Hello community, here is the log from the commit of package libisds for openSUSE:Factory checked in at 2019-05-24 11:32:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libisds (Old) and /work/SRC/openSUSE:Factory/.libisds.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libisds" Fri May 24 11:32:12 2019 rev:9 rq:704966 version:0.10.8 Changes: -------- --- /work/SRC/openSUSE:Factory/libisds/libisds.changes 2018-08-27 13:47:59.860435842 +0200 +++ /work/SRC/openSUSE:Factory/.libisds.new.5148/libisds.changes 2019-05-24 11:32:14.797392890 +0200 @@ -1,0 +2,10 @@ +Wed May 22 18:48:46 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> + +- Use the default GPGme library instead of OpenSSL [bsc#1135761] + +------------------------------------------------------------------- +Tue May 21 07:29:12 UTC 2019 - Jiri Slaby <jslaby@suse.com> + +- add fix-gnutls-3.6.4.patch (fixes build) + +------------------------------------------------------------------- New: ---- fix-gnutls-3.6.4.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libisds.spec ++++++ --- /var/tmp/diff_new_pack.EZOeeC/_old 2019-05-24 11:32:15.281392704 +0200 +++ /var/tmp/diff_new_pack.EZOeeC/_new 2019-05-24 11:32:15.285392703 +0200 @@ -1,7 +1,7 @@ # # spec file for package libisds # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -27,6 +27,7 @@ Source0: http://xpisar.wz.cz/%{name}/dist/%{name}-%{version}.tar.xz Source1: http://xpisar.wz.cz/%{name}/dist/%{name}-%{version}.tar.xz.asc Source2: %{name}.keyring +Patch0: fix-gnutls-3.6.4.patch BuildRequires: gpg2 BuildRequires: libgcrypt-devel BuildRequires: libgpgme-devel @@ -63,6 +64,7 @@ %prep %setup -q +%autopatch -p1 %build %configure \ @@ -70,7 +72,7 @@ --disable-static \ --enable-test \ --with-libcurl \ - --enable-openssl-backend + --disable-openssl-backend make %{?_smp_mflags} %check ++++++ fix-gnutls-3.6.4.patch ++++++ From: =?utf8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz> Date: Wed, 24 Apr 2019 04:32:09 +0200 Subject: [PATCH] Test: Accept IE_NETWORK error when client does not provide a correct certificate Git-commit: 5cc5b83788e229582bd048a630b3151a140f9437 Patch-mainline: yes After upgrading GnuTLS to 3.6.4, test/simline/certificate_user_password_authentication tests that exhibit a missing client's certificate and a bad client's certificate started to fail. That's because cURL returns a network error instead of a TLS error in that case when TLSv1.3 is used. This patch work arounds this cURL deficiency. See a similar GnuTLS bug report <https://gitlab.com/gnutls/gnutls/issues/615>. --- test/simline/certificate_user_password_authentication.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/simline/certificate_user_password_authentication.c b/test/simline/certificate_user_password_authentication.c index c0192ab..7789d7c 100644 --- a/test/simline/certificate_user_password_authentication.c +++ b/test/simline/certificate_user_password_authentication.c @@ -35,7 +35,11 @@ static int test_login(const isds_error error, struct isds_ctx *context, isds_error err; err = isds_login(context, url, username, password, pki_credentials, otp); - if (error != err) + /* If TLSv1.3 is used, cURL reports a network error instead of a security + * error if server refuses client's certificate (since GnuTLS 3.6.4). + * Maybe a <https://gitlab.com/gnutls/gnutls/issues/615>. As a workaround, + * accept IE_NETWORK if IE_SECURITY was expected. */ + if (error != err && (IE_SECURITY != error || IE_NETWORK != err)) FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)", isds_strerror(error), isds_strerror(err), isds_long_message(context)); -- 2.10.5.GIT