From b0904801b359bb29a2ba3a41c612b56e82d83543c2c1ba4751e2b7b1b6cf51a4 Mon Sep 17 00:00:00 2001
From: Stephan Kulow <coolo@suse.com>
Date: Fri, 6 Jun 2014 12:36:14 +0000
Subject: [PATCH] Accepting request 236129 from Base:System

- Version 3.2.15 (released 2014-05-30)

  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
  ** libgnutls: Several memory leaks caused by error conditions were
  fixed. The leaks were identified using valgrind and the Codenomicon
  TLS test suite.
  ** libgnutls: Increased the maximum certificate size buffer
  in the PKCS #11 subsystem.
  ** libgnutls: Check the return code of getpwuid_r() instead of relying
  on the result value. That avoids issue in certain systems, when using
  tofu authentication and the home path cannot be determined. Issue reported
  by Viktor Dukhovni.
  ** gnutls-cli: if dane is requested but not PKIX verification, then
  only do verify the end certificate.
  ** ocsptool: Include path in ocsp request. This resolves #108582
  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
  ** libgnutls: Fixed issue with the check of incoming data when two
  different recv and send pointers have been specified. Reported and
  investigated by JMRecio.
  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
  result to illegal memory access if a server hint was provided.
  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
  server hint was provided.
  ** libgnutls: Several small bug fixes identified using valgrind and
  the Codenomicon TLS test suite.
  ** libgnutls: Several small bug fixes found by coverity.
  ** libgnutls-dane: Accept a certificate using DANE if there is at least one
  entry that matches the certificate. Patch by simon [at] arlott.org.

OBS-URL: https://build.opensuse.org/request/show/236129
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=74
---
 gnutls-3.2.13.tar.xz     |   3 ---
 gnutls-3.2.13.tar.xz.sig | Bin 287 -> 0 bytes
 gnutls-3.2.15.tar.xz     |   3 +++
 gnutls-3.2.15.tar.xz.sig | Bin 0 -> 287 bytes
 gnutls.changes           |  39 +++++++++++++++++++++++++++++++++++++++
 gnutls.spec              |   2 +-
 6 files changed, 43 insertions(+), 4 deletions(-)
 delete mode 100644 gnutls-3.2.13.tar.xz
 delete mode 100644 gnutls-3.2.13.tar.xz.sig
 create mode 100644 gnutls-3.2.15.tar.xz
 create mode 100644 gnutls-3.2.15.tar.xz.sig

diff --git a/gnutls-3.2.13.tar.xz b/gnutls-3.2.13.tar.xz
deleted file mode 100644
index 9656487..0000000
--- a/gnutls-3.2.13.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e83676218ba80c4d577d7027b5b087692280347a9b06f90a452403ba70faa604
-size 5133400
diff --git a/gnutls-3.2.13.tar.xz.sig b/gnutls-3.2.13.tar.xz.sig
deleted file mode 100644
index 790203f3b0774f4a753a82f5f90b64964aec1541265055e60fe6b9b67045a0e9..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 287
zcmV+)0pR|L0UQJX0RjL91p-q;0Hy#62@suLs`ii*xI*-D2me|QDR^ICw5-Q=^H_7J
zkWk?B0r`0>iSOOZA5j~?@qA&rly!XUOPy8AxGvS!B*2UD+v5rKSioBfp^z)){-vQL
zB6HB-#bu37@Q5c2xMC0yjMbZ_rf>`&5zM7_`ntdGo022kilgGNfv%Pl=;PrGAvt~-
z_)CUeJS~KIVaUXy*8GLl<xQIy3i+d^_-oeY>_%yV9X%?jo&ZHupN2|gQqFP%)wm7H
zA$mR5i22mlyWYYPvoa4rOJOQhzlf;}R|;sSwvafsxxGu_S?U6r31CfIzEG#0A%P6|
lY;kCyNCDkQTq#MT(KGw-^$BhTWIV+E4*XJm!k3n*{K)MAjb8u&

diff --git a/gnutls-3.2.15.tar.xz b/gnutls-3.2.15.tar.xz
new file mode 100644
index 0000000..889bae0
--- /dev/null
+++ b/gnutls-3.2.15.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:30bdc7b34b220258f714602cdf0afa1abf0883bf926f35f400c88b1c72ca77b9
+size 5140200
diff --git a/gnutls-3.2.15.tar.xz.sig b/gnutls-3.2.15.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..5c8223d53e42c9d6b64c97bd52b74312c71849da94980455b07c1db59678c4b4
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0RjL91p-ru6E6S?2@suLs`ii*xI%&a2m1v{xCjgQMxT!V*h0IU
zokaMJMXlw=c#Ij|kw6aR**2O{T%f_Myh8Bjrhg2L-*VZqmXxd1lu$$V9pK2(LaTW>
zwP?%#+vYOF_>w^P51iLygZNaW{-UJLf;wu8-)j7<wG@TtHoTkVB>NJw-L5au?w=Ef
zH-`k{@|AY^mnRd-A<R-_0(KcUsEe@=X_3->^#fo!u=<GK6vM%7Gt8xjqjZwUhBfE&
z8xLOpb!-M4fcoOKS!YBHGHQE`qSV<8^4lb?!>dyc03YE*j}(xCFqte|$bGch<%77P
lz)kb>9gCUO7KY;+QD_Z_;P^S7wkG&0cYlX3)7yY?+`7$=lLr6*

literal 0
HcmV?d00001

diff --git a/gnutls.changes b/gnutls.changes
index 18109f8..42a7985 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Tue Jun  3 07:48:04 UTC 2014 - meissner@suse.com
+
+- Version 3.2.15 (released 2014-05-30)
+  
+  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
+  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
+  ** libgnutls: Several memory leaks caused by error conditions were
+  fixed. The leaks were identified using valgrind and the Codenomicon
+  TLS test suite.
+  ** libgnutls: Increased the maximum certificate size buffer
+  in the PKCS #11 subsystem.
+  ** libgnutls: Check the return code of getpwuid_r() instead of relying
+  on the result value. That avoids issue in certain systems, when using
+  tofu authentication and the home path cannot be determined. Issue reported
+  by Viktor Dukhovni.
+  ** gnutls-cli: if dane is requested but not PKIX verification, then
+  only do verify the end certificate.
+  ** ocsptool: Include path in ocsp request. This resolves #108582
+  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
+
+- Version 3.2.14 (released 2014-05-06)
+  ** libgnutls: Fixed issue with the check of incoming data when two
+  different recv and send pointers have been specified. Reported and
+  investigated by JMRecio.
+  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
+  result to illegal memory access if a server hint was provided.
+  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
+  server hint was provided.
+  ** libgnutls: Several small bug fixes identified using valgrind and
+  the Codenomicon TLS test suite.
+  ** libgnutls: Several small bug fixes found by coverity.
+  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
+  entry that matches the certificate. Patch by simon [at] arlott.org.
+  ** configure: Added --with-nettle-mini option, which allows linking
+  with a libnettle that contains gmp.
+  ** certtool: The ECDSA keys generated by default use the SECP256R1 curve
+  which is supported more widely than the previously used SECP224R1.
+
 -------------------------------------------------------------------
 Fri Apr 25 14:08:46 UTC 2014 - citypw@gmail.com
 
diff --git a/gnutls.spec b/gnutls.spec
index 383ef47..636aaad 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:           gnutls
-Version:        3.2.13
+Version:        3.2.15
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+