Overview
Request 670846 revoked
- search for guile-2.2 during configure, part of boo#1117121
add patches:
* gnutls-enbale-guile-2.2.patch: search for guile-2.2
refresh patches:
* disable-psk-file-test.patch: disable psk-file in Makefile.am
- Temporarily disable failing psk-file test (race condition)
* add disable-psk-file-test.patch
- Version update to 3.6.4 (bsc#1111757):
** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
gnutls_certificate_set_retrieve_function() which could not handle the case where
no certificates were returned, or the callbacks were set to NULL (see #528).
** libgnutls: gnutls_handshake() on server returns early on handshake when no
certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
is specified.
** libgnutls: Added session ticket key rotation on server side with TOTP.
The key set with gnutls_session_ticket_enable_server() is used as a
master key to generate time-based keys for tickets. The rotation
relates to the gnutls_db_set_cache_expiration() period.
** libgnutls: The 'record size limit' extension is added and preferred to the
'max record size' extension when possible.
** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
This addresses the problem where the CA certificate doesn't have a subject key
identifier whereas the end certificates have an authority key identifier (#569)
** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
and export GOST parameters in the "native" little endian format used for these
curves. This is an intentional incompatible change with 3.6.3.
** libgnutls: Added support for seperately negotiating client and server certificate types
as defined in RFC7250. This mechanism must be explicitly enabled via the
GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
- Drop upstreamed patch:
* gnutls-3.6.3-backport-upstream-fixes.patch
- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
test/Makefile.in as autoreconf does not work
- Backport of upstream fixes (boo#1108450)
* gnutls-3.6.3-backport-upstream-fixes.patch
Fixes taken from upstream commits:
** 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function")
** 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks")
** 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello")
The patch was taken from https://github.com/weechat/weechat/issues/1231
- Created by ecsos
- In state revoked
-
Open review for
repo-checker
- Open review for security:tls / gnutls
- Open review for openSUSE:Leap:15.1:Staging:C
Request History
ecsos created request
- search for guile-2.2 during configure, part of boo#1117121
add patches:
* gnutls-enbale-guile-2.2.patch: search for guile-2.2
refresh patches:
* disable-psk-file-test.patch: disable psk-file in Makefile.am
- Temporarily disable failing psk-file test (race condition)
* add disable-psk-file-test.patch
- Version update to 3.6.4 (bsc#1111757):
** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
gnutls_certificate_set_retrieve_function() which could not handle the case where
no certificates were returned, or the callbacks were set to NULL (see #528).
** libgnutls: gnutls_handshake() on server returns early on handshake when no
certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
is specified.
** libgnutls: Added session ticket key rotation on server side with TOTP.
The key set with gnutls_session_ticket_enable_server() is used as a
master key to generate time-based keys for tickets. The rotation
relates to the gnutls_db_set_cache_expiration() period.
** libgnutls: The 'record size limit' extension is added and preferred to the
'max record size' extension when possible.
** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
This addresses the problem where the CA certificate doesn't have a subject key
identifier whereas the end certificates have an authority key identifier (#569)
** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
and export GOST parameters in the "native" little endian format used for these
curves. This is an intentional incompatible change with 3.6.3.
** libgnutls: Added support for seperately negotiating client and server certificate types
as defined in RFC7250. This mechanism must be explicitly enabled via the
GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
- Drop upstreamed patch:
* gnutls-3.6.3-backport-upstream-fixes.patch
- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
test/Makefile.in as autoreconf does not work
- Backport of upstream fixes (boo#1108450)
* gnutls-3.6.3-backport-upstream-fixes.patch
Fixes taken from upstream commits:
** 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function")
** 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks")
** 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello")
The patch was taken from https://github.com/weechat/weechat/issues/1231
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
leaper added gnutls as a reviewer
submitter not devel maintainer
leaper added leap-reviewers as a reviewer
leaper accepted review
ok
scarabeus_iv declined request
and thisis also from sle
ecsos reopened request
Gnutls frim sle is < 3.6.3. and only gnutls >= supports tls 1.3. so dle version is to old.
staging-bot added openSUSE:Leap:15.1:Staging:C as a reviewer
Being evaluated by staging project "openSUSE:Leap:15.1:Staging:C"
staging-bot accepted review
Picked openSUSE:Leap:15.1:Staging:C
lnussel declined request
stop this or you will be blocked from submitting anything to leap
ecsos revoked request
Don't need to block me.
This was my last commit and work on 15.1
Your conduct is not suitable.
And this is not my understanding of respectful contact.
openSUSE:Factory/gnutls@115 -> openSUSE:Leap:15.1/gnutls
expected origin is 'SUSE:SLE-15:Update' (changed)
perfect. the submitted sources are in or accepted for Factory