Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2015-08-25 07:17:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2015-05-16 07:12:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2015-08-25 07:17:04.000000000 +0200 @@ -1,0 +2,68 @@ +Tue Aug 18 22:40:28 UTC 2015 - [email protected] + +- Update to 3.4.4 + This update contains a fix for a denial of service vulnerability: + * Allow the parsing of very long DNs. Also fixes double free + in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251 + Other changes: + * Add high level API (gnutls_prf_rfc5705) to access the PRF as + specified by RFC5705. + * Link to trousers (TPM library) dynamically when this + functionality is requested. (disabled in SUSE package) + * Fix issue with server side sending the status request extension + even when not requested. + * Add support for RFC7507 by introducing the %FALLBACK_SCSV + priority string option. + * gnutls_pkcs11_privkey_generate2() will store the generated + public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY + flag is specified. + * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback. + * API and ABI modifications: + gnutls_prf_rfc5705: Added + gnutls_hex_encode2: Added + gnutls_hex_decode2: Added +- build with autogen for libopts compatibility +- fix failures in test suite, add upstream commits + 0001-certtool-lifted-limits-on-file-size-to-load.patch + 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch + +------------------------------------------------------------------- +Thu Jul 30 15:39:34 UTC 2015 - [email protected] + +- update to 3.4.3 + ** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for + dates prior to 2050. + ** libgnutls: Force 16-byte alignment to all input to ciphers (previously it + was done only when cryptodev was enabled). + ** libgnutls: Removed support for pthread_atfork() as it has undefined + semantics when used with dlopen(), and may lead to a crash. + ** libgnutls: corrected failure when importing plain files + with gnutls_x509_privkey_import2(), and a password was provided. + ** libgnutls: Don't reject certificates if a CA has the URI or IP address + name constraints, and the end certificate doesn't have an IP address + name or a URI set. + ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. + ** p11tool: Added --list-token-urls option, and print the token module name + in list-tokens. + ** libgnutls: DTLS blocking API is more robust against infinite blocking, + and will notify of more possible timeouts. + ** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported + by Manuel Pegourie-Gonnard. + ** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That + allows to disable SIGPIPE for writes done within gnutls. + ** libgnutls: Enhanced the PKCS #7 API to allow signing and verification + of structures. API moved to gnutls/pkcs7.h header. + ** certtool: Added options to generate PKCS #7 bundles and signed + structures. +- includes changes from 3.4.2: + * DTLS blocking API is more robust against infinite blocking, + and will notify of more possible timeouts. + * Correct regression with Camellia-256-GCM cipher. + * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That + allows to disable SIGPIPE for writes done within gnutls. + * Enhance the PKCS #7 API to allow signing and verification + of structures. Move API to gnutls/pkcs7.h header. + * certtool: Added options to generate PKCS #7 bundles and signed + structures. + +------------------------------------------------------------------- Old: ---- gnutls-3.4.1.tar.xz gnutls-3.4.1.tar.xz.sig New: ---- gnutls-3.4.4.tar.xz gnutls-3.4.4.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.tKtHfE/_old 2015-08-25 07:17:05.000000000 +0200 +++ /var/tmp/diff_new_pack.tKtHfE/_new 2015-08-25 07:17:05.000000000 +0200 @@ -29,7 +29,7 @@ %bcond_with tpm Name: gnutls -Version: 3.4.1 +Version: 3.4.4 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ @@ -41,6 +41,7 @@ Source2: %name.keyring Source3: baselibs.conf +BuildRequires: autogen BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: libidn-devel @@ -58,7 +59,8 @@ # disabled armv7l - valgrind appears to mishandle some insns # disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks %ifarch %ix86 x86_64 ppc64 s390x ppc64le -BuildRequires: valgrind +# disabled all, valgrind breaks tests in 3.4.4 +#BuildRequires: valgrind %endif %if %suse_version >= 1230 BuildRequires: makeinfo @@ -295,6 +297,7 @@ %{_includedir}/%{name}/gnutls.h %{_includedir}/%{name}/openpgp.h %{_includedir}/%{name}/ocsp.h +%{_includedir}/%{name}/pkcs7.h %{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/self-test.h ++++++ gnutls-3.4.1.tar.xz -> gnutls-3.4.4.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.4.1.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.4.4.tar.xz differ: char 26, line 1
