- Version update to 3.6.4:

** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with gnutls_certificate_set_retrieve_function() which could not handle the case where no certificates were returned, or the callbacks were set to NULL (see #528). ** libgnutls: gnutls_handshake() on server returns early on handshake when no certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START is specified. ** libgnutls: Added session ticket key rotation on server side with TOTP. The key set with gnutls_session_ticket_enable_server() is used as a master key to generate time-based keys for tickets. The rotation relates to the gnutls_db_set_cache_expiration() period. ** libgnutls: The 'record size limit' extension is added and preferred to the 'max record size' extension when possible. ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. This addresses the problem where the CA certificate doesn't have a subject key identifier whereas the end certificates have an authority key identifier (#569) ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import and export GOST parameters in the "native" little endian format used for these curves. This is an intentional incompatible change with 3.6.3. ** libgnutls: Added support for seperately negotiating client and server certificate types as defined in RFC7250. This mechanism must be explicitly enabled via the GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=10
2018-10-15 08:27:49 +00:00
parent 65aedfc27d
commit 60b4dea541
6 changed files with 35 additions and 7 deletions
--- a/gnutls-3.6.3.tar.xz
+++ b/gnutls-3.6.3.tar.xz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ed642b66a4ecf4851ab2d809cd1475c297b6201d8e8bd14b4d1c08b53ffca993
 size 8010284
--- a/gnutls-3.6.3.tar.xz.sig
+++ b/gnutls-3.6.3.tar.xz.sig
--- a/gnutls-3.6.4.tar.xz
+++ b/gnutls-3.6.4.tar.xz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c663a792fbc84349c27c36059181f2ca86c9442e75ee8b0ad72f5f9b35deab3a
 size 8076364
--- a/gnutls-3.6.4.tar.xz.sig
+++ b/gnutls-3.6.4.tar.xz.sig
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,31 @@
 -------------------------------------------------------------------
 Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
 - Version update to 3.6.4:
  ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
  ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
     gnutls_certificate_set_retrieve_function() which could not handle the case where
     no certificates were returned, or the callbacks were set to NULL (see #528).
  ** libgnutls: gnutls_handshake() on server returns early on handshake when no
     certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
     is specified.
  ** libgnutls: Added session ticket key rotation on server side with TOTP.
     The key set with gnutls_session_ticket_enable_server() is used as a
     master key to generate time-based keys for tickets. The rotation
     relates to the gnutls_db_set_cache_expiration() period.
  ** libgnutls: The 'record size limit' extension is added and preferred to the
     'max record size' extension when possible.
  ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
     This addresses the problem where the CA certificate doesn't have a subject key
     identifier whereas the end certificates have an authority key identifier (#569)
  ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
     gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
     and export GOST parameters in the "native" little endian format used for these
     curves. This is an intentional incompatible change with 3.6.3.
  ** libgnutls: Added support for seperately negotiating client and server certificate types
     as defined in RFC7250. This mechanism must be explicitly enabled via the
     GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
 -------------------------------------------------------------------
 Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
@@ -20,8 +20,8 @@
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
-# unbound isn't in SLE (bsc#1086428)
+# unbound isn't in SLE12 (bsc#1086428)
-%if 0%{?is_opensuse}
+%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500
 %bcond_without dane
 %else
 %bcond_with dane
@@ -29,7 +29,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.6.3
+Version:        3.6.4
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1-or-later AND GPL-3.0-or-later