Accepting request 405821 from Base:System

- Fix a problem with expired test certificate by using datefudge (boo#987139) * add 0001-tests-use-datefudge-in-name-constraints-test.patch (forwarded request 405618 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/405821 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=92
2016-07-09 07:21:14 +00:00 · 2016-07-09 07:21:14 +00:00 · 1683bf17ea
commit 1683bf17ea
parent 58772c3a5d
7 changed files with 75 additions and 4 deletions
--- a/0001-tests-use-datefudge-in-name-constraints-test.patch
+++ b/0001-tests-use-datefudge-in-name-constraints-test.patch
@ -0,0 +1,28 @@
 From cc22a052f40ba800acde7d81fe0ab91b56e66921 Mon Sep 17 00:00:00 2001
 From: Nikos Mavrogiannopoulos <nmav@redhat.com>
 Date: Wed, 29 Jun 2016 17:25:06 +0200
 Subject: [PATCH] tests: use datefudge in name-constraints test
 This avoids the expiration of the used certificate to affect the test.
 ---
 tests/cert-tests/name-constraints | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
 Index: gnutls-3.4.13/tests/cert-tests/name-constraints
 ===================================================================
 --- gnutls-3.4.13.orig/tests/cert-tests/name-constraints	2016-06-30 11:11:35.920632613 +0200
 +++ gnutls-3.4.13/tests/cert-tests/name-constraints	2016-06-30 11:13:06.633974903 +0200
@@ -28,7 +28,12 @@ if ! test -z "${VALGRIND}"; then
 fi
 TMPFILE=tmp.$$.pem
 -${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
 +. ${srcdir}/../scripts/common.sh
 +
 +check_for_datefudge
 +
 +datefudge -s "2016-04-22" \
 +	${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
 rc=$?
 if test "${rc}" != "0"; then
--- a/gnutls-3.4.11.tar.xz
+++ b/gnutls-3.4.11.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:70ef9c9f95822d363036c6e6b5479750e5b7fc34f50e750c3464a98ec65a9ab8
 size 6652224
--- a/gnutls-3.4.11.tar.xz.sig
+++ b/gnutls-3.4.11.tar.xz.sig
--- a/gnutls-3.4.13.tar.xz
+++ b/gnutls-3.4.13.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:fd3386e8e72725980bcd7f40949aa0121dcb7650b5147c6490e794555ed25859
 size 6670508
--- a/gnutls-3.4.13.tar.xz.sig
+++ b/gnutls-3.4.13.tar.xz.sig
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,42 @@
 -------------------------------------------------------------------
 Thu Jun 30 08:38:05 UTC 2016 - vcizek@suse.com
 - Fix a problem with expired test certificate by using datefudge
  (boo#987139)
  * add 0001-tests-use-datefudge-in-name-constraints-test.patch
 -------------------------------------------------------------------
 Tue Jun  7 05:52:13 UTC 2016 - meissner@suse.com
 - Version 3.4.13 (released 2016-06-06)
  * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with
    NSS instead of using a separate variable; in addition append any keys to
    the file instead of overwriting it.
  * libgnutls: use secure_getenv() where available to obtain environment
    variables. Addresses GNUTLS-SA-2016-1.
 - Version 3.4.12 (released 2016-05-20)
  * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
    cipher is prioritized after AES-GCM.
  * libgnutls: Fixes in gnutls_privkey_import_ecc_raw().
  * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
    GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
    operation could fail on certain PKCS#11 modules.
  * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url()
    can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
  * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS
    name of the certificates if the provided names are NULL.
  * libgnutls: when receiving SNI names, only save and expose to application
    the supported DNS names.
  * libgnutls: when importing the certificate names at the
    gnutls_certificate_set* functions, only consider the CN as a fallback
    if DNS names are provided via the alternative name extension.
  * gnutls-cli: on OCSP verification do not fail if we have a single valid
    reply. Report and reproducer by Thomas Klute.
  * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
    log session keys in client side. These session keys are compatible with
    the NSS Key Log Format and can be used to decrypt the session for
    debugging using wireshark.
 -------------------------------------------------------------------
 Sat Apr 23 16:58:53 UTC 2016 - sleep_walker@opensuse.org
--- a/gnutls.spec
+++ b/gnutls.spec
@ -30,7 +30,7 @@
 %bcond_without guile
 Name:           gnutls
-Version:        3.4.11
+Version:        3.4.13
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+
@ -41,15 +41,18 @@ Source0:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.x
 Source1:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig
 Source2:        %name.keyring
 Source3:        baselibs.conf
 Patch:          0001-tests-use-datefudge-in-name-constraints-test.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
 BuildRequires:  libnettle-devel >= 3.1
 BuildRequires:  libtasn1-devel >= 4.3
 BuildRequires:  libtool
 BuildRequires:  net-tools-deprecated
 %if %{with tpm}
 BuildRequires:  trousers-devel
 %endif
@ -188,6 +191,7 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme.
 %prep
 %setup -q
 %patch -p1
 %build
 export LDFLAGS="-pie"