Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2022-05-23 15:51:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.2254 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Mon May 23 15:51:27 2022 rev:137 rq:978504 version:3.7.5 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2022-05-17 17:24:15.115161112 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new.2254/gnutls.changes 2022-05-23 15:51:28.374630953 +0200 @@ -1,0 +2,21 @@ +Sat May 21 17:50:57 UTC 2022 - Andreas Stieger <[email protected]> + +- update to 3.7.5: + * add options disable session ticket usage in TLS 1.2 because + it does not provide forward secrecy + * For TLS 1.3 where session tickets do provide forward secrecy, + the PFS priority string now only disables session tickets in + TLS 1.2. + * Future backward incompatibility: in the next major release of + GnuTLS those flag and modifier are planned to be removed + * gnutls-cli, gnutls-serv: Channel binding for printing + information has been changed from tls-unique to tls-exporter + as tls-unique is not supported in TLS 1.3. + * Certificate sanity checks has been enhanced to make gnutls + more RFC 5280 compliant: + * Removed 3DES from FIPS approved algorithms + * Optimized support for AES-SIV-CMAC algorithms + * libgnutls: HKDF and AES-GCM algorithms are now approved in + FIPS-140 mode when used in TLS + +------------------------------------------------------------------- Old: ---- gnutls-3.7.4.tar.xz gnutls-3.7.4.tar.xz.sig New: ---- gnutls-3.7.5.tar.xz gnutls-3.7.5.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.Ub4xVP/_old 2022-05-23 15:51:29.646632152 +0200 +++ /var/tmp/diff_new_pack.Ub4xVP/_new 2022-05-23 15:51:29.650632156 +0200 @@ -36,7 +36,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.7.4 +Version: 3.7.5 Release: 0 Summary: The GNU Transport Layer Security Library License: GPL-3.0-or-later AND LGPL-2.1-or-later @@ -159,7 +159,6 @@ Requires: glibc-devel Requires: gnutls = %{version} Requires: libgnutls%{gnutls_sover} = %{version} -Requires(pre): %{install_info_prereq} Provides: gnutls-devel = %{version}-%{release} %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 Requires: crypto-policies @@ -186,7 +185,6 @@ Requires: libgnutls-devel = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel -Requires(pre): %{install_info_prereq} %description -n libgnutlsxx-devel Files needed for software development using gnutls. @@ -241,7 +239,7 @@ --with-fips140-module-name="GnuTLS version" \ --with-fips140-module-version="%{version}-%{release}" \ %{nil} -make %{?_smp_mflags} +%make_build %install %make_install @@ -268,7 +266,7 @@ %check %if ! 0%{?qemu_user_space_build} -make %{?_smp_mflags} check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { +%make_build check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { find -name test-suite.log -print -exec cat {} + exit 1 } @@ -290,12 +288,6 @@ %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig -%post -n libgnutls-devel -%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz - -%preun -n libgnutls-devel -%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz - %files -f libgnutls.lang %license LICENSE %doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO @@ -316,20 +308,25 @@ %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} +%license LICENSE %{_libdir}/libgnutls.so.%{gnutls_sover}* %files -n libgnutls%{gnutls_sover}-hmac +%license LICENSE %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac %if %{with dane} %files -n libgnutls-dane%{gnutls_dane_sover} +%license LICENSE %{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}* %endif %files -n libgnutlsxx%{gnutlsxx_sover} +%license LICENSE %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel +%license LICENSE %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h @@ -356,6 +353,7 @@ %if %{with dane} %files -n libgnutls-dane-devel +%license LICENSE %dir %{_includedir}/%{name} %{_includedir}/%{name}/dane.h %{_libdir}/pkgconfig/gnutls-dane.pc @@ -363,12 +361,14 @@ %endif %files -n libgnutlsxx-devel +%license LICENSE %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h %if %{with guile} %files guile +%license LICENSE %{_libdir}/guile/* %{_datadir}/guile/gnutls* %endif ++++++ gnutls-3.7.4.tar.xz -> gnutls-3.7.5.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.7.4.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new.2254/gnutls-3.7.5.tar.xz differ: char 26, line 1 ++++++ gnutls-FIPS-PBKDF2-KAT-requirements.patch ++++++ --- /var/tmp/diff_new_pack.Ub4xVP/_old 2022-05-23 15:51:29.718632220 +0200 +++ /var/tmp/diff_new_pack.Ub4xVP/_new 2022-05-23 15:51:29.722632224 +0200 @@ -1,10 +1,10 @@ -Index: gnutls-3.7.3/lib/crypto-selftests.c +Index: gnutls-3.7.5/lib/crypto-selftests.c =================================================================== ---- gnutls-3.7.3.orig/lib/crypto-selftests.c -+++ gnutls-3.7.3/lib/crypto-selftests.c -@@ -3112,6 +3112,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh - "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78" - "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"), +--- gnutls-3.7.5.orig/lib/crypto-selftests.c ++++ gnutls-3.7.5/lib/crypto-selftests.c +@@ -3123,6 +3123,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh + "\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f" + "\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"), }, + /* Test vector extracted from https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */ + {
