pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/security/hs-tls
From: Masatake Daimon
Date: 2024-05-04 08:10:14
Message id: 20240504061014.18418FA2C@cvs.NetBSD.org

Log Message:
security/hs-tls: Update to 2.0.5

Version 2.0.5

    Fixing handshake13_0rtt_fallback
    Client checks if the group of PSK is contained in Supported_Groups.
    HRR is not allowed for 0-RTT.

Version 2.0.4

    More fix for 0-RTT when application data is available while receiving CF.
    New util/tls-client and util/tls-server.

Version 2.0.3

    Fixing a bug where timeout in bye does not work.
    util/client -> util/tls-client
    util/server -> util/tls-server

Version 2.0.2

    Client checks sessionMaxEarlyDataSize to decide 0-RTT
    Client checks the resumption cipher properly.

Version 2.0.1

    Fix a leak of pending data to be sent.

Version 2.0.0

    tls now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
    Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed.
    Security: BREAKING CHANGE: all CBC cipher suite are removed.
    Security: BREAKING CHANGE: RC4 and 3DES are removed.
    Security: BREAKING CHANGE: DSS(digital signature standard) is removed.
    Security: BREAKING CHANGE: TLS 1.2 servers require EMS(extended main secret) \ 
by default. supportedExtendedMasterSec is renamed to \ 
supportedExtendedMainSecret.
    BREAKING CHANGE: the package is now complied with Strict and StrictData.
    BREAKING CHANGE: Many data structures are re-defined with PatternSynonyms \ 
for extensibility.
    BREAKING CHANGE: the structure of SessionManager is changed to support \ 
session tickets.
    API: BREAKING CHANGE: sendData can send early data (0-RTT). clientEarlyData \ 
is removed. To send early data via sendData, set clientUseEarlyData to True. \ 
#466
    API: handshake can receive an alert of client authentication failure for TLS \ 
1.3. #463
    API: bye can receive NewSessionTicket for TLS 1.3.
    Channel binding: getFinished and getPeerFinished are deprecated. Use \ 
getTLSUnique instead. #462
    Channel binding: getTLSExporter and getTLSServerEndPoint are provided. #462
    Refactoring: the monolithic handshake is divided to follow the diagram of \ 
TLS 1.2 and 1.3 for readability.
    Refactoring: test cases are refactored for maintenability and readablity. \ 
hspec is used instead of tasty.
    Code format: fourmolu is used as an official formatter.
    Catching up RFC8446bis-09. #467

Files:

Revision	Action	file
1.14	modify	pkgsrc/security/hs-tls/Makefile
1.5	modify	pkgsrc/security/hs-tls/PLIST
1.14	modify	pkgsrc/security/hs-tls/buildlink3.mk
1.8	modify	pkgsrc/security/hs-tls/distinfo