Log message:
revbump for boost-libs

Log message:
gnutls: update to 3.7.1.

* Version 3.7.1 (released 2021-03-10)

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]

** libgnutls: Fixed a regression in handling duplicated certs in a
   chain (#1131).

** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox
   compatibiltiy mode. In that mode the client shall always send a
   non-zero session ID to make the handshake resemble the TLS 1.2
   resumption; this was not true in the previous versions (#1074).

** libgnutls: W32 performance improvement with a new sendmsg()-like
   transport implementation (!1377).

** libgnutls: Removed dependency on the external 'fipscheck' package,
   when compiled with --enable-fips140-mode (#1101).

** libgnutls: Added padlock acceleration for AES-192-CBC (#1004).

Log message:
gnutls: Update to 3.7.0

* Version 3.7.0 (released 2020-12-02)

** libgnutls: Depend on nettle 3.6 (!1322).

** libgnutls: Added a new API that provides a callback function to
   retrieve missing certificates from incomplete certificate chains
   (#202, #968, #1100).

** libgnutls: Added a new API that provides a callback function to
   output the complete path to the trusted root during certificate
   chain verification (#1012).

** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the
   terminating null bytes, while the data field is null terminated.
   The affected API functions are: gnutls_ocsp_req_get_extension,
   gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
   (#805).

** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849,
   #850).

** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are
   now no-op (#790).

** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161).

** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin
   CPU (#1079).

** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31
   bytes to 255 bytes (#932).

** API and ABI modifications:
gnutls_x509_trust_list_set_getissuer_function: Added
gnutls_x509_trust_list_get_ptr: Added
gnutls_x509_trust_list_set_ptr: Added
gnutls_session_set_verify_output_function: Added
gnutls_record_encryption_level_t: New enum
gnutls_handshake_read_func: New callback type
gnutls_handshake_set_read_function: New function
gnutls_handshake_write: New function
gnutls_handshake_secret_func: New callback type
gnutls_handshake_set_secret_function: New function
gnutls_alert_read_func: New callback type
gnutls_alert_set_read_function: New function
gnutls_crypto_register_cipher: Deprecated; no-op
gnutls_crypto_register_aead_cipher: Deprecated; no-op
gnutls_crypto_register_mac: Deprecated; no-op
gnutls_crypto_register_digest: Deprecated; no-op

Log message:
gnutls: Update to 3.6.15

Changes:
3.6.15
------
** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
   The server sending a "no_renegotiation" alert in an unexpected timing,
   followed by an invalid second handshake was able to cause a TLS 1.3 client to
   crash via a null-pointer dereference. The crash happens in the application's
   error handling path, where the gnutls_deinit function is called after
   detecting a handshake failure (#1071).  [GNUTLS-SA-2020-09-04, CVSS: medium]

** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
   indicates that with a false return value (!1306).

** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
   accordingly to SP800-56A rev 3 (!1295, !1299).

** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
   the size of the internal base64 blob (#1025). The new behavior aligns to the
   existing documentation.

** libgnutls: Certificate verification failue due to OCSP must-stapling is not
   honered is now correctly marked with the GNUTLS_CERT_INVALID flag
   (!1317). The new behavior aligns to the existing documentation.

** libgnutls: The audit log message for weak hashes is no longer printed twice
   (!1301).

** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
   disabled in the priority string. Previously, even when TLS 1.2 is explicitly
   disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if \ 
TLS 1.3 is
   enabled (#1054).

** API and ABI modifications:
No changes since last version.

Log message:
*: bump PKGREVISION for perl-5.32.

Log message:
CentOS 6's /usr/bin/as is too old to build the ssse3 hardware
acceleration code. If we're x86_64, and the assembler is GNU, and the
version is too old, disable hardware acceleration. Other non-working
combinations can be added as they're discovered. No functional change
intended to any platforms where this previously built, but since it's
hard to be sure of that, I'm bumping PKGREVISION.

Alternatively, we could build with gas from devel/binutils when needed.
multimedia/libvpx says it does this (for similar reasons), but I
couldn't get that to work here, and am suspicious whether it still
works there.

Log message:
gnutls: fix detection of build options

Log message:
gnutls: Update to 3.6.14

Changes:
3.6.14
------
 * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
   The TLS server would not bind the session ticket encryption key with a
   value supplied by the application until the initial key rotation, allowing
   attacker to bypass authentication in TLS 1.3 and recover previous
   conversations in TLS 1.2 (#1011).
   [GNUTLS-SA-2020-06-03, CVSS: high]

 * libgnutls: Fixed handling of certificate chain with cross-signed
   intermediate CA certificates (#1008).

 * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

 * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
   (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
   Key Identifier (AKI) properly (#989, #991).

 * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

 * libgnutls: Added several improvements on Windows Vista and later releases
   (!1257, !1254, !1256). Most notably the system random number generator now
   uses Windows BCrypt* API if available (!1255).

 * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
   Also both accelerated and non-accelerated implementations check key block
   according to FIPS-140-2 IG A.9 (!1233).

 * libgnutls: Added support for AES-SIV ciphers (#463).

 * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

 * libgnutls: No longer use internal symbols exported from Nettle (!1235)

 * API and ABI modifications:
     GNUTLS_CIPHER_AES_128_SIV: Added
     GNUTLS_CIPHER_AES_256_SIV: Added
     GNUTLS_CIPHER_AES_192_GCM: Added
     gnutls_pkcs7_print_signature_info: Added

Log message:
revbump after updating security/nettle

Log message:
security/gnutls: revbump, add support for building guile bindings