From 67674fabdac003971f43498a5ecdcdc8a8fda613 Mon Sep 17 00:00:00 2001 From: wiz Date: Sun, 14 Mar 2021 07:58:20 +0000 Subject: gnutls: update to 3.7.1. * Version 3.7.1 (released 2021-03-10) ** libgnutls: Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. When sending those extensions, the client may dereference a pointer no longer valid after realloc. This happens only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] ** libgnutls: Fixed a regression in handling duplicated certs in a chain (#1131). ** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox compatibiltiy mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions (#1074). ** libgnutls: W32 performance improvement with a new sendmsg()-like transport implementation (!1377). ** libgnutls: Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode (#1101). ** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). --- security/gnutls/Makefile | 10 ++++------ security/gnutls/distinfo | 10 +++++----- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 416c11614a3..46ac55cd051 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.218 2020/12/03 12:27:38 nia Exp $ +# $NetBSD: Makefile,v 1.219 2021/03/14 07:58:20 wiz Exp $ -DISTNAME= gnutls-3.7.0 +DISTNAME= gnutls-3.7.1 CATEGORIES= security devel MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v${PKGVERSION_NOREV:R}/ EXTRACT_SUFX= .tar.xz @@ -33,18 +33,16 @@ CONFIGURE_ARGS.FreeBSD+= ac_cv_type_max_align_t=yes .include "options.mk" +# one failure as of 3.7.1 +# https://gitlab.com/gnutls/gnutls/-/issues/1190 TEST_TARGET= check INFO_FILES= yes -REPLACE_BASH+= tests/cert-tests/certtool REPLACE_BASH+= tests/danetool.sh REPLACE_BASH+= tests/fastopen.sh REPLACE_BASH+= tests/gnutls-cli-debug.sh -REPLACE_BASH+= tests/ocsp-tests/ocsp-must-staple-connection -REPLACE_BASH+= tests/ocsp-tests/ocsp-tls-connection REPLACE_BASH+= tests/starttls.sh -REPLACE_BASH+= tests/cert-tests/pkcs12-utf8 REPLACE_PERL+= doc/scripts/gdoc doc/scripts/sort2.pl diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index d5012de5430..aba13e19ad1 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.146 2020/12/03 12:27:38 nia Exp $ +$NetBSD: distinfo,v 1.147 2021/03/14 07:58:20 wiz Exp $ -SHA1 (gnutls-3.7.0.tar.xz) = d535ebe4ae157fb79dbc34a2cf17b5173906ea0e -RMD160 (gnutls-3.7.0.tar.xz) = 764391c259d604a0267bb673649738bc3a495507 -SHA512 (gnutls-3.7.0.tar.xz) = 5cf1025f2d0a0cbf5a83dd7f3b22dafd1769f7c3349096c0272d08573bb5ff87f510e0e69b4bbb47dad1b64476aa5479804b2f4ceb2216cd747bbc53bf42d885 -Size (gnutls-3.7.0.tar.xz) = 6129176 bytes +SHA1 (gnutls-3.7.1.tar.xz) = 5de5d25534ee5910ea9ee6aaeeb6af1af4350c1e +RMD160 (gnutls-3.7.1.tar.xz) = 134c7cbe291cb640afa834daa91ba087b9d9966f +SHA512 (gnutls-3.7.1.tar.xz) = 0fe801f03676c3bd970387f94578c8be7ba6030904989e7d21dffdc726209bab44c8096fbcb6d51fed2de239537bd00df2338ee9c8d984a1c386826b91062a95 +Size (gnutls-3.7.1.tar.xz) = 6038388 bytes SHA1 (patch-configure) = 3653f74914f874aa369f62c8b267a46fd6b78eaa SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e -- cgit v1.2.3