commit gnutls for openSUSE:Factory

2020-10-15 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2020-10-15 13:44:51

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.3486 (New)


Package is "gnutls"

Thu Oct 15 13:44:51 2020 rev:127 rq:841380 version:3.6.15

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2020-09-10 
22:48:11.191831625 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.3486/gnutls.changes  2020-10-15 
13:45:00.629167283 +0200
@@ -1,0 +2,5 @@
+Mon Oct 12 11:54:00 UTC 2020 - Dominique Leuenberger 
+
+- Escape rpm command %%expand when used in comment.
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.r7CRpa/_old  2020-10-15 13:45:03.113168253 +0200
+++ /var/tmp/diff_new_pack.r7CRpa/_new  2020-10-15 13:45:03.125168257 +0200
@@ -203,7 +203,7 @@
 # invalidates a HMAC that may have been created earlier.
 # solution: create the hashes _after_ the macro runs.
 #
-# this shows up earlier because otherwise the %expand of
+# this shows up earlier because otherwise the %%expand of
 # the macro is too late.
 # remark: This is the same as running
 #   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'






commit gnutls for openSUSE:Factory

2020-09-10 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2020-09-10 22:47:39

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.4249 (New)


Package is "gnutls"

Thu Sep 10 22:47:39 2020 rev:126 rq:832966 version:3.6.15

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2020-07-21 
15:47:00.468044751 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.4249/gnutls.changes  2020-09-10 
22:48:11.191831625 +0200
@@ -1,0 +2,23 @@
+Tue Sep  8 08:18:48 UTC 2020 - Vítězslav Čížek 
+
+- Update to 3.6.15
+ * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
+   [GNUTLS-SA-2020-09-04, CVSS: medium]
+ * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
+   indicates that with a false return value (!1306).
+ * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
+   accordingly to SP800-56A rev 3 (!1295, !1299).
+ * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
+   the size of the internal base64 blob (#1025).
+ * libgnutls: Certificate verification failue due to OCSP must-stapling is not
+   honered is now correctly marked with the GNUTLS_CERT_INVALID flag
+ * libgnutls: The audit log message for weak hashes is no longer printed twice
+ * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
+   disabled in the priority string. Previously, even when TLS 1.2 is explicitly
+   disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
+   enabled (#1054).
+- drop upstreamed patches:
+  * gnutls-detect_nettle_so.patch
+  * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
+
+---

Old:

  0001-crypto-api-always-allocate-memory-when-serializing-i.patch
  gnutls-3.6.14.tar.xz
  gnutls-3.6.14.tar.xz.sig
  gnutls-detect_nettle_so.patch

New:

  gnutls-3.6.15.tar.xz
  gnutls-3.6.15.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.i8NEns/_old  2020-09-10 22:48:12.459832794 +0200
+++ /var/tmp/diff_new_pack.i8NEns/_new  2020-09-10 22:48:12.463832797 +0200
@@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.14
+Version:3.6.15
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -40,9 +40,7 @@
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch4: gnutls-3.6.6-set_guile_site_dir.patch
-Patch5: 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
 Patch6: gnutls-temporarily_disable_broken_guile_reauth_test.patch
-Patch7: gnutls-detect_nettle_so.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge

++ gnutls-3.5.11-skip-trust-store-tests.patch ++
--- /var/tmp/diff_new_pack.i8NEns/_old  2020-09-10 22:48:12.495832826 +0200
+++ /var/tmp/diff_new_pack.i8NEns/_new  2020-09-10 22:48:12.495832826 +0200
@@ -15,10 +15,10 @@
 
 But this would create a build cycle. Skip test.
 
-Index: gnutls-3.5.11/tests/trust-store.c
+Index: gnutls-3.6.15/tests/trust-store.c
 ===
 gnutls-3.5.11.orig/tests/trust-store.c 2017-04-07 07:52:07.0 
+0200
-+++ gnutls-3.5.11/tests/trust-store.c  2017-05-18 10:33:53.537598763 +0200
+--- gnutls-3.6.15.orig/tests/trust-store.c 2020-09-08 10:24:24.018094247 
+0200
 gnutls-3.6.15/tests/trust-store.c  2020-09-08 10:24:25.534104346 +0200
 @@ -44,6 +44,9 @@ static void tls_log_func(int level, cons
  
  void doit(void)

++ gnutls-3.6.14.tar.xz -> gnutls-3.6.15.tar.xz ++
 36841 lines of diff (skipped)

++ gnutls-3.6.6-set_guile_site_dir.patch ++
--- /var/tmp/diff_new_pack.i8NEns/_old  2020-09-10 22:48:15.211835329 +0200
+++ /var/tmp/diff_new_pack.i8NEns/_new  2020-09-10 22:48:15.211835329 +0200
@@ -1,8 +1,8 @@
-Index: gnutls-3.6.6/configure
+Index: gnutls-3.6.15/configure
 ===
 gnutls-3.6.6.orig/configure
-+++ gnutls-3.6.6/configure
-@@ -62868,7 +62868,7 @@
+--- gnutls-3.6.15.orig/configure   2020-09-08 10:24:22.362083215 +0200
 gnutls-3.6.15/configure2020-09-08 10:24:28.510124171 +0200
+@@ -69365,7 +69365,7 @@ fi
  
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" 
>&5
  $as_echo_n "checking for Guile site directory... " >&6; }

++ gnutls-temporarily_disable_broken_guile_reauth_test.patch ++
--- /var/tmp/diff_new_pack.i8NEns/_old  

commit gnutls for openSUSE:Factory

2020-07-21 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2020-07-21 15:44:54

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.3592 (New)


Package is "gnutls"

Tue Jul 21 15:44:54 2020 rev:125 rq:821496 version:3.6.14

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2020-06-11 
10:01:52.746615823 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.3592/gnutls.changes  2020-07-21 
15:47:00.468044751 +0200
@@ -1,0 +2,6 @@
+Tue Jun  9 09:15:45 UTC 2020 - Vítězslav Čížek 
+
+- Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666)
+  * add gnutls-detect_nettle_so.patch
+
+---
@@ -8 +14 @@
-  * add gnutls-temporarily_disable_broken_guile_reauth_test
+  * add gnutls-temporarily_disable_broken_guile_reauth_test.patch

Old:

  gnutls-temporarily_disable_broken_guile_reauth_test

New:

  gnutls-detect_nettle_so.patch
  gnutls-temporarily_disable_broken_guile_reauth_test.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.8YUgiw/_old  2020-07-21 15:47:02.064046724 +0200
+++ /var/tmp/diff_new_pack.8YUgiw/_new  2020-07-21 15:47:02.068046729 +0200
@@ -41,7 +41,8 @@
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch4: gnutls-3.6.6-set_guile_site_dir.patch
 Patch5: 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
-Patch6: gnutls-temporarily_disable_broken_guile_reauth_test
+Patch6: gnutls-temporarily_disable_broken_guile_reauth_test.patch
+Patch7: gnutls-detect_nettle_so.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge


++ gnutls-detect_nettle_so.patch ++
Index: gnutls-3.6.14/configure
===
--- gnutls-3.6.14.orig/configure2020-06-09 11:01:15.306654318 +0200
+++ gnutls-3.6.14/configure 2020-06-09 12:40:08.262985909 +0200
@@ -66054,12 +66054,12 @@ LIBS="$LIBS $GMP_LIBS"
 $as_echo_n "checking gmp soname... " >&6; }
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
+#include 
 int
 main ()
 {
-
-  ;
+  mpz_t n;
+  mpz_init(n);
   return 0;
 }
 _ACEOF
@@ -66088,12 +66088,12 @@ LIBS="$LIBS $NETTLE_LIBS"
 $as_echo_n "checking nettle soname... " >&6; }
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
+#include 
 int
 main ()
 {
-
-  ;
+  struct sha256_ctx ctx;
+  sha256_init ();
   return 0;
 }
 _ACEOF
@@ -66122,12 +66122,12 @@ LIBS="$LIBS $HOGWEED_LIBS"
 $as_echo_n "checking hogweed soname... " >&6; }
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
+#include 
 int
 main ()
 {
-
-  ;
+  struct rsa_private_key priv;
+  nettle_rsa_private_key_init();
   return 0;
 }
 _ACEOF
++ gnutls-temporarily_disable_broken_guile_reauth_test.patch ++
Index: gnutls-3.6.14/guile/Makefile.in
===
--- gnutls-3.6.14.orig/guile/Makefile.in2020-06-03 15:05:54.0 
+0200
+++ gnutls-3.6.14/guile/Makefile.in 2020-06-09 09:03:17.267773380 +0200
@@ -1850,7 +1850,7 @@ CLEANFILES = modules/gnutls.scm $(am__ap
 TESTS = tests/anonymous-auth.scm tests/session-record-port.scm \
tests/pkcs-import-export.scm tests/errors.scm \
tests/x509-certificates.scm tests/x509-auth.scm \
-   tests/reauth.scm tests/priorities.scm $(am__append_2)
+   tests/priorities.scm $(am__append_2)
 TESTS_ENVIRONMENT = \
   GUILE_AUTO_COMPILE=0 \
   GUILE_WARN_DEPRECATED=detailed




commit gnutls for openSUSE:Factory

2020-06-11 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2020-06-11 10:01:25

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.3606 (New)


Package is "gnutls"

Thu Jun 11 10:01:25 2020 rev:124 rq:812790 version:3.6.14

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2020-04-15 
19:52:11.397536638 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.3606/gnutls.changes  2020-06-11 
10:01:52.746615823 +0200
@@ -1,0 +2,41 @@
+Mon Jun  8 15:41:46 UTC 2020 - Vítězslav Čížek 
+
+- Fix a memory leak that could lead to a DoS attack against Samba
+  servers (bsc#1172663)
+  * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
+- Temporarily disable broken guile reauth test (bsc#1171565)
+  * add gnutls-temporarily_disable_broken_guile_reauth_test
+
+---
+Thu Jun  4 09:39:58 UTC 2020 - Vítězslav Čížek 
+
+- Update to 3.6.14
+  * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
+The TLS server would not bind the session ticket encryption key with a
+value supplied by the application until the initial key rotation, allowing
+attacker to bypass authentication in TLS 1.3 and recover previous
+conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
+[GNUTLS-SA-2020-06-03, CVSS: high]
+  * libgnutls: Fixed handling of certificate chain with cross-signed
+intermediate CA certificates (#1008). (bsc#1172461)
+  * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
+  * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
+(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
+Key Identifier (AKI) properly (#989, #991).
+  * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
+  * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
+Also both accelerated and non-accelerated implementations check key block
+according to FIPS-140-2 IG A.9 (!1233).
+  * libgnutls: Added support for AES-SIV ciphers (#463).
+  * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
+  * libgnutls: No longer use internal symbols exported from Nettle (!1235)
+  * API and ABI modifications:
+GNUTLS_CIPHER_AES_128_SIV: Added
+GNUTLS_CIPHER_AES_256_SIV: Added
+GNUTLS_CIPHER_AES_192_GCM: Added
+gnutls_pkcs7_print_signature_info: Added
+- Add key D605848ED7E69871: public key "Daiki Ueno " to
+  the keyring
+- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)
+
+---

Old:

  gnutls-3.6.13.tar.xz
  gnutls-3.6.13.tar.xz.sig
  gnutls-fips_correct_nettle_soversion.patch

New:

  0001-crypto-api-always-allocate-memory-when-serializing-i.patch
  gnutls-3.6.14.tar.xz
  gnutls-3.6.14.tar.xz.sig
  gnutls-temporarily_disable_broken_guile_reauth_test



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.MNW2Fc/_old  2020-06-11 10:01:54.550621633 +0200
+++ /var/tmp/diff_new_pack.MNW2Fc/_new  2020-06-11 10:01:54.550621633 +0200
@@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.13
+Version:3.6.14
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -39,8 +39,9 @@
 Source2:%{name}.keyring
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
-Patch2: gnutls-fips_correct_nettle_soversion.patch
 Patch4: gnutls-3.6.6-set_guile_site_dir.patch
+Patch5: 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
+Patch6: gnutls-temporarily_disable_broken_guile_reauth_test
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge

++ 0001-crypto-api-always-allocate-memory-when-serializing-i.patch ++
>From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
From: Daiki Ueno 
Date: Fri, 5 Jun 2020 16:26:33 +0200
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t

The AEAD iov interface falls back to serializing the input buffers if
the low-level cipher doesn't support scatter/gather encryption.
However, there was a bug in the functions used for the serialization,
which causes memory leaks under a certain condition (i.e. the number
of input buffers is 1).

This patch makes the logic of the functions simpler, by removing a
micro-optimization that tries to minimize the number of calls to
malloc/free.

The original problem was reported by Marius Steffen in:

commit gnutls for openSUSE:Factory

2020-04-15 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2020-04-15 19:52:07

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.2738 (New)


Package is "gnutls"

Wed Apr 15 19:52:07 2020 rev:123 rq:790857 version:3.6.13

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2020-02-06 
13:07:16.904305345 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new.2738/gnutls.changes  2020-04-15 
19:52:11.397536638 +0200
@@ -1,0 +2,30 @@
+Thu Apr  2 09:32:01 UTC 2020 - Vítězslav Čížek 
+
+- Use correct nettle .so version when looking for a FIPS checksum
+  (bsc#1166635)
+  * add gnutls-fips_correct_nettle_soversion.patch
+
+---
+Thu Apr  2 08:48:39 UTC 2020 - Vítězslav Čížek 
+
+- Update to 3.6.13
+  * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
+support)
+The DTLS client would not contribute any randomness to the DTLS 
negotiation,
+breaking the security guarantees of the DTLS protocol (#960)
+[GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345)
+  * libgnutls: Added new APIs to access KDF algorithms (#813).
+  * libgnutls: Added new callback gnutls_keylog_func that enables a custom
+logging functionality.
+  * libgnutls: Added support for non-null terminated usernames in PSK
+negotiation (#586).
+  * gnutls-cli-debug: Improved support for old servers that only support
+SSL 3.0.
+
+---
+Mon Mar 30 12:43:33 UTC 2020 - Vítězslav Čížek 
+
+- Split off FIPS checksums into a separate libgnutls30-hmac
+  subpackage (bsc#1152692)
+
+---

Old:

  gnutls-3.6.12.tar.xz
  gnutls-3.6.12.tar.xz.sig

New:

  gnutls-3.6.13.tar.xz
  gnutls-3.6.13.tar.xz.sig
  gnutls-fips_correct_nettle_soversion.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.20A6f4/_old  2020-04-15 19:52:12.733537240 +0200
+++ /var/tmp/diff_new_pack.20A6f4/_new  2020-04-15 19:52:12.737537242 +0200
@@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.12
+Version:3.6.13
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -39,6 +39,7 @@
 Source2:%{name}.keyring
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
+Patch2: gnutls-fips_correct_nettle_soversion.patch
 Patch4: gnutls-3.6.6-set_guile_site_dir.patch
 BuildRequires:  autogen
 BuildRequires:  automake
@@ -86,14 +87,25 @@
 
 %package -n libgnutls%{gnutls_sover}
 Summary:The GNU Transport Layer Security Library
+# install libopenssl and libopenssl-hmac close together (bsc#1090765)
 License:LGPL-2.1-or-later
 Group:  System/Libraries
+Suggests:   libgnutls%{gnutls_sover}-hmac = %{version}-%{release}
 
 %description -n libgnutls%{gnutls_sover}
 The GnuTLS library provides a secure layer over a reliable transport
 layer. Currently the GnuTLS library implements the proposed standards
 of the IETF's TLS working group.
 
+%package -n libgnutls%{gnutls_sover}-hmac
+Summary:Checksums of the GNU Transport Layer Security Library
+License:LGPL-2.1-or-later
+Group:  System/Libraries
+Requires:   libgnutls%{gnutls_sover} = %{version}-%{release}
+
+%description -n libgnutls%{gnutls_sover}-hmac
+FIPS SHA256 checksums of the libgnutls library.
+
 %package -n libgnutls-dane%{gnutls_dane_sover}
 Summary:DANE support for the GNU Transport Layer Security Library
 License:LGPL-2.1-or-later
@@ -157,9 +169,7 @@
 GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
 
 %prep
-%setup -q
-%patch1 -p1
-%patch4 -p1
+%autosetup -p1
 
 %build
 export LDFLAGS="-pie"
@@ -268,6 +278,8 @@
 
 %files -n libgnutls%{gnutls_sover}
 %{_libdir}/libgnutls.so.%{gnutls_sover}*
+
+%files -n libgnutls%{gnutls_sover}-hmac
 %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
 
 %if %{with dane}

++ gnutls-3.6.12.tar.xz -> gnutls-3.6.13.tar.xz ++
 127466 lines of diff (skipped)

++ gnutls-fips_correct_nettle_soversion.patch ++
Index: gnutls-3.6.12/lib/fips.c
===
--- gnutls-3.6.12.orig/lib/fips.c   2019-06-27 06:40:43.0 +0200
+++ gnutls-3.6.12/lib/fips.c2020-03-16 09:29:39.056332128 +0100
@@ -136,7 +136,7 @@ void _gnutls_fips_mode_reset_zombie(void
 }
 
 #define GNUTLS_LIBRARY_NAME "libgnutls.so.30"
-#define NETTLE_LIBRARY_NAME "libnettle.so.6"
+#define NETTLE_LIBRARY_NAME "libnettle.so.7"
 

commit gnutls for openSUSE:Factory

2020-02-06 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2020-02-06 13:07:11

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.26092 (New)


Package is "gnutls"

Thu Feb  6 13:07:11 2020 rev:122 rq:769931 version:3.6.12

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2019-12-11 
11:59:48.900874373 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new.26092/gnutls.changes 2020-02-06 
13:07:16.904305345 +0100
@@ -1,0 +2,46 @@
+Tue Feb  4 09:49:44 UTC 2020 - Ondřej Súkup 
+
+- gnutls 3.6.12
+ * libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
+   to identify sessions that client request OCSP status request (#829).
+ * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
+   signature algorithm (RFC 8032) under TLS (#86).
+ * libgnutls: Added the default-priority-string option to system configuration;
+   it allows overriding the compiled-in default-priority-string.
+ * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
+   draft-smyshlyaev-tls12-gost-suites-07).
+   By default this ciphersuite is disabled. It can be enabled by adding
+   +GOST to priority string. In the future this priority string may enable
+   other GOST ciphersuites as well.  Note, that server will fail to negotiate
+   GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
+   is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
+   are enabled on GnuTLS-based servers.
+ * libgnutls: added priority shortcuts for different GOST categories like
+   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
+ * libgnutls: Reject certificates with invalid time fields. That is we reject
+   certificates with invalid characters in Time fields, or invalid time 
formatting
+   To continue accepting the invalid form compile with 
--disable-strict-der-time
+ * libgnutls: Reject certificates which contain duplicate extensions. We were
+   previously printing warnings when printing such a certificate, but that is
+   not always sufficient to flag such certificates as invalid. Instead we now
+   refuse to import them (#887).
+ * libgnutls: If a CA is found in the trusted list, check in addition to
+   time validity, whether the algorithms comply to the expected level prior
+   to accepting it. This addresses the problem of accepting CAs which would
+   have been marked as insecure otherwise (#877).
+ * libgnutls: The min-verification-profile from system configuration applies
+   for all certificate verifications, not only under TLS. The configuration can
+   be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.
+ * libgnutls: The stapled OCSP certificate verification adheres to the 
convention
+   used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.
+ * libgnutls: On client side only send OCSP staples if they have been requested
+   by the server, and on server side always advertise that we support OCSP 
stapling
+ * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
+   with gnutls_ocsp_req_t but const.
+ * certtool: Added the --verify-profile option to set a certificate
+   verification profile. Use '--verify-profile low' for certificate 
verification
+   to apply the 'NORMAL' verification profile.
+ * certtool: The add_extension template option is considered even when 
generating
+   a certificate from a certificate request.
+
+---

Old:

  gnutls-3.6.11.1.tar.xz
  gnutls-3.6.11.1.tar.xz.sig

New:

  gnutls-3.6.12.tar.xz
  gnutls-3.6.12.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.X9j1ZW/_old  2020-02-06 13:07:18.620306278 +0100
+++ /var/tmp/diff_new_pack.X9j1ZW/_new  2020-02-06 13:07:18.620306278 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.11.1
+Version:3.6.12
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later

++ gnutls-3.6.11.1.tar.xz -> gnutls-3.6.12.tar.xz ++
 84772 lines of diff (skipped)





commit gnutls for openSUSE:Factory

2019-12-11 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2019-12-11 11:59:39

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.4691 (New)


Package is "gnutls"

Wed Dec 11 11:59:39 2019 rev:121 rq:753893 version:3.6.11.1

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2019-10-14 
12:32:30.524111346 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.4691/gnutls.changes  2019-12-11 
11:59:48.900874373 +0100
@@ -1,0 +2,17 @@
+Tue Dec  3 19:34:20 UTC 2019 - Andreas Stieger 
+
+- gnutls 3.6.11.1:
+  * libgnutls: Corrected issue with TLS 1.2 session ticket
+handling as client during resumption
+  * libgnutls: gnutls_base64_decode2() succeeds decoding the empty
+string to the empty string. This is a behavioral change of the
+API but it conforms to the RFC4648 expectations
+  * libgnutls: Fixed AES-CFB8 implementation, when input is shorter
+than the block size. Fix backported from nettle.
+  * certtool: CRL distribution points will be set in CA
+certificates even when non self-signed
+  * gnutls-cli/serv: added raw public-key handling capabilities
+(RFC7250). Key material can be set via the --rawpkkeyfile and
+--rawpkfile flags.
+
+---

Old:

  gnutls-3.6.10.tar.xz
  gnutls-3.6.10.tar.xz.sig

New:

  gnutls-3.6.11.1.tar.xz
  gnutls-3.6.11.1.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.MDa7ky/_old  2019-12-11 11:59:49.780874003 +0100
+++ /var/tmp/diff_new_pack.MDa7ky/_new  2019-12-11 11:59:49.780874003 +0100
@@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.10
+Version:3.6.11.1
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later

++ gnutls-3.6.10.tar.xz -> gnutls-3.6.11.1.tar.xz ++
 49404 lines of diff (skipped)





commit gnutls for openSUSE:Factory

2019-10-14 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2019-10-14 12:32:27

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.2352 (New)


Package is "gnutls"

Mon Oct 14 12:32:27 2019 rev:120 rq:737234 version:3.6.10

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2019-10-05 
16:19:14.525603324 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.2352/gnutls.changes  2019-10-14 
12:32:30.524111346 +0200
@@ -1,0 +2,14 @@
+Thu Oct 10 17:48:44 UTC 2019 - Andreas Stieger 
+
+- gnutls 3.6.10:
+  * Add support for deterministic ECDSA/DSA (RFC6979)
+  * Add functions for in-place encryption/decryption of data buffers
+  * server now selects the highest TLS protocol version, if TLS 1.3
+is enabled and the client advertises an older protocol version
+first
+  * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode
+and MAC generation based on GOST 28147-89 (IMIT)
+  * certtool: when outputting an encrypted private key do not
+insert the textual description of it
+
+---

Old:

  gnutls-3.6.9.tar.xz
  gnutls-3.6.9.tar.xz.sig

New:

  gnutls-3.6.10.tar.xz
  gnutls-3.6.10.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.s4yfwn/_old  2019-10-14 12:32:32.056107340 +0200
+++ /var/tmp/diff_new_pack.s4yfwn/_new  2019-10-14 12:32:32.068107309 +0200
@@ -28,7 +28,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.9
+Version:3.6.10
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later

++ gnutls-3.6.9.tar.xz -> gnutls-3.6.10.tar.xz ++
 62574 lines of diff (skipped)





commit gnutls for openSUSE:Factory

2019-10-05 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2019-10-05 16:18:27

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.2352 (New)


Package is "gnutls"

Sat Oct  5 16:18:27 2019 rev:119 rq:734380 version:3.6.9

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2019-08-07 
13:54:12.204857629 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.2352/gnutls.changes  2019-10-05 
16:19:14.525603324 +0200
@@ -1,0 +2,6 @@
+Tue Sep 24 13:16:02 UTC 2019 - Vítězslav Čížek 
+
+- Install checksums for binary integrity verification which are
+  required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.x5dgvA/_old  2019-10-05 16:19:15.445600928 +0200
+++ /var/tmp/diff_new_pack.x5dgvA/_new  2019-10-05 16:19:15.449600917 +0200
@@ -44,6 +44,7 @@
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
+BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure 
we have it present
 BuildRequires:  iproute2
@@ -185,6 +186,21 @@
%{nil}
 make %{?_smp_mflags}
 
+# the hmac hashes:
+#
+# this is a hack that re-defines the __os_install_post macro
+# for a simple reason: the macro strips the binaries and thereby
+# invalidates a HMAC that may have been created earlier.
+# solution: create the hashes _after_ the macro runs.
+#
+# this shows up earlier because otherwise the %expand of
+# the macro is too late.
+# remark: This is the same as running
+#   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
+%{expand:%%global __os_install_post {%__os_install_post
+%{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
+}}
+
 %install
 %make_install
 rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
@@ -252,6 +268,7 @@
 
 %files -n libgnutls%{gnutls_sover}
 %{_libdir}/libgnutls.so.%{gnutls_sover}*
+%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
 
 %if %{with dane}
 %files -n libgnutls-dane%{gnutls_dane_sover}






commit gnutls for openSUSE:Factory

2019-08-07 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2019-08-07 13:54:10

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.9556 (New)


Package is "gnutls"

Wed Aug  7 13:54:10 2019 rev:118 rq:720093 version:3.6.9

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2019-04-10 
23:10:36.979934400 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.9556/gnutls.changes  2019-08-07 
13:54:12.204857629 +0200
@@ -1,0 +2,27 @@
+Wed Jul 31 17:05:53 UTC 2019 - Andreas Stieger 
+
+- gnutls 3.6.9:
+  * add support for copying digest or MAC contexts
+  * Mark the crypto implementation override APIs as deprecated
+  * Add support for AES-GMAC, as a separate to GCM, MAC algorithm
+  * Add support for Generalname registeredID
+  * The priority configuration was enhanced to allow more elaborate
+system-wide configuration of the library
+- includes changes from 3.6.8:
+  * Add support for AES-XTS cipher
+  * Fix calculation of Streebog digests
+  * During Diffie-Hellman operations in TLS, verify that the peer's
+public key is on the right subgroup (y^q=1 mod p), when q is
+available (under TLS 1.3 and under earlier versions when RFC7919
+parameters are used).
+  * Apply STD3 ASCII rules in gnutls_idna_map() to prevent
+hostname/domain crafting via IDNA conversion
+  * certtool: allow the digital signature key usage flag in CA
+certificates
+  * gnutls-cli/serv: add the --keymatexport and --keymatexportsize
+options. These allow testing the RFC5705 using these tools
+- drop patches to re-enable tests:
+  * disable-psk-file-test.patch
+  * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+
+---

Old:

  disable-psk-file-test.patch
  gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
  gnutls-3.6.7.tar.xz
  gnutls-3.6.7.tar.xz.sig

New:

  gnutls-3.6.9.tar.xz
  gnutls-3.6.9.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.8nQexo/_old  2019-08-07 13:54:12.904857622 +0200
+++ /var/tmp/diff_new_pack.8nQexo/_new  2019-08-07 13:54:12.908857622 +0200
@@ -19,7 +19,6 @@
 %define gnutls_sover 30
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
-
 # unbound isn't in SLE (bsc#1086428)
 %if 0%{?is_opensuse}
 %bcond_without dane
@@ -29,26 +28,23 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.7
+Version:3.6.9
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
 Group:  Productivity/Networking/Security
-Url:http://www.gnutls.org/
+URL:https://www.gnutls.org/
 Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig
 Source2:%{name}.keyring
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
-Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-Patch3: disable-psk-file-test.patch
 Patch4: gnutls-3.6.6-set_guile_site_dir.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
-BuildRequires:  pkgconfig(autoopts)
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure 
we have it present
 BuildRequires:  iproute2
 BuildRequires:  libidn2-devel
@@ -61,6 +57,7 @@
 BuildRequires:  pkgconfig
 BuildRequires:  xz
 BuildRequires:  zlib-devel
+BuildRequires:  pkgconfig(autoopts)
 %if 0%{?suse_version} <= 1320
 BuildRequires:  net-tools
 %else
@@ -161,12 +158,7 @@
 %prep
 %setup -q
 %patch1 -p1
-%patch3 -p1
 %patch4 -p1
-# dtls-resume test fails on PPC
-%ifarch ppc64 ppc64le ppc
-%patch2 -p1
-%endif
 
 %build
 export LDFLAGS="-pie"
@@ -201,7 +193,7 @@
 
 # install docs
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
-cp doc/gnutls.html doc/*.png doc/gnutls.pdf 
%{buildroot}%{_docdir}/libgnutls-devel/
+cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
 cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples

++ gnutls-3.6.7.tar.xz -> gnutls-3.6.9.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.7.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new.9556/gnutls-3.6.9.tar.xz differ: char 
27, line 1





commit gnutls for openSUSE:Factory

2019-04-10 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2019-04-10 23:10:32

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.27019 (New)


Package is "gnutls"

Wed Apr 10 23:10:32 2019 rev:117 rq:692241 version:3.6.7

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2019-02-04 
21:25:14.943597851 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new.27019/gnutls.changes 2019-04-10 
23:10:36.979934400 +0200
@@ -1,0 +2,60 @@
+Thu Apr  4 20:31:19 UTC 2019 - Jan Engelhardt 
+
+- Trim useless %if..%endif guards that do not affect the build.
+- Fix language errors in description again.
+
+---
+Thu Apr  4 13:34:03 UTC 2019 - Jason Sikes 
+
+- Update gnutls to 3.6.7
+  ** libgnutls, gnutls tools: Every gnutls_free() will automatically set
+ the free'd pointer to NULL. This prevents possible use-after-free and
+ double free issues. Use-after-free will be turned into NULL dereference.
+ The counter-measure does not extend to applications using gnutls_free().
+
+  ** libgnutls: Fixed a memory corruption (double free) vulnerability in the
+ certificate verification API. Reported by Tavis Ormandy; addressed with
+ the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] 
(CVE-2019-3829)
+
+  ** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async 
messages;
+ Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] 
(CVE-2019-3836)
+
+  ** libgnutls: enforce key usage limitations on certificates more actively.
+ Previously we would enforce it for TLS1.2 protocol, now we enforce it
+ even when TLS1.3 is negotiated, or on client certificates as well. When
+ an inappropriate for TLS1.3 certificate is seen on the credentials 
structure
+ GnuTLS will disable TLS1.3 support for that session (#690).
+
+  ** libgnutls: the default number of tickets sent under TLS 1.3 was increased 
to
+ two. This makes it easier for clients which perform multiple connections
+ to the server to use the tickets sent by a default server.
+
+  ** libgnutls: enforce the equality of the two signature parameters fields in
+ a certificate. We were already enforcing the signature algorithm, but 
there
+ was a bug in parameter checking code.
+
+  ** libgnutls: fixed issue preventing sending and receiving from different
+ threads when false start was enabled (#713).
+
+  ** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
+ session, as non-writeable security officer sessions are undefined in 
PKCS#11
+ (#721).
+
+  ** libgnutls: no longer send downgrade sentinel in TLS 1.3.
+ Previously the sentinel value was embedded to early in version
+ negotiation and was sent even on TLS 1.3. It is now sent only when
+ TLS 1.2 or earlier is negotiated (#689).
+
+  ** gnutls-cli: Added option --logfile to redirect informational messages 
output.
+
+- Disabled dane support in SLE since dane is not shipped there
+
+- Changed configure script to hardware guile site directory since command-line
+  option '--with-guile-site-dir=' was removed from the configure script.
+
+  ** Added gnutls-3.6.6-set_guile_site_dir.patch
+
+- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix
+  compilation issues on PPC
+
+---

Old:

  gnutls-3.6.6.tar.xz
  gnutls-3.6.6.tar.xz.sig

New:

  gnutls-3.6.6-set_guile_site_dir.patch
  gnutls-3.6.7.tar.xz
  gnutls-3.6.7.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.bMijxU/_old  2019-04-10 23:10:37.983935541 +0200
+++ /var/tmp/diff_new_pack.bMijxU/_new  2019-04-10 23:10:37.987935545 +0200
@@ -20,8 +20,8 @@
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
 
-# unbound isn't in SLE12 (bsc#1086428)
-%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500
+# unbound isn't in SLE (bsc#1086428)
+%if 0%{?is_opensuse}
 %bcond_without dane
 %else
 %bcond_with dane
@@ -29,7 +29,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.6
+Version:3.6.7
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -42,6 +42,7 @@
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
 Patch3: disable-psk-file-test.patch
+Patch4: gnutls-3.6.6-set_guile_site_dir.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -112,8 +113,8 @@
 
 %description -n 

commit gnutls for openSUSE:Factory

2019-02-04 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2019-02-04 21:25:11

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.28833 (New)


Package is "gnutls"

Mon Feb  4 21:25:11 2019 rev:116 rq:671140 version:3.6.6

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-12-03 
10:09:16.167771081 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new.28833/gnutls.changes 2019-02-04 
21:25:14.943597851 +0100
@@ -1,0 +2,66 @@
+Mon Feb  4 12:41:43 UTC 2019 - Vítězslav Čížek 
+
+- Update to 3.6.6
+  ** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
+   on the public key (#640).
+  ** libgnutls: Added support for raw public-key authentication as defined in 
RFC7250.
+ Raw public-keys can be negotiated by enabling the corresponding 
certificate
+ types via the priority strings. The raw public-key mechanism must be 
explicitly
+ enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
+  ** libgnutls: When on server or client side we are sending no extensions we 
do
+ not set an empty extensions field but we rather remove that field 
competely.
+ This solves a regression since 3.5.x and improves compatibility of the 
server
+ side with certain clients.
+  ** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS 
capable if
+   the CKA_SIGN is not set (#667).
+  ** libgnutls: The priority string option %NO_EXTENSIONS was improved to 
completely
+ disable extensions at all cases, while providing a functional session. 
This
+ also implies that when specified, TLS1.3 is disabled.
+  ** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as 
deprecated.
+ The previous definition was non-functional (#609).
+- drop no longer needed gnutls-enbale-guile-2.2.patch
+- refresh disable-psk-file-test.patch
+
+---
+Wed Jan  2 13:36:26 UTC 2019 - Vítězslav Čížek 
+
+- Update to 3.6.5
+  ** libgnutls: Provide the option of transparent re-handshake/reauthentication
+ when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
+  ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
+  ** libgnutls: The priority functions will ignore and not enable TLS1.3 if
+ requested with legacy TLS versions enabled but not TLS1.2. That is because
+ if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 
enabled)
+ servers which do not support TLS1.3 will negotiate TLS1.2 which will be
+ rejected by the client as disabled (#621).
+  ** libgnutls: Change RSA decryption to use a new side-channel silent 
function.
+ This addresses a security issue where memory access patterns as well as 
timing
+ on the underlying Nettle rsa-decrypt function could lead to new 
Bleichenbacher
+ attacks. Side-channel resistant code is slower due to the need to mask
+ access and timings. When used in TLS the new functions cause RSA based
+ handshakes to be between 13% and 28% slower on average (Numbers are 
indicative,
+ the tests where performed on a relatively modern Intel CPU, results vary
+ depending on the CPU and architecture used). This change makes nettle 
3.4.1
+ the minimum requirement of gnutls (#630). [CVSS: medium]
+  ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP 
keyword
+ in the priority string. It is only accepted as legacy option and is 
ignored.
+  ** libgnutls: Added support for EdDSA under PKCS#11 (#417)
+  ** libgnutls: Added support for AES-CFB8 cipher (#357)
+  ** libgnutls: Added support for AES-CMAC MAC (#351)
+  ** libgnutls: In two previous versions 
GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
+   have incorrectly used CryptoPro-A S-BOX instead of proper 
(CryptoPro-B/-C/-D
+ S-BOXes). They are fixed now.
+  ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
+ keys parsing, as specified in R 50.1.112-2016.
+  ** gnutls-serv: It applies the default settings when no --priority option is 
given,
+ using gnutls_set_default_priority().
+  ** p11tool: Fix initialization of security officer's PIN with the 
--initialize-so-pin
+ option (#561)
+  ** certtool: Add parameter --no-text that prevents certtool from outputting
+ text before PEM-encoded private key, public key, certificate, CRL or CSR.
+- minimum required libnettle is now 3.4.1
+- refresh
+  * disable-psk-file-test.patch
+  * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+
+---

Old:

  gnutls-3.6.4.tar.xz
  gnutls-3.6.4.tar.xz.sig
  gnutls-enbale-guile-2.2.patch

New:

  gnutls-3.6.6.tar.xz
  

commit gnutls for openSUSE:Factory

2018-12-03 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-12-03 10:09:09

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new.19453 (New)


Package is "gnutls"

Mon Dec  3 10:09:09 2018 rev:115 rq:652451 version:3.6.4

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-10-25 
08:11:24.528224690 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.19453/gnutls.changes 2018-12-03 
10:09:16.167771081 +0100
@@ -1,0 +2,9 @@
+Tue Nov 27 13:46:27 UTC 2018 - jbrielma...@suse.de
+
+- search for guile-2.2 during configure, part of boo#1117121
+  add patches:
+  * gnutls-enbale-guile-2.2.patch: search for guile-2.2
+  refresh patches:
+  * disable-psk-file-test.patch: disable psk-file in Makefile.am
+
+---

New:

  gnutls-enbale-guile-2.2.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.yEgkor/_old  2018-12-03 10:09:17.119770203 +0100
+++ /var/tmp/diff_new_pack.yEgkor/_new  2018-12-03 10:09:17.127770196 +0100
@@ -42,6 +42,8 @@
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
 Patch3: disable-psk-file-test.patch
+# Search for guile-2.2, which is supported since 3.5.5
+Patch4: gnutls-enbale-guile-2.2.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -161,6 +163,7 @@
 %setup -q
 %patch1 -p1
 %patch3 -p1
+%patch4 -p1
 # dtls-resume test fails on PPC
 %ifarch ppc64 ppc64le ppc
 %patch2 -p1

++ disable-psk-file-test.patch ++
--- /var/tmp/diff_new_pack.yEgkor/_old  2018-12-03 10:09:17.155770170 +0100
+++ /var/tmp/diff_new_pack.yEgkor/_new  2018-12-03 10:09:17.155770170 +0100
@@ -105,3 +105,15 @@
-rm -f ./$(DEPDIR)/pskself.Po
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
-rm -f ./$(DEPDIR)/random-art.Po
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+--- a/tests/Makefile.am2018-11-21 16:31:27.871806950 +0100
 b/tests/Makefile.am2018-11-21 16:31:47.952191845 +0100
+@@ -167,7 +167,7 @@
+tls13-cert-key-exchange x509-cert-callback-ocsp 
gnutls_ocsp_resp_list_import2 \
+server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal 
pkcs7-gen dtls-etm \
+x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \
+-   mini-alignment oids atfork prf psk-file priority-init2 \
++   mini-alignment oids atfork prf priority-init2 \
+status-request status-request-ok status-request-missing 
sign-verify-ext \
+fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \
+key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function 
auto-verify \


++ gnutls-enbale-guile-2.2.patch ++
--- gnutls-3.6.4/aclocal.m4.orig2018-10-16 17:52:16.972960988 +0200
+++ gnutls-3.6.4/aclocal.m4 2018-10-16 17:52:32.797099492 +0200
@@ -162,7 +162,7 @@
 #
 AC_DEFUN([GUILE_PKG],
  [PKG_PROG_PKG_CONFIG
-  _guile_versions_to_search="m4_default([$1], [2.0 1.8])"
+  _guile_versions_to_search="m4_default([$1], [2.2 2.0 1.8])"
   if test -n "$GUILE_EFFECTIVE_VERSION"; then
 _guile_tmp=""
 for v in $_guile_versions_to_search; do
--- gnutls-3.6.4/configure.orig 2018-10-16 18:00:13.661141247 +0200
+++ gnutls-3.6.4/configure  2018-10-16 18:00:29.857283556 +0200
@@ -62704,7 +62704,7 @@
PKG_CONFIG=""
fi
 fi
-  _guile_versions_to_search="2.0 1.8"
+  _guile_versions_to_search="2.2 2.0 1.8"
   if test -n "$GUILE_EFFECTIVE_VERSION"; then
 _guile_tmp=""
 for v in $_guile_versions_to_search; do




commit gnutls for openSUSE:Factory

2018-10-25 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-10-25 08:11:16

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Thu Oct 25 08:11:16 2018 rev:114 rq:642097 version:3.6.4

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-09-26 
16:01:11.424517917 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-10-25 
08:11:24.528224690 +0200
@@ -1,0 +2,36 @@
+Mon Oct 15 15:41:42 UTC 2018 - Vítězslav Čížek 
+
+- Temporarily disable failing psk-file test (race condition)
+  * add disable-psk-file-test.patch
+
+---
+Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal 
+
+- Version update to 3.6.4 (bsc#757):
+  ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 
protocol.
+  ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
+ gnutls_certificate_set_retrieve_function() which could not handle the 
case where
+ no certificates were returned, or the callbacks were set to NULL (see 
#528).
+  ** libgnutls: gnutls_handshake() on server returns early on handshake when no
+ certificate is presented by client and the gnutls_init() flag 
GNUTLS_ENABLE_EARLY_START
+ is specified.
+  ** libgnutls: Added session ticket key rotation on server side with TOTP.
+ The key set with gnutls_session_ticket_enable_server() is used as a
+ master key to generate time-based keys for tickets. The rotation
+ relates to the gnutls_db_set_cache_expiration() period.
+  ** libgnutls: The 'record size limit' extension is added and preferred to the
+ 'max record size' extension when possible.
+  ** libgnutls: Provide a more flexible PKCS#11 search of trust store 
certificates.
+ This addresses the problem where the CA certificate doesn't have a 
subject key
+ identifier whereas the end certificates have an authority key identifier 
(#569)
+  ** libgnutls: gnutls_privkey_export_gost_raw2(), 
gnutls_privkey_import_gost_raw(),
+ gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
+ and export GOST parameters in the "native" little endian format used for 
these
+ curves. This is an intentional incompatible change with 3.6.3.
+  ** libgnutls: Added support for seperately negotiating client and server 
certificate types
+ as defined in RFC7250. This mechanism must be explicitly enabled via the
+ GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
+- Drop upstreamed patch:
+  * gnutls-3.6.3-backport-upstream-fixes.patch
+
+---

Old:

  gnutls-3.6.3-backport-upstream-fixes.patch
  gnutls-3.6.3.tar.xz
  gnutls-3.6.3.tar.xz.sig

New:

  disable-psk-file-test.patch
  gnutls-3.6.4.tar.xz
  gnutls-3.6.4.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.a7g3pq/_old  2018-10-25 08:11:25.244224221 +0200
+++ /var/tmp/diff_new_pack.a7g3pq/_new  2018-10-25 08:11:25.248224219 +0200
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -20,8 +20,8 @@
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
 
-# unbound isn't in SLE (bsc#1086428)
-%if 0%{?is_opensuse}
+# unbound isn't in SLE12 (bsc#1086428)
+%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500
 %bcond_without dane
 %else
 %bcond_with dane
@@ -29,7 +29,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.3
+Version:3.6.4
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -41,7 +41,7 @@
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-Patch3: gnutls-3.6.3-backport-upstream-fixes.patch
+Patch3: disable-psk-file-test.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -160,11 +160,11 @@
 %prep
 %setup -q
 %patch1 -p1
+%patch3 -p1
 # dtls-resume test fails on PPC
 %ifarch ppc64 ppc64le ppc
 %patch2 -p1
 %endif
-%patch3 -p1
 
 %build
 export LDFLAGS="-pie"

++ disable-psk-file-test.patch ++
diff --git a/tests/Makefile.in b/tests/Makefile.in
index 07433e0..4ecd431 100644
--- a/tests/Makefile.in
+++ b/tests/Makefile.in
@@ -457,7 +457,7 @@ am__EXEEXT_10 = tls13/supported_versions$(EXEEXT) \

commit gnutls for openSUSE:Factory

2018-09-26 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-09-26 16:01:09

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Wed Sep 26 16:01:09 2018 rev:113 rq:636363 version:3.6.3

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-09-11 
17:08:41.136210306 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-09-26 
16:01:11.424517917 +0200
@@ -1,0 +2,17 @@
+Tue Sep 18 08:39:56 UTC 2018 - sch...@suse.de
+
+- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
+  test/Makefile.in as autoreconf does not work
+
+---
+Fri Sep 14 13:07:41 UTC 2018 - Luis Henriques 
+
+- Backport of upstream fixes (boo#1108450)
+  * gnutls-3.6.3-backport-upstream-fixes.patch
+  Fixes taken from upstream commits:
+  ** 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert 
retrieval function")
+  ** 42945a7aab6d ("allow no certificates to be reported by the 
gnutls_certificate_retrieve_function callbacks")
+  ** 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext 
being last on client hello")
+  The patch was taken from https://github.com/weechat/weechat/issues/1231
+
+---

New:

  gnutls-3.6.3-backport-upstream-fixes.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.ffAgQT/_old  2018-09-26 16:01:12.292516411 +0200
+++ /var/tmp/diff_new_pack.ffAgQT/_new  2018-09-26 16:01:12.292516411 +0200
@@ -41,6 +41,7 @@
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+Patch3: gnutls-3.6.3-backport-upstream-fixes.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -163,6 +164,7 @@
 %ifarch ppc64 ppc64le ppc
 %patch2 -p1
 %endif
+%patch3 -p1
 
 %build
 export LDFLAGS="-pie"

++ gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ++
--- /var/tmp/diff_new_pack.ffAgQT/_old  2018-09-26 16:01:12.332516341 +0200
+++ /var/tmp/diff_new_pack.ffAgQT/_new  2018-09-26 16:01:12.332516341 +0200
@@ -1,8 +1,8 @@
-Index: gnutls-3.6.2/tests/Makefile.am
+Index: gnutls-3.6.3/tests/Makefile.am
 ===
 gnutls-3.6.2.orig/tests/Makefile.am2018-02-16 08:27:16.0 
+0100
-+++ gnutls-3.6.2/tests/Makefile.am 2018-03-23 12:07:47.003150907 +0100
-@@ -330,7 +330,7 @@ if !WINDOWS
+--- gnutls-3.6.3.orig/tests/Makefile.am
 gnutls-3.6.3/tests/Makefile.am
+@@ -406,7 +406,7 @@ if !WINDOWS
  # List of tests not available/functional under windows
  #
  
@@ -11,3 +11,25 @@
  
  indirect_tests += dtls-stress
  
+Index: gnutls-3.6.3/tests/Makefile.in
+===
+--- gnutls-3.6.3.orig/tests/Makefile.in
 gnutls-3.6.3/tests/Makefile.in
+@@ -161,7 +161,7 @@ host_triplet = @host@
+ #
+ # List of tests not available/functional under windows
+ #
+-@WINDOWS_FALSE@am__append_12 = dtls/dtls dtls/dtls-resume fastopen.sh \
++@WINDOWS_FALSE@am__append_12 = dtls/dtls fastopen.sh \
+ @WINDOWS_FALSE@   pkgconfig.sh starttls.sh starttls-ftp.sh \
+ @WINDOWS_FALSE@   starttls-smtp.sh starttls-lmtp.sh \
+ @WINDOWS_FALSE@   starttls-pop3.sh starttls-nntp.sh \
+@@ -2507,7 +2507,7 @@ x509sign_verify_rsa_DEPENDENCIES = $(COM
+   $(am__DEPENDENCIES_2)
+ am__dist_check_SCRIPTS_DIST = rfc2253-escape-test \
+   rsa-md5-collision/rsa-md5-collision.sh systemkey.sh dtls/dtls \
+-  dtls/dtls-resume fastopen.sh pkgconfig.sh starttls.sh \
++  fastopen.sh pkgconfig.sh starttls.sh \
+   starttls-ftp.sh starttls-smtp.sh starttls-lmtp.sh \
+   starttls-pop3.sh starttls-nntp.sh starttls-sieve.sh \
+   ocsp-tests/ocsp-tls-connection \

++ gnutls-3.6.3-backport-upstream-fixes.patch ++
diff --git a/lib/cert-cred.c b/lib/cert-cred.c
index d3777e51f..2150e903f 100644
--- a/lib/cert-cred.c
+++ b/lib/cert-cred.c
@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
 
+   if (st2.ncerts == 0) {
+   *pcert_length = 0;
+   *ocsp_length = 0;
+   *privkey = NULL;
+   return 0;
+   }
+
if (st2.cert_type != GNUTLS_CRT_X509) {
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
  gnutls_certificate_retrieve_function 

commit gnutls for openSUSE:Factory

2018-09-11 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-09-11 17:07:55

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Tue Sep 11 17:07:55 2018 rev:112 rq:631024 version:3.6.3

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-08-03 
12:30:11.466939307 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-09-11 
17:08:41.136210306 +0200
@@ -1,0 +2,37 @@
+Wed Aug 22 15:40:33 UTC 2018 - vci...@suse.com
+
+- Update to 3.6.3
+  Fixes security issues:
+  CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, CVE-2017-10790
+  (bsc#1105437, bsc#1105460, bsc#1105459, bsc#1047002)
+  Other Changes:
+  ** libgnutls: Introduced support for draft-ietf-tls-tls13-28
+  ** libgnutls: Apply compatibility settings for existing applications running 
with TLS1.2 or
+ earlier and TLS 1.3.
+  ** Added support for Russian Public Key Infrastructure according to RFCs 
4491/4357/7836.
+  ** Provide a uniform cipher list across supported TLS protocols
+  ** The SSL 3.0 protocol is disabled on compile-time by default.
+  ** libgnutls: Introduced function to switch the current FIPS140-2 operational
+ mode
+  ** libgnutls: Introduced low-level function to assist applications 
attempting client
+ hello extension parsing, prior to GnuTLS' parsing of the message.
+  ** libgnutls: When exporting an X.509 certificate avoid re-encoding if there 
are no
+ modifications to the certificate.
+  ** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the 
groups
+ which are preferred by the server.
+  ** Improved counter-measures for TLS CBC record padding.
+ ** Introduced the %FORCE_ETM priority string option. This option prevents 
the negotiation
+ of legacy CBC ciphersuites unless encrypt-then-mac is negotiated.
+  ** libgnutls: gnutls_privkey_import_ext4() was enhanced with the
+ GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag.
+  ** libgnutls: gnutls_pkcs11_copy_secret_key, 
gnutls_pkcs11_copy_x509_privkey2,
+ gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default
+ unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an 
API
+ change for these functions which make them err towards safety.
+  ** libgnutls: improved aarch64 cpu features detection by using getauxval().
+  ** certtool: It is now possible to specify certificate and serial CRL 
numbers greater
+ than 2**63-2 as a hex-encoded string both when prompted and in a template 
file.
+ Default certificate serial numbers are now fully random.
+- don't run autoreconf to avoid pulling in gtk-doc
+
+---

Old:

  gnutls-3.6.2.tar.xz
  gnutls-3.6.2.tar.xz.sig

New:

  gnutls-3.6.3.tar.xz
  gnutls-3.6.3.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.npbsd7/_old  2018-09-11 17:08:42.136208744 +0200
+++ /var/tmp/diff_new_pack.npbsd7/_new  2018-09-11 17:08:42.136208744 +0200
@@ -29,7 +29,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.2
+Version:3.6.3
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -168,7 +168,7 @@
 export LDFLAGS="-pie"
 export CFLAGS="%{optflags} -fPIE"
 export CXXFLAGS="%{optflags} -fPIE"
-autoreconf -fiv
+#autoreconf -fiv
 %configure \
 gl_cv_func_printf_directive_n=yes \
 gl_cv_func_printf_infinite_long_double=yes \
@@ -177,7 +177,7 @@
 --disable-silent-rules \

--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
 --with-sysroot=/%{?_sysroot} \
---with-guile-site-dir=no \
+--with-guile-site-dir=%{_datadir}/guile \
 %if %{without tpm}
 --without-tpm \
 %endif
@@ -307,7 +307,7 @@
 %if %{with guile}
 %files guile
 %{_libdir}/guile/*
-%{_datadir}/guile/site/gnutls*
+%{_datadir}/guile/gnutls*
 %endif
 
 %changelog

++ gnutls-3.6.2.tar.xz -> gnutls-3.6.3.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.2.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.3.tar.xz differ: char 25, 
line 1





commit gnutls for openSUSE:Factory

2018-08-03 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-08-03 12:30:07

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Fri Aug  3 12:30:07 2018 rev:111 rq:626682 version:3.6.2

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-04-10 
09:48:45.776307831 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-08-03 
12:30:11.466939307 +0200
@@ -1,0 +2,5 @@
+Tue Jul 31 10:04:17 UTC 2018 - sch...@suse.de
+
+- Require pkgconfig(autoopts) for building
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.VAsHLQ/_old  2018-08-03 12:30:12.066940189 +0200
+++ /var/tmp/diff_new_pack.VAsHLQ/_new  2018-08-03 12:30:12.066940189 +0200
@@ -46,6 +46,7 @@
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
+BuildRequires:  pkgconfig(autoopts)
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure 
we have it present
 BuildRequires:  iproute2
 BuildRequires:  libidn2-devel






commit gnutls for openSUSE:Factory

2018-04-10 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-04-10 09:48:38

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Tue Apr 10 09:48:38 2018 rev:110 rq:593004 version:3.6.2

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-03-30 
11:56:10.186149056 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-04-10 
09:48:45.776307831 +0200
@@ -1,0 +2,11 @@
+Thu Mar 29 10:01:31 UTC 2018 - vci...@suse.com
+
+- Simplify the DANE support %ifdef condition
+  * build with DANE on openSUSE only
+
+---
+Mon Mar 26 16:17:55 UTC 2018 - jeng...@inai.de
+
+- Adjust RPM groups. Drop %if..%endif guards that are idempotent.
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.7azX7l/_old  2018-04-10 09:48:47.448247257 +0200
+++ /var/tmp/diff_new_pack.7azX7l/_new  2018-04-10 09:48:47.448247257 +0200
@@ -20,11 +20,11 @@
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
 
-# unbound isn't in SLE-15 (bsc#1086428)
-%if 0%{?sle_version} == 15 && !0%{?is_opensuse}
-%bcond_with dane
-%else
+# unbound isn't in SLE (bsc#1086428)
+%if 0%{?is_opensuse}
 %bcond_without dane
+%else
+%bcond_with dane
 %endif
 %bcond_with tpm
 %bcond_without guile
@@ -93,17 +93,15 @@
 layer. Currently the GnuTLS library implements the proposed standards
 of the IETF's TLS working group.
 
-%if %{with dane}
 %package -n libgnutls-dane%{gnutls_dane_sover}
-Summary:The GNU Transport Layer Security Library
+Summary:DANE support for the GNU Transport Layer Security Library
 License:LGPL-2.1-or-later
-Group:  Productivity/Networking/Security
+Group:  System/Libraries
 
 %description -n libgnutls-dane%{gnutls_dane_sover}
 The GnuTLS project aims to develop a library that provides a secure
 layer over a reliable transport layer.
 This package contains the "DANE" part of gnutls.
-%endif
 
 %package -n libgnutlsxx%{gnutlsxx_sover}
 Summary:C++ API for the GNU Transport Layer Security Library
@@ -127,7 +125,6 @@
 %description -n libgnutls-devel
 Files needed for software development using gnutls.
 
-%if %{with dane}
 %package -n libgnutls-dane-devel
 Summary:Development package for GnuTLS DANE component
 License:LGPL-2.1-or-later
@@ -136,7 +133,6 @@
 
 %description -n libgnutls-dane-devel
 Files needed for software development using gnutls.
-%endif
 
 %package -n libgnutlsxx-devel
 Summary:Development package for the GnuTLS C++ API
@@ -150,7 +146,6 @@
 %description -n libgnutlsxx-devel
 Files needed for software development using gnutls.
 
-%if %{with guile}
 %package guile
 Summary:Guile wrappers for gnutls
 License:LGPL-2.1-or-later
@@ -159,7 +154,6 @@
 
 %description guile
 GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
-%endif
 
 %prep
 %setup -q






commit gnutls for openSUSE:Factory

2018-03-30 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-03-30 11:56:05

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Fri Mar 30 11:56:05 2018 rev:109 rq:591143 version:3.6.2

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-03-16 
10:33:47.705113879 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-03-30 
11:56:10.186149056 +0200
@@ -1,0 +2,19 @@
+Fri Mar 23 11:20:59 UTC 2018 - vci...@suse.com
+
+- build without DANE support on SLE-15, as it doesn't have unbound
+  (bsc#1086428)
+
+---
+Fri Mar 23 11:10:59 UTC 2018 - vci...@suse.com
+
+- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+  the dtls-resume test still keeps randomly failing on PPC
+
+---
+Fri Mar 23 01:42:49 CET 2018 - r...@suse.de
+
+- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+  patch does not apply any more and apparently the build
+  suceeds even if the formerly flaky testcase is run (bsc#1086579)
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.qbLp60/_old  2018-03-30 11:56:11.694094520 +0200
+++ /var/tmp/diff_new_pack.qbLp60/_new  2018-03-30 11:56:11.694094520 +0200
@@ -19,14 +19,20 @@
 %define gnutls_sover 30
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
+
+# unbound isn't in SLE-15 (bsc#1086428)
+%if 0%{?sle_version} == 15 && !0%{?is_opensuse}
+%bcond_with dane
+%else
 %bcond_without dane
+%endif
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
 Version:3.6.2
 Release:0
 Summary:The GNU Transport Layer Security Library
-License:LGPL-2.1+ AND GPL-3.0+
+License:LGPL-2.1-or-later AND GPL-3.0-or-later
 Group:  Productivity/Networking/Security
 Url:http://www.gnutls.org/
 Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
@@ -79,7 +85,7 @@
 
 %package -n libgnutls%{gnutls_sover}
 Summary:The GNU Transport Layer Security Library
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  System/Libraries
 
 %description -n libgnutls%{gnutls_sover}
@@ -90,7 +96,7 @@
 %if %{with dane}
 %package -n libgnutls-dane%{gnutls_dane_sover}
 Summary:The GNU Transport Layer Security Library
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  Productivity/Networking/Security
 
 %description -n libgnutls-dane%{gnutls_dane_sover}
@@ -101,7 +107,7 @@
 
 %package -n libgnutlsxx%{gnutlsxx_sover}
 Summary:C++ API for the GNU Transport Layer Security Library
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  System/Libraries
 
 %description -n libgnutlsxx%{gnutlsxx_sover}
@@ -111,7 +117,7 @@
 
 %package -n libgnutls-devel
 Summary:Development package for the GnuTLS C API
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  Development/Libraries/C and C++
 Requires:   glibc-devel
 Requires:   libgnutls%{gnutls_sover} = %{version}
@@ -124,7 +130,7 @@
 %if %{with dane}
 %package -n libgnutls-dane-devel
 Summary:Development package for GnuTLS DANE component
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  Development/Libraries/C and C++
 Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
 
@@ -134,7 +140,7 @@
 
 %package -n libgnutlsxx-devel
 Summary:Development package for the GnuTLS C++ API
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  Development/Libraries/C and C++
 Requires:   libgnutls-devel = %{version}
 Requires:   libgnutlsxx%{gnutlsxx_sover} = %{version}
@@ -147,7 +153,7 @@
 %if %{with guile}
 %package guile
 Summary:Guile wrappers for gnutls
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
 Group:  Development/Libraries/Other
 Requires:   guile
 

++ gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ++
--- /var/tmp/diff_new_pack.qbLp60/_old  2018-03-30 11:56:11.726093363 +0200
+++ /var/tmp/diff_new_pack.qbLp60/_new  2018-03-30 11:56:11.726093363 +0200
@@ -1,22 +1,13 @@
-Index: gnutls-3.6.0/tests/dtls/Makefile.am
+Index: gnutls-3.6.2/tests/Makefile.am
 ===
 gnutls-3.6.0.orig/tests/dtls/Makefile.am   2017-04-19 21:49:27.0 
+0200
-+++ gnutls-3.6.0/tests/dtls/Makefile.am2017-09-20 14:33:56.763416427 
+0200

commit gnutls for openSUSE:Factory

2018-03-16 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-03-16 10:33:36

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Fri Mar 16 10:33:36 2018 rev:108 rq:587401 version:3.6.2

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-02-28 
19:55:31.999592305 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-03-16 
10:33:47.705113879 +0100
@@ -1,0 +2,35 @@
+Thu Mar 15 06:52:49 UTC 2018 - meiss...@suse.com
+
+- gnutls.keyring: Nikos key refreshed to be unexpired
+
+---
+Tue Mar 13 14:48:56 UTC 2018 - kbabi...@suse.com
+
+- GnuTLS 3.6.2:
+  * libgnutls: When verifying against a self signed certificate ignore issuer.
+That is, ignore issuer when checking the issuer's parameters strength,
+resolving issue #347 which caused self signed certificates to be
+additionally marked as of insufficient security level.
+  * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
+MTU calculation now, it correctly accounts for the fixed overhead due to
+padding (as 1 byte), while at the same time considers the rest of the
+padding as part of data MTU.
+  * libgnutls: Address issue of loading of all PKCS#11 modules on startup
+on systems with a PKCS#11 trust store (as opposed to a file trust store).
+Introduced a multi-stage initialization which loads the trust modules, and
+other modules are deferred for the first pure PKCS#11 request.
+  * libgnutls: The SRP authentication will reject any parameters outside
+RFC5054. This protects any client from potential MitM due to insecure
+parameters. That also brings SRP in par with the RFC7919 changes to
+Diffie-Hellman.
+  * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
+for SRP authentication.
+  * libgnutls: Addressed issue in the accelerated code affecting
+interoperability with versions of nettle >= 3.4.
+  * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
+  * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch 
by
+Vitezslav Cizek).
+  * srptool: the --create-conf option no longer includes 1024-bit parameters.
+  * p11tool: Fixed the deletion of objects in batch mode.
+- Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
+---

Old:

  gnutls-3.6.1.tar.xz
  gnutls-3.6.1.tar.xz.sig
  gnutls-check_aes_keysize.patch

New:

  gnutls-3.6.2.tar.xz
  gnutls-3.6.2.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.fHbTVz/_old  2018-03-16 10:33:49.113063184 +0100
+++ /var/tmp/diff_new_pack.fHbTVz/_new  2018-03-16 10:33:49.121062896 +0100
@@ -23,7 +23,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.1
+Version:3.6.2
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ AND GPL-3.0+
@@ -35,8 +35,6 @@
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-# PATCH-FIX-UPSTREAM https://gitlab.com/gnutls/gnutls/merge_requests/592
-Patch3: gnutls-check_aes_keysize.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -160,7 +158,6 @@
 %prep
 %setup -q
 %patch1 -p1
-%patch3 -p1
 # dtls-resume test fails on PPC
 %ifarch ppc64 ppc64le ppc
 %patch2 -p1

++ gnutls-3.6.1.tar.xz -> gnutls-3.6.2.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.1.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.2.tar.xz differ: char 26, 
line 1

++ gnutls.keyring ++
 1256 lines (skipped)
 between gnutls.keyring
 and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.keyring




commit gnutls for openSUSE:Factory

2018-02-28 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-02-28 19:55:27

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Wed Feb 28 19:55:27 2018 rev:107 rq:580155 version:3.6.1

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2018-02-12 
10:09:05.390749385 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-02-28 
19:55:31.999592305 +0100
@@ -1,0 +2,5 @@
+Thu Feb 22 15:10:33 UTC 2018 - fv...@suse.com
+
+- Use %license (boo#1082318)
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.650I7r/_old  2018-02-28 19:55:33.519537303 +0100
+++ /var/tmp/diff_new_pack.650I7r/_new  2018-02-28 19:55:33.527537014 +0100
@@ -239,7 +239,8 @@
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
 
 %files -f libgnutls.lang
-%doc THANKS README.md NEWS ChangeLog LICENSE AUTHORS doc/TODO
+%license LICENSE
+%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
 %{_bindir}/certtool
 %{_bindir}/gnutls-cli
 %{_bindir}/gnutls-cli-debug






commit gnutls for openSUSE:Factory

2018-02-12 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2018-02-12 10:09:02

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Mon Feb 12 10:09:02 2018 rev:106 rq:574115 version:3.6.1

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-11-10 
14:41:39.418227697 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2018-02-12 
10:09:05.390749385 +0100
@@ -1,0 +2,6 @@
+Wed Feb  7 11:08:54 UTC 2018 - vci...@suse.com
+
+- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303)
+  * add gnutls-check_aes_keysize.patch
+
+---

New:

  gnutls-check_aes_keysize.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.Ey1luS/_old  2018-02-12 10:09:06.598705851 +0100
+++ /var/tmp/diff_new_pack.Ey1luS/_new  2018-02-12 10:09:06.598705851 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,8 @@
 Source3:baselibs.conf
 Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+# PATCH-FIX-UPSTREAM https://gitlab.com/gnutls/gnutls/merge_requests/592
+Patch3: gnutls-check_aes_keysize.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@@ -158,6 +160,7 @@
 %prep
 %setup -q
 %patch1 -p1
+%patch3 -p1
 # dtls-resume test fails on PPC
 %ifarch ppc64 ppc64le ppc
 %patch2 -p1
@@ -229,7 +232,6 @@
 
 %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
 %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
-
 %post -n libgnutls-devel
 %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
 


++ gnutls-check_aes_keysize.patch ++
Index: gnutls-3.6.1/lib/accelerated/x86/aes-cbc-x86-ssse3.c
===
--- gnutls-3.6.1.orig/lib/accelerated/x86/aes-cbc-x86-ssse3.c   2018-02-06 
14:03:54.986532959 +0100
+++ gnutls-3.6.1/lib/accelerated/x86/aes-cbc-x86-ssse3.c2018-02-06 
14:04:06.022686653 +0100
@@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, cons
struct aes_ctx *ctx = _ctx;
int ret;
 
+   if (keysize != 16 && keysize != 24 && keysize != 32)
+   return GNUTLS_E_INVALID_REQUEST;
+
if (ctx->enc)
ret =
vpaes_set_encrypt_key(userkey, keysize * 8,




commit gnutls for openSUSE:Factory

2017-11-10 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-11-10 14:40:23

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Fri Nov 10 14:40:23 2017 rev:105 rq:539293 version:3.6.1

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-09-25 
13:50:31.533889938 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-11-10 
14:41:39.418227697 +0100
@@ -1,0 +2,25 @@
+Wed Nov  1 15:13:55 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.6.1:
+  * Fix interoperability issue with openssl when safe renegotiation
+was used
+  * gnutls_x509_crl_sign, gnutls_x509_crt_sign,
+gnutls_x509_crq_sign, were modified to sign with a better
+algorithm than SHA1. They will now sign with an algorithm that
+corresponds to the security level of the signer's key.
+  * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
+accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That
+will signal the function to auto-detect an appropriate hash
+algorithm to use.
+  * Remove support for signature algorithms using SHA2-224 in TLS.
+TLS 1.3 no longer uses SHA2-224 and it was never a widespread
+algorithm in TLS 1.2
+  * Refuse to use client certificates containing disallowed
+algorithms for a session, reverting a change on 3.5.5
+  * Refuse to resume a session which had a different SNI advertised
+That improves RFC6066 support in server side.
+  * p11tool: Mark all generated objects as sensitive by default.
+  * p11tool: added options --sign-params and --hash. This allows
+testing signature with multiple algorithms, including RSA-PSS.
+
+---

Old:

  gnutls-3.6.0.tar.xz
  gnutls-3.6.0.tar.xz.sig

New:

  gnutls-3.6.1.tar.xz
  gnutls-3.6.1.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.kzdS78/_old  2017-11-10 14:41:41.462153816 +0100
+++ /var/tmp/diff_new_pack.kzdS78/_new  2017-11-10 14:41:41.462153816 +0100
@@ -23,7 +23,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:   gnutls
-Version:3.6.0
+Version:3.6.1
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ AND GPL-3.0+

++ gnutls-3.6.0.tar.xz -> gnutls-3.6.1.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.0.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.1.tar.xz differ: char 26, 
line 1





commit gnutls for openSUSE:Factory

2017-09-25 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-09-25 13:50:29

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Mon Sep 25 13:50:29 2017 rev:104 rq:528289 version:3.6.0

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-09-12 
19:38:09.896419331 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-09-25 
13:50:31.533889938 +0200
@@ -1,0 +2,94 @@
+Wed Sep 20 12:36:16 UTC 2017 - vci...@suse.com
+
+- Disable flaky dtls_resume test on Power
+  * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
+
+---
+Mon Sep 18 11:47:23 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.6.0:
+  * Introduce a lock-free random generator which operates per-
+thread and eliminates random-generator related bottlenecks in
+multi-threaded operation.
+  * Replace the Salsa20 random generator with one based on CHACHA.
+The goal is to reduce code needed in cache (CHACHA is also
+used for TLS), and the number of primitives used by the
+library. That does not affect the AES-DRBG random generator
+used in FIPS140-2 mode.
+  * Add support for RSA-PSS key type as well as signatures in
+certificates, and TLS key exchange
+  * Add support for Ed25519 signing in certificates and TLS key
+ exchange following draft-ietf-tls-rfc4492bis-17
+  * Enable X25519 key exchange by default, following
+draft-ietf-tls-rfc4492bis-17.
+  * Add support for Diffie-Hellman group negotiation following
+RFC7919.
+  * Introduce various sanity checks on certificate import
+  * Introduce gnutls_x509_crt_set_flags(). This function can set
+flags in the crt structure. The only flag supported at the
+moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the
+certificate sanity checks on import.
+  * PKIX certificates with unknown critical extensions are rejected
+on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS
+  * Refuse to generate a certificate with an illegal version, or an
+illegal serial number. That is, gnutls_x509_crt_set_version()
+and gnutls_x509_crt_set_serial(), will fail on input considered
+to be invalid in RFC5280.
+  * Call to gnutls_record_send() and gnutls_record_recv() prior to
+handshake being complete are now refused
+  * Add support for PKCS#12 files with no salt (zero length) in
+their password encoding, and PKCS#12 files using SHA384 and
+SHA512 as MAC.
+  * libgnutls: Exported functions to encode and decode DSA and ECDSA
+r,s values.
+  * Add new callback setting function to gnutls_privkey_t for
+external keys. The new function (gnutls_privkey_import_ext4),
+allows signing in addition to previous algorithms (RSA PKCS#1
+1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys.
+  * Introduce the %VERIFY_ALLOW_BROKEN and
+%VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These
+allows enabling all broken and SHA1-based signature algorithms
+in certificate verification, respectively.
+  * 3DES-CBC is no longer included in the default priorities list.
+It has to be explicitly enabled, e.g., with a string like
+"NORMAL:+3DES-CBC".
+  * SHA1 was marked as insecure for signing certificates.
+Verification of certificates signed with SHA1 is now considered
+insecure and will fail, unless flags intended to enable broken
+algorithms are set. Other uses of SHA1 are still allowed.
+  * RIPEMD160 was marked as insecure for certificate signatures.
+Verification of certificates signed with RIPEMD160 hash
+algorithm is now considered insecure and will fail, unless
+flags intended to enable broken algorithms are set.
+  * No longer enable SECP192R1 and SECP224R1 by default on TLS
+handshakes. These curves were rarely used for that purpose,
+provide no advantage over x25519 and were deprecated by TLS 1.3.
+  * Remove support for DEFLATE, or any other compression method.
+  * OpenPGP authentication was removed; the resulting library is ABI
+compatible, with the openpgp related functions being stubs that
+fail on invocation.
+Drop gnutls-broken-openpgp-tests.patch, no longer required.
+  * Remove support for libidn (i.e., IDNA2003); gnutls can now be
+compiled only with libidn2 which provides IDNA2008.
+  * certtool: The option '--load-ca-certificate' can now accept
+PKCS#11 URLs in addition to files.
+  * certtool: The option '--load-crl' can now be used when
+generating PKCS#12 files (i.e., in conjunction with '--to-p12' option).
+  * certtool: Keys with provable RSA and DSA parameters are now
+only read and exported from PKCS#8 form, following 
+

commit gnutls for openSUSE:Factory

2017-09-12 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-09-12 19:38:08

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Tue Sep 12 19:38:08 2017 rev:103 rq:523074 version:3.5.15

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-08-29 
11:40:39.501271816 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-09-12 
19:38:09.896419331 +0200
@@ -1,0 +2,6 @@
+Mon Sep 11 10:37:44 UTC 2017 - dims...@opensuse.org
+
+- Buildrequire iproute2: the test suite calls /usr/bin/ss and as
+  such we have to ensure to pull it in.
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.m9rITa/_old  2017-09-12 19:38:10.636315348 +0200
+++ /var/tmp/diff_new_pack.m9rITa/_new  2017-09-12 19:38:10.640314787 +0200
@@ -40,6 +40,8 @@
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
+# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure 
we have it present
+BuildRequires:  iproute2
 BuildRequires:  libidn2-devel
 BuildRequires:  libnettle-devel >= 3.1
 BuildRequires:  libtasn1-devel >= 4.9






commit gnutls for openSUSE:Factory

2017-08-29 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-08-29 11:40:38

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Tue Aug 29 11:40:38 2017 rev:102 rq:518750 version:3.5.15

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-06-16 
10:48:13.314917701 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-08-29 
11:40:39.501271816 +0200
@@ -1,0 +2,34 @@
+Tue Aug 22 18:49:47 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.15:
+  * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode
+  * certtool: Keys with provable RSA and DSA parameters are now
+only exported in PKCS#8 form
+
+---
+Wed Jul 12 11:23:30 UTC 2017 - jeng...@inai.de
+
+- RPM group fix. Diversification of summaries.
+- Avoid aims and future plans in description. Say what it does now.
+
+---
+Fri Jul  7 11:22:02 UTC 2017 - tchva...@suse.com
+
+- Drop the deprecated openssl compat ; discussed and suggested by
+  vcizek
+- Cleanup a bit with spec-cleaner
+
+---
+Tue Jul  4 10:51:35 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.14:
+  * Handle specially HSMs which request explicit authentication
+  * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs
+  * do not set leading zeros when copying integers on HSMs
+  * Fix issue discovering certain OCSP signers, and improved the
+discovery of OCSP signer in the case where the Subject Public
+Key identifier field matches
+  * ensure OCSP responses are saved with --save-ocsp even if
+certificate verification fails.
+
+---

Old:

  gnutls-3.5.13.tar.xz
  gnutls-3.5.13.tar.xz.sig

New:

  gnutls-3.5.15.tar.xz
  gnutls-3.5.15.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.z7EtpX/_old  2017-08-29 11:40:41.668966196 +0200
+++ /var/tmp/diff_new_pack.z7EtpX/_new  2017-08-29 11:40:41.684963941 +0200
@@ -18,25 +18,18 @@
 
 %define gnutls_sover 30
 %define gnutlsxx_sover 28
-%bcond_without gnutls_openssl_compat
+%define gnutls_dane_sover 0
 %bcond_without dane
 %bcond_with tpm
 %bcond_without guile
-%if %{with gnutls_openssl_compat}
-%define gnutls_ossl_sover 27
-%endif
-%if %{with dane}
-%define gnutls_dane_sover 0
-%endif
 Name:   gnutls
-Version:3.5.13
+Version:3.5.15
 Release:0
 Summary:The GNU Transport Layer Security Library
-License:LGPL-2.1+ and GPL-3.0+
+License:LGPL-2.1+ AND GPL-3.0+
 Group:  Productivity/Networking/Security
 Url:http://www.gnutls.org/
 Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz
-# signature is checked by source services.
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig
 Source2:%{name}.keyring
 Source3:baselibs.conf
@@ -52,11 +45,11 @@
 BuildRequires:  libtasn1-devel >= 4.9
 BuildRequires:  libtool
 BuildRequires:  libunistring-devel
+BuildRequires:  makeinfo
 BuildRequires:  p11-kit-devel >= 0.23.1
 BuildRequires:  pkgconfig
 BuildRequires:  xz
 BuildRequires:  zlib-devel
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} <= 1320
 BuildRequires:  net-tools
 %else
@@ -76,31 +69,21 @@
 %if %{with guile}
 BuildRequires:  guile-devel
 %endif
-# disabled ppc - valgrind crashes on email cert tests currently. Marcus 
20150413
-# disabled armv7l - valgrind appears to mishandle some insns
-# disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks
-%ifarch %{ix86} x86_64 ppc64 s390x ppc64le
-# disabled all, valgrind breaks tests in 3.4.4
-#BuildRequires:  valgrind
-%endif
-%if 0%{?suse_version} >= 1230
-BuildRequires:  makeinfo
-%endif
 
 %description
-The GnuTLS project aims to develop a library that provides a secure
-layer over a reliable transport layer. Currently the GnuTLS library
-implements the proposed standards of the IETF's TLS working group.
+The GnuTLS library provides a secure layer over a reliable transport
+layer. Currently the GnuTLS library implements the proposed standards
+of the IETF's TLS working group.
 
 %package -n libgnutls%{gnutls_sover}
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+
-Group:  Productivity/Networking/Security
+Group:  System/Libraries
 
 %description -n libgnutls%{gnutls_sover}
-The GnuTLS project aims to develop a library that provides a secure

commit gnutls for openSUSE:Factory

2017-06-16 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-06-16 10:48:11

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Fri Jun 16 10:48:11 2017 rev:101 rq:502802 version:3.5.13

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-05-20 
14:32:00.113847627 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-06-16 
10:48:13.314917701 +0200
@@ -1,0 +2,50 @@
+Thu Jun  8 22:51:06 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.13:
+  * libgnutls: fixed issue with AES-GCM in-place encryption and
+decryption in aarch64
+  * libgnutls: no longer parse the ResponseID field of the status
+response TLS extension. The field is not used by GnuTLS nor is
+made available to calling applications. That addresses a null
+pointer dereference on server side caused by packets containing
+the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398
+  * libgnutls: tolerate certificates which do not have strict DER
+time encoding. It is possible using 3rd party tools to generate
+certificates with time fields that do not conform to DER
+requirements. Since 3.4.x these certificates were rejected and
+cannot be used with GnuTLS, however that caused problems with
+existing private certificate infrastructures, which were
+relying on such certificates. Tolerate reading and using these
+certificates.
+  * minitasn1: updated to libtasn1 4.11.
+  * certtool: allow multiple certificates to be used in --p7-sign
+with the --load-certificate option
+
+---
+Sun Jun  4 19:52:56 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.12:
+  * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches
+IP addresses against DNS fields of certificate (CN or DNSname).
+The previous behavior was to tolerate some misconfigured
+servers, but that was non-standard and skipped any IP
+constraints present in higher level certificates.
+  * libgnutls: when converting to IDNA2008, fallback to IDNA2003
+(i.e., transitional encoding) if the domain cannot be converted.
+That provides maximum compatibility with browsers like firefox
+that perform the same conversion.
+  * libgnutls: fix issue in RSA-PSK client callback which resulted
+in no username being sent to the peer
+  * libgnutls: fix regression causing stapled extensions in trust
+modules not to be considered.
+  * certtool: introduced the email_protection_key option.  This
+option was introduced in documentation for certtool without an
+implementation of it. It is a shortcut for option
+   'key_purpose_oid = 1.3.6.1.5.5.7.3.4'.
+  * certtool: made printing of key ID and key PIN consistent
+between certificates, public keys, and private keys. That is
+the private key printing now uses the same format as the rest.
+  * gnutls-cli: introduced the --sni-hostname option. This allows
+overriding the hostname advertised to the peer.
+
+---

Old:

  gnutls-3.5.11.tar.xz
  gnutls-3.5.11.tar.xz.sig

New:

  gnutls-3.5.13.tar.xz
  gnutls-3.5.13.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.PlGloh/_old  2017-06-16 10:48:14.322775832 +0200
+++ /var/tmp/diff_new_pack.PlGloh/_new  2017-06-16 10:48:14.322775832 +0200
@@ -29,7 +29,7 @@
 %define gnutls_dane_sover 0
 %endif
 Name:   gnutls
-Version:3.5.11
+Version:3.5.13
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+

++ gnutls-3.5.11.tar.xz -> gnutls-3.5.13.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.5.11.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.5.13.tar.xz differ: char 25, 
line 1

++ gnutls-broken-openpgp-tests.patch ++
--- /var/tmp/diff_new_pack.PlGloh/_old  2017-06-16 10:48:14.414762883 +0200
+++ /var/tmp/diff_new_pack.PlGloh/_new  2017-06-16 10:48:14.414762883 +0200
@@ -1,7 +1,7 @@
-Index: gnutls-3.5.11/tests/Makefile.am
+Index: gnutls-3.5.13/tests/Makefile.am
 ===
 gnutls-3.5.11.orig/tests/Makefile.am
-+++ gnutls-3.5.11/tests/Makefile.am
+--- gnutls-3.5.13.orig/tests/Makefile.am   2017-06-07 07:17:11.0 
+0200
 gnutls-3.5.13/tests/Makefile.am2017-06-08 16:53:59.125158222 +0200
 @@ -19,7 +19,7 @@
  # along with this file; if not, write to the Free Software Foundation,
  # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
@@ -18,7 +18,7 @@
 -   

commit gnutls for openSUSE:Factory

2017-05-20 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-05-20 14:31:57

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Sat May 20 14:31:57 2017 rev:100 rq:496936 version:3.5.11

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-05-20 
14:28:37.958448893 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-05-20 
14:32:00.113847627 +0200
@@ -1,0 +2,6 @@
+Thu May 18 08:44:18 UTC 2017 - astie...@suse.com
+
+- skip trust-store tests to avoid build cycle with
+  ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch
+
+---

New:

  gnutls-3.5.11-skip-trust-store-tests.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.bFxfbd/_old  2017-05-20 14:32:01.129703905 +0200
+++ /var/tmp/diff_new_pack.bFxfbd/_new  2017-05-20 14:32:01.133703340 +0200
@@ -41,9 +41,9 @@
 Source2:%{name}.keyring
 Source3:baselibs.conf
 Patch0: gnutls-broken-openpgp-tests.patch
+Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
 BuildRequires:  autogen
 BuildRequires:  automake
-BuildRequires:  ca-certificates-mozilla
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
@@ -200,6 +200,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 export LDFLAGS="-pie"

++ gnutls-3.5.11-skip-trust-store-tests.patch ++
From: Andreas Stieger 
Date: Thu, 18 May 2017 10:31:42 +0200
References: https://build.opensuse.org/request/show/493998
Upstream: never

trust-store test added in 
https://gitlab.com/gnutls/gnutls/commit/8d740ae87fae9c1237421dd24825b78103c5da36
need ca-certificates-mozilla to run.

[  242s] FAIL: trust-store
[  242s] =
[  242s]
[  242s] doit:64: no certificates were found in system trust store!
[  242s] FAIL trust-store (exit status: 1)

But this would create a build cycle. Skip test.

Index: gnutls-3.5.11/tests/trust-store.c
===
--- gnutls-3.5.11.orig/tests/trust-store.c  2017-04-07 07:52:07.0 
+0200
+++ gnutls-3.5.11/tests/trust-store.c   2017-05-18 10:33:53.537598763 +0200
@@ -44,6 +44,9 @@ static void tls_log_func(int level, cons
 
 void doit(void)
 {
+   /* building without ca-certificates-mozilla, skip test */
+   exit(77);
+
gnutls_certificate_credentials_t x509_cred;
int ret;
 





commit gnutls for openSUSE:Factory

2017-05-20 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-05-20 14:28:31

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Sat May 20 14:28:31 2017 rev:99 rq:493998 version:3.5.11

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-05-06 
18:25:06.473694459 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-05-20 
14:28:37.958448893 +0200
@@ -1,0 +2,16 @@
+Tue May  9 19:55:33 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.11:
+  * gnutls.pc: do not include libtool options into Libs.private.
+  * libgnutls: Fixed issue when rehandshaking without a client certificate in
+a session which initially used one
+  * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP
+certificate parsing (bsc#1038337)
+  * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access.
+That allows PKCS#11 operations such as signing to be performed with the
+same object from multiple threads.
+  * libgnutls: when disabling OpenPGP authentication, the resulting library
+is ABI compatible (will openpgp related functions being stubs that fail
+on invocation).
+
+---
@@ -4,0 +21,32 @@
+
+---
+Wed Apr 26 14:53:45 UTC 2017 - vci...@suse.com
+
+- update to 3.5.10
+  * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173
+  * gnutls.pc: do not include libidn2 in Requires.private
+  * libgnutls: optimized access to subject alternative names (SANs) in parsed
+certificates
+  * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469
+when printing certificate information.
+  * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify()
+flags can be set from the gnutls_certificate_verify_flags enumeration.
+This allows the functions to pass the same flags available for certificates
+to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or
+GNUTLS_VERIFY_ALLOW_BROKEN).
+  * libgnutls: gnutls_store_commitment() can accept flag
+GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate
+in applications which use SHA1 for example, after SHA1 is deprecated.
+  * certtool: No longer ignore the 'add_critical_extension' template option if
+the 'add_extension' option is not present.
+  * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the
+starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream)
+- drop gnutls-3.5.9-pkgconfig.patch (upstream)
+- remove unknown --disable-srp flag (bsc#901857)
+
+---
+Wed Apr 26 14:53:06 UTC 2017 - vci...@suse.com
+
+- disable the deprecated OpenPGP authentication support
+  * see https://gitlab.com/gnutls/gnutls/issues/102
+- add gnutls-broken-openpgp-tests.patch

Old:

  gnutls-3.5.9-pkgconfig.patch
  gnutls-3.5.9.tar.xz
  gnutls-3.5.9.tar.xz.sig

New:

  gnutls-3.5.11.tar.xz
  gnutls-3.5.11.tar.xz.sig
  gnutls-broken-openpgp-tests.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.cQYRPt/_old  2017-05-20 14:28:39.034296677 +0200
+++ /var/tmp/diff_new_pack.cQYRPt/_new  2017-05-20 14:28:39.038296111 +0200
@@ -29,7 +29,7 @@
 %define gnutls_dane_sover 0
 %endif
 Name:   gnutls
-Version:3.5.9
+Version:3.5.11
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -40,9 +40,10 @@
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig
 Source2:%{name}.keyring
 Source3:baselibs.conf
-Patch0: gnutls-3.5.9-pkgconfig.patch
+Patch0: gnutls-broken-openpgp-tests.patch
 BuildRequires:  autogen
 BuildRequires:  automake
+BuildRequires:  ca-certificates-mozilla
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
@@ -211,11 +212,11 @@
 --disable-static \
 --with-pic \
 --disable-rpath \
-   --disable-srp \
 --disable-silent-rules \

--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
 --with-sysroot=/%{?_sysroot} \
 --with-guile-site-dir=no \
+--disable-openpgp-authentication \
 %if %{without tpm}
 --without-tpm \
 %endif
@@ -247,6 +248,7 @@
 # PNG files are replaced with the compressed files and that breaks
 # deduplication, this is workaround
 find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} +
+rm -rf 

commit gnutls for openSUSE:Factory

2017-05-06 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-05-06 18:25:05

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Sat May  6 18:25:05 2017 rev:98 rq:492632 version:3.5.9

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-02-22 
13:50:21.887384167 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-05-06 
18:25:06.473694459 +0200
@@ -1,0 +2,5 @@
+Sat Apr 29 20:03:38 UTC 2017 - bwiedem...@suse.com
+
+- call gzip -n to make build fully reproducible
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.NlBBsW/_old  2017-05-06 18:25:08.589395923 +0200
+++ /var/tmp/diff_new_pack.NlBBsW/_new  2017-05-06 18:25:08.593395359 +0200
@@ -246,7 +246,7 @@
 
 # PNG files are replaced with the compressed files and that breaks
 # deduplication, this is workaround
-find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
+find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} +
 %fdupes -s %{buildroot}%{_datadir}
 
 %find_lang libgnutls --all-name






commit gnutls for openSUSE:Factory

2017-02-22 Thread root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2017-02-22 13:50:20

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2017-01-11 
11:57:39.057854696 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2017-02-22 
13:50:21.887384167 +0100
@@ -1,0 +2,15 @@
+Mon Feb 20 09:52:38 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.9:
+  * libgnutls: OpenPGP references removed, functionality deprecated
+  * libgnutls: Improve detection of AVX support
+  * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897
+  * p11tool: re-use ID from corresponding objects when writing
+certificates.
+  * API and ABI modifications:
+gnutls_idna_map: Added
+gnutls_idna_reverse_map: Added
+- prevent pkgconfig issues due to libidn2 when building with GnuTLS
+  add gnutls-3.5.9-pkgconfig.patch
+
+---

Old:

  gnutls-3.5.8.tar.xz
  gnutls-3.5.8.tar.xz.sig

New:

  gnutls-3.5.9-pkgconfig.patch
  gnutls-3.5.9.tar.xz
  gnutls-3.5.9.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.5mK9jl/_old  2017-02-22 13:50:22.735263477 +0100
+++ /var/tmp/diff_new_pack.5mK9jl/_new  2017-02-22 13:50:22.735263477 +0100
@@ -29,7 +29,7 @@
 %define gnutls_dane_sover 0
 %endif
 Name:   gnutls
-Version:3.5.8
+Version:3.5.9
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -40,12 +40,13 @@
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig
 Source2:%{name}.keyring
 Source3:baselibs.conf
+Patch0: gnutls-3.5.9-pkgconfig.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
-BuildRequires:  libidn-devel
+BuildRequires:  libidn2-devel
 BuildRequires:  libnettle-devel >= 3.1
 BuildRequires:  libtasn1-devel >= 4.9
 BuildRequires:  libtool
@@ -197,6 +198,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 export LDFLAGS="-pie"

++ gnutls-3.5.9-pkgconfig.patch ++
>From 35c6a78f3b24bf4192e3f01ee6322b42b6fc27fb Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos 
Date: Wed, 15 Feb 2017 18:42:22 +0100
Subject: [PATCH] gnutls.pc: do not include libidn2 in Requires.private

The libidn2 versions available do not include libidn2.pc,
thus the inclusion was causing problems when using pkg-config.
Instead we include -lidn2 in Libs.private.

Signed-off-by: Nikos Mavrogiannopoulos 
---
 configure.ac | 12 +++-
 lib/gnutls.pc.in |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6907b215f..4cad4fa3a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -492,11 +492,13 @@ if test "$try_libidn" = yes;then
   idna_support="IDNA 2008 (libidn2)"
   AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.])
   AC_SUBST([LIBIDN_LIBS], [-lidn2])
-  if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
-GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
-  else
-GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
-  fi
+  AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in
+dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from 
gnutls.pc.in (Libs.private)
+dnl  if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+dnlGNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
+dnl  else
+dnlGNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
+dnl  fi
 ],[
   with_libidn2=no;
   AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use 
IDN2008 support)
diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
index 441b45db0..c03757928 100644
--- a/lib/gnutls.pc.in
+++ b/lib/gnutls.pc.in
@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the 
GNU system
 URL: http://www.gnutls.org/
 Version: @VERSION@
 Libs: -L${libdir} -lgnutls
-Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBNSL@ @LTLIBPTHREAD@ 
@P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LTLIBUNISTRING@
+Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBNSL@ @LTLIBPTHREAD@ 
@P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LTLIBUNISTRING@ 
@LIBIDN2_LIBS@
 @GNUTLS_REQUIRES_PRIVATE@
 Cflags: -I${includedir}
-- 
2.11.1

++ gnutls-3.5.8.tar.xz -> gnutls-3.5.9.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.5.8.tar.xz 

commit gnutls for openSUSE:Factory

2016-10-10 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-10-10 16:16:31

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2016-07-18 
21:19:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-10-10 
16:16:31.0 +0200
@@ -1,0 +2,25 @@
+Sun Oct  2 16:13:59 UTC 2016 - ec...@opensuse.org
+
+- GnuTLS 3.4.15:
+  * libgnutls: Corrected the comparison of the serial size in OCSP 
+response. Previously the OCSP certificate check wouldn't verify 
+the serial length and could succeed in cases it shouldn't 
+(GNUTLS-SA-2016-3).
+  * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
+ignoring flags if all certificates in the list fit within the
+initially allocated memory.
+  * libgnutls: Corrected issue which made 
+gnutls_certificate_get_x509_crt() to return invalid pointers 
+when returned more than a single certificate.
+  * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the
+complete chain.
+  * libgnutls: Added support for decrypting PKCS#8 files which use 
+the HMAC-SHA256 as PRF.
+  * libgnutls: Addressed issue with PKCS#11 signature generation on 
+ECDSA keys. The signature is now written as unsigned integers 
+into the DSASignatureValue structure. Previously signed 
+integers could be written depending on what the underlying 
+module would produce. Addresses #122.
+- fix build error for 13.2, 42.1 and 42.2
+
+---

Old:

  gnutls-3.4.14.tar.xz
  gnutls-3.4.14.tar.xz.sig

New:

  gnutls-3.4.15.tar.xz
  gnutls-3.4.15.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.uNvbKm/_old  2016-10-10 16:16:33.0 +0200
+++ /var/tmp/diff_new_pack.uNvbKm/_new  2016-10-10 16:16:33.0 +0200
@@ -30,7 +30,7 @@
 %bcond_without guile
 
 Name:   gnutls
-Version:3.4.14
+Version:3.4.15
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -51,12 +51,20 @@
 BuildRequires:  libnettle-devel >= 3.1
 BuildRequires:  libtasn1-devel >= 4.3
 BuildRequires:  libtool
+%if 0%{?suse_version} <= 1320
+BuildRequires:  net-tools
+%else
 BuildRequires:  net-tools-deprecated
+%endif
 %if %{with tpm}
 BuildRequires:  trousers-devel
 %endif
 %if %{with dane}
+%if 0%{?suse_version} <= 1320
+BuildRequires:  unbound-devel
+%else
 BuildRequires:  libunbound-devel
+%endif
 Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
 %endif
 %if %{with guile}

++ gnutls-3.4.14.tar.xz -> gnutls-3.4.15.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.4.14.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.4.15.tar.xz differ: char 26, 
line 1





commit gnutls for openSUSE:Factory

2016-07-18 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-07-18 21:19:48

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2016-07-09 
09:21:20.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-07-18 
21:19:49.0 +0200
@@ -1,0 +2,13 @@
+Sat Jul  9 21:18:21 UTC 2016 - astie...@suse.com
+
+- GnuTLS 3.4.14:
+  * libgnutls: Address issue when utilizing the p11-kit trust store
+for certificate verification (GNUTLS-SA-2016-2, boo#988276)
+  * libgnutls: Fixed DTLS handshake packet reconstruction.
+  * libgnutls: Fixed issues with PKCS#11 reading of sensitive
+objects from SafeNet Network HSM
+  * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER
+- drop upstreamed
+  0001-tests-use-datefudge-in-name-constraints-test.patch
+
+---

Old:

  0001-tests-use-datefudge-in-name-constraints-test.patch
  gnutls-3.4.13.tar.xz
  gnutls-3.4.13.tar.xz.sig

New:

  gnutls-3.4.14.tar.xz
  gnutls-3.4.14.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.dNJwry/_old  2016-07-18 21:19:51.0 +0200
+++ /var/tmp/diff_new_pack.dNJwry/_new  2016-07-18 21:19:51.0 +0200
@@ -30,7 +30,7 @@
 %bcond_without guile
 
 Name:   gnutls
-Version:3.4.13
+Version:3.4.14
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -41,7 +41,6 @@
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig
 Source2:%name.keyring
 Source3:baselibs.conf
-Patch:  0001-tests-use-datefudge-in-name-constraints-test.patch
 
 BuildRequires:  autogen
 BuildRequires:  automake
@@ -191,7 +190,6 @@
 
 %prep
 %setup -q
-%patch -p1
 
 %build
 export LDFLAGS="-pie"

++ gnutls-3.4.13.tar.xz -> gnutls-3.4.14.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.4.13.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.4.14.tar.xz differ: char 26, 
line 1





commit gnutls for openSUSE:Factory

2016-07-09 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-07-09 09:21:14

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2016-05-04 
08:17:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-07-09 
09:21:20.0 +0200
@@ -1,0 +2,39 @@
+Thu Jun 30 08:38:05 UTC 2016 - vci...@suse.com
+
+- Fix a problem with expired test certificate by using datefudge
+  (boo#987139)
+  * add 0001-tests-use-datefudge-in-name-constraints-test.patch
+
+---
+Tue Jun  7 05:52:13 UTC 2016 - meiss...@suse.com
+
+- Version 3.4.13 (released 2016-06-06)
+  * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with
+NSS instead of using a separate variable; in addition append any keys to
+the file instead of overwriting it.
+  * libgnutls: use secure_getenv() where available to obtain environment
+variables. Addresses GNUTLS-SA-2016-1.
+- Version 3.4.12 (released 2016-05-20)
+  * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
+cipher is prioritized after AES-GCM.
+  * libgnutls: Fixes in gnutls_privkey_import_ecc_raw().
+  * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
+GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
+operation could fail on certain PKCS#11 modules.
+  * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url()
+can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
+  * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS
+name of the certificates if the provided names are NULL.
+  * libgnutls: when receiving SNI names, only save and expose to application
+the supported DNS names.
+  * libgnutls: when importing the certificate names at the
+gnutls_certificate_set* functions, only consider the CN as a fallback
+if DNS names are provided via the alternative name extension.
+  * gnutls-cli: on OCSP verification do not fail if we have a single valid
+reply. Report and reproducer by Thomas Klute.
+  * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
+log session keys in client side. These session keys are compatible with
+the NSS Key Log Format and can be used to decrypt the session for
+debugging using wireshark.
+
+---

Old:

  gnutls-3.4.11.tar.xz
  gnutls-3.4.11.tar.xz.sig

New:

  0001-tests-use-datefudge-in-name-constraints-test.patch
  gnutls-3.4.13.tar.xz
  gnutls-3.4.13.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.taHfsR/_old  2016-07-09 09:21:23.0 +0200
+++ /var/tmp/diff_new_pack.taHfsR/_new  2016-07-09 09:21:23.0 +0200
@@ -30,7 +30,7 @@
 %bcond_without guile
 
 Name:   gnutls
-Version:3.4.11
+Version:3.4.13
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -41,15 +41,18 @@
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig
 Source2:%name.keyring
 Source3:baselibs.conf
+Patch:  0001-tests-use-datefudge-in-name-constraints-test.patch
 
 BuildRequires:  autogen
 BuildRequires:  automake
+BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
 BuildRequires:  libnettle-devel >= 3.1
 BuildRequires:  libtasn1-devel >= 4.3
 BuildRequires:  libtool
+BuildRequires:  net-tools-deprecated
 %if %{with tpm}
 BuildRequires:  trousers-devel
 %endif
@@ -188,6 +191,7 @@
 
 %prep
 %setup -q
+%patch -p1
 
 %build
 export LDFLAGS="-pie"

++ 0001-tests-use-datefudge-in-name-constraints-test.patch ++
>From cc22a052f40ba800acde7d81fe0ab91b56e66921 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos 
Date: Wed, 29 Jun 2016 17:25:06 +0200
Subject: [PATCH] tests: use datefudge in name-constraints test

This avoids the expiration of the used certificate to affect the test.
---
 tests/cert-tests/name-constraints | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Index: gnutls-3.4.13/tests/cert-tests/name-constraints
===
--- gnutls-3.4.13.orig/tests/cert-tests/name-constraints2016-06-30 
11:11:35.920632613 +0200
+++ gnutls-3.4.13/tests/cert-tests/name-constraints 2016-06-30 
11:13:06.633974903 +0200
@@ -28,7 +28,12 @@ if ! test -z "${VALGRIND}"; then
 fi
 

commit gnutls for openSUSE:Factory

2016-05-04 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-05-04 08:17:29

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2016-04-16 
22:07:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-05-04 
08:17:30.0 +0200
@@ -1,0 +2,6 @@
+Sat Apr 23 16:58:53 UTC 2016 - sleep_wal...@opensuse.org
+
+- enabled guile support
+- removed duplicates
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.i3xRoD/_old  2016-05-04 08:17:31.0 +0200
+++ /var/tmp/diff_new_pack.i3xRoD/_new  2016-05-04 08:17:31.0 +0200
@@ -27,6 +27,7 @@
 %define gnutls_dane_sover 0
 %endif
 %bcond_with tpm
+%bcond_without guile
 
 Name:   gnutls
 Version:3.4.11
@@ -43,6 +44,7 @@
 
 BuildRequires:  autogen
 BuildRequires:  automake
+BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
 BuildRequires:  libnettle-devel >= 3.1
@@ -55,6 +57,9 @@
 BuildRequires:  libunbound-devel
 Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
 %endif
+%if %{with guile}
+BuildRequires:  guile-devel
+%endif
 # disabled ppc - valgrind crashes on email cert tests currently. Marcus 
20150413
 # disabled armv7l - valgrind appears to mishandle some insns
 # disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks
@@ -170,6 +175,16 @@
 %description -n libgnutls-openssl-devel
 Files needed for software development using gnutls.
 
+%if %{with guile}
+%package guile
+Summary:Guile wrappers for gnutls
+License:LGPL-2.1+
+Group:  Development/Libraries/Other
+Requires:   guile
+
+%description guile
+GnuTLS Wrappers for GNU Guile - dialect of scheme.
+%endif
 
 %prep
 %setup -q
@@ -189,6 +204,7 @@
 --disable-silent-rules \
--with-default-trust-store-dir=/var/lib/ca-certificates/pem \
 --with-sysroot=/%{?_sysroot} \
+--with-guile-site-dir=no \
 %if %{without tpm}
 --without-tpm \
 %endif
@@ -217,6 +233,11 @@
 %__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
 %__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
 
+# PNG files are replaced with the compressed files and that breaks
+# deduplication, this is workaround
+find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
+%fdupes -s %{buildroot}%{_datadir}
+
 %find_lang libgnutls --all-name
 
 %check
@@ -338,4 +359,11 @@
 %dir %{_includedir}/%{name}
 %{_includedir}/%{name}/openssl.h
 
+%if %{with guile}
+%files guile
+%defattr(-, root, root)
+%{_libdir}/guile/*
+%{_datadir}/guile/site/gnutls*
+%endif
+
 %changelog






commit gnutls for openSUSE:Factory

2016-04-16 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-04-16 22:06:59

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2016-02-24 
14:25:16.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-04-16 
22:07:01.0 +0200
@@ -1,0 +2,42 @@
+Mon Apr 11 09:18:26 UTC 2016 - meiss...@suse.com
+
+- Updated to 3.4.11
+  * Version 3.4.11 (released 2016-04-11)
+  ** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. 
+ Reported by Fridolin Pokorny.
+  ** libgnutls: Fixes in DSA key generation under PKCS #11. Report and
+ patches by Jan Vcelak.
+  ** libgnutls: Corrected behavior of ALPN extension parsing during
+ session resumption. Report and patches by Yuriy M. Kaminskiy.
+  ** libgnutls: Corrected regression (since 3.4.0) in 
+ gnutls_server_name_set() which caused it not to accept non-null-
+ terminated hostnames. Reported by Tim Ruehsen.
+  ** libgnutls: Corrected printing of the IP Adress name constraints.
+  ** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
+ serving chunk encoding which ocsptool doesn't support. Reported by
+ Thomas Klute.
+  ** certtool: do not require a CA for OCSP signing tag. This follows the
+ recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate
+ OCSP signing to another certificate without requiring it to be a CA.
+ Reported by Thomas Klute.
+
+  * Version 3.4.10 (released 2016-03-03)
+  ** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
+ to be used with hashing functions.
+  ** libgnutls: Corrected leaks and other issues in
+ gnutls_x509_crt_list_import().
+  ** libgnutls: Fixes in DSA key handling for PKCS #11. Report and 
+ patches by Jan Vcelak.
+  ** libgnutls: Several fixes to prevent relying on undefined behavior
+ of C (found with libubsan).
+
+  * Version 3.4.9 (released 2016-02-03)
+  ** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would
+ negotiate the last commonly supported protocol, rather than the 
+ first. Reported by Remi Denis-Courmont (#63).
+  ** libgnutls: Tolerate empty DN fields in informational output 
+ functions.
+  ** libgnutls: Corrected regression causes by incorrect fix in
+ gnutls_x509_ext_export_key_usage() at 3.4.8 release.
+
+---

Old:

  gnutls-3.4.8.tar.xz
  gnutls-3.4.8.tar.xz.sig

New:

  gnutls-3.4.11.tar.xz
  gnutls-3.4.11.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.i6hEPA/_old  2016-04-16 22:07:02.0 +0200
+++ /var/tmp/diff_new_pack.i6hEPA/_new  2016-04-16 22:07:02.0 +0200
@@ -29,7 +29,7 @@
 %bcond_with tpm
 
 Name:   gnutls
-Version:3.4.8
+Version:3.4.11
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+

++ gnutls-3.4.8.tar.xz -> gnutls-3.4.11.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.4.8.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.4.11.tar.xz differ: char 27, 
line 1





commit gnutls for openSUSE:Factory

2016-02-24 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-02-24 14:25:15

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2016-01-23 
01:03:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-02-24 
14:25:16.0 +0100
@@ -1,0 +2,13 @@
+Thu Feb 18 16:00:30 UTC 2016 - mrueck...@suse.de
+
+- follow the work in the unbound package and use the
+  libunbound-devel symbol for the buildrequires. we override it for
+  the distro build with libunbound-devel-mini to avoid build loops.
+
+---
+Mon Feb  1 22:07:00 UTC 2016 - meiss...@suse.com
+
+- reenable dane support, require unbound-devel bsc#964346
+- split out libgnutls-dane-devel to try to avoid build cycle.
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.Hsh9Pc/_old  2016-02-24 14:25:17.0 +0100
+++ /var/tmp/diff_new_pack.Hsh9Pc/_new  2016-02-24 14:25:17.0 +0100
@@ -22,7 +22,7 @@
 %if %{with gnutls_openssl_compat}
 %define gnutls_ossl_sover 27
 %endif
-%bcond_with dane
+%bcond_without dane
 %if %{with dane}
 %define gnutls_dane_sover 0
 %endif
@@ -52,7 +52,7 @@
 BuildRequires:  trousers-devel
 %endif
 %if %{with dane}
-BuildRequires:  unbound-devel
+BuildRequires:  libunbound-devel
 Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
 %endif
 # disabled ppc - valgrind crashes on email cert tests currently. Marcus 
20150413
@@ -129,14 +129,22 @@
 PreReq: %install_info_prereq
 Requires:   glibc-devel
 Requires:   libgnutls%{gnutls_sover} = %{version}
-%if %{with dane}
-Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
-%endif
 Provides:   gnutls-devel = %{version}-%{release}
 
 %description -n libgnutls-devel
 Files needed for software development using gnutls.
 
+%if %{with dane}
+%package -n libgnutls-dane-devel
+Summary:Development package for gnutls dane
+License:LGPL-2.1+
+Group:  Development/Libraries/C and C++
+Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
+
+%description -n libgnutls-dane-devel
+Files needed for software development using gnutls.
+%endif
+
 %package -n libgnutlsxx-devel
 Summary:Development package for gnutls
 License:LGPL-2.1+
@@ -290,9 +298,6 @@
 %{_includedir}/%{name}/abstract.h
 %{_includedir}/%{name}/crypto.h
 %{_includedir}/%{name}/compat.h
-%if %{with dane}
-%{_includedir}/%{name}/dane.h
-%endif
 %{_includedir}/%{name}/dtls.h
 %{_includedir}/%{name}/gnutls.h
 %{_includedir}/%{name}/openpgp.h
@@ -307,17 +312,20 @@
 %{_includedir}/%{name}/system-keys.h
 %{_includedir}/%{name}/urls.h
 %{_libdir}/libgnutls.so
-%if %{with dane}
-%{_libdir}/libgnutls-dane.so
-%endif
 %{_libdir}/pkgconfig/gnutls.pc
-%if %{with dane}
-%{_libdir}/pkgconfig/gnutls-dane.pc
-%endif
 %{_mandir}/man3/*
 %{_infodir}/*.*
 %doc %{_docdir}/libgnutls-devel
 
+%if %{with dane}
+%files -n libgnutls-dane-devel
+%defattr(-, root, root)
+%dir %{_includedir}/%{name}
+%{_includedir}/%{name}/dane.h
+%{_libdir}/pkgconfig/gnutls-dane.pc
+%{_libdir}/libgnutls-dane.so
+%endif
+
 %files -n libgnutlsxx-devel
 %defattr(-, root, root)
 %{_libdir}/libgnutlsxx.so






commit gnutls for openSUSE:Factory

2016-01-22 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2016-01-23 01:03:23

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is "gnutls"

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-08-25 
07:17:04.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2016-01-23 
01:03:24.0 +0100
@@ -1,0 +2,60 @@
+Mon Jan 18 13:25:54 UTC 2016 - idon...@suse.com
+
+- Update to 3.4.8
+  All changes since 3.4.4:
+  * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey()
+when used with PKCS #11 keys.
+  * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
+their public keys from either a public key object or a certificate.
+That is, because private keys do not contain all the required
+parameters for a direct import.
+  * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
+tokens.
+  * libgnutls: Fixed out-of-bounds read in 
+gnutls_x509_ext_export_key_usage()
+  * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to 
+conform to draft-ietf-tls-chacha20-poly1305-02.
+  * libgnutls: Several fixes in PKCS #7 signing which improve 
+compatibility with the MacOSX tools.
+  * libgnutls: The max-record extension not negotiated on DTLS. This
+resolves issue with the max-record being negotiated but ignored.
+  * certtool: Added the --p7-include-cert and --p7-show-data options.
+  * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
+ciphersuites. This solves an interoperability issue with openssl.
+  * libgnutls: Corrected the setting of salt size in 
+gnutls_pkcs12_mac_info().
+  * libgnutls: On a rehandshake allow switching from anonymous to ECDHE 
+and DHE ciphersuites.
+  * libgnutls: Corrected regression from 3.3.x which prevented 
+ARCFOUR128 from using arbitrary key sizes.
+  * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs
+skipping the implicit global initialization.
+  * gnutls.pc: Don't include libtool specific options to link flags.
+  * tools: Better support for FTP AUTH TLS negotiation
+  * libgnutls: Added new simple verification functions. That avoids the
+need to install a callback to perform certificate verification. See
+doc/examples/ex-client-x509.c for usage.
+  * libgnutls: Introduced the security parameter 'future' which is at
+the 256-bit level of security, and 'ultra' was aligned to its 
+documented size at 192-bits.
+  * libgnutls: When writing a certificate into a PKCS #11 token, ensure
+that CKA_SERIAL_NUMBER and CKA_ISSUER are written.
+  * libgnutls: Allow the presence of legacy ciphers and key exchanges in
+priority strings and consider them a no-op.
+  * libgnutls: Handle the extended master secret as a mandatory 
+extension. That fixes incompatibility issues with Chromium (#45). 
+  * libgnutls: Added the ability to copy a public key into a PKCS #11
+token.
+  * tools: Added support for LDAP and XMPP negotiation for STARTTLS.
+  * p11tool: Allow writing a public key into a PKCS #11 token.
+  * certtool: Key generation security level was switched to HIGH. That
+is, by default the tool generates 3072 bit keys for RSA and DSA.
+  * libgnutls: When re-importing CRLs to a trust list ensure that there
+no duplicate entries.
+  * certtool: Removed any arbitrary limits imposed on input file sizes
+and maximum number of certificates imported.
+  * certtool: Allow specifying fixed dates on CRL generation.
+  * gnutls-cli-debug: Added check for inappropriate fallback support
+(RFC7507).
+
+---

Old:

  gnutls-3.4.4.tar.xz
  gnutls-3.4.4.tar.xz.sig

New:

  gnutls-3.4.8.tar.xz
  gnutls-3.4.8.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.XFsixV/_old  2016-01-23 01:03:26.0 +0100
+++ /var/tmp/diff_new_pack.XFsixV/_new  2016-01-23 01:03:26.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
 %bcond_with tpm
 
 Name:   gnutls
-Version:3.4.4
+Version:3.4.8
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+

++ gnutls-3.4.4.tar.xz -> gnutls-3.4.8.tar.xz ++

commit gnutls for openSUSE:Factory

2015-08-24 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-08-25 07:17:02

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-05-16 
07:12:26.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-08-25 
07:17:04.0 +0200
@@ -1,0 +2,68 @@
+Tue Aug 18 22:40:28 UTC 2015 - astie...@suse.com
+
+- Update to 3.4.4
+  This update contains a fix for a denial of service vulnerability:
+  * Allow the parsing of very long DNs. Also fixes double free
+in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251
+  Other changes:
+  * Add high level API (gnutls_prf_rfc5705) to access the PRF as
+specified by RFC5705.
+  * Link to trousers (TPM library) dynamically when this
+functionality is requested. (disabled in SUSE package)
+  * Fix issue with server side sending the status request extension
+even when not requested.
+  * Add support for RFC7507 by introducing the %FALLBACK_SCSV
+priority string option.
+  * gnutls_pkcs11_privkey_generate2() will store the generated
+public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
+flag is specified.
+  * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback.
+  * API and ABI modifications:
+gnutls_prf_rfc5705: Added
+gnutls_hex_encode2: Added
+gnutls_hex_decode2: Added
+- build with autogen for libopts compatibility
+- fix failures in test suite, add upstream commits
+  0001-certtool-lifted-limits-on-file-size-to-load.patch
+  0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch
+
+---
+Thu Jul 30 15:39:34 UTC 2015 - vci...@suse.com
+
+- update to 3.4.3
+  ** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
+ dates prior to 2050.
+  ** libgnutls: Force 16-byte alignment to all input to ciphers (previously it
+ was done only when cryptodev was enabled).
+  ** libgnutls: Removed support for pthread_atfork() as it has undefined
+ semantics when used with dlopen(), and may lead to a crash.
+  ** libgnutls: corrected failure when importing plain files 
+ with gnutls_x509_privkey_import2(), and a password was provided.
+  ** libgnutls: Don't reject certificates if a CA has the URI or IP address
+ name constraints, and the end certificate doesn't have an IP address 
+ name or a URI set.
+  ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
+  ** p11tool: Added --list-token-urls option, and print the token module name
+ in list-tokens.
+  ** libgnutls: DTLS blocking API is more robust against infinite blocking,
+ and will notify of more possible timeouts.
+  ** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
+ by Manuel Pegourie-Gonnard.
+  ** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
+ allows to disable SIGPIPE for writes done within gnutls.
+  ** libgnutls: Enhanced the PKCS #7 API to allow signing and verification
+ of structures. API moved to gnutls/pkcs7.h header.
+  ** certtool: Added options to generate PKCS #7 bundles and signed
+ structures.
+- includes changes from 3.4.2:
+  * DTLS blocking API is more robust against infinite blocking,
+and will notify of more possible timeouts.
+  * Correct regression with Camellia-256-GCM cipher.
+  * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
+allows to disable SIGPIPE for writes done within gnutls.
+  * Enhance the PKCS #7 API to allow signing and verification
+of structures. Move API to gnutls/pkcs7.h header.
+  * certtool: Added options to generate PKCS #7 bundles and signed
+structures.
+
+---

Old:

  gnutls-3.4.1.tar.xz
  gnutls-3.4.1.tar.xz.sig

New:

  gnutls-3.4.4.tar.xz
  gnutls-3.4.4.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.tKtHfE/_old  2015-08-25 07:17:05.0 +0200
+++ /var/tmp/diff_new_pack.tKtHfE/_new  2015-08-25 07:17:05.0 +0200
@@ -29,7 +29,7 @@
 %bcond_with tpm
 
 Name:   gnutls
-Version:3.4.1
+Version:3.4.4
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -41,6 +41,7 @@
 Source2:%name.keyring
 Source3:baselibs.conf
 
+BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
@@ -58,7 +59,8 @@
 # disabled armv7l - valgrind appears to mishandle some insns
 # 

commit gnutls for openSUSE:Factory

2015-05-15 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-05-16 07:12:25

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-05-06 
11:18:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-05-16 
07:12:26.0 +0200
@@ -1,0 +2,5 @@
+Tue May  5 19:06:29 UTC 2015 - dmuel...@suse.com
+
+- disable testsuite run against valgrind on aarch64 
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.c8jvZJ/_old  2015-05-16 07:12:27.0 +0200
+++ /var/tmp/diff_new_pack.c8jvZJ/_new  2015-05-16 07:12:27.0 +0200
@@ -56,11 +56,10 @@
 %endif
 # disabled ppc - valgrind crashes on email cert tests currently. Marcus 
20150413
 # disabled armv7l - valgrind appears to mishandle some insns
-%ifnarch armv7hl
-%ifarch %ix86 x86_64 ppc64 s390x ppc64le %arm aarch64
+# disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks
+%ifarch %ix86 x86_64 ppc64 s390x ppc64le
 BuildRequires:  valgrind
 %endif
-%endif
 %if %suse_version = 1230
 BuildRequires:  makeinfo
 %endif






commit gnutls for openSUSE:Factory

2015-05-06 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-05-06 11:18:34

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-04-28 
20:42:22.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-05-06 
11:18:36.0 +0200
@@ -1,0 +2,24 @@
+Tue May  5 12:40:11 UTC 2015 - meiss...@suse.com
+
+- Updated to 3.4.1 (released 2015-05-03)
+
+  ** libgnutls: gnutls_certificate_get_ours: will return the certificate even
+  if a callback was used to send it.
+  ** libgnutls: Check for invalid length in the X.509 version field. Without
+  the check certificates with invalid length would be detected as having an
+  arbitrary version. Reported by Hanno Böck.
+  ** libgnutls: Handle DNS name constraints with a leading dot. Patch by
+  Fotis Loukos.
+  ** libgnutls: Updated system-keys support for windows to compile in more
+  versions of mingw. Patch by Tim Kosse.
+  ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
+  Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690
+  ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
+  by default. That caused issues with non-blocking programs.
+  ** certtool: It can generate SHA256 key IDs.
+  ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
+  ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added
+
+- gnutls-fix-double-mans.patch: fixed upstream
+
+---

Old:

  gnutls-3.4.0.tar.xz
  gnutls-3.4.0.tar.xz.sig
  gnutls-fix-double-mans.patch

New:

  gnutls-3.4.1.tar.xz
  gnutls-3.4.1.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.dsvxTs/_old  2015-05-06 11:18:37.0 +0200
+++ /var/tmp/diff_new_pack.dsvxTs/_new  2015-05-06 11:18:37.0 +0200
@@ -29,7 +29,7 @@
 %bcond_with tpm
 
 Name:   gnutls
-Version:3.4.0
+Version:3.4.1
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -41,9 +41,6 @@
 Source2:%name.keyring
 Source3:baselibs.conf
 
-# PATCH-FIX-UPSTREM gnutls-fix-double-mans.patch meiss...@suse.de -- fixed man 
instll, is in upstream git for 3.4.1
-Patch0: gnutls-fix-double-mans.patch
-
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
@@ -167,7 +164,6 @@
 
 %prep
 %setup -q
-%patch0 -p1
 
 %build
 export LDFLAGS=-pie

++ gnutls-3.4.0.tar.xz - gnutls-3.4.1.tar.xz ++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.4.0.tar.xz 
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.4.1.tar.xz differ: char 26, 
line 1





commit gnutls for openSUSE:Factory

2015-04-28 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-04-28 20:42:20

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-04-18 
10:38:19.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-04-28 
20:42:22.0 +0200
@@ -0,0 +1,4 @@
+---
+Sun Apr 26 08:54:53 UTC 2015 - sch...@linux-m68k.org
+
+- Disable buggy valgrind on armv7l



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.fRvCJA/_old  2015-04-28 20:42:23.0 +0200
+++ /var/tmp/diff_new_pack.fRvCJA/_new  2015-04-28 20:42:23.0 +0200
@@ -58,9 +58,12 @@
 Requires:   libgnutls-dane%{gnutls_dane_sover} = %{version}
 %endif
 # disabled ppc - valgrind crashes on email cert tests currently. Marcus 
20150413
+# disabled armv7l - valgrind appears to mishandle some insns
+%ifnarch armv7hl
 %ifarch %ix86 x86_64 ppc64 s390x ppc64le %arm aarch64
 BuildRequires:  valgrind
 %endif
+%endif
 %if %suse_version = 1230
 BuildRequires:  makeinfo
 %endif
@@ -192,7 +195,7 @@
 %if %{with gnutls_openssl_compat}
--enable-openssl-compatibility \
 %endif
-
+   %{nil}
 %__make
 
 %install
@@ -213,7 +216,10 @@
 
 %check
 %if ! 0%{?qemu_user_space_build}
-%__make check
+%__make check || {
+find -name test-suite.log -print -exec cat {} \;
+exit 1
+}
 %endif
 
 %post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig






commit gnutls for openSUSE:Factory

2015-04-18 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-04-18 10:38:18

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-04-07 
09:28:39.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-04-18 
10:38:19.0 +0200
@@ -0,0 +1,137 @@
+
+---
+Sun Apr 12 10:16:33 UTC 2015 - meiss...@suse.com
+
+- updated to 3.4.0 (released 2015-04-08)
+
+  ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
+  ciphersuites. The former are enabled by default, the latter need to be
+  explicitly enabled, since they reduce the overall security level.
+
+  ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
+  draft-mavrogiannopoulos-chacha-tls-05 and 
draft-irtf-cfrg-chacha20-poly1305-10.
+  That is currently provided as technology preview and is not enabled by
+  default, since there are no assigned ciphersuite points by IETF and there 
+  is no guarrantee of compatibility between draft versions. The ciphersuite
+  priority string to enable it is +CHACHA20-POLY1305.
+
+  ** libgnutls: Added support for encrypt-then-authenticate in CBC
+  ciphersuites (RFC7366 -taking into account its errata text). This is
+  enabled by default and can be disabled using the %NO_ETM priority
+  string.
+
+  ** libgnutls: Added support for the extended master secret
+  (triple-handshake fix) following draft-ietf-tls-session-hash-02.
+
+  ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
+
+  ** libgnutls: SSL 3.0 is no longer included in the default priorities
+  list. It has to be explicitly enabled, e.g., with a string like
+  NORMAL:+VERS-SSL3.0.
+
+  ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
+  list. It has to be explicitly enabled, e.g., with a string like
+  NORMAL:+ARCFOUR-128.
+
+  ** libgnutls: DSA signatures and DHE-DSS are no longer included in the
+  default priorities list. They have to be explicitly enabled, e.g., with
+  a string like NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1. The
+  DSA ciphersuites were dropped because they had no deployment at all
+  on the internet, to justify their inclusion.
+
+  ** libgnutls: The priority string EXPORT was completely removed. The string
+  was already defunc as support for the EXPORT ciphersuites was removed in
+  GnuTLS 3.2.0.
+
+  ** libgnutls: Added API to utilize system specific private keys in
+  gnutls/system-keys.h. It is currently provided as technology preview
+  and is restricted to windows CNG keys.
+
+  ** libgnutls: gnutls_x509_crt_check_hostname() and friends will use
+  RFC6125 comparison of hostnames. That introduces a dependency on libidn.
+
+  ** libgnutls: Depend on p11-kit 0.23.1 to comply with the final
+  PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).
+
+  ** libgnutls: Depend on nettle 3.1.
+
+  ** libgnutls: Use getrandom() or getentropy() when available. That
+  avoids the complexity of file descriptor handling and issues with
+  applications closing all open file descriptors on startup.
+
+  ** libgnutls: Use pthread_atfork() to detect fork when available.
+
+  ** libgnutls: The gnutls_handshake() process will enforce a timeout by
+  default.
+
+  ** libgnutls: If a key purpose (extended key usage) is specified for 
verification,
+  it is applied into intermediate certificates. The verification result
+  GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. 
+
+  ** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
+  combination with PKCS #11, or TPM URLs, it will utilize the provided
+  password as PIN if required. That removes the requirement for the
+  application to set a callback for PINs in that case.
+
+  ** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are 
+  restricted to the corresponding protocols only, and the VERS-ALL
+  string is introduced to catch all possible protocols.
+
+  ** libgnutls: Added helper functions to obtain information on PKCS #8
+  structures.
+
+  ** libgnutls: Certificate chains which are provided to 
gnutls_certificate_credentials_t
+  will automatically be sorted instead of failing with 
GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
+
+  ** libgnutls: Added functions to export and set the record state. That
+  allows for gnutls_record_send() and recv() to be offloaded (to kernel,
+  hardware or any other subsystem).
+
+  ** libgnutls: Added the ability to register application specific URL
+  types, which express certificates and keys using 
gnutls_register_custom_url().
+
+  ** libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
+  to 

commit gnutls for openSUSE:Factory

2015-04-07 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-04-07 09:28:38

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-03-30 
19:32:13.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-04-07 
09:28:39.0 +0200
@@ -1,0 +2,33 @@
+Wed Apr  1 14:26:31 UTC 2015 - meiss...@suse.com
+
+- updated to 3.3.13 (released 2015-03-30)
+
+  ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo
+  structures use BER to decode them (requires libtasn1 4.3). That allows
+  to decode some more complex structures.
+
+  ** libgnutls: When an end-certificate with no name is present and there
+  are CA name constraints, don't reject the certificate. This follows RFC5280
+  advice closely. Reported by Fotis Loukos.
+
+  ** libgnutls: Fixed handling of supplemental data with types  255.
+  Patch by Thierry Quemerais.
+
+  ** libgnutls: Fixed double free in the parsing of CRL distribution points 
certificate
+  extension. Reported by Robert Święcki.
+
+  ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That
+  protocol is not enabled by default (used by openconnect VPN).
+
+  ** libgnutls: The maximum user data send size is set to be the same for
+  block and non-block ciphersuites. This addresses a regression with wine:
+  https://bugs.winehq.org/show_bug.cgi?id=37500
+
+  ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN,
+  and CKA_DECRYPT when needed.
+
+  ** libgnutls: Allow names with zero size to be set using
+  gnutls_server_name_set(). That will disable the Server Name Indication.
+  Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2
+
+---

Old:

  gnutls-3.3.13.tar.xz
  gnutls-3.3.13.tar.xz.sig

New:

  gnutls-3.3.14.tar.xz
  gnutls-3.3.14.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.fMC0L2/_old  2015-04-07 09:28:40.0 +0200
+++ /var/tmp/diff_new_pack.fMC0L2/_new  2015-04-07 09:28:40.0 +0200
@@ -26,7 +26,7 @@
 %bcond_with tpm
 
 Name:   gnutls
-Version:3.3.13
+Version:3.3.14
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -45,7 +45,7 @@
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
 BuildRequires:  libnettle-devel = 2.7
-BuildRequires:  libtasn1-devel = 2.14
+BuildRequires:  libtasn1-devel = 4.3
 BuildRequires:  libtool
 %if %{with tpm}
 BuildRequires:  trousers-devel

++ gnutls-3.3.13.tar.xz - gnutls-3.3.14.tar.xz ++
 12889 lines of diff (skipped)





commit gnutls for openSUSE:Factory

2015-03-30 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-03-30 19:32:11

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2015-01-03 
22:03:08.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-03-30 
19:32:13.0 +0200
@@ -1,0 +2,499 @@
+Wed Mar 25 20:52:43 UTC 2015 - astie...@suse.com
+
+- for DANE support, use bcond_with
+- for tpm support, same
+- note p11-kit = 0.20.7 requirement
+- note libtasn1 3.9 requirement (built-in lib used otherwise)
+
+---
+Mon Mar 23 08:51:12 UTC 2015 - meiss...@suse.com
+
+- disable trousers and unbound again for now, as it causes too long
+  build cycles.
+
+---
+Sat Mar 21 07:17:50 UTC 2015 - meiss...@suse.com
+
+- added unbound-devel (for DANE) and trousers-devel (for TPM support)
+- removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff
+- libgnutls-dane0 new library added
+
+- updated to 3.3.13 (released 2015-02-25)
+  ** libgnutls: Enable AESNI in GCM on x86
+  ** libgnutls: Fixes in DTLS message handling
+  ** libgnutls: Check certificate algorithm consistency, i.e.,
+ check whether the signatureAlgorithm field matches the signature
+ field inside TBSCertificate.
+  ** gnutls-cli: Fixes in OCSP verification.
+
+- Version 3.3.12 (released 2015-01-17)
+
+  ** libgnutls: When negotiating TLS use the lowest enabled version in
+  the client hello, rather than the lowest supported. In addition, do
+  not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0
+  is the only protocol supported. That addresses issues with servers that
+  immediately drop the connection when the encounter SSL 3.0 as the record
+  version number. See:
+  http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html
+
+  ** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters.
+
+  ** libgnutls: Handle zero length plaintext for VIA PadLock functions.
+  This solves a potential crash on AES encryption for small size plaintext.
+  Patch by Matthias-Christian Ott.
+
+  ** libgnutls: In DTLS don't combine multiple packets which exceed MTU.
+  Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715
+
+  ** libgnutls: In DTLS decode all handshake packets present in a record
+  packet, in a single pass. Reported by Andreas Schultz.
+  https://savannah.gnu.org/support/?108712
+
+  ** libgnutls: When importing a CA file with a PKCS #11 URL, simply
+  import the certificates, if the URL specifies objects, rather than
+  treating it as trust module.
+
+  ** libgnutls: When importing a PKCS #11 URL and we know the type of
+  object we are importing, don't require the object type in the URL.
+
+  ** libgnutls: fixed openpgp authentication when 
gnutls_certificate_set_retrieve_function2
+  was used by the server.
+
+  ** certtool: --pubkey-info will also attempt to load a public key from stdin.
+
+  ** gnutls-cli: Added --starttls-proto option. That allows to specify a
+  protocol for starttls negotiation.
+
+- Version 3.3.11 (released 2014-12-11)
+
+  ** libgnutls: Corrected regression introduced in 3.3.9 related to
+  session renegotiation. Reported by Dan Winship.
+
+  ** libgnutls: Corrected parsing issue with OCSP responses.
+
+- Version 3.3.10 (released 2014-11-10)
+
+  ** libgnutls: Refuse to import v1 or v2 certificates that contain
+  extensions.
+
+  ** libgnutls: Fixes in usage of PKCS #11 token callback
+
+  ** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used
+  with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag.
+  Reported by David Woodhouse.
+
+  ** libgnutls: Removed superfluous random generator refresh on every call
+  of gnutls_deinit(). That reduces load and usage of /dev/urandom.
+
+  ** libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
+  Reported by Sean Burford [GNUTLS-SA-2014-5].
+
+  ** libgnutls: When gnutls_global_init() is called for a second time, it
+  will check whether the /dev/urandom fd kept is still open and matches
+  the original one. That behavior works around issues with servers that
+  close all file descriptors.
+
+  ** libgnutls: Corrected behavior with PKCS #11 objects that are marked
+  as CKA_ALWAYS_AUTHENTICATE.
+
+  ** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12.
+  That option is more compatible than AES or RC4.
+
+- Version 3.3.9 (released 2014-10-13)
+
+  ** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
+  Reported by Joseph Peruski.
+
+  ** libgnutls: Fixed issue with unexpected 

commit gnutls for openSUSE:Factory

2015-01-03 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2015-01-03 22:03:04

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-11-28 
08:46:13.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2015-01-03 
22:03:08.0 +0100
@@ -1,0 +2,13 @@
+Wed Dec 31 09:19:19 UTC 2014 - meiss...@suse.com
+
+- build with PIE for commandline tools
+
+---
+Wed Dec 31 09:18:28 UTC 2014 - meiss...@suse.com
+
+- Updated to 3.2.21 (released 2014-12-11)
+  - libgnutls: Corrected regression introduced in 3.2.19 related to
+session renegotiation. Reported by Dan Winship.
+  - libgnutls: Corrected parsing issue with OCSP responses.
+
+---

Old:

  gnutls-3.2.20.tar.xz
  gnutls-3.2.20.tar.xz.sig

New:

  gnutls-3.2.21.tar.xz
  gnutls-3.2.21.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.J65X4Q/_old  2015-01-03 22:03:10.0 +0100
+++ /var/tmp/diff_new_pack.J65X4Q/_new  2015-01-03 22:03:10.0 +0100
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.20
+Version:3.2.21
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -139,6 +139,9 @@
 %patch6 -p1
 
 %build
+export LDFLAGS=-pie
+export CFLAGS=$RPM_OPT_FLAGS -fPIE
+export CXXFLAGS=$RPM_OPT_FLAGS -fPIE
 autoreconf -if
 %configure \
 gl_cv_func_printf_directive_n=yes \

++ gnutls-3.2.20.tar.xz - gnutls-3.2.21.tar.xz ++
 2210 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-11-27 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-11-28 08:46:04

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-09-26 
10:51:31.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-11-28 
08:46:13.0 +0100
@@ -1,0 +2,24 @@
+Wed Nov 12 10:59:02 UTC 2014 - meiss...@suse.com
+
+- Updated to 3.2.20 (released 2014-11-10)
+
+  ** libgnutls: Removed superfluous random generator refresh on every
+ call of gnutls_deinit(). That reduces load and usage of /dev/urandom.
+  ** libgnutls: Corrected issue in export of ECC parameters to X9.63
+ format.  Reported by Sean Burford [GNUTLS-SA-2014-5].
+  (CVE-2014-8564 bnc#904603)
+
+- Updated to 3.2.19 (released 2014-10-13)
+  ** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
+ Reported by Joseph Peruski.
+  ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
+ handshake's hash buffer, in applications using the heartbeat extension
+ or DTLS. Reported by Joeri de Ruiter.
+  ** libgnutls: fix issue in DTLS retransmission when session tickets were
+ in use; reported by Manuel Pégourié-Gonnard.
+  ** libgnutls: Prevent abort() in library if getrusage() fails. Try to
+ detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
+  ** guile: new 'set-session-server-name!' procedure; see the manual
+ for details.
+
+---

Old:

  gnutls-3.2.18.tar.xz
  gnutls-3.2.18.tar.xz.sig

New:

  gnutls-3.2.20.tar.xz
  gnutls-3.2.20.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.8Bj4FE/_old  2014-11-28 08:46:15.0 +0100
+++ /var/tmp/diff_new_pack.8Bj4FE/_new  2014-11-28 08:46:15.0 +0100
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.18
+Version:3.2.20
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -150,7 +150,7 @@
 --disable-silent-rules \
--with-default-trust-store-dir=/var/lib/ca-certificates/pem \
 --with-sysroot=/%{?_sysroot}
-%__make %{?_smp_mflags}
+%__make
 
 %install
 %make_install

++ gnutls-3.2.18.tar.xz - gnutls-3.2.20.tar.xz ++
 40391 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-09-26 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-09-26 10:51:25

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-09-03 
19:52:52.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-09-26 
10:51:31.0 +0200
@@ -1,0 +2,28 @@
+Wed Sep 24 14:52:54 UTC 2014 - cit...@gmail.com
+
+* Upgrade to Version 3.2.18 (released 2014-09-18)
+
+** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle
+strings with embedded spaces and escaped commas.
+
+** libgnutls: Corrected gnutls_x509_crl_verify() which would always report
+a CRL signature as invalid. Reported by Armin Burgmeier.
+
+** libgnutls: Fixed issue with certificates being sanitized by gnutls prior
+to signature verification. That resulted to certain non-DER compliant 
modifications
+of valid certificates, being corrected by libtasn1's parser and restructured as
+the original. Issue found and reported by Antti Karjalainen and Matti Kamunen 
from
+Codenomicon.
+
+** API and ABI modifications:
+No changes since last version. 
+
+Delete files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig
+Add files: gnutls-3.2.18.tar.xz, gnutls-3.2.18.tar.xz.sig
+
+---
+Fri Sep 19 09:27:47 UTC 2014 - dmuel...@suse.com
+
+- update list of available architectures for valgrind 
+
+---

Old:

  gnutls-3.2.17.tar.xz
  gnutls-3.2.17.tar.xz.sig

New:

  gnutls-3.2.18.tar.xz
  gnutls-3.2.18.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.dKxg8Z/_old  2014-09-26 10:51:32.0 +0200
+++ /var/tmp/diff_new_pack.dKxg8Z/_new  2014-09-26 10:51:32.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.17
+Version:3.2.18
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -44,7 +44,7 @@
 BuildRequires:  libnettle-devel = 2.7
 BuildRequires:  libtasn1-devel = 2.14
 BuildRequires:  libtool
-%ifarch %ix86 x86_64 ppc ppc64 s390x armv7l armv7hl
+%ifarch %ix86 x86_64 ppc ppc64 s390x ppc64le %arm aarch64
 BuildRequires:  valgrind
 %endif
 %if %suse_version = 1230

++ gnutls-3.2.17.tar.xz - gnutls-3.2.18.tar.xz ++
 2892 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-09-03 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-09-03 18:21:27

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-08-13 
17:20:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-09-03 
19:52:52.0 +0200
@@ -1,0 +2,24 @@
+Sun Aug 31 07:01:32 UTC 2014 - cit...@gmail.com
+
+- Upgrade to Version 3.2.17 (released 2014-08-24)
+
+** libgnutls: initialize parameters variable on PKCS #8 decryption.
+
+** libgnutls: Explicitly set the exponent in PKCS #11 key generation.
+That improves compatibility with certain PKCS #11 modules. Contributed by
+Wolfgang Meyer zu Bergsten.
+
+** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
+algorithms.
+
+** libgnutls: when checking the hostname of a certificate with multiple CNs
+ensure that the most specific CN is being used.
+
+** libgnutls: In DTLS ignore only errors that relate to unexpected packets
+and decryption failures.
+
+Delete files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig
+Add files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig
+
+
+---

Old:

  gnutls-3.2.16.tar.xz
  gnutls-3.2.16.tar.xz.sig

New:

  gnutls-3.2.17.tar.xz
  gnutls-3.2.17.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.ktPx6w/_old  2014-09-03 19:52:54.0 +0200
+++ /var/tmp/diff_new_pack.ktPx6w/_new  2014-09-03 19:52:54.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.16
+Version:3.2.17
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+

++ gnutls-3.2.16.tar.xz - gnutls-3.2.17.tar.xz ++
 78089 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-08-13 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-08-13 17:19:55

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-06-06 
14:36:18.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-08-13 
17:20:01.0 +0200
@@ -1,0 +2,34 @@
+Sun Aug  3 16:55:33 UTC 2014 - cit...@gmail.com
+
+- Upgrade to Version 3.2.16 (released 2014-07-23)
+
+** libgnutls: Do not call the post client hello callback twice when resuming
+using session tickets.
+
+** libgnutls: When the decoding of a printable DN element fails, then treat
+it as unknown and print its hex value rather than failing. That works around
+an issue in a TURKTRST root certificate which improperly encodes the
+X520countryName element.
+
+** libgnutls: IP addresses are printed using inet_ntop() when available.
+
+** libgnutls: gnutls_x509_crt_check_hostname will also check IP addresses
+and match documented behavior. Reported by David Woodhouse.
+
+** libgnutls: Fixed PKCS #11 ECDSA key generation.
+
+** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set.
+
+** p11tool: will not implicitly enable so-login for certain types of
+objects. That avoids issues with tokens that require different login
+types.
+
+** API and ABI modifications:
+No changes since last version.
+
+delete files: gnutls-3.2.15.tar.xz, gnutls-3.2.15.tar.xz.sig, 
+   audit-improve.patch( already in upstream)
+
+Add files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig
+
+---

Old:

  audit-improve.patch
  gnutls-3.2.15.tar.xz
  gnutls-3.2.15.tar.xz.sig

New:

  gnutls-3.2.16.tar.xz
  gnutls-3.2.16.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.LP5yzK/_old  2014-08-13 17:20:03.0 +0200
+++ /var/tmp/diff_new_pack.LP5yzK/_new  2014-08-13 17:20:03.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.15
+Version:3.2.16
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -37,7 +37,6 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
-Patch7: audit-improve.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -138,7 +137,6 @@
 %setup -q
 %patch3
 %patch6 -p1
-%patch7 -p1
 
 %build
 autoreconf -if

++ gnutls-3.2.15.tar.xz - gnutls-3.2.16.tar.xz ++
 65623 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-06-06 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-06-06 14:36:14

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-05-14 
10:50:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-06-06 
14:36:18.0 +0200
@@ -1,0 +2,39 @@
+Tue Jun  3 07:48:04 UTC 2014 - meiss...@suse.com
+
+- Version 3.2.15 (released 2014-05-30)
+  
+  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
+  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / 
bnc#880730)
+  ** libgnutls: Several memory leaks caused by error conditions were
+  fixed. The leaks were identified using valgrind and the Codenomicon
+  TLS test suite.
+  ** libgnutls: Increased the maximum certificate size buffer
+  in the PKCS #11 subsystem.
+  ** libgnutls: Check the return code of getpwuid_r() instead of relying
+  on the result value. That avoids issue in certain systems, when using
+  tofu authentication and the home path cannot be determined. Issue reported
+  by Viktor Dukhovni.
+  ** gnutls-cli: if dane is requested but not PKIX verification, then
+  only do verify the end certificate.
+  ** ocsptool: Include path in ocsp request. This resolves #108582
+  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
+
+- Version 3.2.14 (released 2014-05-06)
+  ** libgnutls: Fixed issue with the check of incoming data when two
+  different recv and send pointers have been specified. Reported and
+  investigated by JMRecio.
+  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
+  result to illegal memory access if a server hint was provided.
+  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
+  server hint was provided.
+  ** libgnutls: Several small bug fixes identified using valgrind and
+  the Codenomicon TLS test suite.
+  ** libgnutls: Several small bug fixes found by coverity.
+  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
+  entry that matches the certificate. Patch by simon [at] arlott.org.
+  ** configure: Added --with-nettle-mini option, which allows linking
+  with a libnettle that contains gmp.
+  ** certtool: The ECDSA keys generated by default use the SECP256R1 curve
+  which is supported more widely than the previously used SECP224R1.
+
+---

Old:

  gnutls-3.2.13.tar.xz
  gnutls-3.2.13.tar.xz.sig

New:

  gnutls-3.2.15.tar.xz
  gnutls-3.2.15.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.Xn26Ne/_old  2014-06-06 14:36:19.0 +0200
+++ /var/tmp/diff_new_pack.Xn26Ne/_new  2014-06-06 14:36:19.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.13
+Version:3.2.15
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+

++ gnutls-3.2.13.tar.xz - gnutls-3.2.15.tar.xz ++
 39834 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-05-14 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-05-14 10:50:25

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-04-12 
21:39:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-05-14 
10:50:30.0 +0200
@@ -1,0 +2,8 @@
+Fri Apr 25 14:08:46 UTC 2014 - cit...@gmail.com
+
+- Improvement after code audit (audit-improve.patch)
+  * Use unsigned type for encode()
+  * tolerate NULL in strdup()
+  Modify files: lib/gnutls_mem.c, lib/auth/srp_sb64.c
+
+---

New:

  audit-improve.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.rL1NSS/_old  2014-05-14 10:50:32.0 +0200
+++ /var/tmp/diff_new_pack.rL1NSS/_new  2014-05-14 10:50:32.0 +0200
@@ -37,6 +37,7 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
+Patch7: audit-improve.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -137,6 +138,7 @@
 %setup -q
 %patch3
 %patch6 -p1
+%patch7 -p1
 
 %build
 autoreconf -if

++ audit-improve.patch ++
Index: gnutls-3.2.13/lib/gnutls_mem.c
===
--- gnutls-3.2.13.orig/lib/gnutls_mem.c
+++ gnutls-3.2.13/lib/gnutls_mem.c
@@ -73,9 +73,14 @@ void *gnutls_realloc_fast(void *ptr, siz
 
 char *_gnutls_strdup(const char *str)
 {
-   size_t siz = strlen(str) + 1;
+   size_t siz;
char *ret;
 
+   if(unlikely(!str))
+   return NULL;
+
+   siz = strlen(str) + 1;
+
ret = gnutls_malloc(siz);
if (ret != NULL)
memcpy(ret, str, siz);
Index: gnutls-3.2.13/lib/auth/srp_sb64.c
===
--- gnutls-3.2.13.orig/lib/auth/srp_sb64.c
+++ gnutls-3.2.13/lib/auth/srp_sb64.c
@@ -143,7 +143,7 @@ _gnutls_sbase64_encode(uint8_t * data, s
unsigned i, j;
int ret, tmp;
uint8_t tmpres[4];
-   int mod = data_size % 3;
+   unsigned int mod = data_size % 3;
 
ret = mod;
if (ret != 0)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-04-12 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-04-12 21:28:46

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-03-06 
19:18:09.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-04-12 
21:39:24.0 +0200
@@ -1,0 +2,36 @@
+Wed Apr  9 17:23:15 UTC 2014 - shch...@suse.com
+
+- Upgrade to 3.2.13
+  * Version 3.2.13 (released 2014-04-07)
+
+  ** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently
+  if there are no base64 data. Report and patch by Ramkumar Chinchani.
+
+  ** libgnutls: gnutls_record_send is now safe to be called under DTLS when
+  in corked mode.
+
+  ** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are
+  only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for
+  these algorithms.
+
+  ** libgnutls: Changed the behaviour in wildcard acceptance in certificates.
+  Wildcards are only accepted when there are more than two domain components
+  after the wildcard. This drops support for the permissive RFC2818 wildcards
+  and adds more conservative support based on the suggestions in RFC6125. 
Suggested
+  by Jeffrey Walton.
+
+  ** certtool: When no password is provided to export a PKCS #8 keys, do
+  not encrypt by default. This reverts to the certtool behavior of gnutls
+  3.0. The previous behavior of encrypting using an empty password can be
+  replicating using the new parameter --empty-password.
+
+  ** p11tool: Avoid dual initialization of the PKCS #11 subsystem when
+  the --provider option is given.
+
+  ** API and ABI modifications:
+  No changes since last version.
+
+  Add files: gnutls-3.2.13.tar.xz, gnutls-3.2.13.tar.xz.sig
+  Delete files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig
+
+---

Old:

  gnutls-3.2.12.1.tar.xz
  gnutls-3.2.12.1.tar.xz.sig

New:

  gnutls-3.2.13.tar.xz
  gnutls-3.2.13.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.lgaHtE/_old  2014-04-12 21:44:00.0 +0200
+++ /var/tmp/diff_new_pack.lgaHtE/_new  2014-04-12 21:44:00.0 +0200
@@ -21,15 +21,15 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.12
+Version:3.2.13
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
 Group:  Productivity/Networking/Security
 Url:http://www.gnutls.org/
-Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.1.tar.xz
+Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz
 # signature is checked by source services.
-Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.1.tar.xz.sig
+Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
 Source2:%name.keyring
 Source3:baselibs.conf
 

++ gnutls-3.2.12.1.tar.xz - gnutls-3.2.13.tar.xz ++
 82477 lines of diff (skipped)

++ gnutls-implement-trust-store-dir-3.2.8.diff ++
--- /var/tmp/diff_new_pack.lgaHtE/_old  2014-04-12 21:44:02.0 +0200
+++ /var/tmp/diff_new_pack.lgaHtE/_new  2014-04-12 21:44:02.0 +0200
@@ -1,7 +1,7 @@
-Index: gnutls-3.2.10/configure.ac
+Index: gnutls-3.2.13/configure.ac
 ===
 gnutls-3.2.10.orig/configure.ac
-+++ gnutls-3.2.10/configure.ac
+--- gnutls-3.2.13.orig/configure.ac
 gnutls-3.2.13/configure.ac
 @@ -466,6 +466,25 @@ if test $with_default_trust_store_file
with_default_trust_store_file=
  fi
@@ -40,7 +40,7 @@
  if test x$with_default_crl_file != x; then
AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
  [$with_default_crl_file], [use the given CRL file])
-@@ -770,6 +794,7 @@ AC_MSG_NOTICE([System files:
+@@ -769,6 +793,7 @@ AC_MSG_NOTICE([System files:
  
Trust store pkcs11:   $with_default_trust_store_pkcs11
Trust store file: $with_default_trust_store_file
@@ -48,10 +48,10 @@
Blacklist file:   $with_default_blacklist_file
CRL file: $with_default_crl_file
DNSSEC root key file: $unbound_root_key_file
-Index: gnutls-3.2.10/lib/system.c
+Index: gnutls-3.2.13/lib/system.c
 ===
 gnutls-3.2.10.orig/lib/system.c
-+++ gnutls-3.2.10/lib/system.c
+--- gnutls-3.2.13.orig/lib/system.c
 gnutls-3.2.13/lib/system.c
 @@ -364,7 +364,45 @@ int _gnutls_find_config_path(char *path,
return 0;
  }


-- 
To 

commit gnutls for openSUSE:Factory

2014-03-06 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-03-06 19:18:08

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-03-04 
13:14:14.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-03-06 
19:18:09.0 +0100
@@ -1,0 +2,36 @@
+Wed Mar  5 15:30:54 UTC 2014 - shch...@suse.com
+
+- Upgrade to 3.2.12.1; 
+
+** libgnutls: Reverted change that broke ABI. Reported by Andreas
+Metzler.
+
+** libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2)
+
+** libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw
+when provided with invalid data. Reported by Dmitriy Anisimkov.
+
+** libgnutls: Corrected timeout issue in subsequent to the first
+DTLS handshakes.
+
+** libgnutls: Removed unconditional not-trusted message in
+gnutls_certificate_verification_status_print() when used with
+OpenPGP certificates. Reported by Michel Briand.
+
+** libgnutls: All ciphersuites that were available in TLS1.0 or
+later are now made available in SSL3.0 or later to prevent
+any incompatibilities with servers that negotiate them in SSL 3.0.
+
+** ocsptool: When verifying a response and a signer isn't provided
+assume that the signer is the issuer.
+
+** ocsptool: When sending a nonce, verify that the nonce exists
+in the OCSP response.
+
+** gnutls-cli: Added --strict-tofu option; contributed by Jens
+Lechtenboerger.
+
+Delete files: CVE-2014-0092.patch( upstreamed), gnutls-3.2.11.tar.xz.sig, 
gnutls-3.2.11.tar.xz; 
+Add files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig
+
+---

Old:

  CVE-2014-0092.patch
  gnutls-3.2.11.tar.xz
  gnutls-3.2.11.tar.xz.sig

New:

  gnutls-3.2.12.1.tar.xz
  gnutls-3.2.12.1.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.wmsrMr/_old  2014-03-06 19:18:10.0 +0100
+++ /var/tmp/diff_new_pack.wmsrMr/_new  2014-03-06 19:18:10.0 +0100
@@ -21,15 +21,15 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.11
+Version:3.2.12
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
 Group:  Productivity/Networking/Security
 Url:http://www.gnutls.org/
-Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz
+Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.1.tar.xz
 # signature is checked by source services.
-Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
+Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.1.tar.xz.sig
 Source2:%name.keyring
 Source3:baselibs.conf
 
@@ -37,7 +37,6 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
-Patch7: CVE-2014-0092.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -138,7 +137,6 @@
 %setup -q
 %patch3
 %patch6 -p1
-%patch7 -p1
 
 %build
 autoreconf -if

++ gnutls-3.2.11.tar.xz - gnutls-3.2.12.1.tar.xz ++
 9487 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2014-03-04 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-03-04 13:14:12

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2014-02-19 
09:09:50.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-03-04 
13:14:14.0 +0100
@@ -1,0 +2,6 @@
+Mon Mar  3 09:04:31 UTC 2014 - shch...@suse.com
+
+- Fixed bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 
certificate verification
+  Add patch file: CVE-2014-0092.patch
+
+---

New:

  CVE-2014-0092.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.W2CXny/_old  2014-03-04 13:14:15.0 +0100
+++ /var/tmp/diff_new_pack.W2CXny/_new  2014-03-04 13:14:15.0 +0100
@@ -37,6 +37,7 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
+Patch7: CVE-2014-0092.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -137,6 +138,7 @@
 %setup -q
 %patch3
 %patch6 -p1
+%patch7 -p1
 
 %build
 autoreconf -if

++ CVE-2014-0092.patch ++
index bc0d560..8cd4e2a 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -129,7 +129,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t 
issuer,
 issuer_signed_data);
if (result  0) {
gnutls_assert();
-   goto cleanup;
+   goto fail;
}
 
result =
@@ -137,7 +137,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t 
issuer,
 cert_signed_data);
if (result  0) {
gnutls_assert();
-   goto cleanup;
+   goto fail;
}
 
result =
@@ -145,7 +145,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t 
issuer,
   issuer_signature);
if (result  0) {
gnutls_assert();
-   goto cleanup;
+   goto fail;
}
 
result =
@@ -153,7 +153,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t 
issuer,
   cert_signature);
if (result  0) {
gnutls_assert();
-   goto cleanup;
+   goto fail;
}
 
/* If the subject certificate is the same as the issuer
@@ -206,9 +206,10 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t 
issuer,
} else
gnutls_assert();
 
+ fail:
result = 0;
 
-  cleanup:
+ cleanup:
_gnutls_free_datum(cert_signed_data);
_gnutls_free_datum(issuer_signed_data);
_gnutls_free_datum(cert_signature);
@@ -390,8 +391,9 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert,
gnutls_datum_t cert_signed_data = { NULL, 0 };
gnutls_datum_t cert_signature = { NULL, 0 };
gnutls_x509_crt_t issuer = NULL;
-   int issuer_version, result, hash_algo;
+   int issuer_version, result = 0, hash_algo;
unsigned int out = 0, usage;
+   const mac_entry_st * me;
 
if (output)
*output = 0;
@@ -429,13 +431,14 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert,
issuer_version = gnutls_x509_crt_get_version(issuer);
if (issuer_version  0) {
gnutls_assert();
-   return issuer_version;
+   result = 0;
+   goto cleanup;
}
 
if (!(flags  GNUTLS_VERIFY_DISABLE_CA_SIGN) 
((flags  GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
 || issuer_version != 1)) {
-   if (check_if_ca(cert, issuer, max_path, flags) == 0) {
+   if (check_if_ca(cert, issuer, max_path, flags) != 1) {
gnutls_assert();
out =
GNUTLS_CERT_SIGNER_NOT_CA |
@@ -467,6 +470,7 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert,
 cert_signed_data);
if (result  0) {
gnutls_assert();
+   result = 0;
goto cleanup;
}
 
@@ -475,6 +479,7 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert,
   cert_signature);
if (result  0) {
gnutls_assert();
+   result = 0;
goto cleanup;
}
 
@@ -483,13 +488,20 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert,
 

commit gnutls for openSUSE:Factory

2014-02-19 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2014-02-19 09:09:49

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-12-23 
12:33:47.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2014-02-19 
09:09:50.0 +0100
@@ -1,0 +2,75 @@
+Thu Feb 13 20:12:06 UTC 2014 - meiss...@suse.com
+
+- Upgraded to 3.2.11
+
+  ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
+
+  ** libgnutls: Reduced the TLS and DTLS version requirements for all
+ ciphersuites that are not GCM.
+
+  ** libgnutls: When two initial keywords are specified then treat the
+ second as having the '+' modifier.
+
+  ** libgnutls:  When using a PKCS #11 module for verification ensure that
+ it has been marked a trusted policy module in p11-kit. Moreover, when an
+ empty (i.e., pkcs11:) URL is specified, then try all trusted modules
+ in the system for verification.
+ http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
+
+  ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
+ CA certificates. Reported and investigated by Suman Jana.
+ CVE-2014-1959 / bnc#863989
+
+  ** certtool: Added the --ask-pass option.
+- gnutls-3.2.10-supported-ecc.patch: upstreamed
+- gnutls-fix-missing-ipv6.patch: upstreamed
+
+---
+Tue Feb 11 12:16:48 UTC 2014 - meiss...@suse.com
+
+- Upgrade to 3.1.20 (released 2014-01-31)
+  ** libgnutls: fixed null pointer derefence when printing a certificate
+ DN and an LDAP description isn't present.
+  ** libgnutls: gnutls_db_check_entry_time will correctly report the time;
+ report and patch by Jonathan Roudiere.
+
+- Upgrade to 3.2.9 (released 2014-01-24)
+
+  ** libgnutls: The %DUMBFW option in priority string only
+ appends data to client hello if the expected size is in the
+ black hole range.
+
+  ** libgnutls: %COMPAT implies %DUMBFW.
+
+  ** libgnutls: gnutls_session_get_desc() returns a more compact
+ ciphersuite description.
+
+  * libgnutls: In PKCS #11 allow deleting multiple non-certificate data.
+
+  ** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
+ configure option --with-default-trust-store-pkcs11), then the PKCS #11
+ token is used on demand to obtain the trusted anchors, rather than
+ preloading all trusted certificates. That delegates CA certificate
+ management and blacklist checking to the PKCS #11 module.
+
+  ** libgnutls: When a PKCS #11 trust store is specified in configure
+ option or in gnutls_x509_trust_list_add_trust_file(), then the module is
+ used to obtain the verification anchors and any required blacklists as
+ in
+ 
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html
+
+  ** libgnutls: Fix in OCSP certificate status extension handling
+ in non-blocking servers. Patch by Nils Maier.
+
+  ** p11tool: Added --so-login option to force login as security
+ officer (admin).
+
+- reenable ECDHE after review of modern cryptographic practices.
+
+- gnutls-fix-missing-ipv6.patch: handle getaddrinfo/socket availability
+  issues in gnutls-serv
+
+- gnutls-3.2.10-supported-ecc.patch: do not abort gnutls-cli on sites
+  sending the client only ECC extension (www.bsi.de)
+
+---

Old:

  gnutls-3.2.8-noecc.patch
  gnutls-3.2.8.tar.xz
  gnutls-3.2.8.tar.xz.sig

New:

  gnutls-3.2.11.tar.xz
  gnutls-3.2.11.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.Nlhpt8/_old  2014-02-19 09:09:51.0 +0100
+++ /var/tmp/diff_new_pack.Nlhpt8/_new  2014-02-19 09:09:51.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.8
+Version:3.2.11
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -36,8 +36,6 @@
 # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch 
andreas.stie...@gmx.de -- skip a failing test
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
-# Disable elliptic curves for reasons. - 

commit gnutls for openSUSE:Factory

2013-12-23 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-12-23 12:33:44

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-11-04 
14:58:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-12-23 
12:33:47.0 +0100
@@ -1,0 +2,45 @@
+Sat Dec 21 20:38:19 UTC 2013 - shch...@suse.com
+
+- Upgrade to 3.2.8
+
+* Version 3.2.8 (released 2013-12-20)
+
+** libgnutls: Updated code for AES-NI. That prevents an uninitialized
+variable complaint from valgrind.
+
+** libgnutls: Enforce a maximum size for DH primes.
+
+** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy
+Polyakov's code.
+
+** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.
+
+** libgnutls: It only links to librt if the required functions are not
+present in libc. This also prevents an indirect linking to libpthread.
+
+** libgnutls: Fixed issue with gnulib strerror replacement by adding
+the strerror gnulib module.
+
+** libgnutls: The time provided in the TLS random values is only
+precise on its first 3 bytes. That prevents leakage of the precise
+system time (at least on the client side when only few connections are
+done on a single server).
+
+** certtool: The --verify option will use the system CAs if the
+load-ca-certificate option is not provided.
+
+** configure: Added option --with-default-blacklist-file to allow
+specifying a certificate blacklist file.
+
+** configure: Added --disable-non-suiteb-curves option. This option
+restricts the supported curves to SuiteB curves.
+
+** API and ABI modifications: gnutls_record_check_corked: Added
+
+Add files: gnutls-3.2.8.tar.xz, gnutls-3.2.8.tar.xz.sig, 
gnutls-implement-trust-store-dir-3.2.8.diff,
+gnutls-3.2.8-noecc.patch
+
+Delete files: gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig, 
gnutls-implement-trust-store-dir,
+gnutls-3.2.6-noecc.patch
+
+---

Old:

  gnutls-3.2.6-noecc.patch
  gnutls-3.2.6.tar.xz
  gnutls-3.2.6.tar.xz.sig
  gnutls-implement-trust-store-dir.diff

New:

  gnutls-3.2.8-noecc.patch
  gnutls-3.2.8.tar.xz
  gnutls-3.2.8.tar.xz.sig
  gnutls-implement-trust-store-dir-3.2.8.diff



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.AZfy3F/_old  2013-12-23 12:33:47.0 +0100
+++ /var/tmp/diff_new_pack.AZfy3F/_new  2013-12-23 12:33:47.0 +0100
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.6
+Version:3.2.8
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -37,8 +37,8 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 # Disable elliptic curves for reasons. - meissnercfarrell
-Patch5: gnutls-3.2.6-noecc.patch
-Patch6: gnutls-implement-trust-store-dir.diff
+Patch5: gnutls-3.2.8-noecc.patch
+Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++

++ gnutls-3.2.6-noecc.patch - gnutls-3.2.8-noecc.patch ++
 1379 lines (skipped)
 between /work/SRC/openSUSE:Factory/gnutls/gnutls-3.2.6-noecc.patch
 and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.2.8-noecc.patch

++ gnutls-3.2.6.tar.xz - gnutls-3.2.8.tar.xz ++
 585558 lines of diff (skipped)

++ gnutls-implement-trust-store-dir-3.2.8.diff ++
Index: gnutls-3.2.8/configure.ac
===
--- gnutls-3.2.8.orig/configure.ac
+++ gnutls-3.2.8/configure.ac
@@ -457,6 +457,25 @@ if test $with_default_trust_store_file
   with_default_trust_store_file=
 fi
 
+AC_ARG_WITH([default-trust-store-dir],
+  [AS_HELP_STRING([--with-default-trust-store-dir=DIRECTORY],
+[use the given directory as default trust store])], 
with_default_trust_store_dir=$withval,
+  [if test $build = $host ; then
+  for i in \
+/etc/ssl/certs/
+do
+if test -e $i ; then
+  with_default_trust_store_dir=$i
+  break
+fi
+  done
+  fi]
+)
+
+if test $with_default_trust_store_dir = no;then
+  with_default_trust_store_dir=
+fi
+
 AC_ARG_WITH([default-crl-file],
   [AS_HELP_STRING([--with-default-crl-file=FILE],
 [use the given CRL file as default])])
@@ -470,6 +489,11 @@ if test x$with_default_trust_store_file
 [$with_default_trust_store_file], [use the given file default trust 
store])
 fi
 
+if test x$with_default_trust_store_dir != x; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
+[$with_default_trust_store_dir], [use the 

commit gnutls for openSUSE:Factory

2013-11-04 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-11-04 14:58:23

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-10-29 
13:52:01.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-11-04 
14:58:24.0 +0100
@@ -1,0 +2,40 @@
+Fri Nov  1 14:39:41 UTC 2013 - shch...@suse.com
+
+- Upgrade to 3.2.6
+
+** libgnutls: Support for TPM via trousers is now enabled by default.
+
+** libgnutls: Camellia in GCM mode has been added in default priorities,
+and GCM mode is prioritized over CBC in all of the default priority strings.
+
+** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
+
+** libgnutls: Fixed ciphersuites
+GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
+GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and
+GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler.
+
+** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
+
+** libgnutls: Minimum acceptable DH group parameters were increased to
+767 bits from 727.
+
+** libgnutls: Added function to obtain random data from PKCS #11 tokens.
+Contributed by Wolfgang Meyer zu Bergsten.
+
+** gnulib: updated.
+
+** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
+previous fix. Reported by Tomas Mraz.
+
+** p11tool: Added option generate-random.
+
+** API and ABI modifications:
+gnutls_pkcs11_token_get_random: Added 
+
+Add: gnutls-3.2.6-noecc.patch, gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig
+
+Delete: gnutls-3.2.6-noecc.patch, gnutls-3.2.5.tar.xz, gnutls-3.2.5.tar.xz.sig,
+make-obs-happy-with-gnutls_3.2.5.patch
+
+---

Old:

  gnutls-3.2.5-noecc.patch
  gnutls-3.2.5.tar.xz
  gnutls-3.2.5.tar.xz.sig
  make-obs-happy-with-gnutls_3.2.5.patch

New:

  gnutls-3.2.6-noecc.patch
  gnutls-3.2.6.tar.xz
  gnutls-3.2.6.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.fbQycC/_old  2013-11-04 14:58:30.0 +0100
+++ /var/tmp/diff_new_pack.fbQycC/_new  2013-11-04 14:58:30.0 +0100
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.5
+Version:3.2.6
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -37,9 +37,8 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 # Disable elliptic curves for reasons. - meissnercfarrell
-Patch5: gnutls-3.2.5-noecc.patch
+Patch5: gnutls-3.2.6-noecc.patch
 Patch6: gnutls-implement-trust-store-dir.diff
-Patch7: make-obs-happy-with-gnutls_3.2.5.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -141,7 +140,6 @@
 %patch3
 %patch5 -p1
 %patch6 -p1
-%patch7 -p1
 
 %build
 autoreconf -if

++ gnutls-3.2.5-noecc.patch - gnutls-3.2.6-noecc.patch ++
--- /work/SRC/openSUSE:Factory/gnutls/gnutls-3.2.5-noecc.patch  2013-10-29 
13:52:01.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.2.6-noecc.patch 
2013-11-04 14:58:24.0 +0100
@@ -1,7 +1,7 @@
-Index: gnutls-3.2.5/lib/algorithms/publickey.c
+Index: gnutls-3.2.6/lib/algorithms/publickey.c
 ===
 gnutls-3.2.5.orig/lib/algorithms/publickey.c
-+++ gnutls-3.2.5/lib/algorithms/publickey.c
+--- gnutls-3.2.6.orig/lib/algorithms/publickey.c
 gnutls-3.2.6/lib/algorithms/publickey.c
 @@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[]
{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
@@ -13,7 +13,7 @@
{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
-@@ -97,7 +99,9 @@ static const gnutls_pk_entry pk_algorith
+@@ -98,7 +100,9 @@ static const gnutls_pk_entry pk_algorith
{DSA, PK_DSA_OID, GNUTLS_PK_DSA},
{GOST R 34.10-2001, PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{GOST R 34.10-94, PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
@@ -23,10 +23,10 @@
{0, 0, 0}
  };
  
-Index: gnutls-3.2.5/lib/auth/cert.c
+Index: gnutls-3.2.6/lib/auth/cert.c
 ===
 gnutls-3.2.5.orig/lib/auth/cert.c
-+++ gnutls-3.2.5/lib/auth/cert.c
+--- gnutls-3.2.6.orig/lib/auth/cert.c
 gnutls-3.2.6/lib/auth/cert.c
 @@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
 key, int deinit);
  #endif
@@ -60,10 +60,10 @@
  
ret 

commit gnutls for openSUSE:Factory

2013-10-29 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-10-29 13:52:00

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-09-04 
13:48:47.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-10-29 
13:52:01.0 +0100
@@ -1,0 +2,38 @@
+Mon Oct 28 20:36:13 UTC 2013 - shch...@suse.com
+
+- Upgrade to 3.2.5
+** libgnutls: Documentation and build-time fixes.
+
+** libgnutls: Allow the generation of DH groups of less than 700 bits.
+
+** libgnutls: Added several combinations of ciphersuites with SHA256 and
+SHA384 as MAC, as well as Camellia with GCM.
+
+** libdane: Added interfaces to allow initialization of dane_query_t
+from external DNS resolutions, and to allow direct verification of a
+certificate chain against a dane_query_t. Contributed by Christian Grothoff.
+
+** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
+triggered by a DNS server supplying more than 4 DANE records. Report and
+fix by Christian Grothoff.
+
+** srptool: Fixed index command line option. Patch by Attila Molnar.
+
+** gnutls-cli: Added support for inline commands, using the
+--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.
+
+** certtool: pathlen constraint is now read correctly. Reported by
+Christoph Seitz.
+
+** API and ABI modifications:
+gnutls_certificate_get_crt_raw: Added
+dane_verify_crt_raw: Added
+dane_raw_tlsa: Added 
+
+Add files: make-obs-happy-with-gnutls_3.2.5.patch, gnutls-3.2.5.tar.xz,
+gnutls-3.2.5.tar.xz.sig, gnutls-3.2.5-noecc.patch
+
+Delete files: gnutls-3.2.4.tar.xz, gnutls-3.2.4.tar.xz.sig, 
+make-obs-happy-with-gnutls_3.2.4.patch, gnutls-3.2.4-noecc.patch
+
+---

Old:

  gnutls-3.2.4-noecc.patch
  gnutls-3.2.4.tar.xz
  gnutls-3.2.4.tar.xz.sig
  make-obs-happy-with-gnutls_3.2.4.patch

New:

  gnutls-3.2.5-noecc.patch
  gnutls-3.2.5.tar.xz
  gnutls-3.2.5.tar.xz.sig
  make-obs-happy-with-gnutls_3.2.5.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.oNyuBZ/_old  2013-10-29 13:52:02.0 +0100
+++ /var/tmp/diff_new_pack.oNyuBZ/_new  2013-10-29 13:52:02.0 +0100
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.4
+Version:3.2.5
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -37,9 +37,9 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 # Disable elliptic curves for reasons. - meissnercfarrell
-Patch5: gnutls-3.2.4-noecc.patch
+Patch5: gnutls-3.2.5-noecc.patch
 Patch6: gnutls-implement-trust-store-dir.diff
-Patch7: make-obs-happy-with-gnutls_3.2.4.patch
+Patch7: make-obs-happy-with-gnutls_3.2.5.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++

++ gnutls-3.2.4-noecc.patch - gnutls-3.2.5-noecc.patch ++
--- /work/SRC/openSUSE:Factory/gnutls/gnutls-3.2.4-noecc.patch  2013-09-04 
13:48:47.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.2.5-noecc.patch 
2013-10-29 13:52:01.0 +0100
@@ -1,7 +1,7 @@
-Index: gnutls-3.2.4/lib/algorithms/publickey.c
+Index: gnutls-3.2.5/lib/algorithms/publickey.c
 ===
 gnutls-3.2.4.orig/lib/algorithms/publickey.c
-+++ gnutls-3.2.4/lib/algorithms/publickey.c
+--- gnutls-3.2.5.orig/lib/algorithms/publickey.c
 gnutls-3.2.5/lib/algorithms/publickey.c
 @@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[]
{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
@@ -23,15 +23,14 @@
{0, 0, 0}
  };
  
-Index: gnutls-3.2.4/lib/auth/cert.c
+Index: gnutls-3.2.5/lib/auth/cert.c
 ===
 gnutls-3.2.4.orig/lib/auth/cert.c
-+++ gnutls-3.2.4/lib/auth/cert.c
-@@ -63,7 +63,12 @@ static gnutls_privkey_t alloc_and_load_p
+--- gnutls-3.2.5.orig/lib/auth/cert.c
 gnutls-3.2.5/lib/auth/cert.c
+@@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
 key, int deinit);
  #endif
  
-+
 +#ifdef ENABLE_ECC
  #define MAX_CLIENT_SIGN_ALGOS 3
 +#else
@@ -40,7 +39,7 @@
  #define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
  typedef enum CertificateSigType
  { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
-@@ -1438,8 +1443,10 @@ _gnutls_check_supported_sign_algo (Certi
+@@ -1438,8 +1442,10 @@ 

commit gnutls for openSUSE:Factory

2013-09-04 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-09-04 13:48:45

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-09-02 
14:56:16.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-09-04 
13:48:47.0 +0200
@@ -1,0 +2,31 @@
+Mon Sep  2 16:23:59 UTC 2013 - sch...@linux-m68k.org
+
+- Don't run install-info on images
+
+---
+Mon Sep  2 07:43:21 UTC 2013 - shch...@suse.com
+
+- Update to 3.2.4
+** libgnutls: Fixes when session tickets and session DB are used.
+Report and initial patch by Stefan Buehler.
+
+** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner,
+based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH.
+
+** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch
+by Stefan Buehler.
+
+** libgnutls: Added the PFS priority string option.
+
+** libgnutls: Gnulib included files are strictly LGPLv2.
+
+** libgnutls: Corrected gnutls_certificate_server_set_request().
+Reported by Petr Pisar.
+
+** API and ABI modifications:
+gnutls_record_set_timeout: Exported 
+
+Add files:gnutls-3.2.4.tar.xz.sig, gnutls-3.2.4.tar.xz, 
gnutls-3.2.4-noecc.patch
+Delete file: gnutls-3.2.3-noecc.patch
+
+---

Old:

  gnutls-3.2.3-noecc.patch
  gnutls-3.2.3.tar.xz
  gnutls-3.2.3.tar.xz.sig

New:

  gnutls-3.2.4-noecc.patch
  gnutls-3.2.4.tar.xz
  gnutls-3.2.4.tar.xz.sig
  make-obs-happy-with-gnutls_3.2.4.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.tTyUAL/_old  2013-09-04 13:48:49.0 +0200
+++ /var/tmp/diff_new_pack.tTyUAL/_new  2013-09-04 13:48:49.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.3
+Version:3.2.4
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -37,8 +37,9 @@
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
 # Disable elliptic curves for reasons. - meissnercfarrell
-Patch5: gnutls-3.2.3-noecc.patch
+Patch5: gnutls-3.2.4-noecc.patch
 Patch6: gnutls-implement-trust-store-dir.diff
+Patch7: make-obs-happy-with-gnutls_3.2.4.patch
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -140,6 +141,7 @@
 %patch3
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 autoreconf -if
@@ -194,11 +196,9 @@
 
 %post -n libgnutls-devel
 %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
-%install_info --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz
 
 %postun -n libgnutls-devel
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
-%install_info_delete --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz
 
 %files -f libgnutls.lang
 %defattr(-, root, root)

++ gnutls-3.2.3-noecc.patch - gnutls-3.2.4-noecc.patch ++
 601 lines (skipped)
 between /work/SRC/openSUSE:Factory/gnutls/gnutls-3.2.3-noecc.patch
 and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.2.4-noecc.patch

++ gnutls-3.2.3.tar.xz - gnutls-3.2.4.tar.xz ++
 177388 lines of diff (skipped)


++ make-obs-happy-with-gnutls_3.2.4.patch ++
Index: gnutls-3.2.4/doc/examples/ex-client-xssl1.c
===
--- gnutls-3.2.4.orig/doc/examples/ex-client-xssl1.c
+++ gnutls-3.2.4/doc/examples/ex-client-xssl1.c
@@ -80,6 +80,8 @@ int main (void)
   xssl_cred_deinit (cred);
 
   gnutls_global_deinit ();
+
+  return 0;
 }
 
 
Index: gnutls-3.2.4/doc/examples/ex-client-xssl2.c
===
--- gnutls-3.2.4.orig/doc/examples/ex-client-xssl2.c
+++ gnutls-3.2.4/doc/examples/ex-client-xssl2.c
@@ -95,4 +95,6 @@ int main (void)
   xssl_cred_deinit (cred);
 
   gnutls_global_deinit ();
+
+  return 0;
 }
Index: gnutls-3.2.4/doc/examples/print-ciphersuites.c
===
--- gnutls-3.2.4.orig/doc/examples/print-ciphersuites.c
+++ gnutls-3.2.4/doc/examples/print-ciphersuites.c
@@ -51,4 +51,5 @@ int main(int argc, char** argv)
 {
   if (argc  1)
 print_cipher_suite_list (argv[1]);
+  return 0;
 }
Index: gnutls-3.2.4/src/serv.c
===
--- gnutls-3.2.4.orig/src/serv.c
+++ gnutls-3.2.4/src/serv.c
@@ -1216,6 +1216,8 @@ main (int argc, char **argv)
 udp_server (name, port, mtu);
   else
 tcp_server (name, 

commit gnutls for openSUSE:Factory

2013-09-02 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-09-02 14:56:15

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-08-01 
17:15:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-09-02 
14:56:16.0 +0200
@@ -1,0 +2,5 @@
+Fri Aug 30 00:31:19 CEST 2013 - r...@suse.de
+
+- buildrequire valgrind on the same arch list that valgrind builds 
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.NAifBr/_old  2013-09-02 14:56:17.0 +0200
+++ /var/tmp/diff_new_pack.NAifBr/_new  2013-09-02 14:56:17.0 +0200
@@ -46,7 +46,9 @@
 BuildRequires:  libnettle-devel = 2.7
 BuildRequires:  libtasn1-devel = 2.14
 BuildRequires:  libtool
+%ifarch %ix86 x86_64 ppc ppc64 s390x armv7l armv7hl
 BuildRequires:  valgrind
+%endif
 %if %suse_version = 1230
 BuildRequires:  makeinfo
 %endif



-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2013-08-01 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-08-01 17:15:14

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-07-29 
17:41:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-08-01 
17:15:15.0 +0200
@@ -1,0 +2,34 @@
+Thu Aug  1 13:42:11 UTC 2013 - meiss...@suse.com
+
+- Updated to 3.2.3
+  ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan
+ Buehler.
+
+  ** libgnutls: Solve issue with received TLS packets that exceed 2^14.
+ (this fixes a bug that was accidentally introduced in 3.2.2)
+
+  ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly
+ be used by the library.
+
+  ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial
+ fix by Alfredo Pironti.
+
+- Updated to 3.2.2
+  ** libgnutls: Several optimizations in the related to packet processing
+ subsystems.
+
+  ** libgnutls: DTLS replay detection can now be disabled (to be used
+ in certain transport layers like SCTP).
+
+  ** libgnutls: Fixes in SRTP extension generation when MKI is being used.
+
+  ** libgnutls: Added ability to set hooks before or
+ after sending or receiving any handshake message with
+ gnutls_handshake_set_hook_function().
+
+- gnutls-3.2.3-noecc.patch: updated to disable ECC.
+- automake-1.12.patch: upstream, dropped
+- gnutls-32bit.patch: upstream, dropped
+- gnutls-3.2.1-pkcs11.diff: upstream, dropped
+
+---

Old:

  automake-1.12.patch
  gnutls-3.2.1-noecc.patch
  gnutls-3.2.1-pkcs11.diff
  gnutls-3.2.1.tar.xz
  gnutls-3.2.1.tar.xz.sig
  gnutls-32bit.patch

New:

  gnutls-3.2.3-noecc.patch
  gnutls-3.2.3.tar.xz
  gnutls-3.2.3.tar.xz.sig



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.D9qjYi/_old  2013-08-01 17:15:16.0 +0200
+++ /var/tmp/diff_new_pack.D9qjYi/_new  2013-08-01 17:15:16.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.2.1
+Version:3.2.3
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-2.1+ and GPL-3.0+
@@ -32,20 +32,12 @@
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
 Source2:%name.keyring
 Source3:baselibs.conf
-# 
https://gitorious.org/gnutls/gnutls/commit/7613c3251430a212fe5d6001863045f20eca7563
-# PATCH-UPSTREAM lnus...@suse.de -- fix reading ca-certificates # via pkcs11 
interface
-Patch1: gnutls-3.2.1-pkcs11.diff
 
-Patch2: automake-1.12.patch
 # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch 
andreas.stie...@gmx.de -- skip a failing test
 Patch3: gnutls-3.0.26-skip-test-fwrite.patch
 
-# 
https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0?format=patch
-# PATCH-UPSTREAM gnutls-32bit.patch meiss...@suse.de -- avoid dates after 2037 
with 32bit time_t
-Patch4: gnutls-32bit.patch
-
 # Disable elliptic curves for reasons. - meissnercfarrell
-Patch5: gnutls-3.2.1-noecc.patch
+Patch5: gnutls-3.2.3-noecc.patch
 Patch6: gnutls-implement-trust-store-dir.diff
 
 BuildRequires:  automake
@@ -143,10 +135,7 @@
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
 %patch3
-%patch4 -p1
 %patch5 -p1
 %patch6 -p1
 

++ gnutls-3.2.1-noecc.patch - gnutls-3.2.3-noecc.patch ++
 621 lines (skipped)
 between /work/SRC/openSUSE:Factory/gnutls/gnutls-3.2.1-noecc.patch
 and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.2.3-noecc.patch

++ gnutls-3.2.1.tar.xz - gnutls-3.2.3.tar.xz ++
 109032 lines of diff (skipped)

++ gnutls-implement-trust-store-dir.diff ++
--- /var/tmp/diff_new_pack.D9qjYi/_old  2013-08-01 17:15:19.0 +0200
+++ /var/tmp/diff_new_pack.D9qjYi/_new  2013-08-01 17:15:19.0 +0200
@@ -1,8 +1,8 @@
-Index: gnutls-3.2.1/configure.ac
+Index: gnutls-3.2.3/configure.ac
 ===
 gnutls-3.2.1.orig/configure.ac
-+++ gnutls-3.2.1/configure.ac
-@@ -398,6 +398,25 @@ if test $with_default_trust_store_file
+--- gnutls-3.2.3.orig/configure.ac
 gnutls-3.2.3/configure.ac
+@@ -418,6 +418,25 @@ if test $with_default_trust_store_file
with_default_trust_store_file=
  fi
  
@@ -28,7 +28,7 @@
  AC_ARG_WITH([default-crl-file],
[AS_HELP_STRING([--with-default-crl-file=FILE],
  [use the given CRL file as default])])
-@@ -407,6 +426,11 @@ if test 

commit gnutls for openSUSE:Factory

2013-07-29 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-07-29 17:41:34

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-07-09 
20:49:55.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-07-29 
17:41:36.0 +0200
@@ -1,0 +2,7 @@
+Fri Jul 26 12:45:45 UTC 2013 - lnus...@suse.de
+
+- revert to using certificate directory again until gnutls
+  understands the trust bits in pkcs11. Otherwise it would use
+  blacklisted certificates.
+
+---

New:

  gnutls-implement-trust-store-dir.diff



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.WnXRtd/_old  2013-07-29 17:41:36.0 +0200
+++ /var/tmp/diff_new_pack.WnXRtd/_new  2013-07-29 17:41:36.0 +0200
@@ -46,6 +46,7 @@
 
 # Disable elliptic curves for reasons. - meissnercfarrell
 Patch5: gnutls-3.2.1-noecc.patch
+Patch6: gnutls-implement-trust-store-dir.diff
 
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -147,6 +148,7 @@
 %patch3
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 autoreconf -if
@@ -158,7 +160,7 @@
 --with-pic \
 --disable-rpath \
 --disable-silent-rules \
-   --with-default-trust-store-pkcs11=pkcs11: \
+   --with-default-trust-store-dir=/var/lib/ca-certificates/pem \
--disable-ecdhe \
 --with-sysroot=/%{?_sysroot}
 %__make %{?_smp_mflags}


++ gnutls-implement-trust-store-dir.diff ++
Index: gnutls-3.2.1/configure.ac
===
--- gnutls-3.2.1.orig/configure.ac
+++ gnutls-3.2.1/configure.ac
@@ -398,6 +398,25 @@ if test $with_default_trust_store_file
   with_default_trust_store_file=
 fi
 
+AC_ARG_WITH([default-trust-store-dir],
+  [AS_HELP_STRING([--with-default-trust-store-dir=DIRECTORY],
+[use the given directory as default trust store])], 
with_default_trust_store_dir=$withval,
+  [if test $build = $host ; then
+  for i in \
+/etc/ssl/certs/
+do
+if test -e $i ; then
+  with_default_trust_store_dir=$i
+  break
+fi
+  done
+  fi]
+)
+
+if test $with_default_trust_store_dir = no;then
+  with_default_trust_store_dir=
+fi
+
 AC_ARG_WITH([default-crl-file],
   [AS_HELP_STRING([--with-default-crl-file=FILE],
 [use the given CRL file as default])])
@@ -407,6 +426,11 @@ if test x$with_default_trust_store_file
 [$with_default_trust_store_file], [use the given file default trust 
store])
 fi
 
+if test x$with_default_trust_store_dir != x; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
+[$with_default_trust_store_dir], [use the given directory default trust 
store])
+fi
+
 if test x$with_default_crl_file != x; then
   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
 [$with_default_crl_file], [use the given CRL file])
@@ -683,6 +707,7 @@ AC_MSG_NOTICE([System files:
 
   Trust store pkcs: $with_default_trust_store_pkcs11
   Trust store file: $with_default_trust_store_file
+  Trust store dir:  $with_default_trust_store_dir
   CRL file: $with_default_crl_file
   DNSSEC root key file: $unbound_root_key_file
 ])
Index: gnutls-3.2.1/lib/system.c
===
--- gnutls-3.2.1.orig/lib/system.c
+++ gnutls-3.2.1/lib/system.c
@@ -385,7 +385,45 @@ const char *home_dir = getenv (HOME);
   return 0;
 }
 
-#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) 
 defined(ENABLE_PKCS11))
+/* Used by both Android code and by Linux TRUST_STORE_DIR /etc/ssl/certs code 
*/
+#if defined(DEFAULT_TRUST_STORE_DIR) || defined(ANDROID) || 
defined(__ANDROID__)
+# include dirent.h
+# include unistd.h
+static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, 
+   unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+{
+DIR * dirp;
+struct dirent *d;
+int ret;
+int r = 0;
+char path[GNUTLS_PATH_MAX];
+
+  dirp = opendir(dirname);
+  if (dirp != NULL) 
+{
+  do
+{
+ d = readdir(dirp);
+ if (d != NULL  d-d_type == DT_REG) 
+   {
+   snprintf(path, sizeof(path), %s/%s, dirname, d-d_name);
+
+ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, 
type, tl_flags, tl_vflags);
+if (ret = 0)
+  r += ret;
+   }
+   }
+  while(d != NULL);
+  closedir(dirp);
+}
+
+  return r;
+}
+#endif
+
+
+#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) 
 

commit gnutls for openSUSE:Factory

2013-07-09 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-07-09 20:49:54

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-07-05 
20:37:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-07-09 
20:49:55.0 +0200
@@ -1,0 +2,5 @@
+Mon Jul  8 15:12:59 UTC 2013 - sch...@suse.de
+
+- Override broken configure checks
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.nesgbw/_old  2013-07-09 20:49:56.0 +0200
+++ /var/tmp/diff_new_pack.nesgbw/_new  2013-07-09 20:49:56.0 +0200
@@ -152,6 +152,8 @@
 autoreconf -if
 # echde explicitly disabled - meissnercfarrell
 %configure \
+gl_cv_func_printf_directive_n=yes \
+gl_cv_func_printf_infinite_long_double=yes \
 --disable-static \
 --with-pic \
 --disable-rpath \



-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2013-07-05 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-07-05 20:37:07

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-07-01 
15:54:45.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-07-05 
20:37:08.0 +0200
@@ -1,0 +2,7 @@
+Thu Jul  4 16:15:14 UTC 2013 - lnus...@suse.de
+
+- use pkcs11 interface to fetch the system's CA certificates
+  (fate#314991). Add patch gnutls-3.2.1-pkcs11.diff to fix doing
+  that, obsoletes gnutls-implement-trust-store-dir.diff.
+
+---

Old:

  gnutls-implement-trust-store-dir.diff

New:

  gnutls-3.2.1-pkcs11.diff



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.FTMnmw/_old  2013-07-05 20:37:09.0 +0200
+++ /var/tmp/diff_new_pack.FTMnmw/_new  2013-07-05 20:37:09.0 +0200
@@ -32,8 +32,9 @@
 Source1:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
 Source2:%name.keyring
 Source3:baselibs.conf
-# suse specific, add support for certificate directories -- lnussel/meissner
-Patch1: gnutls-implement-trust-store-dir.diff
+# 
https://gitorious.org/gnutls/gnutls/commit/7613c3251430a212fe5d6001863045f20eca7563
+# PATCH-UPSTREAM lnus...@suse.de -- fix reading ca-certificates # via pkcs11 
interface
+Patch1: gnutls-3.2.1-pkcs11.diff
 
 Patch2: automake-1.12.patch
 # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch 
andreas.stie...@gmx.de -- skip a failing test
@@ -155,7 +156,7 @@
 --with-pic \
 --disable-rpath \
 --disable-silent-rules \
-   --with-default-trust-store-dir=/etc/ssl/certs \
+   --with-default-trust-store-pkcs11=pkcs11: \
--disable-ecdhe \
 --with-sysroot=/%{?_sysroot}
 %__make %{?_smp_mflags}

++ gnutls-3.2.1-pkcs11.diff ++
From 9008620a9c452fb33942f0f8ee03a44fdf277475 Mon Sep 17 00:00:00 2001
From: Stef Walter st...@redhat.com
Date: Thu, 4 Jul 2013 16:15:03 +0200
Subject: [PATCH] pkcs11: Use the correct attribute length for CKA_TRUSTED

CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
are done with the attribute byte values, we need to get the length
exactly right.
---
 lib/pkcs11.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 27ea3f4..3da3b92 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2201,7 +2201,7 @@ find_objs (struct pkcs11_session_info* sinfo,
   struct ck_attribute *attr;
   ck_object_class_t class = (ck_object_class_t)-1;
   ck_certificate_type_t type = (ck_certificate_type_t)-1;
-  unsigned int trusted;
+  unsigned char trusted;
   unsigned long category;
   ck_rv_t rv;
   ck_object_handle_t obj;
-- 
1.8.3.1



-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2013-07-01 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-07-01 15:54:42

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-04-26 
15:50:27.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-07-01 
15:54:45.0 +0200
@@ -1,0 +2,279 @@
+Thu Jun 27 13:44:12 UTC 2013 - meiss...@suse.com
+
+- Disable all ECC algorithms.
+
+- gnutls-32bit.patch: upstream patch to make test
+  work with 32bit time_t.
+
+- gnutls-implement-trust-store-dir.diff
+
+  currently not yet forward ported.
+
+- Updated to GnuTLS 3.2.1
+  ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
+ openssl versions.
+  ** libgnutls: Fixes in interrupted function resumption. Report
+ and patch by Tim Kosse.
+  ** libgnutls: Corrected issue when receiving client hello verify
+ requests in DTLS.
+  ** libgnutls: Fixes in DTLS record overhead size calculations.
+  ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by
+ Mann Ern Kang.
+- Updated to GnuTLS 3.2.0
+  ** libgnutls: Use nettle's elliptic curve implementation.
+  ** libgnutls: Added Salsa20 cipher
+  ** libgnutls: Added UMAC-96 and UMAC-128
+  ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
+ As they are not standardized they are defined using private ciphersuite 
numbers.
+  ** libgnutls: Added support for DTLS 1.2.
+  ** libgnutls: Added support for the Application Layer Protocol
+ Negotiation (ALPN) extension.
+  ** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
+  ** libgnutls: Avoid linking to librt (that also avoids unnecessary
+ linking to pthreads if p11-kit isn't used).
+
+- Updated to GnuTLS 3.1.10 (released 2013-03-22)
+  ** certtool: When generating PKCS #12 files use by default the 
+  ARCFOUR (RC4) cipher to be compatible with devices that don't
+  support AES with PKCS #12.
+  ** libgnutls: Load CA certificates in android 4.x systems.
+  ** libgnutls: Optimized CA certificate loading.
+  ** libgnutls: Private keys are overwritten on deinitialization.
+  ** libgnutls: PKCS #11 slots are scanned only when needed, not
+ on initialization. This speeds up gnutls initialization when smart
+ cards are present.
+  ** libgnutls: Corrected issue in the (deprecated) external key
+ signing interface, when used with TLS 1.2. Reported by Bjorn H. 
Christensen.
+  ** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by 
+ Joke de Buhr.
+  ** libgnutls-dane: Updated DANE verification options.
+  ** configure: Trust store file must be explicitly set or unset when 
+ cross compiling.
+- Updated to GnuTLS 3.1.9 (released 2013-02-27) 
+  ** certtool: Option --to-p12 will now ask for a password to generate
+ a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.
+  ** libgnutls: Corrected issue in gnutls_pubkey_verify_data().
+  ** libgnutls: Corrected parsing issue in XMPP within a subject 
+ alternative name. Reported by James Cloos.
+  ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
+ modules, and not only the ones loaded via p11-kit.
+  ** libgnutls: Added function to check whether the private key is
+ still available (inserted).
+  ** libgnutls: Try to detect fork even during nonce generation.
+
+- Updated to GnuTLS 3.1.8 (released 2013-02-10)
+  ** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't 
return
+ GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation
+ with encrypted keys. Reported by Yan Fiz.
+  ** libgnutls: The minimum DH bits accepted by priorities NORMAL and
+ PERFORMANCE was set to previous defaults 727 bits. Reported by Diego
+ Elio Petteno.
+  ** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() 
+ to operate with long keys. Reported by Erik A Jensen.
+
+- Updated to GnuTLS 3.1.7 (released 2013-02-04)
+  ** certtool: Added option dn which allows to directly set the DN
+ in a template from an RFC4514 string.
+  ** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.
+  ** libgnutls-xssl: Added a new library to simplify GnuTLS usage.
+  ** libgnutls-dane: Added function to specify a DLV file.
+  ** libgnutls: Heartbeat code was made optional. 
+  ** libgnutls: Fixes in server side of DTLS-0.9.
+  ** libgnutls: DN variable 'T' was expanded to 'title'.
+  ** libgnutls: Fixes in record padding parsing to prevent a timing attack. 
+ Issue reported by Kenny Paterson and Nadhem Alfardan.
+  ** libgnutls: Added functions to directly set the DN in a certificate
+ or request from an RFC4514 string.
+  ** libgnutls: 

commit gnutls for openSUSE:Factory

2013-04-26 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-04-26 15:50:26

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is shch...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2013-02-07 
10:20:31.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-04-26 
15:50:27.0 +0200
@@ -1,0 +2,5 @@
+Fri Apr 26 08:07:12 UTC 2013 - mmeis...@suse.com
+
+- Added makeinfo BuildRequire to fix build with new automake
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.IRmGZH/_old  2013-04-26 15:50:30.0 +0200
+++ /var/tmp/diff_new_pack.IRmGZH/_new  2013-04-26 15:50:30.0 +0200
@@ -40,6 +40,9 @@
 BuildRequires:  libnettle-devel = 2.2
 BuildRequires:  libtasn1-devel = 2.14
 BuildRequires:  libtool
+%if %suse_version = 1230
+BuildRequires:  makeinfo
+%endif
 BuildRequires:  p11-kit-devel = 0.11
 BuildRequires:  pkg-config
 BuildRequires:  xz

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2013-02-07 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2013-02-07 10:20:28

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is shch...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-12-03 
09:36:30.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2013-02-07 
10:20:31.0 +0100
@@ -1,0 +2,21 @@
+Tue Feb  5 17:03:26 UTC 2013 - meiss...@suse.com
+
+- Updated to GnuTLS 3.0.28
+  - libgnutls: Fixes in server side of DTLS-0.9.
+  - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
+ciphers (i.e., AES-GCM).
+  - libgnutls: Fixes in record padding parsing to prevent a timing
+attack. Issue reported by Kenny Patterson and Nadhem Alfardan.
+bnc#802184 
+  - libgnutls: DN variable 'T' was expanded to 'title'.
+
+---
+Thu Jan 24 10:14:13 UTC 2013 - meiss...@suse.com
+
+- Updated to GnuTLS 3.0.27
+  - libgnutls: Fixed record padding parsing issue.
+  - libgnutls: Stricter RSA PKCS #1 1.5 encoding.
+  - libgnutls-guile: Fixed parallel compilation issue.
+  - API and ABI modifications: No changes since last version.
+
+---

Old:

  gnutls-3.0.26.tar.xz

New:

  gnutls-3.0.28.tar.xz



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.wE3pnn/_old  2013-02-07 10:20:33.0 +0100
+++ /var/tmp/diff_new_pack.wE3pnn/_new  2013-02-07 10:20:33.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,13 +21,13 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.0.26
+Version:3.0.28
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-3.0+ and GPL-3.0+
 Group:  Productivity/Networking/Security
 Url:http://www.gnutls.org/
-Source0:http://ftp.gnu.org/gnu/gnutls/%{name}-%{version}.tar.xz
+Source0:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/%{name}-%{version}.tar.xz
 Source1:baselibs.conf
 # suse specific, add support for certificate directories -- lnussel
 Patch1: gnutls-implement-trust-store-dir.diff

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-12-03 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-12-03 09:36:19

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-11-28 
10:29:37.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-12-03 
09:36:30.0 +0100
@@ -1,0 +2,5 @@
+Tue Nov 27 20:31:26 UTC 2012 - crrodrig...@opensuse.org
+
+- Test suite breaks on qemu-arm some calls not implemented. 
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.cVrvaA/_old  2012-12-03 09:36:32.0 +0100
+++ /var/tmp/diff_new_pack.cVrvaA/_new  2012-12-03 09:36:32.0 +0100
@@ -158,7 +158,9 @@
 %find_lang libgnutls --all-name
 
 %check
+%if ! 0%{?qemu_user_space_build}
 %__make check
+%endif
 
 %clean
 rm -rf %{buildroot}


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-11-28 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-11-28 10:29:35

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-10-03 
07:23:40.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-11-28 
10:29:37.0 +0100
@@ -1,0 +2,71 @@
+Sun Nov 25 10:52:46 UTC 2012 - andreas.stie...@gmx.de
+
+- include LGPL-3.0+ text in COPYING.LESSER
+- run regression tests, but move make check to %check section
+- add gnutls-3.0.26-skip-test-fwrite.patch to skip a failing test
+- no longer manipulate doc/examples tree in %install section, the 
+  deletion of Makefiles breaks make check in %check
+- install documentation, reference and examples in %install section
+  to fetch them for the package without unneccessary files
+
+---
+Fri Nov 16 23:30:09 UTC 2012 - andreas.stie...@gmx.de
+
+- updated to GnuTLS 3.0.26:
+ - libgnutls: Always tolerate key usage violation errors from the 
+   side of the peer, but also notify via an audit message.
+ - libgnutls: gnutls_x509_crl_verify() includes time checks.
+ - libgnutls: Increased maximum password length in the PKCS #12
+   functions.
+ - API and ABI modifications:
+   GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added
+   GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
+
+- includes changes from 3.0.25:
+ - libgnutls: Fixed the receipt of session tickets during session 
+   resumption.
+ - libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the 
+   OCSP response corresponds to the given certificate.
+ - libgnutls: Several updates in the OpenPGP code. The generating code
+   is fully RFC6091 compliant and RFC5081 support is only supported in 
+   client mode.
+ - API and ABI modifications:
+   gnutls_ocsp_resp_check_crt: Added
+
+- includes changes form version 3.0.24:
+ - libgnutls: The %COMPAT keyword, if specified, will tolerate
+   key usage violation errors (they are far too common to ignore).
+ - libgnutls: Corrected bug in OpenPGP subpacket encoding.
+ - libgnutls: Added X.509 certificate verification flag 
+ - GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
+   of unsorted certificate chains and is enabled by default for
+   TLS certificate verification (if gnutls_certificate_set_verify_flags() 
+does not override it).
+ - libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
+   if interrupted during the retrasmition of handshake data.
+ - libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
+   which provides a tool to counter compression-related attacks where
+   parts of the data are controlled by the attacker _and_ are placed in
+   separate records (use with care - do not use compression if not sure).
+ - libgnutls: Depends on libtasn1 2.14 or later.
+
+- includes changes from version 3.0.23:
+ - gnutls-serv: Listens on IPv6
+ - libgnutls: Be tolerant in ECDSA signature violations (e.g. using
+   SHA256 with a SECP384 curve instead of SHA-384), to interoperate with
+   openssl.
+- libgnutls: Fixed DSA and ECDSA signature generation in smart cards.
+
+- includes changes from version 3.0.22
+ - libgnutls: When verifying a certificate chain make sure it is chain.
+   If the chain is wronly interrupted at some point then truncate it,
+  and only try to verify the correct part. Patch by David Woodhouse
+ - libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8()
+   which now may (again) accept a NULL password.
+ - certtool: Allow the user to choose the hash algorithm
+   when signing certificate request or certificate revocation list.
+
+- Refresh gnutls-implement-trust-store-dir.diff, some parts are in 
+  upstream sources
+
+---

Old:

  gnutls-3.0.21.tar.xz

New:

  gnutls-3.0.26-skip-test-fwrite.patch
  gnutls-3.0.26.tar.xz



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.sGT69l/_old  2012-11-28 10:29:38.0 +0100
+++ /var/tmp/diff_new_pack.sGT69l/_new  2012-11-28 10:29:38.0 +0100
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.0.21
+Version:3.0.26
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-3.0+ and GPL-3.0+
@@ -32,11 +32,13 @@
 # suse specific, add support for certificate directories -- lnussel
 Patch1: gnutls-implement-trust-store-dir.diff
 Patch2: automake-1.12.patch
+# PATCH-FIX-OPENSUSE 

commit gnutls for openSUSE:Factory

2012-10-02 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-10-03 07:23:38

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-07-02 
10:52:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-10-03 
07:23:40.0 +0200
@@ -1,0 +2,31 @@
+Mon Jul 16 06:00:52 UTC 2012 - g...@suse.com
+
+- update to latest stable version 3.0.21:
+  libgnutls: fixed bug in gnutls_x509_privkey_import()
+  that prevented the loading of EC private keys when DER
+  encoded. Reported by David Woodhouse.
+
+  libgnutls: In DTLS larger to mtu records result to
+  GNUTLS_E_LARGE_PACKET instead of being truncated.
+
+  libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based
+  on patch by David Woodhouse.
+
+  libgnutls: Fixed memory leak in PKCS #8 key import.
+
+  libgnutls: Added support for an old version of the DTLS protocol
+  used by openconnect vpn client for compatibility with Cisco's AnyConnect
+  SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols
+  as it has issues.
+
+  libgnutls: Corrected bug that prevented resolving PKCS #11 URLs
+  if only the label is specified. Patch by David Woodhouse.
+
+  libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET
+  is returned.
+
+  API and ABI modifications:
+  gnutls_dtls_set_data_mtu: Added
+  gnutls_session_set_premaster: Added
+
+---

Old:

  gnutls-3.0.20.tar.xz

New:

  gnutls-3.0.21.tar.xz



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.GTFp4I/_old  2012-10-03 07:23:42.0 +0200
+++ /var/tmp/diff_new_pack.GTFp4I/_new  2012-10-03 07:23:42.0 +0200
@@ -21,10 +21,10 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.0.20
+Version:3.0.21
 Release:0
 Summary:The GNU Transport Layer Security Library
-License:LGPL-3.0+ ; GPL-3.0+
+License:LGPL-3.0+ and GPL-3.0+
 Group:  Productivity/Networking/Security
 Url:http://www.gnutls.org/
 Source0:http://ftp.gnu.org/gnu/gnutls/%{name}-%{version}.tar.xz
@@ -128,7 +128,7 @@
 echo %{_includedir}/%{name}/abstract.h
 
 %build
-autoreconf -i
+autoreconf -if
 %configure \
 --disable-static \
 --with-pic \

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-07-02 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-07-02 10:52:22

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-06-25 
14:08:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-07-02 
10:52:24.0 +0200
@@ -1,0 +2,11 @@
+Sun Jul  1 20:00:33 UTC 2012 - co...@suse.com
+
+- merge am-1.12 patches into 1
+
+---
+Sat Jun 30 17:24:48 UTC 2012 - i...@marguerite.su
+
+- fix 12.2 builds.
+  * replace depreciated am_prog_mkdir_p with ac_prog_mkdir_p. 
+
+---



Other differences:
--
++ automake-1.12.patch ++
--- /var/tmp/diff_new_pack.UjA5df/_old  2012-07-02 10:52:26.0 +0200
+++ /var/tmp/diff_new_pack.UjA5df/_new  2012-07-02 10:52:26.0 +0200
@@ -1,7 +1,7 @@
-Index: gnutls-3.0.19/configure.ac
+Index: gnutls-3.0.20/configure.ac
 ===
 gnutls-3.0.19.orig/configure.ac
-+++ gnutls-3.0.19/configure.ac
+--- gnutls-3.0.20.orig/configure.ac2012-07-01 21:50:17.0 +0200
 gnutls-3.0.20/configure.ac 2012-07-01 21:50:17.977499968 +0200
 @@ -37,6 +37,7 @@ dnl Checks for programs.
  AC_PROG_CC
  AM_PROG_AS
@@ -10,3 +10,55 @@
  gl_EARLY
  
  # For includes/gnutls/gnutls.h.in.
+Index: gnutls-3.0.20/aclocal.m4
+===
+--- gnutls-3.0.20.orig/aclocal.m4  2012-06-05 19:10:14.0 +0200
 gnutls-3.0.20/aclocal.m4   2012-07-01 21:53:42.821893323 +0200
+@@ -529,7 +529,7 @@ AM_MISSING_PROG(AUTOHEADER, autoheader)
+ AM_MISSING_PROG(MAKEINFO, makeinfo)
+ AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+-AC_REQUIRE([AM_PROG_MKDIR_P])dnl
++AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+ # We need awk for the check target.  The system awk is bad on
+ # some platforms.
+ AC_REQUIRE([AC_PROG_AWK])dnl
+@@ -773,10 +773,10 @@ fi
+ 
+ # serial 1
+ 
+-# AM_PROG_MKDIR_P
++# AC_PROG_MKDIR_P
+ # ---
+ # Check for `mkdir -p'.
+-AC_DEFUN([AM_PROG_MKDIR_P],
++AC_DEFUN([AC_PROG_MKDIR_P],
+ [AC_PREREQ([2.60])dnl
+ AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+ dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+Index: gnutls-3.0.20/gl/m4/gnulib-common.m4
+===
+--- gnutls-3.0.20.orig/gl/m4/gnulib-common.m4  2012-06-05 19:07:51.0 
+0200
 gnutls-3.0.20/gl/m4/gnulib-common.m4   2012-07-01 21:53:42.821893323 
+0200
+@@ -301,7 +301,7 @@ m4_ifdef([AC_PROG_MKDIR_P], [
+ AC_SUBST([MKDIR_P])])], [
+   dnl For autoconf  2.60: Backport of AC_PROG_MKDIR_P.
+   AC_DEFUN_ONCE([AC_PROG_MKDIR_P],
+-[AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
++[AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake
+  MKDIR_P='$(mkdir_p)'
+  AC_SUBST([MKDIR_P])])])
+ 
+Index: gnutls-3.0.20/m4/po.m4
+===
+--- gnutls-3.0.20.orig/m4/po.m42011-11-08 22:07:12.0 +0100
 gnutls-3.0.20/m4/po.m4 2012-07-01 21:53:42.822893277 +0200
+@@ -24,7 +24,7 @@ AC_DEFUN([AM_PO_SUBDIRS],
+ [
+   AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+   AC_REQUIRE([AC_PROG_INSTALL])dnl
+-  AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
++  AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake
+   AC_REQUIRE([AM_NLS])dnl
+ 
+   dnl Release version of the gettext macros. This is used to ensure that


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-06-25 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-06-25 13:57:45

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-05-31 
17:05:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-06-25 
14:08:08.0 +0200
@@ -1,0 +2,29 @@
+Thu Jun 21 08:02:43 UTC 2012 - meiss...@suse.com
+
+- Updated to version 3.0.20:
+  libgnutls: Corrected bug which prevented the parsing of
+  handshake packets spanning multiple records.
+
+  libgnutls: Check key identifiers when checking for an issuer.
+
+  libgnutls: Added gnutls_pubkey_verify_hash2()
+
+  libgnutls: Added gnutls_certificate_set_x509_system_trust()
+  that loads the trusted CA certificates from system locations
+  (e.g. trusted storage in windows and CA bundle files in other systems).
+
+  certtool: Added support for the URI subject alternative
+  name type in certtool.
+
+  certtool: Increase to 128 the maximum number of distinct options
+  (e.g. dns_names) allowed.
+
+  gnutls-cli: If --print-cert is given, print the certificate, 
+  even on verification failure.
+
+  ** API and ABI modifications:
+  gnutls_pk_to_sign: Added
+  gnutls_pubkey_verify_hash2: Added
+  gnutls_certificate_set_x509_system_trust: Added
+
+---

Old:

  gnutls-3.0.19.tar.xz
  gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff

New:

  gnutls-3.0.20.tar.xz



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.IYBiiA/_old  2012-06-25 14:08:11.0 +0200
+++ /var/tmp/diff_new_pack.IYBiiA/_new  2012-06-25 14:08:11.0 +0200
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:   gnutls
-Version:3.0.19
+Version:3.0.20
 Release:0
 Summary:The GNU Transport Layer Security Library
 License:LGPL-3.0+ ; GPL-3.0+
@@ -29,9 +29,6 @@
 Url:http://www.gnutls.org/
 Source0:http://ftp.gnu.org/gnu/gnutls/%{name}-%{version}.tar.xz
 Source1:baselibs.conf
-# upstream, will be officially available in some future gnutls
-# version and can be removed then -- lnussel
-Patch0: gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff
 # suse specific, add support for certificate directories -- lnussel
 Patch1: gnutls-implement-trust-store-dir.diff
 Patch2: automake-1.12.patch
@@ -126,7 +123,6 @@
 
 %prep
 %setup -q
-%patch0 -p1
 %patch1 -p1
 %patch2 -p1
 echo %{_includedir}/%{name}/abstract.h

++ gnutls-implement-trust-store-dir.diff ++
--- /var/tmp/diff_new_pack.IYBiiA/_old  2012-06-25 14:08:11.0 +0200
+++ /var/tmp/diff_new_pack.IYBiiA/_new  2012-06-25 14:08:11.0 +0200
@@ -1,26 +1,30 @@
-From 513244e20eb057b37edfe326c164935758772a0f Mon Sep 17 00:00:00 2001
+From a6cef9220ae251e3b8f8d663c5fa7f888e3176d8 Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel ludwig.nus...@suse.de
 Date: Tue, 8 May 2012 15:47:02 +0200
 Subject: [PATCH gnutls] implement trust store dir
 
 ---
  configure.ac  |   18 -
- lib/gnutls_x509.c |   72 +
- 2 files changed, 89 insertions(+), 1 deletions(-)
+ lib/gnutls_x509.c |   74 -
+ 2 files changed, 90 insertions(+), 2 deletions(-)
 
-Index: gnutls-3.0.19/configure.ac
-===
 gnutls-3.0.19.orig/configure.ac
-+++ gnutls-3.0.19/configure.ac
-@@ -296,13 +296,23 @@ AC_ARG_WITH([default-trust-store-file],
+diff --git a/configure.ac b/configure.ac
+index f826704..d099e05 100644
+--- a/configure.ac
 b/configure.ac
+@@ -296,17 +296,27 @@ AC_ARG_WITH([default-trust-store-file],
[AS_HELP_STRING([--with-default-trust-store-file=FILE],
  [use the given file default trust store])])
  
--if test x$with_default_trust_store_pkcs11 = x -a 
x$with_default_trust_store_file = x; then
 +AC_ARG_WITH([default-trust-store-dir],
 +  [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
 + [use the given directory default trust store])])
 +
+ AC_ARG_WITH([default-crl-file],
+   [AS_HELP_STRING([--with-default-crl-file=FILE],
+ [use the given CRL file as default])])
+ 
+-if test x$with_default_trust_store_pkcs11 = x -a 
x$with_default_trust_store_file = x; then
 +if test x$with_default_trust_store_pkcs11 = x -a 
x$with_default_trust_store_file = x \
 +   -a x$with_default_trust_store_dir = x; then
# auto detect 

commit gnutls for openSUSE:Factory

2012-05-31 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-05-31 17:04:51

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-05-25 
17:33:20.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-05-31 
17:05:01.0 +0200
@@ -1,0 +2,6 @@
+Tue May 29 12:51:59 UTC 2012 - pu...@suse.com
+
+- fix build with automake-1.12
+  - add: automake-1.12.patch
+
+---

New:

  automake-1.12.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.BmDTKa/_old  2012-05-31 17:05:02.0 +0200
+++ /var/tmp/diff_new_pack.BmDTKa/_new  2012-05-31 17:05:02.0 +0200
@@ -34,11 +34,13 @@
 Patch0: gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff
 # suse specific, add support for certificate directories -- lnussel
 Patch1: gnutls-implement-trust-store-dir.diff
+Patch2: automake-1.12.patch
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
 BuildRequires:  libnettle-devel = 2.2
 BuildRequires:  libtasn1-devel
+BuildRequires:  libtool
 BuildRequires:  p11-kit-devel = 0.11
 BuildRequires:  pkg-config
 BuildRequires:  xz
@@ -126,10 +128,11 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 echo %{_includedir}/%{name}/abstract.h
 
 %build
-autoreconf
+autoreconf -i
 %configure \
 --disable-static \
 --with-pic \

++ automake-1.12.patch ++
Index: gnutls-3.0.19/configure.ac
===
--- gnutls-3.0.19.orig/configure.ac
+++ gnutls-3.0.19/configure.ac
@@ -37,6 +37,7 @@ dnl Checks for programs.
 AC_PROG_CC
 AM_PROG_AS
 AC_PROG_CXX
+AM_PROG_AR
 gl_EARLY
 
 # For includes/gnutls/gnutls.h.in.

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-05-25 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-05-25 17:33:18

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-05-22 
10:11:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-05-25 
17:33:20.0 +0200
@@ -1,0 +2,6 @@
+Thu May 24 07:45:31 UTC 2012 - lnus...@suse.de
+
+- backport gnutls_certificate_set_x509_system_trust() from git and
+  add support for trust store directories (bnc#761634)
+
+---

New:

  gnutls-implement-trust-store-dir.diff
  gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.dh5WfK/_old  2012-05-25 17:33:24.0 +0200
+++ /var/tmp/diff_new_pack.dh5WfK/_new  2012-05-25 17:33:24.0 +0200
@@ -29,6 +29,11 @@
 Url:http://www.gnutls.org/
 Source0:http://ftp.gnu.org/gnu/gnutls/%{name}-%{version}.tar.xz
 Source1:baselibs.conf
+# upstream, will be officially available in some future gnutls
+# version and can be removed then -- lnussel
+Patch0: gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff
+# suse specific, add support for certificate directories -- lnussel
+Patch1: gnutls-implement-trust-store-dir.diff
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
@@ -119,14 +124,18 @@
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 echo %{_includedir}/%{name}/abstract.h
 
 %build
+autoreconf
 %configure \
 --disable-static \
 --with-pic \
 --disable-rpath \
 --disable-silent-rules \
+   --with-default-trust-store-dir=/etc/ssl/certs \
 --with-sysroot=/%{?_sysroot}
 make %{?_smp_mflags}
 


++ gnutls-implement-trust-store-dir.diff ++
From 513244e20eb057b37edfe326c164935758772a0f Mon Sep 17 00:00:00 2001
From: Ludwig Nussel ludwig.nus...@suse.de
Date: Tue, 8 May 2012 15:47:02 +0200
Subject: [PATCH gnutls] implement trust store dir

---
 configure.ac  |   18 -
 lib/gnutls_x509.c |   72 +
 2 files changed, 89 insertions(+), 1 deletions(-)

Index: gnutls-3.0.19/configure.ac
===
--- gnutls-3.0.19.orig/configure.ac
+++ gnutls-3.0.19/configure.ac
@@ -296,13 +296,23 @@ AC_ARG_WITH([default-trust-store-file],
   [AS_HELP_STRING([--with-default-trust-store-file=FILE],
 [use the given file default trust store])])
 
-if test x$with_default_trust_store_pkcs11 = x -a 
x$with_default_trust_store_file = x; then
+AC_ARG_WITH([default-trust-store-dir],
+  [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
+ [use the given directory default trust store])])
+
+if test x$with_default_trust_store_pkcs11 = x -a 
x$with_default_trust_store_file = x \
+-a x$with_default_trust_store_dir = x; then
   # auto detect 
http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg4.html
   for i in \
+/etc/ssl/certs \
 /etc/ssl/certs/ca-certificates.crt \
 /etc/pki/tls/cert.pem \
 /usr/local/share/certs/ca-root-nss.crt
 do
+if test -d $i; then
+  with_default_trust_store_dir=$i
+  break
+fi
 if test -e $i; then
   with_default_trust_store_file=$i
   break
@@ -315,6 +325,11 @@ if test x$with_default_trust_store_file
 [$with_default_trust_store_file], [use the given file default trust 
store])
 fi
 
+if test x$with_default_trust_store_dir != x; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
+[$with_default_trust_store_dir], [use the given directory default trust 
store])
+fi
+
 dnl Guile bindings.
 opt_guile_bindings=yes
 AC_MSG_CHECKING([whether building Guile bindings])
@@ -550,6 +565,7 @@ if features are disabled)
   Anon auth support:$ac_enable_anon
   Trust store pkcs: $with_default_trust_store_pkcs11
   Trust store file: $with_default_trust_store_file
+  Trust store dir:  $with_default_trust_store_dir
 ])
 
 AC_MSG_NOTICE([Optional applications:
Index: gnutls-3.0.19/lib/gnutls_x509.c
===
--- gnutls-3.0.19.orig/lib/gnutls_x509.c
+++ gnutls-3.0.19/lib/gnutls_x509.c
@@ -36,6 +36,7 @@
 #include gnutls_pk.h
 #include gnutls_str.h
 #include debug.h
+#include dirent.h
 #include x509_b64.h
 #include gnutls_x509.h
 #include x509/common.h
@@ -1618,6 +1619,72 @@ _gnutls_certificate_set_x509_system_trus
 }
 #endif
 
+#ifdef DEFAULT_TRUST_STORE_DIR
+static 

commit gnutls for openSUSE:Factory

2012-05-22 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-05-22 10:11:29

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-05-21 
14:00:44.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-05-22 
10:11:30.0 +0200
@@ -1,0 +2,5 @@
+Mon May 21 15:35:00 UTC 2012 - lnus...@suse.de
+
+- add version and release to gnutls-devel provides
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.QYxegL/_old  2012-05-22 10:11:32.0 +0200
+++ /var/tmp/diff_new_pack.QYxegL/_new  2012-05-22 10:11:32.0 +0200
@@ -88,7 +88,7 @@
 PreReq: %install_info_prereq
 Requires:   glibc-devel
 Requires:   libgnutls%{gnutls_sover} = %{version}
-Provides:   gnutls-devel
+Provides:   gnutls-devel = %{version}-%{release}
 
 %description -n libgnutls-devel
 Files needed for software development using gnutls.


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-05-21 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-05-21 10:25:22

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-04-20 
15:16:39.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-05-21 
10:25:25.0 +0200
@@ -1,0 +2,369 @@
+Sun May 13 02:44:30 UTC 2012 - nico.laus.2...@gmx.de
+
+- Update to version 3.0.19:
+  + libgnutls:
+- When decoding a PKCS #11 URL the pin-source field
+  is assumed to be a file that stores the pin. Based on patch
+  by David Smith.
+- gnutls_record_check_pending() no longer
+  returns unprocessed data, and thus ensure the non-blocking
+  of the next call to gnutls_record_recv().
+- Added strict tests in Diffie-Hellman and
+  SRP key exchange public keys.
+- in ECDSA and DSA TLS 1.2 authentication be less
+  strict in hash selection, and allow a stronger hash to
+  be used than the appropriate, to improve interoperability
+  with openssl.
+  + tests:
+- Disabled floating point test, and corrections
+  in pkcs12 decoding tests.
+  + API and ABI modifications:
+- No changes since last version.
+- Changes from version 3.0.18:
+  + certtool:
+- Avoid a Y2K38 bug when generating certificates.
+  Patch by Robert Millan.
+  + libgnutls:
+- Make sure that GNUTLS_E_PREMATURE_TERMINATION
+- is returned on premature termination (and added unit test).
+- Fixes for W64 API. Patch by B. Scott Michel.
+- Corrected VIA padlock detection for old
+  VIA processors. Reported by Kris Karas.
+- Updated assembler files.
+- Time in generated certificates is stored
+  as GeneralizedTime instead of UTCTime (which only stores
+  2 digits of a year).
+  + minitasn1:
+- Upgraded to libtasn1 version 2.13 (pre-release).
+  + API and ABI modifications:
+- gnutls_x509_crt_set_private_key_usage_period: Added
+- gnutls_x509_crt_get_private_key_usage_period: Added
+- gnutls_x509_crq_set_private_key_usage_period: Added
+- gnutls_x509_crq_get_private_key_usage_period: Added
+- gnutls_session_get_random: Added
+- Changes from version 3.0.17:
+  + command line apps:
+- Always link with local libopts.
+  + API and ABI modifications:
+- No changes since last version.
+- Changes from version 3.0.16:
+  + minitasn1:
+- Upgraded to libtasn1 version 2.12 (pre-release).
+  + libgnutls:
+- Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+- included assembler files for MacOSX.
+  + p11tool:
+- Small fixes in handling of the --private command
+  line option.
+  + certtool:
+- The template option allows for setting the domain
+  component (DC) option of the distinguished name, and the ocsp_uri
+  as well as the ca_issuers_uri options.
+  + API and ABI modifications:
+- gnutls_x509_crt_set_authority_info_access: Added
+- Changes from version 3.0.15:
+  + test suite:
+- Only run under valgrind in the development
+  system (the full git repository)
+  + command line apps:
+- Link with local libopts if the installed is an old one.
+  + libgnutls:
+- Eliminate double free during SRP
+  authentication. Reported by Peter Penzov.
+- Corrections in record packet parsing.
+  Reported by Matthew Hall.
+- Cryptodev updates and fixes.
+- Corrected issue with select() that affected
+  FreeBSD. This prevented establishing DTLS sessions.
+  Reported by Andreas Metzler.
+- Corrected rehandshake and resumption
+  operations in DTLS. Reported by Sean Buckheister.
+- PKCS #11 objects that do not have ID
+  no longer crash listing. Reported by Sven Geggus.
+  + API and ABI modifications:
+- No changes since last version.
+- Changes from version 3.0.14:
+  + command line apps:
+- Included libopts doesn't get installed by default.
+  + libgnutls:
+- Eliminate double free on wrongly formatted
+  certificate list. Reported by Remi Gacogne.
+- cryptodev code corrected, updated to account
+  for hashes and GCM mode.
+  Eliminated memory leak in PCKS #11 initialization.
+  Report and fix by Sam Varshavchik.
+  + API and ABI modifications:
+- No changes since last version.
+- Changes from version 3.0.13:
+  + gnutls-cli:
+- added the --ocsp option which will verify
+  the peer's certificate with OCSP.
+- added the --tofu and if specified, gnutls-cli
+  will use an ssh-style authentication method.
+- if no --x509cafile is provided a default is
+  assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.
+  + ocsptool:
+- Added --ask 

commit gnutls for openSUSE:Factory

2012-05-21 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-05-21 14:00:42

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-05-21 
10:25:25.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-05-21 
14:00:44.0 +0200
@@ -1,0 +2,5 @@
+Mon May 21 11:33:29 UTC 2012 - meiss...@suse.com
+
+- let libgnutls-devel also provide gnutls-devel
+
+---



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.mre3Qh/_old  2012-05-21 14:00:45.0 +0200
+++ /var/tmp/diff_new_pack.mre3Qh/_new  2012-05-21 14:00:45.0 +0200
@@ -88,6 +88,7 @@
 PreReq: %install_info_prereq
 Requires:   glibc-devel
 Requires:   libgnutls%{gnutls_sover} = %{version}
+Provides:   gnutls-devel
 
 %description -n libgnutls-devel
 Files needed for software development using gnutls.


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-04-20 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-04-20 15:16:38

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2012-02-21 
12:38:10.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-04-20 
15:16:39.0 +0200
@@ -1,0 +2,9 @@
+Thu Apr 12 05:17:04 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#753301] - VUL-0: gnutls/libtasn1 
+  asn1_get_length_der() DER decoding issue
+  CVE-2012-1569
+  and bug[bnc#754223] - GenericBlockCipher heap corruption DoS
+  CVE-2012-1573
+
+---

New:

  CVE-2012-1569.patch
  CVE-2012-1573.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.wWhYRo/_old  2012-04-20 15:16:41.0 +0200
+++ /var/tmp/diff_new_pack.wWhYRo/_new  2012-04-20 15:16:41.0 +0200
@@ -36,6 +36,8 @@
 Patch1: gnutls-fix-crash-on-strcat.patch
 Patch2: CVE-2011-4128.patch
 Patch3: CVE-2012-0390.patch
+Patch4: CVE-2012-1569.patch
+Patch5: CVE-2012-1573.patch
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel = 2.2
@@ -160,6 +162,8 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 %build
 %configure \

++ CVE-2012-1569.patch ++
Index: gnutls-3.0.3/lib/minitasn1/decoding.c
===
--- gnutls-3.0.3.orig/lib/minitasn1/decoding.c
+++ gnutls-3.0.3/lib/minitasn1/decoding.c
@@ -55,12 +55,13 @@ _asn1_error_description_tag_error (ASN1_
  * Extract a length field from DER data.
  *
  * Returns: Return the decoded length value, or -1 on indefinite
- *   length, or -2 when the value was too big.
+ *   length, or -2 when the value was too big to fit in a int, or -4
+ *   when the decoded length value plus @len would exceed @der_len.
  **/
 signed long
 asn1_get_length_der (const unsigned char *der, int der_len, int *len)
 {
-  unsigned long ans;
+  int ans;
   int k, punt;
 
   *len = 0;
@@ -83,7 +84,7 @@ asn1_get_length_der (const unsigned char
  ans = 0;
  while (punt = k  punt  der_len)
{
- unsigned long last = ans;
+ int last = ans;
 
  ans = ans * 256 + der[punt++];
  if (ans  last)
@@ -93,10 +94,13 @@ asn1_get_length_der (const unsigned char
}
   else
{   /* indefinite length method */
- ans = -1;
+ *len = punt;
+ return -1;
}
 
   *len = punt;
+  if (ans + *len  ans || ans + *len  der_len)
+ return -4;
   return ans;
 }
 }
++ CVE-2012-1573.patch ++
Index: gnutls-3.0.3/lib/gnutls_cipher.c
===
--- gnutls-3.0.3.orig/lib/gnutls_cipher.c
+++ gnutls-3.0.3/lib/gnutls_cipher.c
@@ -502,7 +502,7 @@ ciphertext_to_compressed (gnutls_session
 
   break;
 case CIPHER_BLOCK:
-  if (ciphertext-size  MAX(blocksize, tag_size) || (ciphertext-size % 
blocksize != 0))
+  if (ciphertext-size  blocksize || (ciphertext-size % blocksize != 0))
 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
   /* ignore the IV in TLS 1.1+
@@ -514,14 +514,11 @@ ciphertext_to_compressed (gnutls_session
 
   ciphertext-size -= blocksize;
   ciphertext-data += blocksize;
-
-  if (ciphertext-size == 0)
-{
-  gnutls_assert ();
-  return GNUTLS_E_DECRYPTION_FAILED;
-}
 }
 
+  if (ciphertext-size  tag_size)
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
   /* we don't use the auth_cipher interface here, since
* TLS with block ciphers is impossible to be used under such
* an API. (the length of plaintext is required to calculate

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2012-02-21 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2012-02-21 12:38:08

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2011-12-02 
16:25:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2012-02-21 
12:38:10.0 +0100
@@ -1,0 +2,6 @@
+Mon Feb 13 06:09:57 UTC 2012 - g...@suse.com
+
+- fix Bug[bnc#739898] - VUL-1: CVE-2012-0390: GnuTLS DTLS plaintext 
+  recovery attack.
+
+---

New:

  CVE-2012-0390.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.wtjTK7/_old  2012-02-21 12:38:12.0 +0100
+++ /var/tmp/diff_new_pack.wtjTK7/_new  2012-02-21 12:38:12.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,7 @@
 # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 
vu...@opensuse.org -- Fix a crash because of badly used strcat, sent upstream 
by mail on 2011-10-17
 Patch1: gnutls-fix-crash-on-strcat.patch
 Patch2: CVE-2011-4128.patch
+Patch3: CVE-2012-0390.patch
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel = 2.2
@@ -158,6 +159,7 @@
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 %configure \

++ CVE-2012-0390.patch ++
Index: gnutls-3.0.3/lib/gnutls_cipher.c
===
--- gnutls-3.0.3.orig/lib/gnutls_cipher.c
+++ gnutls-3.0.3/lib/gnutls_cipher.c
@@ -559,7 +559,12 @@ ciphertext_to_compressed (gnutls_session
   }
 
   if (length  0)
-length = 0;
+  {
+ /* Setting a proper length to prevent timing differences in
+  * processing of records with invalid encryption.
+  */
+ length = ciphertext-size - tag_size;
+  }
 
   /* Pass the type, version, length and compressed through
* MAC.

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2011-12-02 Thread h_root
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2011-12-02 16:25:49

Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and  /work/SRC/openSUSE:Factory/.gnutls.new (New)


Package is gnutls, Maintainer is g...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes2011-10-18 
14:14:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes   2011-12-02 
16:25:51.0 +0100
@@ -1,0 +2,18 @@
+Wed Nov 30 12:43:57 UTC 2011 - vu...@opensuse.org
+
+- Fix licenses (bnc#733661): the applications as well as
+  gnutls-extra and gnutls-openssl libraries are under GPL-3.0+
+  while the library is LGPL-3.0+.
+
+---
+Wed Nov 30 09:57:27 UTC 2011 - co...@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+---
+Mon Nov 14 07:29:29 UTC 2011 - g...@suse.com
+
+- fix #Bug 729486 - gnutls: buffer overflow
+  CVE-2011-4128
+
+---

New:

  CVE-2011-4128.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.slONzC/_old  2011-12-02 16:25:53.0 +0100
+++ /var/tmp/diff_new_pack.slONzC/_new  2011-12-02 16:25:53.0 +0100
@@ -24,7 +24,7 @@
 Name:   gnutls
 Version:3.0.3
 Release:1
-License:LGPLv3+
+License:LGPL-3.0+ ; GPL-3.0+
 Summary:The GNU Transport Layer Security Library
 Url:http://www.gnutls.org/
 Group:  Productivity/Networking/Security
@@ -34,6 +34,8 @@
 Patch0: gnutls-fix-compression.patch
 # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 
vu...@opensuse.org -- Fix a crash because of badly used strcat, sent upstream 
by mail on 2011-10-17
 Patch1: gnutls-fix-crash-on-strcat.patch
+Patch2: CVE-2011-4128.patch
+BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel = 2.2
 BuildRequires:  p11-kit-devel
@@ -54,8 +56,7 @@
 implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutls%{gnutls_sover}
-
-License:LGPLv2.1+
+License:LGPL-3.0+
 Summary:The GNU Transport Layer Security Library
 Group:  Productivity/Networking/Security
 
@@ -65,8 +66,7 @@
 implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutlsxx%{gnutlsxx_sover}
-
-License:LGPLv2.1+
+License:LGPL-3.0+
 Summary:The GNU Transport Layer Security Library
 Group:  Productivity/Networking/Security
 
@@ -77,8 +77,7 @@
 
 
 %package -n libgnutls-extra%{gnutls_extra_sover}
-
-License:GPLv3+
+License:GPL-3.0+
 Summary:The GNU Transport Layer Security Library
 Group:  Productivity/Networking/Security
 
@@ -89,8 +88,7 @@
 
 
 %package -n libgnutls-openssl%{gnutls_ossl_sover}
-
-License:GPLv3+
+License:GPL-3.0+
 Summary:The GNU Transport Layer Security Library
 Group:  Productivity/Networking/Security
 
@@ -101,7 +99,7 @@
 
 
 %package -n libgnutls-devel
-License:LGPLv2.1+
+License:LGPL-3.0+
 Summary:Development package for gnutls
 Group:  Development/Libraries/C and C++
 PreReq: %install_info_prereq
@@ -112,7 +110,7 @@
 Files needed for software development using gnutls.
 
 %package -n libgnutlsxx-devel
-License:LGPLv2.1+
+License:LGPL-3.0+
 Summary:Development package for gnutls
 Group:  Development/Libraries/C and C++
 PreReq: %install_info_prereq
@@ -125,7 +123,7 @@
 
 
 %package -n libgnutls-openssl-devel
-License:LGPLv2.1+
+License:GPL-3.0+
 Summary:Development package for gnutls
 Group:  Development/Libraries/C and C++
 Requires:   libgnutls-openssl%{gnutls_ossl_sover} = %{version}
@@ -136,7 +134,7 @@
 
 
 %package -n libgnutls-extra-devel
-License:GPLv3+
+License:GPL-3.0+
 Summary:The GNU Transport Layer Security Library
 Group:  Development/Libraries/C and C++
 Requires:   libgnutls-devel = %{version}
@@ -159,6 +157,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure \

++ CVE-2011-4128.patch ++
Index: gnutls-3.0.3/lib/gnutls_session.c
===
--- gnutls-3.0.3.orig/lib/gnutls_session.c
+++ gnutls-3.0.3/lib/gnutls_session.c
@@ -63,13 +63,14 @@ gnutls_session_get_data (gnutls_session_
   gnutls_assert ();
   return ret;
 }
-  *session_data_size = psession.size;
 
   if (psession.size  

commit gnutls for openSUSE:Factory

2011-10-18 Thread h_root

Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory
checked in at Tue Oct 18 14:09:02 CEST 2011.




--- openSUSE:Factory/gnutls/gnutls.changes  2011-10-11 17:16:19.0 
+0200
+++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes  2011-10-17 
16:19:39.0 +0200
@@ -1,0 +2,6 @@
+Mon Oct 17 13:21:57 UTC 2011 - vu...@opensuse.org
+
+- Add gnutls-fix-crash-on-strcat.patch: make sure a string is
+  nul-terminated before using strcat on it. Fix bnc#724421.
+
+---

calling whatdependson for head-i586


New:

  gnutls-fix-crash-on-strcat.patch



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.G9g5Us/_old  2011-10-18 14:08:54.0 +0200
+++ /var/tmp/diff_new_pack.G9g5Us/_new  2011-10-18 14:08:54.0 +0200
@@ -32,6 +32,8 @@
 Source1:baselibs.conf
 # PATCH-FIX-UPSTREAM gnutls-fix-compression.patch vu...@opensuse.org -- Taken 
from git, fix decompression/compression
 Patch0: gnutls-fix-compression.patch
+# PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 
vu...@opensuse.org -- Fix a crash because of badly used strcat, sent upstream 
by mail on 2011-10-17
+Patch1: gnutls-fix-crash-on-strcat.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel = 2.2
 BuildRequires:  p11-kit-devel
@@ -156,6 +158,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 %configure \


++ gnutls-fix-crash-on-strcat.patch ++
From 7043a8e9e314b0c2eb7ac5c2278a0b103f6a758a Mon Sep 17 00:00:00 2001
From: Vincent Untz vu...@gnome.org
Date: Mon, 17 Oct 2011 15:15:46 +0200
Subject: [PATCH] Correctly terminate a string with \0 before concatenating to
 it

Fix a potential crash:
https://bugzilla.novell.com/show_bug.cgi?id=724421
---
 lib/x509/common.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/lib/x509/common.c b/lib/x509/common.c
index 6bb4746..0651d2e 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -390,6 +390,7 @@ _gnutls_x509_data2hex (const opaque * data, size_t 
data_size,
   if (out)
 {
   out[0] = '#';
+  out[1] = '\0';
   _gnutls_str_cat (out, *sizeof_out, res);
 }
 
-- 
1.7.7

continue with q...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2011-10-11 Thread h_root

Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory
checked in at Tue Oct 11 17:16:21 CEST 2011.




--- openSUSE:Factory/gnutls/gnutls.changes  2011-09-26 10:05:53.0 
+0200
+++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes  2011-09-30 
17:17:11.0 +0200
@@ -1,0 +2,5 @@
+Fri Sep 30 15:16:51 UTC 2011 - u...@suse.com
+
+- cross-build fix: configure with sysroot
+
+---

calling whatdependson for head-i586




Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.TROzlk/_old  2011-10-11 17:16:17.0 +0200
+++ /var/tmp/diff_new_pack.TROzlk/_new  2011-10-11 17:16:17.0 +0200
@@ -162,7 +162,8 @@
 --disable-static \
 --with-pic \
--disable-rpath \
---disable-silent-rules
+--disable-silent-rules \
+--with-sysroot=/%{?_sysroot}
 make %{?_smp_mflags}
 
 # 17-ago-2011, Test suite passes in factory, just not


continue with q...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2011-09-22 Thread h_root

Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory
checked in at Thu Sep 22 10:45:54 CEST 2011.




--- gnutls/gnutls.changes   2011-08-29 10:00:14.0 +0200
+++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes  2011-09-20 
19:03:07.0 +0200
@@ -1,0 +2,70 @@
+Tue Sep 20 16:03:50 UTC 2011 - vu...@opensuse.org
+
+- Update to version 3.0.3:
+  + libgnutls:
+- Added gnutls_record_get_discarded() to return the number of
+  discarded records in a DTLS session.
+- All functions related to RSA-EXPORT were deprecated.
+- Memory leak fixes in credentials private key
+  deinitialization.
+- Memory leak fixes in ECC ciphersuites.
+- Do not send an empty extension structure in server hello.
+  This affected old implementations that do not support
+  extensions.
+- Allow CA importing of 0 certificates to succeed.
+- Added support for VIA padlock AES optimizations. (disabled by
+  default)
+- Added support for elliptic curves in PKCS #11.
+- Added gnutls_pkcs11_privkey_generate() to allow generating a
+  key in a token.
+- gnutls_transport_set_lowat dummy macro was removed.
+  + p11tool: Added generate-rsa, generate-dsa and generate-ecc
+options to allow generating private keys in the token.
+- Changes from version 3.0.2:
+  + libgnutls:
+- OpenPGP certificate type is not enabled by default.
+- Added %NO_EXTENSIONS priority string.
+- Corrected issue in gnutls_record_recv() triggered on
+  encryption or compression error.
+- Compatibility fixes in CPU ID detection for i386 and old GCC.
+- Corrected parsing of XMPP subject alternative names.
+- Allow for out-of-order ChangeCipherSpec message in DTLS.
+- gnutls_certificate_set_x509_key() and
+  gnutls_certificate_set_openpgp_key() operate as in 2.10.x and
+  allow the release of the private key during the lifetime of
+  the certificate structure.
+  + gnutls-cli: Benchmark applications were incorporated with it.
+- Changes from version 3.0.1:
+  + libgnutls:
+- gnutls_certificate_set_x509_key_file() and friends support
+  server name indication. If multiple certificates are set
+  using these functions the proper one will be selected during
+  a handshake.
+- Added AES-256-GCM which was left out from the previous
+  release.
+- When asking for a PKCS# 11 PIN multiple times, the flags in
+  the callback were not being updated to reflect for PIN low
+  count or final try.
+- Do not allow second instances of PKCS #11 modules.
+- Fixed alignment issue in AES-NI code.
+- The config file at gnutls_pkcs11_init() is being read if
+  provided.
+- Ensure that a certificate list specified using
+  gnutls_certificate_set_x509_key() and friends, is sorted
+  according to TLS specification (from subject to issuer).
+- Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
+  gnutls_x509_crt_list_import. It checks whether the list to be
+  imported is properly sorted.
+  + crywrap: Added to the distribution. It is an application that
+proxies TLS session to a port using a plaintext service.
+  + Many GTK-DOC improvements.
+  + Updated translations.
+- Drop 0001-Included-appro-s-updates-to-AES-NI.patch,
+  0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch,
+  0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch,
+  0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch: all fixed
+  upstream.
+- Drop call to autoreconf: it was only needed for the patches.
+- Add libidn-devel BuildRequires for the new crywrap tool.
+
+---

calling whatdependson for head-i586


Old:

  0001-Included-appro-s-updates-to-AES-NI.patch
  0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
  0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
  0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
  gnutls-3.0.0.tar.xz

New:

  gnutls-3.0.3.tar.xz



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.dqfsch/_old  2011-09-22 10:45:50.0 +0200
+++ /var/tmp/diff_new_pack.dqfsch/_new  2011-09-22 10:45:50.0 +0200
@@ -22,8 +22,8 @@
 %define gnutls_extra_sover 28
 
 Name:   gnutls
-Version:3.0.0
-Release:3
+Version:3.0.3
+Release:1
 License:LGPLv3+
 Summary:The GNU Transport Layer Security Library
 Url:http://www.gnutls.org/
@@ -33,6 +33,7 @@
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel = 2.2
 BuildRequires:  p11-kit-devel
+BuildRequires:  libidn-devel
 BuildRequires:  libtasn1-devel
 BuildRequires:  pkg-config
 BuildRequires:  xz
@@ -42,10 +43,6 @@
 %ifarch ppc64
 Obsoletes:  gnutls-64bit
 %endif
-Patch0: 

commit gnutls for openSUSE:Factory

2011-08-24 Thread h_root

Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory
checked in at Wed Aug 24 13:44:21 CEST 2011.




--- gnutls/gnutls.changes   2011-06-23 10:48:36.0 +0200
+++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes  2011-08-18 
00:45:43.0 +0200
@@ -1,0 +2,15 @@
+Wed Aug 17 22:29:31 UTC 2011 - crrodrig...@opensuse.org
+
+- Update to version 3.0.0. many fixes see NEWS for details This
+  changelog only describes important package changes or features.
+* Main reason for update is to support Intel AES-NI CPU extensions.
+* Bump sonames in the library package accordingly
+* C++ apps must now buildrequire libgnutls++-devel
+* Software using the openssl emulation must buildrequire 
+  libgnutls-openssl-devel or better use openssl directly.
+* Upstream no longer uses libgcrypt but libnettle.
+* Upstream now requires the use of p11-kit
+* Add post-release upstream patches critical for improving AES-NI
+  support.
+
+---

calling whatdependson for head-i586


Old:

  gnutls-2.10.5.tar.bz2

New:

  0001-Included-appro-s-updates-to-AES-NI.patch
  0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
  0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
  0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
  gnutls-3.0.0.tar.xz



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.knzYRH/_old  2011-08-24 13:41:37.0 +0200
+++ /var/tmp/diff_new_pack.knzYRH/_new  2011-08-24 13:41:37.0 +0200
@@ -15,106 +15,134 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
 
+%define gnutls_sover 28
+%define gnutlsxx_sover 28
+%define gnutls_ossl_sover 27
+%define gnutls_extra_sover 28
 
 Name:   gnutls
-BuildRequires:  gcc-c++ libgcrypt-devel libopencdk-devel libtasn1-devel 
pkg-config
-Version:2.10.5
+Version:3.0.0
 Release:1
-License:LGPLv2.1+
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
-Url:http://www.gnutls.org/
-Source0:%name-%version.tar.bz2
-Source1:baselibs.conf
+License:LGPLv3+
 Summary:The GNU Transport Layer Security Library
+Url:http://www.gnutls.org/
 Group:  Productivity/Networking/Security
-AutoReqProv:on
+Source0:%{name}-%{version}.tar.xz
+Source1:baselibs.conf
+BuildRequires:  gcc-c++
+BuildRequires:  libnettle-devel = 2.2
+BuildRequires:  p11-kit-devel
+BuildRequires:  libtasn1-devel
+BuildRequires:  pkg-config
+BuildRequires:  xz
+BuildRequires:  zlib-devel
+BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 # bug437293
 %ifarch ppc64
 Obsoletes:  gnutls-64bit
 %endif
-#
+Patch0: 0001-Included-appro-s-updates-to-AES-NI.patch
+Patch1: 0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
+Patch2: 0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
+Patch3: 0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
 
 %description
 The GnuTLS project aims to develop a library that provides a secure
 layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed standards of the IETF's TLS working group.
 
+%package -n libgnutls%{gnutls_sover}
+
+License:LGPLv2.1+
+Summary:The GNU Transport Layer Security Library
+Group:  Productivity/Networking/Security
 
+%description -n libgnutls%{gnutls_sover}
+The GnuTLS project aims to develop a library that provides a secure
+layer over a reliable transport layer. Currently the GnuTLS library
+implements the proposed standards of the IETF's TLS working group.
 
-Authors:
-
-Nikos Mavroyanopoulos
-Fabio Fiorina
-Timo Schulz
-Andrew McDonald
+%package -n libgnutlsxx%{gnutlsxx_sover}
 
-%package -n libgnutls26
 License:LGPLv2.1+
 Summary:The GNU Transport Layer Security Library
 Group:  Productivity/Networking/Security
 
-%description -n libgnutls26
+%description -n libgnutlsxx%{gnutlsxx_sover}
 The GnuTLS project aims to develop a library that provides a secure
 layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed standards of the IETF's TLS working group.
 
 
+%package -n libgnutls-extra%{gnutls_extra_sover}
 
-Authors:
-
-Nikos Mavroyanopoulos
-Fabio Fiorina
-Timo Schulz
-Andrew McDonald
-
-%package -n libgnutls-extra26
 License:GPLv3+
 Summary:The GNU Transport Layer Security Library
 Group:  Productivity/Networking/Security
 
-%description -n libgnutls-extra26
+%description -n libgnutls-extra%{gnutls_extra_sover}
 The GnuTLS project aims to develop a library that provides a secure
 layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed 

commit gnutls for openSUSE:Factory

2011-06-28 Thread h_root

Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory
checked in at Tue Jun 28 10:10:25 CEST 2011.




--- gnutls/gnutls.changes   2011-06-15 22:30:01.0 +0200
+++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes  2011-06-23 
10:48:36.0 +0200
@@ -1,0 +2,36 @@
+Thu Jun 23 07:09:28 UTC 2011 - g...@novell.com
+
+- update to stable version 2.10.5
+  ** libgnutls: Corrected verification of finished messages.
+
+  ** libgnutls: Corrected signature generation and verification
+ in the Certificate Verify message when in TLS 1.2. Reported
+ by Todd A. Ouska.
+
+  ** pkg-config gnutls.pc improvements.
+ The file uses 'Requires.private' for libtasn1 and libz when needed,
+ instead of Libs.private.  From Andreas Metzler.
+
+  ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas 
Mraz.
+  
+  ** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
+ This makes us comply with RFC3279. Reported by Michael Rommel.
+  
+  ** libgnutls: Reverted default behavior for verification and
+ introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
+ V1 trusted CAs are allowed, unless the new flag is specified.
+  
+  ** minitasn1: Updated to Libtasn1 2.9.
+  
+  ** bgnutls: Correctly add leading zero to PKCS #8 encoded DSA key.
+ Reported by Jeffrey Walton.
+  
+  ** libgnutls: Corrected memory leak in extension data calculation.
+ Reported by Mike Blumenkrantz.
+  
+  ** libgnutls: Remove trailing comma in enums in gnutls.h and x509.h.
+  
+  ** API and ABI modifications:
+ No changes since last version.
+
+---

calling whatdependson for head-i586


Old:

  gnutls-2.10.2.tar.bz2

New:

  gnutls-2.10.5.tar.bz2



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.TtjcaR/_old  2011-06-28 10:10:04.0 +0200
+++ /var/tmp/diff_new_pack.TtjcaR/_new  2011-06-28 10:10:04.0 +0200
@@ -20,7 +20,7 @@
 
 Name:   gnutls
 BuildRequires:  gcc-c++ libgcrypt-devel libopencdk-devel libtasn1-devel 
pkg-config
-Version:2.10.2
+Version:2.10.5
 Release:1
 License:LGPLv2.1+
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build

++ gnutls-2.10.2.tar.bz2 - gnutls-2.10.5.tar.bz2 ++
gnutls/gnutls-2.10.2.tar.bz2 
/mounts/work_src_done/STABLE/gnutls/gnutls-2.10.5.tar.bz2 differ: char 11, line 
1






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit gnutls for openSUSE:Factory

2011-06-16 Thread h_root

Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory
checked in at Thu Jun 16 09:57:01 CEST 2011.




--- gnutls/gnutls.changes   2010-04-24 13:52:05.0 +0200
+++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes  2011-06-15 
22:30:01.0 +0200
@@ -1,0 +2,6 @@
+Mon Oct 11 03:05:58 UTC 2010 - g...@novell.com
+
+- update to latest stable version 2.10.2
+  * tons of changes, see NEWS
+
+---

calling whatdependson for head-i586


Old:

  gnutls-2.8.6.tar.bz2

New:

  gnutls-2.10.2.tar.bz2



Other differences:
--
++ gnutls.spec ++
--- /var/tmp/diff_new_pack.GmSfw0/_old  2011-06-16 09:54:09.0 +0200
+++ /var/tmp/diff_new_pack.GmSfw0/_new  2011-06-16 09:54:09.0 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package gnutls (Version 2.8.6)
+# spec file for package gnutls
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 
 Name:   gnutls
 BuildRequires:  gcc-c++ libgcrypt-devel libopencdk-devel libtasn1-devel 
pkg-config
-Version:2.8.6
+Version:2.10.2
 Release:1
 License:LGPLv2.1+
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
@@ -137,8 +137,8 @@
 
 %prep
 %setup -q
+#%patch0 -p1
 #%patch1 -p1
-#%patch2 -p1
 
 %build
 autoreconf -fi

++ gnutls-2.8.6.tar.bz2 - gnutls-2.10.2.tar.bz2 ++
gnutls/gnutls-2.8.6.tar.bz2 
/mounts/work_src_done/STABLE/gnutls/gnutls-2.10.2.tar.bz2 differ: char 11, line 
1






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org