diff --git a/gnutls-3.6.3.tar.xz b/gnutls-3.6.3.tar.xz deleted file mode 100644 index 1a9c38b..0000000 --- a/gnutls-3.6.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed642b66a4ecf4851ab2d809cd1475c297b6201d8e8bd14b4d1c08b53ffca993 -size 8010284 diff --git a/gnutls-3.6.3.tar.xz.sig b/gnutls-3.6.3.tar.xz.sig deleted file mode 100644 index 4073763..0000000 Binary files a/gnutls-3.6.3.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.6.4.tar.xz b/gnutls-3.6.4.tar.xz new file mode 100644 index 0000000..5759e19 --- /dev/null +++ b/gnutls-3.6.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c663a792fbc84349c27c36059181f2ca86c9442e75ee8b0ad72f5f9b35deab3a +size 8076364 diff --git a/gnutls-3.6.4.tar.xz.sig b/gnutls-3.6.4.tar.xz.sig new file mode 100644 index 0000000..2b06d97 Binary files /dev/null and b/gnutls-3.6.4.tar.xz.sig differ diff --git a/gnutls.changes b/gnutls.changes index 4124eef..39b9a87 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal + +- Version update to 3.6.4: + ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with + gnutls_certificate_set_retrieve_function() which could not handle the case where + no certificates were returned, or the callbacks were set to NULL (see #528). + ** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + ** libgnutls: Added session ticket key rotation on server side with TOTP. + The key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + ** libgnutls: The 'record size limit' extension is added and preferred to the + 'max record size' extension when possible. + ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), + gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import + and export GOST parameters in the "native" little endian format used for these + curves. This is an intentional incompatible change with 3.6.3. + ** libgnutls: Added support for seperately negotiating client and server certificate types + as defined in RFC7250. This mechanism must be explicitly enabled via the + GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). + ------------------------------------------------------------------- Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de diff --git a/gnutls.spec b/gnutls.spec index 5243e8c..4cdebf6 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,8 +20,8 @@ %define gnutlsxx_sover 28 %define gnutls_dane_sover 0 -# unbound isn't in SLE (bsc#1086428) -%if 0%{?is_opensuse} +# unbound isn't in SLE12 (bsc#1086428) +%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500 %bcond_without dane %else %bcond_with dane @@ -29,7 +29,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.3 +Version: 3.6.4 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later