Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2013-12-23 12:33:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2013-11-04 14:58:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2013-12-23 12:33:47.000000000 +0100 @@ -1,0 +2,45 @@ +Sat Dec 21 20:38:19 UTC 2013 - [email protected] + +- Upgrade to 3.2.8 + +* Version 3.2.8 (released 2013-12-20) + +** libgnutls: Updated code for AES-NI. That prevents an uninitialized +variable complaint from valgrind. + +** libgnutls: Enforce a maximum size for DH primes. + +** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy +Polyakov's code. + +** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code. + +** libgnutls: It only links to librt if the required functions are not +present in libc. This also prevents an indirect linking to libpthread. + +** libgnutls: Fixed issue with gnulib strerror replacement by adding +the strerror gnulib module. + +** libgnutls: The time provided in the TLS random values is only +precise on its first 3 bytes. That prevents leakage of the precise +system time (at least on the client side when only few connections are +done on a single server). + +** certtool: The --verify option will use the system CAs if the +load-ca-certificate option is not provided. + +** configure: Added option --with-default-blacklist-file to allow +specifying a certificate blacklist file. + +** configure: Added --disable-non-suiteb-curves option. This option +restricts the supported curves to SuiteB curves. + +** API and ABI modifications: gnutls_record_check_corked: Added + +Add files: gnutls-3.2.8.tar.xz, gnutls-3.2.8.tar.xz.sig, gnutls-implement-trust-store-dir-3.2.8.diff, +gnutls-3.2.8-noecc.patch + +Delete files: gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig, gnutls-implement-trust-store-dir, +gnutls-3.2.6-noecc.patch + +------------------------------------------------------------------- Old: ---- gnutls-3.2.6-noecc.patch gnutls-3.2.6.tar.xz gnutls-3.2.6.tar.xz.sig gnutls-implement-trust-store-dir.diff New: ---- gnutls-3.2.8-noecc.patch gnutls-3.2.8.tar.xz gnutls-3.2.8.tar.xz.sig gnutls-implement-trust-store-dir-3.2.8.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.AZfy3F/_old 2013-12-23 12:33:47.000000000 +0100 +++ /var/tmp/diff_new_pack.AZfy3F/_new 2013-12-23 12:33:47.000000000 +0100 @@ -21,7 +21,7 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.2.6 +Version: 3.2.8 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ @@ -37,8 +37,8 @@ Patch3: gnutls-3.0.26-skip-test-fwrite.patch # Disable elliptic curves for reasons. - meissner&cfarrell -Patch5: gnutls-3.2.6-noecc.patch -Patch6: gnutls-implement-trust-store-dir.diff +Patch5: gnutls-3.2.8-noecc.patch +Patch6: gnutls-implement-trust-store-dir-3.2.8.diff BuildRequires: automake BuildRequires: gcc-c++ ++++++ gnutls-3.2.6-noecc.patch -> gnutls-3.2.8-noecc.patch ++++++ ++++ 1379 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/gnutls/gnutls-3.2.6-noecc.patch ++++ and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.2.8-noecc.patch ++++++ gnutls-3.2.6.tar.xz -> gnutls-3.2.8.tar.xz ++++++ ++++ 585558 lines of diff (skipped) ++++++ gnutls-implement-trust-store-dir-3.2.8.diff ++++++ Index: gnutls-3.2.8/configure.ac =================================================================== --- gnutls-3.2.8.orig/configure.ac +++ gnutls-3.2.8/configure.ac @@ -457,6 +457,25 @@ if test "$with_default_trust_store_file" with_default_trust_store_file="" fi +AC_ARG_WITH([default-trust-store-dir], + [AS_HELP_STRING([--with-default-trust-store-dir=DIRECTORY], + [use the given directory as default trust store])], with_default_trust_store_dir="$withval", + [if test "$build" = "$host" ; then + for i in \ + /etc/ssl/certs/ + do + if test -e $i ; then + with_default_trust_store_dir="$i" + break + fi + done + fi] +) + +if test "$with_default_trust_store_dir" = "no";then + with_default_trust_store_dir="" +fi + AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) @@ -470,6 +489,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi +if test "x$with_default_trust_store_dir" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], + ["$with_default_trust_store_dir"], [use the given directory default trust store]) +fi + if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) @@ -761,6 +785,7 @@ AC_MSG_NOTICE([System files: Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file DNSSEC root key file: $unbound_root_key_file Index: gnutls-3.2.8/lib/system.c =================================================================== --- gnutls-3.2.8.orig/lib/system.c +++ gnutls-3.2.8/lib/system.c @@ -357,7 +357,45 @@ int _gnutls_find_config_path(char *path, return 0; } -#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) +/* Used by both Android code and by Linux TRUST_STORE_DIR /etc/ssl/certs code */ +#if defined(DEFAULT_TRUST_STORE_DIR) || defined(ANDROID) || defined(__ANDROID__) +# include <dirent.h> +# include <unistd.h> +static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, + unsigned int tl_flags, unsigned int tl_vflags, unsigned type) +{ +DIR * dirp; +struct dirent *d; +int ret; +int r = 0; +char path[GNUTLS_PATH_MAX]; + + dirp = opendir(dirname); + if (dirp != NULL) + { + do + { + d = readdir(dirp); + if (d != NULL && d->d_type == DT_REG) + { + snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); + + ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags); + if (ret >= 0) + r += ret; + } + } + while(d != NULL); + closedir(dirp); + } + + return r; +} +#endif + + +#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) || defined(DEFAULT_TRUST_STORE_DIR) + static int add_system_trust(gnutls_x509_trust_list_t list, @@ -393,6 +431,12 @@ add_system_trust(gnutls_x509_trust_list_ r += ret; #endif +# ifdef DEFAULT_TRUST_STORE_DIR + ret = load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM); + if (ret > 0) + r += ret; +# endif + #ifdef DEFAULT_BLACKLIST_FILE ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); if (ret < 0) { @@ -467,41 +511,6 @@ int add_system_trust(gnutls_x509_trust_l return r; } #elif defined(ANDROID) || defined(__ANDROID__) -#include <dirent.h> -#include <unistd.h> -static int load_dir_certs(const char *dirname, - gnutls_x509_trust_list_t list, - unsigned int tl_flags, unsigned int tl_vflags, - unsigned type) -{ - DIR *dirp; - struct dirent *d; - int ret; - int r = 0; - char path[GNUTLS_PATH_MAX]; - - dirp = opendir(dirname); - if (dirp != NULL) { - do { - d = readdir(dirp); - if (d != NULL && d->d_type == DT_REG) { - snprintf(path, sizeof(path), "%s/%s", - dirname, d->d_name); - - ret = - gnutls_x509_trust_list_add_trust_file - (list, path, NULL, type, tl_flags, - tl_vflags); - if (ret >= 0) - r += ret; - } - } - while (d != NULL); - closedir(dirp); - } - - return r; -} static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type) { -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
