Upgrade to Version 3.2.16 (released 2014-07-23); delete files: gnutls-3.2.15.tar.xz, gnutls-3.2.15.tar.xz.sig, audit-improve.patch( already in upstream); Add files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig (forwarded request 243536 from citypw)

• Files Changed
• Browse Source

- Version 3.2.15 (released 2014-05-30)
  
  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
  ** libgnutls: Several memory leaks caused by error conditions were
  fixed. The leaks were identified using valgrind and the Codenomicon
  TLS test suite.
  ** libgnutls: Increased the maximum certificate size buffer
  in the PKCS #11 subsystem.
  ** libgnutls: Check the return code of getpwuid_r() instead of relying
  on the result value. That avoids issue in certain systems, when using
  tofu authentication and the home path cannot be determined. Issue reported
  by Viktor Dukhovni.
  ** gnutls-cli: if dane is requested but not PKIX verification, then
  only do verify the end certificate.
  ** ocsptool: Include path in ocsp request. This resolves #108582
  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
  ** libgnutls: Fixed issue with the check of incoming data when two
  different recv and send pointers have been specified. Reported and
  investigated by JMRecio.
  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
  result to illegal memory access if a server hint was provided.
  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
  server hint was provided.
  ** libgnutls: Several small bug fixes identified using valgrind and
  the Codenomicon TLS test suite.
  ** libgnutls: Several small bug fixes found by coverity.
  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
  entry that matches the certificate. Patch by simon [at] arlott.org.

• Files Changed
• Browse Source

- Improvement after code audit (audit-improve.patch)
  * Use unsigned type for encode()
  * tolerate NULL in strdup()
  Modify files: lib/gnutls_mem.c, lib/auth/srp_sb64.c

• Files Changed
• Browse Source

Upgrade to 3.2.13; Add files: gnutls-3.2.13.tar.xz, gnutls-3.2.13.tar.xz.sig; Delete files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig (forwarded request 229542 from shawn2012)

• Files Changed
• Browse Source

Upgrade to 3.2.12.1; Delete files: CVE-2014-0092.patch( upstreamed), gnutls-3.2.11.tar.xz.sig, gnutls-3.2.11.tar.xz; Add files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig (forwarded request 224729 from shawn2012)

• Files Changed
• Browse Source

Fix bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 certificate verification; Add patch file: CVE-2014-0092.patch (forwarded request 224391 from shawn2012)

• Files Changed
• Browse Source

- Upgraded to 3.2.11
  ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
  ** libgnutls: Reduced the TLS and DTLS version requirements for all
     ciphersuites that are not GCM.
  ** libgnutls: When two initial keywords are specified then treat the
     second as having the '+' modifier.
  ** libgnutls:  When using a PKCS #11 module for verification ensure that
     it has been marked a trusted policy module in p11-kit. Moreover, when an
     empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
     in the system for verification.
     http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
  ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
     CA certificates. Reported and investigated by Suman Jana.
     CVE-2014-1959 / bnc#863989
  ** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed

- Upgrade to 3.1.20 (released 2014-01-31)
  ** libgnutls: fixed null pointer derefence when printing a certificate
     DN and an LDAP description isn't present.
  ** libgnutls: gnutls_db_check_entry_time will correctly report the time;
     report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
  ** libgnutls: The %DUMBFW option in priority string only
     appends data to client hello if the expected size is in the
     "black hole" range.
  ** libgnutls: %COMPAT implies %DUMBFW.
  ** libgnutls: gnutls_session_get_desc() returns a more compact
     ciphersuite description.

• Files Changed
• Browse Source

Upgrade to GNUTLS-3.2.8 (forwarded request 211991 from shawn2012)

• Files Changed
• Browse Source

Upgrade to 3.2.6 (forwarded request 205591 from shawn2012)

• Files Changed
• Browse Source

- Upgrade to 3.2.5
** libgnutls: Documentation and build-time fixes.
** libgnutls: Allow the generation of DH groups of less than 700 bits.
** libgnutls: Added several combinations of ciphersuites with SHA256 and
SHA384 as MAC, as well as Camellia with GCM.
** libdane: Added interfaces to allow initialization of dane_query_t
from external DNS resolutions, and to allow direct verification of a
certificate chain against a dane_query_t. Contributed by Christian Grothoff.
** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
triggered by a DNS server supplying more than 4 DANE records. Report and
fix by Christian Grothoff.
** srptool: Fixed index command line option. Patch by Attila Molnar.
** gnutls-cli: Added support for inline commands, using the
--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.	
** certtool: pathlen constraint is now read correctly. Reported by
Christoph Seitz.
** API and ABI modifications:
gnutls_certificate_get_crt_raw: Added
dane_verify_crt_raw: Added
dane_raw_tlsa: Added 
Add files: make-obs-happy-with-gnutls_3.2.5.patch, gnutls-3.2.5.tar.xz,
gnutls-3.2.5.tar.xz.sig, gnutls-3.2.5-noecc.patch
Delete files: gnutls-3.2.4.tar.xz, gnutls-3.2.4.tar.xz.sig, 
make-obs-happy-with-gnutls_3.2.4.patch, gnutls-3.2.4-noecc.patch

• Files Changed
• Browse Source

Split 13.1 from Factory

• Files Changed
• Browse Source

- Don't run install-info on images (forwarded request 197168 from AndreasSchwab)

• Files Changed
• Browse Source

- buildrequire valgrind on the same arch list that valgrind builds (forwarded request 196834 from oertel)

• Files Changed
• Browse Source

- Updated to 3.2.3
  ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan
     Buehler.
  ** libgnutls: Solve issue with received TLS packets that exceed 2^14.
     (this fixes a bug that was accidentally introduced in 3.2.2)
  ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly
     be used by the library.
  ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial
     fix by Alfredo Pironti.
- Updated to 3.2.2
  ** libgnutls: Several optimizations in the related to packet processing
     subsystems.
  ** libgnutls: DTLS replay detection can now be disabled (to be used
     in certain transport layers like SCTP).
  ** libgnutls: Fixes in SRTP extension generation when MKI is being used.
  ** libgnutls: Added ability to set hooks before or
     after sending or receiving any handshake message with
     gnutls_handshake_set_hook_function().
- gnutls-3.2.3-noecc.patch: updated to disable ECC.
- automake-1.12.patch: upstream, dropped
- gnutls-32bit.patch: upstream, dropped
- gnutls-3.2.1-pkcs11.diff: upstream, dropped

• Files Changed
• Browse Source

- revert to using certificate directory again until gnutls
  understands the trust bits in pkcs11. Otherwise it would use
  blacklisted certificates. (forwarded request 184442 from lnussel)

• Files Changed
• Browse Source

- Override broken configure checks (forwarded request 182594 from Andreas_Schwab)

• Files Changed
• Browse Source

- use pkcs11 interface to fetch the system's CA certificates
  (fate#314991). Add patch gnutls-3.2.1-pkcs11.diff to fix doing
  that, obsoletes gnutls-implement-trust-store-dir.diff. (forwarded request 182303 from lnussel)

• Files Changed
• Browse Source

- Disable all ECC algorithms.
- gnutls-32bit.patch: upstream patch to make test
  work with 32bit time_t.
- gnutls-implement-trust-store-dir.diff
  currently not yet forward ported.
- Updated to GnuTLS 3.2.1
  ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
     openssl versions.
  ** libgnutls: Fixes in interrupted function resumption. Report
     and patch by Tim Kosse.
  ** libgnutls: Corrected issue when receiving client hello verify
     requests in DTLS.
  ** libgnutls: Fixes in DTLS record overhead size calculations.
  ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by
     Mann Ern Kang.
- Updated to GnuTLS 3.2.0
  ** libgnutls: Use nettle's elliptic curve implementation.
  ** libgnutls: Added Salsa20 cipher
  ** libgnutls: Added UMAC-96 and UMAC-128
  ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
     As they are not standardized they are defined using private ciphersuite numbers.
  ** libgnutls: Added support for DTLS 1.2.
  ** libgnutls: Added support for the Application Layer Protocol
     Negotiation (ALPN) extension.
  ** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
  ** libgnutls: Avoid linking to librt (that also avoids unnecessary
     linking to pthreads if p11-kit isn't used).
- Updated to GnuTLS 3.1.10 (released 2013-03-22)
  ** certtool: When generating PKCS #12 files use by default the 
  ARCFOUR (RC4) cipher to be compatible with devices that don't

• Files Changed
• Browse Source

- Added makeinfo BuildRequire to fix build with new automake (forwarded request 173444 from m_meister)

• Files Changed
• Browse Source

- Updated to GnuTLS 3.0.28
  - libgnutls: Fixes in server side of DTLS-0.9.
  - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
    ciphers (i.e., AES-GCM).
  - libgnutls: Fixes in record padding parsing to prevent a timing
    attack. Issue reported by Kenny Patterson and Nadhem Alfardan.
    bnc#802184 
  - libgnutls: DN variable 'T' was expanded to 'title'.

- Updated to GnuTLS 3.0.27
  - libgnutls: Fixed record padding parsing issue.
  - libgnutls: Stricter RSA PKCS #1 1.5 encoding.
  - libgnutls-guile: Fixed parallel compilation issue.
  - API and ABI modifications: No changes since last version.

• Files Changed
• Browse Source