Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory checked
in at 2022-03-28 16:58:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls"
Mon Mar 28 16:58:39 2022 rev:135 rq:964662 version:3.7.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2022-03-11
21:41:00.798058958 +0100
+++ /work/SRC/openSUSE:Factory/.gnutls.new.1900/gnutls.changes 2022-03-28
16:59:04.284847943 +0200
@@ -1,0 +2,33 @@
+Fri Mar 18 18:31:06 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
+ * The IG 10.3.A and SP800-132 require some minimum parameters for
+ the salt length, password length and iteration count. These
+ parameters should be also used in the KAT.
+ * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
+- Enable to run the regression tests also in FIPS mode.
+
+-------------------------------------------------------------------
+Fri Mar 18 08:59:49 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 3.7.4:
+ * libgnutls: Added support for certificate compression as defined
+ in RFC8879.
+ * certtool: Added option --compress-cert that allows user to
+ specify compression methods for certificate compression.
+ * libgnutls: GnuTLS can now be compiled with --enable-strict-x509
+ configure option to enforce stricter certificate sanity checks
+ that are compliant with RFC5280.
+ * libgnutls: Removed IA5String type from DirectoryString within
+ issuer and subject name to make DirectoryString RFC5280 compliant.
+ * libgnutls: Added function to retrieve the name of current
+ ciphersuite from session.
+ * Bump libgnutlsxx soname due to ABI break
+ * API and ABI modifications:
+ - GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
+ - GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
+ - gnutls_compress_certificate_get_selected_method: Added
+ - gnutls_compress_certificate_set_methods: Added
+ * Update gnutls.keyring
+
+-------------------------------------------------------------------
@@ -94,0 +128 @@
+ * Add gnutls-FIPS-disable-failing-tests.patch
Old:
----
gnutls-3.7.3.tar.xz
gnutls-3.7.3.tar.xz.sig
New:
----
gnutls-3.7.4.tar.xz
gnutls-3.7.4.tar.xz.sig
gnutls-FIPS-PBKDF2-KAT-requirements.patch
gnutls-FIPS-disable-failing-tests.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.iGITYX/_old 2022-03-28 16:59:06.372850780 +0200
+++ /var/tmp/diff_new_pack.iGITYX/_new 2022-03-28 16:59:06.376850785 +0200
@@ -17,7 +17,7 @@
%define gnutls_sover 30
-%define gnutlsxx_sover 28
+%define gnutlsxx_sover 30
%define gnutls_dane_sover 0
# unbound isn't in SLE (bsc#1086428)
%if 0%{?is_opensuse}
@@ -34,7 +34,7 @@
%bcond_with tpm
%bcond_without guile
Name: gnutls
-Version: 3.7.3
+Version: 3.7.4
Release: 0
Summary: The GNU Transport Layer Security Library
License: GPL-3.0-or-later AND LGPL-2.1-or-later
@@ -47,6 +47,9 @@
Patch0: gnutls-3.5.11-skip-trust-store-tests.patch
Patch1: gnutls-3.6.6-set_guile_site_dir.patch
Patch2: gnutls-FIPS-TLS_KDF_selftest.patch
+Patch3: gnutls-FIPS-disable-failing-tests.patch
+#PATCH-FIX-SUSE bsc#1184669 FIPS: Additional PBKDF2 requirements for KAT
+Patch4: gnutls-FIPS-PBKDF2-KAT-requirements.patch
BuildRequires: autogen
BuildRequires: automake
BuildRequires: datefudge
@@ -250,8 +253,6 @@
# install docs
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
-mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
-cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
@@ -265,11 +266,15 @@
%check
%if ! 0%{?qemu_user_space_build}
-# export GNUTLS_FORCE_FIPS_MODE=1
make %{?_smp_mflags} check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
find -name test-suite.log -print -exec cat {} +
exit 1
}
+#Run the regression tests also in FIPS mode
+GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags}
GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
+ find -name test-suite.log -print -exec cat {} +
+ exit 1
+}
%endif
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
++++++ gnutls-3.7.3.tar.xz -> gnutls-3.7.4.tar.xz ++++++
++++ 168918 lines of diff (skipped)
++++++ gnutls-FIPS-PBKDF2-KAT-requirements.patch ++++++
Index: gnutls-3.7.3/lib/crypto-selftests.c
===================================================================
--- gnutls-3.7.3.orig/lib/crypto-selftests.c
+++ gnutls-3.7.3/lib/crypto-selftests.c
@@ -3112,6 +3112,16 @@ const struct pbkdf2_vectors_st pbkdf2_sh
"\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
"\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
},
+ /* Test vector extracted from
https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
+ {
+ STR(key, key_size, "passwordPASSWORDpassword"),
+ STR(salt, salt_size, "saltSALTsaltSALTsaltSALTsaltSALTsalt"),
+ .iter_count = 4096,
+ STR(output, output_size,
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e"
+ "\x84\xcf\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f"
+ "\xb8\xdd\x53\xe1\xc6\x35\x51\x8c\x7d\xac\x47\xe9"),
+ },
};
static int test_pbkdf2(gnutls_mac_algorithm_t mac,
++++++ gnutls-FIPS-disable-failing-tests.patch ++++++
Index: gnutls-3.7.3/guile/Makefile.am
===================================================================
--- gnutls-3.7.3.orig/guile/Makefile.am
+++ gnutls-3.7.3/guile/Makefile.am
@@ -102,8 +102,6 @@ endif HAVE_GUILD
#
TESTS = \
- tests/anonymous-auth.scm \
- tests/session-record-port.scm \
tests/pkcs-import-export.scm \
tests/errors.scm \
tests/x509-certificates.scm \
Index: gnutls-3.7.3/guile/Makefile.in
===================================================================
--- gnutls-3.7.3.orig/guile/Makefile.in
+++ gnutls-3.7.3/guile/Makefile.in
@@ -2320,8 +2320,7 @@ CLEANFILES = modules/gnutls.scm $(am__ap
#
# Tests.
#
-TESTS = tests/anonymous-auth.scm tests/session-record-port.scm \
- tests/pkcs-import-export.scm tests/errors.scm \
+TESTS = tests/pkcs-import-export.scm tests/errors.scm \
tests/x509-certificates.scm tests/x509-auth.scm \
tests/reauth.scm tests/priorities.scm $(am__append_2)
TESTS_ENVIRONMENT = \
++++++ gnutls.keyring ++++++
--- /var/tmp/diff_new_pack.iGITYX/_old 2022-03-28 16:59:09.444854953 +0200
+++ /var/tmp/diff_new_pack.iGITYX/_new 2022-03-28 16:59:09.448854958 +0200
@@ -1684,4 +1684,18 @@
NA+R/e4eeyThgRet5M+0+9Duynj/ACpfWq/dxXbWRfY=
=Q7yu
-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYcRaoxYJKwYBBAHaRw8BAQdA5U8Cb4ZMYCjuAa6tqNKbRxXzycS2iLvNzWki
+bGD2fe60JVpvbHRhbiBGcmlkcmljaCA8emZyaWRyaWNAcmVkaGF0LmNvbT6ImgQT
+FgoAQhYhBF1Gyw92NAWnBTVW9Hp1pkiz+SIMBQJhxFqjAhsDBQkDwmcABQsJCAcC
+AyICAQYVCgkICwIEFgIDAQIeBwIXgAAKCRB6daZIs/kiDGnYAQCiU94/eIspZzzx
+V17pylayAEv23s5uKvlGo1Ml1ySrZAEA8Q2rACBmdTpUfoW3LG3MJI0l1XP3kMEu
+WDBiM84D2gK4OARhxFqjEgorBgEEAZdVAQUBAQdAxKg6y4A69qT7doTni8/zKuKy
+QKXEORZTCNxkcnz3dXoDAQgHiH4EGBYKACYWIQRdRssPdjQFpwU1VvR6daZIs/ki
+DAUCYcRaowIbDAUJA8JnAAAKCRB6daZIs/kiDM/EAP0VN87WwaMcNwZcyocG/B9f
+419IojEx70PzMIBBlPctAgD/R/qamAlnggADzmS1PCF8+2W6Erc+HV2W/u2+wVJu
+7w0=
+=6FAm
+-----END PGP PUBLIC KEY BLOCK-----
