Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2020-02-06 13:07:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Thu Feb 6 13:07:11 2020 rev:122 rq:769931 version:3.6.12 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2019-12-11 11:59:48.900874373 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new.26092/gnutls.changes 2020-02-06 13:07:16.904305345 +0100 @@ -1,0 +2,46 @@ +Tue Feb 4 09:49:44 UTC 2020 - Ondřej Súkup <[email protected]> + +- gnutls 3.6.12 + * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) + to identify sessions that client request OCSP status request (#829). + * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 + signature algorithm (RFC 8032) under TLS (#86). + * libgnutls: Added the default-priority-string option to system configuration; + it allows overriding the compiled-in default-priority-string. + * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by + draft-smyshlyaev-tls12-gost-suites-07). + By default this ciphersuite is disabled. It can be enabled by adding + +GOST to priority string. In the future this priority string may enable + other GOST ciphersuites as well. Note, that server will fail to negotiate + GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It + is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites + are enabled on GnuTLS-based servers. + * libgnutls: added priority shortcuts for different GOST categories like + CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. + * libgnutls: Reject certificates with invalid time fields. That is we reject + certificates with invalid characters in Time fields, or invalid time formatting + To continue accepting the invalid form compile with --disable-strict-der-time + * libgnutls: Reject certificates which contain duplicate extensions. We were + previously printing warnings when printing such a certificate, but that is + not always sufficient to flag such certificates as invalid. Instead we now + refuse to import them (#887). + * libgnutls: If a CA is found in the trusted list, check in addition to + time validity, whether the algorithms comply to the expected level prior + to accepting it. This addresses the problem of accepting CAs which would + have been marked as insecure otherwise (#877). + * libgnutls: The min-verification-profile from system configuration applies + for all certificate verifications, not only under TLS. The configuration can + be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. + * libgnutls: The stapled OCSP certificate verification adheres to the convention + used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. + * libgnutls: On client side only send OCSP staples if they have been requested + by the server, and on server side always advertise that we support OCSP stapling + * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible + with gnutls_ocsp_req_t but const. + * certtool: Added the --verify-profile option to set a certificate + verification profile. Use '--verify-profile low' for certificate verification + to apply the 'NORMAL' verification profile. + * certtool: The add_extension template option is considered even when generating + a certificate from a certificate request. + +------------------------------------------------------------------- Old: ---- gnutls-3.6.11.1.tar.xz gnutls-3.6.11.1.tar.xz.sig New: ---- gnutls-3.6.12.tar.xz gnutls-3.6.12.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.X9j1ZW/_old 2020-02-06 13:07:18.620306278 +0100 +++ /var/tmp/diff_new_pack.X9j1ZW/_new 2020-02-06 13:07:18.620306278 +0100 @@ -1,7 +1,7 @@ # # spec file for package gnutls # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.11.1 +Version: 3.6.12 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later ++++++ gnutls-3.6.11.1.tar.xz -> gnutls-3.6.12.tar.xz ++++++ ++++ 84772 lines of diff (skipped)
