Mailinglist Archive: opensuse-packaging (208 mails)
| < Previous | Next > |
[opensuse-packaging] Fwd: commit gnutls for openSUSE:Factory
- From: Stephan Kulow <coolo@xxxxxxx>
- Date: Mon, 21 May 2012 12:16:04 +0200
- Message-id: <4FBA15E4.5010606@suse.de>
Hi,
This is a pretty big update and one side effect that I wasn't be aware
of when I looked at it: it dropps libgnutls-extra-devel, which provided
the still often used name gnutls-devel. So several packages have a
problem because they require the package directly or indirectly.
E.g.
nothing provides gnutls-devel needed by net6-devel
nothing provides gnutls-devel needed by libopenvas-devel
nothing provides gnutls-devel needed by claws-mail-devel
nothing provides gnutls-devel needed by loudmouth-devel
nothing provides gnutls-devel needed by libggz2-devel
Greetings, Stephan
-------- Original Message --------
Subject: commit gnutls for openSUSE:Factory
Date: Mon, 21 May 2012 10:25:30 +0200
From: root@xxxxxxx (h_root)
To: opensuse-commit@xxxxxxxxxxxx
Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory
checked in at 2012-05-21 10:25:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls", Maintainer is "GJHe@xxxxxxxx"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2012-04-20
15:16:39.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2012-05-21
10:25:25.000000000 +0200
@@ -1,0 +2,369 @@
+Sun May 13 02:44:30 UTC 2012 - Nico.Laus.2001@xxxxxx
+
+- Update to version 3.0.19:
+ + libgnutls:
+ - When decoding a PKCS #11 URL the pin-source field
+ is assumed to be a file that stores the pin. Based on patch
+ by David Smith.
+ - gnutls_record_check_pending() no longer
+ returns unprocessed data, and thus ensure the non-blocking
+ of the next call to gnutls_record_recv().
+ - Added strict tests in Diffie-Hellman and
+ SRP key exchange public keys.
+ - in ECDSA and DSA TLS 1.2 authentication be less
+ strict in hash selection, and allow a stronger hash to
+ be used than the appropriate, to improve interoperability
+ with openssl.
+ + tests:
+ - Disabled floating point test, and corrections
+ in pkcs12 decoding tests.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.18:
+ + certtool:
+ - Avoid a Y2K38 bug when generating certificates.
+ Patch by Robert Millan.
+ + libgnutls:
+ - Make sure that GNUTLS_E_PREMATURE_TERMINATION
+ - is returned on premature termination (and added unit test).
+ - Fixes for W64 API. Patch by B. Scott Michel.
+ - Corrected VIA padlock detection for old
+ VIA processors. Reported by Kris Karas.
+ - Updated assembler files.
+ - Time in generated certificates is stored
+ as GeneralizedTime instead of UTCTime (which only stores
+ 2 digits of a year).
+ + minitasn1:
+ - Upgraded to libtasn1 version 2.13 (pre-release).
+ + API and ABI modifications:
+ - gnutls_x509_crt_set_private_key_usage_period: Added
+ - gnutls_x509_crt_get_private_key_usage_period: Added
+ - gnutls_x509_crq_set_private_key_usage_period: Added
+ - gnutls_x509_crq_get_private_key_usage_period: Added
+ - gnutls_session_get_random: Added
+- Changes from version 3.0.17:
+ + command line apps:
+ - Always link with local libopts.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.16:
+ + minitasn1:
+ - Upgraded to libtasn1 version 2.12 (pre-release).
+ + libgnutls:
+ - Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+ - included assembler files for MacOSX.
+ + p11tool:
+ - Small fixes in handling of the --private command
+ line option.
+ + certtool:
+ - The template option allows for setting the domain
+ component (DC) option of the distinguished name, and the ocsp_uri
+ as well as the ca_issuers_uri options.
+ + API and ABI modifications:
+ - gnutls_x509_crt_set_authority_info_access: Added
+- Changes from version 3.0.15:
+ + test suite:
+ - Only run under valgrind in the development
+ system (the full git repository)
+ + command line apps:
+ - Link with local libopts if the installed is an old one.
+ + libgnutls:
+ - Eliminate double free during SRP
+ authentication. Reported by Peter Penzov.
+ - Corrections in record packet parsing.
+ Reported by Matthew Hall.
+ - Cryptodev updates and fixes.
+ - Corrected issue with select() that affected
+ FreeBSD. This prevented establishing DTLS sessions.
+ Reported by Andreas Metzler.
+ - Corrected rehandshake and resumption
+ operations in DTLS. Reported by Sean Buckheister.
+ - PKCS #11 objects that do not have ID
+ no longer crash listing. Reported by Sven Geggus.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.14:
+ + command line apps:
+ - Included libopts doesn't get installed by default.
+ + libgnutls:
+ - Eliminate double free on wrongly formatted
+ certificate list. Reported by Remi Gacogne.
+ - cryptodev code corrected, updated to account
+ for hashes and GCM mode.
+ Eliminated memory leak in PCKS #11 initialization.
+ Report and fix by Sam Varshavchik.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.13:
+ + gnutls-cli:
+ - added the --ocsp option which will verify
+ the peer's certificate with OCSP.
+ - added the --tofu and if specified, gnutls-cli
+ will use an ssh-style authentication method.
+ - if no --x509cafile is provided a default is
+ assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.
+ + ocsptool:
+ - Added --ask parameter, to verify a certificate's
+ status from an ocsp server.
+ + command line apps:
+ - Use gnu autogen (libopts) to parse command
+ line arguments and template files.
+ + tests:
+ - Added stress test for DTLS packet losses and
+ out-of-order receival. Contributed by Sean Buckheister.
+ + libgnutls:
+ - Several updates and corrections in the DTLS
+ DTLS lost packet handling and retransmission timeouts.
+ Report and patches by Sean Buckheister.
+ - Added new functions to easily allow the usage of
+ a trust on first use (SSH-style) authentication.
+ - SUITEB128 and SUITEB192 priority strings account
+ for the RFC6460 requirements.
+ - Added new security parameter GNUTLS_SEC_PARAM_LEGACY
+ to account for security level of 96-bits.
+ - In client side if server does not advertise any
+ known CAs and only a single certificate is set in the credentials,
+ sent that one.
+ - Added functions to parse authority key identifiers
+ when stored as a 'general name' and serial combo.
+ - Added function to force explicit reinitialization
+ of PKCS #11 modules. This is required on the child process after
+ a fork (if PKCS #11 functionality is desirable).
+ - Depend on p11-kit 0.11.
+ + API and ABI modifications:
+ - gnutls_dtls_get_timeout: Added
+ - gnutls_verify_stored_pubkey: Added
+ - gnutls_store_pubkey: Added
+ - gnutls_store_commitment: Added
+ - gnutls_x509_crt_get_authority_key_gn_serial: Added
+ - gnutls_x509_crl_get_authority_key_gn_serial: Added
+ - gnutls_pkcs11_reinit: Added
+ - gnutls_ecc_curve_list: Added
+ - gnutls_priority_certificate_type_list: Added
+ - gnutls_priority_sign_list: Added
+ - gnutls_priority_protocol_list: Added
+ - gnutls_priority_compression_list: Added
+ - gnutls_priority_ecc_curve_list: Added
+ - gnutls_tdb_init: Added
+ - gnutls_tdb_set_store_func: Added
+ - gnutls_tdb_set_store_commitment_func: Added
+ - gnutls_tdb_set_verify_func: Added
+ - gnutls_tdb_deinit: Added
+- Changes from version 3.0.12:
+ + libgnutls:
+ - Added OCSP support.
+ There is a new header file gnutls/ocsp.h and a set of new functions
+ under the gnutls_ocsp namespace. Currently the functionality
provided
+ is to parse and extract information from OCSP requests/responses, to
+ generate OCSP requests and to verify OCSP responses. See the manual
+ for more information. Run ./configure with --disable-ocsp to build
+ GnuTLS without OCSP support.
+ This work was sponsored by Smoothwall <http://smoothwall.net/>.
+ + ocsptool:
+ - Added new command line tool.
+ The tool can parse OCSP request/responses, generate OCSP requests and
+ verify OCSP responses. See the manual for more information.
+ + certtool:
+ - --outder option now works for private
+ and public keys as well.
+ + libgnutls:
+ - Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
+ to warn when no or insufficient priorities were set.
+ - Corrected an alignment issue in ECDH
+ key generation which prevented some keys from being
+ correctly aligned in rare circumstances.
+ - Corrected memory leaks in DH parameter
+ generation and ecc_projective_check_point().
+ - Added gnutls_x509_dn_oid_name() to
+ return a descriptive name of a DN OID.
+ + API and ABI modifications:
+ - gnutls_pubkey_encrypt_data: Added
+ - gnutls_x509_dn_oid_name: Added
+ - gnutls_session_resumption_requested: Added
+ - gnutls/ocsp.h: Added new header file.
+ - gnutls_ocsp_print_formats_t: Added new type.
+ - gnutls_ocsp_resp_status_t: Added new type.
+ - gnutls_ocsp_cert_status_t: Added new type.
+ - gnutls_x509_crl_reason_t: Added new type.
+ - gnutls_ocsp_req_add_cert: Added.
+ - gnutls_ocsp_req_add_cert_id: Added.
+ - gnutls_ocsp_req_deinit: Added.
+ - gnutls_ocsp_req_export: Added.
+ - gnutls_ocsp_req_get_cert_id: Added.
+ - gnutls_ocsp_req_get_extension: Added.
+ - gnutls_ocsp_req_get_nonce: Added.
+ - gnutls_ocsp_req_get_version: Added.
+ - gnutls_ocsp_req_import: Added.
+ - gnutls_ocsp_req_init: Added.
++++ 172 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/gnutls/gnutls.changes
++++ and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes
--
May your SO always know when you need a hug.
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx
This is a pretty big update and one side effect that I wasn't be aware
of when I looked at it: it dropps libgnutls-extra-devel, which provided
the still often used name gnutls-devel. So several packages have a
problem because they require the package directly or indirectly.
E.g.
nothing provides gnutls-devel needed by net6-devel
nothing provides gnutls-devel needed by libopenvas-devel
nothing provides gnutls-devel needed by claws-mail-devel
nothing provides gnutls-devel needed by loudmouth-devel
nothing provides gnutls-devel needed by libggz2-devel
Greetings, Stephan
-------- Original Message --------
Subject: commit gnutls for openSUSE:Factory
Date: Mon, 21 May 2012 10:25:30 +0200
From: root@xxxxxxx (h_root)
To: opensuse-commit@xxxxxxxxxxxx
Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory
checked in at 2012-05-21 10:25:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls", Maintainer is "GJHe@xxxxxxxx"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2012-04-20
15:16:39.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2012-05-21
10:25:25.000000000 +0200
@@ -1,0 +2,369 @@
+Sun May 13 02:44:30 UTC 2012 - Nico.Laus.2001@xxxxxx
+
+- Update to version 3.0.19:
+ + libgnutls:
+ - When decoding a PKCS #11 URL the pin-source field
+ is assumed to be a file that stores the pin. Based on patch
+ by David Smith.
+ - gnutls_record_check_pending() no longer
+ returns unprocessed data, and thus ensure the non-blocking
+ of the next call to gnutls_record_recv().
+ - Added strict tests in Diffie-Hellman and
+ SRP key exchange public keys.
+ - in ECDSA and DSA TLS 1.2 authentication be less
+ strict in hash selection, and allow a stronger hash to
+ be used than the appropriate, to improve interoperability
+ with openssl.
+ + tests:
+ - Disabled floating point test, and corrections
+ in pkcs12 decoding tests.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.18:
+ + certtool:
+ - Avoid a Y2K38 bug when generating certificates.
+ Patch by Robert Millan.
+ + libgnutls:
+ - Make sure that GNUTLS_E_PREMATURE_TERMINATION
+ - is returned on premature termination (and added unit test).
+ - Fixes for W64 API. Patch by B. Scott Michel.
+ - Corrected VIA padlock detection for old
+ VIA processors. Reported by Kris Karas.
+ - Updated assembler files.
+ - Time in generated certificates is stored
+ as GeneralizedTime instead of UTCTime (which only stores
+ 2 digits of a year).
+ + minitasn1:
+ - Upgraded to libtasn1 version 2.13 (pre-release).
+ + API and ABI modifications:
+ - gnutls_x509_crt_set_private_key_usage_period: Added
+ - gnutls_x509_crt_get_private_key_usage_period: Added
+ - gnutls_x509_crq_set_private_key_usage_period: Added
+ - gnutls_x509_crq_get_private_key_usage_period: Added
+ - gnutls_session_get_random: Added
+- Changes from version 3.0.17:
+ + command line apps:
+ - Always link with local libopts.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.16:
+ + minitasn1:
+ - Upgraded to libtasn1 version 2.12 (pre-release).
+ + libgnutls:
+ - Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+ - included assembler files for MacOSX.
+ + p11tool:
+ - Small fixes in handling of the --private command
+ line option.
+ + certtool:
+ - The template option allows for setting the domain
+ component (DC) option of the distinguished name, and the ocsp_uri
+ as well as the ca_issuers_uri options.
+ + API and ABI modifications:
+ - gnutls_x509_crt_set_authority_info_access: Added
+- Changes from version 3.0.15:
+ + test suite:
+ - Only run under valgrind in the development
+ system (the full git repository)
+ + command line apps:
+ - Link with local libopts if the installed is an old one.
+ + libgnutls:
+ - Eliminate double free during SRP
+ authentication. Reported by Peter Penzov.
+ - Corrections in record packet parsing.
+ Reported by Matthew Hall.
+ - Cryptodev updates and fixes.
+ - Corrected issue with select() that affected
+ FreeBSD. This prevented establishing DTLS sessions.
+ Reported by Andreas Metzler.
+ - Corrected rehandshake and resumption
+ operations in DTLS. Reported by Sean Buckheister.
+ - PKCS #11 objects that do not have ID
+ no longer crash listing. Reported by Sven Geggus.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.14:
+ + command line apps:
+ - Included libopts doesn't get installed by default.
+ + libgnutls:
+ - Eliminate double free on wrongly formatted
+ certificate list. Reported by Remi Gacogne.
+ - cryptodev code corrected, updated to account
+ for hashes and GCM mode.
+ Eliminated memory leak in PCKS #11 initialization.
+ Report and fix by Sam Varshavchik.
+ + API and ABI modifications:
+ - No changes since last version.
+- Changes from version 3.0.13:
+ + gnutls-cli:
+ - added the --ocsp option which will verify
+ the peer's certificate with OCSP.
+ - added the --tofu and if specified, gnutls-cli
+ will use an ssh-style authentication method.
+ - if no --x509cafile is provided a default is
+ assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.
+ + ocsptool:
+ - Added --ask parameter, to verify a certificate's
+ status from an ocsp server.
+ + command line apps:
+ - Use gnu autogen (libopts) to parse command
+ line arguments and template files.
+ + tests:
+ - Added stress test for DTLS packet losses and
+ out-of-order receival. Contributed by Sean Buckheister.
+ + libgnutls:
+ - Several updates and corrections in the DTLS
+ DTLS lost packet handling and retransmission timeouts.
+ Report and patches by Sean Buckheister.
+ - Added new functions to easily allow the usage of
+ a trust on first use (SSH-style) authentication.
+ - SUITEB128 and SUITEB192 priority strings account
+ for the RFC6460 requirements.
+ - Added new security parameter GNUTLS_SEC_PARAM_LEGACY
+ to account for security level of 96-bits.
+ - In client side if server does not advertise any
+ known CAs and only a single certificate is set in the credentials,
+ sent that one.
+ - Added functions to parse authority key identifiers
+ when stored as a 'general name' and serial combo.
+ - Added function to force explicit reinitialization
+ of PKCS #11 modules. This is required on the child process after
+ a fork (if PKCS #11 functionality is desirable).
+ - Depend on p11-kit 0.11.
+ + API and ABI modifications:
+ - gnutls_dtls_get_timeout: Added
+ - gnutls_verify_stored_pubkey: Added
+ - gnutls_store_pubkey: Added
+ - gnutls_store_commitment: Added
+ - gnutls_x509_crt_get_authority_key_gn_serial: Added
+ - gnutls_x509_crl_get_authority_key_gn_serial: Added
+ - gnutls_pkcs11_reinit: Added
+ - gnutls_ecc_curve_list: Added
+ - gnutls_priority_certificate_type_list: Added
+ - gnutls_priority_sign_list: Added
+ - gnutls_priority_protocol_list: Added
+ - gnutls_priority_compression_list: Added
+ - gnutls_priority_ecc_curve_list: Added
+ - gnutls_tdb_init: Added
+ - gnutls_tdb_set_store_func: Added
+ - gnutls_tdb_set_store_commitment_func: Added
+ - gnutls_tdb_set_verify_func: Added
+ - gnutls_tdb_deinit: Added
+- Changes from version 3.0.12:
+ + libgnutls:
+ - Added OCSP support.
+ There is a new header file gnutls/ocsp.h and a set of new functions
+ under the gnutls_ocsp namespace. Currently the functionality
provided
+ is to parse and extract information from OCSP requests/responses, to
+ generate OCSP requests and to verify OCSP responses. See the manual
+ for more information. Run ./configure with --disable-ocsp to build
+ GnuTLS without OCSP support.
+ This work was sponsored by Smoothwall <http://smoothwall.net/>.
+ + ocsptool:
+ - Added new command line tool.
+ The tool can parse OCSP request/responses, generate OCSP requests and
+ verify OCSP responses. See the manual for more information.
+ + certtool:
+ - --outder option now works for private
+ and public keys as well.
+ + libgnutls:
+ - Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
+ to warn when no or insufficient priorities were set.
+ - Corrected an alignment issue in ECDH
+ key generation which prevented some keys from being
+ correctly aligned in rare circumstances.
+ - Corrected memory leaks in DH parameter
+ generation and ecc_projective_check_point().
+ - Added gnutls_x509_dn_oid_name() to
+ return a descriptive name of a DN OID.
+ + API and ABI modifications:
+ - gnutls_pubkey_encrypt_data: Added
+ - gnutls_x509_dn_oid_name: Added
+ - gnutls_session_resumption_requested: Added
+ - gnutls/ocsp.h: Added new header file.
+ - gnutls_ocsp_print_formats_t: Added new type.
+ - gnutls_ocsp_resp_status_t: Added new type.
+ - gnutls_ocsp_cert_status_t: Added new type.
+ - gnutls_x509_crl_reason_t: Added new type.
+ - gnutls_ocsp_req_add_cert: Added.
+ - gnutls_ocsp_req_add_cert_id: Added.
+ - gnutls_ocsp_req_deinit: Added.
+ - gnutls_ocsp_req_export: Added.
+ - gnutls_ocsp_req_get_cert_id: Added.
+ - gnutls_ocsp_req_get_extension: Added.
+ - gnutls_ocsp_req_get_nonce: Added.
+ - gnutls_ocsp_req_get_version: Added.
+ - gnutls_ocsp_req_import: Added.
+ - gnutls_ocsp_req_init: Added.
++++ 172 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/gnutls/gnutls.changes
++++ and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes
--
May your SO always know when you need a hug.
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx
| < Previous | Next > |