./security/gnutls, Transport Layer Security library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.6.10, Package name: gnutls-3.6.10, Maintainer: pkgsrc-users

GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL
3.0 protocols. The library does not include any patented algorithms and is
available under the GNU Lesser GPL license.

Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods

Additionally GnuTLS provides an emulation API for the widely used OpenSSL
library, to ease integration with existing applications.


Required to run:
[archivers/lzo] [security/libtasn1] [devel/gmp] [devel/libcfg+] [security/mozilla-rootcerts] [security/nettle] [security/p11-kit] [textproc/libunistring]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: c073c6b0c57506a592854471576321be80f809d4
RMD160: fe2df3aead55853711a0dbd80ef5dd648a4e09a7
Filesize: 5660.141 KB

Version history: (Expand)


CVS history: (Expand)


   2019-10-04 19:25:54 by Nia Alarie | Files touched by this commit (10) | Package updated
Log message:
gnutls: Update to 3.6.10

* Version 3.6.10 (released 2019-09-29)

** libgnutls: Added support for deterministic ECDSA/DSA (RFC6979)
   Deterministic signing can be enabled by setting
   GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*()
   functions (#94).

** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2
   functions that will perform in-place encryption/decryption on data buffers (#718).

** libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under
   TLS1.3, if a timeout callback was not set using \ 
gnutls_transport_set_pull_timeout_function()
   (#823).

** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
   issue with large record handling due to random padding (#811).

** libgnutls: the server now selects the highest TLS protocol version,
   if TLS 1.3 is enabled and the client advertises an older protocol version \ 
first (#837).

** libgnutls: fix non-PIC assembly on i386 (#818).

** libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode
   and MAC generation based on GOST 28147-89 (IMIT). For description of the
   modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in
   RFC 7836.

** certtool: when outputting an encrypted private key do not insert the textual \ 
description
   of it. This fixes a regression since 3.6.5 (#840).

** API and ABI modifications:
gnutls_aead_cipher_encryptv2: Added
gnutls_aead_cipher_decryptv2: Added
GNUTLS_CIPHER_GOST28147_TC26Z_CNT: Added
GNUTLS_MAC_GOST28147_TC26Z_IMIT: Added
   2019-10-01 16:34:08 by Nia Alarie | Files touched by this commit (1)
Log message:
gnutls: No longer a GNU project
   2019-09-30 11:51:16 by Maya Rashish | Files touched by this commit (4) | Package updated
Log message:
gnutls: backport upstream commit to avoid text relocations on i386.

Regenerate asm files with -fPIC

PR pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and
text relocations on netbsd-9/i386

Bump PKGREVISION.
   2019-09-18 21:00:13 by Tobias Nygren | Files touched by this commit (1)
Log message:
gnutls: fix PLIST
   2019-09-18 17:27:05 by ng0 | Files touched by this commit (3)
Log message:
security/gnutls: Add ability to link against libunbound for DANE support.
   2019-09-16 19:01:46 by Niclas Rosenvik | Files touched by this commit (4)
Log message:
Fix compilation of gnutls with compilers missing __get_cpuid_count

Fix compilation of gnutls with compilers missing __get_cpuid_count.
Taken from upstream and fixed in version 3.6.10 .
Fixes compilation on NetBSD 8 without setting GCC_REQD.
   2019-09-16 02:28:48 by Nia Alarie | Files touched by this commit (3) | Package updated
Log message:
gnutls: Update to 3.6.9

* Version 3.6.9 (released 2019-07-25)

** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
   of digest or MAC context. Copying contexts for externally-registered digest \ 
and MAC
   contexts is unupported (#787).

** Marked the crypto implementation override APIs as deprecated. These APIs are \ 
rarely
   used, are for a niche use case, but have significant side effects, such as \ 
preventing
   any internal re-organization and extension of the internal cipher API. The \ 
APIs remain
   functional though a compiler warning will be issued, and a future minor \ 
version update
   may transform them to a no-op while keeping ABI compatibility (#789).

** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781).

** libgnutls: gnutls_privkey_sign_hash2 now accepts the \ 
GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
   flag as documented. This makes it a complete replacement of \ 
gnutls_privkey_sign_hash().

** libgnutls: Added support for Generalname registeredID.

** The priority configuration was enhanced to allow more elaborate
   system-wide configuration of the library (#587).
   The following changes were included:
    - The file is read as an ini file with '#' indicating a comment.
    - The section "[priorities]" or global follows the existing \ 
semantics of
      the configuration file, and allows to specify system-wide priority strings
      which are accessed with the '@' prefix.
    - The section "[overrides]" is added with the parameters \ 
"insecure-hash",
      "insecure-sig", "insecure-sig-for-cert", \ 
"disabled-curve",
      "disabled-version", "min-verification-profile", \ 
"tls-disabled-cipher",
      "tls-disabled-mac", "tls-disabled-group", \ 
"tls-disabled-kx", which prohibit
      specific algorithms or options globally. Existing algorithms in the
      library can be marked as disabled and insecure, but no hard-coded
      insecure algorithm can be marked as secure (so that the configuration
      cannot be abused to make the system vulnerable).
    - Unknown sections or options are skipped with a debug message, unless
      the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is
      set to 1.

** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE
    - 0x20: Enable SHA_NI instruction set

** API and ABI modifications:
gnutls_crypto_register_cipher: Deprecated
gnutls_crypto_register_aead_cipher: Deprecated
gnutls_crypto_register_digest: Deprecated
gnutls_crypto_register_mac: Deprecated
gnutls_get_system_config_file: Added
gnutls_hash_copy: Added
gnutls_hmac_copy: Added
GNUTLS_MAC_AES_GMAC_128: Added
GNUTLS_MAC_AES_GMAC_192: Added
GNUTLS_MAC_AES_CMAC_256: Added
GNUTLS_SAN_REGISTERED_ID: Added
   2019-08-15 17:46:15 by Sevan Janiyan | Files touched by this commit (2)
Log message:
Build fix for OS X Tiger via Macports