- Temporarily disable GNULIB's year2038 support for 64bit time_t
  by using the --disable-year2038 flag. This omits support for
  timestamps past the year 2038:
  * Fixes the public API on 32-bit architectures avoiding to
    change the size of time_t as it cannot be changed without
    breaking the ABI compatibility.
  * Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1466

- Update to 3.8.0: [bsc#1205763, bsc#1209627]
  * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
    exchange. Reported by Hubert Kario (#1050). Fix developed by
    Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
    [CVE-2023-0361]
  * libgnutls: C++ library is now header only. All definitions
    from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
    C++ interface have two options:
    1. include gnutlsxx.h in their application and link against
       the C library. (default)
    2. include gnutlsxx.h in their application, compile with
       GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
       against the C++ library.
  * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
    priority modifier have been added to allow disabling of the
    status_request TLS extension in the client side.
  * libgnutls: TLS heartbeat is disabled by default.
    The heartbeat extension in TLS (RFC 6520) is not widely used
    given other implementations dropped support for it. To enable
    back support for it, supply --enable-heartbeat-support to
    configure script.
  * libgnutls: SRP authentication is now disabled by default.

• Files Changed
• Browse Source