Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2012-06-25 13:57:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls", Maintainer is "g...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2012-05-31 17:05:01.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2012-06-25 14:08:08.000000000 +0200 @@ -1,0 +2,29 @@ +Thu Jun 21 08:02:43 UTC 2012 - meiss...@suse.com + +- Updated to version 3.0.20: + libgnutls: Corrected bug which prevented the parsing of + handshake packets spanning multiple records. + + libgnutls: Check key identifiers when checking for an issuer. + + libgnutls: Added gnutls_pubkey_verify_hash2() + + libgnutls: Added gnutls_certificate_set_x509_system_trust() + that loads the trusted CA certificates from system locations + (e.g. trusted storage in windows and CA bundle files in other systems). + + certtool: Added support for the URI subject alternative + name type in certtool. + + certtool: Increase to 128 the maximum number of distinct options + (e.g. dns_names) allowed. + + gnutls-cli: If --print-cert is given, print the certificate, + even on verification failure. + + ** API and ABI modifications: + gnutls_pk_to_sign: Added + gnutls_pubkey_verify_hash2: Added + gnutls_certificate_set_x509_system_trust: Added + +------------------------------------------------------------------- Old: ---- gnutls-3.0.19.tar.xz gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff New: ---- gnutls-3.0.20.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.IYBiiA/_old 2012-06-25 14:08:11.000000000 +0200 +++ /var/tmp/diff_new_pack.IYBiiA/_new 2012-06-25 14:08:11.000000000 +0200 @@ -21,7 +21,7 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.0.19 +Version: 3.0.20 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-3.0+ ; GPL-3.0+ @@ -29,9 +29,6 @@ Url: http://www.gnutls.org/ Source0: http://ftp.gnu.org/gnu/gnutls/%{name}-%{version}.tar.xz Source1: baselibs.conf -# upstream, will be officially available in some future gnutls -# version and can be removed then -- lnussel -Patch0: gnutls-introduce-gnutls_certificate_set_x509_system_trust.diff # suse specific, add support for certificate directories -- lnussel Patch1: gnutls-implement-trust-store-dir.diff Patch2: automake-1.12.patch @@ -126,7 +123,6 @@ %prep %setup -q -%patch0 -p1 %patch1 -p1 %patch2 -p1 echo %{_includedir}/%{name}/abstract.h ++++++ gnutls-implement-trust-store-dir.diff ++++++ --- /var/tmp/diff_new_pack.IYBiiA/_old 2012-06-25 14:08:11.000000000 +0200 +++ /var/tmp/diff_new_pack.IYBiiA/_new 2012-06-25 14:08:11.000000000 +0200 @@ -1,26 +1,30 @@ -From 513244e20eb057b37edfe326c164935758772a0f Mon Sep 17 00:00:00 2001 +From a6cef9220ae251e3b8f8d663c5fa7f888e3176d8 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Tue, 8 May 2012 15:47:02 +0200 Subject: [PATCH gnutls] implement trust store dir --- configure.ac | 18 ++++++++++++- - lib/gnutls_x509.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 89 insertions(+), 1 deletions(-) + lib/gnutls_x509.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 90 insertions(+), 2 deletions(-) -Index: gnutls-3.0.19/configure.ac -=================================================================== ---- gnutls-3.0.19.orig/configure.ac -+++ gnutls-3.0.19/configure.ac -@@ -296,13 +296,23 @@ AC_ARG_WITH([default-trust-store-file], +diff --git a/configure.ac b/configure.ac +index f826704..d099e05 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -296,17 +296,27 @@ AC_ARG_WITH([default-trust-store-file], [AS_HELP_STRING([--with-default-trust-store-file=FILE], [use the given file default trust store])]) --if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x; then +AC_ARG_WITH([default-trust-store-dir], + [AS_HELP_STRING([--with-default-trust-store-dir=DIR], + [use the given directory default trust store])]) + + AC_ARG_WITH([default-crl-file], + [AS_HELP_STRING([--with-default-crl-file=FILE], + [use the given CRL file as default])]) + +-if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x; then +if test "x$with_default_trust_store_pkcs11" = x -a "x$with_default_trust_store_file" = x \ + -a "x$with_default_trust_store_dir" = x; then # auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html @@ -37,7 +41,7 @@ if test -e $i; then with_default_trust_store_file="$i" break -@@ -315,6 +325,11 @@ if test "x$with_default_trust_store_file +@@ -319,6 +329,11 @@ if test "x$with_default_trust_store_file" != x; then ["$with_default_trust_store_file"], [use the given file default trust store]) fi @@ -46,21 +50,21 @@ + ["$with_default_trust_store_dir"], [use the given directory default trust store]) +fi + - dnl Guile bindings. - opt_guile_bindings=yes - AC_MSG_CHECKING([whether building Guile bindings]) -@@ -550,6 +565,7 @@ if features are disabled) - Anon auth support:$ac_enable_anon + if test "x$with_default_crl_file" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], + ["$with_default_crl_file"], [use the given CRL file]) +@@ -560,6 +575,7 @@ if features are disabled) + Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir + CRL file: $with_default_crl_file ]) - AC_MSG_NOTICE([Optional applications: -Index: gnutls-3.0.19/lib/gnutls_x509.c -=================================================================== ---- gnutls-3.0.19.orig/lib/gnutls_x509.c -+++ gnutls-3.0.19/lib/gnutls_x509.c +diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c +index 71e0d69..87eaa0c 100644 +--- a/lib/gnutls_x509.c ++++ b/lib/gnutls_x509.c @@ -36,6 +36,7 @@ #include <gnutls_pk.h> #include <gnutls_str.h> @@ -69,7 +73,7 @@ #include <x509_b64.h> #include <gnutls_x509.h> #include "x509/common.h" -@@ -1618,6 +1619,72 @@ _gnutls_certificate_set_x509_system_trus +@@ -1692,6 +1693,72 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) } #endif @@ -142,10 +146,19 @@ /** * gnutls_certificate_set_x509_system_trust: * @cred: is a #gnutls_certificate_credentials_t structure. -@@ -1640,6 +1707,11 @@ gnutls_certificate_set_x509_system_trust - if (ret > 0) +@@ -1710,7 +1777,7 @@ set_x509_system_trust_file (gnutls_certificate_credentials_t cred) + int + gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) + { +-#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) ++#if !defined(_WIN32) && !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) && !defined(DEFAULT_TRUST_STORE_DIR) + int r = GNUTLS_E_UNIMPLEMENTED_FEATURE; + #else + int ret, r = 0; +@@ -1728,6 +1795,11 @@ gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred) r += ret; #endif + +#ifdef DEFAULT_TRUST_STORE_DIR + ret = _gnutls_certificate_set_x509_system_trust_dir(cred); + if (ret > 0) @@ -154,3 +167,6 @@ return r; } +-- +1.7.7 + -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org