Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2014-03-06 19:18:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2014-03-04 13:14:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2014-03-06 19:18:09.000000000 +0100 @@ -1,0 +2,36 @@ +Wed Mar 5 15:30:54 UTC 2014 - [email protected] + +- Upgrade to 3.2.12.1; + +** libgnutls: Reverted change that broke ABI. Reported by Andreas +Metzler. + +** libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2) + +** libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw +when provided with invalid data. Reported by Dmitriy Anisimkov. + +** libgnutls: Corrected timeout issue in subsequent to the first +DTLS handshakes. + +** libgnutls: Removed unconditional not-trusted message in +gnutls_certificate_verification_status_print() when used with +OpenPGP certificates. Reported by Michel Briand. + +** libgnutls: All ciphersuites that were available in TLS1.0 or +later are now made available in SSL3.0 or later to prevent +any incompatibilities with servers that negotiate them in SSL 3.0. + +** ocsptool: When verifying a response and a signer isn't provided +assume that the signer is the issuer. + +** ocsptool: When sending a nonce, verify that the nonce exists +in the OCSP response. + +** gnutls-cli: Added --strict-tofu option; contributed by Jens +Lechtenboerger. + +Delete files: CVE-2014-0092.patch( upstreamed), gnutls-3.2.11.tar.xz.sig, gnutls-3.2.11.tar.xz; +Add files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig + +------------------------------------------------------------------- Old: ---- CVE-2014-0092.patch gnutls-3.2.11.tar.xz gnutls-3.2.11.tar.xz.sig New: ---- gnutls-3.2.12.1.tar.xz gnutls-3.2.12.1.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.wmsrMr/_old 2014-03-06 19:18:10.000000000 +0100 +++ /var/tmp/diff_new_pack.wmsrMr/_new 2014-03-06 19:18:10.000000000 +0100 @@ -21,15 +21,15 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.2.11 +Version: 3.2.12 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ Group: Productivity/Networking/Security Url: http://www.gnutls.org/ -Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz +Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.1.tar.xz # signature is checked by source services. -Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig +Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.1.tar.xz.sig Source2: %name.keyring Source3: baselibs.conf @@ -37,7 +37,6 @@ Patch3: gnutls-3.0.26-skip-test-fwrite.patch Patch6: gnutls-implement-trust-store-dir-3.2.8.diff -Patch7: CVE-2014-0092.patch BuildRequires: automake BuildRequires: gcc-c++ @@ -138,7 +137,6 @@ %setup -q %patch3 %patch6 -p1 -%patch7 -p1 %build autoreconf -if ++++++ gnutls-3.2.11.tar.xz -> gnutls-3.2.12.1.tar.xz ++++++ ++++ 9487 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
