Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2012-11-28 10:29:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls", Maintainer is "g...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2012-10-03 07:23:40.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2012-11-28 10:29:37.000000000 +0100 @@ -1,0 +2,71 @@ +Sun Nov 25 10:52:46 UTC 2012 - andreas.stie...@gmx.de + +- include LGPL-3.0+ text in COPYING.LESSER +- run regression tests, but move "make check" to %check section +- add gnutls-3.0.26-skip-test-fwrite.patch to skip a failing test +- no longer manipulate doc/examples tree in %install section, the + deletion of Makefiles breaks "make check" in %check +- install documentation, reference and examples in %install section + to fetch them for the package without unneccessary files + +------------------------------------------------------------------- +Fri Nov 16 23:30:09 UTC 2012 - andreas.stie...@gmx.de + +- updated to GnuTLS 3.0.26: + - libgnutls: Always tolerate key usage violation errors from the + side of the peer, but also notify via an audit message. + - libgnutls: gnutls_x509_crl_verify() includes time checks. + - libgnutls: Increased maximum password length in the PKCS #12 + functions. + - API and ABI modifications: + GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added + GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added + +- includes changes from 3.0.25: + - libgnutls: Fixed the receipt of session tickets during session + resumption. + - libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the + OCSP response corresponds to the given certificate. + - libgnutls: Several updates in the OpenPGP code. The generating code + is fully RFC6091 compliant and RFC5081 support is only supported in + client mode. + - API and ABI modifications: + gnutls_ocsp_resp_check_crt: Added + +- includes changes form version 3.0.24: + - libgnutls: The %COMPAT keyword, if specified, will tolerate + key usage violation errors (they are far too common to ignore). + - libgnutls: Corrected bug in OpenPGP subpacket encoding. + - libgnutls: Added X.509 certificate verification flag + - GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification + of unsorted certificate chains and is enabled by default for + TLS certificate verification (if gnutls_certificate_set_verify_flags() + does not override it). + - libgnutls: Correctly restore gnutls_record_recv() in DTLS mode + if interrupted during the retrasmition of handshake data. + - libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), + which provides a tool to counter compression-related attacks where + parts of the data are controlled by the attacker _and_ are placed in + separate records (use with care - do not use compression if not sure). + - libgnutls: Depends on libtasn1 2.14 or later. + +- includes changes from version 3.0.23: + - gnutls-serv: Listens on IPv6 + - libgnutls: Be tolerant in ECDSA signature violations (e.g. using + SHA256 with a SECP384 curve instead of SHA-384), to interoperate with + openssl. +- libgnutls: Fixed DSA and ECDSA signature generation in smart cards. + +- includes changes from version 3.0.22 + - libgnutls: When verifying a certificate chain make sure it is chain. + If the chain is wronly interrupted at some point then truncate it, + and only try to verify the correct part. Patch by David Woodhouse + - libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() + which now may (again) accept a NULL password. + - certtool: Allow the user to choose the hash algorithm + when signing certificate request or certificate revocation list. + +- Refresh gnutls-implement-trust-store-dir.diff, some parts are in + upstream sources + +------------------------------------------------------------------- Old: ---- gnutls-3.0.21.tar.xz New: ---- gnutls-3.0.26-skip-test-fwrite.patch gnutls-3.0.26.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.sGT69l/_old 2012-11-28 10:29:38.000000000 +0100 +++ /var/tmp/diff_new_pack.sGT69l/_new 2012-11-28 10:29:38.000000000 +0100 @@ -21,7 +21,7 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.0.21 +Version: 3.0.26 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ and GPL-3.0+ @@ -32,11 +32,13 @@ # suse specific, add support for certificate directories -- lnussel Patch1: gnutls-implement-trust-store-dir.diff Patch2: automake-1.12.patch +# PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stie...@gmx.de -- skip a failing test +Patch3: gnutls-3.0.26-skip-test-fwrite.patch BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: libidn-devel BuildRequires: libnettle-devel >= 2.2 -BuildRequires: libtasn1-devel +BuildRequires: libtasn1-devel >= 2.14 BuildRequires: libtool BuildRequires: p11-kit-devel >= 0.11 BuildRequires: pkg-config @@ -123,8 +125,9 @@ %prep %setup -q -%patch1 -p1 +%patch1 %patch2 -p1 +%patch3 echo %{_includedir}/%{name}/abstract.h %build @@ -136,22 +139,27 @@ --disable-silent-rules \ --with-default-trust-store-dir=/etc/ssl/certs \ --with-sysroot=/%{?_sysroot} -make %{?_smp_mflags} - -# 17-ago-2011, Test suite passes in factory, just not -#in the build system due to some broken code requiring both networking -#and fixes. -#make check +%__make %{?_smp_mflags} %install %make_install -rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in} -find doc/examples -perm -111 -exec rm {} \; rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files rm -f %{buildroot}%{_libdir}/*.la + +# install docs +%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ +%__cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/ +%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference +%__cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/ +%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples +%__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ + %find_lang libgnutls --all-name +%check +%__make check + %clean rm -rf %{buildroot} @@ -177,7 +185,7 @@ %files -f libgnutls.lang %defattr(-, root, root) -%doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO +%doc THANKS README NEWS ChangeLog COPYING COPYING.LESSER AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/crywrap %{_bindir}/gnutls-cli @@ -218,7 +226,7 @@ %{_libdir}/pkgconfig/gnutls.pc %{_mandir}/man3/* %{_infodir}/*.* -%doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/* +%doc %{_docdir}/libgnutls-devel %files -n libgnutlsxx-devel %defattr(-, root, root) ++++++ gnutls-3.0.26-skip-test-fwrite.patch ++++++ Index: gl/tests/test-fwrite.c =================================================================== --- gl/tests/test-fwrite.c.orig 2012-04-12 21:05:11.000000000 +0100 +++ gl/tests/test-fwrite.c 2012-11-23 22:51:17.000000000 +0000 @@ -32,6 +32,8 @@ SIGNATURE_CHECK (fwrite, size_t, (const int main (int argc, char **argv) { + // skip test-fwrite + return 77; const char *filename = "test-fwrite.txt"; /* We don't have an fwrite() function that installs an invalid parameter @@ -50,6 +52,7 @@ main (int argc, char **argv) setvbuf (fp, NULL, _IONBF, 0); ASSERT (close (fileno (fp)) == 0); errno = 0; + // this fwrite returns 5 == sizeof (buf) in openSUSE Factory ASSERT (fwrite (buf, 1, sizeof (buf), fp) == 0); ASSERT (errno == EBADF); ASSERT (ferror (fp)); ++++++ gnutls-implement-trust-store-dir.diff ++++++ --- /var/tmp/diff_new_pack.sGT69l/_old 2012-11-28 10:29:38.000000000 +0100 +++ /var/tmp/diff_new_pack.sGT69l/_new 2012-11-28 10:29:38.000000000 +0100 @@ -3,24 +3,18 @@ Date: Tue, 8 May 2012 15:47:02 +0200 Subject: [PATCH gnutls] implement trust store dir +(since updated as some parts were introduced upstream) + --- configure.ac | 18 ++++++++++++- lib/gnutls_x509.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 90 insertions(+), 2 deletions(-) -diff --git a/configure.ac b/configure.ac -index f826704..d099e05 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -296,17 +296,27 @@ AC_ARG_WITH([default-trust-store-file], - [AS_HELP_STRING([--with-default-trust-store-file=FILE], - [use the given file default trust store])]) - -+AC_ARG_WITH([default-trust-store-dir], -+ [AS_HELP_STRING([--with-default-trust-store-dir=DIR], -+ [use the given directory default trust store])]) -+ - AC_ARG_WITH([default-crl-file], +Index: configure.ac +=================================================================== +--- configure.ac.orig 2012-11-08 23:05:32.000000000 +0000 ++++ configure.ac 2012-11-16 23:18:51.000000000 +0000 +@@ -301,9 +301,11 @@ AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) @@ -32,16 +26,8 @@ + /etc/ssl/certs \ /etc/ssl/certs/ca-certificates.crt \ /etc/pki/tls/cert.pem \ - /usr/local/share/certs/ca-root-nss.crt - do -+ if test -d $i; then -+ with_default_trust_store_dir="$i" -+ break -+ fi - if test -e $i; then - with_default_trust_store_file="$i" - break -@@ -319,6 +329,11 @@ if test "x$with_default_trust_store_file" != x; then + /usr/local/share/certs/ca-root-nss.crt \ +@@ -321,6 +323,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi @@ -53,7 +39,7 @@ if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) -@@ -560,6 +575,7 @@ if features are disabled) +@@ -562,6 +569,7 @@ if features are disabled) Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file @@ -61,10 +47,10 @@ CRL file: $with_default_crl_file ]) -diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c -index 71e0d69..87eaa0c 100644 ---- a/lib/gnutls_x509.c -+++ b/lib/gnutls_x509.c +Index: lib/gnutls_x509.c +=================================================================== +--- lib/gnutls_x509.c.orig 2012-09-22 01:01:26.000000000 +0100 ++++ lib/gnutls_x509.c 2012-11-16 23:16:31.000000000 +0000 @@ -36,6 +36,7 @@ #include <gnutls_pk.h> #include <gnutls_str.h> @@ -73,7 +59,7 @@ #include <x509_b64.h> #include <gnutls_x509.h> #include "x509/common.h" -@@ -1692,6 +1693,72 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) +@@ -1694,6 +1695,72 @@ set_x509_system_trust_file (gnutls_certi } #endif @@ -146,7 +132,7 @@ /** * gnutls_certificate_set_x509_system_trust: * @cred: is a #gnutls_certificate_credentials_t structure. -@@ -1710,7 +1777,7 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) +@@ -1712,7 +1779,7 @@ set_x509_system_trust_file (gnutls_certi int gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) { @@ -155,7 +141,7 @@ int r = GNUTLS_E_UNIMPLEMENTED_FEATURE; #else int ret, r = 0; -@@ -1728,6 +1795,11 @@ gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) +@@ -1730,6 +1797,11 @@ gnutls_certificate_set_x509_system_trust r += ret; #endif @@ -167,6 +153,3 @@ return r; } --- -1.7.7 - -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org