Hi, This is a pretty big update and one side effect that I wasn't be aware of when I looked at it: it dropps libgnutls-extra-devel, which provided the still often used name gnutls-devel. So several packages have a problem because they require the package directly or indirectly. E.g. nothing provides gnutls-devel needed by net6-devel nothing provides gnutls-devel needed by libopenvas-devel nothing provides gnutls-devel needed by claws-mail-devel nothing provides gnutls-devel needed by loudmouth-devel nothing provides gnutls-devel needed by libggz2-devel Greetings, Stephan -------- Original Message -------- Subject: commit gnutls for openSUSE:Factory Date: Mon, 21 May 2012 10:25:30 +0200 From: root@suse.de (h_root) To: opensuse-commit@opensuse.org Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2012-05-21 10:25:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gnutls", Maintainer is "GJHe@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2012-04-20 15:16:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2012-05-21 10:25:25.000000000 +0200 @@ -1,0 +2,369 @@ +Sun May 13 02:44:30 UTC 2012 - Nico.Laus.2001@gmx.de + +- Update to version 3.0.19: + + libgnutls: + - When decoding a PKCS #11 URL the pin-source field + is assumed to be a file that stores the pin. Based on patch + by David Smith. + - gnutls_record_check_pending() no longer + returns unprocessed data, and thus ensure the non-blocking + of the next call to gnutls_record_recv(). + - Added strict tests in Diffie-Hellman and + SRP key exchange public keys. + - in ECDSA and DSA TLS 1.2 authentication be less + strict in hash selection, and allow a stronger hash to + be used than the appropriate, to improve interoperability + with openssl. + + tests: + - Disabled floating point test, and corrections + in pkcs12 decoding tests. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.18: + + certtool: + - Avoid a Y2K38 bug when generating certificates. + Patch by Robert Millan. + + libgnutls: + - Make sure that GNUTLS_E_PREMATURE_TERMINATION + - is returned on premature termination (and added unit test). + - Fixes for W64 API. Patch by B. Scott Michel. + - Corrected VIA padlock detection for old + VIA processors. Reported by Kris Karas. + - Updated assembler files. + - Time in generated certificates is stored + as GeneralizedTime instead of UTCTime (which only stores + 2 digits of a year). + + minitasn1: + - Upgraded to libtasn1 version 2.13 (pre-release). + + API and ABI modifications: + - gnutls_x509_crt_set_private_key_usage_period: Added + - gnutls_x509_crt_get_private_key_usage_period: Added + - gnutls_x509_crq_set_private_key_usage_period: Added + - gnutls_x509_crq_get_private_key_usage_period: Added + - gnutls_session_get_random: Added +- Changes from version 3.0.17: + + command line apps: + - Always link with local libopts. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.16: + + minitasn1: + - Upgraded to libtasn1 version 2.12 (pre-release). + + libgnutls: + - Corrected SRP-RSA ciphersuites when used under TLS 1.2. + - included assembler files for MacOSX. + + p11tool: + - Small fixes in handling of the --private command + line option. + + certtool: + - The template option allows for setting the domain + component (DC) option of the distinguished name, and the ocsp_uri + as well as the ca_issuers_uri options. + + API and ABI modifications: + - gnutls_x509_crt_set_authority_info_access: Added +- Changes from version 3.0.15: + + test suite: + - Only run under valgrind in the development + system (the full git repository) + + command line apps: + - Link with local libopts if the installed is an old one. + + libgnutls: + - Eliminate double free during SRP + authentication. Reported by Peter Penzov. + - Corrections in record packet parsing. + Reported by Matthew Hall. + - Cryptodev updates and fixes. + - Corrected issue with select() that affected + FreeBSD. This prevented establishing DTLS sessions. + Reported by Andreas Metzler. + - Corrected rehandshake and resumption + operations in DTLS. Reported by Sean Buckheister. + - PKCS #11 objects that do not have ID + no longer crash listing. Reported by Sven Geggus. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.14: + + command line apps: + - Included libopts doesn't get installed by default. + + libgnutls: + - Eliminate double free on wrongly formatted + certificate list. Reported by Remi Gacogne. + - cryptodev code corrected, updated to account + for hashes and GCM mode. + Eliminated memory leak in PCKS #11 initialization. + Report and fix by Sam Varshavchik. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.13: + + gnutls-cli: + - added the --ocsp option which will verify + the peer's certificate with OCSP. + - added the --tofu and if specified, gnutls-cli + will use an ssh-style authentication method. + - if no --x509cafile is provided a default is + assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. + + ocsptool: + - Added --ask parameter, to verify a certificate's + status from an ocsp server. + + command line apps: + - Use gnu autogen (libopts) to parse command + line arguments and template files. + + tests: + - Added stress test for DTLS packet losses and + out-of-order receival. Contributed by Sean Buckheister. + + libgnutls: + - Several updates and corrections in the DTLS + DTLS lost packet handling and retransmission timeouts. + Report and patches by Sean Buckheister. + - Added new functions to easily allow the usage of + a trust on first use (SSH-style) authentication. + - SUITEB128 and SUITEB192 priority strings account + for the RFC6460 requirements. + - Added new security parameter GNUTLS_SEC_PARAM_LEGACY + to account for security level of 96-bits. + - In client side if server does not advertise any + known CAs and only a single certificate is set in the credentials, + sent that one. + - Added functions to parse authority key identifiers + when stored as a 'general name' and serial combo. + - Added function to force explicit reinitialization + of PKCS #11 modules. This is required on the child process after + a fork (if PKCS #11 functionality is desirable). + - Depend on p11-kit 0.11. + + API and ABI modifications: + - gnutls_dtls_get_timeout: Added + - gnutls_verify_stored_pubkey: Added + - gnutls_store_pubkey: Added + - gnutls_store_commitment: Added + - gnutls_x509_crt_get_authority_key_gn_serial: Added + - gnutls_x509_crl_get_authority_key_gn_serial: Added + - gnutls_pkcs11_reinit: Added + - gnutls_ecc_curve_list: Added + - gnutls_priority_certificate_type_list: Added + - gnutls_priority_sign_list: Added + - gnutls_priority_protocol_list: Added + - gnutls_priority_compression_list: Added + - gnutls_priority_ecc_curve_list: Added + - gnutls_tdb_init: Added + - gnutls_tdb_set_store_func: Added + - gnutls_tdb_set_store_commitment_func: Added + - gnutls_tdb_set_verify_func: Added + - gnutls_tdb_deinit: Added +- Changes from version 3.0.12: + + libgnutls: + - Added OCSP support. + There is a new header file gnutls/ocsp.h and a set of new functions + under the gnutls_ocsp namespace. Currently the functionality provided + is to parse and extract information from OCSP requests/responses, to + generate OCSP requests and to verify OCSP responses. See the manual + for more information. Run ./configure with --disable-ocsp to build + GnuTLS without OCSP support. + This work was sponsored by Smoothwall <http://smoothwall.net/>. + + ocsptool: + - Added new command line tool. + The tool can parse OCSP request/responses, generate OCSP requests and + verify OCSP responses. See the manual for more information. + + certtool: + - --outder option now works for private + and public keys as well. + + libgnutls: + - Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET + to warn when no or insufficient priorities were set. + - Corrected an alignment issue in ECDH + key generation which prevented some keys from being + correctly aligned in rare circumstances. + - Corrected memory leaks in DH parameter + generation and ecc_projective_check_point(). + - Added gnutls_x509_dn_oid_name() to + return a descriptive name of a DN OID. + + API and ABI modifications: + - gnutls_pubkey_encrypt_data: Added + - gnutls_x509_dn_oid_name: Added + - gnutls_session_resumption_requested: Added + - gnutls/ocsp.h: Added new header file. + - gnutls_ocsp_print_formats_t: Added new type. + - gnutls_ocsp_resp_status_t: Added new type. + - gnutls_ocsp_cert_status_t: Added new type. + - gnutls_x509_crl_reason_t: Added new type. + - gnutls_ocsp_req_add_cert: Added. + - gnutls_ocsp_req_add_cert_id: Added. + - gnutls_ocsp_req_deinit: Added. + - gnutls_ocsp_req_export: Added. + - gnutls_ocsp_req_get_cert_id: Added. + - gnutls_ocsp_req_get_extension: Added. + - gnutls_ocsp_req_get_nonce: Added. + - gnutls_ocsp_req_get_version: Added. + - gnutls_ocsp_req_import: Added. + - gnutls_ocsp_req_init: Added. ++++ 172 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/gnutls/gnutls.changes ++++ and /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes -- May your SO always know when you need a hug. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org