Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #6232 - requested by maya
security/gnutls: security fix
Revisions pulled up:
- security/gnutls/Makefile 1.210-1.213
- security/gnutls/PLIST 1.70-1.71
- security/gnutls/PLIST.guile 1.1
- security/gnutls/buildlink3.mk 1.37
- security/gnutls/distinfo 1.143-1.144
- security/gnutls/options.mk 1.3
- security/gnutls/patches/patch-configure 1.5
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 1 08:24:07 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-configure
Log Message:
gnutls: updated to 3.6.13
Version 3.6.13:
** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), \
since 3.6.3.
The DTLS client would not contribute any randomness to the DTLS negotiation,
breaking the security guarantees of the DTLS protocol
[GNUTLS-SA-2020-03-31, CVSS: high]
** libgnutls: Added new APIs to access KDF algorithms.
** libgnutls: Added new callback gnutls_keylog_func that enables a custom
logging functionality.
** libgnutls: Added support for non-null terminated usernames in PSK
negotiation.
** gnutls-cli-debug: Improved support for old servers that only support
SSL 3.0.
** API and ABI modifications:
gnutls_hkdf_extract: Added
gnutls_hkdf_expand: Added
gnutls_pbkdf2: Added
gnutls_session_get_keylog_function: Added
gnutls_session_set_keylog_function: Added
gnutls_prf_hash_get: Added
gnutls_psk_server_get_username2: Added
gnutls_psk_set_client_credentials2: Added
gnutls_psk_set_client_credentials_function2: Added
gnutls_psk_set_server_credentials_function2: Added
---
Module Name: pkgsrc
Committed By: nikita
Date: Thu May 14 14:30:02 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk
Added Files:
pkgsrc/security/gnutls: PLIST.guile
Log Message:
security/gnutls: revbump, add support for building guile bindings
---
Module Name: pkgsrc
Committed By: leot
Date: Mon Jun 8 19:48:14 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
gnutls: Update to 3.6.14
Changes:
3.6.14
------
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011).
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008).
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Added several improvements on Windows Vista and later releases
(!1257, !1254, !1256). Most notably the system random number generator now
uses Windows BCrypt* API if available (!1255).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added