Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory checked
in at 2017-06-16 10:48:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls"
Fri Jun 16 10:48:11 2017 rev:101 rq:502802 version:3.5.13
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2017-05-20
14:32:00.113847627 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2017-06-16
10:48:13.314917701 +0200
@@ -1,0 +2,50 @@
+Thu Jun 8 22:51:06 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.13:
+ * libgnutls: fixed issue with AES-GCM in-place encryption and
+ decryption in aarch64
+ * libgnutls: no longer parse the ResponseID field of the status
+ response TLS extension. The field is not used by GnuTLS nor is
+ made available to calling applications. That addresses a null
+ pointer dereference on server side caused by packets containing
+ the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398
+ * libgnutls: tolerate certificates which do not have strict DER
+ time encoding. It is possible using 3rd party tools to generate
+ certificates with time fields that do not conform to DER
+ requirements. Since 3.4.x these certificates were rejected and
+ cannot be used with GnuTLS, however that caused problems with
+ existing private certificate infrastructures, which were
+ relying on such certificates. Tolerate reading and using these
+ certificates.
+ * minitasn1: updated to libtasn1 4.11.
+ * certtool: allow multiple certificates to be used in --p7-sign
+ with the --load-certificate option
+
+-------------------------------------------------------------------
+Sun Jun 4 19:52:56 UTC 2017 - astie...@suse.com
+
+- GnuTLS 3.5.12:
+ * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches
+ IP addresses against DNS fields of certificate (CN or DNSname).
+ The previous behavior was to tolerate some misconfigured
+ servers, but that was non-standard and skipped any IP
+ constraints present in higher level certificates.
+ * libgnutls: when converting to IDNA2008, fallback to IDNA2003
+ (i.e., transitional encoding) if the domain cannot be converted.
+ That provides maximum compatibility with browsers like firefox
+ that perform the same conversion.
+ * libgnutls: fix issue in RSA-PSK client callback which resulted
+ in no username being sent to the peer
+ * libgnutls: fix regression causing stapled extensions in trust
+ modules not to be considered.
+ * certtool: introduced the email_protection_key option. This
+ option was introduced in documentation for certtool without an
+ implementation of it. It is a shortcut for option
+ 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'.
+ * certtool: made printing of key ID and key PIN consistent
+ between certificates, public keys, and private keys. That is
+ the private key printing now uses the same format as the rest.
+ * gnutls-cli: introduced the --sni-hostname option. This allows
+ overriding the hostname advertised to the peer.
+
+-------------------------------------------------------------------
Old:
----
gnutls-3.5.11.tar.xz
gnutls-3.5.11.tar.xz.sig
New:
----
gnutls-3.5.13.tar.xz
gnutls-3.5.13.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.PlGloh/_old 2017-06-16 10:48:14.322775832 +0200
+++ /var/tmp/diff_new_pack.PlGloh/_new 2017-06-16 10:48:14.322775832 +0200
@@ -29,7 +29,7 @@
%define gnutls_dane_sover 0
%endif
Name: gnutls
-Version: 3.5.11
+Version: 3.5.13
Release: 0
Summary: The GNU Transport Layer Security Library
License: LGPL-2.1+ and GPL-3.0+
++++++ gnutls-3.5.11.tar.xz -> gnutls-3.5.13.tar.xz ++++++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.5.11.tar.xz
/work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.5.13.tar.xz differ: char 25,
line 1
++++++ gnutls-broken-openpgp-tests.patch ++++++
--- /var/tmp/diff_new_pack.PlGloh/_old 2017-06-16 10:48:14.414762883 +0200
+++ /var/tmp/diff_new_pack.PlGloh/_new 2017-06-16 10:48:14.414762883 +0200
@@ -1,7 +1,7 @@
-Index: gnutls-3.5.11/tests/Makefile.am
+Index: gnutls-3.5.13/tests/Makefile.am
===================================================================
---- gnutls-3.5.11.orig/tests/Makefile.am
-+++ gnutls-3.5.11/tests/Makefile.am
+--- gnutls-3.5.13.orig/tests/Makefile.am 2017-06-07 07:17:11.000000000
+0200
++++ gnutls-3.5.13/tests/Makefile.am 2017-06-08 16:53:59.125158222 +0200
@@ -19,7 +19,7 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
@@ -18,7 +18,7 @@
- mini-dtls-record-asym openpgp-callback key-import-export \
+ mini-dtls-record-asym key-import-export \
mini-dtls-fork mini-dtls-pthread mini-key-material x509cert-invalid \
- strict-der tls-ext-register tls-supplemental mini-dtls0-9 \
+ tls-ext-register tls-supplemental mini-dtls0-9 \
mini-record-retvals mini-server-name tls-etm x509-cert-callback \
@@ -236,6 +236,7 @@ endif
endif
