Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2014-06-06 14:36:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2014-05-14 10:50:30.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2014-06-06 14:36:18.000000000 +0200 @@ -1,0 +2,39 @@ +Tue Jun 3 07:48:04 UTC 2014 - [email protected] + +- Version 3.2.15 (released 2014-05-30) + + ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. + Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730) + ** libgnutls: Several memory leaks caused by error conditions were + fixed. The leaks were identified using valgrind and the Codenomicon + TLS test suite. + ** libgnutls: Increased the maximum certificate size buffer + in the PKCS #11 subsystem. + ** libgnutls: Check the return code of getpwuid_r() instead of relying + on the result value. That avoids issue in certain systems, when using + tofu authentication and the home path cannot be determined. Issue reported + by Viktor Dukhovni. + ** gnutls-cli: if dane is requested but not PKIX verification, then + only do verify the end certificate. + ** ocsptool: Include path in ocsp request. This resolves #108582 + (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. + +- Version 3.2.14 (released 2014-05-06) + ** libgnutls: Fixed issue with the check of incoming data when two + different recv and send pointers have been specified. Reported and + investigated by JMRecio. + ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would + result to illegal memory access if a server hint was provided. + ** libgnutls: Fixed client memory leak in the PSK key exchange, if a + server hint was provided. + ** libgnutls: Several small bug fixes identified using valgrind and + the Codenomicon TLS test suite. + ** libgnutls: Several small bug fixes found by coverity. + ** libgnutls-dane: Accept a certificate using DANE if there is at least one + entry that matches the certificate. Patch by simon [at] arlott.org. + ** configure: Added --with-nettle-mini option, which allows linking + with a libnettle that contains gmp. + ** certtool: The ECDSA keys generated by default use the SECP256R1 curve + which is supported more widely than the previously used SECP224R1. + +------------------------------------------------------------------- Old: ---- gnutls-3.2.13.tar.xz gnutls-3.2.13.tar.xz.sig New: ---- gnutls-3.2.15.tar.xz gnutls-3.2.15.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.Xn26Ne/_old 2014-06-06 14:36:19.000000000 +0200 +++ /var/tmp/diff_new_pack.Xn26Ne/_new 2014-06-06 14:36:19.000000000 +0200 @@ -21,7 +21,7 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.2.13 +Version: 3.2.15 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ ++++++ gnutls-3.2.13.tar.xz -> gnutls-3.2.15.tar.xz ++++++ ++++ 39834 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
