From 556f692995fbef6dbf3dc8495ea974eac469f4ef3ba94b9a8a68696615611ca9 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Wed, 11 Jan 2017 10:57:36 +0000
Subject: [PATCH] Accepting request 449317 from Base:System

- Version 3.5.8 (released 2016-01-09)
  * libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
    functions will not leave the verification profiles field to an
    undefined state. The last call will take precedence.
  * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
    by PKCS#8 decryption functions when an invalid key is provided. This
    addresses regression on decrypting certain PKCS#8 keys.
  * libgnutls: Introduced option to override the default priority string
    used by the library. The intention is to allow support of system-wide
    priority strings (as set with --with-system-priority-file). The
    configure option is --with-default-priority-string.
  * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
    This prevents crashes when decrypting malformed PKCS#8 keys.
  * libgnutls: Fix crash on the loading of malformed private keys with certain
    parameters set to zero.
  * libgnutls: Fix double free in certificate information printing. If the PKIX
    extension proxy was set with a policy language set but no policy specified,
    that could lead to a double free.
  * libgnutls: Addressed memory leaks in client and server side error paths
    (issues found using oss-fuzz project)
  * libgnutls: Addressed memory leaks in X.509 certificate printing error paths
    (issues found using oss-fuzz project)
  * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
    parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
  * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
    (issues found using oss-fuzz project)
- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2

OBS-URL: https://build.opensuse.org/request/show/449317
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=96
---
 gnutls-3.5.7.tar.xz     |   3 ---
 gnutls-3.5.7.tar.xz.sig | Bin 287 -> 0 bytes
 gnutls-3.5.8.tar.xz     |   3 +++
 gnutls-3.5.8.tar.xz.sig | Bin 0 -> 287 bytes
 gnutls.changes          |  31 +++++++++++++++++++++++++++++++
 gnutls.spec             |   4 ++--
 6 files changed, 36 insertions(+), 5 deletions(-)
 delete mode 100644 gnutls-3.5.7.tar.xz
 delete mode 100644 gnutls-3.5.7.tar.xz.sig
 create mode 100644 gnutls-3.5.8.tar.xz
 create mode 100644 gnutls-3.5.8.tar.xz.sig

diff --git a/gnutls-3.5.7.tar.xz b/gnutls-3.5.7.tar.xz
deleted file mode 100644
index 53dc258..0000000
--- a/gnutls-3.5.7.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:60cbfc119e6268cfa38d712621daa473298a0c5b129c0842caec4c1ed4d7861a
-size 7265264
diff --git a/gnutls-3.5.7.tar.xz.sig b/gnutls-3.5.7.tar.xz.sig
deleted file mode 100644
index 48e50f4a294707243deba24dc791dda85cf3c71a8c7e93cb6afed6ee90962371..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 287
zcmV+)0pR|L0UQJX0SEvF1p-(||NQ_82@suLs`ii*xIzfD2mgBs+@DX#i~VM<Pqugk
z%kR3%b8eT=kMP&%(IW9w_I%_tVmJqBV*GKG&ObZnD$M2YiBlrHY8Uj8M;A1{tLn#7
zM{MFu!2D-dI@76-9qtL2yJke#xMmYXtEB$4p{naXgCQ^1kt@J9Dt3f|rC=S{ZgCE@
zC++~SpepEidW)Iy4-J_M)rj&zNP7IWu*N&DO`B`x9yRJV36dZxO)d~V9P0<8N*BA4
zY~{0|%4DEpmCzF-twzzXxCrxm<`Y{>9BZ;wdDa3IU3*`Jv62r=y&R;4%vrcIOZM6Q
lDnn6CputM|Vkd`7j1S7*N?_LAg>VThh3<6tgsN-`*n`RZik$!e

diff --git a/gnutls-3.5.8.tar.xz b/gnutls-3.5.8.tar.xz
new file mode 100644
index 0000000..4b7c9c6
--- /dev/null
+++ b/gnutls-3.5.8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0e97f243ae72b70307d684b84c7fe679385aa7a7a0e37e5be810193dcc17d4ff
+size 7264448
diff --git a/gnutls-3.5.8.tar.xz.sig b/gnutls-3.5.8.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..1b78e439dd46a0c9f6f44865ac7f24eb282e4fff80aedecb9efe831b8ff26fb0
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0SEvF1p-)eL}vgB2@suLs`ii*xI#mk2mpaMah~7aFfeU@6`j<H
zr5U?n1SyQ|9F~HSU7{`SVvnFyY46<yz(9R=JxYw-qx8gP2rDeC!#fewBF~QV2P}#l
z!XBfp#rgJ0*S`Ax$?T=fetIqs*^I~E{wVjP&Nal|ZxNT8VSYN^re(D~2d>EGLr4hC
z8+?<CR2W%)-fm;Yfz+%kTf87mZ5n}|=e_#vQy)(H4&s<|9*@EL^0Wc!){A5PezYGc
z|6HN1G5$FhabmYFvXzY=_H|41GZ#p)x4C~FwX-3?Q7*FpEqjUy_NbeT*#U<W;@9AM
l9bSmyjt2<l8kDP%J1_97cajNj3~@_3V#r}}2Wic_Uq~>si5ma_

literal 0
HcmV?d00001

diff --git a/gnutls.changes b/gnutls.changes
index 24ee85f..d13e020 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,4 +1,35 @@
 -------------------------------------------------------------------
+Mon Jan  9 10:07:19 UTC 2017 - meissner@suse.com
+
+- Version 3.5.8 (released 2016-01-09)
+  * libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
+    functions will not leave the verification profiles field to an
+    undefined state. The last call will take precedence.
+  * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
+    by PKCS#8 decryption functions when an invalid key is provided. This
+    addresses regression on decrypting certain PKCS#8 keys.
+  * libgnutls: Introduced option to override the default priority string
+    used by the library. The intention is to allow support of system-wide
+    priority strings (as set with --with-system-priority-file). The
+    configure option is --with-default-priority-string.
+  * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
+    This prevents crashes when decrypting malformed PKCS#8 keys.
+  * libgnutls: Fix crash on the loading of malformed private keys with certain
+    parameters set to zero.
+  * libgnutls: Fix double free in certificate information printing. If the PKIX
+    extension proxy was set with a policy language set but no policy specified,
+    that could lead to a double free.
+  * libgnutls: Addressed memory leaks in client and server side error paths
+    (issues found using oss-fuzz project)
+  * libgnutls: Addressed memory leaks in X.509 certificate printing error paths
+    (issues found using oss-fuzz project)
+  * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
+    parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
+  * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
+    (issues found using oss-fuzz project)
+
+- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2
+-------------------------------------------------------------------
 Sun Dec 18 16:28:51 UTC 2016 - astieger@suse.com
 
 - GnuTLS 3.5.7, the next stable branch, with the following
diff --git a/gnutls.spec b/gnutls.spec
index 2c40e52..7086447 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
 %define gnutls_dane_sover 0
 %endif
 Name:           gnutls
-Version:        3.5.7
+Version:        3.5.8
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+