- Build with leancrypto. The liboqs support for post-quantum
cryptography (PQC) has been removed and is only provided through
leancrypto.
- Update to 3.8.10:
* libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
[bsc#1246299, CVE-2025-6395]
* libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
Spotted by oss-fuzz and reported by OpenAI Security Research Team,
and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
CVSS: medium] [bsc#1246233, CVE-2025-32989]
* libgnutls: Fix double-free upon error when exporting otherName in SAN
Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
CVSS: low] [bsc#1246232, CVE-2025-32988]
* certtool: Fix 1-byte write buffer overrun when parsing template
Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
CVSS: low] [bsc#1246267, CVE-2025-32990]
* libgnutls: PKCS#11 modules can now be used to override the default
cryptographic backend. Use the [provider] section in the system-wide config
to specify path and pin to the module (see system-wide config Documentation).
* libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update
support. The library running on the aforementioned version now utilizes the
kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
TLS session. The --enable-ktls configure option as well as the system-wide
kTLS configuration(see GnuTLS Documentation) are still required to enable
this feature.
* libgnutls: liboqs support for PQC has been removed
For maintenance purposes, support for post-quantum cryptography
(PQC) is now only provided through leancrypto. The experimental key
OBS-URL: https://build.opensuse.org/request/show/1297470
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=164
* libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
[bsc#1246299, CVE-2025-6395]
* libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
Spotted by oss-fuzz and reported by OpenAI Security Research Team,
and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
CVSS: medium] [bsc#1246233, CVE-2025-32989]
* libgnutls: Fix double-free upon error when exporting otherName in SAN
Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
CVSS: low] [bsc#1246232, CVE-2025-32988]
* certtool: Fix 1-byte write buffer overrun when parsing template
Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
CVSS: low] [bsc#1246267, CVE-2025-32990]
* libgnutls: PKCS#11 modules can now be used to override the default
cryptographic backend. Use the [provider] section in the system-wide config
to specify path and pin to the module (see system-wide config Documentation).
* libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update
support. The library running on the aforementioned version now utilizes the
kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
TLS session. The --enable-ktls configure option as well as the system-wide
kTLS configuration(see GnuTLS Documentation) are still required to enable
this feature.
* libgnutls: liboqs support for PQC has been removed
For maintenance purposes, support for post-quantum cryptography
(PQC) is now only provided through leancrypto. The experimental key
exchange algorithm, X25519Kyber768Draft00, which is based on the
round 3 candidate of Kyber and only supported through liboqs has
also been removed altogether.
* libgnutls: TLS certificate compression methods can now be set with
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=129
* Add gnutls-FIPS-disable-mac-sha1.patch
- bsc#1237101, FIPS selfcheck fails on tumbleweed
* Match dependent library names ( nettle, gmp, hogweed ) even when they include full verison in soname
* Add gnutls-fips-sonames-check.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=122
- libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
- libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
- libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
- libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243
- Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2
* Rebased gnutls-FIPS-140-3-references.patch
* Rebased gnutls-FIPS-TLS_KDF_selftest.patch
* Rebased gnutls-FIPS-jitterentropy.patch
* Rebased gnutls-disable-flaky-test-dtls-resume.patch
* Rebased gnutls-srp-test-SIGPIPE.patch
* Rebased gnutls-3.5.11-skip-trust-store-tests.patch
* Add gnutls-set-cligen-python-interp.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=119
- libgnutls: Experimental support for X25519MLKEM768 and
SecP256r1MLKEM768 key exchange in TLS 1.3: The support for
post-quantum key exchanges has been extended to cover the final
standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem.
The minimum supported version of liboqs is bumped to 0.11.0.
- libgnutls: All records included in an OCSP response are now checked
in TLS: Previously, when multiple records are provided in a single
OCSP response, only the first record was considered; now all those
records are examined until the server certificate matches.
- libgnutls: Handling of malformed compress_certificate extension is
now more standard compliant: The server behavior of receiving a
malformed compress_certificate extension now more strictly follows
RFC 8879; return illegal_parameter alert instead of bad_certificate,
as well as overlong extension data is properly rejected.
- build: More flexible library linking options for compression
libraries, TPM, and liboqs support: The configure options,
--with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs
now take 4 states: yes/link/dlopen/no, to specify how the libraries
are linked or loaded.
* Rebase gnutls-FIPS-140-3-references.patch
- FIPS: Allow to perform the integrity check with the hmac provided
by each library [bsc#1226724]
* Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=117
* libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely
disable DSA algorithm support.
* libgnutls: Experimental support for X25519Kyber768Draft00 key
exchange in TLS. For testing purposes, the hybrid post-quantum
key exchange defined in draft-tls-westerbaan-xyber768d00 has been
implemented using liboqs. Since the algorithm is still not finalized,
the support of this key exchange is disabled by default and can be
enabled with the --with-liboqs configure option.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=113
* libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
* libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
* API and ABI modifications:
- gnutls_pkcs12_generate_mac3: New function
- gnutls_pkcs12_flags_t: New enum
- gnutls_hash_squeeze: New function
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-jitterentropy.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=111
- Update to 3.8.5:
* libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option 'allow-rsa-pkcs1-encrypt'
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
* libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
* libgnutls: A couple of memory related issues have been fixed in
RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA
with earlier versions of GMP. These were a regression introduced
in the 3.8.4 release. See #1535 and !1827.
* build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
* API and ABI modifications:
- GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of
gnutls_pkcs_encrypt_flags_t
* Rebase patches:
- gnutls-FIPS-TLS_KDF_selftest.patch
- gnutls-FIPS-140-3-references.patch
OBS-URL: https://build.opensuse.org/request/show/1165440
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=109
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread. [bsc#1221242]
* Add gnutls-FIPS-jitterentropy-deinit-threads.patch
- Update to 3.8.4:
* libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a gnutls_x509_spki_t object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
* libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [bsc#1221746, CVE-2024-28834]
* libgnutls: Fixed a bug where certtool crashed when verifying a
certificate chain with more than 16 certificates. Reported by
William Woodruff (#1525) and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [bsc#1221747, CVE-2024-28835]
* libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
* build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
* API and ABI modifications:
- gnutls_x509_spki_get_rsa_oaep_params: New function.
- gnutls_x509_spki_set_rsa_oaep_params: New function.
OBS-URL: https://build.opensuse.org/request/show/1161324
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=107
- Update to 3.8.3:
* libgnutls: Fix more timing side-channel inside RSA-PSK key
exchange. [GNUTLS-SA-2024-01-14, CVSS: medium]
[bsc#1218865, CVE-2024-0553]
* libgnutls: Fix assertion failure when verifying a certificate
chain with a cycle of cross signatures.
[GNUTLS-SA-2024-01-09, CVSS: medium] [bsc#1218862, CVE-2024-0567]
* libgnutls: Fix regression in handling Ed25519 keys stored in
PKCS#11 token certtool was unable to handle Ed25519 keys
generated on PKCS#11 with pkcs11-tool (OpenSC).
This is a regression introduced in 3.8.2.
* Rebase gnutls-FIPS-140-3-references.patch
* Updated upstream gnutls.keyring
OBS-URL: https://build.opensuse.org/request/show/1139454
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=103
- Update to 3.8.2: [bsc#1217277, CVE-2023-5981]
* libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
[GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]
* libgnutls: Add API functions to perform ECDH and DH key agreement
The functionality has been there for a long time though they were
not available as part of the public API. This enables applications
to implement custom protocols leveraging non-interactive key
agreement with ECDH and DH.
* libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452)
The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and
GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through
the AEAD interface. Note that, unlike
GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is
appended to the ciphertext, not prepended.
* libgnutls: transparent KTLS support is extended to FreeBSD kernel
The kernel TLS feature can now be enabled on FreeBSD as well as
Linux when compiled with the --enable-ktls configure option.
* gnutls-cli: New option --starttls-name
Depending on deployment, application protocols such as XMPP may
require a different origin address than the external address to be
presented prior to STARTTLS negotiation. The --starttls-name can
be used to specify specify the addresses separately.
* API and ABI modifications:
- gnutls_pubkey_import_dh_raw: New function
- gnutls_privkey_import_dh_raw: New function
- gnutls_pubkey_export_dh_raw: New function
- gnutls_privkey_export_dh_raw: New function
- gnutls_x509_privkey_import_dh_raw: New function
- gnutls_privkey_derive_secret: New function
- GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t
OBS-URL: https://build.opensuse.org/request/show/1127282
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=101
- tests: Fix the SRP test that fails with SIGPIPE signal return due
to a socket being closed before using it.
* Add gnutls-srp-test-SIGPIPE.patch
- Update to version 3.8.1:
* libgnutls: ClientHello extensions are randomized by default
To make fingerprinting harder, TLS extensions in ClientHello
messages are shuffled. As this behavior may cause compatibility
issue with legacy applications that do not accept the last
extension without payload, the behavior can be reverted with the
%NO_SHUFFLE_EXTENSIONS priority keyword.
* libgnutls: Add support for RFC 9258 external PSK importer.
This enables to deploy the same PSK across multiple TLS versions
(TLS 1.2 and TLS 1.3) in a secure manner. To use, the application
needs to set up a callback that formats the PSK identity using
gnutls_psk_format_imported_identity().
* libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to
%GNUTLS_NO_DEFAULT_EXTENSIONS.
* libgnutls: Add additional PBKDF limit checks in FIPS mode as
defined in SP 800-132. Minimum salt length is 128 bits and
minimum iterations bound is 1000 for PBKDF in FIPS mode.
* libgnutls: Add a mechanism to control whether to enforce extended
master secret (RFC 7627). FIPS 140-3 mandates the use of TLS
session hash (extended master secret, EMS) in TLS 1.2. To enforce
this, a new priority keyword %FORCE_SESSION_HASH is added and if
it is set and EMS is not set, the peer aborts the connection. This
behavior is the default in FIPS mode, though it can be overridden
through the configuration file with the "tls-session-hash" option.
In either case non-EMS PRF is reported as a non-approved operation
through the FIPS service indicator.
OBS-URL: https://build.opensuse.org/request/show/1105136
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=98
- Update to 3.8.0: [bsc#1205763, bsc#1209627]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. Reported by Hubert Kario (#1050). Fix developed by
Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
[CVE-2023-0361]
* libgnutls: C++ library is now header only. All definitions
from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
C++ interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
* libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
* libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used
given other implementations dropped support for it. To enable
back support for it, supply --enable-heartbeat-support to
configure script.
* libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not
up to date with the latest TLS standards and its ciphersuites
are based on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
* libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
OBS-URL: https://build.opensuse.org/request/show/1074130
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=88
