diff --git a/0001-tests-use-datefudge-in-name-constraints-test.patch b/0001-tests-use-datefudge-in-name-constraints-test.patch new file mode 100644 index 0000000..bd6bc8e --- /dev/null +++ b/0001-tests-use-datefudge-in-name-constraints-test.patch @@ -0,0 +1,28 @@ +From cc22a052f40ba800acde7d81fe0ab91b56e66921 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Wed, 29 Jun 2016 17:25:06 +0200 +Subject: [PATCH] tests: use datefudge in name-constraints test + +This avoids the expiration of the used certificate to affect the test. +--- + tests/cert-tests/name-constraints | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +Index: gnutls-3.4.13/tests/cert-tests/name-constraints +=================================================================== +--- gnutls-3.4.13.orig/tests/cert-tests/name-constraints 2016-06-30 11:11:35.920632613 +0200 ++++ gnutls-3.4.13/tests/cert-tests/name-constraints 2016-06-30 11:13:06.633974903 +0200 +@@ -28,7 +28,12 @@ if ! test -z "${VALGRIND}"; then + fi + TMPFILE=tmp.$$.pem + +-${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem" ++. ${srcdir}/../scripts/common.sh ++ ++check_for_datefudge ++ ++datefudge -s "2016-04-22" \ ++ ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem" + rc=$? + + if test "${rc}" != "0"; then diff --git a/gnutls-3.4.11.tar.xz b/gnutls-3.4.11.tar.xz deleted file mode 100644 index 8510916..0000000 --- a/gnutls-3.4.11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70ef9c9f95822d363036c6e6b5479750e5b7fc34f50e750c3464a98ec65a9ab8 -size 6652224 diff --git a/gnutls-3.4.11.tar.xz.sig b/gnutls-3.4.11.tar.xz.sig deleted file mode 100644 index d93fb9f..0000000 Binary files a/gnutls-3.4.11.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.4.13.tar.xz b/gnutls-3.4.13.tar.xz new file mode 100644 index 0000000..105635b --- /dev/null +++ b/gnutls-3.4.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd3386e8e72725980bcd7f40949aa0121dcb7650b5147c6490e794555ed25859 +size 6670508 diff --git a/gnutls-3.4.13.tar.xz.sig b/gnutls-3.4.13.tar.xz.sig new file mode 100644 index 0000000..01c0acb Binary files /dev/null and b/gnutls-3.4.13.tar.xz.sig differ diff --git a/gnutls.changes b/gnutls.changes index 96ca9a7..0fb14fd 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Thu Jun 30 08:38:05 UTC 2016 - vcizek@suse.com + +- Fix a problem with expired test certificate by using datefudge + (boo#987139) + * add 0001-tests-use-datefudge-in-name-constraints-test.patch + +------------------------------------------------------------------- +Tue Jun 7 05:52:13 UTC 2016 - meissner@suse.com + +- Version 3.4.13 (released 2016-06-06) + * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with + NSS instead of using a separate variable; in addition append any keys to + the file instead of overwriting it. + * libgnutls: use secure_getenv() where available to obtain environment + variables. Addresses GNUTLS-SA-2016-1. +- Version 3.4.12 (released 2016-05-20) + * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This + cipher is prioritized after AES-GCM. + * libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). + * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the + GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that + operation could fail on certain PKCS#11 modules. + * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url() + can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. + * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS + name of the certificates if the provided names are NULL. + * libgnutls: when receiving SNI names, only save and expose to application + the supported DNS names. + * libgnutls: when importing the certificate names at the + gnutls_certificate_set* functions, only consider the CN as a fallback + if DNS names are provided via the alternative name extension. + * gnutls-cli: on OCSP verification do not fail if we have a single valid + reply. Report and reproducer by Thomas Klute. + * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to + log session keys in client side. These session keys are compatible with + the NSS Key Log Format and can be used to decrypt the session for + debugging using wireshark. + ------------------------------------------------------------------- Sat Apr 23 16:58:53 UTC 2016 - sleep_walker@opensuse.org diff --git a/gnutls.spec b/gnutls.spec index 4463a73..35e42b7 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -30,7 +30,7 @@ %bcond_without guile Name: gnutls -Version: 3.4.11 +Version: 3.4.13 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ @@ -41,15 +41,18 @@ Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.x Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig Source2: %name.keyring Source3: baselibs.conf +Patch: 0001-tests-use-datefudge-in-name-constraints-test.patch BuildRequires: autogen BuildRequires: automake +BuildRequires: datefudge BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libidn-devel BuildRequires: libnettle-devel >= 3.1 BuildRequires: libtasn1-devel >= 4.3 BuildRequires: libtool +BuildRequires: net-tools-deprecated %if %{with tpm} BuildRequires: trousers-devel %endif @@ -188,6 +191,7 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme. %prep %setup -q +%patch -p1 %build export LDFLAGS="-pie"