Accepting request 236129 from Base:System

- Version 3.2.15 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730) ** libgnutls: Several memory leaks caused by error conditions were fixed. The leaks were identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** gnutls-cli: if dane is requested but not PKIX verification, then only do verify the end certificate. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. - Version 3.2.14 (released 2014-05-06) ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. OBS-URL: https://build.opensuse.org/request/show/236129 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=74
2014-06-06 12:36:14 +00:00 · 2014-06-06 12:36:14 +00:00 · b0904801b3
commit b0904801b3
parent 46f6ba47ef
6 changed files with 43 additions and 4 deletions
--- a/gnutls-3.2.13.tar.xz
+++ b/gnutls-3.2.13.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e83676218ba80c4d577d7027b5b087692280347a9b06f90a452403ba70faa604
-size 5133400
--- a/gnutls-3.2.13.tar.xz.sig
+++ b/gnutls-3.2.13.tar.xz.sig
--- a/gnutls-3.2.15.tar.xz
+++ b/gnutls-3.2.15.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:30bdc7b34b220258f714602cdf0afa1abf0883bf926f35f400c88b1c72ca77b9
+size 5140200
--- a/gnutls-3.2.15.tar.xz.sig
+++ b/gnutls-3.2.15.tar.xz.sig
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Tue Jun  3 07:48:04 UTC 2014 - meissner@suse.com
+
+- Version 3.2.15 (released 2014-05-30)
+  
+  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
+  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
+  ** libgnutls: Several memory leaks caused by error conditions were
+  fixed. The leaks were identified using valgrind and the Codenomicon
+  TLS test suite.
+  ** libgnutls: Increased the maximum certificate size buffer
+  in the PKCS #11 subsystem.
+  ** libgnutls: Check the return code of getpwuid_r() instead of relying
+  on the result value. That avoids issue in certain systems, when using
+  tofu authentication and the home path cannot be determined. Issue reported
+  by Viktor Dukhovni.
+  ** gnutls-cli: if dane is requested but not PKIX verification, then
+  only do verify the end certificate.
+  ** ocsptool: Include path in ocsp request. This resolves #108582
+  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
+
+- Version 3.2.14 (released 2014-05-06)
+  ** libgnutls: Fixed issue with the check of incoming data when two
+  different recv and send pointers have been specified. Reported and
+  investigated by JMRecio.
+  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
+  result to illegal memory access if a server hint was provided.
+  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
+  server hint was provided.
+  ** libgnutls: Several small bug fixes identified using valgrind and
+  the Codenomicon TLS test suite.
+  ** libgnutls: Several small bug fixes found by coverity.
+  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
+  entry that matches the certificate. Patch by simon [at] arlott.org.
+  ** configure: Added --with-nettle-mini option, which allows linking
+  with a libnettle that contains gmp.
+  ** certtool: The ECDSA keys generated by default use the SECP256R1 curve
+  which is supported more widely than the previously used SECP224R1.
+
 -------------------------------------------------------------------
 Fri Apr 25 14:08:46 UTC 2014 - citypw@gmail.com

--- a/gnutls.spec
+++ b/gnutls.spec
@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27

 Name:           gnutls
-Version:        3.2.13
+Version:        3.2.15
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+