Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2018-03-16 10:33:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Fri Mar 16 10:33:36 2018 rev:108 rq:587401 version:3.6.2 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2018-02-28 19:55:31.999592305 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2018-03-16 10:33:47.705113879 +0100 @@ -1,0 +2,35 @@ +Thu Mar 15 06:52:49 UTC 2018 - [email protected] + +- gnutls.keyring: Nikos key refreshed to be unexpired + +------------------------------------------------------------------- +Tue Mar 13 14:48:56 UTC 2018 - [email protected] + +- GnuTLS 3.6.2: + * libgnutls: When verifying against a self signed certificate ignore issuer. + That is, ignore issuer when checking the issuer's parameters strength, + resolving issue #347 which caused self signed certificates to be + additionally marked as of insufficient security level. + * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data + MTU calculation now, it correctly accounts for the fixed overhead due to + padding (as 1 byte), while at the same time considers the rest of the + padding as part of data MTU. + * libgnutls: Address issue of loading of all PKCS#11 modules on startup + on systems with a PKCS#11 trust store (as opposed to a file trust store). + Introduced a multi-stage initialization which loads the trust modules, and + other modules are deferred for the first pure PKCS#11 request. + * libgnutls: The SRP authentication will reject any parameters outside + RFC5054. This protects any client from potential MitM due to insecure + parameters. That also brings SRP in par with the RFC7919 changes to + Diffie-Hellman. + * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters + for SRP authentication. + * libgnutls: Addressed issue in the accelerated code affecting + interoperability with versions of nettle >= 3.4. + * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. + * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by + Vitezslav Cizek). + * srptool: the --create-conf option no longer includes 1024-bit parameters. + * p11tool: Fixed the deletion of objects in batch mode. +- Dropped gnutls-check_aes_keysize.patch as it is included upstream now. +------------------------------------------------------------------- Old: ---- gnutls-3.6.1.tar.xz gnutls-3.6.1.tar.xz.sig gnutls-check_aes_keysize.patch New: ---- gnutls-3.6.2.tar.xz gnutls-3.6.2.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.fHbTVz/_old 2018-03-16 10:33:49.113063184 +0100 +++ /var/tmp/diff_new_pack.fHbTVz/_new 2018-03-16 10:33:49.121062896 +0100 @@ -23,7 +23,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.1 +Version: 3.6.2 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ AND GPL-3.0+ @@ -35,8 +35,6 @@ Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch -# PATCH-FIX-UPSTREAM https://gitlab.com/gnutls/gnutls/merge_requests/592 -Patch3: gnutls-check_aes_keysize.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -160,7 +158,6 @@ %prep %setup -q %patch1 -p1 -%patch3 -p1 # dtls-resume test fails on PPC %ifarch ppc64 ppc64le ppc %patch2 -p1 ++++++ gnutls-3.6.1.tar.xz -> gnutls-3.6.2.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.1.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.2.tar.xz differ: char 26, line 1 ++++++ gnutls.keyring ++++++ ++++ 1256 lines (skipped) ++++ between gnutls.keyring ++++ and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.keyring
