Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2011-12-02 16:25:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls", Maintainer is "g...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2011-10-18 14:14:30.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2011-12-02 16:25:51.000000000 +0100 @@ -1,0 +2,18 @@ +Wed Nov 30 12:43:57 UTC 2011 - vu...@opensuse.org + +- Fix licenses (bnc#733661): the applications as well as + gnutls-extra and gnutls-openssl libraries are under GPL-3.0+ + while the library is LGPL-3.0+. + +------------------------------------------------------------------- +Wed Nov 30 09:57:27 UTC 2011 - co...@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Mon Nov 14 07:29:29 UTC 2011 - g...@suse.com + +- fix #Bug 729486 - gnutls: buffer overflow + CVE-2011-4128 + +------------------------------------------------------------------- New: ---- CVE-2011-4128.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.slONzC/_old 2011-12-02 16:25:53.000000000 +0100 +++ /var/tmp/diff_new_pack.slONzC/_new 2011-12-02 16:25:53.000000000 +0100 @@ -24,7 +24,7 @@ Name: gnutls Version: 3.0.3 Release: 1 -License: LGPLv3+ +License: LGPL-3.0+ ; GPL-3.0+ Summary: The GNU Transport Layer Security Library Url: http://www.gnutls.org/ Group: Productivity/Networking/Security @@ -34,6 +34,8 @@ Patch0: gnutls-fix-compression.patch # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 vu...@opensuse.org -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17 Patch1: gnutls-fix-crash-on-strcat.patch +Patch2: CVE-2011-4128.patch +BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: libnettle-devel >= 2.2 BuildRequires: p11-kit-devel @@ -54,8 +56,7 @@ implements the proposed standards of the IETF's TLS working group. %package -n libgnutls%{gnutls_sover} - -License: LGPLv2.1+ +License: LGPL-3.0+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security @@ -65,8 +66,7 @@ implements the proposed standards of the IETF's TLS working group. %package -n libgnutlsxx%{gnutlsxx_sover} - -License: LGPLv2.1+ +License: LGPL-3.0+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security @@ -77,8 +77,7 @@ %package -n libgnutls-extra%{gnutls_extra_sover} - -License: GPLv3+ +License: GPL-3.0+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security @@ -89,8 +88,7 @@ %package -n libgnutls-openssl%{gnutls_ossl_sover} - -License: GPLv3+ +License: GPL-3.0+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security @@ -101,7 +99,7 @@ %package -n libgnutls-devel -License: LGPLv2.1+ +License: LGPL-3.0+ Summary: Development package for gnutls Group: Development/Libraries/C and C++ PreReq: %install_info_prereq @@ -112,7 +110,7 @@ Files needed for software development using gnutls. %package -n libgnutlsxx-devel -License: LGPLv2.1+ +License: LGPL-3.0+ Summary: Development package for gnutls Group: Development/Libraries/C and C++ PreReq: %install_info_prereq @@ -125,7 +123,7 @@ %package -n libgnutls-openssl-devel -License: LGPLv2.1+ +License: GPL-3.0+ Summary: Development package for gnutls Group: Development/Libraries/C and C++ Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} @@ -136,7 +134,7 @@ %package -n libgnutls-extra-devel -License: GPLv3+ +License: GPL-3.0+ Summary: The GNU Transport Layer Security Library Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} @@ -159,6 +157,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %configure \ ++++++ CVE-2011-4128.patch ++++++ Index: gnutls-3.0.3/lib/gnutls_session.c =================================================================== --- gnutls-3.0.3.orig/lib/gnutls_session.c +++ gnutls-3.0.3/lib/gnutls_session.c @@ -63,13 +63,14 @@ gnutls_session_get_data (gnutls_session_ gnutls_assert (); return ret; } - *session_data_size = psession.size; if (psession.size > *session_data_size) { + *session_data_size = psession.size; ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto error; } + *session_data_size = psession.size; if (session_data != NULL) memcpy (session_data, psession.data, psession.size); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org