Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2018-10-25 08:11:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Thu Oct 25 08:11:16 2018 rev:114 rq:642097 version:3.6.4 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2018-09-26 16:01:11.424517917 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2018-10-25 08:11:24.528224690 +0200 @@ -1,0 +2,36 @@ +Mon Oct 15 15:41:42 UTC 2018 - Vítězslav Čížek <vci...@suse.com> + +- Temporarily disable failing psk-file test (race condition) + * add disable-psk-file-test.patch + +------------------------------------------------------------------- +Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal <tchva...@suse.com> + +- Version update to 3.6.4 (bsc#1111757): + ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with + gnutls_certificate_set_retrieve_function() which could not handle the case where + no certificates were returned, or the callbacks were set to NULL (see #528). + ** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + ** libgnutls: Added session ticket key rotation on server side with TOTP. + The key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + ** libgnutls: The 'record size limit' extension is added and preferred to the + 'max record size' extension when possible. + ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), + gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import + and export GOST parameters in the "native" little endian format used for these + curves. This is an intentional incompatible change with 3.6.3. + ** libgnutls: Added support for seperately negotiating client and server certificate types + as defined in RFC7250. This mechanism must be explicitly enabled via the + GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). +- Drop upstreamed patch: + * gnutls-3.6.3-backport-upstream-fixes.patch + +------------------------------------------------------------------- Old: ---- gnutls-3.6.3-backport-upstream-fixes.patch gnutls-3.6.3.tar.xz gnutls-3.6.3.tar.xz.sig New: ---- disable-psk-file-test.patch gnutls-3.6.4.tar.xz gnutls-3.6.4.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.a7g3pq/_old 2018-10-25 08:11:25.244224221 +0200 +++ /var/tmp/diff_new_pack.a7g3pq/_new 2018-10-25 08:11:25.248224219 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,8 +20,8 @@ %define gnutlsxx_sover 28 %define gnutls_dane_sover 0 -# unbound isn't in SLE (bsc#1086428) -%if 0%{?is_opensuse} +# unbound isn't in SLE12 (bsc#1086428) +%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500 %bcond_without dane %else %bcond_with dane @@ -29,7 +29,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.3 +Version: 3.6.4 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later @@ -41,7 +41,7 @@ Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch -Patch3: gnutls-3.6.3-backport-upstream-fixes.patch +Patch3: disable-psk-file-test.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -160,11 +160,11 @@ %prep %setup -q %patch1 -p1 +%patch3 -p1 # dtls-resume test fails on PPC %ifarch ppc64 ppc64le ppc %patch2 -p1 %endif -%patch3 -p1 %build export LDFLAGS="-pie" ++++++ disable-psk-file-test.patch ++++++ diff --git a/tests/Makefile.in b/tests/Makefile.in index 07433e0..4ecd431 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -457,7 +457,7 @@ am__EXEEXT_10 = tls13/supported_versions$(EXEEXT) \ pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \ x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \ x509sign-verify-gost$(EXEEXT) mini-alignment$(EXEEXT) \ - oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \ + oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) \ priority-init2$(EXEEXT) status-request$(EXEEXT) \ status-request-ok$(EXEEXT) status-request-missing$(EXEEXT) \ sign-verify-ext$(EXEEXT) fallback-scsv$(EXEEXT) \ @@ -1590,8 +1590,6 @@ privkey_verify_broken_OBJECTS = privkey-verify-broken.$(OBJEXT) privkey_verify_broken_LDADD = $(LDADD) privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ libutils.la $(am__DEPENDENCIES_2) -psk_file_SOURCES = psk-file.c -psk_file_OBJECTS = psk-file.$(OBJEXT) psk_file_LDADD = $(LDADD) psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ $(am__DEPENDENCIES_2) @@ -2723,7 +2721,7 @@ am__depfiles_remade = ./$(DEPDIR)/alerts.Po \ ./$(DEPDIR)/priority-init2.Po ./$(DEPDIR)/priority-mix.Po \ ./$(DEPDIR)/priority-set.Po ./$(DEPDIR)/priority-set2.Po \ ./$(DEPDIR)/privkey-keygen.Po \ - ./$(DEPDIR)/privkey-verify-broken.Po ./$(DEPDIR)/psk-file.Po \ + ./$(DEPDIR)/privkey-verify-broken.Po \ ./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pubkey-import-export.Po \ ./$(DEPDIR)/random-art.Po ./$(DEPDIR)/record-pad.Po \ ./$(DEPDIR)/record-retvals.Po \ @@ -3021,7 +3019,7 @@ SOURCES = $(libpkcs11mock1_la_SOURCES) $(libutils_la_SOURCES) alerts.c \ pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \ prf.c priorities.c priorities-groups.c priority-init2.c \ priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \ - privkey-verify-broken.c psk-file.c pskself.c \ + privkey-verify-broken.c pskself.c \ pubkey-import-export.c random-art.c record-pad.c \ record-retvals.c record-sizes.c record-sizes-range.c \ record-timeouts.c recv-data-before-handshake.c \ @@ -3183,7 +3181,7 @@ DIST_SOURCES = $(am__libpkcs11mock1_la_SOURCES_DIST) \ pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \ prf.c priorities.c priorities-groups.c priority-init2.c \ priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \ - privkey-verify-broken.c psk-file.c pskself.c \ + privkey-verify-broken.c pskself.c \ pubkey-import-export.c random-art.c record-pad.c \ record-retvals.c record-sizes.c record-sizes-range.c \ record-timeouts.c recv-data-before-handshake.c \ @@ -4734,7 +4732,7 @@ ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \ x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \ server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal \ pkcs7-gen dtls-etm x509sign-verify-rsa x509sign-verify-ecdsa \ - x509sign-verify-gost mini-alignment oids atfork prf psk-file \ + x509sign-verify-gost mini-alignment oids atfork prf \ priority-init2 status-request status-request-ok \ status-request-missing sign-verify-ext fallback-scsv \ pkcs8-key-decode urls dtls-rehandshake-cert key-usage-rsa \ @@ -5872,10 +5870,6 @@ privkey-verify-broken$(EXEEXT): $(privkey_verify_broken_OBJECTS) $(privkey_verif @rm -f privkey-verify-broken$(EXEEXT) $(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS) -psk-file$(EXEEXT): $(psk_file_OBJECTS) $(psk_file_DEPENDENCIES) $(EXTRA_psk_file_DEPENDENCIES) - @rm -f psk-file$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(psk_file_OBJECTS) $(psk_file_LDADD) $(LIBS) - pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES) @rm -f pskself$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS) @@ -6862,7 +6856,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk-file.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker @@ -8913,13 +8906,6 @@ prf.log: prf$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -psk-file.log: psk-file$(EXEEXT) - @p='psk-file$(EXEEXT)'; \ - b='psk-file'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) priority-init2.log: priority-init2$(EXEEXT) @p='priority-init2$(EXEEXT)'; \ b='priority-init2'; \ @@ -10883,7 +10869,6 @@ distclean: distclean-recursive -rm -f ./$(DEPDIR)/priority-set2.Po -rm -f ./$(DEPDIR)/privkey-keygen.Po -rm -f ./$(DEPDIR)/privkey-verify-broken.Po - -rm -f ./$(DEPDIR)/psk-file.Po -rm -f ./$(DEPDIR)/pskself.Po -rm -f ./$(DEPDIR)/pubkey-import-export.Po -rm -f ./$(DEPDIR)/random-art.Po @@ -11318,7 +11303,6 @@ maintainer-clean: maintainer-clean-recursive -rm -f ./$(DEPDIR)/priority-set2.Po -rm -f ./$(DEPDIR)/privkey-keygen.Po -rm -f ./$(DEPDIR)/privkey-verify-broken.Po - -rm -f ./$(DEPDIR)/psk-file.Po -rm -f ./$(DEPDIR)/pskself.Po -rm -f ./$(DEPDIR)/pubkey-import-export.Po -rm -f ./$(DEPDIR)/random-art.Po ++++++ gnutls-3.6.3.tar.xz -> gnutls-3.6.4.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.3.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.4.tar.xz differ: char 26, line 1