From 7388dd788a25cfe8ea766412a726d93aa044d9a5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 25 Oct 2013 17:38:35 +0200 Subject: [PATCH] new upstream release - fixes CVE-2013-4466 buffer overflow in handling DANE entries --- .gitignore | 1 + gnutls.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2bed46e..109acdc 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ gnutls-2.10.1-nosrp.tar.bz2 /gnutls-3.1.11-hobbled.tar.xz /gnutls-3.1.13-hobbled.tar.xz /gnutls-3.1.13-hobbled-el.tar.xz +/gnutls-3.1.15-hobbled.tar.xz diff --git a/gnutls.spec b/gnutls.spec index ceb9e0d..d4d61d3 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -2,8 +2,8 @@ %bcond_with guile Summary: A TLS protocol implementation Name: gnutls -Version: 3.1.13 -Release: 3%{?dist} +Version: 3.1.15 +Release: 1%{?dist} # The libraries are LGPLv2.1+, utilities are GPLv3+, however # the bundled gnulib is LGPLv3+ License: GPLv3+ and LGPLv2+ and LGPLv3+ @@ -22,7 +22,7 @@ URL: http://www.gnutls.org/ #Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz #Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig # XXX patent tainted code removed. -Source0: %{name}-%{version}-hobbled-el.tar.xz +Source0: %{name}-%{version}-hobbled.tar.xz Source1: libgnutls-config Source2: hobble-gnutls Source3: ecc.c @@ -257,6 +257,10 @@ fi %endif %changelog +* Fri Oct 25 2013 Tomáš Mráz 3.1.15-1 +- new upstream release +- fixes CVE-2013-4466 buffer overflow in handling DANE entries + * Wed Oct 16 2013 Tomáš Mráz 3.1.13-3 - enable ECC NIST Suite B curves diff --git a/sources b/sources index 0e3c477..0a2aabc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -17d3ed05939acbe443bf22a0d5998e63 gnutls-3.1.13-hobbled-el.tar.xz +bdbdbbf42f97bc8fd72d83ab44a62fbd gnutls-3.1.15-hobbled.tar.xz