security/gnutls: Update to 3.8.8

ReleaseNotes:	https://lists.gnutls.org/pipermail/gnutls-help/2024-November/004865.html
PR:		282723
Approved by:	tijl (maintainer)

security/gnutls: Update to 3.8.7.1

patch-configure derived from
https://gitlab.com/gnutls/gnutls/-/commit/74e505e986dd

security/gnutls: Update to 3.8.6

security/gnutls: Fix RSAES-PKCS1-v1_5

Add upstream patch to fix RSAES-PKCS1-v1_5 when configuration file is
missing.

Pet portlint/portclippy/portfmt.

PR:		279571

security/gnutls: Enable OpenSSL compatibility layer

PR:		279592

security/gnutls: initialise libpthread

To ensure thread-safety libgnutls calls libpthread functions but to
avoid the overhead for single-threaded programs it does not link with
libpthread.  It only calls libpthread if the executable or another
library links to it.

Since 3.8.0 libgnutls calls pthread_key_create from its init function
but because it does not link with libpthread libpthread might not have
been initialised yet.  Patch the libgnutls init function so it
initialises libpthread.

PR:		278076

security/gnutls: Update to 3.8.5

Add SRP option.  Upstream disabled it by default in 3.8.0
"because the SRP authentication in TLS is not up to date with
the latest TLS standards and its ciphersuites are based on
the CBC mode and SHA-1."

security/gnutls: Fix zlib support

PR:		278104

security/gnutls: Add KTLS option and a few improvements

* Switch to DISTFILES
* Do some light rearrangement of Makefile for better readability and
  consistency
* Remove --disable-guile from CONFIGURE_ARGS
* Add --without-included-libtasn1 to CONFIGURE_ARGS
* Add KTLS option
  https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html
  See also
https://gnutls.org/manual/html_node/Enabling_002fDisabling-system_002facceleration-protocols.html#Enabling-KTLS

PR:		278083
Reviewed by:	tijl

security/gnutls: Update to 3.8.4

ChangeLog:	https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
PR:		277984
Approved by:	tijl (maintainer)
Exp-run by:	antoine

security/gnutls: fix build with lld 17

Since lld17 the default is to have the LDFLAGS --no-undefined-version
activated by default, which means that versions scripts should not
contain undefined symbols

2 bugs in gnutls:
1/ the configure scripts tests an empty binary against a list of version
symbols, meaning it breaks in configure (hence the activation of
--enable-ld-version-scripts) which means currently provided gnutls
packages are build without version scripts which breaks existing
installations...
2/ the version script used to link the binary can contain undefined
symbols depending on the options used to build (hence the addition of
the LDFLAGS.

security/gnutls: Moved man to share/man

Approved by:    portmgr (blanket)

security/gnutls: Update to 3.7.10

security/gnutls: Update to 3.7.9

Security:	https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14

*/*: Bump PORTREVISION for consumers of libunistring

Reported by:	jbeich

security/gnutls: Update to 3.7.8

ChangeLog:	https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html
PR:		266746
Approved by:	tijl (maintainer)

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security/gnutls: Update to 3.7.7

ChangeLog:	https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
PR:		265726
Approved by:	tijl (maintainer)
MFH:		2022Q3
Security:	CVE-2022-2509

security/gnutls: update to 3.7.6

security/gnutls: update to 3.7.5

security/gnutls: update to 3.7.4

Switch from security/ca_root_nss to base system certificate store.
Disable obsolete TPM 1.2 support.

PR:		257995, 260723, 263107, 263131
Exp-run by:	antoine

security/gnutls: Remove -Wa,-march=all for clang on aarch64

PR:		260078

security/gnutls: update to 3.6.16

One more small cleanup, forgotten yesterday.
Reported by:	lwhsu

Remove # $FreeBSD$ from Makefiles.

Update to 3.6.15.

MFH:		2020Q3
Security:	https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04

Chase security/p11-kit update

After switch to meson libp11-kit.so no longer has symbols
in the LIBP11_KIT_1.0 namespace. As a workaround, bump
PORTREVISION of consumers to get those rebuilt.

See more details in the comments of the linked PR.

PR:		248819
Reported by:	John Hein

security/gnutls: Add MAN3 option

There are over 1,000 man3 pages. This adds a MAN3 option to
control their installation, similar to the openssl and libressl
ports.

PR:		248841
Approved by:	maintainer (tijl)

Update to 3.6.14.

MFH:		2020Q2
Security:	https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03

Bump PORTREVISION for security/nettle shlib change

Update to 3.6.13.

Security:	https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31

Update to 3.6.12.

Update to 3.6.11.1, white space fix, and https WWW.

Update to 3.6.10.

Also revert r508194 (-Wl,-z,notext on i386).  The problem has been fixed
upstream.

Fix build on i386.  Some asm code isn't position independent.

Reported by:	cy

Update to 3.6.9.

Bump PORTREVISION for ports depending on the canonical version of GCC
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.

PR:		238330

Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]

Update to 3.6.8.

- Prevent detection of autogen.  It causes some files to be regenerated
  and then they require a newer header than is provided with gnutls.
- Remove ZLIB option.  It's no longer available.

PR:		237419
Reported by:	Kevin Oberman <rkoberman@gmail.com>

Update to 3.6.7.

MFH:		2019Q2
Security:	https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

- Let gnutls look for its configuration files in PREFIX/etc instead of /etc.
- Use --with-default-trust-store-file to set the location of the root
  certificates so configure doesn't have to autodetect this and the
  build dependency can be removed.
- Define TEST_TARGET.
- Remove DOCSDIR.  The files are also in PREFIX/share/info.
- Use p11-kit-trust as the default PKCS#11 trust store.

PR:		235703
Reported by:	mi

Update dns/libidn2 to 2.1.1

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://gitlab.com/libidn/libidn2/blob/master/NEWS

Update to 3.6.6.

Update dns/libidn2 to 2.1.0

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://gitlab.com/libidn/libidn2/blob/master/NEWS

Update to 3.6.5.

PR:		234012
Exp-run by:	antoine

Install texinfo files (GNU info) into ${PREFIX}/share/info

After a discussion on the mailing list on moving manpages to
${PREFIX}/share/man for consistency with base where it is
installed in usr/share/man, it appeared the same should happen
to GNU info files which were installed under share in base and
not in ports.

Now texinfo is not in base on any of the supported version of FreeBSD
it is possible to proceed to this move and it is easier to do than
the manpage change.

Other benefit than consistency are less patching: all build tools but
cmake are expecting info files to be under share/info and cmake (patched here)
was having an exception for BSD so the patch makes FreeBSD case less
specific for them

Bump revision of all impacted ports

PR:		232907
exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D17816

Update to 3.5.19.

Update to 3.5.18.

Update to 3.5.17.

security/gnutls: revert r431494 per FreeBSD 11.0 EOL

PR:		216045
Approved by:	portmgr blanket

Update to 3.5.16.

Update to 3.5.15.

Update to 3.5.13.

MFH:		2017Q2
Security:	https://gnutls.org/security.html#GNUTLS-SA-2017-4

Update to 3.5.12.

Update to 3.5.11.

Update to 3.5.9.  Disable use of libidn2 for now because it does not provide
a pkgconfig file.

PR:		217073
Exp-run by:	antoine

Make atomic operations explicit to support old gcc.

PR:		216122

security/gnutls: unbreak aarch64 after r431214

lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S:5:1: error: unknown directive
.arch armv8-a+crypto
^
lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S:49:2: error: instruction
requires: crypto
 aese v6.16b,v0.16b
 ^

PR:		216045
Approved by:	tijl (maintainer)

Update to 3.5.8.

PR:		215909
Submitted by:	brnrd
Exp-run by:	antoine
MFH:		2017Q1
Security:	0c5369fc-d671-11e6-a9a5-b499baebfeaf

Update to 3.4.17 and pass the right dlopen path for libtspi to configure.

Update to 3.4.16.

Add math/gmp to LIB_DEPENDS

Q/A warned that bin/certtool was linked to lib/libgmps.so.10

Approved by:	swills (mentor) tijl (maintainer)
Differential Revision:	https://reviews.freebsd.org/D8153

Most commonly used build systems support silent builds, when they
hide actual commands executed and only show short summary line (like
"CC foo.c"). CMake and ninja enable this by default, some autotools
using ports do as well. This is unacceptable because we need complete
build logs at any time, so we now switch to verbose build logs
unconditionally. Note that this change deliberately affects ALL
builds and not only package builds on cluster, because we need to
be sure that user experiencing failure can always provide informative
build log regardless of settings and without rerunning the build.

Change summary:

- Always do verbose builds for cmake, ninja and GNU configure (the
  latter includes check if --disable-silent-rules is actually supported
  by the configure script; there are isolated cases when it's not true)

Update to 3.4.15.

MFH:		2016Q3
Security:	https://gnutls.org/security.html#GNUTLS-SA-2016-3

Update to 3.4.14.

Update to 3.4.13.

Update to 3.4.12.

libpkcs11mock1.so is commented out in pkg-plist because it is part of the
testsuite and shouldn't be installed.  This has been fixed upstream.

Update to 3.4.11.

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

- Update security/gnutls to 3.4.10.
- Rename the LIBDANE option DANE because that's the name of the protocol
  supported by libgnutls-dane and gnutls-cli.  Also clarify the option
  description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4.  Some ports used this library
  in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed.  Ports that used these have been
  updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.

net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.

www/hydra: Mark BROKEN.  This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.

PR:		207768
Exp-run by:	antoine
Approved by:	portmgr (antoine)

- Take maintainer.
- Fix a build problem with upcoming libc++.

PR:		207768, 208175
Approved by:	bdrewery (maintainer)

- bump PORTREVISION on ports depending on unbound

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)

- Update unbound to 1.5.7
- Bump PORTREVISIOn on dependent ports

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the

Bump versions to chase Nettle shared library update

Update MASTER_SITES to fix fetching problem due to abnormal version number

PR:		202332

- Update to 3.3.17.1

MFH:		2015Q3
Relnotes:	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8268
Security:	ec6a2a1e-429d-11e5-9daa-14dae9d210b8

- Update to 3.3.16

Changes: http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8235

Fix plist when LIBDANE is defined (PORTREVISION not bumped
because package wouldn't be successful in the case).

Pointy hat to:	delphij
Reported by:	sunpoet
MFH:		2015Q2

Update to 3.3.15.

PR:		198875
Approved by:	maintainer

GnuTLS tries to use /usr/local/share/certs/ca-root-nss.crt. Instead of
maybe using it if it is already installed or if the P11KIT option is selected
(which depends on ca_root_nss), just always depend on ca_root_nss.

Reported by:	Tatsuki Makino

Add CPE information.

PR:		153859
Submitted by:	shun <shun.fbsd.pr@dropcut.net>

Update gnutls to 3.2.21

PR:		196400
Approved by:	bdrewery (maintainer)

- Fix plist for LIBDANE option

Approved by:	portmgr blanket

Fix build on systems without stdnoreturn.h

Reported by:	many

- Update to 3.2.19

Update to 3.2.18

dns/libidn:
- Add USES=libtool and bump dependent ports
- Add INSTALL_TARGET=install-strip
- Always install libidn-components.png because it is used by libidn.info
- Add -lintl to Libs.private instead of Libs in libidn.pc

- Switch dns/unbound to USES=libtool, drop .la files
- Bump dependent ports as .so version has changed
- While here, add LICENSE_FILE to dns/getdns

Approved by:	portmgr blanket

security/gnutls: Support OPTIONal library dependencies

Factor out libidn, libp11-kit and libtspi into OPTIONal library
dependencies, with the CRYWRAP, P11KIT and TPM options respectively, as per
the upstream documentation [1].

Make ZLIB an OPTION because we can, and the choice to customise
compression support in security software (especially lately) may be
very useful for some consumers.

Add CRYWRAP, P11KIT, TPM and ZLIB to OPTIONS_DEFAULT to retain current
default functionality.

[1] http://gnutls.org/manual/html_node/Downloading-and-installing.html

Inspired by:	Recent gnutls 2 -> 3 change, fan of minimal dependencies

PR:		192090
Submitted by:	koobs
Approved by:	maintainer

- Update security/libtasn1 to 4.0
- Add USES= libtool and set INSTALL_TARGET to install-strip
- Drop useless bsd.port.options.mk include
- Bump PORTREVISION of ports that depend on libtasn1 as
  shlib version has changed
- Add an UPDATING entry for that

Exp-run by:	antoine

- Fix plist

Reported by:	many

Update to 3.2.16

- Replace security/gnutls with security/gnutls3 and update to 3.2.15
- Bump PORTREVISION on all ports that depend on security/gnutls and
  adjust all ports that depend on security/gnutls3
- Update mail/anubis to version 4.2 which supports gnutls 3.x
- Update mail/libvmime to a development snapshot (recommended by upstream
  developers)

PR:		191274
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.

Patch CVE-2014-3466 to prevent memory corruption due to server hello parsing.

Obtained from: 
https://gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
Security:       CVE-2014-3466, 9733c480-ebff-11e3-970b-206a8a720317

- New LIB_DEPENDS syntax.
- USES=libtool:keepla tar:bzip2.
- Remove -fPIC flag.  Leftover from an old version.

- Add fixes for:
  CVE-2014-0092 - Certificate verification issue
  CVE-2014-1959 - Certificate verification issue

  All users are recommended to upgrade ASAP.

Security:	f645aa90-a3e8-11e3-a422-3c970e169bc2

Add an additional mirror to MASTER_SITES.

PR:		185901
Submitted by:	Bruno Machado <bruno@bsd.com.br>