git: a67a3f98ec28 - main - security/gnutls: update to 3.7.4
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 13 Apr 2022 12:12:54 UTC
The branch main has been updated by tijl:
URL: https://cgit.FreeBSD.org/ports/commit/?id=a67a3f98ec28b607845ab6a33b2d2c5504f5b137
commit a67a3f98ec28b607845ab6a33b2d2c5504f5b137
Author: Tijl Coosemans <tijl@FreeBSD.org>
AuthorDate: 2022-03-24 22:49:24 +0000
Commit: Tijl Coosemans <tijl@FreeBSD.org>
CommitDate: 2022-04-13 12:11:59 +0000
security/gnutls: update to 3.7.4
Switch from security/ca_root_nss to base system certificate store.
Disable obsolete TPM 1.2 support.
PR: 257995, 260723, 263107, 263131
Exp-run by: antoine
---
security/gnutls/Makefile | 30 +++++++---------
security/gnutls/distinfo | 6 ++--
.../gnutls/files/patch-tests_cert-tests_pkcs12.sh | 14 ++++++++
security/gnutls/pkg-plist | 40 +++++++++++++++++++---
4 files changed, 66 insertions(+), 24 deletions(-)
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile
index 945dddbe7aa9..138369d38955 100644
--- a/security/gnutls/Makefile
+++ b/security/gnutls/Makefile
@@ -1,5 +1,5 @@
PORTNAME= gnutls
-PORTVERSION= 3.6.16
+PORTVERSION= 3.7.4
CATEGORIES= security net
MASTER_SITES= GNUPG/gnutls/v${PORTVERSION:R}
@@ -15,7 +15,6 @@ LIB_DEPENDS= libgmp.so:math/gmp \
libnettle.so:security/nettle \
libtasn1.so:security/libtasn1 \
libunistring.so:devel/libunistring
-RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
USES= compiler:c11 cpe gmake iconv libtool localbase makeinfo \
pkgconfig tar:xz
@@ -24,18 +23,18 @@ USE_LDCONFIG= yes
CPE_VENDOR= gnu
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --disable-guile \
- --enable-local-libopts \
- --with-system-priority-file=${PREFIX}/etc/gnutls/default-priorities \
- --with-default-trust-store-file=${LOCALBASE}/share/certs/ca-root-nss.crt \
- --with-trousers-lib=${LOCALBASE}/lib/libtspi.so.1 \
- AUTOGEN=false \
- ac_cv_type_max_align_t=yes
+ --with-system-priority-file=${PREFIX}/etc/gnutls/config \
+ --with-default-trust-store-dir=/etc/ssl/certs \
+ --without-libbrotli \
+ --without-libzstd \
+ --without-tpm \
+ --without-tpm2
MAKE_ENV= MAKEINFOFLAGS=--no-split
INSTALL_TARGET= install-strip
TEST_TARGET= check
-OPTIONS_DEFINE= DANE EXAMPLES IDN MAN3 NLS P11KIT TPM
-OPTIONS_DEFAULT= IDN MAN3 P11KIT TPM
+OPTIONS_DEFINE= DANE EXAMPLES IDN MAN3 NLS P11KIT
+OPTIONS_DEFAULT= IDN MAN3 P11KIT
OPTIONS_SUB= yes
DANE_DESC= Certificate verification via DNSSEC
@@ -56,10 +55,6 @@ P11KIT_CONFIGURE_WITH= p11-kit
P11KIT_CONFIGURE_ON= --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit"
P11KIT_LIB_DEPENDS= libp11-kit.so:security/p11-kit
-TPM_DESC= Trusted Platform Module support
-TPM_CONFIGURE_WITH= tpm
-TPM_LIB_DEPENDS= libtspi.so:security/trousers
-
INFO= gnutls gnutls-guile
post-patch:
@@ -67,7 +62,7 @@ post-patch:
@${REINPLACE_CMD} 's,/usr/share,${PREFIX}/share,' \
${WRKSRC}/doc/manpages/*.[13]
@${REINPLACE_CMD} -E 's,/etc/(gnutls|tpasswd),${PREFIX}&,g' \
- ${WRKSRC}/doc/cha-gtls-app.texi \
+ ${WRKSRC}/doc/cha-config.texi \
${WRKSRC}/doc/gnutls-api.texi \
${WRKSRC}/doc/invoke-certtool.texi \
${WRKSRC}/doc/invoke-gnutls-cli.texi \
@@ -80,16 +75,17 @@ post-patch:
${WRKSRC}/doc/manpages/gnutls-serv.1 \
${WRKSRC}/doc/manpages/p11tool.1 \
${WRKSRC}/doc/manpages/srptool.1 \
+ ${WRKSRC}/doc/srptool-examples.texi \
${WRKSRC}/lib/includes/gnutls/pkcs11.h \
${WRKSRC}/lib/pkcs11.c \
- ${WRKSRC}/src/p11tool-args.c.bak \
+ ${WRKSRC}/src/p11tool-options.c \
${WRKSRC}/src/srptool.c
@${REINPLACE_CMD} \
's,/etc/pkcs11/modules,${PREFIX}/share/p11-kit/modules,' \
${WRKSRC}/doc/cha-tokens.texi \
${WRKSRC}/doc/invoke-p11tool.texi \
${WRKSRC}/doc/manpages/p11tool.1 \
- ${WRKSRC}/src/p11tool-args.c.bak
+ ${WRKSRC}/src/p11tool-options.c
# Bug 260078
@${REINPLACE_CMD} 's/-Wa,-march=all//' \
${WRKSRC}/lib/accelerated/aarch64/Makefile.in
diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo
index 3504e45762e0..c6f4bbe06771 100644
--- a/security/gnutls/distinfo
+++ b/security/gnutls/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1626020292
-SHA256 (gnutls-3.6.16.tar.xz) = 1b79b381ac283d8b054368b335c408fedcb9b7144e0c07f531e3537d4328f3b3
-SIZE (gnutls-3.6.16.tar.xz) = 5639992
+TIMESTAMP = 1648156149
+SHA256 (gnutls-3.7.4.tar.xz) = e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f
+SIZE (gnutls-3.7.4.tar.xz) = 6131772
diff --git a/security/gnutls/files/patch-tests_cert-tests_pkcs12.sh b/security/gnutls/files/patch-tests_cert-tests_pkcs12.sh
new file mode 100644
index 000000000000..cf81143badde
--- /dev/null
+++ b/security/gnutls/files/patch-tests_cert-tests_pkcs12.sh
@@ -0,0 +1,14 @@
+--- tests/cert-tests/pkcs12.sh.orig 2022-03-02 11:38:09 UTC
++++ tests/cert-tests/pkcs12.sh
+@@ -150,9 +150,9 @@ EOF
+
+ EOF
+
+-sed -n '/^\(MAC\|BAG\)/,/^$/p' ${TMPFILE_PEM} | \
++sed -n -r '/^(MAC|BAG)/,/^$/p' ${TMPFILE_PEM} | \
+ sed -e '/^[ ]*Salt:/d' \
+- -e '/^BAG #[0-9]*/,$ { /^[ ]*Salt size:/d }' > ${INFO_OUT}
++ -e '/^BAG #[0-9]*/,$ { /^[ ]*Salt size:/d; }' > ${INFO_OUT}
+
+ diff ${INFO_EXP} ${INFO_OUT}
+
diff --git a/security/gnutls/pkg-plist b/security/gnutls/pkg-plist
index b64b615c428f..849a45645cbd 100644
--- a/security/gnutls/pkg-plist
+++ b/security/gnutls/pkg-plist
@@ -7,7 +7,6 @@ bin/ocsptool
%%P11KIT%%bin/p11tool
bin/psktool
bin/srptool
-%%TPM%%bin/tpmtool
include/gnutls/abstract.h
include/gnutls/compat.h
include/gnutls/crypto.h
@@ -32,10 +31,10 @@ include/gnutls/x509.h
%%DANE%%lib/libgnutls-dane.so.0.4.1
lib/libgnutls.so
lib/libgnutls.so.30
-lib/libgnutls.so.30.28.2
+lib/libgnutls.so.30.32.0
lib/libgnutlsxx.so
-lib/libgnutlsxx.so.28
-lib/libgnutlsxx.so.28.1.0
+lib/libgnutlsxx.so.30
+lib/libgnutlsxx.so.30.0.0
libdata/pkgconfig/gnutls.pc
%%DANE%%libdata/pkgconfig/gnutls-dane.pc
man/man1/certtool.1.gz
@@ -78,6 +77,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_alert_get_strname.3.gz
%%MAN3%%man/man3/gnutls_alert_send.3.gz
%%MAN3%%man/man3/gnutls_alert_send_appropriate.3.gz
+%%MAN3%%man/man3/gnutls_alert_set_read_function.3.gz
%%MAN3%%man/man3/gnutls_alpn_get_selected_protocol.3.gz
%%MAN3%%man/man3/gnutls_alpn_set_protocols.3.gz
%%MAN3%%man/man3/gnutls_anon_allocate_client_credentials.3.gz
@@ -188,10 +188,13 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_cipher_suite_get_name.3.gz
%%MAN3%%man/man3/gnutls_cipher_suite_info.3.gz
%%MAN3%%man/man3/gnutls_cipher_tag.3.gz
+%%MAN3%%man/man3/gnutls_ciphersuite_get.3.gz
%%MAN3%%man/man3/gnutls_compression_get.3.gz
%%MAN3%%man/man3/gnutls_compression_get_id.3.gz
%%MAN3%%man/man3/gnutls_compression_get_name.3.gz
%%MAN3%%man/man3/gnutls_compression_list.3.gz
+%%MAN3%%man/man3/gnutls_compress_certificate_get_selected_method.3.gz
+%%MAN3%%man/man3/gnutls_compress_certificate_set_methods.3.gz
%%MAN3%%man/man3/gnutls_credentials_clear.3.gz
%%MAN3%%man/man3/gnutls_credentials_get.3.gz
%%MAN3%%man/man3/gnutls_credentials_set.3.gz
@@ -236,6 +239,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_digest_get_name.3.gz
%%MAN3%%man/man3/gnutls_digest_get_oid.3.gz
%%MAN3%%man/man3/gnutls_digest_list.3.gz
+%%MAN3%%man/man3/gnutls_digest_set_secure.3.gz
%%MAN3%%man/man3/gnutls_dtls_cookie_send.3.gz
%%MAN3%%man/man3/gnutls_dtls_cookie_verify.3.gz
%%MAN3%%man/man3/gnutls_dtls_get_data_mtu.3.gz
@@ -245,6 +249,8 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_dtls_set_data_mtu.3.gz
%%MAN3%%man/man3/gnutls_dtls_set_mtu.3.gz
%%MAN3%%man/man3/gnutls_dtls_set_timeouts.3.gz
+%%MAN3%%man/man3/gnutls_early_cipher_get.3.gz
+%%MAN3%%man/man3/gnutls_early_prf_hash_get.3.gz
%%MAN3%%man/man3/gnutls_ecc_curve_get.3.gz
%%MAN3%%man/man3/gnutls_ecc_curve_get_id.3.gz
%%MAN3%%man/man3/gnutls_ecc_curve_get_name.3.gz
@@ -252,6 +258,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_ecc_curve_get_pk.3.gz
%%MAN3%%man/man3/gnutls_ecc_curve_get_size.3.gz
%%MAN3%%man/man3/gnutls_ecc_curve_list.3.gz
+%%MAN3%%man/man3/gnutls_ecc_curve_set_enabled.3.gz
%%MAN3%%man/man3/gnutls_encode_ber_digest_info.3.gz
%%MAN3%%man/man3/gnutls_encode_gost_rs_value.3.gz
%%MAN3%%man/man3/gnutls_encode_rs_value.3.gz
@@ -266,8 +273,14 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_ext_register.3.gz
%%MAN3%%man/man3/gnutls_ext_set_data.3.gz
%%MAN3%%man/man3/gnutls_fingerprint.3.gz
+%%MAN3%%man/man3/gnutls_fips140_context_deinit.3.gz
+%%MAN3%%man/man3/gnutls_fips140_context_init.3.gz
+%%MAN3%%man/man3/gnutls_fips140_get_operation_state.3.gz
%%MAN3%%man/man3/gnutls_fips140_mode_enabled.3.gz
+%%MAN3%%man/man3/gnutls_fips140_pop_context.3.gz
+%%MAN3%%man/man3/gnutls_fips140_push_context.3.gz
%%MAN3%%man/man3/gnutls_fips140_set_mode.3.gz
+%%MAN3%%man/man3/gnutls_get_library_config.3.gz
%%MAN3%%man/man3/gnutls_get_system_config_file.3.gz
%%MAN3%%man/man3/gnutls_global_deinit.3.gz
%%MAN3%%man/man3/gnutls_global_init.3.gz
@@ -292,7 +305,10 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_handshake_set_post_client_hello_function.3.gz
%%MAN3%%man/man3/gnutls_handshake_set_private_extensions.3.gz
%%MAN3%%man/man3/gnutls_handshake_set_random.3.gz
+%%MAN3%%man/man3/gnutls_handshake_set_read_function.3.gz
+%%MAN3%%man/man3/gnutls_handshake_set_secret_function.3.gz
%%MAN3%%man/man3/gnutls_handshake_set_timeout.3.gz
+%%MAN3%%man/man3/gnutls_handshake_write.3.gz
%%MAN3%%man/man3/gnutls_hash.3.gz
%%MAN3%%man/man3/gnutls_hash_copy.3.gz
%%MAN3%%man/man3/gnutls_hash_deinit.3.gz
@@ -609,6 +625,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_protocol_get_name.3.gz
%%MAN3%%man/man3/gnutls_protocol_get_version.3.gz
%%MAN3%%man/man3/gnutls_protocol_list.3.gz
+%%MAN3%%man/man3/gnutls_protocol_set_enabled.3.gz
%%MAN3%%man/man3/gnutls_psk_allocate_client_credentials.3.gz
%%MAN3%%man/man3/gnutls_psk_allocate_server_credentials.3.gz
%%MAN3%%man/man3/gnutls_psk_client_get_hint.3.gz
@@ -692,6 +709,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_record_send.3.gz
%%MAN3%%man/man3/gnutls_record_send2.3.gz
%%MAN3%%man/man3/gnutls_record_send_early_data.3.gz
+%%MAN3%%man/man3/gnutls_record_send_file.3.gz
%%MAN3%%man/man3/gnutls_record_send_range.3.gz
%%MAN3%%man/man3/gnutls_record_set_max_early_data_size.3.gz
%%MAN3%%man/man3/gnutls_record_set_max_recv_size.3.gz
@@ -737,6 +755,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_session_set_verify_cert.3.gz
%%MAN3%%man/man3/gnutls_session_set_verify_cert2.3.gz
%%MAN3%%man/man3/gnutls_session_set_verify_function.3.gz
+%%MAN3%%man/man3/gnutls_session_set_verify_output_function.3.gz
%%MAN3%%man/man3/gnutls_session_supplemental_register.3.gz
%%MAN3%%man/man3/gnutls_session_ticket_enable_client.3.gz
%%MAN3%%man/man3/gnutls_session_ticket_enable_server.3.gz
@@ -755,6 +774,8 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_sign_is_secure.3.gz
%%MAN3%%man/man3/gnutls_sign_is_secure2.3.gz
%%MAN3%%man/man3/gnutls_sign_list.3.gz
+%%MAN3%%man/man3/gnutls_sign_set_secure.3.gz
+%%MAN3%%man/man3/gnutls_sign_set_secure_for_certs.3.gz
%%MAN3%%man/man3/gnutls_sign_supports_pk_algorithm.3.gz
%%MAN3%%man/man3/gnutls_srp_allocate_client_credentials.3.gz
%%MAN3%%man/man3/gnutls_srp_allocate_server_credentials.3.gz
@@ -811,6 +832,7 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_transport_get_int2.3.gz
%%MAN3%%man/man3/gnutls_transport_get_ptr.3.gz
%%MAN3%%man/man3/gnutls_transport_get_ptr2.3.gz
+%%MAN3%%man/man3/gnutls_transport_is_ktls_enabled.3.gz
%%MAN3%%man/man3/gnutls_transport_set_errno.3.gz
%%MAN3%%man/man3/gnutls_transport_set_errno_function.3.gz
%%MAN3%%man/man3/gnutls_transport_set_fastopen.3.gz
@@ -1067,6 +1089,8 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_x509_crt_sign2.3.gz
%%MAN3%%man/man3/gnutls_x509_crt_verify.3.gz
%%MAN3%%man/man3/gnutls_x509_crt_verify_data2.3.gz
+%%MAN3%%man/man3/gnutls_x509_ct_sct_get.3.gz
+%%MAN3%%man/man3/gnutls_x509_ct_sct_get_version.3.gz
%%MAN3%%man/man3/gnutls_x509_dn_deinit.3.gz
%%MAN3%%man/man3/gnutls_x509_dn_export.3.gz
%%MAN3%%man/man3/gnutls_x509_dn_export2.3.gz
@@ -1078,6 +1102,10 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_x509_dn_oid_known.3.gz
%%MAN3%%man/man3/gnutls_x509_dn_oid_name.3.gz
%%MAN3%%man/man3/gnutls_x509_dn_set_str.3.gz
+%%MAN3%%man/man3/gnutls_x509_ext_ct_export_scts.3.gz
+%%MAN3%%man/man3/gnutls_x509_ext_ct_import_scts.3.gz
+%%MAN3%%man/man3/gnutls_x509_ext_ct_scts_deinit.3.gz
+%%MAN3%%man/man3/gnutls_x509_ext_ct_scts_init.3.gz
%%MAN3%%man/man3/gnutls_x509_ext_deinit.3.gz
%%MAN3%%man/man3/gnutls_x509_ext_export_aia.3.gz
%%MAN3%%man/man3/gnutls_x509_ext_export_authority_key_id.3.gz
@@ -1187,12 +1215,15 @@ man/man1/tpmtool.1.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_get_issuer.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_get_issuer_by_dn.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_get_issuer_by_subject_key_id.3.gz
+%%MAN3%%man/man3/gnutls_x509_trust_list_get_ptr.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_init.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_iter_deinit.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_iter_get_ca.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_remove_cas.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_remove_trust_file.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_remove_trust_mem.3.gz
+%%MAN3%%man/man3/gnutls_x509_trust_list_set_getissuer_function.3.gz
+%%MAN3%%man/man3/gnutls_x509_trust_list_set_ptr.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_verify_crt.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_verify_crt2.3.gz
%%MAN3%%man/man3/gnutls_x509_trust_list_verify_named_crt.3.gz
@@ -1225,6 +1256,7 @@ man/man1/tpmtool.1.gz
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/udp.c
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/verify.c
share/info/gnutls-client-server-use-case.png
+share/info/gnutls-crypto-layers.png
share/info/gnutls-handshake-sequence.png
share/info/gnutls-handshake-state.png
share/info/gnutls-internals.png