- Upgraded to 3.2.11
  ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
  ** libgnutls: Reduced the TLS and DTLS version requirements for all
     ciphersuites that are not GCM.
  ** libgnutls: When two initial keywords are specified then treat the
     second as having the '+' modifier.
  ** libgnutls:  When using a PKCS #11 module for verification ensure that
     it has been marked a trusted policy module in p11-kit. Moreover, when an
     empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
     in the system for verification.
     http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
  ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
     CA certificates. Reported and investigated by Suman Jana.
     CVE-2014-1959 / bnc#863989
  ** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed

- Upgrade to 3.1.20 (released 2014-01-31)
  ** libgnutls: fixed null pointer derefence when printing a certificate
     DN and an LDAP description isn't present.
  ** libgnutls: gnutls_db_check_entry_time will correctly report the time;
     report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
  ** libgnutls: The %DUMBFW option in priority string only
     appends data to client hello if the expected size is in the
     "black hole" range.
  ** libgnutls: %COMPAT implies %DUMBFW.
  ** libgnutls: gnutls_session_get_desc() returns a more compact
     ciphersuite description.

• Files Changed
• Browse Source