Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2012-05-21 10:25:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2012-04-20 15:16:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2012-05-21 10:25:25.000000000 +0200 @@ -1,0 +2,369 @@ +Sun May 13 02:44:30 UTC 2012 - [email protected] + +- Update to version 3.0.19: + + libgnutls: + - When decoding a PKCS #11 URL the pin-source field + is assumed to be a file that stores the pin. Based on patch + by David Smith. + - gnutls_record_check_pending() no longer + returns unprocessed data, and thus ensure the non-blocking + of the next call to gnutls_record_recv(). + - Added strict tests in Diffie-Hellman and + SRP key exchange public keys. + - in ECDSA and DSA TLS 1.2 authentication be less + strict in hash selection, and allow a stronger hash to + be used than the appropriate, to improve interoperability + with openssl. + + tests: + - Disabled floating point test, and corrections + in pkcs12 decoding tests. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.18: + + certtool: + - Avoid a Y2K38 bug when generating certificates. + Patch by Robert Millan. + + libgnutls: + - Make sure that GNUTLS_E_PREMATURE_TERMINATION + - is returned on premature termination (and added unit test). + - Fixes for W64 API. Patch by B. Scott Michel. + - Corrected VIA padlock detection for old + VIA processors. Reported by Kris Karas. + - Updated assembler files. + - Time in generated certificates is stored + as GeneralizedTime instead of UTCTime (which only stores + 2 digits of a year). + + minitasn1: + - Upgraded to libtasn1 version 2.13 (pre-release). + + API and ABI modifications: + - gnutls_x509_crt_set_private_key_usage_period: Added + - gnutls_x509_crt_get_private_key_usage_period: Added + - gnutls_x509_crq_set_private_key_usage_period: Added + - gnutls_x509_crq_get_private_key_usage_period: Added + - gnutls_session_get_random: Added +- Changes from version 3.0.17: + + command line apps: + - Always link with local libopts. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.16: + + minitasn1: + - Upgraded to libtasn1 version 2.12 (pre-release). + + libgnutls: + - Corrected SRP-RSA ciphersuites when used under TLS 1.2. + - included assembler files for MacOSX. + + p11tool: + - Small fixes in handling of the --private command + line option. + + certtool: + - The template option allows for setting the domain + component (DC) option of the distinguished name, and the ocsp_uri + as well as the ca_issuers_uri options. + + API and ABI modifications: + - gnutls_x509_crt_set_authority_info_access: Added +- Changes from version 3.0.15: + + test suite: + - Only run under valgrind in the development + system (the full git repository) + + command line apps: + - Link with local libopts if the installed is an old one. + + libgnutls: + - Eliminate double free during SRP + authentication. Reported by Peter Penzov. + - Corrections in record packet parsing. + Reported by Matthew Hall. + - Cryptodev updates and fixes. + - Corrected issue with select() that affected + FreeBSD. This prevented establishing DTLS sessions. + Reported by Andreas Metzler. + - Corrected rehandshake and resumption + operations in DTLS. Reported by Sean Buckheister. + - PKCS #11 objects that do not have ID + no longer crash listing. Reported by Sven Geggus. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.14: + + command line apps: + - Included libopts doesn't get installed by default. + + libgnutls: + - Eliminate double free on wrongly formatted + certificate list. Reported by Remi Gacogne. + - cryptodev code corrected, updated to account + for hashes and GCM mode. + Eliminated memory leak in PCKS #11 initialization. + Report and fix by Sam Varshavchik. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.13: + + gnutls-cli: + - added the --ocsp option which will verify + the peer's certificate with OCSP. + - added the --tofu and if specified, gnutls-cli + will use an ssh-style authentication method. + - if no --x509cafile is provided a default is + assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. + + ocsptool: + - Added --ask parameter, to verify a certificate's + status from an ocsp server. + + command line apps: + - Use gnu autogen (libopts) to parse command + line arguments and template files. + + tests: + - Added stress test for DTLS packet losses and + out-of-order receival. Contributed by Sean Buckheister. + + libgnutls: + - Several updates and corrections in the DTLS + DTLS lost packet handling and retransmission timeouts. + Report and patches by Sean Buckheister. + - Added new functions to easily allow the usage of + a trust on first use (SSH-style) authentication. + - SUITEB128 and SUITEB192 priority strings account + for the RFC6460 requirements. + - Added new security parameter GNUTLS_SEC_PARAM_LEGACY + to account for security level of 96-bits. + - In client side if server does not advertise any + known CAs and only a single certificate is set in the credentials, + sent that one. + - Added functions to parse authority key identifiers + when stored as a 'general name' and serial combo. + - Added function to force explicit reinitialization + of PKCS #11 modules. This is required on the child process after + a fork (if PKCS #11 functionality is desirable). + - Depend on p11-kit 0.11. + + API and ABI modifications: + - gnutls_dtls_get_timeout: Added + - gnutls_verify_stored_pubkey: Added + - gnutls_store_pubkey: Added + - gnutls_store_commitment: Added + - gnutls_x509_crt_get_authority_key_gn_serial: Added + - gnutls_x509_crl_get_authority_key_gn_serial: Added + - gnutls_pkcs11_reinit: Added + - gnutls_ecc_curve_list: Added + - gnutls_priority_certificate_type_list: Added + - gnutls_priority_sign_list: Added + - gnutls_priority_protocol_list: Added + - gnutls_priority_compression_list: Added + - gnutls_priority_ecc_curve_list: Added + - gnutls_tdb_init: Added + - gnutls_tdb_set_store_func: Added + - gnutls_tdb_set_store_commitment_func: Added + - gnutls_tdb_set_verify_func: Added + - gnutls_tdb_deinit: Added +- Changes from version 3.0.12: + + libgnutls: + - Added OCSP support. + There is a new header file gnutls/ocsp.h and a set of new functions + under the gnutls_ocsp namespace. Currently the functionality provided + is to parse and extract information from OCSP requests/responses, to + generate OCSP requests and to verify OCSP responses. See the manual + for more information. Run ./configure with --disable-ocsp to build + GnuTLS without OCSP support. + This work was sponsored by Smoothwall <http://smoothwall.net/>. + + ocsptool: + - Added new command line tool. + The tool can parse OCSP request/responses, generate OCSP requests and + verify OCSP responses. See the manual for more information. + + certtool: + - --outder option now works for private + and public keys as well. + + libgnutls: + - Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET + to warn when no or insufficient priorities were set. + - Corrected an alignment issue in ECDH + key generation which prevented some keys from being + correctly aligned in rare circumstances. + - Corrected memory leaks in DH parameter + generation and ecc_projective_check_point(). + - Added gnutls_x509_dn_oid_name() to + return a descriptive name of a DN OID. + + API and ABI modifications: + - gnutls_pubkey_encrypt_data: Added + - gnutls_x509_dn_oid_name: Added + - gnutls_session_resumption_requested: Added + - gnutls/ocsp.h: Added new header file. + - gnutls_ocsp_print_formats_t: Added new type. + - gnutls_ocsp_resp_status_t: Added new type. + - gnutls_ocsp_cert_status_t: Added new type. + - gnutls_x509_crl_reason_t: Added new type. + - gnutls_ocsp_req_add_cert: Added. + - gnutls_ocsp_req_add_cert_id: Added. + - gnutls_ocsp_req_deinit: Added. + - gnutls_ocsp_req_export: Added. + - gnutls_ocsp_req_get_cert_id: Added. + - gnutls_ocsp_req_get_extension: Added. + - gnutls_ocsp_req_get_nonce: Added. + - gnutls_ocsp_req_get_version: Added. + - gnutls_ocsp_req_import: Added. + - gnutls_ocsp_req_init: Added. ++++ 172 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/gnutls/gnutls.changes ++++ and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes Old: ---- CVE-2011-4128.patch CVE-2012-0390.patch CVE-2012-1569.patch CVE-2012-1573.patch gnutls-3.0.3.tar.xz gnutls-fix-compression.patch gnutls-fix-crash-on-strcat.patch New: ---- gnutls-3.0.19.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.LN4kIs/_old 2012-05-21 10:25:30.000000000 +0200 +++ /var/tmp/diff_new_pack.LN4kIs/_new 2012-05-21 10:25:30.000000000 +0200 @@ -19,31 +19,22 @@ %define gnutls_sover 28 %define gnutlsxx_sover 28 %define gnutls_ossl_sover 27 -%define gnutls_extra_sover 28 Name: gnutls -Version: 3.0.3 -Release: 1 -License: LGPL-3.0+ ; GPL-3.0+ +Version: 3.0.19 +Release: 0 Summary: The GNU Transport Layer Security Library -Url: http://www.gnutls.org/ +License: LGPL-3.0+ ; GPL-3.0+ Group: Productivity/Networking/Security -Source0: %{name}-%{version}.tar.xz +Url: http://www.gnutls.org/ +Source0: http://ftp.gnu.org/gnu/gnutls/%{name}-%{version}.tar.xz Source1: baselibs.conf -# PATCH-FIX-UPSTREAM gnutls-fix-compression.patch [email protected] -- Taken from git, fix decompression/compression -Patch0: gnutls-fix-compression.patch -# PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 [email protected] -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17 -Patch1: gnutls-fix-crash-on-strcat.patch -Patch2: CVE-2011-4128.patch -Patch3: CVE-2012-0390.patch -Patch4: CVE-2012-1569.patch -Patch5: CVE-2012-1573.patch BuildRequires: automake BuildRequires: gcc-c++ -BuildRequires: libnettle-devel >= 2.2 -BuildRequires: p11-kit-devel BuildRequires: libidn-devel +BuildRequires: libnettle-devel >= 2.2 BuildRequires: libtasn1-devel +BuildRequires: p11-kit-devel >= 0.11 BuildRequires: pkg-config BuildRequires: xz BuildRequires: zlib-devel @@ -59,8 +50,8 @@ implements the proposed standards of the IETF's TLS working group. %package -n libgnutls%{gnutls_sover} -License: LGPL-3.0+ Summary: The GNU Transport Layer Security Library +License: LGPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls%{gnutls_sover} @@ -69,8 +60,8 @@ implements the proposed standards of the IETF's TLS working group. %package -n libgnutlsxx%{gnutlsxx_sover} -License: LGPL-3.0+ Summary: The GNU Transport Layer Security Library +License: LGPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutlsxx%{gnutlsxx_sover} @@ -79,20 +70,9 @@ implements the proposed standards of the IETF's TLS working group. -%package -n libgnutls-extra%{gnutls_extra_sover} -License: GPL-3.0+ -Summary: The GNU Transport Layer Security Library -Group: Productivity/Networking/Security - -%description -n libgnutls-extra%{gnutls_extra_sover} -The GnuTLS project aims to develop a library that provides a secure -layer over a reliable transport layer. Currently the GnuTLS library -implements the proposed standards of the IETF's TLS working group. - - %package -n libgnutls-openssl%{gnutls_ossl_sover} -License: GPL-3.0+ Summary: The GNU Transport Layer Security Library +License: GPL-3.0+ Group: Productivity/Networking/Security %description -n libgnutls-openssl%{gnutls_ossl_sover} @@ -102,8 +82,8 @@ %package -n libgnutls-devel -License: LGPL-3.0+ Summary: Development package for gnutls +License: LGPL-3.0+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq Requires: glibc-devel @@ -113,12 +93,12 @@ Files needed for software development using gnutls. %package -n libgnutlsxx-devel -License: LGPL-3.0+ Summary: Development package for gnutls +License: LGPL-3.0+ Group: Development/Libraries/C and C++ PreReq: %install_info_prereq -Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libgnutls-devel = %{version} +Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel %description -n libgnutlsxx-devel @@ -126,44 +106,19 @@ %package -n libgnutls-openssl-devel -License: GPL-3.0+ Summary: Development package for gnutls +License: GPL-3.0+ Group: Development/Libraries/C and C++ -Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} Requires: libgnutls-devel = %{version} +Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} %description -n libgnutls-openssl-devel Files needed for software development using gnutls. -%package -n libgnutls-extra-devel -License: GPL-3.0+ -Summary: The GNU Transport Layer Security Library -Group: Development/Libraries/C and C++ -Requires: libgnutls-devel = %{version} -Requires: libgnutls-extra%{gnutls_extra_sover} = %{version} -# gnutls-devel last used in 10.3 -Obsoletes: gnutls-devel < %{version} -Provides: gnutls-devel = %{version} -# bug437293 -%ifarch ppc64 -Obsoletes: gnutls-devel-64bit -%endif -# - -%description -n libgnutls-extra-devel -The GnuTLS project aims to develop a library that provides a secure -layer over a reliable transport layer. Currently the GnuTLS library -implements the proposed standards of the IETF's TLS working group. - %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 +echo %{_includedir}/%{name}/abstract.h %build %configure \ @@ -195,10 +150,6 @@ %postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig -%post -n libgnutls-extra%{gnutls_extra_sover} -p /sbin/ldconfig - -%postun -n libgnutls-extra%{gnutls_extra_sover} -p /sbin/ldconfig - %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig @@ -223,6 +174,7 @@ %{_bindir}/gnutls-cli %{_bindir}/gnutls-cli-debug %{_bindir}/gnutls-serv +%{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool %{_bindir}/srptool @@ -232,10 +184,6 @@ %defattr(-,root,root) %{_libdir}/libgnutls.so.%{gnutls_sover}* -%files -n libgnutls-extra%{gnutls_extra_sover} -%defattr(-,root,root) -%{_libdir}/libgnutls-extra.so.%{gnutls_extra_sover}* - %files -n libgnutls-openssl%{gnutls_ossl_sover} %defattr(-,root,root) %{_libdir}/libgnutls-openssl.so.%{gnutls_ossl_sover}* @@ -253,6 +201,7 @@ %{_includedir}/%{name}/dtls.h %{_includedir}/%{name}/gnutls.h %{_includedir}/%{name}/openpgp.h +%{_includedir}/%{name}/ocsp.h %{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/x509.h @@ -274,11 +223,4 @@ %dir %{_includedir}/%{name} %{_includedir}/%{name}/openssl.h -%files -n libgnutls-extra-devel -%defattr(-, root, root) -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/extra.h -%{_libdir}/libgnutls-extra.so -%{_libdir}/pkgconfig/gnutls-extra.pc - %changelog -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
