Subject: CVS commit: pkgsrc/security/gnutls
From: Adam Ciarcinski
Date: 2019-03-20 07:27:11
Message id: 20190320062712.0CF3EFB16@cvs.NetBSD.org

Log Message:
gnutls: updated to 3.6.6

Version 3.6.6:
* libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
  on the public key.
* libgnutls: Added support for raw public-key authentication as defined in RFC7250.
  Raw public-keys can be negotiated by enabling the corresponding certificate
  types via the priority strings. The raw public-key mechanism must be explicitly
  enabled via the GNUTLS_ENABLE_RAWPK init flag.
* libgnutls: When on server or client side we are sending no extensions we do
  not set an empty extensions field but we rather remove that field competely.
  This solves a regression since 3.5.x and improves compatibility of the server
  side with certain clients.
* libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
  the CKA_SIGN is not set.
* libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
  disable extensions at all cases, while providing a functional session. This
  also implies that when specified, TLS1.3 is disabled.
* libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
  The previous definition was non-functional.
* API and ABI modifications:
GNUTLS_ENABLE_RAWPK: Added
GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK)
GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated
GNUTLS_PCERT_NO_CERT: Deprecated

Files:
RevisionActionfile
1.133modifypkgsrc/security/gnutls/distinfo
1.63modifypkgsrc/security/gnutls/PLIST
1.194modifypkgsrc/security/gnutls/Makefile