pool/gnutls
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 236129 from Base:System

Browse Source 
- Version 3.2.15 (released 2014-05-30)
  
  ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
  Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
  ** libgnutls: Several memory leaks caused by error conditions were
  fixed. The leaks were identified using valgrind and the Codenomicon
  TLS test suite.
  ** libgnutls: Increased the maximum certificate size buffer
  in the PKCS #11 subsystem.
  ** libgnutls: Check the return code of getpwuid_r() instead of relying
  on the result value. That avoids issue in certain systems, when using
  tofu authentication and the home path cannot be determined. Issue reported
  by Viktor Dukhovni.
  ** gnutls-cli: if dane is requested but not PKIX verification, then
  only do verify the end certificate.
  ** ocsptool: Include path in ocsp request. This resolves #108582
  (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
  ** libgnutls: Fixed issue with the check of incoming data when two
  different recv and send pointers have been specified. Reported and
  investigated by JMRecio.
  ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would 
  result to illegal memory access if a server hint was provided.
  ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
  server hint was provided.
  ** libgnutls: Several small bug fixes identified using valgrind and
  the Codenomicon TLS test suite.
  ** libgnutls: Several small bug fixes found by coverity.
  ** libgnutls-dane: Accept a certificate using DANE if there is at least one 
  entry that matches the certificate. Patch by simon [at] arlott.org.

OBS-URL: https://build.opensuse.org/request/show/236129
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=74
This commit is contained in:
Stephan Kulow 2014-06-06 12:36:14 +00:00 committed by Git OBS Bridge
parent 46f6ba47ef
commit b0904801b3
6 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls-3.2.13.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e83676218ba80c4d577d7027b5b087692280347a9b06f90a452403ba70faa604
size 5133400

BIN
gnutls-3.2.13.tar.xz.sig
View File

Binary file not shown.

3
gnutls-3.2.15.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:30bdc7b34b220258f714602cdf0afa1abf0883bf926f35f400c88b1c72ca77b9
size 5140200

BIN
gnutls-3.2.15.tar.xz.sig Normal file
View File

Binary file not shown.

39
gnutls.changes
View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Tue Jun 3 07:48:04 UTC 2014 - meissner@suse.com
- Version 3.2.15 (released 2014-05-30)
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
** libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.
** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
** gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.
** ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
** libgnutls: Several small bug fixes found by coverity.
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
** configure: Added --with-nettle-mini option, which allows linking
with a libnettle that contains gmp.
** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 25 14:08:46 UTC 2014 - citypw@gmail.com Fri Apr 25 14:08:46 UTC 2014 - citypw@gmail.com

2
gnutls.spec
View File

@ -21,7 +21,7 @@
%define gnutls_ossl_sover 27 %define gnutls_ossl_sover 27
Name: gnutls Name: gnutls
Version: 3.2.13 Version: 3.2.15
Release: 0 Release: 0
Summary: The GNU Transport Layer Security Library Summary: The GNU Transport Layer Security Library
License: LGPL-2.1+ and GPL-3.0+ License: LGPL-2.1+ and GPL-3.0+