Accepting request 539293 from Base:System

OBS-URL: https://build.opensuse.org/request/show/539293 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=105
2017-11-10 13:40:23 +00:00 · 2017-11-10 13:40:23 +00:00 · 4d1ca43878
commit 4d1ca43878
parent ca879abd51
6 changed files with 29 additions and 4 deletions
--- a/gnutls-3.6.0.tar.xz
+++ b/gnutls-3.6.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ab9e3c0131fcd9142382f37ba9c6d20022b76cba83560cbcaa8e4002d71fb72
-size 8024972
--- a/gnutls-3.6.0.tar.xz.sig
+++ b/gnutls-3.6.0.tar.xz.sig
--- a/gnutls-3.6.1.tar.xz
+++ b/gnutls-3.6.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20b10d2c9994bc032824314714d0e84c0f19bdb3d715d8ed55beb7364a8ebaed
+size 8064408
--- a/gnutls-3.6.1.tar.xz.sig
+++ b/gnutls-3.6.1.tar.xz.sig
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Nov  1 15:13:55 UTC 2017 - astieger@suse.com
+
+- GnuTLS 3.6.1:
+  * Fix interoperability issue with openssl when safe renegotiation
+    was used
+  * gnutls_x509_crl_sign, gnutls_x509_crt_sign,
+    gnutls_x509_crq_sign, were modified to sign with a better
+    algorithm than SHA1. They will now sign with an algorithm that
+    corresponds to the security level of the signer's key.
+  * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
+    accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That
+    will signal the function to auto-detect an appropriate hash
+    algorithm to use.
+  * Remove support for signature algorithms using SHA2-224 in TLS.
+    TLS 1.3 no longer uses SHA2-224 and it was never a widespread
+    algorithm in TLS 1.2
+  * Refuse to use client certificates containing disallowed
+    algorithms for a session, reverting a change on 3.5.5
+  * Refuse to resume a session which had a different SNI advertised
+    That improves RFC6066 support in server side.
+  * p11tool: Mark all generated objects as sensitive by default.
+  * p11tool: added options --sign-params and --hash. This allows
+    testing signature with multiple algorithms, including RSA-PSS.
+
 -------------------------------------------------------------------
 Wed Sep 20 12:36:16 UTC 2017 - vcizek@suse.com

--- a/gnutls.spec
+++ b/gnutls.spec
@ -23,7 +23,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.6.0
+Version:        3.6.1
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ AND GPL-3.0+