Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2017-06-16 10:48:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Fri Jun 16 10:48:11 2017 rev:101 rq:502802 version:3.5.13 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2017-05-20 14:32:00.113847627 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2017-06-16 10:48:13.314917701 +0200 @@ -1,0 +2,50 @@ +Thu Jun 8 22:51:06 UTC 2017 - astie...@suse.com + +- GnuTLS 3.5.13: + * libgnutls: fixed issue with AES-GCM in-place encryption and + decryption in aarch64 + * libgnutls: no longer parse the ResponseID field of the status + response TLS extension. The field is not used by GnuTLS nor is + made available to calling applications. That addresses a null + pointer dereference on server side caused by packets containing + the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398 + * libgnutls: tolerate certificates which do not have strict DER + time encoding. It is possible using 3rd party tools to generate + certificates with time fields that do not conform to DER + requirements. Since 3.4.x these certificates were rejected and + cannot be used with GnuTLS, however that caused problems with + existing private certificate infrastructures, which were + relying on such certificates. Tolerate reading and using these + certificates. + * minitasn1: updated to libtasn1 4.11. + * certtool: allow multiple certificates to be used in --p7-sign + with the --load-certificate option + +------------------------------------------------------------------- +Sun Jun 4 19:52:56 UTC 2017 - astie...@suse.com + +- GnuTLS 3.5.12: + * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches + IP addresses against DNS fields of certificate (CN or DNSname). + The previous behavior was to tolerate some misconfigured + servers, but that was non-standard and skipped any IP + constraints present in higher level certificates. + * libgnutls: when converting to IDNA2008, fallback to IDNA2003 + (i.e., transitional encoding) if the domain cannot be converted. + That provides maximum compatibility with browsers like firefox + that perform the same conversion. + * libgnutls: fix issue in RSA-PSK client callback which resulted + in no username being sent to the peer + * libgnutls: fix regression causing stapled extensions in trust + modules not to be considered. + * certtool: introduced the email_protection_key option. This + option was introduced in documentation for certtool without an + implementation of it. It is a shortcut for option + 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'. + * certtool: made printing of key ID and key PIN consistent + between certificates, public keys, and private keys. That is + the private key printing now uses the same format as the rest. + * gnutls-cli: introduced the --sni-hostname option. This allows + overriding the hostname advertised to the peer. + +------------------------------------------------------------------- Old: ---- gnutls-3.5.11.tar.xz gnutls-3.5.11.tar.xz.sig New: ---- gnutls-3.5.13.tar.xz gnutls-3.5.13.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.PlGloh/_old 2017-06-16 10:48:14.322775832 +0200 +++ /var/tmp/diff_new_pack.PlGloh/_new 2017-06-16 10:48:14.322775832 +0200 @@ -29,7 +29,7 @@ %define gnutls_dane_sover 0 %endif Name: gnutls -Version: 3.5.11 +Version: 3.5.13 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ ++++++ gnutls-3.5.11.tar.xz -> gnutls-3.5.13.tar.xz ++++++ /work/SRC/openSUSE:Factory/gnutls/gnutls-3.5.11.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.5.13.tar.xz differ: char 25, line 1 ++++++ gnutls-broken-openpgp-tests.patch ++++++ --- /var/tmp/diff_new_pack.PlGloh/_old 2017-06-16 10:48:14.414762883 +0200 +++ /var/tmp/diff_new_pack.PlGloh/_new 2017-06-16 10:48:14.414762883 +0200 @@ -1,7 +1,7 @@ -Index: gnutls-3.5.11/tests/Makefile.am +Index: gnutls-3.5.13/tests/Makefile.am =================================================================== ---- gnutls-3.5.11.orig/tests/Makefile.am -+++ gnutls-3.5.11/tests/Makefile.am +--- gnutls-3.5.13.orig/tests/Makefile.am 2017-06-07 07:17:11.000000000 +0200 ++++ gnutls-3.5.13/tests/Makefile.am 2017-06-08 16:53:59.125158222 +0200 @@ -19,7 +19,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. @@ -18,7 +18,7 @@ - mini-dtls-record-asym openpgp-callback key-import-export \ + mini-dtls-record-asym key-import-export \ mini-dtls-fork mini-dtls-pthread mini-key-material x509cert-invalid \ - strict-der tls-ext-register tls-supplemental mini-dtls0-9 \ + tls-ext-register tls-supplemental mini-dtls0-9 \ mini-record-retvals mini-server-name tls-etm x509-cert-callback \ @@ -236,6 +236,7 @@ endif endif