Accepting request 354655 from Base:System

- Update to 3.4.8
  All changes since 3.4.4:
  * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey()
    when used with PKCS #11 keys.
  * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
    their public keys from either a public key object or a certificate.
    That is, because private keys do not contain all the required
    parameters for a direct import.
  * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
    tokens.
  * libgnutls: Fixed out-of-bounds read in 
    gnutls_x509_ext_export_key_usage()
  * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to 
    conform to draft-ietf-tls-chacha20-poly1305-02.
  * libgnutls: Several fixes in PKCS #7 signing which improve 
    compatibility with the MacOSX tools.
  * libgnutls: The max-record extension not negotiated on DTLS. This
    resolves issue with the max-record being negotiated but ignored.
  * certtool: Added the --p7-include-cert and --p7-show-data options.
  * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
    ciphersuites. This solves an interoperability issue with openssl.
  * libgnutls: Corrected the setting of salt size in 
    gnutls_pkcs12_mac_info().
  * libgnutls: On a rehandshake allow switching from anonymous to ECDHE 
    and DHE ciphersuites.
  * libgnutls: Corrected regression from 3.3.x which prevented 
    ARCFOUR128 from using arbitrary key sizes.
  * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs
    skipping the implicit global initialization.
  * gnutls.pc: Don't include libtool specific options to link flags. (forwarded request 354652 from namtrac)

OBS-URL: https://build.opensuse.org/request/show/354655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=88

gnutls-3.4.4.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:06dacb1352792b9f05200eff33c9a9093ba3c706f4f88cb29ecbfb784b24b34a
-size 6567656

gnutls-3.4.8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e07c05dea525c6bf0dd8017fc5b89d886954f04fedf457ecd1ce488ac3b86ab7
+size 6631528

gnutls.changes

@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Mon Jan 18 13:25:54 UTC 2016 - idonmez@suse.com
+
+- Update to 3.4.8
+  All changes since 3.4.4:
+  * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey()
+    when used with PKCS #11 keys.
+  * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
+    their public keys from either a public key object or a certificate.
+    That is, because private keys do not contain all the required
+    parameters for a direct import.
+  * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
+    tokens.
+  * libgnutls: Fixed out-of-bounds read in 
+    gnutls_x509_ext_export_key_usage()
+  * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to 
+    conform to draft-ietf-tls-chacha20-poly1305-02.
+  * libgnutls: Several fixes in PKCS #7 signing which improve 
+    compatibility with the MacOSX tools.
+  * libgnutls: The max-record extension not negotiated on DTLS. This
+    resolves issue with the max-record being negotiated but ignored.
+  * certtool: Added the --p7-include-cert and --p7-show-data options.
+  * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
+    ciphersuites. This solves an interoperability issue with openssl.
+  * libgnutls: Corrected the setting of salt size in 
+    gnutls_pkcs12_mac_info().
+  * libgnutls: On a rehandshake allow switching from anonymous to ECDHE 
+    and DHE ciphersuites.
+  * libgnutls: Corrected regression from 3.3.x which prevented 
+    ARCFOUR128 from using arbitrary key sizes.
+  * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs
+    skipping the implicit global initialization.
+  * gnutls.pc: Don't include libtool specific options to link flags.
+  * tools: Better support for FTP AUTH TLS negotiation
+  * libgnutls: Added new simple verification functions. That avoids the
+    need to install a callback to perform certificate verification. See
+    doc/examples/ex-client-x509.c for usage.
+  * libgnutls: Introduced the security parameter 'future' which is at
+    the 256-bit level of security, and 'ultra' was aligned to its 
+    documented size at 192-bits.
+  * libgnutls: When writing a certificate into a PKCS #11 token, ensure
+    that CKA_SERIAL_NUMBER and CKA_ISSUER are written.
+  * libgnutls: Allow the presence of legacy ciphers and key exchanges in
+    priority strings and consider them a no-op.
+  * libgnutls: Handle the extended master secret as a mandatory 
+    extension. That fixes incompatibility issues with Chromium (#45). 
+  * libgnutls: Added the ability to copy a public key into a PKCS #11
+    token.
+  * tools: Added support for LDAP and XMPP negotiation for STARTTLS.
+  * p11tool: Allow writing a public key into a PKCS #11 token.
+  * certtool: Key generation security level was switched to HIGH. That
+    is, by default the tool generates 3072 bit keys for RSA and DSA.
+  * libgnutls: When re-importing CRLs to a trust list ensure that there
+    no duplicate entries.
+  * certtool: Removed any arbitrary limits imposed on input file sizes
+    and maximum number of certificates imported.
+  * certtool: Allow specifying fixed dates on CRL generation.
+  * gnutls-cli-debug: Added check for inappropriate fallback support
+    (RFC7507).
+
 -------------------------------------------------------------------
 Tue Aug 18 22:40:28 UTC 2015 - astieger@suse.com
 

gnutls.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
 %bcond_with tpm
 
 Name:           gnutls
-Version:        3.4.4
+Version:        3.4.8
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+