Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2020-04-15 19:52:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Wed Apr 15 19:52:07 2020 rev:123 rq:790857 version:3.6.13 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2020-02-06 13:07:16.904305345 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new.2738/gnutls.changes 2020-04-15 19:52:11.397536638 +0200 @@ -1,0 +2,30 @@ +Thu Apr 2 09:32:01 UTC 2020 - Vítězslav Čížek <[email protected]> + +- Use correct nettle .so version when looking for a FIPS checksum + (bsc#1166635) + * add gnutls-fips_correct_nettle_soversion.patch + +------------------------------------------------------------------- +Thu Apr 2 08:48:39 UTC 2020 - Vítězslav Čížek <[email protected]> + +- Update to 3.6.13 + * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 +support) + The DTLS client would not contribute any randomness to the DTLS negotiation, + breaking the security guarantees of the DTLS protocol (#960) + [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345) + * libgnutls: Added new APIs to access KDF algorithms (#813). + * libgnutls: Added new callback gnutls_keylog_func that enables a custom + logging functionality. + * libgnutls: Added support for non-null terminated usernames in PSK + negotiation (#586). + * gnutls-cli-debug: Improved support for old servers that only support + SSL 3.0. + +------------------------------------------------------------------- +Mon Mar 30 12:43:33 UTC 2020 - Vítězslav Čížek <[email protected]> + +- Split off FIPS checksums into a separate libgnutls30-hmac + subpackage (bsc#1152692) + +------------------------------------------------------------------- Old: ---- gnutls-3.6.12.tar.xz gnutls-3.6.12.tar.xz.sig New: ---- gnutls-3.6.13.tar.xz gnutls-3.6.13.tar.xz.sig gnutls-fips_correct_nettle_soversion.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.20A6f4/_old 2020-04-15 19:52:12.733537240 +0200 +++ /var/tmp/diff_new_pack.20A6f4/_new 2020-04-15 19:52:12.737537242 +0200 @@ -28,7 +28,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.12 +Version: 3.6.13 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later @@ -39,6 +39,7 @@ Source2: %{name}.keyring Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch +Patch2: gnutls-fips_correct_nettle_soversion.patch Patch4: gnutls-3.6.6-set_guile_site_dir.patch BuildRequires: autogen BuildRequires: automake @@ -86,14 +87,25 @@ %package -n libgnutls%{gnutls_sover} Summary: The GNU Transport Layer Security Library +# install libopenssl and libopenssl-hmac close together (bsc#1090765) License: LGPL-2.1-or-later Group: System/Libraries +Suggests: libgnutls%{gnutls_sover}-hmac = %{version}-%{release} %description -n libgnutls%{gnutls_sover} The GnuTLS library provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. +%package -n libgnutls%{gnutls_sover}-hmac +Summary: Checksums of the GNU Transport Layer Security Library +License: LGPL-2.1-or-later +Group: System/Libraries +Requires: libgnutls%{gnutls_sover} = %{version}-%{release} + +%description -n libgnutls%{gnutls_sover}-hmac +FIPS SHA256 checksums of the libgnutls library. + %package -n libgnutls-dane%{gnutls_dane_sover} Summary: DANE support for the GNU Transport Layer Security Library License: LGPL-2.1-or-later @@ -157,9 +169,7 @@ GnuTLS Wrappers for GNU Guile, a dialect of Scheme. %prep -%setup -q -%patch1 -p1 -%patch4 -p1 +%autosetup -p1 %build export LDFLAGS="-pie" @@ -268,6 +278,8 @@ %files -n libgnutls%{gnutls_sover} %{_libdir}/libgnutls.so.%{gnutls_sover}* + +%files -n libgnutls%{gnutls_sover}-hmac %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac %if %{with dane} ++++++ gnutls-3.6.12.tar.xz -> gnutls-3.6.13.tar.xz ++++++ ++++ 127466 lines of diff (skipped) ++++++ gnutls-fips_correct_nettle_soversion.patch ++++++ Index: gnutls-3.6.12/lib/fips.c =================================================================== --- gnutls-3.6.12.orig/lib/fips.c 2019-06-27 06:40:43.000000000 +0200 +++ gnutls-3.6.12/lib/fips.c 2020-03-16 09:29:39.056332128 +0100 @@ -136,7 +136,7 @@ void _gnutls_fips_mode_reset_zombie(void } #define GNUTLS_LIBRARY_NAME "libgnutls.so.30" -#define NETTLE_LIBRARY_NAME "libnettle.so.6" +#define NETTLE_LIBRARY_NAME "libnettle.so.7" #define HOGWEED_LIBRARY_NAME "libhogweed.so.4" #define GMP_LIBRARY_NAME "libgmp.so.10"
