Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory checked
in at 2024-04-08 17:37:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls"
Mon Apr 8 17:37:29 2024 rev:155 rq:1165545 version:3.8.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2024-03-28
14:03:51.986396835 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new.1905/gnutls.changes 2024-04-08
17:37:36.813213926 +0200
@@ -1,0 +2,27 @@
+Fri Apr 5 07:28:14 UTC 2024 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 3.8.5:
+ * libgnutls: Due to majority of usages and implementations of
+ RSA decryption with PKCS#1 v1.5 padding being incorrect,
+ leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
+ is being deprecated (encryption and decryption) and will be
+ disabled in the future. A new option 'allow-rsa-pkcs1-encrypt'
+ has been added into the system-wide library configuration which
+ allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
+ RSAES-PKCS1-v1_5 is enabled by default.
+ * libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
+ backward compatibility with GCR.
+ * libgnutls: A couple of memory related issues have been fixed in
+ RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA
+ with earlier versions of GMP. These were a regression introduced
+ in the 3.8.4 release. See #1535 and !1827.
+ * build: Fixed a bug where building gnutls statically failed due
+ to a duplicate definition of nettle_rsa_compute_root_tr().
+ * API and ABI modifications:
+ - GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of
+ gnutls_pkcs_encrypt_flags_t
+ * Rebase patches:
+ - gnutls-FIPS-TLS_KDF_selftest.patch
+ - gnutls-FIPS-140-3-references.patch
+
+-------------------------------------------------------------------
Old:
----
gnutls-3.8.4.tar.xz
gnutls-3.8.4.tar.xz.sig
New:
----
gnutls-3.8.5.tar.xz
gnutls-3.8.5.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.WCz7lB/_old 2024-04-08 17:37:38.149263162 +0200
+++ /var/tmp/diff_new_pack.WCz7lB/_new 2024-04-08 17:37:38.149263162 +0200
@@ -40,7 +40,7 @@
%endif
%bcond_with tpm
Name: gnutls
-Version: 3.8.4
+Version: 3.8.5
Release: 0
Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later
++++++ gnutls-3.8.4.tar.xz -> gnutls-3.8.5.tar.xz ++++++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.8.4.tar.xz
/work/SRC/openSUSE:Factory/.gnutls.new.1905/gnutls-3.8.5.tar.xz differ: char
26, line 1
++++++ gnutls-FIPS-140-3-references.patch ++++++
++++ 952 lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/gnutls/gnutls-FIPS-140-3-references.patch
++++ and
/work/SRC/openSUSE:Factory/.gnutls.new.1905/gnutls-FIPS-140-3-references.patch
++++++ gnutls-FIPS-TLS_KDF_selftest.patch ++++++
--- /var/tmp/diff_new_pack.WCz7lB/_old 2024-04-08 17:37:38.221265816 +0200
+++ /var/tmp/diff_new_pack.WCz7lB/_new 2024-04-08 17:37:38.221265816 +0200
@@ -1,8 +1,8 @@
-Index: gnutls-3.7.7/lib/fips.c
+Index: gnutls-3.8.5/lib/fips.c
===================================================================
---- gnutls-3.7.7.orig/lib/fips.c
-+++ gnutls-3.7.7/lib/fips.c
-@@ -517,6 +517,26 @@ int _gnutls_fips_perform_self_checks2(vo
+--- gnutls-3.8.5.orig/lib/fips.c
++++ gnutls-3.8.5/lib/fips.c
+@@ -593,6 +593,26 @@ int _gnutls_fips_perform_self_checks2(vo
return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
}
@@ -27,6 +27,6 @@
+ }
+
/* PK */
- ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
- if (ret < 0) {
+ if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
+ ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
