Revisions of gnutls
Ludwig Nussel (lnussel)
accepted
request 244206
from
Marcus Meissner (msmeissn)
(revision 75)
Upgrade to Version 3.2.16 (released 2014-07-23); delete files: gnutls-3.2.15.tar.xz, gnutls-3.2.15.tar.xz.sig, audit-improve.patch( already in upstream); Add files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig (forwarded request 243536 from citypw)
Stephan Kulow (coolo)
accepted
request 236129
from
Marcus Meissner (msmeissn)
(revision 74)
- Version 3.2.15 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730) ** libgnutls: Several memory leaks caused by error conditions were fixed. The leaks were identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** gnutls-cli: if dane is requested but not PKIX verification, then only do verify the end certificate. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. - Version 3.2.14 (released 2014-05-06) ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org.
Stephan Kulow (coolo)
accepted
request 233678
from
Marcus Meissner (msmeissn)
(revision 73)
- Improvement after code audit (audit-improve.patch) * Use unsigned type for encode() * tolerate NULL in strdup() Modify files: lib/gnutls_mem.c, lib/auth/srp_sb64.c
Stephan Kulow (coolo)
accepted
request 229559
from
Marcus Meissner (msmeissn)
(revision 72)
Upgrade to 3.2.13; Add files: gnutls-3.2.13.tar.xz, gnutls-3.2.13.tar.xz.sig; Delete files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig (forwarded request 229542 from shawn2012)
Stephan Kulow (coolo)
accepted
request 224736
from
Shawn Chang (shawn2012)
(revision 71)
Upgrade to 3.2.12.1; Delete files: CVE-2014-0092.patch( upstreamed), gnutls-3.2.11.tar.xz.sig, gnutls-3.2.11.tar.xz; Add files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig (forwarded request 224729 from shawn2012)
Stephan Kulow (coolo)
accepted
request 224392
from
Marcus Meissner (msmeissn)
(revision 70)
Fix bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 certificate verification; Add patch file: CVE-2014-0092.patch (forwarded request 224391 from shawn2012)
Stephan Kulow (coolo)
accepted
request 222335
from
Marcus Meissner (msmeissn)
(revision 69)
- Upgraded to 3.2.11 ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension. ** libgnutls: Reduced the TLS and DTLS version requirements for all ciphersuites that are not GCM. ** libgnutls: When two initial keywords are specified then treat the second as having the '+' modifier. ** libgnutls: When using a PKCS #11 module for verification ensure that it has been marked a trusted policy module in p11-kit. Moreover, when an empty (i.e., "pkcs11:") URL is specified, then try all trusted modules in the system for verification. http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate CA certificates. Reported and investigated by Suman Jana. CVE-2014-1959 / bnc#863989 ** certtool: Added the --ask-pass option. - gnutls-3.2.10-supported-ecc.patch: upstreamed - gnutls-fix-missing-ipv6.patch: upstreamed - Upgrade to 3.1.20 (released 2014-01-31) ** libgnutls: fixed null pointer derefence when printing a certificate DN and an LDAP description isn't present. ** libgnutls: gnutls_db_check_entry_time will correctly report the time; report and patch by Jonathan Roudiere. - Upgrade to 3.2.9 (released 2014-01-24) ** libgnutls: The %DUMBFW option in priority string only appends data to client hello if the expected size is in the "black hole" range. ** libgnutls: %COMPAT implies %DUMBFW. ** libgnutls: gnutls_session_get_desc() returns a more compact ciphersuite description.
Tomáš Chvátal (scarabeus_factory)
accepted
request 211992
from
Shawn Chang (shawn2012)
(revision 68)
Upgrade to GNUTLS-3.2.8 (forwarded request 211991 from shawn2012)
Stephan Kulow (coolo)
accepted
request 205686
from
Marcus Meissner (msmeissn)
(revision 67)
Upgrade to 3.2.6 (forwarded request 205591 from shawn2012)
Stephan Kulow (coolo)
accepted
request 205088
from
Marcus Meissner (msmeissn)
(revision 66)
- Upgrade to 3.2.5 ** libgnutls: Documentation and build-time fixes. ** libgnutls: Allow the generation of DH groups of less than 700 bits. ** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 as MAC, as well as Camellia with GCM. ** libdane: Added interfaces to allow initialization of dane_query_t from external DNS resolutions, and to allow direct verification of a certificate chain against a dane_query_t. Contributed by Christian Grothoff. ** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be triggered by a DNS server supplying more than 4 DANE records. Report and fix by Christian Grothoff. ** srptool: Fixed index command line option. Patch by Attila Molnar. ** gnutls-cli: Added support for inline commands, using the --inline-commands-prefix and --inline-commands options. Patch by Raj Raman. ** certtool: pathlen constraint is now read correctly. Reported by Christoph Seitz. ** API and ABI modifications: gnutls_certificate_get_crt_raw: Added dane_verify_crt_raw: Added dane_raw_tlsa: Added Add files: make-obs-happy-with-gnutls_3.2.5.patch, gnutls-3.2.5.tar.xz, gnutls-3.2.5.tar.xz.sig, gnutls-3.2.5-noecc.patch Delete files: gnutls-3.2.4.tar.xz, gnutls-3.2.4.tar.xz.sig, make-obs-happy-with-gnutls_3.2.4.patch, gnutls-3.2.4-noecc.patch
Adrian Schröter (adrianSuSE)
committed
(revision 65)
Split 13.1 from Factory
Stephan Kulow (coolo)
accepted
request 197201
from
Shawn Chang (shawn2012)
(revision 64)
- Don't run install-info on images (forwarded request 197168 from AndreasSchwab)
Stephan Kulow (coolo)
accepted
request 196854
from
Marcus Meissner (msmeissn)
(revision 63)
- buildrequire valgrind on the same arch list that valgrind builds (forwarded request 196834 from oertel)
Stephan Kulow (coolo)
accepted
request 185475
from
Marcus Meissner (msmeissn)
(revision 62)
- Updated to 3.2.3 ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler. ** libgnutls: Solve issue with received TLS packets that exceed 2^14. (this fixes a bug that was accidentally introduced in 3.2.2) ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be used by the library. ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by Alfredo Pironti. - Updated to 3.2.2 ** libgnutls: Several optimizations in the related to packet processing subsystems. ** libgnutls: DTLS replay detection can now be disabled (to be used in certain transport layers like SCTP). ** libgnutls: Fixes in SRTP extension generation when MKI is being used. ** libgnutls: Added ability to set hooks before or after sending or receiving any handshake message with gnutls_handshake_set_hook_function(). - gnutls-3.2.3-noecc.patch: updated to disable ECC. - automake-1.12.patch: upstream, dropped - gnutls-32bit.patch: upstream, dropped - gnutls-3.2.1-pkcs11.diff: upstream, dropped
Stephan Kulow (coolo)
accepted
request 184447
from
Marcus Meissner (msmeissn)
(revision 61)
- revert to using certificate directory again until gnutls understands the trust bits in pkcs11. Otherwise it would use blacklisted certificates. (forwarded request 184442 from lnussel)
Stephan Kulow (coolo)
accepted
request 182656
from
Dirk Mueller (dirkmueller)
(revision 60)
- Override broken configure checks (forwarded request 182594 from Andreas_Schwab)
Stephan Kulow (coolo)
accepted
request 182304
from
Marcus Meissner (msmeissn)
(revision 59)
- use pkcs11 interface to fetch the system's CA certificates (fate#314991). Add patch gnutls-3.2.1-pkcs11.diff to fix doing that, obsoletes gnutls-implement-trust-store-dir.diff. (forwarded request 182303 from lnussel)
Stephan Kulow (coolo)
accepted
request 181378
from
Marcus Meissner (msmeissn)
(revision 58)
- Disable all ECC algorithms. - gnutls-32bit.patch: upstream patch to make test work with 32bit time_t. - gnutls-implement-trust-store-dir.diff currently not yet forward ported. - Updated to GnuTLS 3.2.1 ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: Corrected issue when receiving client hello verify requests in DTLS. ** libgnutls: Fixes in DTLS record overhead size calculations. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. - Updated to GnuTLS 3.2.0 ** libgnutls: Use nettle's elliptic curve implementation. ** libgnutls: Added Salsa20 cipher ** libgnutls: Added UMAC-96 and UMAC-128 ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. As they are not standardized they are defined using private ciphersuite numbers. ** libgnutls: Added support for DTLS 1.2. ** libgnutls: Added support for the Application Layer Protocol Negotiation (ALPN) extension. ** libgnutls: Removed support for the RSA-EXPORT ciphersuites. ** libgnutls: Avoid linking to librt (that also avoids unnecessary linking to pthreads if p11-kit isn't used). - Updated to GnuTLS 3.1.10 (released 2013-03-22) ** certtool: When generating PKCS #12 files use by default the ARCFOUR (RC4) cipher to be compatible with devices that don't
Stephan Kulow (coolo)
accepted
request 173482
from
Stephan Kulow (coolo)
(revision 57)
- Added makeinfo BuildRequire to fix build with new automake (forwarded request 173444 from m_meister)
Stephan Kulow (coolo)
accepted
request 151314
from
Marcus Meissner (msmeissn)
(revision 56)
- Updated to GnuTLS 3.0.28 - libgnutls: Fixes in server side of DTLS-0.9. - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD ciphers (i.e., AES-GCM). - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. bnc#802184 - libgnutls: DN variable 'T' was expanded to 'title'. - Updated to GnuTLS 3.0.27 - libgnutls: Fixed record padding parsing issue. - libgnutls: Stricter RSA PKCS #1 1.5 encoding. - libgnutls-guile: Fixed parallel compilation issue. - API and ABI modifications: No changes since last version.
Displaying revisions 81 - 100 of 155