forked from pool/gnutls
Accepting request 671140 from security:tls
OBS-URL: https://build.opensuse.org/request/show/671140 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=116
This commit is contained in:
commit
b22fcfb9cb
@ -1,17 +1,17 @@
|
|||||||
diff --git a/tests/Makefile.in b/tests/Makefile.in
|
Index: gnutls-3.6.6/tests/Makefile.in
|
||||||
index 07433e0..4ecd431 100644
|
===================================================================
|
||||||
--- a/tests/Makefile.in
|
--- gnutls-3.6.6.orig/tests/Makefile.in 2019-01-25 08:26:36.000000000 +0100
|
||||||
+++ b/tests/Makefile.in
|
+++ gnutls-3.6.6/tests/Makefile.in 2019-02-04 09:02:38.627539105 +0100
|
||||||
@@ -457,7 +457,7 @@ am__EXEEXT_10 = tls13/supported_versions$(EXEEXT) \
|
@@ -480,7 +480,7 @@ am__EXEEXT_12 = tls13/supported_versions
|
||||||
pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \
|
pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \
|
||||||
x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \
|
x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \
|
||||||
x509sign-verify-gost$(EXEEXT) mini-alignment$(EXEEXT) \
|
x509sign-verify-gost$(EXEEXT) mini-alignment$(EXEEXT) \
|
||||||
- oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \
|
- oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \
|
||||||
+ oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) \
|
+ oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) \
|
||||||
priority-init2$(EXEEXT) status-request$(EXEEXT) \
|
priority-init2$(EXEEXT) post-client-hello-change-prio$(EXEEXT) \
|
||||||
status-request-ok$(EXEEXT) status-request-missing$(EXEEXT) \
|
status-request$(EXEEXT) status-request-ok$(EXEEXT) \
|
||||||
sign-verify-ext$(EXEEXT) fallback-scsv$(EXEEXT) \
|
status-request-missing$(EXEEXT) sign-verify-ext$(EXEEXT) \
|
||||||
@@ -1590,8 +1590,6 @@ privkey_verify_broken_OBJECTS = privkey-verify-broken.$(OBJEXT)
|
@@ -1652,8 +1652,6 @@ privkey_verify_broken_OBJECTS = privkey-
|
||||||
privkey_verify_broken_LDADD = $(LDADD)
|
privkey_verify_broken_LDADD = $(LDADD)
|
||||||
privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \
|
privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \
|
||||||
libutils.la $(am__DEPENDENCIES_2)
|
libutils.la $(am__DEPENDENCIES_2)
|
||||||
@ -20,43 +20,43 @@ index 07433e0..4ecd431 100644
|
|||||||
psk_file_LDADD = $(LDADD)
|
psk_file_LDADD = $(LDADD)
|
||||||
psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \
|
psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \
|
||||||
$(am__DEPENDENCIES_2)
|
$(am__DEPENDENCIES_2)
|
||||||
@@ -2723,7 +2721,7 @@ am__depfiles_remade = ./$(DEPDIR)/alerts.Po \
|
@@ -2841,7 +2839,7 @@ am__depfiles_remade = ./$(DEPDIR)/alerts
|
||||||
./$(DEPDIR)/priority-init2.Po ./$(DEPDIR)/priority-mix.Po \
|
./$(DEPDIR)/priorities.Po ./$(DEPDIR)/priority-init2.Po \
|
||||||
./$(DEPDIR)/priority-set.Po ./$(DEPDIR)/priority-set2.Po \
|
./$(DEPDIR)/priority-mix.Po ./$(DEPDIR)/priority-set.Po \
|
||||||
./$(DEPDIR)/privkey-keygen.Po \
|
./$(DEPDIR)/priority-set2.Po ./$(DEPDIR)/privkey-keygen.Po \
|
||||||
- ./$(DEPDIR)/privkey-verify-broken.Po ./$(DEPDIR)/psk-file.Po \
|
- ./$(DEPDIR)/privkey-verify-broken.Po ./$(DEPDIR)/psk-file.Po \
|
||||||
+ ./$(DEPDIR)/privkey-verify-broken.Po \
|
+ ./$(DEPDIR)/privkey-verify-broken.Po \
|
||||||
./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pubkey-import-export.Po \
|
./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pubkey-import-export.Po \
|
||||||
./$(DEPDIR)/random-art.Po ./$(DEPDIR)/record-pad.Po \
|
./$(DEPDIR)/random-art.Po ./$(DEPDIR)/rawpk-api.Po \
|
||||||
./$(DEPDIR)/record-retvals.Po \
|
./$(DEPDIR)/record-pad.Po ./$(DEPDIR)/record-retvals.Po \
|
||||||
@@ -3021,7 +3019,7 @@ SOURCES = $(libpkcs11mock1_la_SOURCES) $(libutils_la_SOURCES) alerts.c \
|
@@ -3153,7 +3151,7 @@ SOURCES = $(libpkcs11mock1_la_SOURCES) $
|
||||||
pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \
|
post-client-hello-change-prio.c prf.c priorities.c \
|
||||||
prf.c priorities.c priorities-groups.c priority-init2.c \
|
priorities-groups.c priority-init2.c priority-mix.c \
|
||||||
priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \
|
priority-set.c priority-set2.c privkey-keygen.c \
|
||||||
- privkey-verify-broken.c psk-file.c pskself.c \
|
- privkey-verify-broken.c psk-file.c pskself.c \
|
||||||
+ privkey-verify-broken.c pskself.c \
|
+ privkey-verify-broken.c pskself.c \
|
||||||
pubkey-import-export.c random-art.c record-pad.c \
|
pubkey-import-export.c random-art.c rawpk-api.c record-pad.c \
|
||||||
record-retvals.c record-sizes.c record-sizes-range.c \
|
record-retvals.c record-sizes.c record-sizes-range.c \
|
||||||
record-timeouts.c recv-data-before-handshake.c \
|
record-timeouts.c recv-data-before-handshake.c \
|
||||||
@@ -3183,7 +3181,7 @@ DIST_SOURCES = $(am__libpkcs11mock1_la_SOURCES_DIST) \
|
@@ -3323,7 +3321,7 @@ DIST_SOURCES = $(am__libpkcs11mock1_la_S
|
||||||
pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \
|
post-client-hello-change-prio.c prf.c priorities.c \
|
||||||
prf.c priorities.c priorities-groups.c priority-init2.c \
|
priorities-groups.c priority-init2.c priority-mix.c \
|
||||||
priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \
|
priority-set.c priority-set2.c privkey-keygen.c \
|
||||||
- privkey-verify-broken.c psk-file.c pskself.c \
|
- privkey-verify-broken.c psk-file.c pskself.c \
|
||||||
+ privkey-verify-broken.c pskself.c \
|
+ privkey-verify-broken.c pskself.c \
|
||||||
pubkey-import-export.c random-art.c record-pad.c \
|
pubkey-import-export.c random-art.c rawpk-api.c record-pad.c \
|
||||||
record-retvals.c record-sizes.c record-sizes-range.c \
|
record-retvals.c record-sizes.c record-sizes-range.c \
|
||||||
record-timeouts.c recv-data-before-handshake.c \
|
record-timeouts.c recv-data-before-handshake.c \
|
||||||
@@ -4734,7 +4732,7 @@ ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \
|
@@ -4915,7 +4913,7 @@ ctests = tls13/supported_versions tls13/
|
||||||
x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \
|
gnutls_ocsp_resp_list_import2 server-sign-md5-rep \
|
||||||
server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal \
|
privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \
|
||||||
pkcs7-gen dtls-etm x509sign-verify-rsa x509sign-verify-ecdsa \
|
x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \
|
||||||
- x509sign-verify-gost mini-alignment oids atfork prf psk-file \
|
- mini-alignment oids atfork prf psk-file priority-init2 \
|
||||||
+ x509sign-verify-gost mini-alignment oids atfork prf \
|
+ mini-alignment oids atfork prf priority-init2 \
|
||||||
priority-init2 status-request status-request-ok \
|
post-client-hello-change-prio status-request status-request-ok \
|
||||||
status-request-missing sign-verify-ext fallback-scsv \
|
status-request-missing sign-verify-ext fallback-scsv \
|
||||||
pkcs8-key-decode urls dtls-rehandshake-cert key-usage-rsa \
|
pkcs8-key-decode urls dtls-rehandshake-cert key-usage-rsa \
|
||||||
@@ -5872,10 +5870,6 @@ privkey-verify-broken$(EXEEXT): $(privkey_verify_broken_OBJECTS) $(privkey_verif
|
@@ -6099,10 +6097,6 @@ privkey-verify-broken$(EXEEXT): $(privke
|
||||||
@rm -f privkey-verify-broken$(EXEEXT)
|
@rm -f privkey-verify-broken$(EXEEXT)
|
||||||
$(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS)
|
$(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS)
|
||||||
|
|
||||||
@ -67,7 +67,7 @@ index 07433e0..4ecd431 100644
|
|||||||
pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES)
|
pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES)
|
||||||
@rm -f pskself$(EXEEXT)
|
@rm -f pskself$(EXEEXT)
|
||||||
$(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS)
|
$(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS)
|
||||||
@@ -6862,7 +6856,6 @@ distclean-compile:
|
@@ -7133,7 +7127,6 @@ distclean-compile:
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker
|
||||||
@ -75,7 +75,7 @@ index 07433e0..4ecd431 100644
|
|||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker
|
||||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker
|
||||||
@@ -8913,13 +8906,6 @@ prf.log: prf$(EXEEXT)
|
@@ -9258,13 +9251,6 @@ prf.log: prf$(EXEEXT)
|
||||||
--log-file $$b.log --trs-file $$b.trs \
|
--log-file $$b.log --trs-file $$b.trs \
|
||||||
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
|
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
|
||||||
"$$tst" $(AM_TESTS_FD_REDIRECT)
|
"$$tst" $(AM_TESTS_FD_REDIRECT)
|
||||||
@ -89,7 +89,7 @@ index 07433e0..4ecd431 100644
|
|||||||
priority-init2.log: priority-init2$(EXEEXT)
|
priority-init2.log: priority-init2$(EXEEXT)
|
||||||
@p='priority-init2$(EXEEXT)'; \
|
@p='priority-init2$(EXEEXT)'; \
|
||||||
b='priority-init2'; \
|
b='priority-init2'; \
|
||||||
@@ -10883,7 +10869,6 @@ distclean: distclean-recursive
|
@@ -11316,7 +11302,6 @@ distclean: distclean-recursive
|
||||||
-rm -f ./$(DEPDIR)/priority-set2.Po
|
-rm -f ./$(DEPDIR)/priority-set2.Po
|
||||||
-rm -f ./$(DEPDIR)/privkey-keygen.Po
|
-rm -f ./$(DEPDIR)/privkey-keygen.Po
|
||||||
-rm -f ./$(DEPDIR)/privkey-verify-broken.Po
|
-rm -f ./$(DEPDIR)/privkey-verify-broken.Po
|
||||||
@ -97,7 +97,7 @@ index 07433e0..4ecd431 100644
|
|||||||
-rm -f ./$(DEPDIR)/pskself.Po
|
-rm -f ./$(DEPDIR)/pskself.Po
|
||||||
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
|
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
|
||||||
-rm -f ./$(DEPDIR)/random-art.Po
|
-rm -f ./$(DEPDIR)/random-art.Po
|
||||||
@@ -11318,7 +11303,6 @@ maintainer-clean: maintainer-clean-recursive
|
@@ -11766,7 +11751,6 @@ maintainer-clean: maintainer-clean-recur
|
||||||
-rm -f ./$(DEPDIR)/priority-set2.Po
|
-rm -f ./$(DEPDIR)/priority-set2.Po
|
||||||
-rm -f ./$(DEPDIR)/privkey-keygen.Po
|
-rm -f ./$(DEPDIR)/privkey-keygen.Po
|
||||||
-rm -f ./$(DEPDIR)/privkey-verify-broken.Po
|
-rm -f ./$(DEPDIR)/privkey-verify-broken.Po
|
||||||
@ -105,15 +105,3 @@ index 07433e0..4ecd431 100644
|
|||||||
-rm -f ./$(DEPDIR)/pskself.Po
|
-rm -f ./$(DEPDIR)/pskself.Po
|
||||||
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
|
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
|
||||||
-rm -f ./$(DEPDIR)/random-art.Po
|
-rm -f ./$(DEPDIR)/random-art.Po
|
||||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
|
||||||
--- a/tests/Makefile.am 2018-11-21 16:31:27.871806950 +0100
|
|
||||||
+++ b/tests/Makefile.am 2018-11-21 16:31:47.952191845 +0100
|
|
||||||
@@ -167,7 +167,7 @@
|
|
||||||
tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \
|
|
||||||
server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \
|
|
||||||
x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \
|
|
||||||
- mini-alignment oids atfork prf psk-file priority-init2 \
|
|
||||||
+ mini-alignment oids atfork prf priority-init2 \
|
|
||||||
status-request status-request-ok status-request-missing sign-verify-ext \
|
|
||||||
fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \
|
|
||||||
key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \
|
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
Index: gnutls-3.6.3/tests/Makefile.am
|
Index: gnutls-3.6.5/tests/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- gnutls-3.6.3.orig/tests/Makefile.am
|
--- gnutls-3.6.5.orig/tests/Makefile.am 2019-01-04 14:11:28.196622546 +0100
|
||||||
+++ gnutls-3.6.3/tests/Makefile.am
|
+++ gnutls-3.6.5/tests/Makefile.am 2019-01-04 14:11:29.080627637 +0100
|
||||||
@@ -406,7 +406,7 @@ if !WINDOWS
|
@@ -445,7 +445,7 @@ if !WINDOWS
|
||||||
# List of tests not available/functional under windows
|
# List of tests not available/functional under windows
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -11,20 +11,20 @@ Index: gnutls-3.6.3/tests/Makefile.am
|
|||||||
|
|
||||||
indirect_tests += dtls-stress
|
indirect_tests += dtls-stress
|
||||||
|
|
||||||
Index: gnutls-3.6.3/tests/Makefile.in
|
Index: gnutls-3.6.5/tests/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- gnutls-3.6.3.orig/tests/Makefile.in
|
--- gnutls-3.6.5.orig/tests/Makefile.in 2019-01-04 14:11:28.200622568 +0100
|
||||||
+++ gnutls-3.6.3/tests/Makefile.in
|
+++ gnutls-3.6.5/tests/Makefile.in 2019-01-04 14:11:44.352715599 +0100
|
||||||
@@ -161,7 +161,7 @@ host_triplet = @host@
|
@@ -164,7 +164,7 @@ host_triplet = @host@
|
||||||
#
|
#
|
||||||
# List of tests not available/functional under windows
|
# List of tests not available/functional under windows
|
||||||
#
|
#
|
||||||
-@WINDOWS_FALSE@am__append_12 = dtls/dtls dtls/dtls-resume fastopen.sh \
|
-@WINDOWS_FALSE@am__append_13 = dtls/dtls dtls/dtls-resume fastopen.sh \
|
||||||
+@WINDOWS_FALSE@am__append_12 = dtls/dtls fastopen.sh \
|
+@WINDOWS_FALSE@am__append_13 = dtls/dtls fastopen.sh \
|
||||||
@WINDOWS_FALSE@ pkgconfig.sh starttls.sh starttls-ftp.sh \
|
@WINDOWS_FALSE@ pkgconfig.sh starttls.sh starttls-ftp.sh \
|
||||||
@WINDOWS_FALSE@ starttls-smtp.sh starttls-lmtp.sh \
|
@WINDOWS_FALSE@ starttls-smtp.sh starttls-lmtp.sh \
|
||||||
@WINDOWS_FALSE@ starttls-pop3.sh starttls-nntp.sh \
|
@WINDOWS_FALSE@ starttls-pop3.sh starttls-nntp.sh \
|
||||||
@@ -2507,7 +2507,7 @@ x509sign_verify_rsa_DEPENDENCIES = $(COM
|
@@ -2663,7 +2663,7 @@ x509sign_verify_rsa_DEPENDENCIES = $(COM
|
||||||
$(am__DEPENDENCIES_2)
|
$(am__DEPENDENCIES_2)
|
||||||
am__dist_check_SCRIPTS_DIST = rfc2253-escape-test \
|
am__dist_check_SCRIPTS_DIST = rfc2253-escape-test \
|
||||||
rsa-md5-collision/rsa-md5-collision.sh systemkey.sh dtls/dtls \
|
rsa-md5-collision/rsa-md5-collision.sh systemkey.sh dtls/dtls \
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c663a792fbc84349c27c36059181f2ca86c9442e75ee8b0ad72f5f9b35deab3a
|
|
||||||
size 8076364
|
|
Binary file not shown.
3
gnutls-3.6.6.tar.xz
Normal file
3
gnutls-3.6.6.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:bb9acab8af2ac430edf45faaaa4ed2c51f86e57cb57689be6701aceef4732ca7
|
||||||
|
size 8257612
|
BIN
gnutls-3.6.6.tar.xz.sig
Normal file
BIN
gnutls-3.6.6.tar.xz.sig
Normal file
Binary file not shown.
@ -1,22 +0,0 @@
|
|||||||
--- gnutls-3.6.4/aclocal.m4.orig 2018-10-16 17:52:16.972960988 +0200
|
|
||||||
+++ gnutls-3.6.4/aclocal.m4 2018-10-16 17:52:32.797099492 +0200
|
|
||||||
@@ -162,7 +162,7 @@
|
|
||||||
#
|
|
||||||
AC_DEFUN([GUILE_PKG],
|
|
||||||
[PKG_PROG_PKG_CONFIG
|
|
||||||
- _guile_versions_to_search="m4_default([$1], [2.0 1.8])"
|
|
||||||
+ _guile_versions_to_search="m4_default([$1], [2.2 2.0 1.8])"
|
|
||||||
if test -n "$GUILE_EFFECTIVE_VERSION"; then
|
|
||||||
_guile_tmp=""
|
|
||||||
for v in $_guile_versions_to_search; do
|
|
||||||
--- gnutls-3.6.4/configure.orig 2018-10-16 18:00:13.661141247 +0200
|
|
||||||
+++ gnutls-3.6.4/configure 2018-10-16 18:00:29.857283556 +0200
|
|
||||||
@@ -62704,7 +62704,7 @@
|
|
||||||
PKG_CONFIG=""
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
- _guile_versions_to_search="2.0 1.8"
|
|
||||||
+ _guile_versions_to_search="2.2 2.0 1.8"
|
|
||||||
if test -n "$GUILE_EFFECTIVE_VERSION"; then
|
|
||||||
_guile_tmp=""
|
|
||||||
for v in $_guile_versions_to_search; do
|
|
@ -1,3 +1,69 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 4 12:41:43 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
- Update to 3.6.6
|
||||||
|
** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
|
||||||
|
on the public key (#640).
|
||||||
|
** libgnutls: Added support for raw public-key authentication as defined in RFC7250.
|
||||||
|
Raw public-keys can be negotiated by enabling the corresponding certificate
|
||||||
|
types via the priority strings. The raw public-key mechanism must be explicitly
|
||||||
|
enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
|
||||||
|
** libgnutls: When on server or client side we are sending no extensions we do
|
||||||
|
not set an empty extensions field but we rather remove that field competely.
|
||||||
|
This solves a regression since 3.5.x and improves compatibility of the server
|
||||||
|
side with certain clients.
|
||||||
|
** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
|
||||||
|
the CKA_SIGN is not set (#667).
|
||||||
|
** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
|
||||||
|
disable extensions at all cases, while providing a functional session. This
|
||||||
|
also implies that when specified, TLS1.3 is disabled.
|
||||||
|
** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
|
||||||
|
The previous definition was non-functional (#609).
|
||||||
|
- drop no longer needed gnutls-enbale-guile-2.2.patch
|
||||||
|
- refresh disable-psk-file-test.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 2 13:36:26 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||||
|
|
||||||
|
- Update to 3.6.5
|
||||||
|
** libgnutls: Provide the option of transparent re-handshake/reauthentication
|
||||||
|
when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
|
||||||
|
** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
|
||||||
|
** libgnutls: The priority functions will ignore and not enable TLS1.3 if
|
||||||
|
requested with legacy TLS versions enabled but not TLS1.2. That is because
|
||||||
|
if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
|
||||||
|
servers which do not support TLS1.3 will negotiate TLS1.2 which will be
|
||||||
|
rejected by the client as disabled (#621).
|
||||||
|
** libgnutls: Change RSA decryption to use a new side-channel silent function.
|
||||||
|
This addresses a security issue where memory access patterns as well as timing
|
||||||
|
on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
|
||||||
|
attacks. Side-channel resistant code is slower due to the need to mask
|
||||||
|
access and timings. When used in TLS the new functions cause RSA based
|
||||||
|
handshakes to be between 13% and 28% slower on average (Numbers are indicative,
|
||||||
|
the tests where performed on a relatively modern Intel CPU, results vary
|
||||||
|
depending on the CPU and architecture used). This change makes nettle 3.4.1
|
||||||
|
the minimum requirement of gnutls (#630). [CVSS: medium]
|
||||||
|
** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
|
||||||
|
in the priority string. It is only accepted as legacy option and is ignored.
|
||||||
|
** libgnutls: Added support for EdDSA under PKCS#11 (#417)
|
||||||
|
** libgnutls: Added support for AES-CFB8 cipher (#357)
|
||||||
|
** libgnutls: Added support for AES-CMAC MAC (#351)
|
||||||
|
** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
|
||||||
|
have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
|
||||||
|
S-BOXes). They are fixed now.
|
||||||
|
** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
|
||||||
|
keys parsing, as specified in R 50.1.112-2016.
|
||||||
|
** gnutls-serv: It applies the default settings when no --priority option is given,
|
||||||
|
using gnutls_set_default_priority().
|
||||||
|
** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
|
||||||
|
option (#561)
|
||||||
|
** certtool: Add parameter --no-text that prevents certtool from outputting
|
||||||
|
text before PEM-encoded private key, public key, certificate, CRL or CSR.
|
||||||
|
- minimum required libnettle is now 3.4.1
|
||||||
|
- refresh
|
||||||
|
* disable-psk-file-test.patch
|
||||||
|
* gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 27 13:46:27 UTC 2018 - jbrielmaier@suse.de
|
Tue Nov 27 13:46:27 UTC 2018 - jbrielmaier@suse.de
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package gnutls
|
# spec file for package gnutls
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -29,7 +29,7 @@
|
|||||||
%bcond_with tpm
|
%bcond_with tpm
|
||||||
%bcond_without guile
|
%bcond_without guile
|
||||||
Name: gnutls
|
Name: gnutls
|
||||||
Version: 3.6.4
|
Version: 3.6.6
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The GNU Transport Layer Security Library
|
Summary: The GNU Transport Layer Security Library
|
||||||
License: LGPL-2.1-or-later AND GPL-3.0-or-later
|
License: LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||||
@ -42,8 +42,6 @@ Source3: baselibs.conf
|
|||||||
Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
|
Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
|
||||||
Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
|
Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
|
||||||
Patch3: disable-psk-file-test.patch
|
Patch3: disable-psk-file-test.patch
|
||||||
# Search for guile-2.2, which is supported since 3.5.5
|
|
||||||
Patch4: gnutls-enbale-guile-2.2.patch
|
|
||||||
BuildRequires: autogen
|
BuildRequires: autogen
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: datefudge
|
BuildRequires: datefudge
|
||||||
@ -53,7 +51,7 @@ BuildRequires: pkgconfig(autoopts)
|
|||||||
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
|
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
|
||||||
BuildRequires: iproute2
|
BuildRequires: iproute2
|
||||||
BuildRequires: libidn2-devel
|
BuildRequires: libidn2-devel
|
||||||
BuildRequires: libnettle-devel >= 3.1
|
BuildRequires: libnettle-devel >= 3.4.1
|
||||||
BuildRequires: libtasn1-devel >= 4.9
|
BuildRequires: libtasn1-devel >= 4.9
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: libunistring-devel
|
BuildRequires: libunistring-devel
|
||||||
@ -163,7 +161,6 @@ GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
|
|||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
|
||||||
# dtls-resume test fails on PPC
|
# dtls-resume test fails on PPC
|
||||||
%ifarch ppc64 ppc64le ppc
|
%ifarch ppc64 ppc64le ppc
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user