- Verify only the libgnutls library HMAC [bsc#1199881]
* Do not use the brp-50-generate-fips-hmac script as this
is now calculated with the internal fipshmac tool.
* Add gnutls-verify-library-HMAC.patch
- Disable flaky test that fails in s390x architecture:
* Add gnutls-disable-flaky-test-dtls-resume.patch
- Consolidate the FIPS hmac files [bsc#1203245]
* Use the gnutls fipshmac tool instead of the brp-check-suse
and rename it to reflect on the library version.
- Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false
positive for the FIPS hmac calculation.
OBS-URL: https://build.opensuse.org/request/show/1034572
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=80
- The FIPS hmac is now calculated with an internal tool since
commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed and it has
been renamed to .gnutls.hmac. [bsc#1199881, bsc#1203245]
* Remove the fipscheck build dependency
* Check only the calculated hmac for libgnutls.so.30 since the
calculated hmacs for libnettle.so.8, libhogweed.so.6 and
libgmp.so.10 in .gnutls.hmac are incorrect.
* Add gnutls-FIPS-hmac-check-only-libgnutls.patch
* Remove gnutls-FIPS-Run-CFB8-without-offset.patch
- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146]
* Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
OBS-URL: https://build.opensuse.org/request/show/1011039
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=78
- Update to 3.7.8:
* libgnutls: In FIPS140 mode, RSA signature verification is an
approved operation if the key has modulus with known sizes
(1024, 1280, 1536, and 1792 bits), in addition to any modulus
sizes larger than 2048 bits, according to SP800-131A rev2.
* libgnutls: gnutls_session_channel_binding performs additional
checks when GNUTLS_CB_TLS_EXPORTER is requested. According to
RFC9622 4.2, the "tls-exporter" channel binding is only usable
when the handshake is bound to a unique master secret (i.e.,
either TLS 1.3 or extended master secret extension is
negotiated). Otherwise the function now returns error.
* libgnutls: usage of the following functions, which are designed
to loosen restrictions imposed by allowlisting mode of
configuration, has been additionally restricted. Invoking
them is now only allowed if system-wide TLS priority string
has not been initialized yet:
- gnutls_digest_set_secure
- gnutls_sign_set_secure
- gnutls_sign_set_secure_for_certs
- gnutls_protocol_set_enabled
* Delete gnutls-3.6.6-set_guile_site_dir.patch and use the
--with-guile-extension-dir configure option to properly
handle the guile extension directory.
* Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch
* Update gnutls.keyring
* Add a build depencency on gtk-doc required by autoreconf
OBS-URL: https://build.opensuse.org/request/show/1009758
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=77
- FIPS: Additional modifications to the SLI. [bsc#1190698]
* Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
* Mark HMAC keylength less than 112 bits as non-approved in
gnutls_pbkfd2().
* Adapt the pbkdf2 selftest and the regression tests accordingly.
* Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
* Add new dependency on jitterentropy
* Add gnutls-FIPS-jitterentropy.patch
- FIPS:
* Add gnutls_ECDSA_signing.patch [bsc#1190698]
- Check minimum keylength for symmetric key generation
- Only allows ECDSA signature with valid set of hashes
(SHA2 and SHA3)
OBS-URL: https://build.opensuse.org/request/show/1003480
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=73
- Update to 3.7.7:
* libgnutls: Fixed double free during verification of pkcs7
signatures. CVE-2022-2509
* libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument
less than or equal to 255 times hash digest size, to comply with
RFC 5869 2.3.
* libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters
* libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
* libgnutls: New block cipher functions have been added to
transparently handle padding. gnutls_cipher_encrypt3 and
gnutls_cipher_decrypt3 can be used in combination of
GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove
padding if the length of the original plaintext is not a multiple
of the block size.
* libgnutls: New function for manual FIPS self-testing.
* API and ABI modifications:
- gnutls_fips140_run_self_tests: New function
- gnutls_cipher_encrypt3: New function
- gnutls_cipher_decrypt3: New function
- gnutls_cipher_padding_flags_t: New enum
* guile: Guile 1.8 is no longer supported
* guile: Session record port treats premature termination as EOF Previously,
a 'gnutls-error' exception with the 'error/premature-termination' value
would be thrown while reading from a session record port when the
underlying session was terminated prematurely. This was inconvenient
since users of the port may not be prepared to handle such an exception.
Reading from the session record port now returns the end-of-file object
instead of throwing an exception, just like it would for a proper
OBS-URL: https://build.opensuse.org/request/show/991873
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=69
- Update to version 3.7.6:
* libgnutls: Fixed invalid write when gnutls_realloc_zero() is
called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc.
* Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed
upstream.
- Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory
corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367,
boo#1199929).
- update to 3.7.5:
* add options disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy
* For TLS 1.3 where session tickets do provide forward secrecy,
the PFS priority string now only disables session tickets in
TLS 1.2.
* Future backward incompatibility: in the next major release of
GnuTLS those flag and modifier are planned to be removed
* gnutls-cli, gnutls-serv: Channel binding for printing
information has been changed from tls-unique to tls-exporter
as tls-unique is not supported in TLS 1.3.
* Certificate sanity checks has been enhanced to make gnutls
more RFC 5280 compliant:
* Removed 3DES from FIPS approved algorithms
* Optimized support for AES-SIV-CMAC algorithms
* libgnutls: HKDF and AES-GCM algorithms are now approved in
FIPS-140 mode when used in TLS (forwarded request 979523 from 1Antoine1)
OBS-URL: https://build.opensuse.org/request/show/979801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=139
- Update to version 3.7.6:
* libgnutls: Fixed invalid write when gnutls_realloc_zero() is
called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc.
* Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed
upstream.
- Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory
corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367,
boo#1199929).
- update to 3.7.5:
* add options disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy
* For TLS 1.3 where session tickets do provide forward secrecy,
the PFS priority string now only disables session tickets in
TLS 1.2.
* Future backward incompatibility: in the next major release of
GnuTLS those flag and modifier are planned to be removed
* gnutls-cli, gnutls-serv: Channel binding for printing
information has been changed from tls-unique to tls-exporter
as tls-unique is not supported in TLS 1.3.
* Certificate sanity checks has been enhanced to make gnutls
more RFC 5280 compliant:
* Removed 3DES from FIPS approved algorithms
* Optimized support for AES-SIV-CMAC algorithms
* libgnutls: HKDF and AES-GCM algorithms are now approved in
FIPS-140 mode when used in TLS
OBS-URL: https://build.opensuse.org/request/show/979523
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=67
- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
* The IG 10.3.A and SP800-132 require some minimum parameters for
the salt length, password length and iteration count. These
parameters should be also used in the KAT.
* Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
- Enable to run the regression tests also in FIPS mode.
* Add gnutls-FIPS-disable-failing-tests.patch
OBS-URL: https://build.opensuse.org/request/show/964661
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=61
- Update to 3.7.4:
* libgnutls: Added support for certificate compression as defined
in RFC8879.
* certtool: Added option --compress-cert that allows user to
specify compression methods for certificate compression.
* libgnutls: GnuTLS can now be compiled with --enable-strict-x509
configure option to enforce stricter certificate sanity checks
that are compliant with RFC5280.
* libgnutls: Removed IA5String type from DirectoryString within
issuer and subject name to make DirectoryString RFC5280 compliant.
* libgnutls: Added function to retrieve the name of current
ciphersuite from session.
* Bump libgnutlsxx soname due to ABI break
* API and ABI modifications:
- GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
- GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
- gnutls_compress_certificate_get_selected_method: Added
- gnutls_compress_certificate_set_methods: Added
* Update gnutls.keyring
OBS-URL: https://build.opensuse.org/request/show/962891
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=60
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
- Update to 3.7.1:
[bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231]
* Fixed potential use-after-free in sending "key_share" and
"pre_shared_key" extensions.
* Fixed a regression in handling duplicated certs in a chain.
* Fixed sending of session ID in TLS 1.3 middlebox compatibility
mode. In that mode the client shall always send a non-zero
session ID to make the handshake resemble the TLS 1.2
resumption; this was not true in the previous versions.
* Removed dependency on the external 'fipscheck' package,
when compiled with --enable-fips140-mode.
* Added padlock acceleration for AES-192-CBC.
- Remove patches upstream:
* gnutls-gnutls-cli-debug.patch
* gnutls-ignore-duplicate-certificates.patch
* gnutls-test-fixes.patch
OBS-URL: https://build.opensuse.org/request/show/878624
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=49
- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565]
* Don't unset system priority settings in gnutls-cli-debug.sh
* Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387
- Add gnutls-gnutls-cli-debug.patch
- Fix: Test certificates in tests/testpkcs11-certs have expired
* Upstream bug: gitlab.com/gnutls/gnutls/issues/1135
- Add gnutls-test-fixes.patch
- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
* Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131
- Add gnutls-ignore-duplicate-certificates.patch
- Update to 3.7.0
* Depend on nettle 3.6
* Added a new API that provides a callback function to retrieve
missing certificates from incomplete certificate chains
* Added a new API that provides a callback function to output the
complete path to the trusted root during certificate chain
verification
* OIDs exposed as gnutls_datum_t no longer account for the
terminating null bytes, while the data field is null terminated.
The affected API functions are: gnutls_ocsp_req_get_extension,
gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
* Added a new set of API to enable QUIC implementation
* The crypto implementation override APIs deprecated in 3.6.9 are
now no-op
* Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
* Support for padlock has been fixed to make it work with Zhaoxin CPU
* The maximum PIN length for PKCS #11 has been increased from 31
OBS-URL: https://build.opensuse.org/request/show/873444
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=128
- Update to 3.7.0
* Depend on nettle 3.6
* Added a new API that provides a callback function to retrieve
missing certificates from incomplete certificate chains
* Added a new API that provides a callback function to output the
complete path to the trusted root during certificate chain
verification
* OIDs exposed as gnutls_datum_t no longer account for the
terminating null bytes, while the data field is null terminated.
The affected API functions are: gnutls_ocsp_req_get_extension,
gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
* Added a new set of API to enable QUIC implementation
* The crypto implementation override APIs deprecated in 3.6.9 are
now no-op
* Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
* Support for padlock has been fixed to make it work with Zhaoxin CPU
* The maximum PIN length for PKCS #11 has been increased from 31
bytes to 255 bytes
- Remove patch fixed upstream:
* gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- Add version guards for the crypto-policies package
OBS-URL: https://build.opensuse.org/request/show/868673
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=45
- Update to 3.6.15
* libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
[GNUTLS-SA-2020-09-04, CVSS: medium]
* libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
indicates that with a false return value (!1306).
* libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
accordingly to SP800-56A rev 3 (!1295, !1299).
* libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
the size of the internal base64 blob (#1025).
* libgnutls: Certificate verification failue due to OCSP must-stapling is not
honered is now correctly marked with the GNUTLS_CERT_INVALID flag
* libgnutls: The audit log message for weak hashes is no longer printed twice
* libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
disabled in the priority string. Previously, even when TLS 1.2 is explicitly
disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
enabled (#1054).
- drop upstreamed patches:
* gnutls-detect_nettle_so.patch
* 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
OBS-URL: https://build.opensuse.org/request/show/832939
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=39
