Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2018-09-11 17:07:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Tue Sep 11 17:07:55 2018 rev:112 rq:631024 version:3.6.3 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2018-08-03 12:30:11.466939307 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2018-09-11 17:08:41.136210306 +0200 @@ -1,0 +2,37 @@ +Wed Aug 22 15:40:33 UTC 2018 - [email protected] + +- Update to 3.6.3 + Fixes security issues: + CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, CVE-2017-10790 + (bsc#1105437, bsc#1105460, bsc#1105459, bsc#1047002) + Other Changes: + ** libgnutls: Introduced support for draft-ietf-tls-tls13-28 + ** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or + earlier and TLS 1.3. + ** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. + ** Provide a uniform cipher list across supported TLS protocols + ** The SSL 3.0 protocol is disabled on compile-time by default. + ** libgnutls: Introduced function to switch the current FIPS140-2 operational + mode + ** libgnutls: Introduced low-level function to assist applications attempting client + hello extension parsing, prior to GnuTLS' parsing of the message. + ** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no + modifications to the certificate. + ** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups + which are preferred by the server. + ** Improved counter-measures for TLS CBC record padding. + ** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation + of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. + ** libgnutls: gnutls_privkey_import_ext4() was enhanced with the + GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. + ** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, + gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default + unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API + change for these functions which make them err towards safety. + ** libgnutls: improved aarch64 cpu features detection by using getauxval(). + ** certtool: It is now possible to specify certificate and serial CRL numbers greater + than 2**63-2 as a hex-encoded string both when prompted and in a template file. + Default certificate serial numbers are now fully random. +- don't run autoreconf to avoid pulling in gtk-doc + +------------------------------------------------------------------- Old: ---- gnutls-3.6.2.tar.xz gnutls-3.6.2.tar.xz.sig New: ---- gnutls-3.6.3.tar.xz gnutls-3.6.3.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.npbsd7/_old 2018-09-11 17:08:42.136208744 +0200 +++ /var/tmp/diff_new_pack.npbsd7/_new 2018-09-11 17:08:42.136208744 +0200 @@ -29,7 +29,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.2 +Version: 3.6.3 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later @@ -168,7 +168,7 @@ export LDFLAGS="-pie" export CFLAGS="%{optflags} -fPIE" export CXXFLAGS="%{optflags} -fPIE" -autoreconf -fiv +#autoreconf -fiv %configure \ gl_cv_func_printf_directive_n=yes \ gl_cv_func_printf_infinite_long_double=yes \ @@ -177,7 +177,7 @@ --disable-silent-rules \ --with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \ --with-sysroot=/%{?_sysroot} \ - --with-guile-site-dir=no \ + --with-guile-site-dir=%{_datadir}/guile \ %if %{without tpm} --without-tpm \ %endif @@ -307,7 +307,7 @@ %if %{with guile} %files guile %{_libdir}/guile/* -%{_datadir}/guile/site/gnutls* +%{_datadir}/guile/gnutls* %endif %changelog ++++++ gnutls-3.6.2.tar.xz -> gnutls-3.6.3.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.2.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.3.tar.xz differ: char 25, line 1
