[pkgsrc/trunk]: pkgsrc/security/gnutls gnutls: update to 3.6.12.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/gnutls gnutls: update to 3.6.12.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Sun, 09 Feb 2020 15:02:18 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4635d0cbc4dd
branches:  trunk
changeset: 411285:4635d0cbc4dd
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sun Feb 09 13:56:28 2020 +0000

description:
gnutls: update to 3.6.12.

* Version 3.6.12 (released 2020-02-01)

** libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
   to identify sessions that client request OCSP status request (#829).

** libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
   signature algorithm (RFC 8032) under TLS (#86).

** libgnutls: Added the default-priority-string option to system configuration;
   it allows overriding the compiled-in default-priority-string.

** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
   draft-smyshlyaev-tls12-gost-suites-07).
   By default this ciphersuite is disabled. It can be enabled by adding
   +GOST to priority string. In the future this priority string may enable
   other GOST ciphersuites as well.  Note, that server will fail to negotiate
   GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
   is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
   are enabled on GnuTLS-based servers.

** libgnutls: added priority shortcuts for different GOST categories like
   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.

** libgnutls: Reject certificates with invalid time fields. That is we reject
   certificates with invalid characters in Time fields, or invalid time formatting
   To continue accepting the invalid form compile with --disable-strict-der-time
   (#207, #870).

** libgnutls: Reject certificates which contain duplicate extensions. We were
   previously printing warnings when printing such a certificate, but that is
   not always sufficient to flag such certificates as invalid. Instead we now
   refuse to import them (#887).

** libgnutls: If a CA is found in the trusted list, check in addition to
   time validity, whether the algorithms comply to the expected level prior
   to accepting it. This addresses the problem of accepting CAs which would
   have been marked as insecure otherwise (#877).

** libgnutls: The min-verification-profile from system configuration applies
   for all certificate verifications, not only under TLS. The configuration can
   be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.

** libgnutls: The stapled OCSP certificate verification adheres to the convention
   used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.

** libgnutls: On client side only send OCSP staples if they have been requested
   by the server, and on server side always advertise that we support OCSP stapling
   (#876).

** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
   with gnutls_ocsp_req_t but const.

** certtool: Added the --verify-profile option to set a certificate
   verification profile. Use '--verify-profile low' for certificate verification
   to apply the 'NORMAL' verification profile.

** certtool: The add_extension template option is considered even when generating
   a certificate from a certificate request.

** API and ABI modifications:
GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added
GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Added
gnutls_ocsp_req_const_t: Added

diffstat:

 security/gnutls/Makefile |   5 ++---
 security/gnutls/PLIST    |   5 ++++-
 security/gnutls/distinfo |  10 +++++-----
 3 files changed, 11 insertions(+), 9 deletions(-)

diffs (57 lines):

diff -r d47e342ff3aa -r 4635d0cbc4dd security/gnutls/Makefile
--- a/security/gnutls/Makefile  Sun Feb 09 13:19:55 2020 +0000
+++ b/security/gnutls/Makefile  Sun Feb 09 13:56:28 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.205 2020/01/18 21:50:37 jperkin Exp $
+# $NetBSD: Makefile,v 1.206 2020/02/09 13:56:28 wiz Exp $
 
-DISTNAME=      gnutls-3.6.11.1
-PKGREVISION=   1
+DISTNAME=      gnutls-3.6.12
 CATEGORIES=    security devel
 MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz
diff -r d47e342ff3aa -r 4635d0cbc4dd security/gnutls/PLIST
--- a/security/gnutls/PLIST     Sun Feb 09 13:19:55 2020 +0000
+++ b/security/gnutls/PLIST     Sun Feb 09 13:56:28 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.68 2019/10/04 17:25:53 nia Exp $
+@comment $NetBSD: PLIST,v 1.69 2020/02/09 13:56:28 wiz Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -162,6 +162,8 @@
 man/man3/gnutls_certificate_type_get_id.3
 man/man3/gnutls_certificate_type_get_name.3
 man/man3/gnutls_certificate_type_list.3
+man/man3/gnutls_certificate_verification_profile_get_id.3
+man/man3/gnutls_certificate_verification_profile_get_name.3
 man/man3/gnutls_certificate_verification_status_print.3
 man/man3/gnutls_certificate_verify_peers.3
 man/man3/gnutls_certificate_verify_peers2.3
@@ -312,6 +314,7 @@
 man/man3/gnutls_hmac_copy.3
 man/man3/gnutls_hmac_deinit.3
 man/man3/gnutls_hmac_fast.3
+man/man3/gnutls_hmac_get_key_size.3
 man/man3/gnutls_hmac_get_len.3
 man/man3/gnutls_hmac_init.3
 man/man3/gnutls_hmac_output.3
diff -r d47e342ff3aa -r 4635d0cbc4dd security/gnutls/distinfo
--- a/security/gnutls/distinfo  Sun Feb 09 13:19:55 2020 +0000
+++ b/security/gnutls/distinfo  Sun Feb 09 13:56:28 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.141 2019/12/06 14:00:08 nia Exp $
+$NetBSD: distinfo,v 1.142 2020/02/09 13:56:28 wiz Exp $
 
-SHA1 (gnutls-3.6.11.1.tar.xz) = 2205863fefa0e070cbf2a6961bfa90c854286287
-RMD160 (gnutls-3.6.11.1.tar.xz) = a5182c63cc9e79c929c8cc098f36d55fd70789c8
-SHA512 (gnutls-3.6.11.1.tar.xz) = 55fbbf0ebc824fbc91ccd08d1708452c5b1c12af75e332f29414540eb2f81337fa605a693ce9f34319a927e9d71177e6e7ffea5c6747792d341fb740f68c9489
-Size (gnutls-3.6.11.1.tar.xz) = 5902328 bytes
+SHA1 (gnutls-3.6.12.tar.xz) = fa498b4d026e3ddfa74aa79adac27bfcd14e8b76
+RMD160 (gnutls-3.6.12.tar.xz) = f76e05c4a5f6c15277259b874bca475089c02630
+SHA512 (gnutls-3.6.12.tar.xz) = e1031fd1239d8b0f056a6b736e4c72c9268fb635f273527f310771c608b841cad7b6631401382ec3040d9b539180bf421882bf43427ad3549a5787d2864c2fa5
+Size (gnutls-3.6.12.tar.xz) = 5942064 bytes
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
 SHA1 (patch-src_libopts_autoopts_options.h) = ebeeafc834bce3b6b3f938e360b089e165ee4f9e
 SHA1 (patch-src_libopts_compat_compat.h) = 6e88b5e73a56c296f356aa5ce7e6048e1bcff450

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/gnutls to 3.6.12
Next by Date: [pkgsrc/trunk]: pkgsrc/security/libsecret libsecret: update to 0.20.1.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/gnutls to 3.6.12
Next by Thread: [pkgsrc/trunk]: pkgsrc/security/libsecret libsecret: update to 0.20.1.
Indexes:

Home | Main Index | Thread Index | Old Index