./security/gnutls, Transport Layer Security library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.8.12, Package name: gnutls-3.8.12, Maintainer: pkgsrc-users

GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL
3.0 protocols. The library does not include any patented algorithms and is
available under the GNU Lesser GPL license.

Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods

Additionally GnuTLS provides an emulation API for the widely used OpenSSL
library, to ease integration with existing applications.


Required to run:
[archivers/lzo] [security/libtasn1] [devel/gmp] [devel/libcfg+] [security/mozilla-rootcerts] [security/nettle] [security/p11-kit] [textproc/libunistring]

Required to build:
[pkgtools/cwrappers]

Package options: pkcs11

Master sites: (Expand)

Filesize: 6786.723 KB

Version history: (Expand)

CVS history: (Expand)


   2026-03-19 18:29:38 by Jonathan Perkin | Files touched by this commit (2) 
Log message: gnutls: Fix build with clang 15.
   2026-02-09 20:37:03 by Adam Ciarcinski | Files touched by this commit (1) 
Log message: gnutls: remove unused patch
   2026-02-09 20:35:36 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message: gnutls: updated to 3.8.12 Version 3.8.12 (released 2026-02-09) ** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584] ** libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831] ** libgnutls: Fix multiple unexploitable overflows ** libgnutls: Fall back to thread-unsafe module initialization Improve fallback handling for PKCS#11 modules that don't support thread-safe initialization. Also return filename from p11_kit_module_get_name() for unconfigured modules. ** libgnutls: Accept NULL as digest argument for gnutls_hash_output The accelerated implementation of gnutls_hash_output() now properly accepts NULL as the digest argument, matching the behavior of the reference implementation. ** srptool: Avoid a stack buffer overflow when processing large SRP groups. Reported and fixed by Mikhail Dmitrichenko. ** API and ABI modifications: No changes since last version.
   2026-02-06 11:06:21 by Thomas Klausner | Files touched by this commit (1305) 
Log message: *: recursive bump for nettle 4.0 shlib major bump
   2026-01-11 20:12:01 by Thomas Klausner | Files touched by this commit (1) 
Log message: gnutls: disable GNUTLS_GAS_VERSION check for NetBSD This was added in 2020 for CentOS 6. This test never worked on NetBSD because the version number looks different there ($4 is always "Binutils"). Perhaps this should be limited to Linux instead. Avoids a fork during Makefile parsing.
   2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525) 
Log message: *: recursive bump for icu 78.1
   2025-11-21 17:44:57 by Emmanuel Dreyfus | Files touched by this commit (2) 
Log message: Two patches for Build fix. Approved by wiz@ cvs add forgotten in previous commit
   2025-11-21 17:44:13 by Emmanuel Dreyfus | Files touched by this commit (2) 
Log message: Two patches for Build fix. Approved by wiz@