- Update to 3.8.3:
* libgnutls: Fix more timing side-channel inside RSA-PSK key
exchange. [GNUTLS-SA-2024-01-14, CVSS: medium]
[bsc#1218865, CVE-2024-0553]
* libgnutls: Fix assertion failure when verifying a certificate
chain with a cycle of cross signatures.
[GNUTLS-SA-2024-01-09, CVSS: medium] [bsc#1218862, CVE-2024-0567]
* libgnutls: Fix regression in handling Ed25519 keys stored in
PKCS#11 token certtool was unable to handle Ed25519 keys
generated on PKCS#11 with pkcs11-tool (OpenSC).
This is a regression introduced in 3.8.2.
* Rebase gnutls-FIPS-140-3-references.patch
* Updated upstream gnutls.keyring
OBS-URL: https://build.opensuse.org/request/show/1139454
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=103
- Update to 3.8.0: [bsc#1205763, bsc#1209627]
* libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key
exchange. Reported by Hubert Kario (#1050). Fix developed by
Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium]
[CVE-2023-0361]
* libgnutls: C++ library is now header only. All definitions
from gnutlsxx.c have been moved into gnutlsxx.h. Users of the
C++ interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
* libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
* libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used
given other implementations dropped support for it. To enable
back support for it, supply --enable-heartbeat-support to
configure script.
* libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not
up to date with the latest TLS standards and its ciphersuites
are based on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
* libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
OBS-URL: https://build.opensuse.org/request/show/1074130
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=88
- Update to 3.7.8:
* libgnutls: In FIPS140 mode, RSA signature verification is an
approved operation if the key has modulus with known sizes
(1024, 1280, 1536, and 1792 bits), in addition to any modulus
sizes larger than 2048 bits, according to SP800-131A rev2.
* libgnutls: gnutls_session_channel_binding performs additional
checks when GNUTLS_CB_TLS_EXPORTER is requested. According to
RFC9622 4.2, the "tls-exporter" channel binding is only usable
when the handshake is bound to a unique master secret (i.e.,
either TLS 1.3 or extended master secret extension is
negotiated). Otherwise the function now returns error.
* libgnutls: usage of the following functions, which are designed
to loosen restrictions imposed by allowlisting mode of
configuration, has been additionally restricted. Invoking
them is now only allowed if system-wide TLS priority string
has not been initialized yet:
- gnutls_digest_set_secure
- gnutls_sign_set_secure
- gnutls_sign_set_secure_for_certs
- gnutls_protocol_set_enabled
* Delete gnutls-3.6.6-set_guile_site_dir.patch and use the
--with-guile-extension-dir configure option to properly
handle the guile extension directory.
* Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch
* Update gnutls.keyring
* Add a build depencency on gtk-doc required by autoreconf
OBS-URL: https://build.opensuse.org/request/show/1009758
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=77
- Update to 3.7.4:
* libgnutls: Added support for certificate compression as defined
in RFC8879.
* certtool: Added option --compress-cert that allows user to
specify compression methods for certificate compression.
* libgnutls: GnuTLS can now be compiled with --enable-strict-x509
configure option to enforce stricter certificate sanity checks
that are compliant with RFC5280.
* libgnutls: Removed IA5String type from DirectoryString within
issuer and subject name to make DirectoryString RFC5280 compliant.
* libgnutls: Added function to retrieve the name of current
ciphersuite from session.
* Bump libgnutlsxx soname due to ABI break
* API and ABI modifications:
- GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
- GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
- gnutls_compress_certificate_get_selected_method: Added
- gnutls_compress_certificate_set_methods: Added
* Update gnutls.keyring
OBS-URL: https://build.opensuse.org/request/show/962891
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=60
- Update to 3.6.14
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008). (bsc#1172461)
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
- Add key D605848ED7E69871: public key "Daiki Ueno <ueno@unixuser.org>" to
the keyring
- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/811391
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=34
- gnutls.keyring: Nikos key refreshed to be unexpired
- GnuTLS 3.6.2:
* libgnutls: When verifying against a self signed certificate ignore issuer.
That is, ignore issuer when checking the issuer's parameters strength,
resolving issue #347 which caused self signed certificates to be
additionally marked as of insufficient security level.
* libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
MTU calculation now, it correctly accounts for the fixed overhead due to
padding (as 1 byte), while at the same time considers the rest of the
padding as part of data MTU.
* libgnutls: Address issue of loading of all PKCS#11 modules on startup
on systems with a PKCS#11 trust store (as opposed to a file trust store).
Introduced a multi-stage initialization which loads the trust modules, and
other modules are deferred for the first pure PKCS#11 request.
* libgnutls: The SRP authentication will reject any parameters outside
RFC5054. This protects any client from potential MitM due to insecure
parameters. That also brings SRP in par with the RFC7919 changes to
Diffie-Hellman.
* libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
for SRP authentication.
* libgnutls: Addressed issue in the accelerated code affecting
interoperability with versions of nettle >= 3.4.
* libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
* libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
Vitezslav Cizek).
* srptool: the --create-conf option no longer includes 1024-bit parameters.
* p11tool: Fixed the deletion of objects in batch mode.
- Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
OBS-URL: https://build.opensuse.org/request/show/587401
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=108
- Disable all ECC algorithms.
- gnutls-32bit.patch: upstream patch to make test
work with 32bit time_t.
- gnutls-implement-trust-store-dir.diff
currently not yet forward ported.
- Updated to GnuTLS 3.2.1
** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.
** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.
** libgnutls: Corrected issue when receiving client hello verify
requests in DTLS.
** libgnutls: Fixes in DTLS record overhead size calculations.
** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by
Mann Ern Kang.
- Updated to GnuTLS 3.2.0
** libgnutls: Use nettle's elliptic curve implementation.
** libgnutls: Added Salsa20 cipher
** libgnutls: Added UMAC-96 and UMAC-128
** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite numbers.
** libgnutls: Added support for DTLS 1.2.
** libgnutls: Added support for the Application Layer Protocol
Negotiation (ALPN) extension.
** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).
- Updated to GnuTLS 3.1.10 (released 2013-03-22)
** certtool: When generating PKCS #12 files use by default the
ARCFOUR (RC4) cipher to be compatible with devices that don't
OBS-URL: https://build.opensuse.org/request/show/181378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=58
