From 60b4dea541000d5b317e1acf2fd7be60c8b6dd9e343d36b58810c467ba60e6f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Mon, 15 Oct 2018 08:27:49 +0000 Subject: [PATCH 1/3] - Version update to 3.6.4: ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with gnutls_certificate_set_retrieve_function() which could not handle the case where no certificates were returned, or the callbacks were set to NULL (see #528). ** libgnutls: gnutls_handshake() on server returns early on handshake when no certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START is specified. ** libgnutls: Added session ticket key rotation on server side with TOTP. The key set with gnutls_session_ticket_enable_server() is used as a master key to generate time-based keys for tickets. The rotation relates to the gnutls_db_set_cache_expiration() period. ** libgnutls: The 'record size limit' extension is added and preferred to the 'max record size' extension when possible. ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. This addresses the problem where the CA certificate doesn't have a subject key identifier whereas the end certificates have an authority key identifier (#569) ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import and export GOST parameters in the "native" little endian format used for these curves. This is an intentional incompatible change with 3.6.3. ** libgnutls: Added support for seperately negotiating client and server certificate types as defined in RFC7250. This mechanism must be explicitly enabled via the GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=10 --- gnutls-3.6.3.tar.xz | 3 --- gnutls-3.6.3.tar.xz.sig | Bin 310 -> 0 bytes gnutls-3.6.4.tar.xz | 3 +++ gnutls-3.6.4.tar.xz.sig | Bin 0 -> 310 bytes gnutls.changes | 28 ++++++++++++++++++++++++++++ gnutls.spec | 8 ++++---- 6 files changed, 35 insertions(+), 7 deletions(-) delete mode 100644 gnutls-3.6.3.tar.xz delete mode 100644 gnutls-3.6.3.tar.xz.sig create mode 100644 gnutls-3.6.4.tar.xz create mode 100644 gnutls-3.6.4.tar.xz.sig diff --git a/gnutls-3.6.3.tar.xz b/gnutls-3.6.3.tar.xz deleted file mode 100644 index 1a9c38b..0000000 --- a/gnutls-3.6.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed642b66a4ecf4851ab2d809cd1475c297b6201d8e8bd14b4d1c08b53ffca993 -size 8010284 diff --git a/gnutls-3.6.3.tar.xz.sig b/gnutls-3.6.3.tar.xz.sig deleted file mode 100644 index 40737635f8ea03187e2c3da469f25dfc8a931e40795063e6dd216123ed365a98..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j*#`?XxB^Qfx~P&aef97u=pXPRXN0$WTzrT_{F5ZD|@ zhw*2cWx{O-|9DYQbf@FmLFKV++K+oBGCPrIXF>A-!)Ei6erqy({I?}u;f2yZJoeED z1&`*<2cj}9@AD~;&C&Y*9ELJ1{%CQ_xSNaiv-7OXE5t-9fr?Nltl1NO>?ta$(B3l#_miihz;dHCzDJWBj z2?;=GPk3U3%aU|=^-1+ODrDjNHQ;3?7k`Tfk~^#WD@QFyC)twOinlMtcLN*Svrt=O z%-Xh8b{fKyl7stId+WuNSn%J}3B09Z9-3b!1J$Glb+D`>eIlbK^)ODveM|ADvlRPe Ij*+beP$5>7NB{r; diff --git a/gnutls-3.6.4.tar.xz b/gnutls-3.6.4.tar.xz new file mode 100644 index 0000000..5759e19 --- /dev/null +++ b/gnutls-3.6.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c663a792fbc84349c27c36059181f2ca86c9442e75ee8b0ad72f5f9b35deab3a +size 8076364 diff --git a/gnutls-3.6.4.tar.xz.sig b/gnutls-3.6.4.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..2b06d97bbc1218fe281ee7bd5254385d34d2792c8adfbbd4545250c22a2e0be0 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j*#`?XxB^Qfx~P&aef97u=pXPRXN0$ZsC%>W7s5ZD|@ zhw*2cWvGJ({111@?(8K06>$e>&5klzF?ykNVKD%ZO0b;hTp?b;TwE<-S7AN^RK*9D z_o#4SEIOY`TLRCKMPCk0u@<06D7-mg^c)*^(Q$~~!KCTTwNajSDf<_RUv8`?Y4N(5 z(6s(gjPMsV;|wQt=NDfhj?QATs_bwo#MPrrZC*^2gpVU) z3#@Ep|J}+C8M_RlV@#|%2LM0c9M5+eZ2YKC>7dFDrHKWFUyrQ`8vDg28U%u?I=#>p zws$j1+!>dhiU=$Qo6tO5gQF7ck6SaBkHt;bCm@}1Fd|nfY1o$h}JdYI$q3i I_5}}yX6KrWGynhq literal 0 HcmV?d00001 diff --git a/gnutls.changes b/gnutls.changes index 4124eef..39b9a87 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal + +- Version update to 3.6.4: + ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with + gnutls_certificate_set_retrieve_function() which could not handle the case where + no certificates were returned, or the callbacks were set to NULL (see #528). + ** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + ** libgnutls: Added session ticket key rotation on server side with TOTP. + The key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + ** libgnutls: The 'record size limit' extension is added and preferred to the + 'max record size' extension when possible. + ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), + gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import + and export GOST parameters in the "native" little endian format used for these + curves. This is an intentional incompatible change with 3.6.3. + ** libgnutls: Added support for seperately negotiating client and server certificate types + as defined in RFC7250. This mechanism must be explicitly enabled via the + GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). + ------------------------------------------------------------------- Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de diff --git a/gnutls.spec b/gnutls.spec index 5243e8c..4cdebf6 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,8 +20,8 @@ %define gnutlsxx_sover 28 %define gnutls_dane_sover 0 -# unbound isn't in SLE (bsc#1086428) -%if 0%{?is_opensuse} +# unbound isn't in SLE12 (bsc#1086428) +%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500 %bcond_without dane %else %bcond_with dane @@ -29,7 +29,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.3 +Version: 3.6.4 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later From 36cac07d0ee888e0c128dea2cfac489f0112eb05616c91ca836d8e93ee61223f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Mon, 15 Oct 2018 08:47:20 +0000 Subject: [PATCH 2/3] - Version update to 3.6.4 bsc#1111757: - Drop upstreamed patch: * gnutls-3.6.3-backport-upstream-fixes.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=11 --- gnutls-3.6.3-backport-upstream-fixes.patch | 55 ---------------------- gnutls.changes | 4 +- gnutls.spec | 2 - 3 files changed, 3 insertions(+), 58 deletions(-) delete mode 100644 gnutls-3.6.3-backport-upstream-fixes.patch diff --git a/gnutls-3.6.3-backport-upstream-fixes.patch b/gnutls-3.6.3-backport-upstream-fixes.patch deleted file mode 100644 index c75d88e..0000000 --- a/gnutls-3.6.3-backport-upstream-fixes.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/lib/cert-cred.c b/lib/cert-cred.c -index d3777e51f..2150e903f 100644 ---- a/lib/cert-cred.c -+++ b/lib/cert-cred.c -@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session, - if (ret < 0) - return gnutls_assert_val(ret); - -+ if (st2.ncerts == 0) { -+ *pcert_length = 0; -+ *ocsp_length = 0; -+ *privkey = NULL; -+ return 0; -+ } -+ - if (st2.cert_type != GNUTLS_CRT_X509) { - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; -@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function - gnutls_certificate_retrieve_function * func) - { - cred->legacy_cert_cb1 = func; -- cred->get_cert_callback3 = call_legacy_cert_cb1; -+ if (!func) -+ cred->get_cert_callback3 = NULL; -+ else -+ cred->get_cert_callback3 = call_legacy_cert_cb1; - } - - static int call_legacy_cert_cb2(gnutls_session_t session, -@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2 - gnutls_certificate_retrieve_function2 * func) - { - cred->legacy_cert_cb2 = func; -- cred->get_cert_callback3 = call_legacy_cert_cb2; -+ if (!func) -+ cred->get_cert_callback3 = NULL; -+ else -+ cred->get_cert_callback3 = call_legacy_cert_cb2; - } - - /** -diff --git a/lib/hello_ext.c b/lib/hello_ext.c -index a3027130a..f72afe77f 100644 ---- a/lib/hello_ext.c -+++ b/lib/hello_ext.c -@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d - - if (tls_id == PRE_SHARED_KEY_TLS_ID) { - ctx->seen_pre_shared_key = 1; -- } else if (ctx->seen_pre_shared_key) { -+ } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) { - /* the pre-shared key extension must always be the last one, - * draft-ietf-tls-tls13-28: 4.2.11 */ - return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); diff --git a/gnutls.changes b/gnutls.changes index 39b9a87..3175f73 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal -- Version update to 3.6.4: +- Version update to 3.6.4 bsc#1111757: ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with gnutls_certificate_set_retrieve_function() which could not handle the case where @@ -25,6 +25,8 @@ Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal ** libgnutls: Added support for seperately negotiating client and server certificate types as defined in RFC7250. This mechanism must be explicitly enabled via the GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). +- Drop upstreamed patch: + * gnutls-3.6.3-backport-upstream-fixes.patch ------------------------------------------------------------------- Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de diff --git a/gnutls.spec b/gnutls.spec index 4cdebf6..4a7241c 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -41,7 +41,6 @@ Source2: %{name}.keyring Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch -Patch3: gnutls-3.6.3-backport-upstream-fixes.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -164,7 +163,6 @@ GnuTLS Wrappers for GNU Guile, a dialect of Scheme. %ifarch ppc64 ppc64le ppc %patch2 -p1 %endif -%patch3 -p1 %build export LDFLAGS="-pie" From f8b3d1676ae2a3e3be7a6d8e1b65494ea60a0ea0369e463ed0ba7d32001d6a58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Mon, 15 Oct 2018 17:34:04 +0000 Subject: [PATCH 3/3] Accepting request 642092 from home:vitezslav_cizek:branches:security:tls - Temporarily disable failing psk-file test (race condition) * add disable-psk-file-test.patch - Version update to 3.6.4 (bsc#1111757): OBS-URL: https://build.opensuse.org/request/show/642092 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=12 --- disable-psk-file-test.patch | 107 ++++++++++++++++++++++++++++++++++++ gnutls.changes | 8 ++- gnutls.spec | 2 + 3 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 disable-psk-file-test.patch diff --git a/disable-psk-file-test.patch b/disable-psk-file-test.patch new file mode 100644 index 0000000..b7be69d --- /dev/null +++ b/disable-psk-file-test.patch @@ -0,0 +1,107 @@ +diff --git a/tests/Makefile.in b/tests/Makefile.in +index 07433e0..4ecd431 100644 +--- a/tests/Makefile.in ++++ b/tests/Makefile.in +@@ -457,7 +457,7 @@ am__EXEEXT_10 = tls13/supported_versions$(EXEEXT) \ + pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \ + x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \ + x509sign-verify-gost$(EXEEXT) mini-alignment$(EXEEXT) \ +- oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \ ++ oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) \ + priority-init2$(EXEEXT) status-request$(EXEEXT) \ + status-request-ok$(EXEEXT) status-request-missing$(EXEEXT) \ + sign-verify-ext$(EXEEXT) fallback-scsv$(EXEEXT) \ +@@ -1590,8 +1590,6 @@ privkey_verify_broken_OBJECTS = privkey-verify-broken.$(OBJEXT) + privkey_verify_broken_LDADD = $(LDADD) + privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +-psk_file_SOURCES = psk-file.c +-psk_file_OBJECTS = psk-file.$(OBJEXT) + psk_file_LDADD = $(LDADD) + psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +@@ -2723,7 +2721,7 @@ am__depfiles_remade = ./$(DEPDIR)/alerts.Po \ + ./$(DEPDIR)/priority-init2.Po ./$(DEPDIR)/priority-mix.Po \ + ./$(DEPDIR)/priority-set.Po ./$(DEPDIR)/priority-set2.Po \ + ./$(DEPDIR)/privkey-keygen.Po \ +- ./$(DEPDIR)/privkey-verify-broken.Po ./$(DEPDIR)/psk-file.Po \ ++ ./$(DEPDIR)/privkey-verify-broken.Po \ + ./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pubkey-import-export.Po \ + ./$(DEPDIR)/random-art.Po ./$(DEPDIR)/record-pad.Po \ + ./$(DEPDIR)/record-retvals.Po \ +@@ -3021,7 +3019,7 @@ SOURCES = $(libpkcs11mock1_la_SOURCES) $(libutils_la_SOURCES) alerts.c \ + pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \ + prf.c priorities.c priorities-groups.c priority-init2.c \ + priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \ +- privkey-verify-broken.c psk-file.c pskself.c \ ++ privkey-verify-broken.c pskself.c \ + pubkey-import-export.c random-art.c record-pad.c \ + record-retvals.c record-sizes.c record-sizes-range.c \ + record-timeouts.c recv-data-before-handshake.c \ +@@ -3183,7 +3181,7 @@ DIST_SOURCES = $(am__libpkcs11mock1_la_SOURCES_DIST) \ + pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \ + prf.c priorities.c priorities-groups.c priority-init2.c \ + priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \ +- privkey-verify-broken.c psk-file.c pskself.c \ ++ privkey-verify-broken.c pskself.c \ + pubkey-import-export.c random-art.c record-pad.c \ + record-retvals.c record-sizes.c record-sizes-range.c \ + record-timeouts.c recv-data-before-handshake.c \ +@@ -4734,7 +4732,7 @@ ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \ + x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \ + server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal \ + pkcs7-gen dtls-etm x509sign-verify-rsa x509sign-verify-ecdsa \ +- x509sign-verify-gost mini-alignment oids atfork prf psk-file \ ++ x509sign-verify-gost mini-alignment oids atfork prf \ + priority-init2 status-request status-request-ok \ + status-request-missing sign-verify-ext fallback-scsv \ + pkcs8-key-decode urls dtls-rehandshake-cert key-usage-rsa \ +@@ -5872,10 +5870,6 @@ privkey-verify-broken$(EXEEXT): $(privkey_verify_broken_OBJECTS) $(privkey_verif + @rm -f privkey-verify-broken$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS) + +-psk-file$(EXEEXT): $(psk_file_OBJECTS) $(psk_file_DEPENDENCIES) $(EXTRA_psk_file_DEPENDENCIES) +- @rm -f psk-file$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(psk_file_OBJECTS) $(psk_file_LDADD) $(LIBS) +- + pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES) + @rm -f pskself$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS) +@@ -6862,7 +6856,6 @@ distclean-compile: + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk-file.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker +@@ -8913,13 +8906,6 @@ prf.log: prf$(EXEEXT) + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +-psk-file.log: psk-file$(EXEEXT) +- @p='psk-file$(EXEEXT)'; \ +- b='psk-file'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) + priority-init2.log: priority-init2$(EXEEXT) + @p='priority-init2$(EXEEXT)'; \ + b='priority-init2'; \ +@@ -10883,7 +10869,6 @@ distclean: distclean-recursive + -rm -f ./$(DEPDIR)/priority-set2.Po + -rm -f ./$(DEPDIR)/privkey-keygen.Po + -rm -f ./$(DEPDIR)/privkey-verify-broken.Po +- -rm -f ./$(DEPDIR)/psk-file.Po + -rm -f ./$(DEPDIR)/pskself.Po + -rm -f ./$(DEPDIR)/pubkey-import-export.Po + -rm -f ./$(DEPDIR)/random-art.Po +@@ -11318,7 +11303,6 @@ maintainer-clean: maintainer-clean-recursive + -rm -f ./$(DEPDIR)/priority-set2.Po + -rm -f ./$(DEPDIR)/privkey-keygen.Po + -rm -f ./$(DEPDIR)/privkey-verify-broken.Po +- -rm -f ./$(DEPDIR)/psk-file.Po + -rm -f ./$(DEPDIR)/pskself.Po + -rm -f ./$(DEPDIR)/pubkey-import-export.Po + -rm -f ./$(DEPDIR)/random-art.Po diff --git a/gnutls.changes b/gnutls.changes index 3175f73..507f996 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,7 +1,13 @@ +------------------------------------------------------------------- +Mon Oct 15 15:41:42 UTC 2018 - Vítězslav Čížek + +- Temporarily disable failing psk-file test (race condition) + * add disable-psk-file-test.patch + ------------------------------------------------------------------- Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal -- Version update to 3.6.4 bsc#1111757: +- Version update to 3.6.4 (bsc#1111757): ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with gnutls_certificate_set_retrieve_function() which could not handle the case where diff --git a/gnutls.spec b/gnutls.spec index 4a7241c..c5725b2 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -41,6 +41,7 @@ Source2: %{name}.keyring Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch +Patch3: disable-psk-file-test.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -159,6 +160,7 @@ GnuTLS Wrappers for GNU Guile, a dialect of Scheme. %prep %setup -q %patch1 -p1 +%patch3 -p1 # dtls-resume test fails on PPC %ifarch ppc64 ppc64le ppc %patch2 -p1