Commit Graph

74 Commits

Author SHA256 Message Date
Dominique Leuenberger
89b81992fd Accepting request 354655 from Base:System
- Update to 3.4.8
  All changes since 3.4.4:
  * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey()
    when used with PKCS #11 keys.
  * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
    their public keys from either a public key object or a certificate.
    That is, because private keys do not contain all the required
    parameters for a direct import.
  * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
    tokens.
  * libgnutls: Fixed out-of-bounds read in 
    gnutls_x509_ext_export_key_usage()
  * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to 
    conform to draft-ietf-tls-chacha20-poly1305-02.
  * libgnutls: Several fixes in PKCS #7 signing which improve 
    compatibility with the MacOSX tools.
  * libgnutls: The max-record extension not negotiated on DTLS. This
    resolves issue with the max-record being negotiated but ignored.
  * certtool: Added the --p7-include-cert and --p7-show-data options.
  * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
    ciphersuites. This solves an interoperability issue with openssl.
  * libgnutls: Corrected the setting of salt size in 
    gnutls_pkcs12_mac_info().
  * libgnutls: On a rehandshake allow switching from anonymous to ECDHE 
    and DHE ciphersuites.
  * libgnutls: Corrected regression from 3.3.x which prevented 
    ARCFOUR128 from using arbitrary key sizes.
  * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs
    skipping the implicit global initialization.
  * gnutls.pc: Don't include libtool specific options to link flags. (forwarded request 354652 from namtrac)

OBS-URL: https://build.opensuse.org/request/show/354655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=88
2016-01-23 00:03:23 +00:00
Stephan Kulow
0043dc9411 Accepting request 324612 from Base:System
1

OBS-URL: https://build.opensuse.org/request/show/324612
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=87
2015-08-25 05:17:02 +00:00
Stephan Kulow
a9c2e27421 Accepting request 306733 from Base:System
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/306733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=86
2015-05-16 05:12:25 +00:00
Dominique Leuenberger
62fa285feb Accepting request 305469 from Base:System
- Updated to 3.4.1 (released 2015-05-03)
  ** libgnutls: gnutls_certificate_get_ours: will return the certificate even
  if a callback was used to send it.
  ** libgnutls: Check for invalid length in the X.509 version field. Without
  the check certificates with invalid length would be detected as having an
  arbitrary version. Reported by Hanno Böck.
  ** libgnutls: Handle DNS name constraints with a leading dot. Patch by
  Fotis Loukos.
  ** libgnutls: Updated system-keys support for windows to compile in more
  versions of mingw. Patch by Tim Kosse.
  ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
  Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690
  ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
  by default. That caused issues with non-blocking programs.
  ** certtool: It can generate SHA256 key IDs.
  ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
  ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added
- gnutls-fix-double-mans.patch: fixed upstream

OBS-URL: https://build.opensuse.org/request/show/305469
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=85
2015-05-06 09:18:34 +00:00
Stephan Kulow
03f6e10195 Accepting request 304179 from Base:System
- Disable buggy valgrind on armv7l (forwarded request 304053 from AndreasSchwab)

OBS-URL: https://build.opensuse.org/request/show/304179
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=84
2015-04-28 18:42:20 +00:00
Dominique Leuenberger
10f4b520f9 Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
  ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
  ciphersuites. The former are enabled by default, the latter need to be
  explicitly enabled, since they reduce the overall security level.
  ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
  draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
  That is currently provided as technology preview and is not enabled by
  default, since there are no assigned ciphersuite points by IETF and there 
  is no guarrantee of compatibility between draft versions. The ciphersuite
  priority string to enable it is "+CHACHA20-POLY1305".
  ** libgnutls: Added support for encrypt-then-authenticate in CBC
  ciphersuites (RFC7366 -taking into account its errata text). This is
  enabled by default and can be disabled using the %NO_ETM priority
  string.
  ** libgnutls: Added support for the extended master secret
  (triple-handshake fix) following draft-ietf-tls-session-hash-02.
  ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
  ** libgnutls: SSL 3.0 is no longer included in the default priorities
  list. It has to be explicitly enabled, e.g., with a string like
  "NORMAL:+VERS-SSL3.0".
  ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
  list. It has to be explicitly enabled, e.g., with a string like
  "NORMAL:+ARCFOUR-128".
  ** libgnutls: DSA signatures and DHE-DSS are no longer included in the
  default priorities list. They have to be explicitly enabled, e.g., with
  a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
  DSA ciphersuites were dropped because they had no deployment at all
  on the internet, to justify their inclusion.
  ** libgnutls: The priority string EXPORT was completely removed. The string

OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 08:38:18 +00:00
Dominique Leuenberger
368ef4383b Accepting request 294011 from Base:System
- updated to 3.3.13 (released 2015-03-30)
  ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo
  structures use BER to decode them (requires libtasn1 4.3). That allows
  to decode some more complex structures.
  ** libgnutls: When an end-certificate with no name is present and there
  are CA name constraints, don't reject the certificate. This follows RFC5280
  advice closely. Reported by Fotis Loukos.
  ** libgnutls: Fixed handling of supplemental data with types > 255.
  Patch by Thierry Quemerais.
  ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate
  extension. Reported by Robert Święcki.
  ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That
  protocol is not enabled by default (used by openconnect VPN).
  ** libgnutls: The maximum user data send size is set to be the same for
  block and non-block ciphersuites. This addresses a regression with wine:
  https://bugs.winehq.org/show_bug.cgi?id=37500
  ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN,
  and CKA_DECRYPT when needed.
  ** libgnutls: Allow names with zero size to be set using
  gnutls_server_name_set(). That will disable the Server Name Indication.
  Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2

OBS-URL: https://build.opensuse.org/request/show/294011
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=82
2015-04-07 07:28:38 +00:00
Dominique Leuenberger
b8f9fbb1e2 Accepting request 293173 from Base:System
some tweaks for your perusal (forwarded request 293171 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/293173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=81
2015-03-30 17:32:11 +00:00
Dominique Leuenberger
a06553bba5 Accepting request 266910 from Base:System
- build with PIE for commandline tools

- Updated to 3.2.21 (released 2014-12-11)
  - libgnutls: Corrected regression introduced in 3.2.19 related to
    session renegotiation. Reported by Dan Winship.
  - libgnutls: Corrected parsing issue with OCSP responses. (forwarded request 266909 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/266910
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=80
2015-01-03 21:03:04 +00:00
Dominique Leuenberger
1827cfd454 Accepting request 262808 from Base:System
- Updated to 3.2.20 (released 2014-11-10)
  ** libgnutls: Removed superfluous random generator refresh on every
     call of gnutls_deinit(). That reduces load and usage of /dev/urandom.
  ** libgnutls: Corrected issue in export of ECC parameters to X9.63
     format.  Reported by Sean Burford [GNUTLS-SA-2014-5].
  (CVE-2014-8564 bnc#904603)
- Updated to 3.2.19 (released 2014-10-13)
  ** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
     Reported by Joseph Peruski.
  ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
     handshake's hash buffer, in applications using the heartbeat extension
     or DTLS. Reported by Joeri de Ruiter.
  ** libgnutls: fix issue in DTLS retransmission when session tickets were
     in use; reported by Manuel Pégourié-Gonnard.
  ** libgnutls: Prevent abort() in library if getrusage() fails. Try to
     detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
  ** guile: new 'set-session-server-name!' procedure; see the manual
     for details.

OBS-URL: https://build.opensuse.org/request/show/262808
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=79
2014-11-28 07:46:04 +00:00
Stephan Kulow
cb95dcfd35 Accepting request 251823 from Base:System
Upgrade to GnuTLS 3.2.18; Delete files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig; Add files: gnutls-3.2.18.tar.xz, gnutls-3.2.18.tar.xz.sig (forwarded request 251822 from citypw)

OBS-URL: https://build.opensuse.org/request/show/251823
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=78
2014-09-26 08:51:25 +00:00
Stephan Kulow
da0f97d0a3 Accepting request 247074 from Base:System
Upgrade to Version 3.2.17 (released 2014-08-24); Delete files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig; Add files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig (forwarded request 246980 from citypw)

OBS-URL: https://build.opensuse.org/request/show/247074
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=77
2014-09-03 16:21:27 +00:00
53d426ba00 Accepting request 244206 from Base:System
Upgrade to Version 3.2.16 (released 2014-07-23); delete files: gnutls-3.2.15.tar.xz, gnutls-3.2.15.tar.xz.sig, audit-improve.patch( already in upstream); Add files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig (forwarded request 243536 from citypw)

OBS-URL: https://build.opensuse.org/request/show/244206
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=75
2014-08-13 15:19:55 +00:00
Stephan Kulow
b0904801b3 Accepting request 236129 from Base:System
- Version 3.2.15 (released 2014-05-30)
  
  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
  ** libgnutls: Several memory leaks caused by error conditions were
  fixed. The leaks were identified using valgrind and the Codenomicon
  TLS test suite.
  ** libgnutls: Increased the maximum certificate size buffer
  in the PKCS #11 subsystem.
  ** libgnutls: Check the return code of getpwuid_r() instead of relying
  on the result value. That avoids issue in certain systems, when using
  tofu authentication and the home path cannot be determined. Issue reported
  by Viktor Dukhovni.
  ** gnutls-cli: if dane is requested but not PKIX verification, then
  only do verify the end certificate.
  ** ocsptool: Include path in ocsp request. This resolves #108582
  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
  ** libgnutls: Fixed issue with the check of incoming data when two
  different recv and send pointers have been specified. Reported and
  investigated by JMRecio.
  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
  result to illegal memory access if a server hint was provided.
  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
  server hint was provided.
  ** libgnutls: Several small bug fixes identified using valgrind and
  the Codenomicon TLS test suite.
  ** libgnutls: Several small bug fixes found by coverity.
  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
  entry that matches the certificate. Patch by simon [at] arlott.org.

OBS-URL: https://build.opensuse.org/request/show/236129
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=74
2014-06-06 12:36:14 +00:00
Stephan Kulow
46f6ba47ef Accepting request 233678 from Base:System
- Improvement after code audit (audit-improve.patch)
  * Use unsigned type for encode()
  * tolerate NULL in strdup()
  Modify files: lib/gnutls_mem.c, lib/auth/srp_sb64.c

OBS-URL: https://build.opensuse.org/request/show/233678
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=73
2014-05-14 08:50:25 +00:00
Stephan Kulow
6327ee3b7e Accepting request 229559 from Base:System
Upgrade to 3.2.13; Add files: gnutls-3.2.13.tar.xz, gnutls-3.2.13.tar.xz.sig; Delete files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig (forwarded request 229542 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/229559
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=72
2014-04-12 19:28:46 +00:00
Stephan Kulow
e0a2fbfd43 Accepting request 224736 from Base:System
Upgrade to 3.2.12.1; Delete files: CVE-2014-0092.patch( upstreamed), gnutls-3.2.11.tar.xz.sig, gnutls-3.2.11.tar.xz; Add files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig (forwarded request 224729 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/224736
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=71
2014-03-06 18:18:08 +00:00
Stephan Kulow
71f2bb57a3 Accepting request 224392 from Base:System
Fix bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 certificate verification; Add patch file: CVE-2014-0092.patch (forwarded request 224391 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/224392
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=70
2014-03-04 12:14:12 +00:00
Stephan Kulow
b35c84d979 Accepting request 222335 from Base:System
- Upgraded to 3.2.11
  ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
  ** libgnutls: Reduced the TLS and DTLS version requirements for all
     ciphersuites that are not GCM.
  ** libgnutls: When two initial keywords are specified then treat the
     second as having the '+' modifier.
  ** libgnutls:  When using a PKCS #11 module for verification ensure that
     it has been marked a trusted policy module in p11-kit. Moreover, when an
     empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
     in the system for verification.
     http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
  ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
     CA certificates. Reported and investigated by Suman Jana.
     CVE-2014-1959 / bnc#863989
  ** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed

- Upgrade to 3.1.20 (released 2014-01-31)
  ** libgnutls: fixed null pointer derefence when printing a certificate
     DN and an LDAP description isn't present.
  ** libgnutls: gnutls_db_check_entry_time will correctly report the time;
     report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
  ** libgnutls: The %DUMBFW option in priority string only
     appends data to client hello if the expected size is in the
     "black hole" range.
  ** libgnutls: %COMPAT implies %DUMBFW.
  ** libgnutls: gnutls_session_get_desc() returns a more compact
     ciphersuite description.

OBS-URL: https://build.opensuse.org/request/show/222335
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=69
2014-02-19 08:09:49 +00:00
Tomáš Chvátal
f088877e49 Accepting request 211992 from Base:System
Upgrade to GNUTLS-3.2.8 (forwarded request 211991 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/211992
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=68
2013-12-23 11:33:44 +00:00
Stephan Kulow
fbbe0b4946 Accepting request 205686 from Base:System
Upgrade to 3.2.6 (forwarded request 205591 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/205686
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=67
2013-11-04 13:58:23 +00:00
Stephan Kulow
ee8692fe69 Accepting request 205088 from Base:System
- Upgrade to 3.2.5
** libgnutls: Documentation and build-time fixes.
** libgnutls: Allow the generation of DH groups of less than 700 bits.
** libgnutls: Added several combinations of ciphersuites with SHA256 and
SHA384 as MAC, as well as Camellia with GCM.
** libdane: Added interfaces to allow initialization of dane_query_t
from external DNS resolutions, and to allow direct verification of a
certificate chain against a dane_query_t. Contributed by Christian Grothoff.
** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
triggered by a DNS server supplying more than 4 DANE records. Report and
fix by Christian Grothoff.
** srptool: Fixed index command line option. Patch by Attila Molnar.
** gnutls-cli: Added support for inline commands, using the
--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.	
** certtool: pathlen constraint is now read correctly. Reported by
Christoph Seitz.
** API and ABI modifications:
gnutls_certificate_get_crt_raw: Added
dane_verify_crt_raw: Added
dane_raw_tlsa: Added 
Add files: make-obs-happy-with-gnutls_3.2.5.patch, gnutls-3.2.5.tar.xz,
gnutls-3.2.5.tar.xz.sig, gnutls-3.2.5-noecc.patch
Delete files: gnutls-3.2.4.tar.xz, gnutls-3.2.4.tar.xz.sig, 
make-obs-happy-with-gnutls_3.2.4.patch, gnutls-3.2.4-noecc.patch

OBS-URL: https://build.opensuse.org/request/show/205088
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=66
2013-10-29 12:52:00 +00:00
Stephan Kulow
38d3bf8c14 Accepting request 197201 from Base:System
- Don't run install-info on images (forwarded request 197168 from AndreasSchwab)

OBS-URL: https://build.opensuse.org/request/show/197201
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=64
2013-09-04 11:48:45 +00:00
Stephan Kulow
24f6bd2ed8 Accepting request 196854 from Base:System
- buildrequire valgrind on the same arch list that valgrind builds (forwarded request 196834 from oertel)

OBS-URL: https://build.opensuse.org/request/show/196854
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=63
2013-09-02 12:56:15 +00:00
Stephan Kulow
a11fa3fadd Accepting request 185475 from Base:System
- Updated to 3.2.3
  ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan
     Buehler.
  ** libgnutls: Solve issue with received TLS packets that exceed 2^14.
     (this fixes a bug that was accidentally introduced in 3.2.2)
  ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly
     be used by the library.
  ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial
     fix by Alfredo Pironti.
- Updated to 3.2.2
  ** libgnutls: Several optimizations in the related to packet processing
     subsystems.
  ** libgnutls: DTLS replay detection can now be disabled (to be used
     in certain transport layers like SCTP).
  ** libgnutls: Fixes in SRTP extension generation when MKI is being used.
  ** libgnutls: Added ability to set hooks before or
     after sending or receiving any handshake message with
     gnutls_handshake_set_hook_function().
- gnutls-3.2.3-noecc.patch: updated to disable ECC.
- automake-1.12.patch: upstream, dropped
- gnutls-32bit.patch: upstream, dropped
- gnutls-3.2.1-pkcs11.diff: upstream, dropped

OBS-URL: https://build.opensuse.org/request/show/185475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=62
2013-08-01 15:15:14 +00:00
Stephan Kulow
76f004feaf Accepting request 184447 from Base:System
- revert to using certificate directory again until gnutls
  understands the trust bits in pkcs11. Otherwise it would use
  blacklisted certificates. (forwarded request 184442 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/184447
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=61
2013-07-29 15:41:34 +00:00
Stephan Kulow
38c4e94a77 Accepting request 182656 from Base:System
- Override broken configure checks (forwarded request 182594 from Andreas_Schwab)

OBS-URL: https://build.opensuse.org/request/show/182656
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=60
2013-07-09 18:49:54 +00:00
Stephan Kulow
b90a9251ea Accepting request 182304 from Base:System
- use pkcs11 interface to fetch the system's CA certificates
  (fate#314991). Add patch gnutls-3.2.1-pkcs11.diff to fix doing
  that, obsoletes gnutls-implement-trust-store-dir.diff. (forwarded request 182303 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/182304
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=59
2013-07-05 18:37:07 +00:00
Stephan Kulow
aa7b9ea5b8 Accepting request 181378 from Base:System
- Disable all ECC algorithms.
- gnutls-32bit.patch: upstream patch to make test
  work with 32bit time_t.
- gnutls-implement-trust-store-dir.diff
  currently not yet forward ported.
- Updated to GnuTLS 3.2.1
  ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
     openssl versions.
  ** libgnutls: Fixes in interrupted function resumption. Report
     and patch by Tim Kosse.
  ** libgnutls: Corrected issue when receiving client hello verify
     requests in DTLS.
  ** libgnutls: Fixes in DTLS record overhead size calculations.
  ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by
     Mann Ern Kang.
- Updated to GnuTLS 3.2.0
  ** libgnutls: Use nettle's elliptic curve implementation.
  ** libgnutls: Added Salsa20 cipher
  ** libgnutls: Added UMAC-96 and UMAC-128
  ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
     As they are not standardized they are defined using private ciphersuite numbers.
  ** libgnutls: Added support for DTLS 1.2.
  ** libgnutls: Added support for the Application Layer Protocol
     Negotiation (ALPN) extension.
  ** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
  ** libgnutls: Avoid linking to librt (that also avoids unnecessary
     linking to pthreads if p11-kit isn't used).
- Updated to GnuTLS 3.1.10 (released 2013-03-22)
  ** certtool: When generating PKCS #12 files use by default the 
  ARCFOUR (RC4) cipher to be compatible with devices that don't

OBS-URL: https://build.opensuse.org/request/show/181378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=58
2013-07-01 13:54:42 +00:00
Stephan Kulow
be42c61130 Accepting request 173482 from Base:System
- Added makeinfo BuildRequire to fix build with new automake (forwarded request 173444 from m_meister)

OBS-URL: https://build.opensuse.org/request/show/173482
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=57
2013-04-26 13:50:26 +00:00
Stephan Kulow
6f306fd873 Accepting request 151314 from Base:System
- Updated to GnuTLS 3.0.28
  - libgnutls: Fixes in server side of DTLS-0.9.
  - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
    ciphers (i.e., AES-GCM).
  - libgnutls: Fixes in record padding parsing to prevent a timing
    attack. Issue reported by Kenny Patterson and Nadhem Alfardan.
    bnc#802184 
  - libgnutls: DN variable 'T' was expanded to 'title'.

- Updated to GnuTLS 3.0.27
  - libgnutls: Fixed record padding parsing issue.
  - libgnutls: Stricter RSA PKCS #1 1.5 encoding.
  - libgnutls-guile: Fixed parallel compilation issue.
  - API and ABI modifications: No changes since last version.

OBS-URL: https://build.opensuse.org/request/show/151314
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=56
2013-02-07 09:20:28 +00:00
Stephan Kulow
8733559cd3 Accepting request 143744 from Base:System
- Test suite breaks on qemu-arm some calls not implemented. (forwarded request 143321 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/143744
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=54
2012-12-03 08:36:19 +00:00
Stephan Kulow
830abeae2a Accepting request 142850 from Base:System
- include LGPL-3.0+ text in COPYING.LESSER
- run regression tests, but move "make check" to %check section
- add gnutls-3.0.26-skip-test-fwrite.patch to skip a failing test
- no longer manipulate doc/examples tree in %install section, the 
  deletion of Makefiles breaks "make check" in %check
- install documentation, reference and examples in %install section
  to fetch them for the package without unneccessary files (forwarded request 142825 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/142850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=53
2012-11-28 09:29:35 +00:00
Stephan Kulow
5b1c69d57e Accepting request 136172 from Base:System
- update to latest stable version 3.0.21:
  libgnutls: fixed bug in gnutls_x509_privkey_import()
  that prevented the loading of EC private keys when DER
  encoded. Reported by David Woodhouse.
  libgnutls: In DTLS larger to mtu records result to
  GNUTLS_E_LARGE_PACKET instead of being truncated.
  libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based
  on patch by David Woodhouse.
  libgnutls: Fixed memory leak in PKCS #8 key import.
  libgnutls: Added support for an old version of the DTLS protocol
  used by openconnect vpn client for compatibility with Cisco's AnyConnect
  SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols
  as it has issues.
  libgnutls: Corrected bug that prevented resolving PKCS #11 URLs
  if only the label is specified. Patch by David Woodhouse.
  libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET
  is returned.
  API and ABI modifications:
  gnutls_dtls_set_data_mtu: Added
  gnutls_session_set_premaster: Added

OBS-URL: https://build.opensuse.org/request/show/136172
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=52
2012-10-03 05:23:38 +00:00
Stephan Kulow
76249fc4ae Accepting request 126824 from Base:System
- merge am-1.12 patches into 1

- fix 12.2 builds.
  * replace depreciated am_prog_mkdir_p with ac_prog_mkdir_p.

OBS-URL: https://build.opensuse.org/request/show/126824
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=51
2012-07-02 08:52:22 +00:00
Stephan Kulow
9a00144267 Accepting request 125757 from Base:System
- Updated to version 3.0.20:
  libgnutls: Corrected bug which prevented the parsing of
  handshake packets spanning multiple records.
  libgnutls: Check key identifiers when checking for an issuer.
  libgnutls: Added gnutls_pubkey_verify_hash2()
  libgnutls: Added gnutls_certificate_set_x509_system_trust()
  that loads the trusted CA certificates from system locations
  (e.g. trusted storage in windows and CA bundle files in other systems).
  certtool: Added support for the URI subject alternative
  name type in certtool.
  certtool: Increase to 128 the maximum number of distinct options
  (e.g. dns_names) allowed.
  gnutls-cli: If --print-cert is given, print the certificate, 
  even on verification failure.
  ** API and ABI modifications:
  gnutls_pk_to_sign: Added
  gnutls_pubkey_verify_hash2: Added
  gnutls_certificate_set_x509_system_trust: Added

OBS-URL: https://build.opensuse.org/request/show/125757
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=50
2012-06-25 11:57:45 +00:00
Stephan Kulow
f6968e4069 Accepting request 122844 from Base:System
- fix build with automake-1.12
  - add: automake-1.12.patch (forwarded request 122744 from puzel)

OBS-URL: https://build.opensuse.org/request/show/122844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=48
2012-05-31 15:04:51 +00:00
Stephan Kulow
39516d919c Accepting request 122231 from Base:System
- backport gnutls_certificate_set_x509_system_trust() from git and
  add support for trust store directories (bnc#761634) (forwarded request 122019 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/122231
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=47
2012-05-25 15:33:18 +00:00
Stephan Kulow
75d3eb044c Accepting request 121683 from Base:System
- add version and release to gnutls-devel provides

OBS-URL: https://build.opensuse.org/request/show/121683
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=46
2012-05-22 08:11:29 +00:00
Stephan Kulow
acd67b372b Accepting request 121624 from Base:System
- let libgnutls-devel also provide gnutls-devel

OBS-URL: https://build.opensuse.org/request/show/121624
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=45
2012-05-21 12:00:42 +00:00
Stephan Kulow
f13278bad7 Accepting request 121255 from Base:System
- Update to version 3.0.19:
  + libgnutls:
    - When decoding a PKCS #11 URL the pin-source field
      is assumed to be a file that stores the pin. Based on patch
      by David Smith.
    - gnutls_record_check_pending() no longer
      returns unprocessed data, and thus ensure the non-blocking
      of the next call to gnutls_record_recv().
    - Added strict tests in Diffie-Hellman and
      SRP key exchange public keys.
    - in ECDSA and DSA TLS 1.2 authentication be less
      strict in hash selection, and allow a stronger hash to
      be used than the appropriate, to improve interoperability
      with openssl.
  + tests:
    - Disabled floating point test, and corrections
      in pkcs12 decoding tests.
  + API and ABI modifications:
    - No changes since last version.
- Changes from version 3.0.18:
  + certtool:
    - Avoid a Y2K38 bug when generating certificates.
      Patch by Robert Millan.
  + libgnutls:
    - Make sure that GNUTLS_E_PREMATURE_TERMINATION
    - is returned on premature termination (and added unit test).
    - Fixes for W64 API. Patch by B. Scott Michel.
    - Corrected VIA padlock detection for old
      VIA processors. Reported by Kris Karas.
    - Updated assembler files.

OBS-URL: https://build.opensuse.org/request/show/121255
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=44
2012-05-21 08:25:22 +00:00
Stephan Kulow
2d16d00bea Accepting request 114560 from Base:System
OBS-URL: https://build.opensuse.org/request/show/114560
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=43
2012-04-20 13:16:38 +00:00
Stephan Kulow
285c3d7e49 Accepting request 106219 from Base:System
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/106219
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=42
2012-02-21 11:38:08 +00:00
Stephan Kulow
3c0ee622a8 Accepting request 94864 from Base:System
Fix licenses (forwarded request 94646 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/94864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=40
2011-12-02 15:25:49 +00:00
Sascha Peilicke
b82f3b94cd Accepting request 88220 from Base:System
Fix bnc#724421. (forwarded request 88217 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/88220
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=38
2011-10-18 12:08:55 +00:00
Lars Vogdt
63568d7d7c Accepting request 87383 from Base:System
- cross-build fix: configure with sysroot (forwarded request 86388 from uli_suse)

OBS-URL: https://build.opensuse.org/request/show/87383
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=37
2011-10-11 15:16:18 +00:00
Sascha Peilicke
d01c14e840 Accepting request 84674 from Base:System
Add patch fixing connection issues with some xmpp servers (forwarded request 84657 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/84674
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=36
2011-09-26 08:05:51 +00:00
Sascha Peilicke
c664795e05 Accepting request 84235 from Base:System
Update to 3.0.3 -- fix some crashes in telepathy (forwarded request 83992 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/84235
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=35
2011-09-22 08:45:50 +00:00
Sascha Peilicke
4141b8843c Accepting request 79999 from Base:System
- update baselibs.conf

OBS-URL: https://build.opensuse.org/request/show/79999
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=33
2011-08-29 14:45:41 +00:00
Sascha Peilicke
ec623dec0c Accepting request 79281 from Base:System
- Update to version 3.0.0. many fixes see NEWS for details This
  changelog only describes important package changes or features.
* Main reason for update is to support Intel AES-NI CPU extensions.
* Bump sonames in the library package accordingly
* C++ apps must now buildrequire libgnutls++-devel
* Software using the openssl emulation must buildrequire 
  libgnutls-openssl-devel or better use openssl directly.
* Upstream no longer uses libgcrypt but libnettle.
* Upstream now requires the use of p11-kit
* Add post-release upstream patches critical for improving AES-NI
  support. (forwarded request 79252 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/79281
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=31
2011-08-24 11:44:12 +00:00