Revisions of gnutls
Ludwig Nussel (lnussel_factory)
accepted
request 447177
from
Marcus Meissner (msmeissn)
(revision 95)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 433003
from
Marcus Meissner (msmeissn)
(revision 94)
update to 3.4.15 (forwarded request 432668 from ecsos)
Dominique Leuenberger (dimstar_suse)
accepted
request 407873
from
Dirk Mueller (dirkmueller)
(revision 93)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 405821
from
Marcus Meissner (msmeissn)
(revision 92)
- Fix a problem with expired test certificate by using datefudge (boo#987139) * add 0001-tests-use-datefudge-in-name-constraints-test.patch (forwarded request 405618 from vitezslav_cizek)
Dominique Leuenberger (dimstar_suse)
accepted
request 391813
from
Vítězslav Čížek (vitezslav_cizek)
(revision 91)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 387555
from
Marcus Meissner (msmeissn)
(revision 90)
- Updated to 3.4.11
* Version 3.4.11 (released 2016-04-11)
** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS.
Reported by Fridolin Pokorny.
** libgnutls: Fixes in DSA key generation under PKCS #11. Report and
patches by Jan Vcelak.
** libgnutls: Corrected behavior of ALPN extension parsing during
session resumption. Report and patches by Yuriy M. Kaminskiy.
** libgnutls: Corrected regression (since 3.4.0) in
gnutls_server_name_set() which caused it not to accept non-null-
terminated hostnames. Reported by Tim Ruehsen.
** libgnutls: Corrected printing of the IP Adress name constraints.
** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
serving chunk encoding which ocsptool doesn't support. Reported by
Thomas Klute.
** certtool: do not require a CA for OCSP signing tag. This follows the
recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate
OCSP signing to another certificate without requiring it to be a CA.
Reported by Thomas Klute.
* Version 3.4.10 (released 2016-03-03)
** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
to be used with hashing functions.
** libgnutls: Corrected leaks and other issues in
gnutls_x509_crt_list_import().
** libgnutls: Fixes in DSA key handling for PKCS #11. Report and
patches by Jan Vcelak.
** libgnutls: Several fixes to prevent relying on undefined behavior
of C (found with libubsan).
* Version 3.4.9 (released 2016-02-03)
** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would
Dominique Leuenberger (dimstar_suse)
accepted
request 360180
from
Marcus Meissner (msmeissn)
(revision 89)
- follow the work in the unbound package and use the libunbound-devel symbol for the buildrequires. we override it for the distro build with libunbound-devel-mini to avoid build loops. (forwarded request 360179 from darix)
Dominique Leuenberger (dimstar_suse)
accepted
request 354655
from
Marcus Meissner (msmeissn)
(revision 88)
- Update to 3.4.8
All changes since 3.4.4:
* libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey()
when used with PKCS #11 keys.
* libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
their public keys from either a public key object or a certificate.
That is, because private keys do not contain all the required
parameters for a direct import.
* libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
tokens.
* libgnutls: Fixed out-of-bounds read in
gnutls_x509_ext_export_key_usage()
* libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to
conform to draft-ietf-tls-chacha20-poly1305-02.
* libgnutls: Several fixes in PKCS #7 signing which improve
compatibility with the MacOSX tools.
* libgnutls: The max-record extension not negotiated on DTLS. This
resolves issue with the max-record being negotiated but ignored.
* certtool: Added the --p7-include-cert and --p7-show-data options.
* libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
ciphersuites. This solves an interoperability issue with openssl.
* libgnutls: Corrected the setting of salt size in
gnutls_pkcs12_mac_info().
* libgnutls: On a rehandshake allow switching from anonymous to ECDHE
and DHE ciphersuites.
* libgnutls: Corrected regression from 3.3.x which prevented
ARCFOUR128 from using arbitrary key sizes.
* libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs
skipping the implicit global initialization.
* gnutls.pc: Don't include libtool specific options to link flags. (forwarded request 354652 from namtrac)
Stephan Kulow (coolo)
accepted
request 324612
from
Vítězslav Čížek (vitezslav_cizek)
(revision 87)
1
Stephan Kulow (coolo)
accepted
request 306733
from
Factory Maintainer (factory-maintainer)
(revision 86)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 305469
from
Marcus Meissner (msmeissn)
(revision 85)
- Updated to 3.4.1 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. ** libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690 ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. ** certtool: It can generate SHA256 key IDs. ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added - gnutls-fix-double-mans.patch: fixed upstream
Stephan Kulow (coolo)
accepted
request 304179
from
Marcus Meissner (msmeissn)
(revision 84)
- Disable buggy valgrind on armv7l (forwarded request 304053 from AndreasSchwab)
Dominique Leuenberger (dimstar_suse)
accepted
request 295655
from
Marcus Meissner (msmeissn)
(revision 83)
- updated to 3.4.0 (released 2015-04-08) ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". ** libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. ** libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). ** libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". ** libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. ** libgnutls: The priority string EXPORT was completely removed. The string
Dominique Leuenberger (dimstar_suse)
accepted
request 294011
from
Marcus Meissner (msmeissn)
(revision 82)
- updated to 3.3.13 (released 2015-03-30) ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. ** libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. ** libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). ** libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. ** libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2
Dominique Leuenberger (dimstar_suse)
accepted
request 293173
from
Marcus Meissner (msmeissn)
(revision 81)
some tweaks for your perusal (forwarded request 293171 from AndreasStieger)
Dominique Leuenberger (dimstar_suse)
accepted
request 266910
from
Marcus Meissner (msmeissn)
(revision 80)
- build with PIE for commandline tools
- Updated to 3.2.21 (released 2014-12-11)
- libgnutls: Corrected regression introduced in 3.2.19 related to
session renegotiation. Reported by Dan Winship.
- libgnutls: Corrected parsing issue with OCSP responses. (forwarded request 266909 from msmeissn)
Dominique Leuenberger (dimstar_suse)
accepted
request 262808
from
Marcus Meissner (msmeissn)
(revision 79)
- Updated to 3.2.20 (released 2014-11-10)
** libgnutls: Removed superfluous random generator refresh on every
call of gnutls_deinit(). That reduces load and usage of /dev/urandom.
** libgnutls: Corrected issue in export of ECC parameters to X9.63
format. Reported by Sean Burford [GNUTLS-SA-2014-5].
(CVE-2014-8564 bnc#904603)
- Updated to 3.2.19 (released 2014-10-13)
** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.
** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.
** libgnutls: fix issue in DTLS retransmission when session tickets were
in use; reported by Manuel Pégourié-Gonnard.
** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
** guile: new 'set-session-server-name!' procedure; see the manual
for details.
Stephan Kulow (coolo)
accepted
request 251823
from
Marcus Meissner (msmeissn)
(revision 78)
Upgrade to GnuTLS 3.2.18; Delete files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig; Add files: gnutls-3.2.18.tar.xz, gnutls-3.2.18.tar.xz.sig (forwarded request 251822 from citypw)
Stephan Kulow (coolo)
accepted
request 247074
from
Marcus Meissner (msmeissn)
(revision 77)
Upgrade to Version 3.2.17 (released 2014-08-24); Delete files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig; Add files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig (forwarded request 246980 from citypw)
Displaying revisions 61 - 80 of 155
