git: e5beccd09346 - main - security/gnutls: Update to 3.8.10

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Tijl Coosemans <tijl_at_FreeBSD.org>
Date: Mon, 14 Jul 2025 09:51:56 UTC
The branch main has been updated by tijl:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e5beccd093468ca0092a62c3809031997e1a2c3b

commit e5beccd093468ca0092a62c3809031997e1a2c3b
Author:     Tijl Coosemans <tijl@FreeBSD.org>
AuthorDate: 2025-07-14 09:23:56 +0000
Commit:     Tijl Coosemans <tijl@FreeBSD.org>
CommitDate: 2025-07-14 09:41:35 +0000

    security/gnutls: Update to 3.8.10
    
    - Fetch ktls_utils.h missing from distfile, needed by tests.
    - Support TLS 1.3 certificate compression with brotli and zstd.
---
 security/gnutls/Makefile                      | 18 ++++++++++++------
 security/gnutls/distinfo                      |  8 +++++---
 security/gnutls/files/patch-lib_system_ktls.c | 18 ++++++++++++++++++
 security/gnutls/pkg-plist                     |  2 +-
 4 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile
index 7f9712b57b9d..1a372e5bb819 100644
--- a/security/gnutls/Makefile
+++ b/security/gnutls/Makefile
@@ -1,7 +1,10 @@
 PORTNAME=	gnutls
-DISTVERSION=	3.8.9
+DISTVERSION=	3.8.10
 CATEGORIES=	security net
-MASTER_SITES=	GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/}
+MASTER_SITES=	GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} \
+		https://gitlab.com/gnutls/gnutls/-/raw/${DISTVERSION}/tests/:test
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ktls_utils.h:test
+EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	tijl@FreeBSD.org
 COMMENT=	GNU Transport Layer Security library
@@ -12,10 +15,12 @@ LICENSE_COMB=	multi
 LICENSE_FILE_GPLv3+ =	${WRKSRC}/COPYING
 LICENSE_FILE_LGPL21+ =	${WRKSRC}/COPYING.LESSERv2
 
-LIB_DEPENDS=	libgmp.so:math/gmp \
+LIB_DEPENDS=	libbrotlienc.so:archivers/brotli \
+		libgmp.so:math/gmp \
 		libnettle.so:security/nettle \
 		libtasn1.so:security/libtasn1 \
-		libunistring.so:devel/libunistring
+		libunistring.so:devel/libunistring \
+		libzstd.so:archivers/zstd
 
 USES=		compiler:c11 cpe gmake iconv libtool localbase makeinfo \
 		pkgconfig tar:xz
@@ -28,11 +33,11 @@ CONFIGURE_ARGS=	--disable-rpath \
 		--enable-openssl-compatibility \
 		--with-default-trust-store-dir=/etc/ssl/certs \
 		--with-system-priority-file=${PREFIX}/etc/gnutls/config \
-		--without-brotli \
+		--with-brotli \
 		--without-included-libtasn1 \
 		--without-tpm \
 		--without-tpm2 \
-		--without-zstd
+		--with-zstd
 
 MAKE_ENV=	MAKEINFOFLAGS=--no-split
 INSTALL_TARGET=	install-strip
@@ -73,6 +78,7 @@ P11KIT_CONFIGURE_WITH=	p11-kit
 SRP_CONFIGURE_ENABLE=	srp-authentication
 
 post-patch:
+	@${CP} -p ${DISTDIR}/ktls_utils.h ${WRKSRC}/tests/
 	@${RM} ${WRKSRC}/doc/*.info*
 	@${REINPLACE_CMD} 's,/usr/share,${PREFIX}/share,' \
 		${WRKSRC}/doc/manpages/*.[13]
diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo
index fe6e2e9317b8..a67d8f2ab573 100644
--- a/security/gnutls/distinfo
+++ b/security/gnutls/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1739176636
-SHA256 (gnutls-3.8.9.tar.xz) = 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed
-SIZE (gnutls-3.8.9.tar.xz) = 6847364
+TIMESTAMP = 1752249814
+SHA256 (gnutls-3.8.10.tar.xz) = db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7
+SIZE (gnutls-3.8.10.tar.xz) = 6909856
+SHA256 (ktls_utils.h) = e41d33289c63573c59d2d02b4110a2f63651add28001031e6dc20327d096b734
+SIZE (ktls_utils.h) = 1983
diff --git a/security/gnutls/files/patch-lib_system_ktls.c b/security/gnutls/files/patch-lib_system_ktls.c
new file mode 100644
index 000000000000..3c0dbc6a8734
--- /dev/null
+++ b/security/gnutls/files/patch-lib_system_ktls.c
@@ -0,0 +1,18 @@
+--- lib/system/ktls.c.orig	2025-04-11 11:51:08 UTC
++++ lib/system/ktls.c
+@@ -1076,6 +1076,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses
+ 		default:
+ 			return GNUTLS_E_PULL_ERROR;
+ 		}
++#ifdef EKEYEXPIRED
+ 	} else if (unlikely(ret == -EKEYEXPIRED)) {
+ 		/* This will be received until a keyupdate is performed on the
+ 		   scoket. */
+@@ -1083,6 +1084,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses
+ 				  "updated keys\n");
+ 		gnutls_assert();
+ 		return GNUTLS_E_AGAIN;
++#endif
+ 	}
+ 
+ 	/* connection closed */
diff --git a/security/gnutls/pkg-plist b/security/gnutls/pkg-plist
index 14edcf814711..45fd3c64ee3a 100644
--- a/security/gnutls/pkg-plist
+++ b/security/gnutls/pkg-plist
@@ -35,7 +35,7 @@ lib/libgnutls-openssl.so.27
 lib/libgnutls-openssl.so.27.0.2
 lib/libgnutls.so
 lib/libgnutls.so.30
-lib/libgnutls.so.30.40.3
+lib/libgnutls.so.30.40.4
 lib/libgnutlsxx.so
 lib/libgnutlsxx.so.30
 lib/libgnutlsxx.so.30.0.0