Accepting request 769931 from security:tls

OBS-URL: https://build.opensuse.org/request/show/769931 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=122
2020-02-06 12:07:11 +00:00 · 2020-02-06 12:07:11 +00:00 · 5f3d031265
commit 5f3d031265
parent c72fe657d6 0a5979b677
6 changed files with 51 additions and 5 deletions
--- a/gnutls-3.6.11.1.tar.xz
+++ b/gnutls-3.6.11.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fbba12f3db9a55dbf027e14111755817ec44b57eabec3e8089aac8ac6f533cf8
-size 5902328
--- a/gnutls-3.6.11.1.tar.xz.sig
+++ b/gnutls-3.6.11.1.tar.xz.sig
--- a/gnutls-3.6.12.tar.xz
+++ b/gnutls-3.6.12.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bfacf16e342949ffd977a9232556092c47164bd26e166736cf3459a870506c4b
+size 5942064
--- a/gnutls-3.6.12.tar.xz.sig
+++ b/gnutls-3.6.12.tar.xz.sig
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Tue Feb  4 09:49:44 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- gnutls 3.6.12
+ * libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
+   to identify sessions that client request OCSP status request (#829).
+ * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
+   signature algorithm (RFC 8032) under TLS (#86).
+ * libgnutls: Added the default-priority-string option to system configuration;
+   it allows overriding the compiled-in default-priority-string.
+ * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
+   draft-smyshlyaev-tls12-gost-suites-07).
+   By default this ciphersuite is disabled. It can be enabled by adding
+   +GOST to priority string. In the future this priority string may enable
+   other GOST ciphersuites as well.  Note, that server will fail to negotiate
+   GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
+   is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
+   are enabled on GnuTLS-based servers.
+ * libgnutls: added priority shortcuts for different GOST categories like
+   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
+ * libgnutls: Reject certificates with invalid time fields. That is we reject
+   certificates with invalid characters in Time fields, or invalid time formatting
+   To continue accepting the invalid form compile with --disable-strict-der-time
+ * libgnutls: Reject certificates which contain duplicate extensions. We were
+   previously printing warnings when printing such a certificate, but that is
+   not always sufficient to flag such certificates as invalid. Instead we now
+   refuse to import them (#887).
+ * libgnutls: If a CA is found in the trusted list, check in addition to
+   time validity, whether the algorithms comply to the expected level prior
+   to accepting it. This addresses the problem of accepting CAs which would
+   have been marked as insecure otherwise (#877).
+ * libgnutls: The min-verification-profile from system configuration applies
+   for all certificate verifications, not only under TLS. The configuration can
+   be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.
+ * libgnutls: The stapled OCSP certificate verification adheres to the convention
+   used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.
+ * libgnutls: On client side only send OCSP staples if they have been requested
+   by the server, and on server side always advertise that we support OCSP stapling
+ * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
+   with gnutls_ocsp_req_t but const.
+ * certtool: Added the --verify-profile option to set a certificate
+   verification profile. Use '--verify-profile low' for certificate verification
+   to apply the 'NORMAL' verification profile.
+ * certtool: The add_extension template option is considered even when generating
+   a certificate from a certificate request.
+
 -------------------------------------------------------------------
 Tue Dec  3 19:34:20 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.6.11.1
+Version:        3.6.12
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1-or-later AND GPL-3.0-or-later