Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2018-10-25 08:11:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls"
Thu Oct 25 08:11:16 2018 rev:114 rq:642097 version:3.6.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2018-09-26 16:01:11.424517917 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2018-10-25 08:11:24.528224690 +0200
@@ -1,0 +2,36 @@
+Mon Oct 15 15:41:42 UTC 2018 - Vítězslav Čížek
+
+- Temporarily disable failing psk-file test (race condition)
+ * add disable-psk-file-test.patch
+
+-------------------------------------------------------------------
+Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal
+
+- Version update to 3.6.4 (bsc#1111757):
+ ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
+ ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
+ gnutls_certificate_set_retrieve_function() which could not handle the case where
+ no certificates were returned, or the callbacks were set to NULL (see #528).
+ ** libgnutls: gnutls_handshake() on server returns early on handshake when no
+ certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
+ is specified.
+ ** libgnutls: Added session ticket key rotation on server side with TOTP.
+ The key set with gnutls_session_ticket_enable_server() is used as a
+ master key to generate time-based keys for tickets. The rotation
+ relates to the gnutls_db_set_cache_expiration() period.
+ ** libgnutls: The 'record size limit' extension is added and preferred to the
+ 'max record size' extension when possible.
+ ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
+ This addresses the problem where the CA certificate doesn't have a subject key
+ identifier whereas the end certificates have an authority key identifier (#569)
+ ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
+ gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
+ and export GOST parameters in the "native" little endian format used for these
+ curves. This is an intentional incompatible change with 3.6.3.
+ ** libgnutls: Added support for seperately negotiating client and server certificate types
+ as defined in RFC7250. This mechanism must be explicitly enabled via the
+ GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
+- Drop upstreamed patch:
+ * gnutls-3.6.3-backport-upstream-fixes.patch
+
+-------------------------------------------------------------------
Old:
----
gnutls-3.6.3-backport-upstream-fixes.patch
gnutls-3.6.3.tar.xz
gnutls-3.6.3.tar.xz.sig
New:
----
disable-psk-file-test.patch
gnutls-3.6.4.tar.xz
gnutls-3.6.4.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.a7g3pq/_old 2018-10-25 08:11:25.244224221 +0200
+++ /var/tmp/diff_new_pack.a7g3pq/_new 2018-10-25 08:11:25.248224219 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -20,8 +20,8 @@
%define gnutlsxx_sover 28
%define gnutls_dane_sover 0
-# unbound isn't in SLE (bsc#1086428)
-%if 0%{?is_opensuse}
+# unbound isn't in SLE12 (bsc#1086428)
+%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500
%bcond_without dane
%else
%bcond_with dane
@@ -29,7 +29,7 @@
%bcond_with tpm
%bcond_without guile
Name: gnutls
-Version: 3.6.3
+Version: 3.6.4
Release: 0
Summary: The GNU Transport Layer Security Library
License: LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -41,7 +41,7 @@
Source3: baselibs.conf
Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-Patch3: gnutls-3.6.3-backport-upstream-fixes.patch
+Patch3: disable-psk-file-test.patch
BuildRequires: autogen
BuildRequires: automake
BuildRequires: datefudge
@@ -160,11 +160,11 @@
%prep
%setup -q
%patch1 -p1
+%patch3 -p1
# dtls-resume test fails on PPC
%ifarch ppc64 ppc64le ppc
%patch2 -p1
%endif
-%patch3 -p1
%build
export LDFLAGS="-pie"
++++++ disable-psk-file-test.patch ++++++
diff --git a/tests/Makefile.in b/tests/Makefile.in
index 07433e0..4ecd431 100644
--- a/tests/Makefile.in
+++ b/tests/Makefile.in
@@ -457,7 +457,7 @@ am__EXEEXT_10 = tls13/supported_versions$(EXEEXT) \
pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \
x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \
x509sign-verify-gost$(EXEEXT) mini-alignment$(EXEEXT) \
- oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \
+ oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) \
priority-init2$(EXEEXT) status-request$(EXEEXT) \
status-request-ok$(EXEEXT) status-request-missing$(EXEEXT) \
sign-verify-ext$(EXEEXT) fallback-scsv$(EXEEXT) \
@@ -1590,8 +1590,6 @@ privkey_verify_broken_OBJECTS = privkey-verify-broken.$(OBJEXT)
privkey_verify_broken_LDADD = $(LDADD)
privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \
libutils.la $(am__DEPENDENCIES_2)
-psk_file_SOURCES = psk-file.c
-psk_file_OBJECTS = psk-file.$(OBJEXT)
psk_file_LDADD = $(LDADD)
psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \
$(am__DEPENDENCIES_2)
@@ -2723,7 +2721,7 @@ am__depfiles_remade = ./$(DEPDIR)/alerts.Po \
./$(DEPDIR)/priority-init2.Po ./$(DEPDIR)/priority-mix.Po \
./$(DEPDIR)/priority-set.Po ./$(DEPDIR)/priority-set2.Po \
./$(DEPDIR)/privkey-keygen.Po \
- ./$(DEPDIR)/privkey-verify-broken.Po ./$(DEPDIR)/psk-file.Po \
+ ./$(DEPDIR)/privkey-verify-broken.Po \
./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pubkey-import-export.Po \
./$(DEPDIR)/random-art.Po ./$(DEPDIR)/record-pad.Po \
./$(DEPDIR)/record-retvals.Po \
@@ -3021,7 +3019,7 @@ SOURCES = $(libpkcs11mock1_la_SOURCES) $(libutils_la_SOURCES) alerts.c \
pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \
prf.c priorities.c priorities-groups.c priority-init2.c \
priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \
- privkey-verify-broken.c psk-file.c pskself.c \
+ privkey-verify-broken.c pskself.c \
pubkey-import-export.c random-art.c record-pad.c \
record-retvals.c record-sizes.c record-sizes-range.c \
record-timeouts.c recv-data-before-handshake.c \
@@ -3183,7 +3181,7 @@ DIST_SOURCES = $(am__libpkcs11mock1_la_SOURCES_DIST) \
pkcs7-gen.c pkcs8-key-decode.c pkcs8-key-decode-encrypted.c \
prf.c priorities.c priorities-groups.c priority-init2.c \
priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \
- privkey-verify-broken.c psk-file.c pskself.c \
+ privkey-verify-broken.c pskself.c \
pubkey-import-export.c random-art.c record-pad.c \
record-retvals.c record-sizes.c record-sizes-range.c \
record-timeouts.c recv-data-before-handshake.c \
@@ -4734,7 +4732,7 @@ ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \
x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \
server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal \
pkcs7-gen dtls-etm x509sign-verify-rsa x509sign-verify-ecdsa \
- x509sign-verify-gost mini-alignment oids atfork prf psk-file \
+ x509sign-verify-gost mini-alignment oids atfork prf \
priority-init2 status-request status-request-ok \
status-request-missing sign-verify-ext fallback-scsv \
pkcs8-key-decode urls dtls-rehandshake-cert key-usage-rsa \
@@ -5872,10 +5870,6 @@ privkey-verify-broken$(EXEEXT): $(privkey_verify_broken_OBJECTS) $(privkey_verif
@rm -f privkey-verify-broken$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS)
-psk-file$(EXEEXT): $(psk_file_OBJECTS) $(psk_file_DEPENDENCIES) $(EXTRA_psk_file_DEPENDENCIES)
- @rm -f psk-file$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(psk_file_OBJECTS) $(psk_file_LDADD) $(LIBS)
-
pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES)
@rm -f pskself$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS)
@@ -6862,7 +6856,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk-file.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker
@@ -8913,13 +8906,6 @@ prf.log: prf$(EXEEXT)
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
-psk-file.log: psk-file$(EXEEXT)
- @p='psk-file$(EXEEXT)'; \
- b='psk-file'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
priority-init2.log: priority-init2$(EXEEXT)
@p='priority-init2$(EXEEXT)'; \
b='priority-init2'; \
@@ -10883,7 +10869,6 @@ distclean: distclean-recursive
-rm -f ./$(DEPDIR)/priority-set2.Po
-rm -f ./$(DEPDIR)/privkey-keygen.Po
-rm -f ./$(DEPDIR)/privkey-verify-broken.Po
- -rm -f ./$(DEPDIR)/psk-file.Po
-rm -f ./$(DEPDIR)/pskself.Po
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
-rm -f ./$(DEPDIR)/random-art.Po
@@ -11318,7 +11303,6 @@ maintainer-clean: maintainer-clean-recursive
-rm -f ./$(DEPDIR)/priority-set2.Po
-rm -f ./$(DEPDIR)/privkey-keygen.Po
-rm -f ./$(DEPDIR)/privkey-verify-broken.Po
- -rm -f ./$(DEPDIR)/psk-file.Po
-rm -f ./$(DEPDIR)/pskself.Po
-rm -f ./$(DEPDIR)/pubkey-import-export.Po
-rm -f ./$(DEPDIR)/random-art.Po
++++++ gnutls-3.6.3.tar.xz -> gnutls-3.6.4.tar.xz ++++++
/work/SRC/openSUSE:Factory/gnutls/gnutls-3.6.3.tar.xz /work/SRC/openSUSE:Factory/.gnutls.new/gnutls-3.6.4.tar.xz differ: char 26, line 1