Revisions of gnutls
Dominique Leuenberger (dimstar_suse)
accepted
request 652451
from
Tomáš Chvátal (scarabeus_iv)
(revision 115)
Dominique Leuenberger (dimstar_suse)
accepted
request 642097
from
Tomáš Chvátal (scarabeus_iv)
(revision 114)
Dominique Leuenberger (dimstar_suse)
accepted
request 636363
from
Tomáš Chvátal (scarabeus_iv)
(revision 113)
Yuchen Lin (maxlin_factory)
accepted
request 631024
from
Tomáš Chvátal (scarabeus_iv)
(revision 112)
Dominique Leuenberger (dimstar_suse)
accepted
request 626682
from
Tomáš Chvátal (scarabeus_iv)
(revision 111)
Dominique Leuenberger (dimstar_suse)
accepted
request 591143
from
Marcus Meissner (msmeissn)
(revision 109)
Dominique Leuenberger (dimstar_suse)
accepted
request 587401
from
Marcus Meissner (msmeissn)
(revision 108)
- gnutls.keyring: Nikos key refreshed to be unexpired - GnuTLS 3.6.2: * libgnutls: When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data MTU calculation now, it correctly accounts for the fixed overhead due to padding (as 1 byte), while at the same time considers the rest of the padding as part of data MTU. * libgnutls: Address issue of loading of all PKCS#11 modules on startup on systems with a PKCS#11 trust store (as opposed to a file trust store). Introduced a multi-stage initialization which loads the trust modules, and other modules are deferred for the first pure PKCS#11 request. * libgnutls: The SRP authentication will reject any parameters outside RFC5054. This protects any client from potential MitM due to insecure parameters. That also brings SRP in par with the RFC7919 changes to Diffie-Hellman. * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters for SRP authentication. * libgnutls: Addressed issue in the accelerated code affecting interoperability with versions of nettle >= 3.4. * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by Vitezslav Cizek). * srptool: the --create-conf option no longer includes 1024-bit parameters. * p11tool: Fixed the deletion of objects in batch mode. - Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
Dominique Leuenberger (dimstar_suse)
accepted
request 580155
from
Marcus Meissner (msmeissn)
(revision 107)
Dominique Leuenberger (dimstar_suse)
accepted
request 574115
from
Dirk Mueller (dirkmueller)
(revision 106)
Dominique Leuenberger (dimstar_suse)
accepted
request 539293
from
Marcus Meissner (msmeissn)
(revision 105)
Dominique Leuenberger (dimstar_suse)
accepted
request 528289
from
Vítězslav Čížek (vitezslav_cizek)
(revision 104)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 523074
from
Marcus Meissner (msmeissn)
(revision 103)
- Buildrequire iproute2: the test suite calls /usr/bin/ss and as such we have to ensure to pull it in. (forwarded request 523062 from dimstar)
Dominique Leuenberger (dimstar_suse)
accepted
request 518750
from
Marcus Meissner (msmeissn)
(revision 102)
GnuTLS 3.5.15 (forwarded request 518746 from AndreasStieger)
Dominique Leuenberger (dimstar_suse)
accepted
request 502802
from
Marcus Meissner (msmeissn)
(revision 101)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 496936
from
Dominique Leuenberger (dimstar_suse)
(revision 100)
- skip trust-store tests to avoid build cycle with ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch (forwarded request 495815 from AndreasStieger)
Dominique Leuenberger (dimstar_suse)
accepted
request 493998
from
Marcus Meissner (msmeissn)
(revision 99)
GnuTLS 3.5.11 bsc#1038337 CVE-2017-7869 bsc#1034173 bsc#901857 (forwarded request 493933 from AndreasStieger)
Dominique Leuenberger (dimstar_suse)
accepted
request 492632
from
Marcus Meissner (msmeissn)
(revision 98)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 459188
from
Marcus Meissner (msmeissn)
(revision 97)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 449317
from
Marcus Meissner (msmeissn)
(revision 96)
- Version 3.5.8 (released 2016-01-09) * libgnutls: Ensure that multiple calls to the gnutls_set_priority_* functions will not leave the verification profiles field to an undefined state. The last call will take precedence. * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned by PKCS#8 decryption functions when an invalid key is provided. This addresses regression on decrypting certain PKCS#8 keys. * libgnutls: Introduced option to override the default priority string used by the library. The intention is to allow support of system-wide priority strings (as set with --with-system-priority-file). The configure option is --with-default-priority-string. * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption. This prevents crashes when decrypting malformed PKCS#8 keys. * libgnutls: Fix crash on the loading of malformed private keys with certain parameters set to zero. * libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. * libgnutls: Addressed memory leaks in client and server side error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks in X.509 certificate printing error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) - security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2
Displaying revisions 41 - 60 of 155