Accepting request 991995 from security:tls
OBS-URL: https://build.opensuse.org/request/show/991995 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=140
This commit is contained in:
commit
9fbb234389
@ -1,13 +1,13 @@
|
|||||||
Index: gnutls-3.6.15/configure
|
Index: gnutls-3.7.7/configure
|
||||||
===================================================================
|
===================================================================
|
||||||
--- gnutls-3.6.15.orig/configure 2020-09-08 10:24:22.362083215 +0200
|
--- gnutls-3.7.7.orig/configure
|
||||||
+++ gnutls-3.6.15/configure 2020-09-08 10:24:28.510124171 +0200
|
+++ gnutls-3.7.7/configure
|
||||||
@@ -69365,7 +69365,7 @@ fi
|
@@ -74223,7 +74223,7 @@ fi
|
||||||
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" >&5
|
||||||
$as_echo_n "checking for Guile site directory... " >&6; }
|
printf %s "checking for Guile site directory... " >&6; }
|
||||||
- GUILE_SITE=`$PKG_CONFIG --print-errors --variable=sitedir guile-$GUILE_EFFECTIVE_VERSION`
|
- GUILE_SITE=`$PKG_CONFIG --print-errors --variable=sitedir guile-$GUILE_EFFECTIVE_VERSION`
|
||||||
+ GUILE_SITE=/usr/share/guile
|
+ GUILE_SITE=/usr/share/guile
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE" >&5
|
||||||
$as_echo "$GUILE_SITE" >&6; }
|
printf "%s\n" "$GUILE_SITE" >&6; }
|
||||||
if test "$GUILE_SITE" = ""; then
|
if test "$GUILE_SITE" = ""; then
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:77065719a345bfb18faa250134be4c53bef70c1bd61f6c0c23ceb8b44f0262ff
|
|
||||||
size 6338276
|
|
Binary file not shown.
3
gnutls-3.7.7.tar.xz
Normal file
3
gnutls-3.7.7.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106
|
||||||
|
size 6351664
|
BIN
gnutls-3.7.7.tar.xz.sig
Normal file
BIN
gnutls-3.7.7.tar.xz.sig
Normal file
Binary file not shown.
@ -1,22 +0,0 @@
|
|||||||
Index: gnutls-3.7.5/lib/crypto-selftests.c
|
|
||||||
===================================================================
|
|
||||||
--- gnutls-3.7.5.orig/lib/crypto-selftests.c
|
|
||||||
+++ gnutls-3.7.5/lib/crypto-selftests.c
|
|
||||||
@@ -3123,6 +3123,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh
|
|
||||||
"\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f"
|
|
||||||
"\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"),
|
|
||||||
},
|
|
||||||
+ /* Test vector extracted from https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
|
|
||||||
+ {
|
|
||||||
+ STR(key, key_size, "passwordPASSWORDpassword"),
|
|
||||||
+ STR(salt, salt_size, "saltSALTsaltSALTsaltSALTsaltSALTsalt"),
|
|
||||||
+ .iter_count = 4096,
|
|
||||||
+ STR(output, output_size,
|
|
||||||
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e"
|
|
||||||
+ "\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f"
|
|
||||||
+ "\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"),
|
|
||||||
+ },
|
|
||||||
};
|
|
||||||
|
|
||||||
static int test_pbkdf2(gnutls_mac_algorithm_t mac,
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
|||||||
Index: gnutls-3.6.15/lib/fips.c
|
Index: gnutls-3.7.7/lib/fips.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- gnutls-3.6.15.orig/lib/fips.c 2020-09-03 16:59:05.000000000 +0200
|
--- gnutls-3.7.7.orig/lib/fips.c
|
||||||
+++ gnutls-3.6.15/lib/fips.c 2020-11-10 12:51:40.420071675 +0100
|
+++ gnutls-3.7.7/lib/fips.c
|
||||||
@@ -398,6 +398,28 @@ int _gnutls_fips_perform_self_checks2(vo
|
@@ -517,6 +517,26 @@ int _gnutls_fips_perform_self_checks2(vo
|
||||||
goto error;
|
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
+ /* KDF */
|
+ /* KDF */
|
||||||
@ -18,14 +18,12 @@ Index: gnutls-3.6.15/lib/fips.c
|
|||||||
+ ret = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data,
|
+ ret = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data,
|
||||||
+ label.size, (char*)label.data, seed.size, seed.data, expected.size, derived);
|
+ label.size, (char*)label.data, seed.size, seed.data, expected.size, derived);
|
||||||
+ if (ret < 0) {
|
+ if (ret < 0) {
|
||||||
+ gnutls_assert();
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
+ goto error;
|
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ ret = memcmp(derived, expected.data, expected.size);
|
+ ret = memcmp(derived, expected.data, expected.size);
|
||||||
+ if (ret != 0) {
|
+ if (ret != 0) {
|
||||||
+ gnutls_assert();
|
+ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
|
||||||
+ goto error;
|
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
/* PK */
|
/* PK */
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
Index: gnutls-3.7.3/guile/Makefile.am
|
Index: gnutls-3.7.7/guile/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- gnutls-3.7.3.orig/guile/Makefile.am
|
--- gnutls-3.7.7.orig/guile/Makefile.am
|
||||||
+++ gnutls-3.7.3/guile/Makefile.am
|
+++ gnutls-3.7.7/guile/Makefile.am
|
||||||
@@ -102,8 +102,6 @@ endif HAVE_GUILD
|
@@ -102,14 +102,11 @@ endif HAVE_GUILD
|
||||||
#
|
#
|
||||||
|
|
||||||
TESTS = \
|
TESTS = \
|
||||||
@ -11,11 +11,17 @@ Index: gnutls-3.7.3/guile/Makefile.am
|
|||||||
tests/pkcs-import-export.scm \
|
tests/pkcs-import-export.scm \
|
||||||
tests/errors.scm \
|
tests/errors.scm \
|
||||||
tests/x509-certificates.scm \
|
tests/x509-certificates.scm \
|
||||||
Index: gnutls-3.7.3/guile/Makefile.in
|
tests/x509-auth.scm \
|
||||||
|
tests/reauth.scm \
|
||||||
|
- tests/premature-termination.scm \
|
||||||
|
tests/priorities.scm
|
||||||
|
|
||||||
|
if ENABLE_SRP
|
||||||
|
Index: gnutls-3.7.7/guile/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- gnutls-3.7.3.orig/guile/Makefile.in
|
--- gnutls-3.7.7.orig/guile/Makefile.in
|
||||||
+++ gnutls-3.7.3/guile/Makefile.in
|
+++ gnutls-3.7.7/guile/Makefile.in
|
||||||
@@ -2320,8 +2320,7 @@ CLEANFILES = modules/gnutls.scm $(am__ap
|
@@ -2335,10 +2335,9 @@ CLEANFILES = modules/gnutls.scm $(am__ap
|
||||||
#
|
#
|
||||||
# Tests.
|
# Tests.
|
||||||
#
|
#
|
||||||
@ -23,5 +29,8 @@ Index: gnutls-3.7.3/guile/Makefile.in
|
|||||||
- tests/pkcs-import-export.scm tests/errors.scm \
|
- tests/pkcs-import-export.scm tests/errors.scm \
|
||||||
+TESTS = tests/pkcs-import-export.scm tests/errors.scm \
|
+TESTS = tests/pkcs-import-export.scm tests/errors.scm \
|
||||||
tests/x509-certificates.scm tests/x509-auth.scm \
|
tests/x509-certificates.scm tests/x509-auth.scm \
|
||||||
tests/reauth.scm tests/priorities.scm $(am__append_2)
|
- tests/reauth.scm tests/premature-termination.scm \
|
||||||
|
+ tests/reauth.scm \
|
||||||
|
tests/priorities.scm $(am__append_2)
|
||||||
TESTS_ENVIRONMENT = \
|
TESTS_ENVIRONMENT = \
|
||||||
|
GUILE_AUTO_COMPILE=0 \
|
||||||
|
@ -1,3 +1,52 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 29 14:29:17 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Update to 3.7.7: [bsc#1202020, CVE-2022-2509]
|
||||||
|
* libgnutls: Fixed double free during verification of pkcs7
|
||||||
|
signatures. CVE-2022-2509
|
||||||
|
* libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument
|
||||||
|
less than or equal to 255 times hash digest size, to comply with
|
||||||
|
RFC 5869 2.3.
|
||||||
|
* libgnutls: Length limit for TLS PSK usernames has been increased
|
||||||
|
from 128 to 65535 characters
|
||||||
|
* libgnutls: AES-GCM encryption function now limits plaintext
|
||||||
|
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
|
||||||
|
* libgnutls: New block cipher functions have been added to
|
||||||
|
transparently handle padding. gnutls_cipher_encrypt3 and
|
||||||
|
gnutls_cipher_decrypt3 can be used in combination of
|
||||||
|
GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove
|
||||||
|
padding if the length of the original plaintext is not a multiple
|
||||||
|
of the block size.
|
||||||
|
* libgnutls: New function for manual FIPS self-testing.
|
||||||
|
* API and ABI modifications:
|
||||||
|
- gnutls_fips140_run_self_tests: New function
|
||||||
|
- gnutls_cipher_encrypt3: New function
|
||||||
|
- gnutls_cipher_decrypt3: New function
|
||||||
|
- gnutls_cipher_padding_flags_t: New enum
|
||||||
|
* guile: Guile 1.8 is no longer supported
|
||||||
|
* guile: Session record port treats premature termination as EOF Previously,
|
||||||
|
a 'gnutls-error' exception with the 'error/premature-termination' value
|
||||||
|
would be thrown while reading from a session record port when the
|
||||||
|
underlying session was terminated prematurely. This was inconvenient
|
||||||
|
since users of the port may not be prepared to handle such an exception.
|
||||||
|
Reading from the session record port now returns the end-of-file object
|
||||||
|
instead of throwing an exception, just like it would for a proper
|
||||||
|
session termination.
|
||||||
|
* guile: Session record ports can have a 'close' procedure. The
|
||||||
|
'session-record-port' procedure now takes an optional second parameter,
|
||||||
|
and a new 'set-session-record-port-close!' procedure is provided to
|
||||||
|
specify a 'close' procedure for a session record port. This 'close'
|
||||||
|
procedure lets users specify cleanup operations for when the port is
|
||||||
|
closed, such as closing the file descriptor or port that backs the
|
||||||
|
underlying session.
|
||||||
|
* Rebase patches:
|
||||||
|
- gnutls-3.6.6-set_guile_site_dir.patch
|
||||||
|
- gnutls-FIPS-TLS_KDF_selftest.patch
|
||||||
|
- gnutls-FIPS-disable-failing-tests.patch
|
||||||
|
* Remove patch merged upstream:
|
||||||
|
- gnutls-FIPS-PBKDF2-KAT-requirements.patch
|
||||||
|
- https://gitlab.com/gnutls/gnutls/merge_requests/1561
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri May 27 16:56:26 UTC 2022 - Antoine Belvire <antoine.belvire@opensuse.org>
|
Fri May 27 16:56:26 UTC 2022 - Antoine Belvire <antoine.belvire@opensuse.org>
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
%bcond_with tpm
|
%bcond_with tpm
|
||||||
%bcond_without guile
|
%bcond_without guile
|
||||||
Name: gnutls
|
Name: gnutls
|
||||||
Version: 3.7.6
|
Version: 3.7.7
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The GNU Transport Layer Security Library
|
Summary: The GNU Transport Layer Security Library
|
||||||
License: GPL-3.0-or-later AND LGPL-2.1-or-later
|
License: GPL-3.0-or-later AND LGPL-2.1-or-later
|
||||||
@ -50,8 +50,6 @@ Patch0: gnutls-3.5.11-skip-trust-store-tests.patch
|
|||||||
Patch1: gnutls-3.6.6-set_guile_site_dir.patch
|
Patch1: gnutls-3.6.6-set_guile_site_dir.patch
|
||||||
Patch2: gnutls-FIPS-TLS_KDF_selftest.patch
|
Patch2: gnutls-FIPS-TLS_KDF_selftest.patch
|
||||||
Patch3: gnutls-FIPS-disable-failing-tests.patch
|
Patch3: gnutls-FIPS-disable-failing-tests.patch
|
||||||
#PATCH-FIX-SUSE bsc#1184669 FIPS: Additional PBKDF2 requirements for KAT
|
|
||||||
Patch4: gnutls-FIPS-PBKDF2-KAT-requirements.patch
|
|
||||||
BuildRequires: autogen
|
BuildRequires: autogen
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: datefudge
|
BuildRequires: datefudge
|
||||||
@ -91,7 +89,7 @@ BuildRequires: libunbound-devel
|
|||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
%if %{with guile}
|
%if %{with guile}
|
||||||
BuildRequires: guile-devel
|
BuildRequires: guile-devel > 1.8
|
||||||
%endif
|
%endif
|
||||||
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
||||||
BuildRequires: crypto-policies
|
BuildRequires: crypto-policies
|
||||||
@ -194,7 +192,7 @@ Files needed for software development using gnutls.
|
|||||||
Summary: Guile wrappers for gnutls
|
Summary: Guile wrappers for gnutls
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
Group: Development/Libraries/Other
|
Group: Development/Libraries/Other
|
||||||
Requires: guile
|
Requires: guile > 1.8
|
||||||
|
|
||||||
%description guile
|
%description guile
|
||||||
GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
|
GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user