Accepting request 405821 from Base:System

- Fix a problem with expired test certificate by using datefudge (boo#987139) * add 0001-tests-use-datefudge-in-name-constraints-test.patch (forwarded request 405618 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/405821 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=92
2016-07-09 07:21:14 +00:00 · 2016-07-09 07:21:14 +00:00 · 1683bf17ea
commit 1683bf17ea
parent 58772c3a5d
7 changed files with 75 additions and 4 deletions
--- a/0001-tests-use-datefudge-in-name-constraints-test.patch
+++ b/0001-tests-use-datefudge-in-name-constraints-test.patch
@ -0,0 +1,28 @@
+From cc22a052f40ba800acde7d81fe0ab91b56e66921 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 29 Jun 2016 17:25:06 +0200
+Subject: [PATCH] tests: use datefudge in name-constraints test
+
+This avoids the expiration of the used certificate to affect the test.
+---
+ tests/cert-tests/name-constraints | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+Index: gnutls-3.4.13/tests/cert-tests/name-constraints
+===================================================================
+--- gnutls-3.4.13.orig/tests/cert-tests/name-constraints	2016-06-30 11:11:35.920632613 +0200
+++ gnutls-3.4.13/tests/cert-tests/name-constraints	2016-06-30 11:13:06.633974903 +0200
+@@ -28,7 +28,12 @@ if ! test -z "${VALGRIND}"; then
+ fi
+ TMPFILE=tmp.$$.pem
+ 
+-${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
+. ${srcdir}/../scripts/common.sh
+
+check_for_datefudge
+
+datefudge -s "2016-04-22" \
+	${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
+ rc=$?
+ 
+ if test "${rc}" != "0"; then
--- a/gnutls-3.4.11.tar.xz
+++ b/gnutls-3.4.11.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:70ef9c9f95822d363036c6e6b5479750e5b7fc34f50e750c3464a98ec65a9ab8
-size 6652224
--- a/gnutls-3.4.11.tar.xz.sig
+++ b/gnutls-3.4.11.tar.xz.sig
--- a/gnutls-3.4.13.tar.xz
+++ b/gnutls-3.4.13.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd3386e8e72725980bcd7f40949aa0121dcb7650b5147c6490e794555ed25859
+size 6670508
--- a/gnutls-3.4.13.tar.xz.sig
+++ b/gnutls-3.4.13.tar.xz.sig
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Thu Jun 30 08:38:05 UTC 2016 - vcizek@suse.com
+
+- Fix a problem with expired test certificate by using datefudge
+  (boo#987139)
+  * add 0001-tests-use-datefudge-in-name-constraints-test.patch
+
+-------------------------------------------------------------------
+Tue Jun  7 05:52:13 UTC 2016 - meissner@suse.com
+
+- Version 3.4.13 (released 2016-06-06)
+  * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with
+    NSS instead of using a separate variable; in addition append any keys to
+    the file instead of overwriting it.
+  * libgnutls: use secure_getenv() where available to obtain environment
+    variables. Addresses GNUTLS-SA-2016-1.
+- Version 3.4.12 (released 2016-05-20)
+  * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
+    cipher is prioritized after AES-GCM.
+  * libgnutls: Fixes in gnutls_privkey_import_ecc_raw().
+  * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
+    GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
+    operation could fail on certain PKCS#11 modules.
+  * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url()
+    can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
+  * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS
+    name of the certificates if the provided names are NULL.
+  * libgnutls: when receiving SNI names, only save and expose to application
+    the supported DNS names.
+  * libgnutls: when importing the certificate names at the
+    gnutls_certificate_set* functions, only consider the CN as a fallback
+    if DNS names are provided via the alternative name extension.
+  * gnutls-cli: on OCSP verification do not fail if we have a single valid
+    reply. Report and reproducer by Thomas Klute.
+  * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
+    log session keys in client side. These session keys are compatible with
+    the NSS Key Log Format and can be used to decrypt the session for
+    debugging using wireshark.
+
 -------------------------------------------------------------------
 Sat Apr 23 16:58:53 UTC 2016 - sleep_walker@opensuse.org

--- a/gnutls.spec
+++ b/gnutls.spec
@ -30,7 +30,7 @@
 %bcond_without guile

 Name:           gnutls
-Version:        3.4.11
+Version:        3.4.13
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+
@ -41,15 +41,18 @@ Source0:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.x
 Source1:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig
 Source2:        %name.keyring
 Source3:        baselibs.conf
+Patch:          0001-tests-use-datefudge-in-name-constraints-test.patch

 BuildRequires:  autogen
 BuildRequires:  automake
+BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
 BuildRequires:  libnettle-devel >= 3.1
 BuildRequires:  libtasn1-devel >= 4.3
 BuildRequires:  libtool
+BuildRequires:  net-tools-deprecated
 %if %{with tpm}
 BuildRequires:  trousers-devel
 %endif
@ -188,6 +191,7 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme.

 %prep
 %setup -q
+%patch -p1

 %build
 export LDFLAGS="-pie"