SHA256
1
0
forked from pool/gnutls

Accepting request 978448 from home:AndreasStieger:branches:security:tls

guntls 3.7.5

OBS-URL: https://build.opensuse.org/request/show/978448
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=65
This commit is contained in:
Marcus Meissner 2022-05-22 09:11:15 +00:00 committed by Git OBS Bridge
parent 842d56dac4
commit f5c5f4b0a0
7 changed files with 41 additions and 20 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f
size 6131772

Binary file not shown.

3
gnutls-3.7.5.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad
size 6321392

BIN
gnutls-3.7.5.tar.xz.sig Normal file

Binary file not shown.

View File

@ -1,10 +1,10 @@
Index: gnutls-3.7.3/lib/crypto-selftests.c
Index: gnutls-3.7.5/lib/crypto-selftests.c
===================================================================
--- gnutls-3.7.3.orig/lib/crypto-selftests.c
+++ gnutls-3.7.3/lib/crypto-selftests.c
@@ -3112,6 +3112,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh
"\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
"\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
--- gnutls-3.7.5.orig/lib/crypto-selftests.c
+++ gnutls-3.7.5/lib/crypto-selftests.c
@@ -3123,6 +3123,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh
"\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f"
"\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"),
},
+ /* Test vector extracted from https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
+ {

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Sat May 21 17:50:57 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 3.7.5:
* add options disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy
* For TLS 1.3 where session tickets do provide forward secrecy,
the PFS priority string now only disables session tickets in
TLS 1.2.
* Future backward incompatibility: in the next major release of
GnuTLS those flag and modifier are planned to be removed
* gnutls-cli, gnutls-serv: Channel binding for printing
information has been changed from tls-unique to tls-exporter
as tls-unique is not supported in TLS 1.3.
* Certificate sanity checks has been enhanced to make gnutls
more RFC 5280 compliant:
* Removed 3DES from FIPS approved algorithms
* Optimized support for AES-SIV-CMAC algorithms
* libgnutls: HKDF and AES-GCM algorithms are now approved in
FIPS-140 mode when used in TLS
-------------------------------------------------------------------
Wed May 11 09:19:52 UTC 2022 - Marcus Meissner <meissner@suse.com>

View File

@ -36,7 +36,7 @@
%bcond_with tpm
%bcond_without guile
Name: gnutls
Version: 3.7.4
Version: 3.7.5
Release: 0
Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later
@ -159,7 +159,6 @@ Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: gnutls = %{version}
Requires: libgnutls%{gnutls_sover} = %{version}
Requires(pre): %{install_info_prereq}
Provides: gnutls-devel = %{version}-%{release}
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
Requires: crypto-policies
@ -186,7 +185,6 @@ Group: Development/Libraries/C and C++
Requires: libgnutls-devel = %{version}
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
Requires: libstdc++-devel
Requires(pre): %{install_info_prereq}
%description -n libgnutlsxx-devel
Files needed for software development using gnutls.
@ -241,7 +239,7 @@ export CXXFLAGS="%{optflags} -fPIE"
--with-fips140-module-name="GnuTLS version" \
--with-fips140-module-version="%{version}-%{release}" \
%{nil}
make %{?_smp_mflags}
%make_build
%install
%make_install
@ -268,7 +266,7 @@ rm -rf %{buildroot}%{_datadir}/doc/gnutls
%check
%if ! 0%{?qemu_user_space_build}
make %{?_smp_mflags} check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
%make_build check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
find -name test-suite.log -print -exec cat {} +
exit 1
}
@ -290,12 +288,6 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%post -n libgnutls-devel
%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
%preun -n libgnutls-devel
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
%files -f libgnutls.lang
%license LICENSE
%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
@ -316,20 +308,25 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%{_mandir}/man1/*
%files -n libgnutls%{gnutls_sover}
%license LICENSE
%{_libdir}/libgnutls.so.%{gnutls_sover}*
%files -n libgnutls%{gnutls_sover}-hmac
%license LICENSE
%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
%if %{with dane}
%files -n libgnutls-dane%{gnutls_dane_sover}
%license LICENSE
%{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}*
%endif
%files -n libgnutlsxx%{gnutlsxx_sover}
%license LICENSE
%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}*
%files -n libgnutls-devel
%license LICENSE
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/abstract.h
%{_includedir}/%{name}/crypto.h
@ -356,6 +353,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%if %{with dane}
%files -n libgnutls-dane-devel
%license LICENSE
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/dane.h
%{_libdir}/pkgconfig/gnutls-dane.pc
@ -363,12 +361,14 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
%endif
%files -n libgnutlsxx-devel
%license LICENSE
%{_libdir}/libgnutlsxx.so
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/gnutlsxx.h
%if %{with guile}
%files guile
%license LICENSE
%{_libdir}/guile/*
%{_datadir}/guile/gnutls*
%endif