Overview Repositories Revisions Requests Users Attributes Meta

Revisions of gnutls

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 587401 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 108) 
- gnutls.keyring: Nikos key refreshed to be unexpired

- GnuTLS 3.6.2:
  * libgnutls: When verifying against a self signed certificate ignore issuer.
    That is, ignore issuer when checking the issuer's parameters strength,
    resolving issue #347 which caused self signed certificates to be
    additionally marked as of insufficient security level.
  * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
    MTU calculation now, it correctly accounts for the fixed overhead due to
    padding (as 1 byte), while at the same time considers the rest of the
    padding as part of data MTU.
  * libgnutls: Address issue of loading of all PKCS#11 modules on startup
    on systems with a PKCS#11 trust store (as opposed to a file trust store).
    Introduced a multi-stage initialization which loads the trust modules, and
    other modules are deferred for the first pure PKCS#11 request.
  * libgnutls: The SRP authentication will reject any parameters outside
    RFC5054. This protects any client from potential MitM due to insecure
    parameters. That also brings SRP in par with the RFC7919 changes to
    Diffie-Hellman.
  * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
    for SRP authentication.
  * libgnutls: Addressed issue in the accelerated code affecting
    interoperability with versions of nettle >= 3.4.
  * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
  * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
    Vitezslav Cizek).
  * srptool: the --create-conf option no longer includes 1024-bit parameters.
  * p11tool: Fixed the deletion of objects in batch mode.
- Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 523074 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 103) 
- Buildrequire iproute2: the test suite calls /usr/bin/ss and as
  such we have to ensure to pull it in. (forwarded request 523062 from dimstar)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 518750 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 102) 
GnuTLS 3.5.15 (forwarded request 518746 from AndreasStieger)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 496936 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) (revision 100) 
- skip trust-store tests to avoid build cycle with
  ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch (forwarded request 495815 from AndreasStieger)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 493998 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 99) 
GnuTLS 3.5.11
bsc#1038337
CVE-2017-7869 bsc#1034173
bsc#901857 (forwarded request 493933 from AndreasStieger)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 449317 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 96) 
- Version 3.5.8 (released 2016-01-09)
  * libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
    functions will not leave the verification profiles field to an
    undefined state. The last call will take precedence.
  * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
    by PKCS#8 decryption functions when an invalid key is provided. This
    addresses regression on decrypting certain PKCS#8 keys.
  * libgnutls: Introduced option to override the default priority string
    used by the library. The intention is to allow support of system-wide
    priority strings (as set with --with-system-priority-file). The
    configure option is --with-default-priority-string.
  * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
    This prevents crashes when decrypting malformed PKCS#8 keys.
  * libgnutls: Fix crash on the loading of malformed private keys with certain
    parameters set to zero.
  * libgnutls: Fix double free in certificate information printing. If the PKIX
    extension proxy was set with a policy language set but no policy specified,
    that could lead to a double free.
  * libgnutls: Addressed memory leaks in client and server side error paths
    (issues found using oss-fuzz project)
  * libgnutls: Addressed memory leaks in X.509 certificate printing error paths
    (issues found using oss-fuzz project)
  * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
    parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
  * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
    (issues found using oss-fuzz project)
- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2
Displaying revisions 41 - 60 of 155
openSUSE Build Service is sponsored by
Places