+     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5
+ printf %s "checking whether the linker supports -Wl,-no_weak_imports... " >&6; }
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext