From 42cf463b5700e0ac056e58fa592fd327a99e07f2431301a81ffc5e2c244db80e Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 24 Nov 2025 10:49:16 +0000 Subject: [PATCH] - Reduce the number of patches: * Merge gnutls-FIPS-jitterentropy-deinit-threads.patch into the main jitterentropy patch gnutls-FIPS-jitterentropy.patch * Merge the soname gnutls-fips-sonames-check.patch and V3 gnutls-FIPS-HMAC-x86_64-v3-opt.patch patches together into gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch * Remove gnutls-set-cligen-python-interp.patch with a sed command. - Enable back the failing tests that have been fixed upstream: * Remove patches: - gnutls-disable-flaky-test-dtls-resume.patch - gnutls-srp-test-SIGPIPE.patch - gnutls-skip-pqx-test.patch - gnutls-3.8.10-disable-ktls_test.patch - Update to 3.8.11: * libgnutls: Fix stack overwrite in gnutls_pkcs11_token_init Reported by Luigino Camastra from Aisle Research. [GNUTLS-SA-2025-11-18, CVSS: low] [bsc#1254132, CVE-2025-9820] * libgnutls: MAC algorithms for PSK binders is now configurable The previous implementation assumed HMAC-SHA256 to calculate the PSK binders. With the new gnutls_psk_allocate_client_credentials2() and gnutls_psk_allocate_server_credentials2() functions, the application can use other MAC algorithms such as HMAC-SHA384. * libgnutls: Expose a new function to provide the maximum record send size A new function gnutls_record_get_max_send_size() has been added to determine the maximum size of a TLS record to be sent to the peer. * libgnutls: Expose a new function to update keys without sending a KeyUpdate to the peer. A new function gnutls_handshake_update_receiving_key() has been added to allow updating the local receiving key without OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=133 --- .gitattributes | 23 + .gitignore | 1 + baselibs.conf | 7 + gnutls-3.5.11-skip-trust-store-tests.patch | 31 + gnutls-3.8.10-disable-ktls_test.patch | 24 + gnutls-3.8.10.tar.xz | 3 + gnutls-3.8.10.tar.xz.sig | Bin 0 -> 566 bytes gnutls-3.8.11.tar.xz | 3 + gnutls-3.8.11.tar.xz.sig | Bin 0 -> 566 bytes gnutls-FIPS-140-3-references.patch | 1240 ++++ gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch | 184 + gnutls-FIPS-HMAC-x86_64-v3-opt.patch | 47 + gnutls-FIPS-TLS_KDF_selftest.patch | 31 + gnutls-FIPS-disable-mac-sha1.patch | 181 + ...ls-FIPS-jitterentropy-deinit-threads.patch | 34 + gnutls-FIPS-jitterentropy.patch | 259 + gnutls-disable-flaky-test-dtls-resume.patch | 13 + gnutls-fips-sonames-check.patch | 27 + gnutls-set-cligen-python-interp.patch | 10 + gnutls-skip-pqx-test.patch | 34 + gnutls-srp-test-SIGPIPE.patch | 22 + gnutls.changes | 5038 +++++++++++++++++ gnutls.keyring | 226 + gnutls.rpmlintrc | 1 + gnutls.spec | 402 ++ 25 files changed, 7841 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 baselibs.conf create mode 100644 gnutls-3.5.11-skip-trust-store-tests.patch create mode 100644 gnutls-3.8.10-disable-ktls_test.patch create mode 100644 gnutls-3.8.10.tar.xz create mode 100644 gnutls-3.8.10.tar.xz.sig create mode 100644 gnutls-3.8.11.tar.xz create mode 100644 gnutls-3.8.11.tar.xz.sig create mode 100644 gnutls-FIPS-140-3-references.patch create mode 100644 gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch create mode 100644 gnutls-FIPS-HMAC-x86_64-v3-opt.patch create mode 100644 gnutls-FIPS-TLS_KDF_selftest.patch create mode 100644 gnutls-FIPS-disable-mac-sha1.patch create mode 100644 gnutls-FIPS-jitterentropy-deinit-threads.patch create mode 100644 gnutls-FIPS-jitterentropy.patch create mode 100644 gnutls-disable-flaky-test-dtls-resume.patch create mode 100644 gnutls-fips-sonames-check.patch create mode 100644 gnutls-set-cligen-python-interp.patch create mode 100644 gnutls-skip-pqx-test.patch create mode 100644 gnutls-srp-test-SIGPIPE.patch create mode 100644 gnutls.changes create mode 100644 gnutls.keyring create mode 100644 gnutls.rpmlintrc create mode 100644 gnutls.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..0eb5642 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +libgnutls30 + obsoletes "gnutls-" + provides "libgnutls30-hmac- = -%release" + obsoletes "libgnutls30-hmac- < -%release" +libgnutls-devel + requires -libgnutls- + requires "libgnutls30- = " diff --git a/gnutls-3.5.11-skip-trust-store-tests.patch b/gnutls-3.5.11-skip-trust-store-tests.patch new file mode 100644 index 0000000..f02e4b6 --- /dev/null +++ b/gnutls-3.5.11-skip-trust-store-tests.patch @@ -0,0 +1,31 @@ +From: Andreas Stieger +Date: Thu, 18 May 2017 10:31:42 +0200 +References: https://build.opensuse.org/request/show/493998 +Upstream: never + +trust-store test added in +https://gitlab.com/gnutls/gnutls/commit/8d740ae87fae9c1237421dd24825b78103c5da36 +need ca-certificates-mozilla to run. + +[ 242s] FAIL: trust-store +[ 242s] ================= +[ 242s] +[ 242s] doit:64: no certificates were found in system trust store! +[ 242s] FAIL trust-store (exit status: 1) + +But this would create a build cycle. Skip test. + +Index: gnutls-3.8.9/tests/trust-store.c +=================================================================== +--- gnutls-3.8.9.orig/tests/trust-store.c ++++ gnutls-3.8.9/tests/trust-store.c +@@ -42,6 +42,9 @@ static void tls_log_func(int level, cons + + void doit(void) + { ++ /* building without ca-certificates-mozilla, skip test */ ++ exit(77); ++ + gnutls_certificate_credentials_t x509_cred; + int ret; + diff --git a/gnutls-3.8.10-disable-ktls_test.patch b/gnutls-3.8.10-disable-ktls_test.patch new file mode 100644 index 0000000..8060e59 --- /dev/null +++ b/gnutls-3.8.10-disable-ktls_test.patch @@ -0,0 +1,24 @@ +Index: gnutls-3.8.10/tests/Makefile.am +=================================================================== +--- gnutls-3.8.10.orig/tests/Makefile.am ++++ gnutls-3.8.10/tests/Makefile.am +@@ -527,13 +527,13 @@ if !WINDOWS + # + + if ENABLE_KTLS +-indirect_tests += gnutls_ktls +-dist_check_SCRIPTS += ktls.sh ++#indirect_tests += gnutls_ktls ++#dist_check_SCRIPTS += ktls.sh + +-indirect_tests += ktls_keyupdate +-ktls_keyupdate_SOURCES = tls13/key_update.c +-ktls_keyupdate_CFLAGS = -DUSE_KTLS +-dist_check_SCRIPTS += ktls_keyupdate.sh ++#indirect_tests += ktls_keyupdate ++#ktls_keyupdate_SOURCES = tls13/key_update.c ++#ktls_keyupdate_CFLAGS = -DUSE_KTLS ++#dist_check_SCRIPTS += ktls_keyupdate.sh + endif + + dist_check_SCRIPTS += dtls/dtls.sh #dtls/dtls-resume.sh #dtls/dtls-nb diff --git a/gnutls-3.8.10.tar.xz b/gnutls-3.8.10.tar.xz new file mode 100644 index 0000000..d7947df --- /dev/null +++ b/gnutls-3.8.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7 +size 6909856 diff --git a/gnutls-3.8.10.tar.xz.sig b/gnutls-3.8.10.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..bf232f95732f3dcf7de1915546bcd31e0d6b6676d0f9047bdbe57aa4ac291322 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SEvc79j*iA|=DLZ#0LW$VqJ01%!^*=9qB>0%&dZ3IGZT5Y`2R zj@RaxakzXC0FZ=$+=4(VjMPj)8oI#l?d}*FG$?(?6l_`CU2OzK`<5S*B|T)6%-YP_~A{vocb|#9ozAiS)h4RTPzGf^Vi#j%&ZFX!YSzr{j?cq-C4Lb*J-UT(gFRepZW$5NT zjR6|?Y3O3YB6nzp=L5~UFgDzOIhw4c`~LLjU}8*Y{Nb*4$5%B+xuBOj@eeaUsjq&6 zj>m8#B;c$vD`$6U98%W(Q26)nrS_i3*D;4+UwytZtW3`+Nr$h_1oUwcJ-%evChA90 z%tbN#W<~rKzEy@94aaLO{jq~y?Nz6LwW9quwl8|L64A*hw-Je^eY%?}n$y(3kZ1Hj z-WI;Y62>W_xYMIC(p*r0S(2_jMj`k2 zd3=TqTE@kKc*4zcnL=-OWdq5ZHiaOxT)T=4_tF_wk7~${_v{Q_0+p#ZDo{iRx1p$n zYI~ E^v6aO-2eap literal 0 HcmV?d00001 diff --git a/gnutls-3.8.11.tar.xz b/gnutls-3.8.11.tar.xz new file mode 100644 index 0000000..1aa100a --- /dev/null +++ b/gnutls-3.8.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:91bd23c4a86ebc6152e81303d20cf6ceaeb97bc8f84266d0faec6e29f17baa20 +size 6939944 diff --git a/gnutls-3.8.11.tar.xz.sig b/gnutls-3.8.11.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..4d74e215081dfd469a0ed8e46601347a720e009dd0fe0871cd6fb1f3731dc20e GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j*iA|=DLZ#0LW$VqJ01%!^*=9qB>0%;z5uK)@O5Y`2R zj@RaxafLPy{SdltFLl*@Z(PLIq#lB1)X6S2Z0urpZ;q8T4KD)QH z3o8~Pweq`ciWN!WVRGSLW7SdwTF)XYrY{TqfNn?7p}13tZGxZV7{Uk=D|AT0-jE+o zEV{p}#rI2a>}zgW^{vyIc1F%sA~FnqRVR@>I%{RPT*Lqgsu{#ef#H+Y-}e!D5HTK8xQZ?!krIq+66ea#B8vHkTZc zrQ;?+D!;I1|0%dKkHu+], [dladdr (0, 0);]) + + AC_ARG_ENABLE(fips140-mode, +- AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]), ++ AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-3 mode]), + enable_fips=$enableval, enable_fips=no) + AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes") + if [ test "$enable_fips" = "yes" ];then + if test "x$HAVE_LIBDL" = "xyes";then +- AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode]) ++ AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-3 mode]) + AC_SUBST([FIPS140_LIBS], $LIBDL) + AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key], + [specify the FIPS140 HMAC key for integrity]), + fips_key="$withval", + fips_key="orboDeJITITejsirpADONivirpUkvarP") + +- AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key]) ++ AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-3 integrity key]) + + AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], + [specify the FIPS140 module name]), +Index: gnutls-3.8.11/doc/cha-gtls-app.texi +=================================================================== +--- gnutls-3.8.11.orig/doc/cha-gtls-app.texi ++++ gnutls-3.8.11/doc/cha-gtls-app.texi +@@ -222,7 +222,7 @@ CPU. The currently available options are + @end itemize + + @item @code{GNUTLS_FORCE_FIPS_MODE} +-@tab In setups where GnuTLS is compiled with support for FIPS140-2 (see @ref{FIPS140-2 mode}) ++@tab In setups where GnuTLS is compiled with support for FIPS140-3 (see @ref{FIPS140-3 mode}) + if set to one it will force the FIPS mode enablement. + + @end multitable +Index: gnutls-3.8.11/doc/cha-internals.texi +=================================================================== +--- gnutls-3.8.11.orig/doc/cha-internals.texi ++++ gnutls-3.8.11/doc/cha-internals.texi +@@ -14,7 +14,7 @@ happens inside the black box. + * TLS Hello Extension Handling:: + * Cryptographic Backend:: + * Random Number Generators-internals:: +-* FIPS140-2 mode:: ++* FIPS140-3 mode:: + @end menu + + @node The TLS Protocol +@@ -529,7 +529,7 @@ For more information see @ref{Hardware s + + GnuTLS provides two random generators. The default, and the AES-DRBG random + generator which is only used when the library is compiled with support for +-FIPS140-2 and the system is in FIPS140-2 mode. ++FIPS140-3 and the system is in FIPS140-3 mode. + + @subheading The default generator - inner workings + +@@ -659,23 +659,23 @@ two distinct times, and being able to re + after observing the output of the PRNG. Given the approach described + on the above paragraph, all levels are immune to such attack. + +-@node FIPS140-2 mode +-@section FIPS140-2 mode ++@node FIPS140-3 mode ++@section FIPS140-3 mode + +-GnuTLS can operate in a special mode for FIPS140-2. That mode of operation +-is for the conformance to NIST's FIPS140-2 publication, which consists of policies ++GnuTLS can operate in a special mode for FIPS140-3. That mode of operation ++is for the conformance to NIST's FIPS140-3 publication, which consists of policies + for cryptographic modules (such as software libraries). Its implementation in + GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled + when the library is explicitly compiled with the '--enable-fips140-mode' + configure option. + +-There are two distinct library states with regard to FIPS140-2: the FIPS140-2 ++There are two distinct library states with regard to FIPS140-3: the FIPS140-3 + mode is @emph{installed} if @code{/etc/system-fips} is present, and the +-FIPS140-2 mode is @emph{enabled} if @code{/proc/sys/crypto/fips_enabled} ++FIPS140-3 mode is @emph{enabled} if @code{/proc/sys/crypto/fips_enabled} + contains '1', which is typically set with the ``fips=1'' kernel command line + option. + +-When the FIPS140-2 mode is installed, the operation of the library is modified ++When the FIPS140-3 mode is installed, the operation of the library is modified + as follows. + + @itemize +@@ -684,12 +684,12 @@ as follows. + @item Algorithm self-tests are run on library load + @end itemize + +-When the FIPS140-2 mode is enabled, The operation of the library is in addition ++When the FIPS140-3 mode is enabled, The operation of the library is in addition + modified as follows. + + @itemize +-@item Only approved by FIPS140-2 algorithms are enabled +-@item Only approved by FIPS140-2 key lengths are allowed for key generation ++@item Only approved by FIPS140-3 algorithms are enabled ++@item Only approved by FIPS140-3 key lengths are allowed for key generation + @item Any cryptographic operation will be refused if any of the self-tests failed + @end itemize + +@@ -698,7 +698,7 @@ There are also few environment variables + environment variable @code{GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS} will disable + the library integrity tests on startup, and the variable + @code{GNUTLS_FORCE_FIPS_MODE} can be set to force a value from +-@ref{gnutls_fips_mode_t}, i.e., '1' will enable the FIPS140-2 ++@ref{gnutls_fips_mode_t}, i.e., '1' will enable the FIPS140-3 + mode, while '0' will disable it. + + The integrity checks for the dependent libraries and GnuTLS are performed +@@ -706,20 +706,20 @@ using '.hmac' files which are present at + key for the operations can be provided on compile-time with the configure + option '--with-fips140-key'. The MAC algorithm used is HMAC-SHA256. + +-On runtime an application can verify whether the library is in FIPS140-2 ++On runtime an application can verify whether the library is in FIPS140-3 + mode using the @funcref{gnutls_fips140_mode_enabled} function. + +-@subheading Relaxing FIPS140-2 requirements ++@subheading Relaxing FIPS140-3 requirements + + The library by default operates in a strict enforcing mode, ensuring that +-all constraints imposed by the FIPS140-2 specification are enforced. However ++all constraints imposed by the FIPS140-3 specification are enforced. However + the application can relax these requirements via @funcref{gnutls_fips140_set_mode} + which can switch to alternative modes as in @ref{gnutls_fips_mode_t}. + + @showenumdesc{gnutls_fips_mode_t,The @code{gnutls_@-fips_@-mode_t} enumeration.} + + The intention of this API is to be used by applications which may run in +-FIPS140-2 mode, while they utilize few algorithms not in the allowed set, ++FIPS140-3 mode, while they utilize few algorithms not in the allowed set, + e.g., for non-security related purposes. In these cases applications should + wrap the non-compliant code within blocks like the following. + +@@ -748,9 +748,9 @@ if (gnutls_fips140_mode_enabled()) + The reason of the @code{GNUTLS_FIPS140_SET_MODE_THREAD} flag in the + previous calls is to localize the change in the mode. Note also, that + such a block has no effect when the library is not operating +-under FIPS140-2 mode, and thus it can be considered a no-op. ++under FIPS140-3 mode, and thus it can be considered a no-op. + +-Applications could also switch FIPS140-2 mode explicitly off, by calling ++Applications could also switch FIPS140-3 mode explicitly off, by calling + @example + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); + @end example +@@ -768,7 +768,7 @@ performed within a given context. + + @showfuncD{gnutls_fips140_context_init,gnutls_fips140_context_deinit,gnutls_fips140_push_context,gnutls_fips140_pop_context} + +-The @code{gnutls_fips140_context_t} represents the FIPS140-2 mode of ++The @code{gnutls_fips140_context_t} represents the FIPS140-3 mode of + operation. It can be attached to the current execution thread with + @funcref{gnutls_fips140_push_context} and its internal state will be + updated until it is detached with +Index: gnutls-3.8.11/doc/enums.texi +=================================================================== +--- gnutls-3.8.11.orig/doc/enums.texi ++++ gnutls-3.8.11/doc/enums.texi +@@ -1236,7 +1236,7 @@ application traffic secret is installed + @c gnutls_fips_mode_t + @table @code + @item GNUTLS_@-FIPS140_@-DISABLED +-The FIPS140-2 mode is disabled. ++The FIPS140-3 mode is disabled. + @item GNUTLS_@-FIPS140_@-STRICT + The default mode; all forbidden operations will cause an + operation failure via error code. +@@ -1244,8 +1244,8 @@ operation failure via error code. + A transient state during library initialization. That state + cannot be set or seen by applications. + @item GNUTLS_@-FIPS140_@-LAX +-The library still uses the FIPS140-2 relevant algorithms but all +-forbidden by FIPS140-2 operations are allowed; this is useful when the ++The library still uses the FIPS140-3 relevant algorithms but all ++forbidden by FIPS140-3 operations are allowed; this is useful when the + application is aware of the followed security policy, and needs + to utilize disallowed operations for other reasons (e.g., compatibility). + @item GNUTLS_@-FIPS140_@-LOG +Index: gnutls-3.8.11/doc/functions/gnutls_fips140_set_mode +=================================================================== +--- gnutls-3.8.11.orig/doc/functions/gnutls_fips140_set_mode ++++ gnutls-3.8.11/doc/functions/gnutls_fips140_set_mode +@@ -3,7 +3,7 @@ + + + @deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) +-@var{mode}: the FIPS140-2 mode to switch to ++@var{mode}: the FIPS140-3 mode to switch to + + @var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD} + +@@ -12,13 +12,13 @@ That function is not thread-safe when ch + behavior with no flags after threads are created is undefined. + + When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified +-then this call will change the FIPS140-2 mode for this particular ++then this call will change the FIPS140-3 mode for this particular + thread and not for the whole process. That way an application + can utilize this function to set and reset mode for specific + operations. + + This function never fails but will be a no-op if used when +-the library is not in FIPS140-2 mode. When asked to switch to unknown ++the library is not in FIPS140-3 mode. When asked to switch to unknown + values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library + switches to @code{GNUTLS_FIPS140_STRICT} mode. + +Index: gnutls-3.8.11/doc/gnutls.html +=================================================================== +--- gnutls-3.8.11.orig/doc/gnutls.html ++++ gnutls-3.8.11/doc/gnutls.html +@@ -490,7 +490,7 @@ Documentation License”. +
  • 11.4 TLS Extension Handling
    • +
  • 11.5 Cryptographic Backend
    • +
  • 11.6 Random Number Generators
    • +-
  • 11.7 FIPS140-2 mode
    • ++
  • 11.7 FIPS140-3 mode
    • + +
  • Appendix A Upgrading from previous versions
    • +
  • Appendix B Support +@@ -9050,7 +9050,7 @@ CPU. The currently available options are +
  • 0x200000: Enable VIA PHE +
  • 0x400000: Enable VIA PHE SHA512 +
    • +-GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-2 (see FIPS140-2 mode) ++GNUTLS_FORCE_FIPS_MODEIn setups where GnuTLS is compiled with support for FIPS140-3 (see FIPS140-3 mode) + if set to one it will force the FIPS mode enablement. + + +@@ -18559,7 +18559,7 @@ None: + --inline-commands-prefix=str Change the default delimiter for inline commands + --provider=file Specify the PKCS #11 provider library + - file must pre-exist +- --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library ++ --fips140-mode Reports the status of the FIPS140-3 mode in gnutls library + --list-config Reports the configuration of the library + --logfile=str Redirect informational messages to a specific file + --keymatexport=str Label used for exporting keying material +@@ -19579,7 +19579,7 @@ happens inside the black box. +
  • TLS Extension Handling
    • +
  • Cryptographic Backend
    • +
  • Random Number Generators
    • +-
  • FIPS140-2 mode
    • ++
  • FIPS140-3 mode
    • + +
    + +-

    11.7 FIPS140-2 mode

    ++

    11.7 FIPS140-3 mode

    + +-

    GnuTLS can operate in a special mode for FIPS140-2. That mode of operation +-is for the conformance to NIST’s FIPS140-2 publication, which consists of policies ++

    GnuTLS can operate in a special mode for FIPS140-3. That mode of operation ++is for the conformance to NIST’s FIPS140-3 publication, which consists of policies + for cryptographic modules (such as software libraries). Its implementation in + GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled + when the library is explicitly compiled with the ’–enable-fips140-mode’ + configure option. +

    +-

    There are two distinct library states with regard to FIPS140-2: the FIPS140-2 ++

    There are two distinct library states with regard to FIPS140-3: the FIPS140-3 + mode is installed if /etc/system-fips is present, and the +-FIPS140-2 mode is enabled if /proc/sys/crypto/fips_enabled ++FIPS140-3 mode is enabled if /proc/sys/crypto/fips_enabled + contains ’1’, which is typically set with the “fips=1” kernel command line + option. +

    +-

    When the FIPS140-2 mode is installed, the operation of the library is modified ++

    When the FIPS140-3 mode is installed, the operation of the library is modified + as follows. +

    +
      +@@ -20273,12 +20273,12 @@ as follows. +
    • Algorithm self-tests are run on library load +
    + +-

    When the FIPS140-2 mode is enabled, The operation of the library is in addition ++

    When the FIPS140-3 mode is enabled, The operation of the library is in addition + modified as follows. +

    +
      +-
    • Only approved by FIPS140-2 algorithms are enabled +-
    • Only approved by FIPS140-2 key lengths are allowed for key generation ++
    • Only approved by FIPS140-3 algorithms are enabled ++
    • Only approved by FIPS140-3 key lengths are allowed for key generation +
    • Any cryptographic operation will be refused if any of the self-tests failed +
    + +@@ -20287,7 +20287,7 @@ modified as follows. + environment variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS will disable + the library integrity tests on startup, and the variable + GNUTLS_FORCE_FIPS_MODE can be set to force a value from +-Figure 11.5, i.e., ’1’ will enable the FIPS140-2 ++Figure 11.5, i.e., ’1’ will enable the FIPS140-3 + mode, while ’0’ will disable it. +

    +

    The integrity checks for the dependent libraries and GnuTLS are performed +@@ -20295,13 +20295,13 @@ using ’.hmac’ files which ar + key for the operations can be provided on compile-time with the configure + option ’–with-fips140-key’. The MAC algorithm used is HMAC-SHA256. +

    +-

    On runtime an application can verify whether the library is in FIPS140-2 ++

    On runtime an application can verify whether the library is in FIPS140-3 + mode using the gnutls_fips140_mode_enabled function. +

    +-

    Relaxing FIPS140-2 requirements

    ++

    Relaxing FIPS140-3 requirements

    + +

    The library by default operates in a strict enforcing mode, ensuring that +-all constraints imposed by the FIPS140-2 specification are enforced. However ++all constraints imposed by the FIPS140-3 specification are enforced. However + the application can relax these requirements via gnutls_fips140_set_mode + which can switch to alternative modes as in Figure 11.5. +

    +@@ -20310,7 +20310,7 @@ which can switch to alternative modes as + +
    +
    GNUTLS_FIPS140_DISABLED
    +-

    The FIPS140-2 mode is disabled. ++

    The FIPS140-3 mode is disabled. +

    +
    GNUTLS_FIPS140_STRICT
    +

    The default mode; all forbidden operations will cause an +@@ -20321,8 +20321,8 @@ operation failure via error code. + cannot be set or seen by applications. +

    +
    GNUTLS_FIPS140_LAX
    +-

    The library still uses the FIPS140-2 relevant algorithms but all +-forbidden by FIPS140-2 operations are allowed; this is useful when the ++

    The library still uses the FIPS140-3 relevant algorithms but all ++forbidden by FIPS140-3 operations are allowed; this is useful when the + application is aware of the followed security policy, and needs + to utilize disallowed operations for other reasons (e.g., compatibility). +

    +@@ -20333,7 +20333,7 @@ to a message to the audit callback funct +
    +

    Figure 11.5: The gnutls_fips_mode_t enumeration.

    +

    The intention of this API is to be used by applications which may run in +-FIPS140-2 mode, while they utilize few algorithms not in the allowed set, ++FIPS140-3 mode, while they utilize few algorithms not in the allowed set, + e.g., for non-security related purposes. In these cases applications should + wrap the non-compliant code within blocks like the following. +

    +@@ -20362,9 +20362,9 @@ if (gnutls_fips140_mode_enabled()) +

    The reason of the GNUTLS_FIPS140_SET_MODE_THREAD flag in the + previous calls is to localize the change in the mode. Note also, that + such a block has no effect when the library is not operating +-under FIPS140-2 mode, and thus it can be considered a no-op. ++under FIPS140-3 mode, and thus it can be considered a no-op. +

    +-

    Applications could also switch FIPS140-2 mode explicitly off, by calling ++

    Applications could also switch FIPS140-3 mode explicitly off, by calling +

    + 
    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
+
    +@@ -20387,7 +20387,7 @@ performed within a given context. +
    int gnutls_fips140_pop_context ( void)
    + + +-

    The gnutls_fips140_context_t represents the FIPS140-2 mode of ++

    The gnutls_fips140_context_t represents the FIPS140-3 mode of + operation. It can be attached to the current execution thread with + gnutls_fips140_push_context and its internal state will be + updated until it is detached with +@@ -20760,8 +20760,8 @@ Previous: +-

    GnuTLS has support for the FIPS 140-2 certification under Red Hat Enterprise Linux. +-See FIPS140-2 mode for more information. ++

    GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. ++See FIPS140-3 mode for more information. +

    +
    + +@@ -24725,7 +24725,7 @@ unusable. This function is not thread-s +

    gnutls_fips140_set_mode

    +
    +
    Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t mode, unsigned flags)
    +-

    mode: the FIPS140-2 mode to switch to ++

    mode: the FIPS140-3 mode to switch to +

    +

    flags: should be zero or GNUTLS_FIPS140_SET_MODE_THREAD +

    +@@ -24734,13 +24734,13 @@ unusable. This function is not thread-s + behavior with no flags after threads are created is undefined. +

    +

    When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified +-then this call will change the FIPS140-2 mode for this particular ++then this call will change the FIPS140-3 mode for this particular + thread and not for the whole process. That way an application + can utilize this function to set and reset mode for specific + operations. +

    +

    This function never fails but will be a no-op if used when +-the library is not in FIPS140-2 mode. When asked to switch to unknown ++the library is not in FIPS140-3 mode. When asked to switch to unknown + values for mode or to GNUTLS_FIPS140_SELFTESTS mode, the library + switches to GNUTLS_FIPS140_STRICT mode. +

    +@@ -47261,7 +47261,7 @@ Next: gnutls_fingerprintCore TLS API + gnutls_fips140_context_deinitCore TLS API + gnutls_fips140_context_initCore TLS API +-gnutls_fips140_get_operation_stateFIPS140-2 mode ++gnutls_fips140_get_operation_stateFIPS140-3 mode + gnutls_fips140_get_operation_stateCore TLS API + gnutls_fips140_mode_enabledCore TLS API + gnutls_fips140_pop_contextCore TLS API +Index: gnutls-3.8.11/doc/gnutls.info-3 +=================================================================== +--- gnutls-3.8.11.orig/doc/gnutls.info-3 ++++ gnutls-3.8.11/doc/gnutls.info-3 +@@ -2322,7 +2322,7 @@ to ‘more’. Both will exit with a st + --inline-commands-prefix=str Change the default delimiter for inline commands + --provider=file Specify the PKCS #11 provider library + - file must pre-exist +- --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library ++ --fips140-mode Reports the status of the FIPS140-3 mode in gnutls library + --list-config Reports the configuration of the library + --logfile=str Redirect informational messages to a specific file + --keymatexport=str Label used for exporting keying material +@@ -3472,7 +3472,7 @@ to know what happens inside the black bo + * TLS Hello Extension Handling:: + * Cryptographic Backend:: + * Random Number Generators-internals:: +-* FIPS140-2 mode:: ++* FIPS140-3 mode:: + +  + File: gnutls.info, Node: The TLS Protocol, Next: TLS Handshake Protocol, Up: Internal architecture of GnuTLS +@@ -3996,7 +3996,7 @@ and abstract key types::. + kernel implementation of ‘/dev/crypto’. + +  +-File: gnutls.info, Node: Random Number Generators-internals, Next: FIPS140-2 mode, Prev: Cryptographic Backend, Up: Internal architecture of GnuTLS ++File: gnutls.info, Node: Random Number Generators-internals, Next: FIPS140-3 mode, Prev: Cryptographic Backend, Up: Internal architecture of GnuTLS + + 11.6 Random Number Generators + ============================= +@@ -4006,7 +4006,7 @@ About the generators + + GnuTLS provides two random generators. The default, and the AES-DRBG + random generator which is only used when the library is compiled with +-support for FIPS140-2 and the system is in FIPS140-2 mode. ++support for FIPS140-3 and the system is in FIPS140-3 mode. + + The default generator - inner workings + -------------------------------------- +@@ -4237,7 +4237,7 @@ in *note Figure 11.5: gnutls_fips_mode_t + Figure 11.5: The ‘gnutls_fips_mode_t’ enumeration. + + The intention of this API is to be used by applications which may run in +-FIPS140-2 mode, while they utilize few algorithms not in the allowed ++FIPS140-3 mode, while they utilize few algorithms not in the allowed + set, e.g., for non-security related purposes. In these cases + applications should wrap the non-compliant code within blocks like the + following. +@@ -4261,10 +4261,10 @@ are macros to simplify the following seq + + The reason of the ‘GNUTLS_FIPS140_SET_MODE_THREAD’ flag in the previous + calls is to localize the change in the mode. Note also, that such a +-block has no effect when the library is not operating under FIPS140-2 ++block has no effect when the library is not operating under FIPS140-3 + mode, and thus it can be considered a no-op. + +-Applications could also switch FIPS140-2 mode explicitly off, by calling ++Applications could also switch FIPS140-3 mode explicitly off, by calling + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); + + Service indicator +@@ -4746,8 +4746,8 @@ There are certifications from national o + practices, such as unit testing and reliance on well known crypto + primitives. + +-GnuTLS has support for the FIPS 140-2 certification under Red Hat +-Enterprise Linux. See *note FIPS140-2 mode:: for more information. ++GnuTLS has support for the FIPS 140-3 certification under Red Hat ++Enterprise Linux. See *note FIPS140-3 mode:: for more information. + +  + File: gnutls.info, Node: Error codes, Next: Supported ciphersuites, Prev: Support, Up: Top +@@ -9267,7 +9267,7 @@ gnutls_fips140_set_mode + + -- Function: void gnutls_fips140_set_mode (gnutls_fips_mode_t MODE, + unsigned FLAGS) +- MODE: the FIPS140-2 mode to switch to ++ MODE: the FIPS140-3 mode to switch to + + FLAGS: should be zero or ‘GNUTLS_FIPS140_SET_MODE_THREAD’ + +Index: gnutls-3.8.11/doc/invoke-gnutls-cli.texi +=================================================================== +--- gnutls-3.8.11.orig/doc/invoke-gnutls-cli.texi ++++ gnutls-3.8.11/doc/invoke-gnutls-cli.texi +@@ -102,7 +102,7 @@ None: + --inline-commands-prefix=str Change the default delimiter for inline commands + --provider=file Specify the PKCS #11 provider library + - file must pre-exist +- --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library ++ --fips140-mode Reports the status of the FIPS140-3 mode in gnutls library + --list-config Reports the configuration of the library + --logfile=str Redirect informational messages to a specific file + --keymatexport=str Label used for exporting keying material +Index: gnutls-3.8.11/doc/manpages/gnutls-cli.1 +=================================================================== +--- gnutls-3.8.11.orig/doc/manpages/gnutls-cli.1 ++++ gnutls-3.8.11/doc/manpages/gnutls-cli.1 +@@ -398,7 +398,7 @@ Specify the PKCS #11 provider library. + This will override the default options in /etc/gnutls/pkcs11.conf + .TP + .NOP \f\*[B-Font]\-\-fips140\-mode\f[] +-Reports the status of the FIPS140-2 mode in gnutls library. ++Reports the status of the FIPS140-3 mode in gnutls library. + .sp + .TP + .NOP \f\*[B-Font]\-\-list\-config\f[] +Index: gnutls-3.8.11/doc/reference/html/gnutls-gnutls.html +=================================================================== +--- gnutls-3.8.11.orig/doc/reference/html/gnutls-gnutls.html ++++ gnutls-3.8.11/doc/reference/html/gnutls-gnutls.html +@@ -21079,12 +21079,12 @@ gnutls_fips140_set_mode (GNUTLS_FIPS140_SET_MODE_THREAD is specified +-then this call will change the FIPS140-2 mode for this particular ++then this call will change the FIPS140-3 mode for this particular + thread and not for the whole process. That way an application + can utilize this function to set and reset mode for specific + operations.

    +

    This function never fails but will be a no-op if used when +-the library is not in FIPS140-2 mode. When asked to switch to unknown ++the library is not in FIPS140-3 mode. When asked to switch to unknown + values for mode + or to GNUTLS_FIPS140_SELFTESTS mode, the library + switches to GNUTLS_FIPS140_STRICT mode.

    +@@ -21099,7 +21099,7 @@ switches to

    mode

    +-

    the FIPS140-2 mode to switch to

    ++

    the FIPS140-3 mode to switch to

    +   + + +@@ -26311,7 +26311,7 @@ encryption

    +
    +
    +

    enum gnutls_fips_mode_t

    +-

    Enumeration of different operational modes under FIPS140-2.

    ++

    Enumeration of different operational modes under FIPS140-3.

    +
    +

    Members

    +
    +@@ -26324,7 +26324,7 @@ encryption

    + + + + + +@@ -26347,8 +26347,8 @@ operation failure via error code.

    + + + +@@ -27988,4 +27988,4 @@ This is used by +
    Generated by GTK-Doc V1.34.0 + +- +\ No newline at end of file ++ +Index: gnutls-3.8.11/lib/fips.c +=================================================================== +--- gnutls-3.8.11.orig/lib/fips.c ++++ gnutls-3.8.11/lib/fips.c +@@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void) + } + + if (f1p != 0) { +- _gnutls_debug_log("FIPS140-2 mode enabled\n"); ++ _gnutls_debug_log("FIPS140-3 mode enabled\n"); + ret = GNUTLS_FIPS140_STRICT; + goto exit; + } +@@ -130,7 +130,7 @@ unsigned _gnutls_fips_mode_enabled(void) + if (f2p != 0) { + /* a funny state where self tests are performed + * and ignored */ +- _gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n"); ++ _gnutls_debug_log("FIPS140-3 ZOMBIE mode enabled\n"); + ret = GNUTLS_FIPS140_SELFTESTS; + goto exit; + } +@@ -730,7 +730,7 @@ unsigned gnutls_fips140_mode_enabled(voi + + /** + * gnutls_fips140_set_mode: +- * @mode: the FIPS140-2 mode to switch to ++ * @mode: the FIPS140-3 mode to switch to + * @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD + * + * That function is not thread-safe when changing the mode with no flags +@@ -738,13 +738,13 @@ unsigned gnutls_fips140_mode_enabled(voi + * behavior with no flags after threads are created is undefined. + * + * When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified +- * then this call will change the FIPS140-2 mode for this particular ++ * then this call will change the FIPS140-3 mode for this particular + * thread and not for the whole process. That way an application + * can utilize this function to set and reset mode for specific + * operations. + * + * This function never fails but will be a no-op if used when +- * the library is not in FIPS140-2 mode. When asked to switch to unknown ++ * the library is not in FIPS140-3 mode. When asked to switch to unknown + * values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library + * switches to %GNUTLS_FIPS140_STRICT mode. + * +@@ -756,10 +756,10 @@ void gnutls_fips140_set_mode(gnutls_fips + gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled(); + if (prev == GNUTLS_FIPS140_DISABLED || + prev == GNUTLS_FIPS140_SELFTESTS) { +- /* we need to run self-tests first to be in FIPS140-2 mode */ ++ /* we need to run self-tests first to be in FIPS140-3 mode */ + _gnutls_audit_log( + NULL, +- "The library should be initialized in FIPS140-2 mode to do that operation\n"); ++ "The library should be initialized in FIPS140-3 mode to do that operation\n"); + return; + } + +@@ -772,7 +772,7 @@ void gnutls_fips140_set_mode(gnutls_fips + case GNUTLS_FIPS140_SELFTESTS: + _gnutls_audit_log( + NULL, +- "Cannot switch library to FIPS140-2 self-tests mode; defaulting to strict\n"); ++ "Cannot switch library to FIPS140-3 self-tests mode; defaulting to strict\n"); + mode = GNUTLS_FIPS140_STRICT; + break; + default: +@@ -948,7 +948,7 @@ void _gnutls_switch_fips_state(gnutls_fi + } + + if (!_tfips_context) { +- _gnutls_debug_log("FIPS140-2 context is not set\n"); ++ _gnutls_debug_log("FIPS140-3 context is not set\n"); + return; + } + +@@ -962,7 +962,7 @@ void _gnutls_switch_fips_state(gnutls_fi + if (mode != GNUTLS_FIPS140_LAX) { + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode switched from initial to %s\n", ++ "FIPS140-3 operation mode switched from initial to %s\n", + operation_state_to_string(state)); + } + _tfips_context->state = state; +@@ -973,7 +973,7 @@ void _gnutls_switch_fips_state(gnutls_fi + if (mode != GNUTLS_FIPS140_LAX) { + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode switched from approved to %s\n", ++ "FIPS140-3 operation mode switched from approved to %s\n", + operation_state_to_string(state)); + } + _tfips_context->state = state; +@@ -985,7 +985,7 @@ void _gnutls_switch_fips_state(gnutls_fi + if (mode != GNUTLS_FIPS140_LAX) { + _gnutls_audit_log( + NULL, +- "FIPS140-2 operation mode cannot be switched from %s to %s\n", ++ "FIPS140-3 operation mode cannot be switched from %s to %s\n", + operation_state_to_string( + _tfips_context->state), + operation_state_to_string(state)); +@@ -1047,7 +1047,7 @@ int gnutls_fips140_run_self_tests(void) + ret < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + _gnutls_audit_log(NULL, +- "FIPS140-2 self testing part 2 failed\n"); ++ "FIPS140-3 self testing part 2 failed\n"); + } else { + /* Restore the previous library state */ + _gnutls_switch_lib_state(prev_lib_state); +@@ -1059,7 +1059,7 @@ int gnutls_fips140_run_self_tests(void) + if (gnutls_fips140_pop_context() < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + _gnutls_audit_log( +- NULL, "FIPS140-2 context restoration failed\n"); ++ NULL, "FIPS140-3 context restoration failed\n"); + } + gnutls_fips140_context_deinit(fips_context); + } +Index: gnutls-3.8.11/lib/fips.h +=================================================================== +--- gnutls-3.8.11.orig/lib/fips.h ++++ gnutls-3.8.11/lib/fips.h +@@ -164,7 +164,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci + } + + #ifdef ENABLE_FIPS140 +-/* This will test the condition when in FIPS140-2 mode ++/* This will test the condition when in FIPS140-3 mode + * and return an error if necessary or ignore */ + #define FIPS_RULE(condition, ret_error, ...) \ + { \ +@@ -174,10 +174,10 @@ is_cipher_algo_allowed_in_fips(gnutls_ci + if (_mode == GNUTLS_FIPS140_LOG) { \ + _gnutls_audit_log( \ + NULL, \ +- "fips140-2: allowing " __VA_ARGS__); \ ++ "fips140-3: allowing " __VA_ARGS__); \ + } else if (_mode != GNUTLS_FIPS140_LAX) { \ + _gnutls_debug_log( \ +- "fips140-2: disallowing " __VA_ARGS__); \ ++ "fips140-3: disallowing " __VA_ARGS__); \ + return ret_error; \ + } \ + } \ +@@ -192,7 +192,7 @@ inline static bool is_mac_algo_allowed(g + switch (mode) { + case GNUTLS_FIPS140_LOG: + _gnutls_audit_log(NULL, +- "fips140-2: allowing access to %s\n", ++ "fips140-3: allowing access to %s\n", + gnutls_mac_get_name(algo)); + FALLTHROUGH; + case GNUTLS_FIPS140_DISABLED: +@@ -214,7 +214,7 @@ inline static bool is_cipher_algo_allowe + switch (mode) { + case GNUTLS_FIPS140_LOG: + _gnutls_audit_log(NULL, +- "fips140-2: allowing access to %s\n", ++ "fips140-3: allowing access to %s\n", + gnutls_cipher_get_name(algo)); + FALLTHROUGH; + case GNUTLS_FIPS140_DISABLED: +Index: gnutls-3.8.11/lib/global.c +=================================================================== +--- gnutls-3.8.11.orig/lib/global.c ++++ gnutls-3.8.11/lib/global.c +@@ -359,12 +359,12 @@ static int _gnutls_global_init(unsigned + + #ifdef ENABLE_FIPS140 + res = _gnutls_fips_mode_enabled(); +- /* res == 1 -> fips140-2 mode enabled ++ /* res == 1 -> fips140-3 mode enabled + * res == 2 -> only self checks performed - but no failure + * res == not in fips140 mode + */ + if (res != 0) { +- _gnutls_debug_log("FIPS140-2 mode: %d\n", res); ++ _gnutls_debug_log("FIPS140-3 mode: %d\n", res); + _gnutls_priority_update_fips(); + + /* first round of self checks, these are done on the +@@ -374,7 +374,7 @@ static int _gnutls_global_init(unsigned + if (ret < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + _gnutls_audit_log( +- NULL, "FIPS140-2 self testing part1 failed\n"); ++ NULL, "FIPS140-3 self testing part1 failed\n"); + if (res != 2) { + gnutls_assert(); + goto out; +@@ -400,7 +400,7 @@ static int _gnutls_global_init(unsigned + if (ret < 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + _gnutls_audit_log( +- NULL, "FIPS140-2 self testing part 2 failed\n"); ++ NULL, "FIPS140-3 self testing part 2 failed\n"); + if (res != 2) { + gnutls_assert(); + goto out; +Index: gnutls-3.8.11/lib/includes/gnutls/gnutls.h.in +=================================================================== +--- gnutls-3.8.11.orig/lib/includes/gnutls/gnutls.h.in ++++ gnutls-3.8.11/lib/includes/gnutls/gnutls.h.in +@@ -3251,16 +3251,16 @@ typedef int (*gnutls_alert_read_func)(gn + void gnutls_alert_set_read_function(gnutls_session_t session, + gnutls_alert_read_func func); + +-/* FIPS140-2 related functions */ ++/* FIPS140-3 related functions */ + unsigned gnutls_fips140_mode_enabled(void); + + /** + * gnutls_fips_mode_t: +- * @GNUTLS_FIPS140_DISABLED: The FIPS140-2 mode is disabled. ++ * @GNUTLS_FIPS140_DISABLED: The FIPS140-3 mode is disabled. + * @GNUTLS_FIPS140_STRICT: The default mode; all forbidden operations will cause an + * operation failure via error code. +- * @GNUTLS_FIPS140_LAX: The library still uses the FIPS140-2 relevant algorithms but all +- * forbidden by FIPS140-2 operations are allowed; this is useful when the ++ * @GNUTLS_FIPS140_LAX: The library still uses the FIPS140-3 relevant algorithms but all ++ * forbidden by FIPS140-3 operations are allowed; this is useful when the + * application is aware of the followed security policy, and needs + * to utilize disallowed operations for other reasons (e.g., compatibility). + * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results +@@ -3268,7 +3268,7 @@ unsigned gnutls_fips140_mode_enabled(voi + * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state + * cannot be set or seen by applications. + * +- * Enumeration of different operational modes under FIPS140-2. ++ * Enumeration of different operational modes under FIPS140-3. + */ + typedef enum gnutls_fips_mode_t { + GNUTLS_FIPS140_DISABLED = 0, +Index: gnutls-3.8.11/src/cli.c +=================================================================== +--- gnutls-3.8.11.orig/src/cli.c ++++ gnutls-3.8.11/src/cli.c +@@ -1635,10 +1635,10 @@ static void cmd_parser(int argc, char ** + + if (HAVE_OPT(FIPS140_MODE)) { + if (gnutls_fips140_mode_enabled() != 0) { +- fprintf(stderr, "library is in FIPS140-2 mode\n"); ++ fprintf(stderr, "library is in FIPS140-3 mode\n"); + exit(0); + } +- fprintf(stderr, "library is NOT in FIPS140-2 mode\n"); ++ fprintf(stderr, "library is NOT in FIPS140-3 mode\n"); + exit(1); + } + +Index: gnutls-3.8.11/src/gnutls-cli-options.c +=================================================================== +--- gnutls-3.8.11.orig/src/gnutls-cli-options.c ++++ gnutls-3.8.11/src/gnutls-cli-options.c +@@ -843,7 +843,7 @@ usage (FILE *out, int status) + " --inline-commands-prefix=str Change the default delimiter for inline commands\n" + " --provider=file Specify the PKCS #11 provider library\n" + " - file must pre-exist\n" +- " --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library\n" ++ " --fips140-mode Reports the status of the FIPS140-3 mode in gnutls library\n" + " --list-config Reports the configuration of the library\n" + " --logfile=str Redirect informational messages to a specific file\n" + " --keymatexport=str Label used for exporting keying material\n" +Index: gnutls-3.8.11/tests/cert-tests/gost.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/gost.sh ++++ gnutls-3.8.11/tests/cert-tests/gost.sh +@@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs12-corner-cases.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs12-corner-cases.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs12-corner-cases.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs12-encode.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs12-encode.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs12-encode.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs12-gost.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs12-gost.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs12-gost.sh +@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs12.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs12.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs12.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs8-decode.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs8-decode.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs8-decode.sh +@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs8-eddsa.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs8-eddsa.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs8-eddsa.sh +@@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs8-gost.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs8-gost.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs8-gost.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cert-tests/pkcs8.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cert-tests/pkcs8.sh ++++ gnutls-3.8.11/tests/cert-tests/pkcs8.sh +@@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then + fi + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/cipher-listings.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/cipher-listings.sh ++++ gnutls-3.8.11/tests/cipher-listings.sh +@@ -63,7 +63,7 @@ check() + + ${CLI} --fips140-mode + if test $? = 0;then +- echo "Cannot run this test in FIPS140-2 mode" ++ echo "Cannot run this test in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/tests/testpkcs11.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/testpkcs11.sh ++++ gnutls-3.8.11/tests/testpkcs11.sh +@@ -26,7 +26,7 @@ + RETCODE=0 + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/doc/enums/gnutls_fips_mode_t +=================================================================== +--- gnutls-3.8.11.orig/doc/enums/gnutls_fips_mode_t ++++ gnutls-3.8.11/doc/enums/gnutls_fips_mode_t +@@ -3,7 +3,7 @@ + @c gnutls_fips_mode_t + @table @code + @item GNUTLS_@-FIPS140_@-DISABLED +-The FIPS140-2 mode is disabled. ++The FIPS140-3 mode is disabled. + @item GNUTLS_@-FIPS140_@-STRICT + The default mode; all forbidden operations will cause an + operation failure via error code. +@@ -11,8 +11,8 @@ operation failure via error code. + A transient state during library initialization. That state + cannot be set or seen by applications. + @item GNUTLS_@-FIPS140_@-LAX +-The library still uses the FIPS140-2 relevant algorithms but all +-forbidden by FIPS140-2 operations are allowed; this is useful when the ++The library still uses the FIPS140-3 relevant algorithms but all ++forbidden by FIPS140-3 operations are allowed; this is useful when the + application is aware of the followed security policy, and needs + to utilize disallowed operations for other reasons (e.g., compatibility). + @item GNUTLS_@-FIPS140_@-LOG +Index: gnutls-3.8.11/doc/gnutls-api.texi +=================================================================== +--- gnutls-3.8.11.orig/doc/gnutls-api.texi ++++ gnutls-3.8.11/doc/gnutls-api.texi +@@ -3319,7 +3319,7 @@ unusable. This function is not thread-s + @subheading gnutls_fips140_set_mode + @anchor{gnutls_fips140_set_mode} + @deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) +-@var{mode}: the FIPS140-2 mode to switch to ++@var{mode}: the FIPS140-3 mode to switch to + + @var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD} + +@@ -3328,13 +3328,13 @@ That function is not thread-safe when ch + behavior with no flags after threads are created is undefined. + + When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified +-then this call will change the FIPS140-2 mode for this particular ++then this call will change the FIPS140-3 mode for this particular + thread and not for the whole process. That way an application + can utilize this function to set and reset mode for specific + operations. + + This function never fails but will be a no-op if used when +-the library is not in FIPS140-2 mode. When asked to switch to unknown ++the library is not in FIPS140-3 mode. When asked to switch to unknown + values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library + switches to @code{GNUTLS_FIPS140_STRICT} mode. + +Index: gnutls-3.8.11/lib/ext/session_ticket.c +=================================================================== +--- gnutls-3.8.11.orig/lib/ext/session_ticket.c ++++ gnutls-3.8.11/lib/ext/session_ticket.c +@@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g + { + if (_gnutls_fips_mode_enabled()) { + int ret; +- /* in FIPS140-2 mode gnutls_key_generate imposes ++ /* in FIPS140-3 mode gnutls_key_generate imposes + * some limits on allowed key size, thus it is not + * used. These limits do not affect this function as + * it does not generate a "key" but rather key material +Index: gnutls-3.8.11/lib/libgnutls.map +=================================================================== +--- gnutls-3.8.11.orig/lib/libgnutls.map ++++ gnutls-3.8.11/lib/libgnutls.map +@@ -1473,7 +1473,7 @@ GNUTLS_FIPS140_3_4 { + gnutls_hkdf_self_test; + gnutls_pbkdf2_self_test; + gnutls_tlsprf_self_test; +- #for FIPS140-2 validation ++ #for FIPS140-3 validation + drbg_aes_reseed; + drbg_aes_init; + drbg_aes_generate; +Index: gnutls-3.8.11/lib/nettle/mac.c +=================================================================== +--- gnutls-3.8.11.orig/lib/nettle/mac.c ++++ gnutls-3.8.11/lib/nettle/mac.c +@@ -292,7 +292,7 @@ static void _wrap_gmac_digest(void *_ctx + static int _mac_ctx_init(gnutls_mac_algorithm_t algo, + struct nettle_mac_ctx *ctx) + { +- /* Any FIPS140-2 related enforcement is performed on ++ /* Any FIPS140-3 related enforcement is performed on + * gnutls_hash_init() and gnutls_hmac_init() */ + + ctx->set_nonce = NULL; +@@ -688,7 +688,7 @@ static void _md5_sha1_init(void *_ctx) + static int _ctx_init(gnutls_digest_algorithm_t algo, + struct nettle_hash_ctx *ctx) + { +- /* Any FIPS140-2 related enforcement is performed on ++ /* Any FIPS140-3 related enforcement is performed on + * gnutls_hash_init() and gnutls_hmac_init() */ + + ctx->finished = NULL; +Index: gnutls-3.8.11/config.h.in +=================================================================== +--- gnutls-3.8.11.orig/config.h.in ++++ gnutls-3.8.11/config.h.in +@@ -107,7 +107,7 @@ + /* enable DHE */ + #undef ENABLE_ECDHE + +-/* Enable FIPS140-2 mode */ ++/* Enable FIPS140-3 mode */ + #undef ENABLE_FIPS140 + + /* enable GOST */ +@@ -150,7 +150,7 @@ + /* Define this to 1 if F_DUPFD behavior does not match POSIX */ + #undef FCNTL_DUPFD_BUGGY + +-/* The FIPS140-2 integrity key */ ++/* The FIPS140-3 integrity key */ + #undef FIPS_KEY + + /* The FIPS140 module name */ +Index: gnutls-3.8.11/configure +=================================================================== +--- gnutls-3.8.11.orig/configure ++++ gnutls-3.8.11/configure +@@ -4501,7 +4501,7 @@ Optional Features: + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. + --disable-libtool-lock avoid locking (might break parallel builds) +- --enable-fips140-mode enable FIPS140-2 mode ++ --enable-fips140-mode enable FIPS140-3 mode + --enable-strict-x509 enable stricter sanity checks for x509 certificates + --disable-non-suiteb-curves + disable curves not in SuiteB +Index: gnutls-3.8.11/doc/cha-support.texi +=================================================================== +--- gnutls-3.8.11.orig/doc/cha-support.texi ++++ gnutls-3.8.11/doc/cha-support.texi +@@ -134,5 +134,5 @@ There are certifications from national o + to an auditor that the crypto component follows some best practices, such + as unit testing and reliance on well known crypto primitives. + +-GnuTLS has support for the FIPS 140-2 certification under Red Hat Enterprise Linux. +-See @ref{FIPS140-2 mode} for more information. ++GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. ++See @ref{FIPS140-3 mode} for more information. +Index: gnutls-3.8.11/src/gnutls-cli-options.json +=================================================================== +--- gnutls-3.8.11.orig/src/gnutls-cli-options.json ++++ gnutls-3.8.11/src/gnutls-cli-options.json +@@ -384,7 +384,7 @@ + }, + { + "long-option": "fips140-mode", +- "description": "Reports the status of the FIPS140-2 mode in gnutls library" ++ "description": "Reports the status of the FIPS140-3 mode in gnutls library" + }, + { + "long-option": "list-config", +Index: gnutls-3.8.11/tests/pkcs11-tool.sh +=================================================================== +--- gnutls-3.8.11.orig/tests/pkcs11-tool.sh ++++ gnutls-3.8.11/tests/pkcs11-tool.sh +@@ -30,7 +30,7 @@ set -x + : ${DIFF=diff} + + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then +- echo "Cannot run in FIPS140-2 mode" ++ echo "Cannot run in FIPS140-3 mode" + exit 77 + fi + +Index: gnutls-3.8.11/doc/manpages/gnutls_fips140_set_mode.3 +=================================================================== +--- gnutls-3.8.11.orig/doc/manpages/gnutls_fips140_set_mode.3 ++++ gnutls-3.8.11/doc/manpages/gnutls_fips140_set_mode.3 +@@ -8,7 +8,7 @@ gnutls_fips140_set_mode \- API function + .BI "void gnutls_fips140_set_mode(gnutls_fips_mode_t " mode ", unsigned " flags ");" + .SH ARGUMENTS + .IP "gnutls_fips_mode_t mode" 12 +-the FIPS140\-2 mode to switch to ++the FIPS140\-3 mode to switch to + .IP "unsigned flags" 12 + should be zero or \fBGNUTLS_FIPS140_SET_MODE_THREAD\fP + .SH "DESCRIPTION" +@@ -17,13 +17,13 @@ That function is not thread\-safe when c + behavior with no flags after threads are created is undefined. + + When the flag \fBGNUTLS_FIPS140_SET_MODE_THREAD\fP is specified +-then this call will change the FIPS140\-2 mode for this particular ++then this call will change the FIPS140\-3 mode for this particular + thread and not for the whole process. That way an application + can utilize this function to set and reset mode for specific + operations. + + This function never fails but will be a no\-op if used when +-the library is not in FIPS140\-2 mode. When asked to switch to unknown ++the library is not in FIPS140\-3 mode. When asked to switch to unknown + values for \fImode\fP or to \fBGNUTLS_FIPS140_SELFTESTS\fP mode, the library + switches to \fBGNUTLS_FIPS140_STRICT\fP mode. + .SH "SINCE" +Index: gnutls-3.8.11/doc/gnutls.info +=================================================================== +--- gnutls-3.8.11.orig/doc/gnutls.info ++++ gnutls-3.8.11/doc/gnutls.info +@@ -624,7 +624,7 @@ Ref: fig-crypto-layers747098 + Ref: Cryptographic Backend-Footnote-1750404 + Ref: Cryptographic Backend-Footnote-2750489 + Node: Random Number Generators-internals750601 +-Node: FIPS140-2 mode758057 ++Node: FIPS140-3 mode758057 + Ref: gnutls_fips_mode_t760721 + Node: Upgrading from previous versions764389 + Node: Support778627 diff --git a/gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch b/gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch new file mode 100644 index 0000000..396af26 --- /dev/null +++ b/gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch @@ -0,0 +1,184 @@ +Index: gnutls-3.8.11/lib/fips.c +=================================================================== +--- gnutls-3.8.11.orig/lib/fips.c ++++ gnutls-3.8.11/lib/fips.c +@@ -268,6 +268,29 @@ static int handler(void *user, const cha + return 1; + } + ++ ++/* In case of x86_64-v3 optmizations, names might differ in version numbers. ++ * @mac_file: buffer where the hmac file path will be written to ++ * @lib_path: path to the dependent library, used to deduce hmac file path ++ * @file_name: The file name of the library ++ */ ++ static void get_hwcaps_lib_hmac_path(char *mac_file, const char *lib_path, char *file_name) { ++ // Cut name short if more than SOVER is present ++ char *soname = strstr(file_name, ".so."); ++ char correct_ext[256]; ++ memset(correct_ext, 0x0, 256); ++ soname += strlen(".so."); ++ for (uint32_t i = 0; i < strlen(soname); i++) { ++ if (soname[i] == '.') { ++ int proper_len = soname - file_name + i; ++ strncpy(correct_ext, file_name, proper_len); ++ snprintf(mac_file, 256, "%.*s/.%.*s.hmac", ++ (int)(file_name-lib_path),lib_path,proper_len,correct_ext); ++ break; ++ } ++ } ++} ++ + /* + * get_hmac_path: + * @mac_file: buffer where the hmac file path will be written to +@@ -300,6 +323,13 @@ static int get_hmac_path(char *mac_file, + if (ret == 0) + return GNUTLS_E_SUCCESS; + ++ if (strstr(gnutls_path, "glibc-hwcaps")) { ++ get_hwcaps_lib_hmac_path(mac_file, gnutls_path, p + 1); ++ ret = _gnutls_file_exists(mac_file); ++ if (ret == 0) ++ return GNUTLS_E_SUCCESS; ++ } ++ + if (p == NULL) + ret = snprintf(mac_file, mac_file_size, "fipscheck/.%s.hmac", + gnutls_path); +@@ -349,11 +379,90 @@ static int load_hmac_file(struct hmac_fi + } + + /* ++ * check_dep_lib_hmac: ++ * @path: path to the library which hmac should be compared ++ * ++ * Verify that HMAC of a given library matches the hmac in the file ++ * provided by the library, named: ..so..hmac. ++ * ++ * Returns: 0 on successful HMAC verification, a negative error code otherwise ++ */ ++static int check_dep_lib_hmac(const char *path) ++{ ++ int ret; ++ unsigned prev; ++ uint8_t hmac[HMAC_SIZE]; ++ gnutls_datum_t data; ++ char hmac_path[GNUTLS_PATH_MAX]; ++ uint8_t lib_hmac[HMAC_SIZE]; ++ size_t lib_hmac_size; ++ ++ _gnutls_debug_log("Loading: %s\n", path); ++ ret = gnutls_load_file(path, &data); ++ if (ret < 0) { ++ _gnutls_debug_log("Could not load %s: %s\n", path, ++ gnutls_strerror(ret)); ++ return gnutls_assert_val(ret); ++ } ++ ++ prev = _gnutls_get_lib_state(); ++ _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL); ++ ret = gnutls_hmac_fast(HMAC_ALGO, FIPS_KEY, sizeof(FIPS_KEY) - 1, ++ data.data, data.size, hmac); ++ _gnutls_switch_lib_state(prev); ++ ++ gnutls_free(data.data); ++ if (ret < 0) { ++ _gnutls_debug_log("Could not calculate HMAC for %s: %s\n", path, ++ gnutls_strerror(ret)); ++ return gnutls_assert_val(ret); ++ } ++ ++ /* Check now the integrity of the hmac provided by the library */ ++ ret = get_hmac_path(hmac_path, sizeof(hmac_path), path); ++ if (ret < 0) { ++ _gnutls_debug_log("Could not get hmac file path: %s\n", ++ gnutls_strerror(ret)); ++ return ret; ++ } ++ _gnutls_debug_log("Loading: %s\n", hmac_path); ++ ret = gnutls_load_file(hmac_path, &data); ++ if (ret < 0) { ++ _gnutls_debug_log("Could not load %s: %s\n", hmac_path, ++ gnutls_strerror(ret)); ++ return gnutls_assert_val(ret); ++ } ++ lib_hmac_size = hex_data_size(data.size); ++ /* trim eventual newlines from the end of the data read from file */ ++ while ((data.size > 0) && (data.data[data.size - 1] == '\n')) { ++ data.data[data.size - 1] = 0; ++ data.size--; ++ } ++ ret = gnutls_hex_decode(&data, lib_hmac, &lib_hmac_size); ++ gnutls_free(data.data); ++ if (ret < 0) { ++ _gnutls_debug_log("Could not hex decode hmac\n"); ++ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR); ++ } ++ ret = gnutls_memcmp(lib_hmac, hmac, HMAC_SIZE); ++ if (ret){ ++ _gnutls_debug_log("Calculated MAC for %s does not match\n", ++ path); ++ gnutls_memset(hmac, 0, HMAC_SIZE); ++ gnutls_memset(lib_hmac, 0, HMAC_SIZE); ++ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR); ++ } ++ _gnutls_debug_log("Successfully verified MAC for %s\n", path); ++ gnutls_memset(hmac, 0, HMAC_SIZE); ++ return 0; ++} ++ ++/* + * check_lib_hmac: + * @entry: hmac file entry + * @path: path to the library which hmac should be compared + * +- * Verify that HMAC from hmac file entry matches HMAC of given library. ++ * Verify that HMAC from hmac file entry matches HMAC of gnutls library. + * + * Returns: 0 on successful HMAC verification, a negative error code otherwise + */ +@@ -405,18 +514,18 @@ static int callback(struct dl_phdr_info + const char *soname = last_component(path); + struct lib_paths *paths = (struct lib_paths *)data; + +- if (!strcmp(soname, GNUTLS_LIBRARY_SONAME)) ++ if (!strncmp(soname, GNUTLS_LIBRARY_SONAME, strlen(GNUTLS_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path); + #ifdef NETTLE_LIBRARY_SONAME +- else if (!strcmp(soname, NETTLE_LIBRARY_SONAME)) ++ else if (!strncmp(soname, NETTLE_LIBRARY_SONAME, strlen(NETTLE_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path); + #endif + #ifdef HOGWEED_LIBRARY_SONAME +- else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) ++ else if (!strncmp(soname, HOGWEED_LIBRARY_SONAME, strlen(HOGWEED_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path); + #endif + #ifdef GMP_LIBRARY_SONAME +- else if (!strcmp(soname, GMP_LIBRARY_SONAME)) ++ else if (!strncmp(soname, GMP_LIBRARY_SONAME, strlen(GMP_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path); + #endif + return 0; +@@ -496,17 +605,17 @@ static int check_binary_integrity(void) + if (ret < 0) + return ret; + #ifdef NETTLE_LIBRARY_SONAME +- ret = check_lib_hmac(&hmac.nettle, paths.nettle); ++ ret = check_dep_lib_hmac(paths.nettle); + if (ret < 0) + return ret; + #endif + #ifdef HOGWEED_LIBRARY_SONAME +- ret = check_lib_hmac(&hmac.hogweed, paths.hogweed); ++ ret = check_dep_lib_hmac(paths.hogweed); + if (ret < 0) + return ret; + #endif + #ifdef GMP_LIBRARY_SONAME +- ret = check_lib_hmac(&hmac.gmp, paths.gmp); ++ ret = check_dep_lib_hmac(paths.gmp); + if (ret < 0) + return ret; + #endif diff --git a/gnutls-FIPS-HMAC-x86_64-v3-opt.patch b/gnutls-FIPS-HMAC-x86_64-v3-opt.patch new file mode 100644 index 0000000..8644ab7 --- /dev/null +++ b/gnutls-FIPS-HMAC-x86_64-v3-opt.patch @@ -0,0 +1,47 @@ +Index: gnutls-3.8.9/lib/fips.c +=================================================================== +--- gnutls-3.8.9.orig/lib/fips.c ++++ gnutls-3.8.9/lib/fips.c +@@ -268,6 +268,28 @@ static int handler(void *user, const cha + return 1; + } + ++ ++/* In case of x86_64-v3 optmizations, names might differ in version numbers. ++ * @mac_file: buffer where the hmac file path will be written to ++ * @lib_path: path to the dependent library, used to deduce hmac file path ++ * @file_name: The file name of the library ++ */ ++ static void get_hwcaps_lib_hmac_path(char *mac_file, const char *lib_path, char *file_name) { ++ // Cut name short if more than SOVER is present ++ char *soname = strstr(file_name, ".so."); ++ char correct_ext[256]; ++ memset(correct_ext, 0x0, 256); ++ soname += strlen(".so."); ++ for (uint32_t i = 0; i < strlen(soname); i++) { ++ if (soname[i] == '.') { ++ int proper_len = soname - file_name + i; ++ strncpy(correct_ext, file_name, proper_len); ++ snprintf(mac_file, 256, "%.*s/.%.*s.hmac", (int)(file_name-lib_path),lib_path,proper_len,correct_ext); ++ break; ++ } ++ } ++} ++ + /* + * get_hmac_path: + * @mac_file: buffer where the hmac file path will be written to +@@ -300,6 +322,13 @@ static int get_hmac_path(char *mac_file, + if (ret == 0) + return GNUTLS_E_SUCCESS; + ++ if (strstr(gnutls_path, "glibc-hwcaps")) { ++ get_hwcaps_lib_hmac_path(mac_file, gnutls_path, p + 1); ++ ret = _gnutls_file_exists(mac_file); ++ if (ret == 0) ++ return GNUTLS_E_SUCCESS; ++ } ++ + if (p == NULL) + ret = snprintf(mac_file, mac_file_size, "fipscheck/.%s.hmac", + gnutls_path); diff --git a/gnutls-FIPS-TLS_KDF_selftest.patch b/gnutls-FIPS-TLS_KDF_selftest.patch new file mode 100644 index 0000000..9cddf4f --- /dev/null +++ b/gnutls-FIPS-TLS_KDF_selftest.patch @@ -0,0 +1,31 @@ +Index: gnutls-3.8.11/lib/fips.c +=================================================================== +--- gnutls-3.8.11.orig/lib/fips.c ++++ gnutls-3.8.11/lib/fips.c +@@ -608,6 +608,26 @@ int _gnutls_fips_perform_self_checks2(vo + return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); + } + ++ /* KDF */ ++ ++ char derived[512]; ++ ++ gnutls_datum_t secret = { (void *)"\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8\x6f\x4a", 16 }; ++ gnutls_datum_t seed = { (void *)"\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60\x1d\x8b", 16 }; ++ gnutls_datum_t label = { (void *)"test label", 10 }; ++ gnutls_datum_t expected = { (void *)"\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97\x9e\x1d", 16 }; ++ ++ ret = _gnutls_prf_raw(GNUTLS_MAC_SHA256, secret.size, secret.data, ++ label.size, (char*)label.data, seed.size, seed.data, expected.size, derived); ++ if (ret < 0) { ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ ++ ret = memcmp(derived, expected.data, expected.size); ++ if (ret != 0) { ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ + /* PK */ + ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS); + if (ret < 0) { diff --git a/gnutls-FIPS-disable-mac-sha1.patch b/gnutls-FIPS-disable-mac-sha1.patch new file mode 100644 index 0000000..f17bfd6 --- /dev/null +++ b/gnutls-FIPS-disable-mac-sha1.patch @@ -0,0 +1,181 @@ +commit c4eba74d4745e3a97b443abae1431658a826d2eb +Author: Angel Yankov +Date: Thu Nov 28 11:02:07 2024 +0200 + + SHA-1 is not allowed in FIPS-140-3 anymore after 2030. Mark it as + unapproved + + Signed-off-by: Angel Yankov + +Index: gnutls-3.8.10/lib/crypto-api.c +=================================================================== +--- gnutls-3.8.10.orig/lib/crypto-api.c ++++ gnutls-3.8.10/lib/crypto-api.c +@@ -33,6 +33,7 @@ + #include "crypto-api.h" + #include "iov.h" + #include "intprops.h" ++#include + + typedef struct api_cipher_hd_st { + cipher_hd_st ctx_enc; +@@ -597,7 +598,9 @@ int gnutls_hmac_init(gnutls_hmac_hd_t *d + bool not_approved = false; + + /* MD5 is only allowed internally for TLS */ +- if (!is_mac_algo_allowed(algorithm)) { ++ if (algorithm == GNUTLS_MAC_SHA1) ++ not_approved = true; ++ else if (!is_mac_algo_allowed(algorithm)) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + } else if (!is_mac_algo_approved_in_fips(algorithm)) { +@@ -757,8 +760,9 @@ int gnutls_hmac_fast(gnutls_mac_algorith + { + int ret; + bool not_approved = false; +- +- if (!is_mac_algo_allowed(algorithm)) { ++ if (algorithm == GNUTLS_MAC_SHA1) ++ not_approved = true; ++ else if (!is_mac_algo_allowed(algorithm)) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + } else if (!is_mac_algo_approved_in_fips(algorithm)) { +@@ -839,8 +843,9 @@ int gnutls_hash_init(gnutls_hash_hd_t *d + { + int ret; + bool not_approved = false; +- +- if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) { ++ if (algorithm == GNUTLS_MAC_SHA1) ++ not_approved = true; ++ else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + } else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) { +@@ -957,8 +962,9 @@ int gnutls_hash_fast(gnutls_digest_algor + { + int ret; + bool not_approved = false; +- +- if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) { ++ if (algorithm == GNUTLS_MAC_SHA1) ++ not_approved = true; ++ else if (!is_mac_algo_allowed(DIG_TO_MAC(algorithm))) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + } else if (!is_mac_algo_approved_in_fips(DIG_TO_MAC(algorithm))) { +@@ -2173,7 +2179,9 @@ int gnutls_pbkdf2(gnutls_mac_algorithm_t + bool not_approved = false; + + /* MD5 is only allowed internally for TLS */ +- if (!is_mac_algo_allowed(mac)) { ++ if (mac == GNUTLS_MAC_SHA1) ++ not_approved = true; ++ else if (!is_mac_algo_allowed(mac)) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + } else if (!is_mac_algo_hmac_approved_in_fips(mac)) { +Index: gnutls-3.8.10/lib/crypto-selftests.c +=================================================================== +--- gnutls-3.8.10.orig/lib/crypto-selftests.c ++++ gnutls-3.8.10/lib/crypto-selftests.c +@@ -2891,7 +2891,7 @@ int gnutls_mac_self_test(unsigned flags, + case GNUTLS_MAC_UNKNOWN: + NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); + FALLTHROUGH; +- CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors); ++ NON_FIPS_CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors); + FALLTHROUGH; + CASE(GNUTLS_MAC_SHA224, test_mac, hmac_sha224_vectors); + FALLTHROUGH; +Index: gnutls-3.8.10/lib/fips.h +=================================================================== +--- gnutls-3.8.10.orig/lib/fips.h ++++ gnutls-3.8.10/lib/fips.h +@@ -79,7 +79,6 @@ inline static bool + is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo) + { + switch (algo) { +- case GNUTLS_MAC_SHA1: + case GNUTLS_MAC_SHA256: + case GNUTLS_MAC_SHA384: + case GNUTLS_MAC_SHA512: +Index: gnutls-3.8.10/tests/fips-test.c +=================================================================== +--- gnutls-3.8.10.orig/tests/fips-test.c ++++ gnutls-3.8.10/tests/fips-test.c +@@ -397,11 +397,12 @@ void doit(void) + } + FIPS_POP_CONTEXT(ERROR); + ++ FIPS_PUSH_CONTEXT(); + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); + if (ret < 0) { +- fail("gnutls_hmac_init failed\n"); ++ fail("gnutls_hmac_init failed for sha1\n"); + } +- gnutls_hmac_deinit(mh, NULL); ++ FIPS_POP_CONTEXT(NOT_APPROVED); + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size); + if (ret != GNUTLS_E_UNWANTED_ALGORITHM) { +@@ -736,7 +737,7 @@ void doit(void) + } + hashed_data.data = hash; + hashed_data.size = 20; +- FIPS_POP_CONTEXT(APPROVED); ++ FIPS_POP_CONTEXT(NOT_APPROVED); + + /* Create a signature with ECDSA and SHA1 (2-pass API); not-approved */ + FIPS_PUSH_CONTEXT(); +Index: gnutls-3.8.10/tests/gnutls_hmac_fast.c +=================================================================== +--- gnutls-3.8.10.orig/tests/gnutls_hmac_fast.c ++++ gnutls-3.8.10/tests/gnutls_hmac_fast.c +@@ -42,6 +42,11 @@ void doit(void) + if (debug) + gnutls_global_set_log_level(4711); + ++ /* enable MD5 and SHA1 usage */ ++ if (gnutls_fips140_mode_enabled()) { ++ gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0); ++ } ++ + err = gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8, + digest); + if (err < 0) +@@ -59,11 +64,6 @@ void doit(void) + } + } + +- /* enable MD5 usage */ +- if (gnutls_fips140_mode_enabled()) { +- gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0); +- } +- + err = gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8, + digest); + if (err < 0) +Index: gnutls-3.8.10/tests/kdf-api.c +=================================================================== +--- gnutls-3.8.10.orig/tests/kdf-api.c ++++ gnutls-3.8.10/tests/kdf-api.c +@@ -108,7 +108,6 @@ inline static bool + is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo) + { + switch (algo) { +- case GNUTLS_MAC_SHA1: + case GNUTLS_MAC_SHA256: + case GNUTLS_MAC_SHA384: + case GNUTLS_MAC_SHA512: +@@ -145,7 +144,7 @@ static void test_pbkdf2(gnutls_mac_algor + assert(gnutls_hex_decode2(&hex, &salt) >= 0); + + fips_push_context(fips_context); +- assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0); ++ gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length); + fips_pop_context(fips_context, expected_state); + gnutls_free(ikm.data); + gnutls_free(salt.data); diff --git a/gnutls-FIPS-jitterentropy-deinit-threads.patch b/gnutls-FIPS-jitterentropy-deinit-threads.patch new file mode 100644 index 0000000..bc193e9 --- /dev/null +++ b/gnutls-FIPS-jitterentropy-deinit-threads.patch @@ -0,0 +1,34 @@ +Index: gnutls-3.8.4/lib/state.c +=================================================================== +--- gnutls-3.8.4.orig/lib/state.c ++++ gnutls-3.8.4/lib/state.c +@@ -830,6 +830,12 @@ void gnutls_deinit(gnutls_session_t sess + gnutls_mutex_deinit(&session->internals.post_negotiation_lock); + gnutls_mutex_deinit(&session->internals.epoch_lock); + ++#if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++ _rnd_system_entropy_deinit(); ++# endif ++#endif ++ + gnutls_free(session); + } + +Index: gnutls-3.8.4/lib/nettle/rnd.c +=================================================================== +--- gnutls-3.8.4.orig/lib/nettle/rnd.c ++++ gnutls-3.8.4/lib/nettle/rnd.c +@@ -79,6 +79,12 @@ struct generators_ctx_st { + + static void wrap_nettle_rnd_deinit(void *_ctx) + { ++#if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++ _rnd_system_entropy_deinit(); ++# endif ++#endif ++ + gnutls_free(_ctx); + } + diff --git a/gnutls-FIPS-jitterentropy.patch b/gnutls-FIPS-jitterentropy.patch new file mode 100644 index 0000000..2b5dd6d --- /dev/null +++ b/gnutls-FIPS-jitterentropy.patch @@ -0,0 +1,259 @@ +Index: gnutls-3.8.11/lib/nettle/sysrng-linux.c +=================================================================== +--- gnutls-3.8.11.orig/lib/nettle/sysrng-linux.c ++++ gnutls-3.8.11/lib/nettle/sysrng-linux.c +@@ -49,6 +49,15 @@ + get_entropy_func _rnd_get_system_entropy = NULL; + + #if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++# define HAVE_JENT ++# include ++/* Per thread context of random generator, and a flag to indicate initialization */ ++static _Thread_local struct rand_data* ec = NULL; ++static _Thread_local int jent_initialized = 0; ++/* Declare function to fix a missing-prototypes compilation warning */ ++void FIPS_jent_entropy_deinit(void); ++# endif + #ifdef HAVE_GETRANDOM + #include + #else +@@ -68,6 +77,101 @@ static ssize_t _getrandom0(void *buf, si + #endif + #endif + ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) ++/* check whether the CPU Jitter entropy collector is available. */ ++static unsigned FIPS_jent_entropy_init(void) ++{ ++ unsigned int rv = 1; ++ unsigned int osr = 1; /* Oversampling rate */ ++ unsigned int flags = 0; /* JENT_FORCE_FIPS ++ * JENT_DISABLE_MEMORY_ACCESS ++ * JENT_DISABLE_INTERNAL_TIMER ++ * JENT_FORCE_INTERNAL_TIMER ++ * JENT_MAX_MEMSIZE_{32,64,128,256,512}kB ++ * JENT_MAX_MEMSIZE_{1,2,4,8,16,32,64,128,256,512}MB ++ */ ++ ++ /* Set the FIPS flag. */ ++ flags |= JENT_FORCE_FIPS; ++ ++ /* Do not re-initialize jent. */ ++ if (jent_initialized == 0) { ++ if (jent_entropy_init_ex(osr, flags)) ++ return 0; ++ jent_initialized = 1; ++ } ++ ++ /* Allocate the entropy collector. */ ++ if (ec == NULL) { ++ ec = jent_entropy_collector_alloc(osr, flags); ++ if (ec == NULL) { ++ rv = 0; ++ } ++ } ++ ++ return rv; ++} ++ ++void FIPS_jent_entropy_deinit(void) ++{ ++ /* Free the entropy collector. */ ++ if (ec != NULL) { ++ jent_entropy_collector_free(ec); ++ ec = NULL; ++ } ++ ++ jent_initialized = 0; ++ ++ return; ++} ++ ++/* returns exactly the amount of bytes requested */ ++static int force_jent(void *buf, size_t buflen, unsigned int flags, ++ unsigned int osr) ++{ ++ static int jent_bytes = -1; ++ ++ if (buf == NULL || buflen == 0) { ++ return -1; ++ } ++ ++ /* Ensure the entropy source has been fully initiated. */ ++ if (jent_initialized == 0 || ec == NULL) { ++ if (!FIPS_jent_entropy_init()) { ++ return -1; ++ } ++ } ++ ++ /* Get entropy bytes. */ ++ jent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen); ++ ++ return jent_bytes; ++} ++ ++static int _rnd_get_system_entropy_jent(void* _rnd, size_t size) ++{ ++ int ret; ++ unsigned int osr = 1; ++ unsigned int flags = 0; ++ ++ /* Set the FIPS flag. */ ++ flags |= JENT_FORCE_FIPS; ++ ++ ret = force_jent(_rnd, size, flags, osr); ++ if (ret < 0) { ++ int e = errno; ++ gnutls_assert(); ++ _gnutls_debug_log("Failed to use jent: %s\n", strerror(e)); ++ FIPS_jent_entropy_deinit(); ++ return GNUTLS_E_RANDOM_DEVICE_ERROR; ++ } ++ ++ return 0; ++} ++# endif ++# endif ++ + static unsigned have_getrandom(void) + { + char c; +@@ -163,6 +267,24 @@ int _rnd_system_entropy_init(void) + int urandom_fd; + + #if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) ++ /* Enable jitterentropy usage if available */ ++ if (FIPS_jent_entropy_init()) { ++ _rnd_get_system_entropy = _rnd_get_system_entropy_jent; ++ _gnutls_debug_log("jitterentropy random generator was selected\n"); ++ return 0; ++ } else { ++ _gnutls_debug_log("jitterentropy is not available\n"); ++ /* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */ ++ if (_gnutls_fips_mode_enabled()) { ++ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); ++ _gnutls_switch_lib_state(LIB_STATE_ERROR); ++ return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR); ++ } ++ } ++# endif ++# endif + /* Enable getrandom() usage if available */ + if (have_getrandom()) { + _rnd_get_system_entropy = _rnd_get_system_entropy_getrandom; +@@ -193,5 +315,12 @@ int _rnd_system_entropy_init(void) + void _rnd_system_entropy_deinit(void) + { + /* A no-op now when we open and close /dev/urandom every time */ ++#if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++# if defined(HAVE_JENT) ++ FIPS_jent_entropy_deinit(); ++# endif ++# endif ++#endif + return; + } +Index: gnutls-3.8.11/lib/nettle/Makefile.in +=================================================================== +--- gnutls-3.8.11.orig/lib/nettle/Makefile.in ++++ gnutls-3.8.11/lib/nettle/Makefile.in +@@ -522,7 +522,7 @@ am__v_CC_1 = + CCLD = $(CC) + LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +- $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++ $(AM_LDFLAGS) $(LDFLAGS) -ljitterentropy -o $@ + AM_V_CCLD = $(am__v_CCLD_@AM_V@) + am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) + am__v_CCLD_0 = @echo " CCLD " $@; +Index: gnutls-3.8.11/lib/nettle/Makefile.am +=================================================================== +--- gnutls-3.8.11.orig/lib/nettle/Makefile.am ++++ gnutls-3.8.11/lib/nettle/Makefile.am +@@ -20,7 +20,7 @@ + + include $(top_srcdir)/lib/common.mk + +-AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS) ++AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS) -ljitterentropy + + AM_CPPFLAGS += \ + -I$(srcdir)/int \ +Index: gnutls-3.8.11/lib/nettle/rnd-fips.c +=================================================================== +--- gnutls-3.8.11.orig/lib/nettle/rnd-fips.c ++++ gnutls-3.8.11/lib/nettle/rnd-fips.c +@@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc + uint8_t buffer[DRBG_AES_SEED_SIZE]; + int ret; + ++ ret = _rnd_get_system_entropy(buffer, sizeof(buffer)); ++ if (ret < 0) ++ return gnutls_assert_val(ret); ++ + ret = get_entropy(fctx, buffer, sizeof(buffer)); + if (ret < 0) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); +@@ -153,6 +157,10 @@ static int drbg_reseed(struct fips_ctx * + uint8_t buffer[DRBG_AES_SEED_SIZE]; + int ret; + ++ ret = _rnd_get_system_entropy(buffer, sizeof(buffer)); ++ if (ret < 0) ++ return gnutls_assert_val(ret); ++ + ret = get_entropy(fctx, buffer, sizeof(buffer)); + if (ret < 0) { + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); +Index: gnutls-3.8.11/tests/Makefile.am +=================================================================== +--- gnutls-3.8.11.orig/tests/Makefile.am ++++ gnutls-3.8.11/tests/Makefile.am +@@ -214,7 +214,7 @@ ctests += mini-record-2 simple gnutls_hm + dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ + keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ + tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ +- set_x509_key_file_ocsp client-fastopen rng-sigint srp \ ++ set_x509_key_file_ocsp client-fastopen srp \ + safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \ + safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \ + rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \ +Index: gnutls-3.8.11/lib/state.c +=================================================================== +--- gnutls-3.8.11.orig/lib/state.c ++++ gnutls-3.8.11/lib/state.c +@@ -834,6 +834,12 @@ void gnutls_deinit(gnutls_session_t sess + gnutls_mutex_deinit(&session->internals.post_negotiation_lock); + gnutls_mutex_deinit(&session->internals.epoch_lock); + ++#if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++ _rnd_system_entropy_deinit(); ++# endif ++#endif ++ + gnutls_free(session); + } + +Index: gnutls-3.8.11/lib/nettle/rnd.c +=================================================================== +--- gnutls-3.8.11.orig/lib/nettle/rnd.c ++++ gnutls-3.8.11/lib/nettle/rnd.c +@@ -79,6 +79,12 @@ struct generators_ctx_st { + + static void wrap_nettle_rnd_deinit(void *_ctx) + { ++#if defined(__linux__) ++# if defined(ENABLE_FIPS140) ++ _rnd_system_entropy_deinit(); ++# endif ++#endif ++ + gnutls_free(_ctx); + } + diff --git a/gnutls-disable-flaky-test-dtls-resume.patch b/gnutls-disable-flaky-test-dtls-resume.patch new file mode 100644 index 0000000..7feca00 --- /dev/null +++ b/gnutls-disable-flaky-test-dtls-resume.patch @@ -0,0 +1,13 @@ +Index: gnutls-3.8.10/tests/Makefile.am +=================================================================== +--- gnutls-3.8.10.orig/tests/Makefile.am ++++ gnutls-3.8.10/tests/Makefile.am +@@ -536,7 +536,7 @@ ktls_keyupdate_CFLAGS = -DUSE_KTLS + dist_check_SCRIPTS += ktls_keyupdate.sh + endif + +-dist_check_SCRIPTS += dtls/dtls.sh dtls/dtls-resume.sh #dtls/dtls-nb ++dist_check_SCRIPTS += dtls/dtls.sh #dtls/dtls-resume.sh #dtls/dtls-nb + + indirect_tests += dtls-stress + diff --git a/gnutls-fips-sonames-check.patch b/gnutls-fips-sonames-check.patch new file mode 100644 index 0000000..bb47348 --- /dev/null +++ b/gnutls-fips-sonames-check.patch @@ -0,0 +1,27 @@ +Index: gnutls-3.8.9/lib/fips.c +=================================================================== +--- gnutls-3.8.9.orig/lib/fips.c ++++ gnutls-3.8.9/lib/fips.c +@@ -484,18 +484,18 @@ static int callback(struct dl_phdr_info + const char *soname = last_component(path); + struct lib_paths *paths = (struct lib_paths *)data; + +- if (!strcmp(soname, GNUTLS_LIBRARY_SONAME)) ++ if (!strncmp(soname, GNUTLS_LIBRARY_SONAME, strlen(GNUTLS_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path); + #ifdef NETTLE_LIBRARY_SONAME +- else if (!strcmp(soname, NETTLE_LIBRARY_SONAME)) ++ else if (!strncmp(soname, NETTLE_LIBRARY_SONAME, strlen(NETTLE_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path); + #endif + #ifdef HOGWEED_LIBRARY_SONAME +- else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) ++ else if (!strncmp(soname, HOGWEED_LIBRARY_SONAME, strlen(HOGWEED_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path); + #endif + #ifdef GMP_LIBRARY_SONAME +- else if (!strcmp(soname, GMP_LIBRARY_SONAME)) ++ else if (!strncmp(soname, GMP_LIBRARY_SONAME, strlen(GMP_LIBRARY_SONAME))) + _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path); + #endif + return 0; diff --git a/gnutls-set-cligen-python-interp.patch b/gnutls-set-cligen-python-interp.patch new file mode 100644 index 0000000..076f3ce --- /dev/null +++ b/gnutls-set-cligen-python-interp.patch @@ -0,0 +1,10 @@ +Index: gnutls-3.8.9/cligen/cli-docgen.py +=================================================================== +--- gnutls-3.8.9.orig/cligen/cli-docgen.py ++++ gnutls-3.8.9/cligen/cli-docgen.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + # Copyright (C) 2021-2022 Daiki Ueno + # SPDX-License-Identifier: LGPL-2.1-or-later + diff --git a/gnutls-skip-pqx-test.patch b/gnutls-skip-pqx-test.patch new file mode 100644 index 0000000..6ac6999 --- /dev/null +++ b/gnutls-skip-pqx-test.patch @@ -0,0 +1,34 @@ +Index: gnutls-3.8.10/tests/Makefile.am +=================================================================== +--- gnutls-3.8.10.orig/tests/Makefile.am ++++ gnutls-3.8.10/tests/Makefile.am +@@ -628,8 +628,6 @@ ctests += win32-certopenstore + + endif + +-dist_check_SCRIPTS += pqc-hybrid-kx.sh +- + cpptests = + if ENABLE_CXX + if HAVE_CMOCKA +Index: gnutls-3.8.10/tests/Makefile.in +=================================================================== +--- gnutls-3.8.10.orig/tests/Makefile.in ++++ gnutls-3.8.10/tests/Makefile.in +@@ -3293,7 +3293,7 @@ am__dist_check_SCRIPTS_DIST = rfc2253-es + gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh \ + gnutls-cli-rawpk.sh dh-fips-approved.sh p11-kit-trust.sh \ + testpkcs11.sh certtool-pkcs11.sh pkcs11-tool.sh \ +- p11-kit-load.sh danetool.sh tpmtool_test.sh pqc-hybrid-kx.sh ++ p11-kit-load.sh danetool.sh tpmtool_test.sh + AM_V_P = $(am__v_P_@AM_V@) + am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) + am__v_P_0 = false +@@ -7178,7 +7178,6 @@ dist_check_SCRIPTS = rfc2253-escape-test + $(am__append_18) $(am__append_20) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_26) \ + $(am__append_27) $(am__append_29) $(am__append_30) \ +- pqc-hybrid-kx.sh + @ENABLE_KTLS_TRUE@@WINDOWS_FALSE@ktls_keyupdate_SOURCES = tls13/key_update.c + @ENABLE_KTLS_TRUE@@WINDOWS_FALSE@ktls_keyupdate_CFLAGS = -DUSE_KTLS + @WINDOWS_FALSE@dtls_stress_SOURCES = dtls/dtls-stress.c diff --git a/gnutls-srp-test-SIGPIPE.patch b/gnutls-srp-test-SIGPIPE.patch new file mode 100644 index 0000000..228728e --- /dev/null +++ b/gnutls-srp-test-SIGPIPE.patch @@ -0,0 +1,22 @@ +Index: gnutls-3.8.9/tests/srp.c +=================================================================== +--- gnutls-3.8.9.orig/tests/srp.c ++++ gnutls-3.8.9/tests/srp.c +@@ -290,7 +290,7 @@ static void start(const char *name, cons + if (child) { + int status; + /* parent */ +- close(fd[0]); ++ /* close(fd[0]); */ + client(fd[1], prio, user, pass, exp_err); + if (exp_err < 0) { + kill(child, SIGTERM); +@@ -300,7 +300,7 @@ static void start(const char *name, cons + check_wait_status(status); + } + } else { +- close(fd[1]); ++ /* close(fd[1]); */ + server(fd[0], prio); + exit(0); + } diff --git a/gnutls.changes b/gnutls.changes new file mode 100644 index 0000000..fafeaad --- /dev/null +++ b/gnutls.changes @@ -0,0 +1,5038 @@ +------------------------------------------------------------------- +Mon Nov 24 09:54:39 UTC 2025 - Pedro Monreal + +- Reduce the number of patches: + * Merge gnutls-FIPS-jitterentropy-deinit-threads.patch into the + main jitterentropy patch gnutls-FIPS-jitterentropy.patch + * Merge the soname gnutls-fips-sonames-check.patch and V3 + gnutls-FIPS-HMAC-x86_64-v3-opt.patch patches together into + gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch + * Remove gnutls-set-cligen-python-interp.patch with a sed command. + +------------------------------------------------------------------- +Mon Nov 24 09:29:13 UTC 2025 - Pedro Monreal + +- Enable back the failing tests that have been fixed upstream: + * Remove patches: + - gnutls-disable-flaky-test-dtls-resume.patch + - gnutls-srp-test-SIGPIPE.patch + - gnutls-skip-pqx-test.patch + - gnutls-3.8.10-disable-ktls_test.patch + +------------------------------------------------------------------- +Mon Nov 24 08:38:13 UTC 2025 - Pedro Monreal + +- Update to 3.8.11: + * libgnutls: Fix stack overwrite in gnutls_pkcs11_token_init + Reported by Luigino Camastra from Aisle Research. + [GNUTLS-SA-2025-11-18, CVSS: low] [bsc#1254132, CVE-2025-9820] + * libgnutls: MAC algorithms for PSK binders is now configurable + The previous implementation assumed HMAC-SHA256 to calculate the + PSK binders. With the new gnutls_psk_allocate_client_credentials2() + and gnutls_psk_allocate_server_credentials2() functions, the + application can use other MAC algorithms such as HMAC-SHA384. + * libgnutls: Expose a new function to provide the maximum record send size + A new function gnutls_record_get_max_send_size() has been added to + determine the maximum size of a TLS record to be sent to the peer. + * libgnutls: Expose a new function to update keys without sending a KeyUpdate + to the peer. A new function gnutls_handshake_update_receiving_key() + has been added to allow updating the local receiving key without + sending any KeyUpdate messages. + * libgnutls: PKCS#11 cryptographic provider configuration takes a token URI + instead of a module path. To allow using a PKCS#11 module exposing + multiple tokens, the "path" configuration keyword was replaced with + the "url" keyword. + * libgnutls: Support crypto-auditing probe points + crypto-auditing is a project to monitor which cryptographic + operations are taking place in the library at run time, through + eBPF. This adds necessary probe points for that, in public key + cryptography and the TLS use-case. To enable this, run configure + with --enable-crypto-auditing. + * build: The minimum version of Nettle has been updated to 3.10 + Given Nettle 3.10 is ABI compatible with 3.6 and includes several + security relevant fixes, the library's minimum requirement of + Nettle is updated to 3.10. + * build: The default priority file path is now constructed from sysconfdir + Previously, the location of the default priority file was + hard-coded to be /etc/gnutls/config. Now it takes into account of + the --sysconfdir option given to the configure script. + * API and ABI modifications: (New functions) + - gnutls_psk_allocate_client_credentials2 + - gnutls_psk_allocate_server_credentials2 + - gnutls_record_get_max_send_size + - gnutls_handshake_update_receiving_key + - gnutls_audit_push_context + - gnutls_audit_pop_context + - gnutls_audit_current_context + * Rebased patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-TLS_KDF_selftest.patch + - gnutls-skip-pqx-test.patch + +------------------------------------------------------------------- +Tue Jul 15 08:12:29 UTC 2025 - Pedro Monreal + +- Build with leancrypto. The liboqs support for post-quantum + cryptography (PQC) has been removed and is only provided through + leancrypto. + +------------------------------------------------------------------- +Mon Jul 14 17:00:21 UTC 2025 - Lucas Mulling + +- Update to 3.8.10: + * libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK + Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium] + [bsc#1246299, CVE-2025-6395] + * libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps + Spotted by oss-fuzz and reported by OpenAI Security Research Team, + and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, + CVSS: medium] [bsc#1246233, CVE-2025-32989] + * libgnutls: Fix double-free upon error when exporting otherName in SAN + Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, + CVSS: low] [bsc#1246232, CVE-2025-32988] + * certtool: Fix 1-byte write buffer overrun when parsing template + Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, + CVSS: low] [bsc#1246267, CVE-2025-32990] + * libgnutls: PKCS#11 modules can now be used to override the default + cryptographic backend. Use the [provider] section in the system-wide config + to specify path and pin to the module (see system-wide config Documentation). + * libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update + support. The library running on the aforementioned version now utilizes the + kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted + TLS session. The --enable-ktls configure option as well as the system-wide + kTLS configuration(see GnuTLS Documentation) are still required to enable + this feature. + * libgnutls: liboqs support for PQC has been removed + For maintenance purposes, support for post-quantum cryptography + (PQC) is now only provided through leancrypto. The experimental key + exchange algorithm, X25519Kyber768Draft00, which is based on the + round 3 candidate of Kyber and only supported through liboqs has + also been removed altogether. + * libgnutls: TLS certificate compression methods can now be set with + cert-compression-alg configuration option in the gnutls priority file. + * libgnutls: All variants of ML-DSA private key formats are supported + While the previous implementation of ML-DSA was based on + draft-ietf-lamps-dilithium-certificates-04, this updates it to + draft-ietf-lamps-dilithium-certificates-12 with support for all 3 + variants of private key formats: "seed", "expandedKey", and "both". + * libgnutls: ML-DSA signatures can now be used in TLS + The ML-DSA signature algorithms, ML-DSA-44, ML-DSA-65, and + ML-DSA-87, can now be used to digitally sign TLS handshake + messages. + * API and ABI modifications: + - GNUTLS_PKCS_MLDSA_SEED: New enum member of gnutls_pkcs_encrypt_flags_t + - GNUTLS_PKCS_MLDSA_EXPANDED: New enum member of gnutls_pkcs_encrypt_flags_t +- Add patch gnutls-3.8.10-disable-ktls_test.patch +- Rebased patches: + * gnutls-FIPS-140-3-references.patch + * gnutls-FIPS-disable-mac-sha1.patch + * gnutls-disable-flaky-test-dtls-resume.patch + * gnutls-skip-pqx-test.patch + +------------------------------------------------------------------- +Sun Jul 13 18:54:51 UTC 2025 - Andreas Stieger + +- enable ktls support +- enable brotli and zstd compression support + +------------------------------------------------------------------- +Mon Apr 28 12:49:45 UTC 2025 - Angel Yankov + +- Fix FIPS mode running on Tumbleweed [bsc#1237101] + * When nettle or libhogweed are installed with glbic-hwcaps for x86_64-v3, + some paths differ and we are unable to match the hmac file for the lib. + * Add gnutls-FIPS-HMAC-x86_64-v3-opt.patch + +------------------------------------------------------------------- +Thu Apr 3 10:19:59 UTC 2025 - Guillaume GARDET + +- Disable liboqs on armv6 + +------------------------------------------------------------------- +Mon Mar 24 15:53:48 UTC 2025 - Angel Yankov + +- FIPS: Mark SHA-1 as non-approved in the SLI for all operations. [jsc#PED-12224] + * Add gnutls-FIPS-disable-mac-sha1.patch + +------------------------------------------------------------------- +Tue Mar 18 07:56:18 UTC 2025 - Angel Yankov + +- bsc#1237101, FIPS selfcheck fails on tumbleweed + * Match dependent library names ( nettle, gmp, hogweed ) even when they include full verison in soname + * Add gnutls-fips-sonames-check.patch + +------------------------------------------------------------------- +Mon Feb 24 11:15:52 UTC 2025 - Angel Yankov + +- Update to 3.8.9: + - libgnutls: leancrypto was added as an interim option for PQC + The library can now be built with leancrypto instead of liboqs for + post-quantum cryptography (PQC), when configured with + --with-leancrypto option instead of --with-liboqs. + - libgnutls: Experimental support for ML-DSA signature algorithm + The library and certtool now support ML-DSA signature algorithm as + defined in FIPS 204 and based on + draft-ietf-lamps-dilithium-certificates-04. This feature is + currently marked as experimental and can only be enabled when + compiled with --with-leancrypto or --with-liboqs. + Contributed by David Dudas. + - libgnutls: Support for ML-KEM-1024 key encapsulation mechanism + The support for ML-KEM post-quantum key encapsulation mechanisms + has been extended to cover ML-KEM-1024, in addition to ML-KEM-768. + MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per + draft-kwiatkowski-tls-ecdhe-mlkem-03. + - libgnutls: Fix potential DoS in handling certificates with numerous name + constraints, as a follow-up of CVE-2024-12133 in libtasn1. The + bundled copy of libtasn1 has also been updated to the latest 4.20.0 + release to complete the fix. Reported by Bing Shi (#1553). + [GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243 + - Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2 + * Rebased gnutls-FIPS-140-3-references.patch + * Rebased gnutls-FIPS-TLS_KDF_selftest.patch + * Rebased gnutls-FIPS-jitterentropy.patch + * Rebased gnutls-disable-flaky-test-dtls-resume.patch + * Rebased gnutls-srp-test-SIGPIPE.patch + * Rebased gnutls-3.5.11-skip-trust-store-tests.patch + * Add gnutls-set-cligen-python-interp.patch + * Add gnutls-skip-pqx-test.patch + +------------------------------------------------------------------- +Mon Nov 11 10:04:31 UTC 2024 - Pedro Monreal + +- Update to 3.8.8: + - libgnutls: Experimental support for X25519MLKEM768 and + SecP256r1MLKEM768 key exchange in TLS 1.3: The support for + post-quantum key exchanges has been extended to cover the final + standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem. + The minimum supported version of liboqs is bumped to 0.11.0. + - libgnutls: All records included in an OCSP response are now checked + in TLS: Previously, when multiple records are provided in a single + OCSP response, only the first record was considered; now all those + records are examined until the server certificate matches. + - libgnutls: Handling of malformed compress_certificate extension is + now more standard compliant: The server behavior of receiving a + malformed compress_certificate extension now more strictly follows + RFC 8879; return illegal_parameter alert instead of bad_certificate, + as well as overlong extension data is properly rejected. + - build: More flexible library linking options for compression + libraries, TPM, and liboqs support: The configure options, + --with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs + now take 4 states: yes/link/dlopen/no, to specify how the libraries + are linked or loaded. + * Rebase gnutls-FIPS-140-3-references.patch + +------------------------------------------------------------------- +Fri Sep 27 08:02:09 UTC 2024 - Antonio Larrosa + +- Build with liboqs to support the X25519Kyber768 post-quantum key + exchange algorithm. + +------------------------------------------------------------------- +Thu Sep 5 07:57:42 UTC 2024 - Pedro Monreal + +- FIPS: Allow to perform the integrity check with the hmac provided + by each library [bsc#1226724] + * Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch + +------------------------------------------------------------------- +Mon Sep 2 10:09:23 UTC 2024 - Pedro Monreal + +- Update to 3.8.7: + * libgnutls: New configure option to compile out DSA support + The --disable-dsa configure option has been added to completely + disable DSA algorithm support. + * libgnutls: Experimental support for X25519Kyber768Draft00 key + exchange in TLS. For testing purposes, the hybrid post-quantum + key exchange defined in draft-tls-westerbaan-xyber768d00 has been + implemented using liboqs. Since the algorithm is still not finalized, + the support of this key exchange is disabled by default and can be + enabled with the --with-liboqs configure option. + * Rebase patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch + +------------------------------------------------------------------- +Thu Jul 25 08:51:56 UTC 2024 - Pedro Monreal + +- Update to 3.8.6: + * libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12 + To be compliant with FIPS 140-3, PKCS#12 files with MAC based on + PBKDF2 (PBMAC1) is now supported, according to the specification + proposed in draft-ietf-lamps-pkcs12-pbmac1. + * libgnutls: SHA3 extendable output functions (XOF) are now supported + SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new + public API gnutls_hash_squeeze. + * API and ABI modifications: + - gnutls_pkcs12_generate_mac3: New function + - gnutls_pkcs12_flags_t: New enum + - gnutls_hash_squeeze: New function + * Rebase patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-jitterentropy.patch + +------------------------------------------------------------------- +Fri Apr 5 07:28:14 UTC 2024 - Pedro Monreal + +- Update to 3.8.5: + * libgnutls: Due to majority of usages and implementations of + RSA decryption with PKCS#1 v1.5 padding being incorrect, + leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5 + is being deprecated (encryption and decryption) and will be + disabled in the future. A new option 'allow-rsa-pkcs1-encrypt' + has been added into the system-wide library configuration which + allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the + RSAES-PKCS1-v1_5 is enabled by default. + * libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for + backward compatibility with GCR. + * libgnutls: A couple of memory related issues have been fixed in + RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA + with earlier versions of GMP. These were a regression introduced + in the 3.8.4 release. See #1535 and !1827. + * build: Fixed a bug where building gnutls statically failed due + to a duplicate definition of nettle_rsa_compute_root_tr(). + * API and ABI modifications: + - GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of + gnutls_pkcs_encrypt_flags_t + * Rebase patches: + - gnutls-FIPS-TLS_KDF_selftest.patch + - gnutls-FIPS-140-3-references.patch + +------------------------------------------------------------------- +Wed Mar 20 12:08:50 UTC 2024 - Pedro Monreal + +- jitterentropy: Release the memory of the entropy collector when + using jitterentropy with phtreads as there is also a + pre-intitization done in the main thread. [bsc#1221242] + * Add gnutls-FIPS-jitterentropy-deinit-threads.patch + +------------------------------------------------------------------- +Wed Mar 20 09:26:32 UTC 2024 - Pedro Monreal + +- Update to 3.8.4: + * libgnutls: RSA-OAEP encryption scheme is now supported + To use it with an unrestricted RSA private key, one would need to + initialize a gnutls_x509_spki_t object with necessary parameters + for RSA-OAEP and attach it to the private key. It is also possible + to import restricted private keys if they are stored in PKCS#8 + format. + * libgnutls: Fix side-channel in the deterministic ECDSA. + Reported by George Pantelakis (#1516). + [GNUTLS-SA-2023-12-04, CVSS: medium] [bsc#1221746, CVE-2024-28834] + * libgnutls: Fixed a bug where certtool crashed when verifying a + certificate chain with more than 16 certificates. Reported by + William Woodruff (#1525) and yixiangzhike (#1527). + [GNUTLS-SA-2024-01-23, CVSS: medium] [bsc#1221747, CVE-2024-28835] + * libgnutls: Compression libraries are now loaded dynamically as needed + instead of all being loaded during gnutls library initialization. + As a result, the library initialization should be faster. + * build: The gnutls library can now be linked with the static library + of GMP. Note that in order for this to work libgmp.a needs to be + compiled with -fPIC and libhogweed in Nettle also has to be linked + to the static library of GMP. This can be used to prevent custom + memory allocators from being overriden by other applications. + * API and ABI modifications: + - gnutls_x509_spki_get_rsa_oaep_params: New function. + - gnutls_x509_spki_set_rsa_oaep_params: New function. + - GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t. + * Rebase patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch + +------------------------------------------------------------------- +Wed Feb 21 18:04:48 UTC 2024 - Jan Engelhardt + +- Remove some if..endif that do not affect any result +- Split documentation (some 1100 files) to separate subpackage + +------------------------------------------------------------------- +Wed Jan 17 08:41:07 UTC 2024 - Pedro Monreal + +- Update to 3.8.3: + * libgnutls: Fix more timing side-channel inside RSA-PSK key + exchange. [GNUTLS-SA-2024-01-14, CVSS: medium] + [bsc#1218865, CVE-2024-0553] + * libgnutls: Fix assertion failure when verifying a certificate + chain with a cycle of cross signatures. + [GNUTLS-SA-2024-01-09, CVSS: medium] [bsc#1218862, CVE-2024-0567] + * libgnutls: Fix regression in handling Ed25519 keys stored in + PKCS#11 token certtool was unable to handle Ed25519 keys + generated on PKCS#11 with pkcs11-tool (OpenSC). + This is a regression introduced in 3.8.2. + * Rebase gnutls-FIPS-140-3-references.patch + * Updated upstream gnutls.keyring + +------------------------------------------------------------------- +Fri Nov 17 10:17:02 UTC 2023 - Pedro Monreal + +- Update to 3.8.2: [bsc#1217277, CVE-2023-5981] + * libgnutls: Fix timing side-channel inside RSA-PSK key exchange. + [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981] + * libgnutls: Add API functions to perform ECDH and DH key agreement + The functionality has been there for a long time though they were + not available as part of the public API. This enables applications + to implement custom protocols leveraging non-interactive key + agreement with ECDH and DH. + * libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452) + The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and + GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through + the AEAD interface. Note that, unlike + GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is + appended to the ciphertext, not prepended. + * libgnutls: transparent KTLS support is extended to FreeBSD kernel + The kernel TLS feature can now be enabled on FreeBSD as well as + Linux when compiled with the --enable-ktls configure option. + * gnutls-cli: New option --starttls-name + Depending on deployment, application protocols such as XMPP may + require a different origin address than the external address to be + presented prior to STARTTLS negotiation. The --starttls-name can + be used to specify specify the addresses separately. + * API and ABI modifications: + - gnutls_pubkey_import_dh_raw: New function + - gnutls_privkey_import_dh_raw: New function + - gnutls_pubkey_export_dh_raw: New function + - gnutls_privkey_export_dh_raw: New function + - gnutls_x509_privkey_import_dh_raw: New function + - gnutls_privkey_derive_secret: New function + - GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t + - GNUTLS_CIPHER_AES_128_SIV_GCM: Added + - GNUTLS_CIPHER_AES_256_SIV_GCM: Added + * Rebase gnutls-FIPS-140-3-references.patch + * Remove upstream: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch + +------------------------------------------------------------------- +Tue Aug 22 15:00:57 UTC 2023 - Pedro Monreal + +- Fix missing GNUTLS_NO_EXTENSIONS compatibility. + * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634 + * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch + +------------------------------------------------------------------- +Mon Aug 21 09:33:40 UTC 2023 - Pedro Monreal + +- tests: Fix the SRP test that fails with SIGPIPE signal return due + to a socket being closed before using it. + * Add gnutls-srp-test-SIGPIPE.patch + +------------------------------------------------------------------- +Mon Aug 7 07:51:59 UTC 2023 - Pedro Monreal + +- Update to version 3.8.1: + * libgnutls: ClientHello extensions are randomized by default + To make fingerprinting harder, TLS extensions in ClientHello + messages are shuffled. As this behavior may cause compatibility + issue with legacy applications that do not accept the last + extension without payload, the behavior can be reverted with the + %NO_SHUFFLE_EXTENSIONS priority keyword. + * libgnutls: Add support for RFC 9258 external PSK importer. + This enables to deploy the same PSK across multiple TLS versions + (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application + needs to set up a callback that formats the PSK identity using + gnutls_psk_format_imported_identity(). + * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to + %GNUTLS_NO_DEFAULT_EXTENSIONS. + * libgnutls: Add additional PBKDF limit checks in FIPS mode as + defined in SP 800-132. Minimum salt length is 128 bits and + minimum iterations bound is 1000 for PBKDF in FIPS mode. + * libgnutls: Add a mechanism to control whether to enforce extended + master secret (RFC 7627). FIPS 140-3 mandates the use of TLS + session hash (extended master secret, EMS) in TLS 1.2. To enforce + this, a new priority keyword %FORCE_SESSION_HASH is added and if + it is set and EMS is not set, the peer aborts the connection. This + behavior is the default in FIPS mode, though it can be overridden + through the configuration file with the "tls-session-hash" option. + In either case non-EMS PRF is reported as a non-approved operation + through the FIPS service indicator. + * New option --attime to specify current time. + To make testing with different timestamp to the system easier, the + tools doing certificate verification now provide a new option + --attime, which takes an arbitrary time. + * API and ABI modifications: + gnutls_psk_client_credentials_function3: New typedef + gnutls_psk_server_credentials_function3: New typedef + gnutls_psk_set_server_credentials_function3: New function + gnutls_psk_set_client_credentials_function3: New function + gnutls_psk_format_imported_identity: New function + GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags + * Rebase patches: + - gnutls-FIPS-140-3-references.patch + - gnutls-FIPS-jitterentropy.patch + * Remove patches merged/fixed upstream: + - gnutls-FIPS-PCT-DH.patch + - gnutls-FIPS-PCT-ECDH.patch + +------------------------------------------------------------------- +Mon May 29 07:27:23 UTC 2023 - Pedro Monreal + +- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476] + Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch + +------------------------------------------------------------------- +Wed May 24 11:01:10 UTC 2023 - Pedro Monreal + +- FIPS: Skip the fixed HMAC verification for nettle, hogweed and + gmp libraries. These calculated HMACs change for every build of + each of these packages, we only have to verify that for gnutls. + * Add gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch [bsc#1211476] + +------------------------------------------------------------------- +Mon May 22 11:32:53 UTC 2023 - Pedro Monreal + +- FIPS: Merge libgnutls30-hmac package into the library [bsc#1185116] + +------------------------------------------------------------------- +Mon May 15 09:57:45 UTC 2023 - Guillaume GARDET + +- Disable GNULIB's year2038 also for 32-bit arm - boo#1211394 + +------------------------------------------------------------------- +Mon Apr 10 14:48:41 UTC 2023 - Pedro Monreal + +- Temporarily disable GNULIB's year2038 support for 64bit time_t + by using the --disable-year2038 flag. This omits support for + timestamps past the year 2038: + * Fixes the public API on 32-bit architectures avoiding to + change the size of time_t as it cannot be changed without + breaking the ABI compatibility. + * Upstream issue: https://gitlab.com/gnutls/gnutls/-/issues/1466 + +------------------------------------------------------------------- +Tue Feb 21 10:17:00 UTC 2023 - Pedro Monreal + +- Update to 3.8.0: [bsc#1205763, bsc#1209627] + * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key + exchange. Reported by Hubert Kario (#1050). Fix developed by + Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] + [CVE-2023-0361] + * libgnutls: C++ library is now header only. All definitions + from gnutlsxx.c have been moved into gnutlsxx.h. Users of the + C++ interface have two options: + 1. include gnutlsxx.h in their application and link against + the C library. (default) + 2. include gnutlsxx.h in their application, compile with + GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link + against the C++ library. + * libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST + priority modifier have been added to allow disabling of the + status_request TLS extension in the client side. + * libgnutls: TLS heartbeat is disabled by default. + The heartbeat extension in TLS (RFC 6520) is not widely used + given other implementations dropped support for it. To enable + back support for it, supply --enable-heartbeat-support to + configure script. + * libgnutls: SRP authentication is now disabled by default. + It is disabled because the SRP authentication in TLS is not + up to date with the latest TLS standards and its ciphersuites + are based on the CBC mode and SHA-1. To enable it back, supply + --enable-srp-authentication option to configure script. + * libgnutls: All code has been indented using "indent -ppi1 -linux". + CI/CD has been adjusted to catch regressions. This is implemented + through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s + commit-check. You may run devel/indent-gnutls to fix any + indentation issues if you make code modifications. + * guile: Guile-bindings removed. They have been extracted into a + separate project to reduce complexity and to simplify maintenance, + see . + * minitasn1: Upgraded to libtasn1 version 4.19. + * API and ABI modifications: + GNUTLS_NO_STATUS_REQUEST: New flag + GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member + GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member + * Merge gnutls-FIPS-Set-error-state-when-jent-init-failed.patch + and gnutls-FIPS-jitterentropy-threadsafe.patch into the main + patch gnutls-FIPS-jitterentropy.patch + * Rebase gnutls-FIPS-140-3-references.patch + * Rebase patches with upstream version: + - gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch + * Remove patches merged/fixed upstream: + - gnutls-FIPS-disable-failing-tests.patch + - gnutls-verify-library-HMAC.patch + - gnutls_ECDSA_signing.patch + - gnutls-Make-XTS-key-check-failure-not-fatal.patch + - gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch + * Update keyring with https://gnutls.org/gnutls-release-keyring.gpg + +------------------------------------------------------------------- +Thu Feb 16 19:43:04 UTC 2023 - Pedro Monreal + +- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] + * Add gnutls-FIPS-jitterentropy-threadsafe.patch + +------------------------------------------------------------------- +Thu Feb 16 12:31:25 UTC 2023 - Pedro Monreal + +- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] + * Rebase patches with the version submitted upstream. + * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch + * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch + +------------------------------------------------------------------- +Fri Feb 10 13:12:25 UTC 2023 - Pedro Monreal + +- Update to 3.7.9: [bsc#1208143, CVE-2023-0361] + * libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key + exchange. [GNUTLS-SA-2020-07-14, CVSS: medium][CVE-2023-0361] + * Rebase gnutls-FIPS-140-3-references.patch + +------------------------------------------------------------------- +Fri Jan 20 09:58:53 UTC 2023 - Pedro Monreal + +- FIPS: Change all the 140-2 references to FIPS 140-3 in order to + account for the new FIPS certification [bsc#1207346] + * Add gnutls-FIPS-140-3-references.patch + +------------------------------------------------------------------- +Mon Jan 16 12:52:55 UTC 2023 - Pedro Monreal + +- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] + * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch + +------------------------------------------------------------------- +Mon Dec 12 08:58:58 UTC 2022 - Dirk Müller + +- switch to pkgconfig(zlib) so that alternative providers can be + used + +------------------------------------------------------------------- +Tue Nov 8 12:52:18 UTC 2022 - Pedro Monreal + +- Verify only the libgnutls library HMAC [bsc#1199881] + * Do not use the brp-50-generate-fips-hmac script as this + is now calculated with the internal fipshmac tool. + * Add gnutls-verify-library-HMAC.patch + +------------------------------------------------------------------- +Wed Nov 2 20:51:43 UTC 2022 - Pedro Monreal + +- Temporarily revert the jitterentropy patches in s390 and s390x + architectures until a fix is provided [bsc#1204937] +- Disable flaky test that fails in s390x architecture: + * Add gnutls-disable-flaky-test-dtls-resume.patch + +------------------------------------------------------------------- +Fri Oct 14 11:35:33 UTC 2022 - Pedro Monreal + +- Consolidate the FIPS hmac files [bsc#1203245] + * Use the gnutls fipshmac tool instead of the brp-check-suse + and rename it to reflect on the library version. + * Remove not needed gnutls-FIPS-Run-CFB8-without-offset.patch +- Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false + positive for the FIPS hmac calculation. + +------------------------------------------------------------------- +Sun Oct 9 12:53:27 UTC 2022 - Pedro Monreal + +- Update to 3.7.8: + * libgnutls: In FIPS140 mode, RSA signature verification is an + approved operation if the key has modulus with known sizes + (1024, 1280, 1536, and 1792 bits), in addition to any modulus + sizes larger than 2048 bits, according to SP800-131A rev2. + * libgnutls: gnutls_session_channel_binding performs additional + checks when GNUTLS_CB_TLS_EXPORTER is requested. According to + RFC9622 4.2, the "tls-exporter" channel binding is only usable + when the handshake is bound to a unique master secret (i.e., + either TLS 1.3 or extended master secret extension is + negotiated). Otherwise the function now returns error. + * libgnutls: usage of the following functions, which are designed + to loosen restrictions imposed by allowlisting mode of + configuration, has been additionally restricted. Invoking + them is now only allowed if system-wide TLS priority string + has not been initialized yet: + - gnutls_digest_set_secure + - gnutls_sign_set_secure + - gnutls_sign_set_secure_for_certs + - gnutls_protocol_set_enabled + * Delete gnutls-3.6.6-set_guile_site_dir.patch and use the + --with-guile-extension-dir configure option to properly + handle the guile extension directory. + * Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch + * Update gnutls.keyring + * Add a build depencency on gtk-doc required by autoreconf + +------------------------------------------------------------------- +Fri Oct 7 09:30:44 UTC 2022 - Otto Hollmann + +- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146] + * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch + +------------------------------------------------------------------- +Tue Oct 4 13:05:27 UTC 2022 - Otto Hollmann + +- FIPS: Make XTS key check failure not fatal [bsc#1203779] + * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch + +------------------------------------------------------------------- +Wed Sep 14 15:25:46 UTC 2022 - Pedro Monreal + +- FIPS: Run the CFB8 cipher selftest without offset [bsc#1203245] + * CFB8 list of ciphers: GNUTLS_CIPHER_AES_{128,192,256}_CFB8 + * Add gnutls-FIPS-Run-CFB8-without-offset.patch + +------------------------------------------------------------------- +Tue Sep 13 18:08:03 UTC 2022 - Andreas Stieger + +- provide a libgnutls30-hmac-32bit to avoid uninstallable wine + when pattern-base-fips is installed [boo#1203353] + +------------------------------------------------------------------- +Tue Sep 6 16:17:12 UTC 2022 - Pedro Monreal + +- FIPS: Additional modifications to the SLI. [bsc#1190698] + * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). + * Mark HMAC keylength less than 112 bits as non-approved in + gnutls_pbkfd2(). + * Adapt the pbkdf2 selftest and the regression tests accordingly. + * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch + +------------------------------------------------------------------- +Mon Aug 8 16:41:19 UTC 2022 - Pedro Monreal + +- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] + * Add new dependency on jitterentropy + * Add gnutls-FIPS-jitterentropy.patch + +------------------------------------------------------------------- +Fri Jul 29 14:29:17 UTC 2022 - Pedro Monreal + +- Update to 3.7.7: [bsc#1202020, CVE-2022-2509] + * libgnutls: Fixed double free during verification of pkcs7 + signatures. CVE-2022-2509 + * libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument + less than or equal to 255 times hash digest size, to comply with + RFC 5869 2.3. + * libgnutls: Length limit for TLS PSK usernames has been increased + from 128 to 65535 characters + * libgnutls: AES-GCM encryption function now limits plaintext + length to 2^39-256 bits, according to SP800-38D 5.2.1.1. + * libgnutls: New block cipher functions have been added to + transparently handle padding. gnutls_cipher_encrypt3 and + gnutls_cipher_decrypt3 can be used in combination of + GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove + padding if the length of the original plaintext is not a multiple + of the block size. + * libgnutls: New function for manual FIPS self-testing. + * API and ABI modifications: + - gnutls_fips140_run_self_tests: New function + - gnutls_cipher_encrypt3: New function + - gnutls_cipher_decrypt3: New function + - gnutls_cipher_padding_flags_t: New enum + * guile: Guile 1.8 is no longer supported + * guile: Session record port treats premature termination as EOF Previously, + a 'gnutls-error' exception with the 'error/premature-termination' value + would be thrown while reading from a session record port when the + underlying session was terminated prematurely. This was inconvenient + since users of the port may not be prepared to handle such an exception. + Reading from the session record port now returns the end-of-file object + instead of throwing an exception, just like it would for a proper + session termination. + * guile: Session record ports can have a 'close' procedure. The + 'session-record-port' procedure now takes an optional second parameter, + and a new 'set-session-record-port-close!' procedure is provided to + specify a 'close' procedure for a session record port. This 'close' + procedure lets users specify cleanup operations for when the port is + closed, such as closing the file descriptor or port that backs the + underlying session. + * Rebase patches: + - gnutls-3.6.6-set_guile_site_dir.patch + - gnutls-FIPS-TLS_KDF_selftest.patch + - gnutls-FIPS-disable-failing-tests.patch + * Remove patch merged upstream: + - gnutls-FIPS-PBKDF2-KAT-requirements.patch + - https://gitlab.com/gnutls/gnutls/merge_requests/1561 + +------------------------------------------------------------------- +Wed Jun 29 15:56:59 UTC 2022 - Richard Costa + +- FIPS: + * Add gnutls_ECDSA_signing.patch [bsc#1190698] + - Check minimum keylength for symmetric key generation + - Only allows ECDSA signature with valid set of hashes + (SHA2 and SHA3) + +------------------------------------------------------------------- +Fri May 27 16:56:26 UTC 2022 - Antoine Belvire + +- Update to version 3.7.6: + * libgnutls: Fixed invalid write when gnutls_realloc_zero() is + called with new_size < old_size. This bug caused heap + corruption when gnutls_realloc_zero() has been set as gmp + reallocfunc. + * Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed + upstream. + +------------------------------------------------------------------- +Wed May 25 19:46:21 UTC 2022 - Antoine Belvire + +- Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory + corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367, + boo#1199929). + +------------------------------------------------------------------- +Sat May 21 17:50:57 UTC 2022 - Andreas Stieger + +- update to 3.7.5: + * add options disable session ticket usage in TLS 1.2 because + it does not provide forward secrecy + * For TLS 1.3 where session tickets do provide forward secrecy, + the PFS priority string now only disables session tickets in + TLS 1.2. + * Future backward incompatibility: in the next major release of + GnuTLS those flag and modifier are planned to be removed + * gnutls-cli, gnutls-serv: Channel binding for printing + information has been changed from tls-unique to tls-exporter + as tls-unique is not supported in TLS 1.3. + * Certificate sanity checks has been enhanced to make gnutls + more RFC 5280 compliant: + * Removed 3DES from FIPS approved algorithms + * Optimized support for AES-SIV-CMAC algorithms + * libgnutls: HKDF and AES-GCM algorithms are now approved in + FIPS-140 mode when used in TLS + +------------------------------------------------------------------- +Wed May 11 09:19:52 UTC 2022 - Marcus Meissner + +- disable kcapi usage for now, as kernel-obs-build not adjusted + to contain the algorithms. bsc#1189283 + +------------------------------------------------------------------- +Fri Mar 18 18:31:06 UTC 2022 - Pedro Monreal + +- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] + * The IG 10.3.A and SP800-132 require some minimum parameters for + the salt length, password length and iteration count. These + parameters should be also used in the KAT. + * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch +- Enable to run the regression tests also in FIPS mode. + +------------------------------------------------------------------- +Fri Mar 18 08:59:49 UTC 2022 - Pedro Monreal + +- Update to 3.7.4: + * libgnutls: Added support for certificate compression as defined + in RFC8879. + * certtool: Added option --compress-cert that allows user to + specify compression methods for certificate compression. + * libgnutls: GnuTLS can now be compiled with --enable-strict-x509 + configure option to enforce stricter certificate sanity checks + that are compliant with RFC5280. + * libgnutls: Removed IA5String type from DirectoryString within + issuer and subject name to make DirectoryString RFC5280 compliant. + * libgnutls: Added function to retrieve the name of current + ciphersuite from session. + * Bump libgnutlsxx soname due to ABI break + * API and ABI modifications: + - GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member + - GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member + - gnutls_compress_certificate_get_selected_method: Added + - gnutls_compress_certificate_set_methods: Added + * Update gnutls.keyring + +------------------------------------------------------------------- +Sun Feb 27 07:52:30 UTC 2022 - Dirk Müller + +- build with lto +- build with -Wl,-z,now -Wl,-z,relro +- build without -fanalyzer, which cuts build time in ~ half + +------------------------------------------------------------------- +Tue Jan 18 15:59:11 UTC 2022 - Pedro Monreal + +- Update to 3.7.3: [bsc#1190698, bsc#1190796] + * libgnutls: The allowlisting configuration mode has been added + to the system-wide settings. In this mode, all the algorithms + are initially marked as insecure or disabled, while the + applications can re-enable them either through the [overrides] + section of the configuration file or the new API (#1172). + * The build infrastructure no longer depends on GNU AutoGen for + generating command-line option handling, template file parsing + in certtool, and documentation generation (#773, #774). This + change also removes run-time or bundled dependency on the + libopts library, and requires Python 3.6 or later to regenerate + the distribution tarball. Note that this brings in known backward + incompatibility in command-line tools, such as long options are + now case sensitive, while previously they were treated in a case + insensitive manner: for example --RSA is no longer a valid option + of certtool. The existing scripts using GnuTLS tools may need + adjustment for this change. + * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded + and used as a gnutls_privkey_t (#594). The code was originally written + for the OpenConnect VPN project by David Woodhouse. To generate such + blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: + https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations + or the tpm2_encodeobject tool from unreleased tpm2-tools. + * libgnutls: The library now transparently enables Linux KTLS (kernel + TLS) when the feature is compiled in with --enable-ktls configuration + option (#1113). If the KTLS initialization fails it automatically falls + back to the user space implementation. + * certtool: The certtool command can now read the Certificate Transparency + (RFC 6962) SCT extension (#232). New API functions are also provided to + access and manipulate the extension values. + * certtool: The certtool command can now generate, manipulate, and evaluate + x25519 and x448 public keys, private keys, and certificates. + * libgnutls: Disabling a hashing algorithm through "insecure-hash" + configuration directive now also disables TLS ciphersuites that use it + as a PRF algorithm. + * libgnutls: PKCS#12 files are now created with modern algorithms by default + (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and + HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with + PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the + default PBKDF2 iteration count has been increased to 600000. + * libgnutls: PKCS#12 keys derived using GOST algorithm now uses + HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, + to conform with the latest TC-26 requirements (#1225). + * libgnutls: The library now provides a means to report the status + of approved cryptographic operations (!1465). To adhere to the + FIPS140-3 IG 2.4.C., this complements the existing mechanism to + prohibit the use of unapproved algorithms by making the library + unusable state. + * gnutls-cli: The gnutls-cli command now provides a --list-config + option to print the library configuration (!1508). + * libgnutls: Fixed possible race condition in + gnutls_x509_trust_list_verify_crt2 when a single trust list object + is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, + CVSS: low] + * API and ABI modifications: + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in + gnutls_privkey_flags_t + GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in + gnutls_certificate_verify_flags + gnutls_ecc_curve_set_enabled: Added. + gnutls_sign_set_secure: Added. + gnutls_sign_set_secure_for_certs: Added. + gnutls_digest_set_secure: Added. + gnutls_protocol_set_enabled: Added. + gnutls_fips140_context_init: New function + gnutls_fips140_context_deinit: New function + gnutls_fips140_push_context: New function + gnutls_fips140_pop_context: New function + gnutls_fips140_get_operation_state: New function + gnutls_fips140_operation_state_t: New enum + gnutls_transport_is_ktls_enabled: New function + gnutls_get_library_configuration: New function + * Remove patches fixed in the update: + - gnutls-FIPS-module-version.patch + - gnutls-FIPS-service-indicator.patch + - gnutls-FIPS-service-indicator-public-key.patch + - gnutls-FIPS-service-indicator-symmetric-key.patch + - gnutls-FIPS-RSA-PSS-flags.patch + - gnutls-FIPS-RSA-mod-sizes.patch + +------------------------------------------------------------------- +Tue Jan 18 14:41:04 UTC 2022 - Pedro Monreal + +- FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] + * Add gnutls-FIPS-disable-failing-tests.patch + * Remove patches: + - gnutls-temporarily_disable_broken_guile_reauth_test.patch + - disable-psk-file-test.patch + +------------------------------------------------------------------- +Mon Jan 17 12:37:02 UTC 2022 - Pedro Monreal + +- FIPS: Provide module identifier and version [bsc#1190796] + * Add configurable options to output the module name/identifier + (--with-fips140-module-name) and the module version + (--with-fips140-module-version). + * Add the CLI option list-config that reports the configuration + of the library. + * Add gnutls-FIPS-module-version.patch + +------------------------------------------------------------------- +Wed Dec 22 18:56:24 UTC 2021 - Pedro Monreal + +- FIPS: Provide a service-level indicator [bsc#1190698] + * Add support for a "service indicator" as required in + the FIPS140-3 Implementation Guidance in section 2.4.C + * Add patches: + - gnutls-FIPS-service-indicator.patch + - gnutls-FIPS-service-indicator-public-key.patch + - gnutls-FIPS-service-indicator-symmetric-key.patch + - gnutls-FIPS-RSA-PSS-flags.patch + +------------------------------------------------------------------- +Thu Dec 16 12:35:46 UTC 2021 - Pedro Monreal + +- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] + * fips: allow more RSA modulus sizes + * Add gnutls-FIPS-RSA-mod-sizes.patch + * Delete gnutls-3.6.7-fips-rsa-4096.patch + +------------------------------------------------------------------- +Fri Nov 26 08:26:19 UTC 2021 - Dominique Leuenberger + +- Drop bogus condition "> 1550": that would mean 'more recent than + Tumbleweed' which is technically impossible, as Tumbleweed is the + leading project (and the condition causes issues as Tumbleweed + needs to move away from 1550 due to CODE 15 SP5 plans). + +------------------------------------------------------------------- +Fri Oct 15 11:03:53 UTC 2021 - Pedro Monreal + +- Add crypto-policies support for Leap and SLE 15.4 [jsc#SLE-20287] +- Add DANE guards + +------------------------------------------------------------------- +Wed Jul 21 10:21:46 UTC 2021 - Pedro Monreal + +- Remove gnutls-temporarily_disable_broken_guile_reauth_test.patch + since its already working. + +------------------------------------------------------------------- +Tue Jun 1 01:00:34 UTC 2021 - Ferdinand Thiessen + +- Update to version 3.7.2 + * Added Linux kernel AF_ALG based acceleration + * Fixed timing of early data exchange + * The priority string option DISABLE_TLS13_COMPAT_MODE was added + to disable TLS 1.3 middlebox compatibility mode + * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to + GNUTLS_NO_IMPLICIT_INIT to reflect the purpose + * certtool: + * When signing a CSR, CRL distribution point (CDP) is no + longer copied from the signing CA by default + * When producing certificates and certificate requests, subject + DN components that are provided individually will now be + ordered by assumed scale + +------------------------------------------------------------------- +Wed May 26 11:51:56 UTC 2021 - Pedro Monreal + +- Rework the crypto-policies dependencies in libraries [bsc#1186385] + +------------------------------------------------------------------- +Thu May 13 16:34:28 UTC 2021 - Pedro Monreal + +- Compute the FIPS hmac file without re-defining the + __os_install_post macro, use the brp-50-generate-fips-hmac + script instead. [bsc#1184555] + +------------------------------------------------------------------- +Thu Mar 18 13:13:07 UTC 2021 - Pedro Monreal + +- Require the main package in devel and lib packages as the default + priorities are now set via crypto-policies. [bsc#1183082] + +------------------------------------------------------------------- +Fri Mar 12 18:45:38 UTC 2021 - Pedro Monreal + +- Update to 3.7.1: + [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231] + * Fixed potential use-after-free in sending "key_share" and + "pre_shared_key" extensions. + * Fixed a regression in handling duplicated certs in a chain. + * Fixed sending of session ID in TLS 1.3 middlebox compatibility + mode. In that mode the client shall always send a non-zero + session ID to make the handshake resemble the TLS 1.2 + resumption; this was not true in the previous versions. + * Removed dependency on the external 'fipscheck' package, + when compiled with --enable-fips140-mode. + * Added padlock acceleration for AES-192-CBC. +- Remove patches upstream: + * gnutls-gnutls-cli-debug.patch + * gnutls-ignore-duplicate-certificates.patch + * gnutls-test-fixes.patch + +------------------------------------------------------------------- +Wed Feb 10 12:08:05 UTC 2021 - Pedro Monreal + +- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565] + * Don't unset system priority settings in gnutls-cli-debug.sh + * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387 +- Add gnutls-gnutls-cli-debug.patch + +------------------------------------------------------------------- +Wed Feb 10 11:17:51 UTC 2021 - Pedro Monreal + +- Fix: Test certificates in tests/testpkcs11-certs have expired + * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135 +- Add gnutls-test-fixes.patch + +------------------------------------------------------------------- +Mon Feb 8 18:05:56 UTC 2021 - Pedro Monreal + +- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates + * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131 +- Add gnutls-ignore-duplicate-certificates.patch + +------------------------------------------------------------------- +Wed Jan 27 23:33:15 UTC 2021 - Pedro Monreal + +- Update to 3.7.0 + * Depend on nettle 3.6 + * Added a new API that provides a callback function to retrieve + missing certificates from incomplete certificate chains + * Added a new API that provides a callback function to output the + complete path to the trusted root during certificate chain + verification + * OIDs exposed as gnutls_datum_t no longer account for the + terminating null bytes, while the data field is null terminated. + The affected API functions are: gnutls_ocsp_req_get_extension, + gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension + * Added a new set of API to enable QUIC implementation + * The crypto implementation override APIs deprecated in 3.6.9 are + now no-op + * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support + * Support for padlock has been fixed to make it work with Zhaoxin CPU + * The maximum PIN length for PKCS #11 has been increased from 31 + bytes to 255 bytes +- Remove patch fixed upstream: + * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch +- Add version guards for the crypto-policies package +- Fix threading bug in libgnutls [bsc#1173434] + * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044 + +------------------------------------------------------------------- +Thu Dec 17 17:16:08 UTC 2020 - Pedro Monreal + +- Require the crypto-policies package [bsc#1180051] + +------------------------------------------------------------------- +Tue Nov 24 15:43:02 UTC 2020 - Vítězslav Čížek + +- Use the centralized crypto policy profile (jsc#SLE-15832) + +------------------------------------------------------------------- +Tue Nov 10 11:25:02 UTC 2020 - Vítězslav Čížek + +- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) + * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch +- FIPS: Add TLS KDF selftest (bsc#1176671) + * add gnutls-FIPS-TLS_KDF_selftest.patch + +------------------------------------------------------------------- +Mon Oct 12 11:54:00 UTC 2020 - Dominique Leuenberger + +- Escape rpm command %%expand when used in comment. + +------------------------------------------------------------------- +Tue Sep 8 08:18:48 UTC 2020 - Vítězslav Čížek + +- Update to 3.6.15 + * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. + [GNUTLS-SA-2020-09-04, CVSS: medium] + * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now + indicates that with a false return value (!1306). + * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked + accordingly to SP800-56A rev 3 (!1295, !1299). + * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than + the size of the internal base64 blob (#1025). + * libgnutls: Certificate verification failue due to OCSP must-stapling is not + honered is now correctly marked with the GNUTLS_CERT_INVALID flag + * libgnutls: The audit log message for weak hashes is no longer printed twice + * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is + disabled in the priority string. Previously, even when TLS 1.2 is explicitly + disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is + enabled (#1054). +- drop upstreamed patches: + * gnutls-detect_nettle_so.patch + * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch + +------------------------------------------------------------------- +Tue Jun 9 09:15:45 UTC 2020 - Vítězslav Čížek + +- Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666) + * add gnutls-detect_nettle_so.patch + +------------------------------------------------------------------- +Mon Jun 8 15:41:46 UTC 2020 - Vítězslav Čížek + +- Fix a memory leak that could lead to a DoS attack against Samba + servers (bsc#1172663) + * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch +- Temporarily disable broken guile reauth test (bsc#1171565) + * add gnutls-temporarily_disable_broken_guile_reauth_test.patch + +------------------------------------------------------------------- +Thu Jun 4 09:39:58 UTC 2020 - Vítězslav Čížek + +- Update to 3.6.14 + * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. + The TLS server would not bind the session ticket encryption key with a + value supplied by the application until the initial key rotation, allowing + attacker to bypass authentication in TLS 1.3 and recover previous + conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) + [GNUTLS-SA-2020-06-03, CVSS: high] + * libgnutls: Fixed handling of certificate chain with cross-signed + intermediate CA certificates (#1008). (bsc#1172461) + * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). + * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName + (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority + Key Identifier (AKI) properly (#989, #991). + * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). + * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). + Also both accelerated and non-accelerated implementations check key block + according to FIPS-140-2 IG A.9 (!1233). + * libgnutls: Added support for AES-SIV ciphers (#463). + * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). + * libgnutls: No longer use internal symbols exported from Nettle (!1235) + * API and ABI modifications: + GNUTLS_CIPHER_AES_128_SIV: Added + GNUTLS_CIPHER_AES_256_SIV: Added + GNUTLS_CIPHER_AES_192_GCM: Added + gnutls_pkcs7_print_signature_info: Added +- Add key D605848ED7E69871: public key "Daiki Ueno " to + the keyring +- Drop gnutls-fips_correct_nettle_soversion.patch (upstream) + +------------------------------------------------------------------- +Thu Apr 2 09:32:01 UTC 2020 - Vítězslav Čížek + +- Use correct nettle .so version when looking for a FIPS checksum + (bsc#1166635) + * add gnutls-fips_correct_nettle_soversion.patch + +------------------------------------------------------------------- +Thu Apr 2 08:48:39 UTC 2020 - Vítězslav Čížek + +- Update to 3.6.13 + * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 +support) + The DTLS client would not contribute any randomness to the DTLS negotiation, + breaking the security guarantees of the DTLS protocol (#960) + [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345) + * libgnutls: Added new APIs to access KDF algorithms (#813). + * libgnutls: Added new callback gnutls_keylog_func that enables a custom + logging functionality. + * libgnutls: Added support for non-null terminated usernames in PSK + negotiation (#586). + * gnutls-cli-debug: Improved support for old servers that only support + SSL 3.0. + +------------------------------------------------------------------- +Mon Mar 30 12:43:33 UTC 2020 - Vítězslav Čížek + +- Split off FIPS checksums into a separate libgnutls30-hmac + subpackage (bsc#1152692) + +------------------------------------------------------------------- +Tue Feb 4 09:49:44 UTC 2020 - Ondřej Súkup + +- gnutls 3.6.12 + * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) + to identify sessions that client request OCSP status request (#829). + * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 + signature algorithm (RFC 8032) under TLS (#86). + * libgnutls: Added the default-priority-string option to system configuration; + it allows overriding the compiled-in default-priority-string. + * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by + draft-smyshlyaev-tls12-gost-suites-07). + By default this ciphersuite is disabled. It can be enabled by adding + +GOST to priority string. In the future this priority string may enable + other GOST ciphersuites as well. Note, that server will fail to negotiate + GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It + is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites + are enabled on GnuTLS-based servers. + * libgnutls: added priority shortcuts for different GOST categories like + CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. + * libgnutls: Reject certificates with invalid time fields. That is we reject + certificates with invalid characters in Time fields, or invalid time formatting + To continue accepting the invalid form compile with --disable-strict-der-time + * libgnutls: Reject certificates which contain duplicate extensions. We were + previously printing warnings when printing such a certificate, but that is + not always sufficient to flag such certificates as invalid. Instead we now + refuse to import them (#887). + * libgnutls: If a CA is found in the trusted list, check in addition to + time validity, whether the algorithms comply to the expected level prior + to accepting it. This addresses the problem of accepting CAs which would + have been marked as insecure otherwise (#877). + * libgnutls: The min-verification-profile from system configuration applies + for all certificate verifications, not only under TLS. The configuration can + be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. + * libgnutls: The stapled OCSP certificate verification adheres to the convention + used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. + * libgnutls: On client side only send OCSP staples if they have been requested + by the server, and on server side always advertise that we support OCSP stapling + * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible + with gnutls_ocsp_req_t but const. + * certtool: Added the --verify-profile option to set a certificate + verification profile. Use '--verify-profile low' for certificate verification + to apply the 'NORMAL' verification profile. + * certtool: The add_extension template option is considered even when generating + a certificate from a certificate request. + +------------------------------------------------------------------- +Tue Dec 3 19:34:20 UTC 2019 - Andreas Stieger + +- gnutls 3.6.11.1: + * libgnutls: Corrected issue with TLS 1.2 session ticket + handling as client during resumption + * libgnutls: gnutls_base64_decode2() succeeds decoding the empty + string to the empty string. This is a behavioral change of the + API but it conforms to the RFC4648 expectations + * libgnutls: Fixed AES-CFB8 implementation, when input is shorter + than the block size. Fix backported from nettle. + * certtool: CRL distribution points will be set in CA + certificates even when non self-signed + * gnutls-cli/serv: added raw public-key handling capabilities + (RFC7250). Key material can be set via the --rawpkkeyfile and + --rawpkfile flags. + +------------------------------------------------------------------- +Thu Oct 10 17:48:44 UTC 2019 - Andreas Stieger + +- gnutls 3.6.10: + * Add support for deterministic ECDSA/DSA (RFC6979) + * Add functions for in-place encryption/decryption of data buffers + * server now selects the highest TLS protocol version, if TLS 1.3 + is enabled and the client advertises an older protocol version + first + * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode + and MAC generation based on GOST 28147-89 (IMIT) + * certtool: when outputting an encrypted private key do not + insert the textual description of it + +------------------------------------------------------------------- +Tue Sep 24 13:16:02 UTC 2019 - Vítězslav Čížek + +- Install checksums for binary integrity verification which are + required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) + +------------------------------------------------------------------- +Wed Jul 31 17:05:53 UTC 2019 - Andreas Stieger + +- gnutls 3.6.9: + * add support for copying digest or MAC contexts + * Mark the crypto implementation override APIs as deprecated + * Add support for AES-GMAC, as a separate to GCM, MAC algorithm + * Add support for Generalname registeredID + * The priority configuration was enhanced to allow more elaborate + system-wide configuration of the library +- includes changes from 3.6.8: + * Add support for AES-XTS cipher + * Fix calculation of Streebog digests + * During Diffie-Hellman operations in TLS, verify that the peer's + public key is on the right subgroup (y^q=1 mod p), when q is + available (under TLS 1.3 and under earlier versions when RFC7919 + parameters are used). + * Apply STD3 ASCII rules in gnutls_idna_map() to prevent + hostname/domain crafting via IDNA conversion + * certtool: allow the digital signature key usage flag in CA + certificates + * gnutls-cli/serv: add the --keymatexport and --keymatexportsize + options. These allow testing the RFC5705 using these tools +- drop patches to re-enable tests: + * disable-psk-file-test.patch + * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch + +------------------------------------------------------------------- +Thu Apr 4 20:31:19 UTC 2019 - Jan Engelhardt + +- Trim useless %if..%endif guards that do not affect the build. +- Fix language errors in description again. + +------------------------------------------------------------------- +Thu Apr 4 13:34:03 UTC 2019 - Jason Sikes + +- Update gnutls to 3.6.7 + ** libgnutls, gnutls tools: Every gnutls_free() will automatically set + the free'd pointer to NULL. This prevents possible use-after-free and + double free issues. Use-after-free will be turned into NULL dereference. + The counter-measure does not extend to applications using gnutls_free(). + + ** libgnutls: Fixed a memory corruption (double free) vulnerability in the + certificate verification API. Reported by Tavis Ormandy; addressed with + the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) + + ** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; + Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) + + ** libgnutls: enforce key usage limitations on certificates more actively. + Previously we would enforce it for TLS1.2 protocol, now we enforce it + even when TLS1.3 is negotiated, or on client certificates as well. When + an inappropriate for TLS1.3 certificate is seen on the credentials structure + GnuTLS will disable TLS1.3 support for that session (#690). + + ** libgnutls: the default number of tickets sent under TLS 1.3 was increased to + two. This makes it easier for clients which perform multiple connections + to the server to use the tickets sent by a default server. + + ** libgnutls: enforce the equality of the two signature parameters fields in + a certificate. We were already enforcing the signature algorithm, but there + was a bug in parameter checking code. + + ** libgnutls: fixed issue preventing sending and receiving from different + threads when false start was enabled (#713). + + ** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable + session, as non-writeable security officer sessions are undefined in PKCS#11 + (#721). + + ** libgnutls: no longer send downgrade sentinel in TLS 1.3. + Previously the sentinel value was embedded to early in version + negotiation and was sent even on TLS 1.3. It is now sent only when + TLS 1.2 or earlier is negotiated (#689). + + ** gnutls-cli: Added option --logfile to redirect informational messages output. + +- Disabled dane support in SLE since dane is not shipped there + +- Changed configure script to hardware guile site directory since command-line + option '--with-guile-site-dir=' was removed from the configure script. + + ** Added gnutls-3.6.6-set_guile_site_dir.patch + +- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix + compilation issues on PPC + +------------------------------------------------------------------- +Mon Feb 4 12:41:43 UTC 2019 - Vítězslav Čížek + +- Update to 3.6.6 + ** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits + on the public key (#640). + ** libgnutls: Added support for raw public-key authentication as defined in RFC7250. + Raw public-keys can be negotiated by enabling the corresponding certificate + types via the priority strings. The raw public-key mechanism must be explicitly + enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). + ** libgnutls: When on server or client side we are sending no extensions we do + not set an empty extensions field but we rather remove that field competely. + This solves a regression since 3.5.x and improves compatibility of the server + side with certain clients. + ** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if + the CKA_SIGN is not set (#667). + ** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely + disable extensions at all cases, while providing a functional session. This + also implies that when specified, TLS1.3 is disabled. + ** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. + The previous definition was non-functional (#609). +- drop no longer needed gnutls-enbale-guile-2.2.patch +- refresh disable-psk-file-test.patch + +------------------------------------------------------------------- +Wed Jan 2 13:36:26 UTC 2019 - Vítězslav Čížek + +- Update to 3.6.5 + ** libgnutls: Provide the option of transparent re-handshake/reauthentication + when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). + ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) + ** libgnutls: The priority functions will ignore and not enable TLS1.3 if + requested with legacy TLS versions enabled but not TLS1.2. That is because + if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) + servers which do not support TLS1.3 will negotiate TLS1.2 which will be + rejected by the client as disabled (#621). + ** libgnutls: Change RSA decryption to use a new side-channel silent function. + This addresses a security issue where memory access patterns as well as timing + on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher + attacks. Side-channel resistant code is slower due to the need to mask + access and timings. When used in TLS the new functions cause RSA based + handshakes to be between 13% and 28% slower on average (Numbers are indicative, + the tests where performed on a relatively modern Intel CPU, results vary + depending on the CPU and architecture used). This change makes nettle 3.4.1 + the minimum requirement of gnutls (#630). [CVSS: medium] + ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword + in the priority string. It is only accepted as legacy option and is ignored. + ** libgnutls: Added support for EdDSA under PKCS#11 (#417) + ** libgnutls: Added support for AES-CFB8 cipher (#357) + ** libgnutls: Added support for AES-CMAC MAC (#351) + ** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers + have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D + S-BOXes). They are fixed now. + ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private + keys parsing, as specified in R 50.1.112-2016. + ** gnutls-serv: It applies the default settings when no --priority option is given, + using gnutls_set_default_priority(). + ** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin + option (#561) + ** certtool: Add parameter --no-text that prevents certtool from outputting + text before PEM-encoded private key, public key, certificate, CRL or CSR. +- minimum required libnettle is now 3.4.1 +- refresh + * disable-psk-file-test.patch + * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch + +------------------------------------------------------------------- +Tue Nov 27 13:46:27 UTC 2018 - jbrielmaier@suse.de + +- search for guile-2.2 during configure, part of boo#1117121 + add patches: + * gnutls-enbale-guile-2.2.patch: search for guile-2.2 + refresh patches: + * disable-psk-file-test.patch: disable psk-file in Makefile.am + +------------------------------------------------------------------- +Mon Oct 15 15:41:42 UTC 2018 - Vítězslav Čížek + +- Temporarily disable failing psk-file test (race condition) + * add disable-psk-file-test.patch + +------------------------------------------------------------------- +Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal + +- Version update to 3.6.4 (bsc#1111757): + ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with + gnutls_certificate_set_retrieve_function() which could not handle the case where + no certificates were returned, or the callbacks were set to NULL (see #528). + ** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + ** libgnutls: Added session ticket key rotation on server side with TOTP. + The key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + ** libgnutls: The 'record size limit' extension is added and preferred to the + 'max record size' extension when possible. + ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), + gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import + and export GOST parameters in the "native" little endian format used for these + curves. This is an intentional incompatible change with 3.6.3. + ** libgnutls: Added support for seperately negotiating client and server certificate types + as defined in RFC7250. This mechanism must be explicitly enabled via the + GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). +- Drop upstreamed patch: + * gnutls-3.6.3-backport-upstream-fixes.patch + +------------------------------------------------------------------- +Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de + +- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch + test/Makefile.in as autoreconf does not work + +------------------------------------------------------------------- +Fri Sep 14 13:07:41 UTC 2018 - Luis Henriques + +- Backport of upstream fixes (boo#1108450) + * gnutls-3.6.3-backport-upstream-fixes.patch + Fixes taken from upstream commits: + ** 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function") + ** 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks") + ** 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello") + The patch was taken from https://github.com/weechat/weechat/issues/1231 + +------------------------------------------------------------------- +Wed Aug 22 15:40:33 UTC 2018 - vcizek@suse.com + +- Update to 3.6.3 + Fixes security issues: + CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, CVE-2017-10790 + (bsc#1105437, bsc#1105460, bsc#1105459, bsc#1047002) + Other Changes: + ** libgnutls: Introduced support for draft-ietf-tls-tls13-28 + ** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or + earlier and TLS 1.3. + ** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. + ** Provide a uniform cipher list across supported TLS protocols + ** The SSL 3.0 protocol is disabled on compile-time by default. + ** libgnutls: Introduced function to switch the current FIPS140-2 operational + mode + ** libgnutls: Introduced low-level function to assist applications attempting client + hello extension parsing, prior to GnuTLS' parsing of the message. + ** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no + modifications to the certificate. + ** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups + which are preferred by the server. + ** Improved counter-measures for TLS CBC record padding. + ** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation + of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. + ** libgnutls: gnutls_privkey_import_ext4() was enhanced with the + GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. + ** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, + gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default + unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API + change for these functions which make them err towards safety. + ** libgnutls: improved aarch64 cpu features detection by using getauxval(). + ** certtool: It is now possible to specify certificate and serial CRL numbers greater + than 2**63-2 as a hex-encoded string both when prompted and in a template file. + Default certificate serial numbers are now fully random. +- don't run autoreconf to avoid pulling in gtk-doc + +------------------------------------------------------------------- +Tue Jul 31 10:04:17 UTC 2018 - schwab@suse.de + +- Require pkgconfig(autoopts) for building + +------------------------------------------------------------------- +Thu Mar 29 10:01:31 UTC 2018 - vcizek@suse.com + +- Simplify the DANE support %ifdef condition + * build with DANE on openSUSE only + +------------------------------------------------------------------- +Mon Mar 26 16:17:55 UTC 2018 - jengelh@inai.de + +- Adjust RPM groups. Drop %if..%endif guards that are idempotent. + +------------------------------------------------------------------- +Fri Mar 23 11:20:59 UTC 2018 - vcizek@suse.com + +- build without DANE support on SLE-15, as it doesn't have unbound + (bsc#1086428) + +------------------------------------------------------------------- +Fri Mar 23 11:10:59 UTC 2018 - vcizek@suse.com + +- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch + the dtls-resume test still keeps randomly failing on PPC + +------------------------------------------------------------------- +Fri Mar 23 01:42:49 CET 2018 - ro@suse.de + +- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch + patch does not apply any more and apparently the build + suceeds even if the formerly flaky testcase is run (bsc#1086579) + +------------------------------------------------------------------- +Thu Mar 15 06:52:49 UTC 2018 - meissner@suse.com + +- gnutls.keyring: Nikos key refreshed to be unexpired + +------------------------------------------------------------------- +Tue Mar 13 14:48:56 UTC 2018 - kbabioch@suse.com + +- GnuTLS 3.6.2: + * libgnutls: When verifying against a self signed certificate ignore issuer. + That is, ignore issuer when checking the issuer's parameters strength, + resolving issue #347 which caused self signed certificates to be + additionally marked as of insufficient security level. + * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data + MTU calculation now, it correctly accounts for the fixed overhead due to + padding (as 1 byte), while at the same time considers the rest of the + padding as part of data MTU. + * libgnutls: Address issue of loading of all PKCS#11 modules on startup + on systems with a PKCS#11 trust store (as opposed to a file trust store). + Introduced a multi-stage initialization which loads the trust modules, and + other modules are deferred for the first pure PKCS#11 request. + * libgnutls: The SRP authentication will reject any parameters outside + RFC5054. This protects any client from potential MitM due to insecure + parameters. That also brings SRP in par with the RFC7919 changes to + Diffie-Hellman. + * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters + for SRP authentication. + * libgnutls: Addressed issue in the accelerated code affecting + interoperability with versions of nettle >= 3.4. + * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. + * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by + Vitezslav Cizek). + * srptool: the --create-conf option no longer includes 1024-bit parameters. + * p11tool: Fixed the deletion of objects in batch mode. +- Dropped gnutls-check_aes_keysize.patch as it is included upstream now. +------------------------------------------------------------------- +Thu Feb 22 15:10:33 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Wed Feb 7 11:08:54 UTC 2018 - vcizek@suse.com + +- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303) + * add gnutls-check_aes_keysize.patch + +------------------------------------------------------------------- +Wed Nov 1 15:13:55 UTC 2017 - astieger@suse.com + +- GnuTLS 3.6.1: + * Fix interoperability issue with openssl when safe renegotiation + was used + * gnutls_x509_crl_sign, gnutls_x509_crt_sign, + gnutls_x509_crq_sign, were modified to sign with a better + algorithm than SHA1. They will now sign with an algorithm that + corresponds to the security level of the signer's key. + * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() + accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That + will signal the function to auto-detect an appropriate hash + algorithm to use. + * Remove support for signature algorithms using SHA2-224 in TLS. + TLS 1.3 no longer uses SHA2-224 and it was never a widespread + algorithm in TLS 1.2 + * Refuse to use client certificates containing disallowed + algorithms for a session, reverting a change on 3.5.5 + * Refuse to resume a session which had a different SNI advertised + That improves RFC6066 support in server side. + * p11tool: Mark all generated objects as sensitive by default. + * p11tool: added options --sign-params and --hash. This allows + testing signature with multiple algorithms, including RSA-PSS. + +------------------------------------------------------------------- +Wed Sep 20 12:36:16 UTC 2017 - vcizek@suse.com + +- Disable flaky dtls_resume test on Power + * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch + +------------------------------------------------------------------- +Mon Sep 18 11:47:23 UTC 2017 - astieger@suse.com + +- GnuTLS 3.6.0: + * Introduce a lock-free random generator which operates per- + thread and eliminates random-generator related bottlenecks in + multi-threaded operation. + * Replace the Salsa20 random generator with one based on CHACHA. + The goal is to reduce code needed in cache (CHACHA is also + used for TLS), and the number of primitives used by the + library. That does not affect the AES-DRBG random generator + used in FIPS140-2 mode. + * Add support for RSA-PSS key type as well as signatures in + certificates, and TLS key exchange + * Add support for Ed25519 signing in certificates and TLS key + exchange following draft-ietf-tls-rfc4492bis-17 + * Enable X25519 key exchange by default, following + draft-ietf-tls-rfc4492bis-17. + * Add support for Diffie-Hellman group negotiation following + RFC7919. + * Introduce various sanity checks on certificate import + * Introduce gnutls_x509_crt_set_flags(). This function can set + flags in the crt structure. The only flag supported at the + moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the + certificate sanity checks on import. + * PKIX certificates with unknown critical extensions are rejected + on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS + * Refuse to generate a certificate with an illegal version, or an + illegal serial number. That is, gnutls_x509_crt_set_version() + and gnutls_x509_crt_set_serial(), will fail on input considered + to be invalid in RFC5280. + * Call to gnutls_record_send() and gnutls_record_recv() prior to + handshake being complete are now refused + * Add support for PKCS#12 files with no salt (zero length) in + their password encoding, and PKCS#12 files using SHA384 and + SHA512 as MAC. + * libgnutls: Exported functions to encode and decode DSA and ECDSA + r,s values. + * Add new callback setting function to gnutls_privkey_t for + external keys. The new function (gnutls_privkey_import_ext4), + allows signing in addition to previous algorithms (RSA PKCS#1 + 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys. + * Introduce the %VERIFY_ALLOW_BROKEN and + %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These + allows enabling all broken and SHA1-based signature algorithms + in certificate verification, respectively. + * 3DES-CBC is no longer included in the default priorities list. + It has to be explicitly enabled, e.g., with a string like + "NORMAL:+3DES-CBC". + * SHA1 was marked as insecure for signing certificates. + Verification of certificates signed with SHA1 is now considered + insecure and will fail, unless flags intended to enable broken + algorithms are set. Other uses of SHA1 are still allowed. + * RIPEMD160 was marked as insecure for certificate signatures. + Verification of certificates signed with RIPEMD160 hash + algorithm is now considered insecure and will fail, unless + flags intended to enable broken algorithms are set. + * No longer enable SECP192R1 and SECP224R1 by default on TLS + handshakes. These curves were rarely used for that purpose, + provide no advantage over x25519 and were deprecated by TLS 1.3. + * Remove support for DEFLATE, or any other compression method. + * OpenPGP authentication was removed; the resulting library is ABI + compatible, with the openpgp related functions being stubs that + fail on invocation. + Drop gnutls-broken-openpgp-tests.patch, no longer required. + * Remove support for libidn (i.e., IDNA2003); gnutls can now be + compiled only with libidn2 which provides IDNA2008. + * certtool: The option '--load-ca-certificate' can now accept + PKCS#11 URLs in addition to files. + * certtool: The option '--load-crl' can now be used when + generating PKCS#12 files (i.e., in conjunction with '--to-p12' option). + * certtool: Keys with provable RSA and DSA parameters are now + only read and exported from PKCS#8 form, following + draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. + This removes support for the previous a non-standard key format. + * certtool: Added support for generating, printing and handling + RSA-PSS and Ed25519 keys and certificates. + * certtool: the parameters --rsa, --dsa and --ecdsa to + --generate-privkey are now deprecated, replaced by the + --key-type option. + * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa + options were replaced by the --generate-privkey option. + * psktool: Generate 256-bit keys by default. + * gnutls-server: Increase request buffer size to 16kb, and added + the --alpn and --alpn-fatal options, allowing testing of ALPN + negotiation. + * Enables FIPS 140-2 mode during build + +------------------------------------------------------------------- +Mon Sep 11 10:37:44 UTC 2017 - dimstar@opensuse.org + +- Buildrequire iproute2: the test suite calls /usr/bin/ss and as + such we have to ensure to pull it in. + +------------------------------------------------------------------- +Tue Aug 22 18:49:47 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.15: + * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode + * certtool: Keys with provable RSA and DSA parameters are now + only exported in PKCS#8 form + +------------------------------------------------------------------- +Wed Jul 12 11:23:30 UTC 2017 - jengelh@inai.de + +- RPM group fix. Diversification of summaries. +- Avoid aims and future plans in description. Say what it does now. + +------------------------------------------------------------------- +Fri Jul 7 11:22:02 UTC 2017 - tchvatal@suse.com + +- Drop the deprecated openssl compat ; discussed and suggested by + vcizek +- Cleanup a bit with spec-cleaner + +------------------------------------------------------------------- +Tue Jul 4 10:51:35 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.14: + * Handle specially HSMs which request explicit authentication + * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs + * do not set leading zeros when copying integers on HSMs + * Fix issue discovering certain OCSP signers, and improved the + discovery of OCSP signer in the case where the Subject Public + Key identifier field matches + * ensure OCSP responses are saved with --save-ocsp even if + certificate verification fails. + +------------------------------------------------------------------- +Thu Jun 8 22:51:06 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.13: + * libgnutls: fixed issue with AES-GCM in-place encryption and + decryption in aarch64 + * libgnutls: no longer parse the ResponseID field of the status + response TLS extension. The field is not used by GnuTLS nor is + made available to calling applications. That addresses a null + pointer dereference on server side caused by packets containing + the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398 + * libgnutls: tolerate certificates which do not have strict DER + time encoding. It is possible using 3rd party tools to generate + certificates with time fields that do not conform to DER + requirements. Since 3.4.x these certificates were rejected and + cannot be used with GnuTLS, however that caused problems with + existing private certificate infrastructures, which were + relying on such certificates. Tolerate reading and using these + certificates. + * minitasn1: updated to libtasn1 4.11. + * certtool: allow multiple certificates to be used in --p7-sign + with the --load-certificate option + +------------------------------------------------------------------- +Sun Jun 4 19:52:56 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.12: + * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches + IP addresses against DNS fields of certificate (CN or DNSname). + The previous behavior was to tolerate some misconfigured + servers, but that was non-standard and skipped any IP + constraints present in higher level certificates. + * libgnutls: when converting to IDNA2008, fallback to IDNA2003 + (i.e., transitional encoding) if the domain cannot be converted. + That provides maximum compatibility with browsers like firefox + that perform the same conversion. + * libgnutls: fix issue in RSA-PSK client callback which resulted + in no username being sent to the peer + * libgnutls: fix regression causing stapled extensions in trust + modules not to be considered. + * certtool: introduced the email_protection_key option. This + option was introduced in documentation for certtool without an + implementation of it. It is a shortcut for option + 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'. + * certtool: made printing of key ID and key PIN consistent + between certificates, public keys, and private keys. That is + the private key printing now uses the same format as the rest. + * gnutls-cli: introduced the --sni-hostname option. This allows + overriding the hostname advertised to the peer. + +------------------------------------------------------------------- +Thu May 18 08:44:18 UTC 2017 - astieger@suse.com + +- skip trust-store tests to avoid build cycle with + ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch + +------------------------------------------------------------------- +Tue May 9 19:55:33 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.11: + * gnutls.pc: do not include libtool options into Libs.private. + * libgnutls: Fixed issue when rehandshaking without a client certificate in + a session which initially used one + * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP + certificate parsing (bsc#1038337) + * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access. + That allows PKCS#11 operations such as signing to be performed with the + same object from multiple threads. + * libgnutls: when disabling OpenPGP authentication, the resulting library + is ABI compatible (will openpgp related functions being stubs that fail + on invocation). + +------------------------------------------------------------------- +Sat Apr 29 20:03:38 UTC 2017 - bwiedemann@suse.com + +- call gzip -n to make build fully reproducible + +------------------------------------------------------------------- +Wed Apr 26 14:53:45 UTC 2017 - vcizek@suse.com + +- update to 3.5.10 + * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173 + * gnutls.pc: do not include libidn2 in Requires.private + * libgnutls: optimized access to subject alternative names (SANs) in parsed + certificates + * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469 + when printing certificate information. + * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify() + flags can be set from the gnutls_certificate_verify_flags enumeration. + This allows the functions to pass the same flags available for certificates + to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or + GNUTLS_VERIFY_ALLOW_BROKEN). + * libgnutls: gnutls_store_commitment() can accept flag + GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate + in applications which use SHA1 for example, after SHA1 is deprecated. + * certtool: No longer ignore the 'add_critical_extension' template option if + the 'add_extension' option is not present. + * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the + starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream) +- drop gnutls-3.5.9-pkgconfig.patch (upstream) +- remove unknown --disable-srp flag (bsc#901857) + +------------------------------------------------------------------- +Wed Apr 26 14:53:06 UTC 2017 - vcizek@suse.com + +- disable the deprecated OpenPGP authentication support + * see https://gitlab.com/gnutls/gnutls/issues/102 +- add gnutls-broken-openpgp-tests.patch + +------------------------------------------------------------------- +Mon Feb 20 09:52:38 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.9: + * libgnutls: OpenPGP references removed, functionality deprecated + * libgnutls: Improve detection of AVX support + * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897 + * p11tool: re-use ID from corresponding objects when writing + certificates. + * API and ABI modifications: + gnutls_idna_map: Added + gnutls_idna_reverse_map: Added +- prevent pkgconfig issues due to libidn2 when building with GnuTLS + add gnutls-3.5.9-pkgconfig.patch + +------------------------------------------------------------------- +Mon Jan 9 10:07:19 UTC 2017 - meissner@suse.com + +- Version 3.5.8 (released 2016-01-09) + * libgnutls: Ensure that multiple calls to the gnutls_set_priority_* + functions will not leave the verification profiles field to an + undefined state. The last call will take precedence. + * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned + by PKCS#8 decryption functions when an invalid key is provided. This + addresses regression on decrypting certain PKCS#8 keys. + * libgnutls: Introduced option to override the default priority string + used by the library. The intention is to allow support of system-wide + priority strings (as set with --with-system-priority-file). The + configure option is --with-default-priority-string. + * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption. + This prevents crashes when decrypting malformed PKCS#8 keys. + * libgnutls: Fix crash on the loading of malformed private keys with certain + parameters set to zero. + * libgnutls: Fix double free in certificate information printing. If the PKIX + extension proxy was set with a policy language set but no policy specified, + that could lead to a double free. + * libgnutls: Addressed memory leaks in client and server side error paths + (issues found using oss-fuzz project) + * libgnutls: Addressed memory leaks in X.509 certificate printing error paths + (issues found using oss-fuzz project) + * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate + parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) + * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. + (issues found using oss-fuzz project) + +- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2 +------------------------------------------------------------------- +Sun Dec 18 16:28:51 UTC 2016 - astieger@suse.com + +- GnuTLS 3.5.7, the next stable branch, with the following + highlights: + * SHA3 as a certificate signature algorithm + * X25519 (formerly curve25519) for ephemeral EC diffie-hellman + key exchange + * TLS false start + * New APIs to access the Shawe-Taylor-based provable RSA and DSA + parameter generation + * Prevent the change of identity on rehandshakes by default + +------------------------------------------------------------------- +Sun Dec 18 12:56:15 UTC 2016 - astieger@suse.com + +- GnuTLS 3.4.17: + * libgnutls: Introduced time and constraints checks in the end + certificate in the gnutls_x509_crt_verify_data2() and + gnutls_pkcs7_verify_direct() functions. + * libgnutls: Set limits on the maximum number of alerts handled. + That is, applications using gnutls could be tricked into an + busy loop if the peer sends continuously alert messages. + Applications which set a maximum handshake time (via + gnutls_handshake_set_timeout) will eventually recover but + others may remain in a busy loops indefinitely. This is related + but not identical to CVE-2016-8610, due to the difference in + alert handling of the libraries (gnutls delegates that handling + to applications). boo#1005879 + * libgnutls: Enhanced the PKCS#7 parser to allow decoding old + (pre-rfc5652) structures with arbitrary encapsulated content. + * libgnutls: Backported cipher priorities order from 3.5.x branch + That adds CHACHA20-POLY1305 ciphersuite to SECURE priority + strings. + * certtool: When exporting a CRQ in DER format ensure no text data + are intermixed. + * API and ABI modifications: + gnutls_pkcs7_get_embedded_data_oid: Added +- includes changes from 3.4.16: + * libgnutls: Ensure proper cleanups on + gnutls_certificate_set_*key() failures due to key mismatch. + This prevents leaks or double freeing on such failures. + * libgnutls: Increased the maximum size of the handshake message + hash. This will allow the library to cope better with larger + packets, as the ones offered by current TLS 1.3 drafts. + * libgnutls: Allow to use client certificates despite them + containing disallowed algorithms for a session. That allows for + example a client to use DSA-SHA1 due to his old DSA + certificate, without requiring him to enable DSA-SHA1 (and thus + make it acceptable for the server's certificate). + * guile: Backported all improvements from 3.5.x branch. + * guile: Update code to the I/O port API of Guile >= 2.1.4 + This makes sure the GnuTLS bindings will work with the + forthcoming 2.2 stable series of Guile, of which 2.1 is a + preview. + +------------------------------------------------------------------- +Sun Oct 2 16:13:59 UTC 2016 - ecsos@opensuse.org + +- GnuTLS 3.4.15: + * libgnutls: Corrected the comparison of the serial size in OCSP + response. Previously the OCSP certificate check wouldn't verify + the serial length and could succeed in cases it shouldn't + (GNUTLS-SA-2016-3). + * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was + ignoring flags if all certificates in the list fit within the + initially allocated memory. + * libgnutls: Corrected issue which made + gnutls_certificate_get_x509_crt() to return invalid pointers + when returned more than a single certificate. + * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the + complete chain. + * libgnutls: Added support for decrypting PKCS#8 files which use + the HMAC-SHA256 as PRF. + * libgnutls: Addressed issue with PKCS#11 signature generation on + ECDSA keys. The signature is now written as unsigned integers + into the DSASignatureValue structure. Previously signed + integers could be written depending on what the underlying + module would produce. Addresses #122. +- fix build error for 13.2, 42.1 and 42.2 + +------------------------------------------------------------------- +Sat Jul 9 21:18:21 UTC 2016 - astieger@suse.com + +- GnuTLS 3.4.14: + * libgnutls: Address issue when utilizing the p11-kit trust store + for certificate verification (GNUTLS-SA-2016-2, boo#988276) + * libgnutls: Fixed DTLS handshake packet reconstruction. + * libgnutls: Fixed issues with PKCS#11 reading of sensitive + objects from SafeNet Network HSM + * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER +- drop upstreamed + 0001-tests-use-datefudge-in-name-constraints-test.patch + +------------------------------------------------------------------- +Thu Jun 30 08:38:05 UTC 2016 - vcizek@suse.com + +- Fix a problem with expired test certificate by using datefudge + (boo#987139) + * add 0001-tests-use-datefudge-in-name-constraints-test.patch + +------------------------------------------------------------------- +Tue Jun 7 05:52:13 UTC 2016 - meissner@suse.com + +- Version 3.4.13 (released 2016-06-06) + * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with + NSS instead of using a separate variable; in addition append any keys to + the file instead of overwriting it. + * libgnutls: use secure_getenv() where available to obtain environment + variables. Addresses GNUTLS-SA-2016-1. +- Version 3.4.12 (released 2016-05-20) + * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This + cipher is prioritized after AES-GCM. + * libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). + * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the + GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that + operation could fail on certain PKCS#11 modules. + * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url() + can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. + * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS + name of the certificates if the provided names are NULL. + * libgnutls: when receiving SNI names, only save and expose to application + the supported DNS names. + * libgnutls: when importing the certificate names at the + gnutls_certificate_set* functions, only consider the CN as a fallback + if DNS names are provided via the alternative name extension. + * gnutls-cli: on OCSP verification do not fail if we have a single valid + reply. Report and reproducer by Thomas Klute. + * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to + log session keys in client side. These session keys are compatible with + the NSS Key Log Format and can be used to decrypt the session for + debugging using wireshark. + +------------------------------------------------------------------- +Sat Apr 23 16:58:53 UTC 2016 - sleep_walker@opensuse.org + +- enabled guile support +- removed duplicates + +------------------------------------------------------------------- +Mon Apr 11 09:18:26 UTC 2016 - meissner@suse.com + +- Updated to 3.4.11 + * Version 3.4.11 (released 2016-04-11) + ** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. + Reported by Fridolin Pokorny. + ** libgnutls: Fixes in DSA key generation under PKCS #11. Report and + patches by Jan Vcelak. + ** libgnutls: Corrected behavior of ALPN extension parsing during + session resumption. Report and patches by Yuriy M. Kaminskiy. + ** libgnutls: Corrected regression (since 3.4.0) in + gnutls_server_name_set() which caused it not to accept non-null- + terminated hostnames. Reported by Tim Ruehsen. + ** libgnutls: Corrected printing of the IP Adress name constraints. + ** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers + serving chunk encoding which ocsptool doesn't support. Reported by + Thomas Klute. + ** certtool: do not require a CA for OCSP signing tag. This follows the + recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate + OCSP signing to another certificate without requiring it to be a CA. + Reported by Thomas Klute. + + * Version 3.4.10 (released 2016-03-03) + ** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes + to be used with hashing functions. + ** libgnutls: Corrected leaks and other issues in + gnutls_x509_crt_list_import(). + ** libgnutls: Fixes in DSA key handling for PKCS #11. Report and + patches by Jan Vcelak. + ** libgnutls: Several fixes to prevent relying on undefined behavior + of C (found with libubsan). + + * Version 3.4.9 (released 2016-02-03) + ** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would + negotiate the last commonly supported protocol, rather than the + first. Reported by Remi Denis-Courmont (#63). + ** libgnutls: Tolerate empty DN fields in informational output + functions. + ** libgnutls: Corrected regression causes by incorrect fix in + gnutls_x509_ext_export_key_usage() at 3.4.8 release. + +------------------------------------------------------------------- +Thu Feb 18 16:00:30 UTC 2016 - mrueckert@suse.de + +- follow the work in the unbound package and use the + libunbound-devel symbol for the buildrequires. we override it for + the distro build with libunbound-devel-mini to avoid build loops. + +------------------------------------------------------------------- +Mon Feb 1 22:07:00 UTC 2016 - meissner@suse.com + +- reenable dane support, require unbound-devel bsc#964346 +- split out libgnutls-dane-devel to try to avoid build cycle. + +------------------------------------------------------------------- +Mon Jan 18 13:25:54 UTC 2016 - idonmez@suse.com + +- Update to 3.4.8 + All changes since 3.4.4: + * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() + when used with PKCS #11 keys. + * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import + their public keys from either a public key object or a certificate. + That is, because private keys do not contain all the required + parameters for a direct import. + * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 + tokens. + * libgnutls: Fixed out-of-bounds read in + gnutls_x509_ext_export_key_usage() + * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to + conform to draft-ietf-tls-chacha20-poly1305-02. + * libgnutls: Several fixes in PKCS #7 signing which improve + compatibility with the MacOSX tools. + * libgnutls: The max-record extension not negotiated on DTLS. This + resolves issue with the max-record being negotiated but ignored. + * certtool: Added the --p7-include-cert and --p7-show-data options. + * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 + ciphersuites. This solves an interoperability issue with openssl. + * libgnutls: Corrected the setting of salt size in + gnutls_pkcs12_mac_info(). + * libgnutls: On a rehandshake allow switching from anonymous to ECDHE + and DHE ciphersuites. + * libgnutls: Corrected regression from 3.3.x which prevented + ARCFOUR128 from using arbitrary key sizes. + * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs + skipping the implicit global initialization. + * gnutls.pc: Don't include libtool specific options to link flags. + * tools: Better support for FTP AUTH TLS negotiation + * libgnutls: Added new simple verification functions. That avoids the + need to install a callback to perform certificate verification. See + doc/examples/ex-client-x509.c for usage. + * libgnutls: Introduced the security parameter 'future' which is at + the 256-bit level of security, and 'ultra' was aligned to its + documented size at 192-bits. + * libgnutls: When writing a certificate into a PKCS #11 token, ensure + that CKA_SERIAL_NUMBER and CKA_ISSUER are written. + * libgnutls: Allow the presence of legacy ciphers and key exchanges in + priority strings and consider them a no-op. + * libgnutls: Handle the extended master secret as a mandatory + extension. That fixes incompatibility issues with Chromium (#45). + * libgnutls: Added the ability to copy a public key into a PKCS #11 + token. + * tools: Added support for LDAP and XMPP negotiation for STARTTLS. + * p11tool: Allow writing a public key into a PKCS #11 token. + * certtool: Key generation security level was switched to HIGH. That + is, by default the tool generates 3072 bit keys for RSA and DSA. + * libgnutls: When re-importing CRLs to a trust list ensure that there + no duplicate entries. + * certtool: Removed any arbitrary limits imposed on input file sizes + and maximum number of certificates imported. + * certtool: Allow specifying fixed dates on CRL generation. + * gnutls-cli-debug: Added check for inappropriate fallback support + (RFC7507). + +------------------------------------------------------------------- +Tue Aug 18 22:40:28 UTC 2015 - astieger@suse.com + +- Update to 3.4.4 + This update contains a fix for a denial of service vulnerability: + * Allow the parsing of very long DNs. Also fixes double free + in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251 + Other changes: + * Add high level API (gnutls_prf_rfc5705) to access the PRF as + specified by RFC5705. + * Link to trousers (TPM library) dynamically when this + functionality is requested. (disabled in SUSE package) + * Fix issue with server side sending the status request extension + even when not requested. + * Add support for RFC7507 by introducing the %FALLBACK_SCSV + priority string option. + * gnutls_pkcs11_privkey_generate2() will store the generated + public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY + flag is specified. + * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback. + * API and ABI modifications: + gnutls_prf_rfc5705: Added + gnutls_hex_encode2: Added + gnutls_hex_decode2: Added +- build with autogen for libopts compatibility +- fix failures in test suite, add upstream commits + 0001-certtool-lifted-limits-on-file-size-to-load.patch + 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch + +------------------------------------------------------------------- +Thu Jul 30 15:39:34 UTC 2015 - vcizek@suse.com + +- update to 3.4.3 + ** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for + dates prior to 2050. + ** libgnutls: Force 16-byte alignment to all input to ciphers (previously it + was done only when cryptodev was enabled). + ** libgnutls: Removed support for pthread_atfork() as it has undefined + semantics when used with dlopen(), and may lead to a crash. + ** libgnutls: corrected failure when importing plain files + with gnutls_x509_privkey_import2(), and a password was provided. + ** libgnutls: Don't reject certificates if a CA has the URI or IP address + name constraints, and the end certificate doesn't have an IP address + name or a URI set. + ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. + ** p11tool: Added --list-token-urls option, and print the token module name + in list-tokens. + ** libgnutls: DTLS blocking API is more robust against infinite blocking, + and will notify of more possible timeouts. + ** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported + by Manuel Pegourie-Gonnard. + ** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That + allows to disable SIGPIPE for writes done within gnutls. + ** libgnutls: Enhanced the PKCS #7 API to allow signing and verification + of structures. API moved to gnutls/pkcs7.h header. + ** certtool: Added options to generate PKCS #7 bundles and signed + structures. +- includes changes from 3.4.2: + * DTLS blocking API is more robust against infinite blocking, + and will notify of more possible timeouts. + * Correct regression with Camellia-256-GCM cipher. + * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That + allows to disable SIGPIPE for writes done within gnutls. + * Enhance the PKCS #7 API to allow signing and verification + of structures. Move API to gnutls/pkcs7.h header. + * certtool: Added options to generate PKCS #7 bundles and signed + structures. + +------------------------------------------------------------------- +Tue May 5 19:06:29 UTC 2015 - dmueller@suse.com + +- disable testsuite run against valgrind on aarch64 + +------------------------------------------------------------------- +Tue May 5 12:40:11 UTC 2015 - meissner@suse.com + +- Updated to 3.4.1 (released 2015-05-03) + + ** libgnutls: gnutls_certificate_get_ours: will return the certificate even + if a callback was used to send it. + ** libgnutls: Check for invalid length in the X.509 version field. Without + the check certificates with invalid length would be detected as having an + arbitrary version. Reported by Hanno Böck. + ** libgnutls: Handle DNS name constraints with a leading dot. Patch by + Fotis Loukos. + ** libgnutls: Updated system-keys support for windows to compile in more + versions of mingw. Patch by Tim Kosse. + ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by + Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690 + ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout + by default. That caused issues with non-blocking programs. + ** certtool: It can generate SHA256 key IDs. + ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. + ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added + +- gnutls-fix-double-mans.patch: fixed upstream + +------------------------------------------------------------------- +Sun Apr 26 08:54:53 UTC 2015 - schwab@linux-m68k.org + +- Disable buggy valgrind on armv7l + +------------------------------------------------------------------- +Sun Apr 12 10:16:33 UTC 2015 - meissner@suse.com + +- updated to 3.4.0 (released 2015-04-08) + + ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) + ciphersuites. The former are enabled by default, the latter need to be + explicitly enabled, since they reduce the overall security level. + + ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following + draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. + That is currently provided as technology preview and is not enabled by + default, since there are no assigned ciphersuite points by IETF and there + is no guarrantee of compatibility between draft versions. The ciphersuite + priority string to enable it is "+CHACHA20-POLY1305". + + ** libgnutls: Added support for encrypt-then-authenticate in CBC + ciphersuites (RFC7366 -taking into account its errata text). This is + enabled by default and can be disabled using the %NO_ETM priority + string. + + ** libgnutls: Added support for the extended master secret + (triple-handshake fix) following draft-ietf-tls-session-hash-02. + + ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). + + ** libgnutls: SSL 3.0 is no longer included in the default priorities + list. It has to be explicitly enabled, e.g., with a string like + "NORMAL:+VERS-SSL3.0". + + ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities + list. It has to be explicitly enabled, e.g., with a string like + "NORMAL:+ARCFOUR-128". + + ** libgnutls: DSA signatures and DHE-DSS are no longer included in the + default priorities list. They have to be explicitly enabled, e.g., with + a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The + DSA ciphersuites were dropped because they had no deployment at all + on the internet, to justify their inclusion. + + ** libgnutls: The priority string EXPORT was completely removed. The string + was already defunc as support for the EXPORT ciphersuites was removed in + GnuTLS 3.2.0. + + ** libgnutls: Added API to utilize system specific private keys in + "gnutls/system-keys.h". It is currently provided as technology preview + and is restricted to windows CNG keys. + + ** libgnutls: gnutls_x509_crt_check_hostname() and friends will use + RFC6125 comparison of hostnames. That introduces a dependency on libidn. + + ** libgnutls: Depend on p11-kit 0.23.1 to comply with the final + PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). + + ** libgnutls: Depend on nettle 3.1. + + ** libgnutls: Use getrandom() or getentropy() when available. That + avoids the complexity of file descriptor handling and issues with + applications closing all open file descriptors on startup. + + ** libgnutls: Use pthread_atfork() to detect fork when available. + + ** libgnutls: The gnutls_handshake() process will enforce a timeout by + default. + + ** libgnutls: If a key purpose (extended key usage) is specified for verification, + it is applied into intermediate certificates. The verification result + GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. + + ** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in + combination with PKCS #11, or TPM URLs, it will utilize the provided + password as PIN if required. That removes the requirement for the + application to set a callback for PINs in that case. + + ** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are + restricted to the corresponding protocols only, and the VERS-ALL + string is introduced to catch all possible protocols. + + ** libgnutls: Added helper functions to obtain information on PKCS #8 + structures. + + ** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t + will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. + + ** libgnutls: Added functions to export and set the record state. That + allows for gnutls_record_send() and recv() to be offloaded (to kernel, + hardware or any other subsystem). + + ** libgnutls: Added the ability to register application specific URL + types, which express certificates and keys using gnutls_register_custom_url(). + + ** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., + to override AES-GCM using a system-specific accelerator. That is, (crypto.h) + gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), + gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). + + ** libgnutls: Added gnutls_ext_register() to register custom extensions. + Contributed by Thierry Quemerais. + + ** libgnutls: Added gnutls_supplemental_register() to register custom + supplemental data handshake messages. Contributed by Thierry Quemerais. + + ** libgnutls-openssl: it is no longer built by default. + + + ** certtool: Added --p8-info option, which will print PKCS #8 information + even if the password is not available. + + ** certtool: --key-info option will print PKCS #8 encryption information + when available. + + ** certtool: Added the --key-id and --fingerprint options. + + ** certtool: Added the --verify-hostname, --verify-email and --verify-purpose + options to be used in certificate chain verification, to simulate verification + for specific hostname and key purpose (extended key usage). + + ** certtool: --p12-info option will print PKCS #12 MAC and cipher information + when available. + + ** certtool: it will print the A-label (ACE) names in addition to UTF-8. + + ** p11tool: added options --set-id and --set-label. + + ** gnutls-cli: added options --priority-list and --save-cert. + + ** guile: Deprecated priority API has been removed. The old priority API, + which had been deprecated for some time, is now gone; use 'set-session-priorities!' + instead. + + ** guile: Remove RSA parameters and related procedures. This API had been + deprecated. + + ** guile: Fix compilation on MinGW. Previously only the static version of the + 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. + +------------------------------------------------------------------- +Wed Apr 1 14:26:31 UTC 2015 - meissner@suse.com + +- updated to 3.3.13 (released 2015-03-30) + + ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo + structures use BER to decode them (requires libtasn1 4.3). That allows + to decode some more complex structures. + + ** libgnutls: When an end-certificate with no name is present and there + are CA name constraints, don't reject the certificate. This follows RFC5280 + advice closely. Reported by Fotis Loukos. + + ** libgnutls: Fixed handling of supplemental data with types > 255. + Patch by Thierry Quemerais. + + ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate + extension. Reported by Robert Święcki. + + ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That + protocol is not enabled by default (used by openconnect VPN). + + ** libgnutls: The maximum user data send size is set to be the same for + block and non-block ciphersuites. This addresses a regression with wine: + https://bugs.winehq.org/show_bug.cgi?id=37500 + + ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, + and CKA_DECRYPT when needed. + + ** libgnutls: Allow names with zero size to be set using + gnutls_server_name_set(). That will disable the Server Name Indication. + Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 + +- new main library major version .so.30 +- requires new libnettle >= 3.1, p11-kit-devel >= 0.23.1 +- Now need to configure --enable-openssl-compatibility (might go away) +- added gnutls-fix-double-mans.patch: avoid double installing manpages +- dropped gnutls-3.0.26-skip-test-fwrite.patch: does not seem to be needed + anymore +- install_info_delete moved from %postun to %preun + +------------------------------------------------------------------- +Wed Mar 25 20:52:43 UTC 2015 - astieger@suse.com + +- for DANE support, use bcond_with +- for tpm support, same +- note p11-kit >= 0.20.7 requirement +- note libtasn1 3.9 requirement (built-in lib used otherwise) + +------------------------------------------------------------------- +Mon Mar 23 08:51:12 UTC 2015 - meissner@suse.com + +- disable trousers and unbound again for now, as it causes too long + build cycles. + +------------------------------------------------------------------- +Sat Mar 21 07:17:50 UTC 2015 - meissner@suse.com + +- added unbound-devel (for DANE) and trousers-devel (for TPM support) +- removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff +- libgnutls-dane0 new library added + +- updated to 3.3.13 (released 2015-02-25) + ** libgnutls: Enable AESNI in GCM on x86 + ** libgnutls: Fixes in DTLS message handling + ** libgnutls: Check certificate algorithm consistency, i.e., + check whether the signatureAlgorithm field matches the signature + field inside TBSCertificate. + ** gnutls-cli: Fixes in OCSP verification. + +- Version 3.3.12 (released 2015-01-17) + + ** libgnutls: When negotiating TLS use the lowest enabled version in + the client hello, rather than the lowest supported. In addition, do + not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 + is the only protocol supported. That addresses issues with servers that + immediately drop the connection when the encounter SSL 3.0 as the record + version number. See: + http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html + + ** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. + + ** libgnutls: Handle zero length plaintext for VIA PadLock functions. + This solves a potential crash on AES encryption for small size plaintext. + Patch by Matthias-Christian Ott. + + ** libgnutls: In DTLS don't combine multiple packets which exceed MTU. + Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 + + ** libgnutls: In DTLS decode all handshake packets present in a record + packet, in a single pass. Reported by Andreas Schultz. + https://savannah.gnu.org/support/?108712 + + ** libgnutls: When importing a CA file with a PKCS #11 URL, simply + import the certificates, if the URL specifies objects, rather than + treating it as trust module. + + ** libgnutls: When importing a PKCS #11 URL and we know the type of + object we are importing, don't require the object type in the URL. + + ** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 + was used by the server. + + ** certtool: --pubkey-info will also attempt to load a public key from stdin. + + ** gnutls-cli: Added --starttls-proto option. That allows to specify a + protocol for starttls negotiation. + +- Version 3.3.11 (released 2014-12-11) + + ** libgnutls: Corrected regression introduced in 3.3.9 related to + session renegotiation. Reported by Dan Winship. + + ** libgnutls: Corrected parsing issue with OCSP responses. + +- Version 3.3.10 (released 2014-11-10) + + ** libgnutls: Refuse to import v1 or v2 certificates that contain + extensions. + + ** libgnutls: Fixes in usage of PKCS #11 token callback + + ** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used + with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. + Reported by David Woodhouse. + + ** libgnutls: Removed superfluous random generator refresh on every call + of gnutls_deinit(). That reduces load and usage of /dev/urandom. + + ** libgnutls: Corrected issue in export of ECC parameters to X9.63 format. + Reported by Sean Burford [GNUTLS-SA-2014-5]. + + ** libgnutls: When gnutls_global_init() is called for a second time, it + will check whether the /dev/urandom fd kept is still open and matches + the original one. That behavior works around issues with servers that + close all file descriptors. + + ** libgnutls: Corrected behavior with PKCS #11 objects that are marked + as CKA_ALWAYS_AUTHENTICATE. + + ** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. + That option is more compatible than AES or RC4. + +- Version 3.3.9 (released 2014-10-13) + + ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. + Reported by Joseph Peruski. + + ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the + handshake's hash buffer, in applications using the heartbeat extension + or DTLS. Reported by Joeri de Ruiter. + + ** libgnutls: When both a trust module and additional CAs are present + account the latter as well; reported by David Woodhouse. + + ** libgnutls: added GNUTLS_TL_GET_COPY flag for + gnutls_x509_trust_list_get_issuer(). That allows the function to be used + in a thread safe way when PKCS #11 trust modules are in use. + + ** libgnutls: fix issue in DTLS retransmission when session tickets + were in use; reported by Manuel Pégourié-Gonnard. + + ** libgnutls-dane: Do not require the CA on a ca match to be direct CA. + + ** libgnutls: Prevent abort() in library if getrusage() fails. Try to + detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. + + ** guile: new 'set-session-server-name!' procedure; see the manual for + details. + + ** certtool: The authority key identifier will be set in a certificate only + if the CA's subject key identifier is set. + +- Version 3.3.8 (released 2014-09-18) + + ** libgnutls: Updates in the name constraints checks. No name constraints + will be checked for intermediate certificates. As our support for name + constraints is limited to e-mail addresses in DNS names, it is pointless + to check them on intermediate certificates. + + ** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple + object listing would fail completely if a single object could not be exported. + + ** libgnutls: Improved the performance of PKCS #11 object listing/retrieving, + by retrieving them in large batches. Report and suggestion by David + Woodhouse. + + ** libgnutls: Fixed issue with certificates being sanitized by gnutls prior + to signature verification. That resulted to certain non-DER compliant modifications + of valid certificates, being corrected by libtasn1's parser and restructured as + the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from + Codenomicon. + + ** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle + strings with embedded spaces and escaped commas. + + ** libgnutls: when comparing a CA certificate with the trusted list compare + the name and key only instead of the whole certificate. That is to handle + cases where a CA certificate was superceded by a different one with the same + name and the same key. + + ** libgnutls: when verifying a certificate against a p11-kit trusted + module, use the attached extensions in the module to override the CA's + extensions (that requires p11-kit 0.20.7). + + ** libgnutls: In DTLS prevent sending zero-size fragments in certain cases + of MTU split. Reported by Manuel Pégourié-Gonnard. + + ** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows + verifying using a hostname and a purpose (extended key usage). That + enhances PKCS #11 trust module verification, as it can now check the purpose + when this function is used. + + ** libgnutls: Corrected gnutls_x509_crl_verify() which would always report + a CRL signature as invalid. Reported by Armin Burgmeier. + + ** libgnutls: added option --disable-padlock to allow disabling the padlock + CPU acceleration. + + ** p11tool: when listing tokens, list their type as well. + + ** p11tool: when listing objects from a trust module print any attached + extensions on certificates. + +- Version 3.3.7 (released 2014-08-24) + + ** libgnutls: Added function to export the public key of a PKCS #11 + private key. Contributed by Wolfgang Meyer zu Bergsten. + + ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. + That improves compatibility with certain PKCS #11 modules. Contributed by + Wolfgang Meyer zu Bergsten. + + ** libgnutls: When generating a PKCS #11 private key allow setting + the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. + + ** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session + to the key. + + ** libgnutls: bundle replacements of inet_pton and inet_aton if not + available. + + ** libgnutls: initialize parameters variable on PKCS #8 decryption. + + ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 + algorithms. + + ** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 + requirement of checking the Common Name (CN) part of DN only if there is + a single CN present in the certificate. + + ** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used + to force the FIPS mode, when set to 1. + + ** libgnutls: In DTLS ignore only errors that relate to unexpected packets + and decryption failures. + + ** p11tool: Added --info parameter. + + ** certtool: Added --mark-wrap parameter. + + ** danetool: --check will attempt to retrieve the server's certificate + chain and verify against it. + + ** danetool/gnutls-cli-debug: Added --app-proto parameters which can + be used to enforce starttls (currently only SMTP and IMAP) on the connection. + + ** danetool: Added openssl linking exception, to allow linking + with libunbound. + +- Version 3.3.6 (released 2014-07-23) + + ** libgnutls: Use inet_ntop to print IP addresses when available + + ** libgnutls: gnutls_x509_crt_check_hostname and friends will also check + IP addresses, and match documented behavior. Reported by David Woodhouse. + + ** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 + bit parameters. + + ** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens + being usable after a reinitialization. + + ** libgnutls: fixed PKCS #11 private key operations after a fork. + + ** libgnutls: fixed PKCS #11 ECDSA key generation. + + ** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to + explicitly enable/disable the use of certain CPU capabilities. Note that CPU + detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel + CPU. The currently available options are: + 0x1: Disable all run-time detected optimizations + 0x2: Enable AES-NI + 0x4: Enable SSSE3 + 0x8: Enable PCLMUL + 0x100000: Enable VIA padlock + 0x200000: Enable VIA PHE + 0x400000: Enable VIA PHE SHA512 + + ** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. + + ** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. + + ** p11tool: ask for label when one isn't provided. + + ** p11tool: added --batch parameter to disable any interactivity. + + ** p11tool: will not implicitly enable so-login for certain types of + objects. That avoids issues with tokens that require different login + types. + + ** certtool/p11tool: Added the --curve parameter which allows to explicitly + specify the curve to use. + +- Version 3.3.5 (released 2014-06-26) + + ** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). + These functions provide a variant of gnutls_record_recv() that avoids + the final memcpy of data. + + ** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a + faster variant of gnutls_x509_crl_get_crt_serial() when coping with + very large structures. + + ** libgnutls: When the decoding of a printable DN element fails, then treat + it as unknown and print its hex value rather than failing. That works around + an issue in a TURKTRST root certificate which improperly encodes the + X520countryName element. + + ** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number + of certificates present in a PKCS #11 token when loading it. + + ** libgnutls: Allow the post client hello callback to put the handshake on + hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. + + ** certtool: option --to-p12 will now consider --load-ca-certificate + + ** certtol: Added option to specify the PKCS #12 friendly name on command line. + + ** p11tool: Allow marking a certificate copied to a token as a CA. + +- Version 3.3.4 (released 2014-05-31) + + ** libgnutls: Updated Andy Polyakov's assembly code. That prevents a + crash on certain CPUs. + +- Version 3.3.3 (released 2014-05-30) + + ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. + Issue reported by Joonas Kuorilehto of Codenomicon. + + ** libgnutls: gnutls_global_set_mutex() was modified to operate with the + new initialization process. + + ** libgnutls: Increased the maximum certificate size buffer + in the PKCS #11 subsystem. + + ** libgnutls: Check the return code of getpwuid_r() instead of relying + on the result value. That avoids issue in certain systems, when using + tofu authentication and the home path cannot be determined. Issue reported + by Viktor Dukhovni. + + ** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to + create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 + + ** gnutls-cli: --dane will only check the end certificate if PKIX validation + has been disabled. + + ** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot + be emulated with the implicit initialization of gnutls. + + ** certtool: Allow multiple organizations and organizational unit names to + be specified in a template. + + ** certtool: Warn when invalid configuration options are set to a template. + + ** ocsptool: Include path in ocsp request. This resolves #108582 + (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. + +- Version 3.3.2 (released 2014-05-06) + + ** libgnutls: Added the 'very weak' certificate verification profile + that corresponds to 64-bit security level. + + ** libgnutls: Corrected file descriptor leak on random generator + initialization. + + ** libgnutls: Corrected file descriptor leak on PSK password file + reading. Issue identified using the Codenomicon TLS test suite. + + ** libgnutls: Avoid deinitialization if initialization has failed. + + ** libgnutls: null-terminate othername alternative names. + + ** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly + on a PKCS #11 trust list. + + ** libgnutls: Several small bug fixes identified using valgrind and + the Codenomicon TLS test suite. + + ** libgnutls-dane: Accept a certificate using DANE if there is at least one + entry that matches the certificate. Patch by simon [at] arlott.org. + + ** libgnutls-guile: Fixed compilation issue. + + ** certtool: Allow exporting a CRL on DER format. + + ** certtool: The ECDSA keys generated by default use the SECP256R1 curve + which is supported more widely than the previously used SECP224R1. + +- Version 3.3.1 (released 2014-04-19) + + ** libgnutls: Enforce more strict checks to heartbeat messages + concerning padding and payload. Suggested by Peter Dettman. + + ** libgnutls: Allow decoding PKCS #8 files with ECC parameters + from openssl. + + ** libgnutls: Several small bug fixes found by coverity. + + ** libgnutls: The conditionally available self-test functions + were moved to self-test.h. + + ** libgnutls: Fixed issue with the check of incoming data when two + different recv and send pointers have been specified. Reported and + investigated by JMRecio. + + ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would + result to illegal memory access if a server hint was provided. Reported + by André Klitzing. + + ** libgnutls: Fixed client memory leak in the PSK key exchange, if a + server hint was provided. + + ** libgnutls: Corrected the *get_*_othername_oid() functions. + +- Version 3.3.0 (released 2014-04-10) + + ** libgnutls: The initialization of the library was moved to a + constructor. That is, gnutls_global_init() is no longer required + unless linking with a static library or a system that does not + support library constructors. + + ** libgnutls: static libraries are not built by default. + + ** libgnutls: PKCS #11 initialization is delayed to first usage. + That avoids long delays in gnutls initialization due to broken PKCS #11 + modules. + + ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" + on the first PKCS #11 API call after a fork. + + ** libgnutls: certificate verification profiles were introduced + that can be specified as flags to verification functions. They + are enumerations in gnutls_certificate_verification_profiles_t + and can be converted to flags for use in a verification function + using GNUTLS_PROFILE_TO_VFLAGS(). + + ** libgnutls: Added the ability to read system-specific initial + keywords, if they are prefixed with '@'. That allows a compile-time + specified configuration file to be used to read pre-configured priority + strings from. That can be used to impose system specific policies. + + ** libgnutls: Increased the default security level of priority + strings (NORMAL and PFS strings require at minimum a 1008 DH prime), + and set a verification profile by default. The LEGACY keyword is + introduced to set the old defaults. + + ** libgnutls: Added support for the name constraints PKIX extension. + Currently only DNS names and e-mails are supported (no URIs, IPs + or DNs). + + ** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to + SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. + + ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. + This API handles the X.509 extensions in isolation, allowing to parse + similarly formatted extensions stored in other structures. + + ** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS + can be used to specify a particular subgroup as the number of bits in + gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). + + ** libgnutls: DH parameter generation is now delegated to nettle. + That unfortunately has the side-effect that DH parameters longer than + 3072 bits, cannot be generated (not without a nettle update). + + ** libgnutls: Separated nonce RNG from the main RNG. The nonce + random number generator is based on salsa20/12. + + ** libgnutls: The buffer alignment provided to crypto backend is + enforced to be 16-byte aligned, when compiled with cryptodev + support. That allows certain cryptodev drivers to operate more + efficiently. + + ** libgnutls: Return error when a public/private key pair that doesn't + match is set into a credentials structure. + + ** libgnutls: Depend on p11-kit 0.20.0 or later. + + ** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has + been removed. It was not approved by IETF. + + ** libgnutls: The experimental xssl library is removed from the gnutls + distribution. + + ** libgnutls: Reduced the number of gnulib modules used in the main library. + + ** libgnutls: Added priority string %DISABLE_WILDCARDS. + + ** libgnutls: Added the more extensible verification function + gnutls_certificate_verify_peers(), that allows checking, in addition + to a peer's DNS hostname, for the key purpose of the end certificate + (via PKIX extended key usage). + + ** certtool: Timestamps for serial numbers were increased to 8 bytes, + and in batch mode to 12 (appended with 4 random bytes). + + ** certtool: When no CRL number is provided (or value set to -1), then + a time-based number will be used, similarly to the serial generation + number in certificates. + + ** certtool: Print the SHA256 fingerprint of a certificate in addition + to SHA1. + + ** libgnutls: Added --enable-fips140-mode configuration option (unsupported). + That option enables (when running on FIPS140-enabled system): + o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) + o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. + o Self-tests on initialization on ciphers/MACs, public key algorithms + and the random generator. + o HMAC-SHA256 verification of the library on load. + o MD5 is included for TLS purposes but cannot be used by the high level + hashing functions. + o All ciphers except AES are disabled. + o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). + o All keys (temporal and long term) are zeroized after use. + o Security levels are adjusted to the FIPS140-2 recommendations (rather + than ECRYPT). + +------------------------------------------------------------------- +Wed Dec 31 09:19:19 UTC 2014 - meissner@suse.com + +- build with PIE for commandline tools + +------------------------------------------------------------------- +Wed Dec 31 09:18:28 UTC 2014 - meissner@suse.com + +- Updated to 3.2.21 (released 2014-12-11) + - libgnutls: Corrected regression introduced in 3.2.19 related to + session renegotiation. Reported by Dan Winship. + - libgnutls: Corrected parsing issue with OCSP responses. + +------------------------------------------------------------------- +Wed Nov 12 10:59:02 UTC 2014 - meissner@suse.com + +- Updated to 3.2.20 (released 2014-11-10) + + ** libgnutls: Removed superfluous random generator refresh on every + call of gnutls_deinit(). That reduces load and usage of /dev/urandom. + ** libgnutls: Corrected issue in export of ECC parameters to X9.63 + format. Reported by Sean Burford [GNUTLS-SA-2014-5]. + (CVE-2014-8564 bnc#904603) + +- Updated to 3.2.19 (released 2014-10-13) + ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. + Reported by Joseph Peruski. + ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the + handshake's hash buffer, in applications using the heartbeat extension + or DTLS. Reported by Joeri de Ruiter. + ** libgnutls: fix issue in DTLS retransmission when session tickets were + in use; reported by Manuel Pégourié-Gonnard. + ** libgnutls: Prevent abort() in library if getrusage() fails. Try to + detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. + ** guile: new 'set-session-server-name!' procedure; see the manual + for details. + +------------------------------------------------------------------- +Wed Sep 24 14:52:54 UTC 2014 - citypw@gmail.com + +* Upgrade to Version 3.2.18 (released 2014-09-18) + +** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle +strings with embedded spaces and escaped commas. + +** libgnutls: Corrected gnutls_x509_crl_verify() which would always report +a CRL signature as invalid. Reported by Armin Burgmeier. + +** libgnutls: Fixed issue with certificates being sanitized by gnutls prior +to signature verification. That resulted to certain non-DER compliant modifications +of valid certificates, being corrected by libtasn1's parser and restructured as +the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from +Codenomicon. + +** API and ABI modifications: +No changes since last version. + +Delete files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig +Add files: gnutls-3.2.18.tar.xz, gnutls-3.2.18.tar.xz.sig + +------------------------------------------------------------------- +Fri Sep 19 09:27:47 UTC 2014 - dmueller@suse.com + +- update list of available architectures for valgrind + +------------------------------------------------------------------- +Sun Aug 31 07:01:32 UTC 2014 - citypw@gmail.com + +- Upgrade to Version 3.2.17 (released 2014-08-24) + +** libgnutls: initialize parameters variable on PKCS #8 decryption. + +** libgnutls: Explicitly set the exponent in PKCS #11 key generation. +That improves compatibility with certain PKCS #11 modules. Contributed by +Wolfgang Meyer zu Bergsten. + +** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 +algorithms. + +** libgnutls: when checking the hostname of a certificate with multiple CNs +ensure that the "most specific" CN is being used. + +** libgnutls: In DTLS ignore only errors that relate to unexpected packets +and decryption failures. + +Delete files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig +Add files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig + + +------------------------------------------------------------------- +Sun Aug 3 16:55:33 UTC 2014 - citypw@gmail.com + +- Upgrade to Version 3.2.16 (released 2014-07-23) + +** libgnutls: Do not call the post client hello callback twice when resuming +using session tickets. + +** libgnutls: When the decoding of a printable DN element fails, then treat +it as unknown and print its hex value rather than failing. That works around +an issue in a TURKTRST root certificate which improperly encodes the +X520countryName element. + +** libgnutls: IP addresses are printed using inet_ntop() when available. + +** libgnutls: gnutls_x509_crt_check_hostname will also check IP addresses +and match documented behavior. Reported by David Woodhouse. + +** libgnutls: Fixed PKCS #11 ECDSA key generation. + +** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. + +** p11tool: will not implicitly enable so-login for certain types of +objects. That avoids issues with tokens that require different login +types. + +** API and ABI modifications: +No changes since last version. + +delete files: gnutls-3.2.15.tar.xz, gnutls-3.2.15.tar.xz.sig, + audit-improve.patch( already in upstream) + +Add files: gnutls-3.2.16.tar.xz, gnutls-3.2.16.tar.xz.sig + +------------------------------------------------------------------- +Tue Jun 3 07:48:04 UTC 2014 - meissner@suse.com + +- Version 3.2.15 (released 2014-05-30) + + ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. + Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730) + ** libgnutls: Several memory leaks caused by error conditions were + fixed. The leaks were identified using valgrind and the Codenomicon + TLS test suite. + ** libgnutls: Increased the maximum certificate size buffer + in the PKCS #11 subsystem. + ** libgnutls: Check the return code of getpwuid_r() instead of relying + on the result value. That avoids issue in certain systems, when using + tofu authentication and the home path cannot be determined. Issue reported + by Viktor Dukhovni. + ** gnutls-cli: if dane is requested but not PKIX verification, then + only do verify the end certificate. + ** ocsptool: Include path in ocsp request. This resolves #108582 + (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. + +- Version 3.2.14 (released 2014-05-06) + ** libgnutls: Fixed issue with the check of incoming data when two + different recv and send pointers have been specified. Reported and + investigated by JMRecio. + ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would + result to illegal memory access if a server hint was provided. + ** libgnutls: Fixed client memory leak in the PSK key exchange, if a + server hint was provided. + ** libgnutls: Several small bug fixes identified using valgrind and + the Codenomicon TLS test suite. + ** libgnutls: Several small bug fixes found by coverity. + ** libgnutls-dane: Accept a certificate using DANE if there is at least one + entry that matches the certificate. Patch by simon [at] arlott.org. + ** configure: Added --with-nettle-mini option, which allows linking + with a libnettle that contains gmp. + ** certtool: The ECDSA keys generated by default use the SECP256R1 curve + which is supported more widely than the previously used SECP224R1. + +------------------------------------------------------------------- +Fri Apr 25 14:08:46 UTC 2014 - citypw@gmail.com + +- Improvement after code audit (audit-improve.patch) + * Use unsigned type for encode() + * tolerate NULL in strdup() + Modify files: lib/gnutls_mem.c, lib/auth/srp_sb64.c + +------------------------------------------------------------------- +Wed Apr 9 17:23:15 UTC 2014 - shchang@suse.com + +- Upgrade to 3.2.13 + * Version 3.2.13 (released 2014-04-07) + + ** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently + if there are no base64 data. Report and patch by Ramkumar Chinchani. + + ** libgnutls: gnutls_record_send is now safe to be called under DTLS when + in corked mode. + + ** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are + only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for + these algorithms. + + ** libgnutls: Changed the behaviour in wildcard acceptance in certificates. + Wildcards are only accepted when there are more than two domain components + after the wildcard. This drops support for the permissive RFC2818 wildcards + and adds more conservative support based on the suggestions in RFC6125. Suggested + by Jeffrey Walton. + + ** certtool: When no password is provided to export a PKCS #8 keys, do + not encrypt by default. This reverts to the certtool behavior of gnutls + 3.0. The previous behavior of encrypting using an empty password can be + replicating using the new parameter --empty-password. + + ** p11tool: Avoid dual initialization of the PKCS #11 subsystem when + the --provider option is given. + + ** API and ABI modifications: + No changes since last version. + + Add files: gnutls-3.2.13.tar.xz, gnutls-3.2.13.tar.xz.sig + Delete files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig + +------------------------------------------------------------------- +Wed Mar 5 15:30:54 UTC 2014 - shchang@suse.com + +- Upgrade to 3.2.12.1; + +** libgnutls: Reverted change that broke ABI. Reported by Andreas +Metzler. + +** libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2) + +** libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw +when provided with invalid data. Reported by Dmitriy Anisimkov. + +** libgnutls: Corrected timeout issue in subsequent to the first +DTLS handshakes. + +** libgnutls: Removed unconditional not-trusted message in +gnutls_certificate_verification_status_print() when used with +OpenPGP certificates. Reported by Michel Briand. + +** libgnutls: All ciphersuites that were available in TLS1.0 or +later are now made available in SSL3.0 or later to prevent +any incompatibilities with servers that negotiate them in SSL 3.0. + +** ocsptool: When verifying a response and a signer isn't provided +assume that the signer is the issuer. + +** ocsptool: When sending a nonce, verify that the nonce exists +in the OCSP response. + +** gnutls-cli: Added --strict-tofu option; contributed by Jens +Lechtenboerger. + +Delete files: CVE-2014-0092.patch( upstreamed), gnutls-3.2.11.tar.xz.sig, gnutls-3.2.11.tar.xz; +Add files: gnutls-3.2.12.1.tar.xz, gnutls-3.2.12.1.tar.xz.sig + +------------------------------------------------------------------- +Mon Mar 3 09:04:31 UTC 2014 - shchang@suse.com + +- Fixed bug [ bnc#865804] gnutls: CVE-2014-0092, insufficient X.509 certificate verification + Add patch file: CVE-2014-0092.patch + +------------------------------------------------------------------- +Thu Feb 13 20:12:06 UTC 2014 - meissner@suse.com + +- Upgraded to 3.2.11 + + ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension. + + ** libgnutls: Reduced the TLS and DTLS version requirements for all + ciphersuites that are not GCM. + + ** libgnutls: When two initial keywords are specified then treat the + second as having the '+' modifier. + + ** libgnutls: When using a PKCS #11 module for verification ensure that + it has been marked a trusted policy module in p11-kit. Moreover, when an + empty (i.e., "pkcs11:") URL is specified, then try all trusted modules + in the system for verification. + http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html + + ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate + CA certificates. Reported and investigated by Suman Jana. + CVE-2014-1959 / bnc#863989 + + ** certtool: Added the --ask-pass option. +- gnutls-3.2.10-supported-ecc.patch: upstreamed +- gnutls-fix-missing-ipv6.patch: upstreamed + +------------------------------------------------------------------- +Tue Feb 11 12:16:48 UTC 2014 - meissner@suse.com + +- Upgrade to 3.1.20 (released 2014-01-31) + ** libgnutls: fixed null pointer derefence when printing a certificate + DN and an LDAP description isn't present. + ** libgnutls: gnutls_db_check_entry_time will correctly report the time; + report and patch by Jonathan Roudiere. + +- Upgrade to 3.2.9 (released 2014-01-24) + + ** libgnutls: The %DUMBFW option in priority string only + appends data to client hello if the expected size is in the + "black hole" range. + + ** libgnutls: %COMPAT implies %DUMBFW. + + ** libgnutls: gnutls_session_get_desc() returns a more compact + ciphersuite description. + + * libgnutls: In PKCS #11 allow deleting multiple non-certificate data. + + ** libgnutls: When a PKCS #11 trust store is specified (e.g. using the + configure option --with-default-trust-store-pkcs11), then the PKCS #11 + token is used on demand to obtain the trusted anchors, rather than + preloading all trusted certificates. That delegates CA certificate + management and blacklist checking to the PKCS #11 module. + + ** libgnutls: When a PKCS #11 trust store is specified in configure + option or in gnutls_x509_trust_list_add_trust_file(), then the module is + used to obtain the verification anchors and any required blacklists as + in + http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html + + ** libgnutls: Fix in OCSP certificate status extension handling + in non-blocking servers. Patch by Nils Maier. + + ** p11tool: Added --so-login option to force login as security + officer (admin). + +- reenable ECDHE after review of modern cryptographic practices. + +- gnutls-fix-missing-ipv6.patch: handle getaddrinfo/socket availability + issues in gnutls-serv + +- gnutls-3.2.10-supported-ecc.patch: do not abort gnutls-cli on sites + sending the client only ECC extension (www.bsi.de) + +------------------------------------------------------------------- +Sat Dec 21 20:38:19 UTC 2013 - shchang@suse.com + +- Upgrade to 3.2.8 + +* Version 3.2.8 (released 2013-12-20) + +** libgnutls: Updated code for AES-NI. That prevents an uninitialized +variable complaint from valgrind. + +** libgnutls: Enforce a maximum size for DH primes. + +** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy +Polyakov's code. + +** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code. + +** libgnutls: It only links to librt if the required functions are not +present in libc. This also prevents an indirect linking to libpthread. + +** libgnutls: Fixed issue with gnulib strerror replacement by adding +the strerror gnulib module. + +** libgnutls: The time provided in the TLS random values is only +precise on its first 3 bytes. That prevents leakage of the precise +system time (at least on the client side when only few connections are +done on a single server). + +** certtool: The --verify option will use the system CAs if the +load-ca-certificate option is not provided. + +** configure: Added option --with-default-blacklist-file to allow +specifying a certificate blacklist file. + +** configure: Added --disable-non-suiteb-curves option. This option +restricts the supported curves to SuiteB curves. + +** API and ABI modifications: gnutls_record_check_corked: Added + +Add files: gnutls-3.2.8.tar.xz, gnutls-3.2.8.tar.xz.sig, gnutls-implement-trust-store-dir-3.2.8.diff, +gnutls-3.2.8-noecc.patch + +Delete files: gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig, gnutls-implement-trust-store-dir, +gnutls-3.2.6-noecc.patch + +------------------------------------------------------------------- +Fri Nov 1 14:39:41 UTC 2013 - shchang@suse.com + +- Upgrade to 3.2.6 + +** libgnutls: Support for TPM via trousers is now enabled by default. + +** libgnutls: Camellia in GCM mode has been added in default priorities, +and GCM mode is prioritized over CBC in all of the default priority strings. + +** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384. + +** libgnutls: Fixed ciphersuites +GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, +GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and +GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler. + +** libgnutls: Added support for ISO OID for RSA-SHA1 signatures. + +** libgnutls: Minimum acceptable DH group parameters were increased to +767 bits from 727. + +** libgnutls: Added function to obtain random data from PKCS #11 tokens. +Contributed by Wolfgang Meyer zu Bergsten. + +** gnulib: updated. + +** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the +previous fix. Reported by Tomas Mraz. + +** p11tool: Added option generate-random. + +** API and ABI modifications: +gnutls_pkcs11_token_get_random: Added + +Add: gnutls-3.2.6-noecc.patch, gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig + +Delete: gnutls-3.2.6-noecc.patch, gnutls-3.2.5.tar.xz, gnutls-3.2.5.tar.xz.sig, +make-obs-happy-with-gnutls_3.2.5.patch + +------------------------------------------------------------------- +Mon Oct 28 20:36:13 UTC 2013 - shchang@suse.com + +- Upgrade to 3.2.5 +** libgnutls: Documentation and build-time fixes. + +** libgnutls: Allow the generation of DH groups of less than 700 bits. + +** libgnutls: Added several combinations of ciphersuites with SHA256 and +SHA384 as MAC, as well as Camellia with GCM. + +** libdane: Added interfaces to allow initialization of dane_query_t +from external DNS resolutions, and to allow direct verification of a +certificate chain against a dane_query_t. Contributed by Christian Grothoff. + +** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be +triggered by a DNS server supplying more than 4 DANE records. Report and +fix by Christian Grothoff. + +** srptool: Fixed index command line option. Patch by Attila Molnar. + +** gnutls-cli: Added support for inline commands, using the +--inline-commands-prefix and --inline-commands options. Patch by Raj Raman. + +** certtool: pathlen constraint is now read correctly. Reported by +Christoph Seitz. + +** API and ABI modifications: +gnutls_certificate_get_crt_raw: Added +dane_verify_crt_raw: Added +dane_raw_tlsa: Added + +Add files: make-obs-happy-with-gnutls_3.2.5.patch, gnutls-3.2.5.tar.xz, +gnutls-3.2.5.tar.xz.sig, gnutls-3.2.5-noecc.patch + +Delete files: gnutls-3.2.4.tar.xz, gnutls-3.2.4.tar.xz.sig, +make-obs-happy-with-gnutls_3.2.4.patch, gnutls-3.2.4-noecc.patch + +------------------------------------------------------------------- +Mon Sep 2 16:23:59 UTC 2013 - schwab@linux-m68k.org + +- Don't run install-info on images + +------------------------------------------------------------------- +Mon Sep 2 07:43:21 UTC 2013 - shchang@suse.com + +- Update to 3.2.4 +** libgnutls: Fixes when session tickets and session DB are used. +Report and initial patch by Stefan Buehler. + +** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner, +based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH. + +** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch +by Stefan Buehler. + +** libgnutls: Added the PFS priority string option. + +** libgnutls: Gnulib included files are strictly LGPLv2. + +** libgnutls: Corrected gnutls_certificate_server_set_request(). +Reported by Petr Pisar. + +** API and ABI modifications: +gnutls_record_set_timeout: Exported + +Add files:gnutls-3.2.4.tar.xz.sig, gnutls-3.2.4.tar.xz, gnutls-3.2.4-noecc.patch +Delete file: gnutls-3.2.3-noecc.patch + +------------------------------------------------------------------- +Fri Aug 30 00:31:19 CEST 2013 - ro@suse.de + +- buildrequire valgrind on the same arch list that valgrind builds + +------------------------------------------------------------------- +Thu Aug 1 13:42:11 UTC 2013 - meissner@suse.com + +- Updated to 3.2.3 + ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan + Buehler. + + ** libgnutls: Solve issue with received TLS packets that exceed 2^14. + (this fixes a bug that was accidentally introduced in 3.2.2) + + ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly + be used by the library. + + ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial + fix by Alfredo Pironti. + +- Updated to 3.2.2 + ** libgnutls: Several optimizations in the related to packet processing + subsystems. + + ** libgnutls: DTLS replay detection can now be disabled (to be used + in certain transport layers like SCTP). + + ** libgnutls: Fixes in SRTP extension generation when MKI is being used. + + ** libgnutls: Added ability to set hooks before or + after sending or receiving any handshake message with + gnutls_handshake_set_hook_function(). + +- gnutls-3.2.3-noecc.patch: updated to disable ECC. +- automake-1.12.patch: upstream, dropped +- gnutls-32bit.patch: upstream, dropped +- gnutls-3.2.1-pkcs11.diff: upstream, dropped + +------------------------------------------------------------------- +Fri Jul 26 12:45:45 UTC 2013 - lnussel@suse.de + +- revert to using certificate directory again until gnutls + understands the trust bits in pkcs11. Otherwise it would use + blacklisted certificates. + +------------------------------------------------------------------- +Mon Jul 8 15:12:59 UTC 2013 - schwab@suse.de + +- Override broken configure checks + +------------------------------------------------------------------- +Thu Jul 4 16:15:14 UTC 2013 - lnussel@suse.de + +- use pkcs11 interface to fetch the system's CA certificates + (fate#314991). Add patch gnutls-3.2.1-pkcs11.diff to fix doing + that, obsoletes gnutls-implement-trust-store-dir.diff. + +------------------------------------------------------------------- +Thu Jun 27 13:44:12 UTC 2013 - meissner@suse.com + +- Disable all ECC algorithms. + +- gnutls-32bit.patch: upstream patch to make test + work with 32bit time_t. + +- gnutls-implement-trust-store-dir.diff + + currently not yet forward ported. + +- Updated to GnuTLS 3.2.1 + ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain + openssl versions. + ** libgnutls: Fixes in interrupted function resumption. Report + and patch by Tim Kosse. + ** libgnutls: Corrected issue when receiving client hello verify + requests in DTLS. + ** libgnutls: Fixes in DTLS record overhead size calculations. + ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by + Mann Ern Kang. +- Updated to GnuTLS 3.2.0 + ** libgnutls: Use nettle's elliptic curve implementation. + ** libgnutls: Added Salsa20 cipher + ** libgnutls: Added UMAC-96 and UMAC-128 + ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. + As they are not standardized they are defined using private ciphersuite numbers. + ** libgnutls: Added support for DTLS 1.2. + ** libgnutls: Added support for the Application Layer Protocol + Negotiation (ALPN) extension. + ** libgnutls: Removed support for the RSA-EXPORT ciphersuites. + ** libgnutls: Avoid linking to librt (that also avoids unnecessary + linking to pthreads if p11-kit isn't used). + +- Updated to GnuTLS 3.1.10 (released 2013-03-22) + ** certtool: When generating PKCS #12 files use by default the + ARCFOUR (RC4) cipher to be compatible with devices that don't + support AES with PKCS #12. + ** libgnutls: Load CA certificates in android 4.x systems. + ** libgnutls: Optimized CA certificate loading. + ** libgnutls: Private keys are overwritten on deinitialization. + ** libgnutls: PKCS #11 slots are scanned only when needed, not + on initialization. This speeds up gnutls initialization when smart + cards are present. + ** libgnutls: Corrected issue in the (deprecated) external key + signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. + ** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by + Joke de Buhr. + ** libgnutls-dane: Updated DANE verification options. + ** configure: Trust store file must be explicitly set or unset when + cross compiling. +- Updated to GnuTLS 3.1.9 (released 2013-02-27) + ** certtool: Option --to-p12 will now ask for a password to generate + a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. + ** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). + ** libgnutls: Corrected parsing issue in XMPP within a subject + alternative name. Reported by James Cloos. + ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 + modules, and not only the ones loaded via p11-kit. + ** libgnutls: Added function to check whether the private key is + still available (inserted). + ** libgnutls: Try to detect fork even during nonce generation. + +- Updated to GnuTLS 3.1.8 (released 2013-02-10) + ** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return + GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation + with encrypted keys. Reported by Yan Fiz. + ** libgnutls: The minimum DH bits accepted by priorities NORMAL and + PERFORMANCE was set to previous defaults 727 bits. Reported by Diego + Elio Petteno. + ** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() + to operate with long keys. Reported by Erik A Jensen. + +- Updated to GnuTLS 3.1.7 (released 2013-02-04) + ** certtool: Added option "dn" which allows to directly set the DN + in a template from an RFC4514 string. + ** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. + ** libgnutls-xssl: Added a new library to simplify GnuTLS usage. + ** libgnutls-dane: Added function to specify a DLV file. + ** libgnutls: Heartbeat code was made optional. + ** libgnutls: Fixes in server side of DTLS-0.9. + ** libgnutls: DN variable 'T' was expanded to 'title'. + ** libgnutls: Fixes in record padding parsing to prevent a timing attack. + Issue reported by Kenny Paterson and Nadhem Alfardan. + ** libgnutls: Added functions to directly set the DN in a certificate + or request from an RFC4514 string. + ** libgnutls: Optimizations in the random generator. The re-seeding of + it is now explicitly done on every session deinit. + ** libgnutls: Simplified the DTLS sliding window implementation. + ** libgnutls: The minimum DH bits accepted by a client are now set + by the specified priority string. The current values correspond to the + previous defaults (727 bits), except for the SECURE128 and SECURE192 + strings which increase the minimum to 1248 and 1776 respectively. + ** libgnutls: Added the gnutls_record_cork() and uncork API to enable + buffering in sending application data. + ** libgnutls: Removed default random padding, and added a length-hiding interface + instead. Both the server and the client must support this extension. Whether + length-hiding can be used on a given session can be checked using + gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. + ** libgnutls: Added the experimental %NEW_PADDING priority string. It enables + a new padding mechanism in TLS allowing arbitrary padding in TLS records + in all ciphersuites, which makes length-hiding more efficient and solves + the issues with timing attacks on CBC ciphersuites. + ** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD + ciphers (i.e., AES-GCM). Reported by William McGovern. + +- Updated to GnuTLS 3.1.6 (released 2013-01-02) + ** libgnutls: Fixed record padding parsing issue. Reported by Kenny + Patterson and Nadhem Alfardan. + ** libgnutls: Several updates in the ASN.1 string handling subsystem. + ** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero + policy qualifiers. + ** libgnutls: Ignore heartbeat messages when received out-of-order, + instead of issuing an error. + ** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported + by Kikuchi Masashi. + ** libgnutls: TPM support is disabled by default because GPL programs + cannot link with it. Use --with-tpm to enable it. + ** libgnutls-guile: Fixed parallel compilation issue. + ** gnutls-cli: It will try to connect to all possible returned addresses + before failing. + +- Updated to GnuTLS 3.1.5 (released 2012-11-24) + ** libgnutls: Added functions to parse the certificates policies + extension. + ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished + Name by translating it to UTF-8 (works on windows or systems with + iconv). + ** libgnutls: Added PKCS #11 key generation function that returns the + public key on generation. + ** libgnutls: Corrected bug in priority string parsing, that mostly + affected combined levels. Patch by Tim Kosse. + ** certtool: The --pubkey-info option can be combined with the + --load-privkey or --load-request to print the corresponding public keys. + ** certtool: It is able to set certificate policies via a template. + ** certtool: Added --hex-numbers option which prints big numbers in + an easier to parse format. + ** p11tool: After key generation, outputs the public key (useful in + tokens that do not store the public key). + ** danetool: It is being built even without libgnutls-dane (the + --check functionality is disabled though). + +- Updated to GnuTLS 3.1.4 (released 2012-11-10) + ** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on + the available revocation data validity. + ** libgnutls: Added gnutls_certificate_verification_status_print(), + a function to print the verification status code in human readable text. + ** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. + ** libgnutls: Simplified certificate verification by adding + gnutls_certificate_verify_peers3(). + ** libgnutls: Added support for extension to establish keys for SRTP. + Contributed by Martin Storsjo. + ** libgnutls: The X.509 verification functions check the key + usage bits and pathlen constraints and on failure output + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. + ** libgnutls: gnutls_x509_crl_verify() includes the time checks. + ** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN + and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. + ** libgnutls: Always tolerate key usage violation errors from the side + of the peer, but also notify via an audit message. + ** gnutls-cli: Added --local-dns option. + ** danetool: Corrected bug that prevented loading PEM files. + ** danetool: Added --check option to allow querying and verifying + a site's DANE data. + ** libgnutls-dane: Added pkg-config file for the library. + +- Updated to GnuTLS 3.1.3 (released 2012-10-12) + ** libgnutls: Added support for the OCSP Certificate Status + extension. + ** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP + certificate status extension in verification. + ** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). + ** libgnutls: Increased maximum password length in the PKCS #12 + functions. + ** libgnutls: Fixed the receipt of session tickets during session resumption. + Reported by danblack at http://savannah.gnu.org/support/?108146 + ** libgnutls: Added functions to export structures in an allocated buffer. + ** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP + response corresponds to the given certificate. + ** libgnutls: In client side gnutls_init() enables the session ticket and + OCSP certificate status request extensions by default. The flag + GNUTLS_NO_EXTENSIONS can be used to prevent that. + ** libgnutls: Several updates in the OpenPGP code. The generating code + is fully RFC6091 compliant and RFC5081 support is only supported in client + mode. + ** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC + certificate verification. + ** gnutls-cli: Added --dane option to enable DANE certificate verification. + ** danetool: Added tool to generate DANE TLSA Resource Records (RR). + +- Updated to GnuTLS 3.1.2 (released 2012-09-26) + ** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() + and gnutls_x509_trust_list_add_trust_mem() that prevented the loading + of certificates in the windows platform. + ** libgnutls: Corrected bug in OpenPGP subpacket encoding. + ** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. + (the work was done during Google Summer of Code). + ** libgnutls: Added X.509 certificate verification flag + GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification + of unsorted certificate chains and is enabled by default for + TLS certificate verification (if gnutls_certificate_set_verify_flags() + does not override it). + ** libgnutls: Prints warning on certificates that contain keys of + an insecure level. If the %COMPAT priority flag is not specified + the TLS connection fails. + ** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode + if interrupted during the retrasmition of handshake data. + ** libgnutls: Better mingw32 support (patch by LRN). + ** libgnutls: The %COMPAT keyword, if specified, will tolerate + key usage violation errors (they are far too common to ignore). + ** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), + which provides a tool to counter compression-related attacks where + parts of the data are controlled by the attacker _and_ are placed in + separate records (use with care - do not use compression if not sure). + ** libgnutls: Depends on libtasn1 2.14 or later. + ** certtool: Prints the number of bits of the public key algorithm + parameter in a private key. + +- Updated to GnuTLS 3.1.1 (released 2012-09-02) + ** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. + ** certtool: Changes in password handling of certtool. + Ask password when required and only if the '--password' option is not + given. If the '--password' option is given during key generation then + assume the PKCS #8 file format, instead of ignoring the password. + ** tpmtool: No longer asks for key password in registered keys. + ** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. + wmNAF is now used for point multiplication and other optimizations. + (the major part of the work was done during Google Summer of Code). + ** libgnutls: The default pull_timeout_function only uses select + instead of a combination of select() and recv() to prevent issues + when used in stream sockets in some systems. + ** libgnutls: Be tolerant in ECDSA signature violations (e.g. using + SHA256 with a SECP384 curve instead of SHA-384), to interoperate with + openssl. + ** libgnutls: Fixed DSA and ECDSA signature generation in smart + cards. Thanks to Andreas Schwier from cardcontact.de for providing + me with ECDSA capable smart cards. + +- Updated to GnuTLS 3.1.0 (released 2012-08-15) + ** libgnutls: Added direct support for TPM as a cryptographic module + in gnutls/tpm.h. TPM keys can be used in functions accepting files + using URLs of the following types: + tpmkey:file=/path/to/file + tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user + + ** libgnutls: Priority string level keywords can be combined. + For example the string "SECURE256:+SUITEB128" is now allowed. + ** libgnutls: requires libnettle 2.5. + ** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) + for encryption and signatures. + ** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between + generic errors and signature verification errors in the verification + functions. + ** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function + to simplify parsing in most PKCS #12 use cases. + ** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds + the whole certificate chain (if any) to the credentials structure, instead + of only the end-user certificate. + ** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() + and gnutls_x509_privkey_import_pkcs8(), return consistently + GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no + password was provided. + ** libgnutls: Added gnutls_handshake_set_timeout() a function that + allows to set the maximum time spent in a handshake. + ** libgnutlsxx: Added session::set_transport_vec_push_function. Patch + by Alexandre Bique. + ** tpmtool: Added. It is a tool to generate private keys in the TPM. + ** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx + and --benchmark-tls-ciphers + ** certtool: generated PKCS #12 structures may hold more than one + private key. Patch by Lucas Fisher. + ** certtool: Added option --null-password to generate/decrypt keys + that use a NULL password (in schemas that distinguish between NULL + an empty passwords). + ** minitasn1: Upgraded to libtasn1 version 2.13. + +- Library is now LGPL-2.1+, extras and tools are still GPL-3.0 + +------------------------------------------------------------------- +Fri Apr 26 08:07:12 UTC 2013 - mmeister@suse.com + +- Added makeinfo BuildRequire to fix build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:03:26 UTC 2013 - meissner@suse.com + +- Updated to GnuTLS 3.0.28 + - libgnutls: Fixes in server side of DTLS-0.9. + - libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD + ciphers (i.e., AES-GCM). + - libgnutls: Fixes in record padding parsing to prevent a timing + attack. Issue reported by Kenny Patterson and Nadhem Alfardan. + bnc#802184 + - libgnutls: DN variable 'T' was expanded to 'title'. + +------------------------------------------------------------------- +Thu Jan 24 10:14:13 UTC 2013 - meissner@suse.com + +- Updated to GnuTLS 3.0.27 + - libgnutls: Fixed record padding parsing issue. + - libgnutls: Stricter RSA PKCS #1 1.5 encoding. + - libgnutls-guile: Fixed parallel compilation issue. + - API and ABI modifications: No changes since last version. + +------------------------------------------------------------------- +Tue Nov 27 20:31:26 UTC 2012 - crrodriguez@opensuse.org + +- Test suite breaks on qemu-arm some calls not implemented. + +------------------------------------------------------------------- +Sun Nov 25 10:52:46 UTC 2012 - andreas.stieger@gmx.de + +- include LGPL-3.0+ text in COPYING.LESSER +- run regression tests, but move "make check" to %check section +- add gnutls-3.0.26-skip-test-fwrite.patch to skip a failing test +- no longer manipulate doc/examples tree in %install section, the + deletion of Makefiles breaks "make check" in %check +- install documentation, reference and examples in %install section + to fetch them for the package without unneccessary files + +------------------------------------------------------------------- +Fri Nov 16 23:30:09 UTC 2012 - andreas.stieger@gmx.de + +- updated to GnuTLS 3.0.26: + - libgnutls: Always tolerate key usage violation errors from the + side of the peer, but also notify via an audit message. + - libgnutls: gnutls_x509_crl_verify() includes time checks. + - libgnutls: Increased maximum password length in the PKCS #12 + functions. + - API and ABI modifications: + GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added + GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added + +- includes changes from 3.0.25: + - libgnutls: Fixed the receipt of session tickets during session + resumption. + - libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the + OCSP response corresponds to the given certificate. + - libgnutls: Several updates in the OpenPGP code. The generating code + is fully RFC6091 compliant and RFC5081 support is only supported in + client mode. + - API and ABI modifications: + gnutls_ocsp_resp_check_crt: Added + +- includes changes form version 3.0.24: + - libgnutls: The %COMPAT keyword, if specified, will tolerate + key usage violation errors (they are far too common to ignore). + - libgnutls: Corrected bug in OpenPGP subpacket encoding. + - libgnutls: Added X.509 certificate verification flag + - GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification + of unsorted certificate chains and is enabled by default for + TLS certificate verification (if gnutls_certificate_set_verify_flags() + does not override it). + - libgnutls: Correctly restore gnutls_record_recv() in DTLS mode + if interrupted during the retrasmition of handshake data. + - libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), + which provides a tool to counter compression-related attacks where + parts of the data are controlled by the attacker _and_ are placed in + separate records (use with care - do not use compression if not sure). + - libgnutls: Depends on libtasn1 2.14 or later. + +- includes changes from version 3.0.23: + - gnutls-serv: Listens on IPv6 + - libgnutls: Be tolerant in ECDSA signature violations (e.g. using + SHA256 with a SECP384 curve instead of SHA-384), to interoperate with + openssl. +- libgnutls: Fixed DSA and ECDSA signature generation in smart cards. + +- includes changes from version 3.0.22 + - libgnutls: When verifying a certificate chain make sure it is chain. + If the chain is wronly interrupted at some point then truncate it, + and only try to verify the correct part. Patch by David Woodhouse + - libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() + which now may (again) accept a NULL password. + - certtool: Allow the user to choose the hash algorithm + when signing certificate request or certificate revocation list. + +- Refresh gnutls-implement-trust-store-dir.diff, some parts are in + upstream sources + +------------------------------------------------------------------- +Mon Jul 16 06:00:52 UTC 2012 - gjhe@suse.com + +- update to latest stable version 3.0.21: + libgnutls: fixed bug in gnutls_x509_privkey_import() + that prevented the loading of EC private keys when DER + encoded. Reported by David Woodhouse. + + libgnutls: In DTLS larger to mtu records result to + GNUTLS_E_LARGE_PACKET instead of being truncated. + + libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based + on patch by David Woodhouse. + + libgnutls: Fixed memory leak in PKCS #8 key import. + + libgnutls: Added support for an old version of the DTLS protocol + used by openconnect vpn client for compatibility with Cisco's AnyConnect + SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols + as it has issues. + + libgnutls: Corrected bug that prevented resolving PKCS #11 URLs + if only the label is specified. Patch by David Woodhouse. + + libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET + is returned. + + API and ABI modifications: + gnutls_dtls_set_data_mtu: Added + gnutls_session_set_premaster: Added + +------------------------------------------------------------------- +Sun Jul 1 20:00:33 UTC 2012 - coolo@suse.com + +- merge am-1.12 patches into 1 + +------------------------------------------------------------------- +Sat Jun 30 17:24:48 UTC 2012 - i@marguerite.su + +- fix 12.2 builds. + * replace depreciated am_prog_mkdir_p with ac_prog_mkdir_p. + +------------------------------------------------------------------- +Thu Jun 21 08:02:43 UTC 2012 - meissner@suse.com + +- Updated to version 3.0.20: + libgnutls: Corrected bug which prevented the parsing of + handshake packets spanning multiple records. + + libgnutls: Check key identifiers when checking for an issuer. + + libgnutls: Added gnutls_pubkey_verify_hash2() + + libgnutls: Added gnutls_certificate_set_x509_system_trust() + that loads the trusted CA certificates from system locations + (e.g. trusted storage in windows and CA bundle files in other systems). + + certtool: Added support for the URI subject alternative + name type in certtool. + + certtool: Increase to 128 the maximum number of distinct options + (e.g. dns_names) allowed. + + gnutls-cli: If --print-cert is given, print the certificate, + even on verification failure. + + ** API and ABI modifications: + gnutls_pk_to_sign: Added + gnutls_pubkey_verify_hash2: Added + gnutls_certificate_set_x509_system_trust: Added + +------------------------------------------------------------------- +Tue May 29 12:51:59 UTC 2012 - puzel@suse.com + +- fix build with automake-1.12 + - add: automake-1.12.patch + +------------------------------------------------------------------- +Thu May 24 07:45:31 UTC 2012 - lnussel@suse.de + +- backport gnutls_certificate_set_x509_system_trust() from git and + add support for trust store directories (bnc#761634) + +------------------------------------------------------------------- +Mon May 21 15:35:00 UTC 2012 - lnussel@suse.de + +- add version and release to gnutls-devel provides + +------------------------------------------------------------------- +Mon May 21 11:33:29 UTC 2012 - meissner@suse.com + +- let libgnutls-devel also provide gnutls-devel + +------------------------------------------------------------------- +Sun May 13 02:44:30 UTC 2012 - Nico.Laus.2001@gmx.de + +- Update to version 3.0.19: + + libgnutls: + - When decoding a PKCS #11 URL the pin-source field + is assumed to be a file that stores the pin. Based on patch + by David Smith. + - gnutls_record_check_pending() no longer + returns unprocessed data, and thus ensure the non-blocking + of the next call to gnutls_record_recv(). + - Added strict tests in Diffie-Hellman and + SRP key exchange public keys. + - in ECDSA and DSA TLS 1.2 authentication be less + strict in hash selection, and allow a stronger hash to + be used than the appropriate, to improve interoperability + with openssl. + + tests: + - Disabled floating point test, and corrections + in pkcs12 decoding tests. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.18: + + certtool: + - Avoid a Y2K38 bug when generating certificates. + Patch by Robert Millan. + + libgnutls: + - Make sure that GNUTLS_E_PREMATURE_TERMINATION + - is returned on premature termination (and added unit test). + - Fixes for W64 API. Patch by B. Scott Michel. + - Corrected VIA padlock detection for old + VIA processors. Reported by Kris Karas. + - Updated assembler files. + - Time in generated certificates is stored + as GeneralizedTime instead of UTCTime (which only stores + 2 digits of a year). + + minitasn1: + - Upgraded to libtasn1 version 2.13 (pre-release). + + API and ABI modifications: + - gnutls_x509_crt_set_private_key_usage_period: Added + - gnutls_x509_crt_get_private_key_usage_period: Added + - gnutls_x509_crq_set_private_key_usage_period: Added + - gnutls_x509_crq_get_private_key_usage_period: Added + - gnutls_session_get_random: Added +- Changes from version 3.0.17: + + command line apps: + - Always link with local libopts. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.16: + + minitasn1: + - Upgraded to libtasn1 version 2.12 (pre-release). + + libgnutls: + - Corrected SRP-RSA ciphersuites when used under TLS 1.2. + - included assembler files for MacOSX. + + p11tool: + - Small fixes in handling of the --private command + line option. + + certtool: + - The template option allows for setting the domain + component (DC) option of the distinguished name, and the ocsp_uri + as well as the ca_issuers_uri options. + + API and ABI modifications: + - gnutls_x509_crt_set_authority_info_access: Added +- Changes from version 3.0.15: + + test suite: + - Only run under valgrind in the development + system (the full git repository) + + command line apps: + - Link with local libopts if the installed is an old one. + + libgnutls: + - Eliminate double free during SRP + authentication. Reported by Peter Penzov. + - Corrections in record packet parsing. + Reported by Matthew Hall. + - Cryptodev updates and fixes. + - Corrected issue with select() that affected + FreeBSD. This prevented establishing DTLS sessions. + Reported by Andreas Metzler. + - Corrected rehandshake and resumption + operations in DTLS. Reported by Sean Buckheister. + - PKCS #11 objects that do not have ID + no longer crash listing. Reported by Sven Geggus. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.14: + + command line apps: + - Included libopts doesn't get installed by default. + + libgnutls: + - Eliminate double free on wrongly formatted + certificate list. Reported by Remi Gacogne. + - cryptodev code corrected, updated to account + for hashes and GCM mode. + Eliminated memory leak in PCKS #11 initialization. + Report and fix by Sam Varshavchik. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.13: + + gnutls-cli: + - added the --ocsp option which will verify + the peer's certificate with OCSP. + - added the --tofu and if specified, gnutls-cli + will use an ssh-style authentication method. + - if no --x509cafile is provided a default is + assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. + + ocsptool: + - Added --ask parameter, to verify a certificate's + status from an ocsp server. + + command line apps: + - Use gnu autogen (libopts) to parse command + line arguments and template files. + + tests: + - Added stress test for DTLS packet losses and + out-of-order receival. Contributed by Sean Buckheister. + + libgnutls: + - Several updates and corrections in the DTLS + DTLS lost packet handling and retransmission timeouts. + Report and patches by Sean Buckheister. + - Added new functions to easily allow the usage of + a trust on first use (SSH-style) authentication. + - SUITEB128 and SUITEB192 priority strings account + for the RFC6460 requirements. + - Added new security parameter GNUTLS_SEC_PARAM_LEGACY + to account for security level of 96-bits. + - In client side if server does not advertise any + known CAs and only a single certificate is set in the credentials, + sent that one. + - Added functions to parse authority key identifiers + when stored as a 'general name' and serial combo. + - Added function to force explicit reinitialization + of PKCS #11 modules. This is required on the child process after + a fork (if PKCS #11 functionality is desirable). + - Depend on p11-kit 0.11. + + API and ABI modifications: + - gnutls_dtls_get_timeout: Added + - gnutls_verify_stored_pubkey: Added + - gnutls_store_pubkey: Added + - gnutls_store_commitment: Added + - gnutls_x509_crt_get_authority_key_gn_serial: Added + - gnutls_x509_crl_get_authority_key_gn_serial: Added + - gnutls_pkcs11_reinit: Added + - gnutls_ecc_curve_list: Added + - gnutls_priority_certificate_type_list: Added + - gnutls_priority_sign_list: Added + - gnutls_priority_protocol_list: Added + - gnutls_priority_compression_list: Added + - gnutls_priority_ecc_curve_list: Added + - gnutls_tdb_init: Added + - gnutls_tdb_set_store_func: Added + - gnutls_tdb_set_store_commitment_func: Added + - gnutls_tdb_set_verify_func: Added + - gnutls_tdb_deinit: Added +- Changes from version 3.0.12: + + libgnutls: + - Added OCSP support. + There is a new header file gnutls/ocsp.h and a set of new functions + under the gnutls_ocsp namespace. Currently the functionality provided + is to parse and extract information from OCSP requests/responses, to + generate OCSP requests and to verify OCSP responses. See the manual + for more information. Run ./configure with --disable-ocsp to build + GnuTLS without OCSP support. + This work was sponsored by Smoothwall . + + ocsptool: + - Added new command line tool. + The tool can parse OCSP request/responses, generate OCSP requests and + verify OCSP responses. See the manual for more information. + + certtool: + - --outder option now works for private + and public keys as well. + + libgnutls: + - Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET + to warn when no or insufficient priorities were set. + - Corrected an alignment issue in ECDH + key generation which prevented some keys from being + correctly aligned in rare circumstances. + - Corrected memory leaks in DH parameter + generation and ecc_projective_check_point(). + - Added gnutls_x509_dn_oid_name() to + return a descriptive name of a DN OID. + + API and ABI modifications: + - gnutls_pubkey_encrypt_data: Added + - gnutls_x509_dn_oid_name: Added + - gnutls_session_resumption_requested: Added + - gnutls/ocsp.h: Added new header file. + - gnutls_ocsp_print_formats_t: Added new type. + - gnutls_ocsp_resp_status_t: Added new type. + - gnutls_ocsp_cert_status_t: Added new type. + - gnutls_x509_crl_reason_t: Added new type. + - gnutls_ocsp_req_add_cert: Added. + - gnutls_ocsp_req_add_cert_id: Added. + - gnutls_ocsp_req_deinit: Added. + - gnutls_ocsp_req_export: Added. + - gnutls_ocsp_req_get_cert_id: Added. + - gnutls_ocsp_req_get_extension: Added. + - gnutls_ocsp_req_get_nonce: Added. + - gnutls_ocsp_req_get_version: Added. + - gnutls_ocsp_req_import: Added. + - gnutls_ocsp_req_init: Added. + - gnutls_ocsp_req_print: Added. + - gnutls_ocsp_req_randomize_nonce: Added. + - gnutls_ocsp_req_set_extension: Added. + - gnutls_ocsp_req_set_nonce: Added. + - gnutls_ocsp_resp_deinit: Added. + - gnutls_ocsp_resp_export: Added. + - gnutls_ocsp_resp_get_certs: Added. + - gnutls_ocsp_resp_get_extension: Added. + - gnutls_ocsp_resp_get_nonce: Added. + - gnutls_ocsp_resp_get_produced: Added. + - gnutls_ocsp_resp_get_responder: Added. + - gnutls_ocsp_resp_get_response: Added. + - gnutls_ocsp_resp_get_signature: Added. + - gnutls_ocsp_resp_get_signature_algorithm: Added. + - gnutls_ocsp_resp_get_single: Added. + - gnutls_ocsp_resp_get_status: Added. + - gnutls_ocsp_resp_get_version: Added. + - gnutls_ocsp_resp_import: Added. + - gnutls_ocsp_resp_init: Added. + - gnutls_ocsp_resp_print: Added. + - gnutls_ocsp_resp_verify: Added. +- Changes from version 3.0.11: + + libgnutls: + - Corrected functionality of + gnutls_record_get_direction(). Reported by Philip Allison. + - Provide less timing information when decoding +TLS/DTLS record packets. Patch by Nadhem Alfardan. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.10: + + gnutls-cli/serv: + - Set don't fragment bit in DTLS sessions +in Linux as well as in BSD. + + gnutls-cli: + - Fixed reading from windows terminals. + + libgnutls: + - When GNUTLS_OPENPGP_FMT_BASE64 is specified + the stream is assumed to be base64 encoded (previously + the encoding was auto-detected). This avoids a decoding + issue in windows systems. + - Corrected ciphersuite GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 + - Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384 + and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384. + - Added function gnutls_random_art() to convert + fingerprints to images (currently ascii-art). + - Corrected bug in DSA private key parsing, which + prevented the verification of the key. + + API and ABI modifications: + - gnutls_random_art: Added +- Changes from version 3.0.09: + + certtool: + - Added new parameter --dh-info. + - -l option was overloaded so if combined with --priority + it will only list the ciphersuites that are enabled by the given + priority string. + + libgnutls: + - Added new priority string %SERVER_PRECEDENCE, which + changes the ciphersuite selection procedure. If specified the server + priorities will be used for selection instead of the client's. + - Optimizations in Diffie-Hellman parameters generation + and key exchange. + - When session tickets are negotiated and used in a + session, a server will not store that session data into its cache. + - Added the SECP192R1 curve. + - Added gnutls_priority_get_cipher_suite_index() to + allow listing the ciphersuites enabled in a priority structure. + It outputs an index to be used in gnutls_get_cipher_suite_info(). + - Optimizations in the elliptic curve code --timing + attacks resistant code is only used in ECDSA private key operations. + + doc: + - man pages for API functions generation was fixed and are + now added again in the distribution. + + API and ABI modifications: + - GNUTLS_ECC_CURVE_SECP192R1: New curve definition + - gnutls_priority_get_cipher_suite_index: Added +- Changes from version 3.0.08: + + certtool: + - Certtool -e returns error code on verification failure. + - Verifies parameters of generated keys. + + libgnutls: + - Corrected ECC key generation (introduced in 3.0.6) + - Provide less timing information when decoding + TLS/DTLS record packets. + + doc: + - man pages for API functions were removed. + The reason was that the code that auto-generated the man pages missed + many APIs and we couldn't fix it (volunteers welcome). See the info + manual or the GTK-DOC manual instead. + + API and ABI modifications: + - gnutls_x509_privkey_verify_params: Added +- Changes from version 3.0.07: + + libgnutls: + - Corrected fix in gnutls_session_get_data() + to report the actual session size when the provided buffer + is not enough. + - Fixed ciphersuite GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, + which was using a wrong MAC algorithm. Reported by Fabrice Gautier. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.06: + + gnutls-guile: + - Compilation fixes. + + libgnutls: + - Fixed possible buffer overflow in + gnutls_session_get_data(). Reported and fix by Alban Crequy. + - Bug fixes in the ciphersuites with NULL cipher. + Reported by Fabrice Gautier. + - Bug fixes in ECC code for 64-bit MIPS systems. + Thanks to Joseph Graham for providing access to such a system. + - Correctly report ECC private key parsing errors. + Reported by Fabrice Gautier. + - In ECDHE verify that the received point lies on + the selected curve. The ECDHE ciphersuites now take precendence + to plain DHE. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.05: + + libgnutls-extra: + - is no more + + libgnutls: + - Corrections in order to compile with mingw32. + - Corrections in VIA padlock code for VIA C5 processor + and new detection of PHE with support for partial hashing. + - Corrected bug in gnutls_x509_data2hex. Report and fix + by Vincent Untz. + + minitasn1: + - Upgraded to libtasn1 version 2.10. + + API and ABI modifications: + - No changes since last version. +- Changes from version 3.0.04: + + gnutls-cli-debug: + - Added more tests including AES-GCM, SHA256 and elliptic curves. + + gnutls-cli: + - Added --benchmark-soft-ciphers to benchmark + the software version of the ciphers instead of hw accelerated + (where available) + + libgnutls: + - Public key ID calculation is consistent among + all structures. It uses a SHA-1 hash of the subjectPublicKeyInfo. + - gnutls_privkey_t allows setting external callback + to perform signing or decryption. Can be set using + gnutls_privkey_import_ext() + - A certificate credentials structure can be + used with a gnutls_privkey_t and a gnutls_pcert_st + structure using gnutls_certificate_set_key(). + - Fixes to enable external signing callback to + operate with TLS 1.2. + - Fixed crash when printing ECDSA certificate key + ID. Reported by Erik Jensen. + - Corrected VIA padlock code for C3. In C3 benchmarks + show a 2x increase in AES speed and a 14x increase in VIA nano. Added + support for hashes and HMACs. + - Compilation fixed when p11-kit is not detected. + - Fixed the deflate compression code. + - Added gnutls_x509_crt_get_authority_info_access. + Used to get the PKIX Authority Information Access (AIA) field. + - gnutls_x509_crt_print supports printing AIA fields. + - Added ability to gnutls_privkey_t to operate with + signing callback function. + + API and ABI modifications: + - gnutls_x509_crt_get_authority_info_access (x509.h): Added function. + - gnutls_privkey_import_ext: Added function. + - gnutls_certificate_set_key: Added function. + - gnutls_info_access_what_t (x509.h): Added enum. + - GNUTLS_OID_AIA (x509.h): Added symbol. + - GNUTLS_OID_AD_OCSP (x509.h): Added symbol. + - GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol. +- Drop CVE-2011-4128.patch, CVE-2012-0390.patch, CVE-2012-1569.patch, + CVE-2012-1573.patch, gnutls-fix-compression.patch, + gnutls-fix-crash-on-strcat.patch: all fixed upstream. + +------------------------------------------------------------------- +Thu Apr 12 05:17:04 UTC 2012 - gjhe@suse.com + +- fix bug[bnc#753301] - VUL-0: gnutls/libtasn1 + "asn1_get_length_der()" DER decoding issue + CVE-2012-1569 + and bug[bnc#754223] - GenericBlockCipher heap corruption DoS + CVE-2012-1573 + +------------------------------------------------------------------- +Mon Feb 13 06:09:57 UTC 2012 - gjhe@suse.com + +- fix Bug[bnc#739898] - VUL-1: CVE-2012-0390: GnuTLS DTLS plaintext + recovery attack. + +------------------------------------------------------------------- +Wed Nov 30 12:43:57 UTC 2011 - vuntz@opensuse.org + +- Fix licenses (bnc#733661): the applications as well as + gnutls-extra and gnutls-openssl libraries are under GPL-3.0+ + while the library is LGPL-3.0+. + +------------------------------------------------------------------- +Wed Nov 30 09:57:27 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Mon Nov 14 07:29:29 UTC 2011 - gjhe@suse.com + +- fix #Bug 729486 - gnutls: buffer overflow + CVE-2011-4128 + +------------------------------------------------------------------- +Mon Oct 17 13:21:57 UTC 2011 - vuntz@opensuse.org + +- Add gnutls-fix-crash-on-strcat.patch: make sure a string is + nul-terminated before using strcat on it. Fix bnc#724421. + +------------------------------------------------------------------- +Fri Sep 30 15:16:51 UTC 2011 - uli@suse.com + +- cross-build fix: configure with sysroot + +------------------------------------------------------------------- +Sat Sep 24 13:10:41 UTC 2011 - vuntz@opensuse.org + +- Add gnutls-fix-compression.patch: fix some + decompression/compression issues that caused connection failures + to some XMPP servers. Patch taken from git. + +------------------------------------------------------------------- +Fri Sep 23 10:38:45 CEST 2011 - meissner@suse.de + +- added libgnutls-devel to baselibs.conf for 32bit Wine on 64bit build + +------------------------------------------------------------------- +Tue Sep 20 16:03:50 UTC 2011 - vuntz@opensuse.org + +- Update to version 3.0.3: + + libgnutls: + - Added gnutls_record_get_discarded() to return the number of + discarded records in a DTLS session. + - All functions related to RSA-EXPORT were deprecated. + - Memory leak fixes in credentials private key + deinitialization. + - Memory leak fixes in ECC ciphersuites. + - Do not send an empty extension structure in server hello. + This affected old implementations that do not support + extensions. + - Allow CA importing of 0 certificates to succeed. + - Added support for VIA padlock AES optimizations. (disabled by + default) + - Added support for elliptic curves in PKCS #11. + - Added gnutls_pkcs11_privkey_generate() to allow generating a + key in a token. + - gnutls_transport_set_lowat dummy macro was removed. + + p11tool: Added generate-rsa, generate-dsa and generate-ecc + options to allow generating private keys in the token. +- Changes from version 3.0.2: + + libgnutls: + - OpenPGP certificate type is not enabled by default. + - Added %NO_EXTENSIONS priority string. + - Corrected issue in gnutls_record_recv() triggered on + encryption or compression error. + - Compatibility fixes in CPU ID detection for i386 and old GCC. + - Corrected parsing of XMPP subject alternative names. + - Allow for out-of-order ChangeCipherSpec message in DTLS. + - gnutls_certificate_set_x509_key() and + gnutls_certificate_set_openpgp_key() operate as in 2.10.x and + allow the release of the private key during the lifetime of + the certificate structure. + + gnutls-cli: Benchmark applications were incorporated with it. +- Changes from version 3.0.1: + + libgnutls: + - gnutls_certificate_set_x509_key_file() and friends support + server name indication. If multiple certificates are set + using these functions the proper one will be selected during + a handshake. + - Added AES-256-GCM which was left out from the previous + release. + - When asking for a PKCS# 11 PIN multiple times, the flags in + the callback were not being updated to reflect for PIN low + count or final try. + - Do not allow second instances of PKCS #11 modules. + - Fixed alignment issue in AES-NI code. + - The config file at gnutls_pkcs11_init() is being read if + provided. + - Ensure that a certificate list specified using + gnutls_certificate_set_x509_key() and friends, is sorted + according to TLS specification (from subject to issuer). + - Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for + gnutls_x509_crt_list_import. It checks whether the list to be + imported is properly sorted. + + crywrap: Added to the distribution. It is an application that + proxies TLS session to a port using a plaintext service. + + Many GTK-DOC improvements. + + Updated translations. +- Drop 0001-Included-appro-s-updates-to-AES-NI.patch, + 0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch, + 0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch, + 0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch: all fixed + upstream. +- Drop call to autoreconf: it was only needed for the patches. +- Add libidn-devel BuildRequires for the new crywrap tool. + +------------------------------------------------------------------- +Mon Aug 29 08:00:03 UTC 2011 - coolo@novell.com + +- update baselibs.conf + +------------------------------------------------------------------- +Wed Aug 17 22:29:31 UTC 2011 - crrodriguez@opensuse.org + +- Update to version 3.0.0. many fixes see NEWS for details This + changelog only describes important package changes or features. +* Main reason for update is to support Intel AES-NI CPU extensions. +* Bump sonames in the library package accordingly +* C++ apps must now buildrequire libgnutls++-devel +* Software using the openssl emulation must buildrequire + libgnutls-openssl-devel or better use openssl directly. +* Upstream no longer uses libgcrypt but libnettle. +* Upstream now requires the use of p11-kit +* Add post-release upstream patches critical for improving AES-NI + support. + +------------------------------------------------------------------- +Thu Jun 23 07:09:28 UTC 2011 - gjhe@novell.com + +- update to stable version 2.10.5 + ** libgnutls: Corrected verification of finished messages. + + ** libgnutls: Corrected signature generation and verification + in the Certificate Verify message when in TLS 1.2. Reported + by Todd A. Ouska. + + ** pkg-config gnutls.pc improvements. + The file uses 'Requires.private' for libtasn1 and libz when needed, + instead of Libs.private. From Andreas Metzler. + + ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. + + ** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. + This makes us comply with RFC3279. Reported by Michael Rommel. + + ** libgnutls: Reverted default behavior for verification and + introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default + V1 trusted CAs are allowed, unless the new flag is specified. + + ** minitasn1: Updated to Libtasn1 2.9. + + ** bgnutls: Correctly add leading zero to PKCS #8 encoded DSA key. + Reported by Jeffrey Walton. + + ** libgnutls: Corrected memory leak in extension data calculation. + Reported by Mike Blumenkrantz. + + ** libgnutls: Remove trailing comma in enums in gnutls.h and x509.h. + + ** API and ABI modifications: + No changes since last version. + +------------------------------------------------------------------- +Mon Oct 11 03:05:58 UTC 2010 - gjhe@novell.com + +- update to latest stable version 2.10.2 + * tons of changes, see NEWS + +------------------------------------------------------------------- +Sat Apr 24 11:38:17 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Thu Apr 15 16:47:31 CEST 2010 - meissner@suse.de + +- updated to stable 2.8.6 + ** libgnutls: For CSRs, don't null pad integers for RSA/DSA value. + VeriSign rejected CSRs with this padding. + + Note: As a side effect of this change, the "public key identifier" + value computed for a certificate using this version of GnuTLS will be + different from values computed using earlier versions of GnuTLS. + + ** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the + optional SignatureAlgorithm parameter field. + VeriSign rejected these CSRs. They are stricly speaking not needed + since you need the signer's certificate to verify the certificate + signature anyway. + + ** libgnutls: When checking openpgp self signature also check the signatures + of all subkeys. + Ilari Liusvaara noticed and reported the issue and provided test + vectors as well. + + ** libgnutls: Cleanups and several bug fixes. + Found by Steve Grubb and Tomas Mraz. + + ** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + + ** Fix --disable-valgrind-tests. + + ** examples: Use the new APIs for printing X.509 certificate information. + + ** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese + translations. Added Simplified Chinese translation. + +------------------------------------------------------------------- +Tue Apr 6 19:15:22 UTC 2010 - crrodriguez@opensuse.org + +- use system libtasn1 instead of the bundled copy + +------------------------------------------------------------------- +Thu Feb 4 16:46:45 CET 2010 - meissner@suse.de + +- some build fixes. + +------------------------------------------------------------------- +Thu Feb 4 16:44:52 CET 2010 - per@osbeck.com + +- updated to stable 2.8.5 + +------------------------------------------------------------------- +Fri Dec 25 22:11:03 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- enable parallel building + +------------------------------------------------------------------- +Wed Sep 2 05:52:45 CEST 2009 - gjhe@novell.com + +- update to lastest stable version 2.8.3 + [bnc#532750] + +------------------------------------------------------------------- +Fri Mar 13 13:37:15 CET 2009 - jshi@suse.de + +- fix security bug [bnc#457938] + new CVE-2008-4989 + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Fri Nov 28 06:53:37 CET 2008 - jshi@suse.de + +- fix security bug [bnc#441856] + CVE-2008-4989 + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Sat Aug 2 10:28:21 CEST 2008 - meissner@suse.de + +- run testsuite + +------------------------------------------------------------------- +Thu Jul 17 15:27:42 CEST 2008 - mkoenig@suse.de + +- update to version 2.4.1 + * libgnutls: Fix local crash in gnutls_handshake + * libgnutls: Fix memory leaks when doing a re-handshake + * Fix compiler warnings + * Fix ordering of -I's to avoid opencdk.h conflict with + system headers + * srptool: Fix a problem where --verify check does not succeed +- remove C++ wrapper lib, it is not usable without SRP +- remove patch + gnutls-1.6.1-srptool.patch + +------------------------------------------------------------------- +Wed Jul 2 15:49:50 CEST 2008 - mkoenig@suse.de + +- remove gnutls main package from baselibs.conf + +------------------------------------------------------------------- +Thu Jun 26 15:08:38 CEST 2008 - mkoenig@suse.de + +- update to version 2.4.0 + * The OpenPGP sub-system has been improved and now supports subkeys + * The PSK sub-system has been improved and now supports password + derivation and PSK identity hints + * The certtool --inder and --outder has been replaced + by --inraw and --outraw + * New APIs to access the raw X.509 Subject and Issuer DN's and + elements from the certificate credentials structure + * New APIs to improve working with username/passwords and PSK + * Names of constants to affect certificate printing changed + * The function gnutls_openpgp_privkey_get_id has been renamed to + gnutls_openpgp_privkey_get_key_id + * API/ABI changes in GnuTLS 2.4 + All OpenPGP related functions have been moved from + libgnutls-extra to libgnutls, and several new functions have + been added +- remove SRP functionality from C++ wrapper, otherwise it cannot + be linked against it +- removed patches + gnutls-2.2.2-uninitialized.patch + gnutls-char-signedness.patch + gnutls-GNUTLS_SA_2008_1.patch + +------------------------------------------------------------------- +Mon Jun 23 10:53:20 CEST 2008 - mkoenig@suse.de + +- disable SRP [bnc#65192] + +------------------------------------------------------------------- +Wed May 21 16:32:26 CEST 2008 - mkoenig@suse.de + +- fix three security bugs [bnc#392947] + CVE-2008-1948 GNUTLS-SA-2008-1-1 + Fix crash when sending invalid server name + CVE-2008-1949 GNUTLS-SA-2008-1-2 + Fix crash when sending repeated client hellos + CVE-2008-1950 GNUTLS-SA-2008-1-3 + Fix crash in cipher padding decoding for invalid record lengths + +------------------------------------------------------------------- +Thu May 8 14:17:41 CEST 2008 - mkoenig@suse.de + +- fix build + +------------------------------------------------------------------- +Tue Apr 29 17:43:46 CEST 2008 - cthiel@suse.de + +- obsolete gnutls- via baselibs.conf + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Thu Apr 3 17:40:32 CEST 2008 - mkoenig@suse.de + +- update to version 2.2.2 + * Cipher priority string handling now handle strings that + starts with NULL + * Corrected memory leaks in session resuming and DHE ciphersuites + * Increased the default certificate verification chain limits and + allowed for checks without limitation + * Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() + and gnutls_x509_crt_get_subject_alt_name() to not null terminate + binary strings and return the proper size + +------------------------------------------------------------------- +Thu Jan 31 11:12:46 CET 2008 - mkoenig@suse.de + +- update to version 2.2.1 + * Fixes the post_client_hello_function() + * Fix for certificate selection in servers with certificate callbacks + * certtool: Fixed data corruption when using --outder + * TLS authorization support removed. + * Corrected bug which did not allow a server to run without + supporting certificates + * Introduced gnutls_session_enable_compatibility_mode() + * Added gnutls_record_disable_padding() to allow servers talking to + buggy clients + * Fixed PKCS #3 parameter export + * Added support for Camellia cipher + * certtool: Add option --quick-random + * Added capability to set a callback after the client hello is + received by the server in order to adjust parameters before + the handshake + * certtool: Fixed data corruption when using --outder + * SRP was corrected to adhere to the latest draft + * Updated the DN parser + * Added support for DSA2 using libgcrypt 1.3.0 + * Removed all the trustdb code from openpgp authentication. + We now use only the well-specified keyrings + * The gnutls_certificate_set_openpgp_* functions were modified + to include the format. This makes the interface consistent with + the x509 functions + * Introduced gnutls_session_enable_compatibility_mode() + * Added gnutls_set_default_priority2() + * Added priority functions that accept strings + * certtool: Add option --disable-quick-random to enable the + old behaviour of using /dev/random to generate keys + * Added the --v1 option to certtool, to allow generating X.509 + version 1 certificates + * Fix PKCS#3 parameter export problem + * Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM + * gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted + private keys + * Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code + * Added the --to-p8 option to certtool to convert private keys + to PKCS #8 keys + * Corrected bug in decompression of expanded compression data + * The gnutls_*_convert_priority() functions were deprecated + * gnutls-cli and gnutls-serv now have a --priority option + * PKCS #8 parser can now encode/decode DSA keys + * Corrected a segfault when setting an empty gnutls_priority_t + at gnutls_priority_set() + * Added gnutls_x509_crt_get_subject_alt_name2() + * The GPL version has been changed from version 2 to version 3. + This affects the self-tests, command-line tools, the libgnutls-extra + library, the relevant guile parts, and the build environment +- API and ABI modifications, library soname switch from 13 to 26 +- change package structure: + * branch off libgnutls-extra + since this is now GPLv3 or later while libgnutls remains + LGPLv2.1 or later + * gnutls license change to GPLv3 +- build without lzo support to avoid license problems + since lzo is currently GPLv2 only +- removed merged patches: + gnutls-fix_size_t.patch + +------------------------------------------------------------------- +Tue Oct 23 13:59:25 CEST 2007 - mkoenig@suse.de + +- update to version 2.0.1 +- change package layout to conform shlib policy: + rename gnutls-devel -> libgnutls-devel + new subpackage libgnutls13 +- removed patches: + gnutls-1.4.4-sign-callback.patch + gnutls-1.6.1-compiler_warnings.patch + +------------------------------------------------------------------- +Thu Aug 30 12:35:34 CEST 2007 - mkoenig@suse.de + +- fix srptool [#208227] +- fix some compiler warnings + +------------------------------------------------------------------- +Fri Aug 3 13:54:37 CEST 2007 - hvogel@suse.de + +- Some additions for evolution smart card support + +------------------------------------------------------------------- +Thu May 10 17:21:59 CEST 2007 - mkoenig@suse.de + +- Fix segfault on s390x [#97441] + gnutls-fix_size_t.patch + +------------------------------------------------------------------- +Tue Jan 23 17:29:00 CET 2007 - mkoenig@suse.de + +- update to new stable branch 1.6.1: + * Fix the list of trusted CAs that server's send to clients. + * Fix gnutls_certificate_set_x509_crl to initialize the CRL + before using it. + * Encode UID fields in DN's as DirectoryString. + * Fix ./configure failure with non-GCC compilers. + * A GnuTLS C++ library is part of the official distribution. + * New APIs for custom push/pull function error reporting. + +------------------------------------------------------------------- +Tue Oct 24 19:08:36 CEST 2006 - mkoenig@suse.de + +- move developer related docs to devel package and remove + binary stuff from docs [#212454] + +------------------------------------------------------------------- +Tue Sep 19 11:06:39 CEST 2006 - mkoenig@suse.de + +- update to version 1.4.4: + * bugfix release + * fixes security vulnerability [#206636] (CVE-2006-4790) + +------------------------------------------------------------------- +Thu Aug 31 17:40:43 CEST 2006 - mkoenig@suse.de + +- update to new stable branch 1.4.1: + * The command line tools now use getaddrinfo and support IPv6. + * gnutls-cli can now recognize services and port numbers with + the -p option. + * Error messages are now translated using GNU Gettext. + * GnuTLS now support TLS Inner application (TLS/IA). + * API and ABI modifications: + + Support for DHE-PSK cipher suites has been added. + + Removed the RIPEMD ciphersuites. + + Remove GnuTLS 0.8.x compatibility functions. + + Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have + been added. + + Certtool now generate keys in unencrypted PKCS#8 format for + empty passwords. + + Certtool now accept --password for --key-info and encrypted + PKCS#8 keys. + + gnutls_x509_privkey_import_pkcs8 now accept unencrypted + PEM PKCS#8 keys, + + New function to set a X.509 private key and certificate + pairs, and/or CRLs, from an PKCS#12 file. + + New APIs to acceess the client and server random fields in + a session. + + New APIs to access the TLS Pseudo-Random-Function (PRF). + + New API to access the TLS master secret. + + The function gnutls_x509_crt_to_xml now return an internal + error. + * Several bugfixes: + + Corrected a bug in certtool for 64 bit machines. + + Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly. + + Fix crash in TLS resume code, caused by TLS/IA changes. + + Corrected bugs in gnutls_certificate_set_x509_crl() and + gnutls_certificate_set_x509_trust(). + + Fixed bug in non-blocking gnutls_bye(). + + Fix read of out bounds bug in DER parser. + + Fixed bug in OpenPGP authentication handshake. + +------------------------------------------------------------------- +Sat Feb 18 00:18:33 CET 2006 - ro@suse.de + +- cleanup doc directory (.deps,.libs) + +------------------------------------------------------------------- +Fri Feb 10 13:01:55 CET 2006 - hvogel@suse.de + +- Update to version 1.2.10. This release fixes several serious + bugs that would make the DER decoder in libtasn1 crash on + invalid input [#149897]. Including: + + * Corrected a bug in certtool for 64 bit machines. + + * Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly + + * Corrected bugs in gnutls_certificate_set_x509_crl() and + gnutls_certificate_set_x509_trust(), that caused memory + corruption if more than one certificates were added. + + * Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() + will no longer invalidate a session if the underlying send + fails, but it will prevent future writes. + +------------------------------------------------------------------- +Wed Jan 25 21:36:17 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Dec 20 15:04:31 CET 2005 - ro@suse.de + +- do not package /usr/share/info/dir + +------------------------------------------------------------------- +Fri Dec 9 14:26:44 CET 2005 - hvogel@suse.de + +- update to version 1.2.9 + +------------------------------------------------------------------- +Tue Oct 25 13:50:11 CEST 2005 - hvogel@suse.de + +- update to version 1.2.8 + +------------------------------------------------------------------- +Mon Aug 22 12:12:39 CEST 2005 - hvogel@suse.de + +- fix data type comparison [Bug #104617] + +------------------------------------------------------------------- +Sun Jul 3 16:06:29 CEST 2005 - hvogel@suse.de + +- update to version 1.2.5 + +------------------------------------------------------------------- +Wed Jun 29 10:30:02 CEST 2005 - hvogel@suse.de + +- patch from mrueckert to use external lzo again + +------------------------------------------------------------------- +Thu Jun 23 16:17:31 CEST 2005 - hvogel@suse.de + +- use %install_info/%install_info_delete + +------------------------------------------------------------------- +Tue Jun 7 12:50:53 CEST 2005 - hvogel@suse.de + +- update to version 1.2.4 + +------------------------------------------------------------------- +Fri Jun 3 01:13:12 CEST 2005 - ro@suse.de + +- fix specfile (don't apply non-existant patch1) + +------------------------------------------------------------------- +Thu Jun 2 18:03:17 CEST 2005 - hvogel@suse.de + +- use included minilzo + +------------------------------------------------------------------- +Wed May 25 13:09:39 CEST 2005 - hvogel@suse.de + +- Update to version 1.2.3 (fixes gnutls DOS Bug #83481) +- Include defines.h before gnutls.h, to pull in config.h, to make + sure memmem.h prototype memmem properly + +------------------------------------------------------------------- +Sat Jan 29 23:42:13 CET 2005 - hvogel@suse.de + +- Update to version 1.2.0 + +------------------------------------------------------------------- +Wed Jan 19 20:43:20 CET 2005 - hvogel@suse.de + +- update to version 1.1.23 +- get rid of prebuild html/ps docu again, the devel packages has + man-pages now + +------------------------------------------------------------------- +Mon Dec 13 20:07:38 CET 2004 - hvogel@suse.de + +- update to version 1.0.23 +- make build of postscript/html docu configureable + +------------------------------------------------------------------- +Sat Oct 23 19:41:07 CEST 2004 - hvogel@suse.de + +- move config script to the devel package + +------------------------------------------------------------------- +Thu Oct 14 17:08:56 CEST 2004 - hvogel@suse.de + +- Update to version 1.0.21 + +------------------------------------------------------------------- +Tue Sep 28 18:04:28 CEST 2004 - hvogel@suse.de + +- add doc subpackage with prebuild html/ps docu (Bug #44496) + +------------------------------------------------------------------- +Mon Sep 27 14:38:19 CEST 2004 - hvogel@suse.de + +- fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035) + +------------------------------------------------------------------- +Tue Aug 31 14:13:40 CEST 2004 - kukuk@suse.de + +- Update to version 1.0.20 + +------------------------------------------------------------------- +Mon Aug 30 14:22:43 CEST 2004 - kukuk@suse.de + +- Add libopencdk-devel to neededforbuild + +------------------------------------------------------------------- +Thu Jul 15 18:54:57 CEST 2004 - hvogel@suse.de + +- add libgcrypt-devel and lipgpg-error-devel to nfb + +------------------------------------------------------------------- +Wed May 19 14:58:13 CEST 2004 - hvogel@suse.de + +- update to version 1.0.13 + +------------------------------------------------------------------- +Fri May 14 08:48:26 CEST 2004 - mmj@suse.de + +- Add C++ compiler to build +- Don't remove buildroot when installing + +------------------------------------------------------------------- +Mon Mar 1 18:44:58 CET 2004 - hvogel@suse.de + +- update to version 1.0.8 + +------------------------------------------------------------------- +Tue Feb 17 15:57:15 CET 2004 - hvogel@suse.de + +- update to version 1.0.6 +- fix autoconf quotations + +------------------------------------------------------------------- +Wed May 14 18:31:12 CEST 2003 - schubi@suse.de + +- initial; Sourcecode received from XIMIAN + diff --git a/gnutls.keyring b/gnutls.keyring new file mode 100644 index 0000000..ec5c623 --- /dev/null +++ b/gnutls.keyring @@ -0,0 +1,226 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEYcRaoxYJKwYBBAHaRw8BAQdA5U8Cb4ZMYCjuAa6tqNKbRxXzycS2iLvNzWki +bGD2fe60JVpvbHRhbiBGcmlkcmljaCA8emZyaWRyaWNAcmVkaGF0LmNvbT6ImgQT +FgoAQgIbAwULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AWIQRdRssPdjQFpwU1 +VvR6daZIs/kiDAUCZZQM4wUJCXNMwAAKCRB6daZIs/kiDBq0AQD4kutiBvEtpeI5 +oHE5am/JgQUbUNQ8hGiHeJ+epRc5NQEA0xzJPYCIlvZ4jgf7K7RiKkqjzozOLwun +GummhMd1vQ24OARhxFqjEgorBgEEAZdVAQUBAQdAxKg6y4A69qT7doTni8/zKuKy +QKXEORZTCNxkcnz3dXoDAQgHiH4EGBYKACYCGwwWIQRdRssPdjQFpwU1VvR6daZI +s/kiDAUCZZQL3wUJCXNLvAAKCRB6daZIs/kiDCtdAQC6p+B26g72CLXjq6xmaLqs +1fi1auyPW/SnNRbbaW9UlwD/Up5lkp+r2n5d74vj4Y43nORpipb4kR3mP5g4SZak +IQKZAg0ESmfuLgEQAKHTAV7YHndSUjFY5DfCsrdMjIembP3PIwKR0g/vHVvvhn9L +FkDs3y46TkFCHcYsGdhOEmXcxJY4CClui7IjkSH1/7JnbsCgGRBx3wl4dyRsu9cL +EbwY86fVypIFSy6z7q24bzosjeu50lIqwVna4fRqZF8lIEGfJuuizLl1OfnkYgnc +FupZ1pM/u40VZEzOLoMDj2bzzSEnaq6eS4A5f+ryS8ql9G4kJ2Z72RdlzWXzwWoZ +QSV0JVikb5KN0IU/0KZklFiEXpS5EdJlfIlPDVYyainuBiPYXdBOyh2d/V714OO7 +/JanOY8HhYAK2us7vDM+W5+x6UU0isfDHq3KS/N+VphODZuuf2imZlMAzt5heEGT +wAS85cKDWrhReJIa0WmjAFRW2g4ZAeVILbXw6dDJowSwLsJqBvURCpk1tee9wxXM +whxdwocVIBCuTn4h81NA6iTwUhZdabxNhUOpUilYQoOAePQ/Bw9a2mSGOWAg/TVr +m6+u+/TDVOrY1yMumnJjKegS8RsZaiOS7iXIJRZ1YAv2fmHcgKXIEKp0fw4y10vd +aJsYiWRs5xZd+xH4VREK/l6zAxECVkq7Mt/pjIPOllVbI6h75Bz5LgOXwn5Z5js+ +q40nAZ20uSVKLTjfpVgq6niSChPeIAdhU4G3QrTecO2CeybZTGIRH57X3RhXABEB +AAG0HkRhaWtpIFVlbm8gPHVlbm9AdW5peHVzZXIub3JnPokCVAQTAQIAPgIbAwIe +AQIXgAULCQgHAwUVCgkICwUWAgMBABYhBEYiJcO0bzSHn8hJbNYFhI7X5phxBQJb +qxq7BQkaqS4NAAoJENYFhI7X5phx7qYP/R0/oCwNjM0treJEL7U1CAaPD8VMOrzl +Fvc4Kx5pJq5VLoMTpl1ikgyk/LAbNleWdgxCEtAGf4NbI9nxyV6Jh2EwGSwLf/HV +Kh5x6kWwRMqpSY5NcgJsQeAIojJT0ui3HANwNxvqcIHCsPlCjSbKidgEkl/PGiSJ +j/UiP/OJ5Z0DqKg7hrd29XgVuBMIKcFQXysiHfy+N+9UQbHtb6qjkriRZAZ4Jb6Q +LrwIzMqKOINj2NNKtxH1AaosxLQ+pcsmRA3OQPPKk5ptQE70+R+OiGbFbfkL4Uui +gjhMAf9qmppiMnxq9gkt/lLteCpTFZZ2FeL9mSKu9eN0jewweVVcZdgm0vVmub4m +rrkciJGl8Le3dZG3sZ1KYink6gSbYY8bJCfYo36+JqQx9KmyAQKLV8YwgQGlHyy/ +6vHZdsPRsugmR0dbZEXxr0VE/CI26Ed68u2ZxtscVdurWeNhsFnJpY8Dljah8QYn +kObRp7DyEMUqD9cDC7Jlmgdq8fe9IIPxVNfDgHub6gh15dA7XdRWB2Fd1rtSQ0xM +/so3rfMDrssJ25RTkbA6gLNy54NO1Pz2xpsuL3MLlVF0xFdCIf7LD95vikfcXY6R +iaJwniDS6bm1UOkaRzgG/o5FERS7Ea9cowsxoxypybDHefH0Qn74J6B4BtgEB3cg +fiJHjFjSzTcetBlEYWlraSBVZW5vIDx1ZW5vQGdudS5vcmc+iQJVBBMBCAA/AhsD +BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBEYiJcO0bzSHn8hJbNYFhI7X5phx +BQJknpE0BQkf2j2GAAoJENYFhI7X5phxAzUP/2WLxI23iiF12lVVlxj84g3F/XyE +u7oi5nVHY9wtmw0PoM3/sHHDO4H2LXH9Beb4Nitpvzy3WkMMOiAGdoDad0CC8gD8 +TChjAd4vh5arT9PGgTHNUdp33m80j5xl0TuDEvfbXaoL2ZTyW4TApmpiPX+a024L +mx+Xf+WBj8PlEjXSjh21mXQs+L3gZGwZFXc2VoQNg/rBGt9rmv2JcaO4q+BbVhY6 +o1PYL0C7RBWfz/sdIhWazYMa8L243a4LQU6CkILwum0yJ37ERJ2jkGc8NaHsqXCi +zbmFFp3If6u7F7iFrIN0W76hUL69nwszGlz4OyLHJsDLDnp1fJbOBk2gZZCMoFIS +OXqxTZPUdxbjWaVNRz1/ze5LcGF5yB52lgqOxykZCIIGs9mn11Q1kWPoB2BovoXd +fqTgMwx68qvQXWUzHj8fVemA3kCwqK9udjFok62GVKBy7uxBes+Le74aMg17Pp3R +siMuL4jpTppEuBpc5/gMQDJSv53niGWLyrUCa+9lDGqxpHiV+SRrEXekQlFCi+cG +FS36mT/Vnvsnss4ioKjEPWv4OuASkC78GvGMSXZrFMHrILgRrLhErbO/g8d2/+X9 +3p02A5R9vbhdOSOAgjvvGLPzR7LidOoBOZYaTq28HB7cNmBkpAp4cM59pQwTVZYm +ryZF066njjn5TEoVuQINBEtrT7wBEACjRnNKXpiD/tbVSiF3bicZpf4C1JFIDvvJ +HQZEuK35SqeAe/tUpMAwbBfgW5sExUoB3Cy1lEK2Bi1kO7GU+tkdCHhi6jrcLYiM +g7QXavYZ/ebYHVfhVY2vGhOJVz4qm0/WvQYT3OpJSqrD1jT+AbRpDxFk9h2CBPw1 +roBrh8TqYKyIOBPSswLwP05IKk9h7SwQnl/stXRchLMVaMrKL33V2bpZSI4NtYhJ +QGzX7PHVsv4JYBCXCeFRhAJwLLySfGM3DXdAChsOjtGob/sW84Kv5YM65sHxmhit +4NC5o5IxVQntvYaOsTafF9KOC8egostPsARxUNNihGYvJ5WL8NS2wQVMWsiRMK+/ +QsK6PEMXny4q9+lMPGBZpuGicUX68RIIJynAaHatdorA0hFSDQIVxbhDTQdrBnmt +fSx33Yd9LlaW+oFz3oNtsUP57JQMvn7/RYMSheRqtlhSOOHQV/DdORo2B1uhd2Dl +uZOzsVz88o/2eZ9dhO8ArNhQRpWgcx7dq+kI7FyUH0Idrw29qD3IT/PnEOTF84ro +l0HEagP1ozVB32krJIDRQleTmdTogtT69FYLHnK9fYrk1m3Pcc3TWb/1PCcccN0D +2RJCl2kry5wJdx6g2bi7wg4twpRJshi5jREPJAAGNy5MKA+oon6D6gbwwNP3xuz/ +/9BU0AUDYQARAQABiQJ+BBgBCAByBYJkorMiCRDWBYSO1+aYcUcUAAAAAAAeACBz +YWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeZgZGsUjuRusvhjME6v0SyZCTB +ZHc9vQ5i7qV5OPZtLgIbDBYhBEYiJcO0bzSHn8hJbNYFhI7X5phxAADssg/9G6Sj +nPi7yLDgXwmdQnZS20afRXa+T/YrsupbcKtXz+9As/QeZjnwuWI+LMDEjQSGnbQ4 +w4Uyz5hnpRnWYDq62hsFml1eJr5xwImscJMUYkVdBVTxvrYn9Dxr+C+FkeJfBIkO +qZpFfe03VNwNU7zm6lg2BzKzBY3MY0nm/J/fWhmIXGOvUXHmRC6NnRkiTQcLsPU5 +TrJoDXP3qI2shr77IE3TFZ60xD1mdoaZol+CQEXjoAzd+PuWBltdkMVSqtLFkyEy +L0kup+u/JdBrZxDNKRYwvoIi+cpzefq6Cp52L4WOhKxYQxrGPaFXzuOjf5uA6YHj +nikhvtm2W1C4FxEJ9OaDgP5EtdUmwnAOdPc+uNwpmChpFZmno26pqZfl7st6hjWK +qc9bEGncemxqregsCZPz8S/xHtFIKG7tGu7bmXVqnlkbz40t+1dQSN7jM6/pEIKr +2xWiZOnQ9/1cwuS84ZIQiwvOT4tGlLxnhdPjrCdgjtse2rf0Z1e29D36VKvxEQvh +lyAkqu4/8polwDVjHA3e3wlM8oCIoV4QvWWiqwaYmcFIk67TeTFx/rADZdDk/1w6 +Ym+aOkPah1KLj7ERikSi3L3WJsrqZl7ij7fW8UrU5hz1Ncwc5cshFtdICAHA2ZpT +vELN+aCng2VkpPsR3NGa4ihB2Rbyq2SsGJdkf1OZAg0EV+o2lwEQAKWMXF8xc4hs +2nI+Tl6s/QTiw1X8gGJCztuEpLgVUqfL8bmQx91t1F7bpfVBN/wmrxXcWDZCTnlZ +NFJ81F/5AyMr1d8CBCuFaBHNx5KIl0Mo96wlFlYt2ANIjs2duM70fNgQPx0NgV9U +ZrvuXtW7hH7G+bQE83NvEjBg/OC16JaImRK9IV3FMsv4V7H5QrUwe9dAkN/EnaKk +I6B4jTd2DBq4JPfK+0FmEj/09Fv8N9EPgUm/TQePzOedMRhON9qX7vTczHsslmqD +d5DSXbCgYamiuI0e3Xw48i07R6Bz5h0/gm6PKzS7effIKopZJitF4/ry5m2/ryf9 +piv0koeaC+ygYTALnWmqlS2PeFUbxfqvllz0nUk2wGsHVIeBKAkMeWyvluqFPLey +zouexNl99s86fMhvMKCUbYNN1CvwMJtXCmabaviN1sbMrWa8UdW4h5RNxs4ot/9M +uZOtTTJNtRbESXiyB8VTQuBZAh+eUTkuSa2AC4O6M1UEnc+a5pzRVy99MF335Kat +S42S50THIshZvCehjZNL/BHXnyd1Acqf9VBJZXJYLuvw3wlH2qYl2GGS7fR6V4ii +94dp/EE/kOZyzx5DJSNd6evYLwgJsFQvkGGqsCy8myXfDjK5Y+gx5kxBinikAigk +OcnwYBlAlXBs2mxmG0qiCO2ooMl8/g0rABEBAAG0J0FsZXhhbmRlciBTb3NlZGtp +biA8bW9ua0B1bmJvaWxlZC5pbmZvPokCTgQTAQgAIQIbAwIeAQIXgAUCV+o3dAUL +CQgHAwUVCgkICwUWAgMBAAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCy +nxQyflAP/1o4u6QvvBqAA4SK8eDgCaDjfKltjDn52jx4JfxBWlfS/zdnz8qPDTXX +iEh2JKpitlG+bmRnSngOqPH+sfFQvUz7czidUfF+Tlt0jO3Q/Zt5/OiGh3vgmOre +B4I5cObNGQmT/Ma5si6NfTQU0+okvd3j6fRNswsNP26TF+m7gSd27/S1/WkGLe+D +Ukq+fYXjCNn4qCg9KthAULJkZWiCP2rok/m2xCHmAq0ALVyDTE/IKRbDEqc04qsI +/XqGPavLdHmG8On1g8sek7QvJKkRgN29BUzdS6KBYfZGSLJ9KLGST7BPegyFLXvD +SMxUx4KrJRxgytMcmzI5SYTA6u6RdA1t5AY6Jw17YgP4Ba/yPPTbrTxJb7qM4NOA +1c/xc+j3+A6bWjLUbHMESlldcZae3s9cFjmOfDW9jn0WcmV2e4W1u2kTF0um1kfV +8kriiHKKT0RJ8iVLfpJpnJ0/7hgsyUE4O8BH1J+Pho0zVfTE1TBp1FwRZJQ3ls9X +3f5Zpn/KZy7gjseQSPx6r7pra7U5gSv/0Y1qDRrNvtULt1+0SobAmzp84iqn3GRd +/NybJz5jB526fm16WIE3MLoEB2yj+T+4AQ5Va1NHLqRR5oXa/anIzzFrmoUe8dRY +le/PhIvHEjzRrMzLFrmXX6eQZH1Gle59KbCFJus0bfSE0PL0xmKsuQINBGEgbmMB +EAC6sAEM9vo0ocfnyAlhmG+clkdNIH0J8NLzZIbnHOAfTnnLzUeWOT14JR7Q//kT +CdorjbX0dWD/+TRIwFHdXtLQngqaqSc77+1nRkx/4R5tbzJrd/FYA/4zk+sPpDHD +idcntJQ5chduyiuESn3L0H0OT0muck0g92BAkGATaswNWLLnu/TC1486krkG0aQx +DDFIYggzJR6v/saCrTGtMVMOhoMcWKGGQpFCYznB+3scYucTc4o9CGY/hpYeukZZ +72xmaYWZqIQnCm7pfLyJWNkw70EO1r1EBStuhYWEUqgTfgfu6KQHRpRiMPWf0Oss +44DQR5fIkY/VTCBeIWOdX2TC6qVfgMKASfIyYzPMorDtAcrXhRb4aEZqh9p7AjLs +8izfFR8/GSdoxIda3b+cfFPZ5dk05oOS3wkMQOy5ZeGv/jp8WZds7MC9+xNMhdZ9 +4hRU6dN7S6yq+btrgPLWXk96yl4VZkwRz9fxk7PqZZ8riz9VAfKE2llkC5pEXx09 +B0oUxu9DXzGZI9acOG3YAtXlezhCaS6AcvQZbQ7CXKHd/sGXrf9T+sqYX9k4FnLm +7eoWHH0rEMC3QVPGbIs4rGZbjBBybVrgSL8ShFpmhw9F1PyD6ug2t41NBIbZr9e2 +eFaVO2LaPpZPoKFGZoILrtB/vW32BmQV20Ibr7cK2dPcbQARAQABiQI2BBgBCAAg +FiEE6Yerf36JZnd20Fs7sOndILKfFDIFAmEgbmMCGyAACgkQsOndILKfFDKCmw/7 +BUinZ7uO+ax1hV25Emdg9qJsbtW32FLMypecexEK/CrOM+fadQe+xzPOoSlHw5tS +1ZB4rdKUT0jIingmmgaBWFd0FQPSsxHlERvhTfgDBlzAl7CkFisOPYY/ErL+lCjM +4t8VgsHsQZQZ7Nx7wMuIbT99n1lt79lt3YXgkZfIerDmb5mWuGP10b1/GDFv0s2R +T2dyNfdTNFtfzpehA4ea7Qgcz1ayqeyjWqDpoIXP+KCC368vv7kukBrdSpn7RLS2 +xYeP8zB8ovfe+TzYc7ZSt9UdjbW7U7qzU49Kq5C4n/qvj7R5kcAm+UDSLVrvnbAf +nLVWWfgo0sOmtD5/EoMhlgKtN6DrVTSgf6xW6oWsf+8Pz1NROhqLwkcDvpET6zuT +YEWOK9vFik3XEtdaSlONvaBPN8aYfjoPze28MgEEcf3dw/+QIczw8+kXWXjmAHth +L8RpC1fiMmdOXlB1d7gkUPQkJmc4NeRM53fgE097IbXbEFhMtDSu8yzKltG70ahO +WoNKwdArrQhbiFKc4hoCx/caRy8jK0kFb5ZaNkljbtyQWFXm75lEDpaa2RFvE0T7 +pFrMnrOEts0tlJwEf5s/SxWpFniXW7mCov3eYFnrE8Lgq173z7NmjmMTms29bro8 +UW8eHMflRchZsrEUAQOtlA3k159Wt/2MTK9LnIz1I7a5Ag0EV+o3eQEQAL7E7DWm +gc1YdUV35LU1JCYqu8LScbyPtnilMYjgYORLc2DqXLIBWuIdP7hQ8lkQosQmn+oj +EfIEBpwbU+q5fsyxK31nReXxQQgDGwobjdGsZykjf6Dj1Jd9y2LDsBpZnvpFVhqp +YAv3bmyaGpIh+9y5xyLRsCTloVL1R+JyHuOromVllR25+zFwvoFhjfq27VK9QjTF +DYzqhdr3e0sx1LKb0DaiDHc8PT2LBjmND7KMGUKOjDwiFY6Uxd1eTB6Y+FkkwfMa +bk1JRgF+rGA9pvy0sjJcWkbTvW8erBJhhWNN4V7rtSHMMRdzFvqzhgWeO7r3TarK +js7pQCM8t+rnT7YFm1n0rHLfW7ECV6WBvWyk1N7a0C4Q5ekJ+fls4U+Iy20bOmhs +3vRxNA0XaGdp/NH1ldi5KExYbTpQpNQ0XK6j1KwE+TdM24v7su6qWGgmWUJKWFfC +ms+/zwAVGypTXa7rDi9X/+Ubb8nLLkQbf4W4/OrXBWffkbG+4J2EDRxF1UeHrHu5 +NpnFP8J7sWYKV45Vh3pK5le2zYbDPF84Ge6BY2wiYvvWnPEqg7pLPZfaRSMJkqxT +QLSwnHf8vBvVXHAmp0WpYwOYBE+onFcZX3/t8d2uiEKuhElNfxdC1O4UolaBBEpz +FC9hN1IXWIpTgRLo+G4ket8FlTugwe+l1HN9ABEBAAGJBFUEGAEIAAkFAlfqN3kC +GwICQAkQsOndILKfFDLBXSAEGQEIAAYFAlfqN3kACgkQQSdIpAr8wvsH/hAAlSnz +UTzOU+x7/P4fPxl9M7dLWcOIKaaGrjNExz9bVCGXGnHZR3f4gRl/bowRFjGi++vh +nlCz2Hj18lFRXG3HjlSOwdzJYSa6ZMqdA2AW4167kJtQNEXpfV//C5mXhfe3U68O +33+acvqU5cG4/+QNvun81j8SQlOyYJlsQwW6W1EH2wxfuvpid3SNn5yDZ7GFhfZh +oxBwzITWRiWifcy8r3xufAVrFZKwAMvWrG5LRJD6pgyW/1oMsWUIH0U+QD0vgBoa +RCAW/gqLRf2836n7PeZaLuqiHMQgYOUs41KJ9jy6rYiHLuZsZPJ4luFbFuUylJxj +KUfnjVuAoBhm9XouywKckE3oXUf2Sa504MQlo+pNvtf4LK8RALpkTe8joq5olEnV +NNIq+UBxK0ZEG6SaCnf4wtYcL4uUVgLj/QYm9fob3gakVlfEVZx2SnCqrB2NAtMO +RUo1iOm//EwAnaFP4XaqPEQLZaEnKF454n05xFvt21UGgM81z2q9DrAbAolrpf3Y +8LtC42TQTMlGmyVmxUzgqyVcDc8Pjj0VP+9twp8za31bPXs88/o3E+tYIN46pxYV +9fWxdns+eNupVm8ZeZ+sblhkQGb2yyOPM7SEsP4MKzITPHheBxSzniYo0D6jrX4A +lDza7Gjw4YsOxus2NlhzBsWxmTpYat1QSW8cEQgWIQTph6t/folmd3bQWzuw6d0g +sp8UMpnkEACd4nfSJZIVX/jGtbR9kwOhnchAEkW9nwCxwgujJxvkPSqgMLbwtGhv +KMunhOOU10JWWT2pZ6JvYTzRRPJwl8snXwNlv9HKa/XUlbo7SGuliAya0J3UKxtG +Jd9+yOj81BznQjlZF18yqjERP1cyewmuGIUEqU1ODVE5SVajZSSOpe9EnT0TENZ3 +SJcodwtg8rd1V4pqUecx5cpG01szohDuqXJ1NbvoRIYXbxwyx9b7JK3YuoDhRylG +rmCyP5n5Sb0J+5yfcOL33CPVK7SLladTlopCcaeieIIMSqMdUSHpLKqvOrRt3Cz7 +9A777L9MHND1yf2Mm/IQlih/1d6JblNSJ2znD7hfpo1ReYmzYtG35a3m6FZt4QT1 +5gGLQ0QC9a4s4LpqY9zPxaW9jpQPsyodoiCk/j2ZkwHLIa580V3Kh6dxjI+LwXlZ +/9T+Q/C3L5Has5yBijtCdekyrsD6XVfEn5gg+yFkDc6TKYCGhsro0yA9J+BOGRD2 +HDxVbH3njCiP5wDvxIgOQLN06LQLDX+Qq++MRnJe4e0i1CQA+ow7ROSGUEPX7k3p +qoxJcQ2i2SCKz1PooV/ii/iN1PfU/IK3GAJEO2ktpQM9APKP//tvc00CAbarnlc9 +G22yWAxW3R5JN7SfeX+lqC+Mok1cS7WGCQOOOC+B0EelTaj6Zcb7wbkCDQRX6jaX +ARAAxAQjAzi2kzXnWnX6yAkijTQk0j5raWb7+2Qprqr+I4ZbjEFiQFodw7Ei8eFt +sY5LSSvFWe8WXl0Ahvmfi+/9TPFwgEtLWTOqguCjJQN0VkOfjhEDWLuAFHoa3IzV +ySoZhDgIDQ/LY7cRg+Ryi0AaInesYx0cxdYkt93X1tPtcV4q7KiTIWZWBsWlBZF3 +qHgneIfq6lBObjd/QfKhaFGleXi4UhJfcwnVj01h6dCKWUSNPRr6/sbdQztsnDYn +ghka+pdUAmVqpj+Cpb0ppUuzO78tW0lImybRUGOomhivQbw2/TcYcgwQmdUi7+Ie +Td/8H9Msff2P9u54vFbhUt1XlNk4KWyOi2Xu9CvidXqNcg6wpdAPthIjeZ3tRT3H +nFt9N5cPlhaQwV7SuGx9eaiMk2Oj2dBPvV4M18guwfA98iyNJ4tBmmiFLagfaDuN +aMgyt5cQA0tORt5d8AUoF3OrYQ/wdiToa6IJ7RO2WaSlFaYOHFJzMUDLNSUzKbVI +OR7No7QIOvKYJR4njnHBgIK5AeQNu5ucBxbFDOqnmu0E75pHOrVn8l5OOuHN/EiO +SGzRTdSh/iVftUgZC3vj+XnIlen1RBU63DRkFn97knlQGtmJgi6yIJhWHYk9LvDG +rUAdtPgrIr4844O3E5ZNTDW0YTmWtkfqnmfgEVBUdMWjj1sAEQEAAYkCNgQYAQgA +CQUCV+o2lwIbDAAhCRCw6d0gsp8UMhYhBOmHq39+iWZ3dtBbO7Dp3SCynxQy0eUP +/RLpSjdHZzZxJ0gorRbNkUZ+hJL4eCZC+V+JGBvTgLd58lN8ah/vqQafn3vUXwB4 +3tW/if/Oz9ZRrLhfPtfROEQjxroo4xNRY9PPrEO1yQ5O6i81CcZGRKpZ391Q2fPl +2+lWT4VKXpn+XbF33FXAox9Rdfc/H5bXF+EiT00EnuxKWv6yyC48lNgKGBmSdhRE +iXTzzRzGxBxN3GWQV+2rIrHMy3Bp2DgKb2kHLhA2sLg8oCoszhWcW1+le34ioqNB +Yt/HLvM+nVzxgrD6RMQg0aiFQJvIw68Z48g5oD44xIjJT6YWXLbZA0XaXLn+m1CR +6xqxSeXsXSCnvbF5KQs6MsxKFs07T2GDEMuHJO35IfEfg1JWWgzqJfGe8bKBeQ2U +wFaZrYlmOYpq4VIdWwgDHlzuXynb/7MLe6NyxJPun57Ex7NsS//sfrR5nPunk43e +0W0lqmT50WJxRhBHhxXmkQ0fH6tzra8GJxo99+MJzaSfENvdRz39BQXM56nv0/1w +lRdfqJJcqYqVav/gKvKaB5eH3dXHKGZK5YSiQbtvqKBOwsOhHxtvsE18lu5LwiYd +nTaI0DmUcl2o4iC0+cpSFSesGSGd2XIIid0E4yre89Cf4kfuCQhvUkBrgYwU3mFM +/MhgH9hH7MKAmRVfm+pwNOk3owA/vBcSuRRLeeVGDGeqmQINBFOsE5ABEADD/k0t +8to+R0kPhr2k7d0P/p1SYgxkwSaYgdv4/MgO/yEbQDMsqs1mw88mWnFKKdbH4QUS +qCj21SiiJVrcoY7dNNapkKNiaMNCylAxkLtDw9/up0AVdkJ/7iHvrKlwIb3SBQV1 +oJYBrXF9rzFBtkW9NhLc+DzloeHfPtABCIi0XoIOGSDn+RQvppe/13phBj+2fd5I +LNWiHfKIrr6228TynSPqy7H4z5DYcnYIJ7f7FO+MgaZjj28GFCyCFz7DMJsR/JX8 +CDsaOHvBsBRtBIKSQ7ce9KtAnemsmyGVkaHpGvxo3gaWj8pROIiQRbDYfXXvMbpT +Yh/OTxbbx3SgBNjk3fH6ZjYZXuz+1kjJ9aajRKWvhZbMCjKEGjm3n+PrYdd2o9W6 +j5+aOhSWDs54z7froPmt291NdykF4kHb3W3SwGaIACV3/ZorrwG8wHhnV8dEwqTr +E6xcTIwr2+C07yFDKrSgTbZsjEb6RbZA9SKsj6+ct8TrAxVPAigj7eMdWcF8yxxQ +CCZci8UIx9hyHAfr4fKCYl0KlG3SoZ8kTKiB0AvjsK+QowE7gKuHeKOvEn8cb2Di +BWjDfJoTO19xhzm51jxcDneIkVoeSg5QJqtiQZybyhf7vP9vl1fS9O8I9y1uR2lC +x7UkWAGTTVTtzs+O47125jsj/BjLMECT/Ub33QARAQABtCBUaW0gUsO8aHNlbiA8 +dGltLnJ1ZWhzZW5AZ214LmRlPokCTgQTAQoAOAIbAwULCQgHAwUVCgkICwUWAgMB +AAIeAQIXgBYhBByyfbyYYUstWEFkbQgwLbaiZwQoBQJgRRE9AAoJEAgwLbaiZwQo +1nQP/igf0pGcHlUqHSGmaapDoqRJfHcwUMfC3FjK4fmV94D3KUVU9txWbb02qX5n +1yQXcpweHEAQEY7YVUbZLND2kMqq/unyi6TqdXK6wtz1t6tO2IsPXceAzI5pC6hX +QbN/sQIBD+ytdUVpvuOGDLUfbn95PYqNx/2t3GzW2hSglt6MUFDHVvQpglkQnCGI +1C2ulqPOarKcxggH4pTWQ2PR9JOJMS4iUGEyZeVUA8m21V+KZS3CZjaEuq+/3dLW +WzC1vtl7WMa3JahCGaJHL7kauVa0qgEkG1FENDxNhjb9m7nXh7+DRSOQM8oT4EbC +kSt5mLAwPl6JoAiRa3l+oVy6SldpdkMl6ycCnYEWki5K5xTUeJugw95Hm5mkD6Dt +li7tTtIlqcQ8i2kQB+BmtD2HSKBWrFONE4DQaBv8GcqzoDMFmw72sOStbnbAGEtz +IU41pmOaV6AnfN/hVqNNH3P8vzrSJifU0WCR9TEZoZoN0Rxbt4vYbLrArgiGE94K +rUEJ08c7Q4VOAdbQcENgzu+MnQC7jWk471eJ05hWMtqvW2PKh/2bF/LgIYJuBcNX +CKFBkDNTBNibJ8MnVn0uBZ3X9G6Kx9wU5e89Qvj7V6MM4SoTiOmhlbxH8GxXXSYf +AWosuWUSOFyXzG5yhurvUmYW+OIFPRZ6Wb5gKSgoLdgB+DhfuQINBFOsE5ABEADr +LQL3bP7+M6PTCjuVbqqHBDhBAKEEuxKffwDz1AJKfRhvqTYIKQqgZwaIzXdbOkmP +rTEgWHJKbwssaRmdBVRSYkE2DXLEcnuxqAgNyc5RMoVHWIE4jFNkxmrN6ZcVWel2 +OwCo9A6bzUftKKYJRPAYou4nmv87+CdKT16JV40dMG/phLyPINByy9wThIodpJQX +/H1O6OCsMM/ZQJQ8zJCXbCCCe/c5gcg6+RJLsNa1CjIjQH0F1XZuncxz3nvKLxXL +uQG8HCcU5GxW/z2byjEkoJrlakmcwUzuih7IuFrvSaexb8so2N6u5H8vm+SBkCwU +c28lBsKECOJUeH28CBcMmFuRKFgF/fBpRiXDKI8Fl3IRm5vFIfL6oIBJBSDfunfZ +5FPXup5fVGT9k0dhBlD48zDQ22kVVmRkpctxGwd3yE4BM9/sQ3nK4HwrB9+9X2Rq +xbAzwz8LGvRE7/rusBg9HaO8kIOO/7NjutCvJkHGPfJSF7i9XvBcoQpkTIJFPaxu +pk7TCFOVDAzUYh82MzNq89SVe49017/nuXzKJ3SAtok7xDYVsXXriYgnmouL7f+c +DXdXmLIxPZN6LKkwKb9/rU0/9xPuvxS25zCSgjig8/SFEdSt6wvs94npSn6RcmVx +i5VN1Ni4IMRgQn7hXpGKATlM6CQ32V7QBJN24mFECQARAQABiQI2BBgBCgAgAhsM +FiEEHLJ9vJhhSy1YQWRtCDAttqJnBCgFAmBFEU0ACgkQCDAttqJnBCh3ahAAo9lG +UYfbbuQd6XRb7bkXWsoPoTI+o2S9wQOvZQLb/sANCkK0HqwAWdNeBKWF3o9NUG5y +/gQ3wNJv7WBGzCBL/N87K0doq6s9MiwXFIykr/yIlN7la3lCQvOUDn1OmO9zHGq4 +t4arfCiInm5Hc6NhStV3aKtgIJoGWDMu9aIcy9canuAO+oO8l1ayV1kPDKWskVEX +ZsdvnxY0rhInvUfgw27uY2ziPLO3iTfPJLJ8wx2V3cyxkVWgk+08DHKQz0gwObJA +iAFtWJXSd8kO7mzcNVPgDAgje/7Lf2wlP4GQYO6Ht5RnhzbzIcgHxcK6pJeIS5oA +vDySWASwD66dkdYQUAjYHE2OQnwTjxU907uf1Foaa6yiOFBcQku4NQNdoUDfv+HW +0C5TR2XVcO9UBPTlEGMjMeqhTHs3E3HXKGiFWT7WYtdG9fBhVNoLvZ39eYnWEM8N +svcRUmOKzvoAJbmbZAlH3necl20MeJnfkTx9Nu3D9afYnaw9IJ9BetTON3gXzTtG +wAJjMZ346k9MLvnSLFpD8of15R/jl+RbZ732stOJkbcM5cUj2Lgi7DE44y7BeBT5 +XD5LAUwop30sm4Kxwv9oEyVjzoQPkB24l9YGeEOEIqESZLszZ44Jsh703+9n3Dq9 +wNTn8cXhFYi0Of02Vt4nNiXryBL/zneXgb37qiI= +=8Avy +-----END PGP PUBLIC KEY BLOCK----- diff --git a/gnutls.rpmlintrc b/gnutls.rpmlintrc new file mode 100644 index 0000000..1272ac8 --- /dev/null +++ b/gnutls.rpmlintrc @@ -0,0 +1 @@ +addFilter("hidden-file-or-dir /usr/lib64/.libgnutls.so.30.hmac") diff --git a/gnutls.spec b/gnutls.spec new file mode 100644 index 0000000..a4a23f9 --- /dev/null +++ b/gnutls.spec @@ -0,0 +1,402 @@ +# +# spec file for package gnutls +# +# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2025 Andreas Stieger +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define gnutls_sover 30 +%define gnutlsxx_sover 30 +%define gnutls_dane_sover 0 +# unbound isn't in SLE (bsc#1086428) +%if 0%{?is_opensuse} +%bcond_without dane +%else +%bcond_with dane +%endif +%if 0%{?suse_version} >= 1550 +%bcond_without srp +%else +%bcond_with srp +%endif +# Enable Linux kernel AF_ALG based acceleration +%if 0%{?suse_version} >= 1550 +# disable for now, as our OBS builds do not work with it. Marcus 20220511 +#bcond_without kcapi +%bcond_with kcapi +%else +%bcond_with kcapi +%endif +%bcond_with tpm +%bcond_without leancrypto +Name: gnutls +Version: 3.8.11 +Release: 0 +Summary: The GNU Transport Layer Security Library +License: GPL-3.0-or-later AND LGPL-2.1-or-later +Group: Productivity/Networking/Security +URL: https://www.gnutls.org/ +Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz +Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig +# https://gnutls.org/gnutls-release-keyring.gpg +Source2: https://gnutls.org/gnutls-release-keyring.gpg#/gnutls.keyring +Source3: baselibs.conf +# Suppress a false positive on the .hmac file +Source4: gnutls.rpmlintrc +Patch0: gnutls-3.5.11-skip-trust-store-tests.patch +#PATCH-FIX-SUSE bsc#1176671 FIPS: Add TLS KDF selftest +Patch1: gnutls-FIPS-TLS_KDF_selftest.patch +#PATCH-FIX-SUSE bsc#1211476 FIPS: Skip fixed HMAC verification for nettle, hogweed and gmp +Patch2: gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +#PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy +Patch3: gnutls-FIPS-jitterentropy.patch +%endif +#PATCH-FIX-SUSE jsc#PED-12224 FIPS: Mark SHA1 as unapproved in the SLI +Patch4: gnutls-FIPS-disable-mac-sha1.patch +#PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3 +Patch5: gnutls-FIPS-140-3-references.patch +BuildRequires: autogen +BuildRequires: automake +BuildRequires: datefudge +BuildRequires: fdupes +BuildRequires: gcc-c++ +BuildRequires: gtk-doc +# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present +BuildRequires: iproute2 +BuildRequires: libidn2-devel +BuildRequires: libnettle-devel >= 3.10 +BuildRequires: libtasn1-devel >= 4.9 +BuildRequires: libtool +BuildRequires: libunistring-devel +BuildRequires: makeinfo +BuildRequires: p11-kit-devel >= 0.23.1 +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(autoopts) +BuildRequires: pkgconfig(libbrotlidec) +BuildRequires: pkgconfig(libbrotlienc) +BuildRequires: pkgconfig(libzstd) +BuildRequires: pkgconfig(zlib) +%if %{with kcapi} +BuildRequires: pkgconfig(libkcapi) +%endif +%if %{with leancrypto} +BuildRequires: pkgconfig(leancrypto) +%endif +%if 0%{?suse_version} <= 1320 +BuildRequires: net-tools +%else +BuildRequires: net-tools-deprecated +%endif +%if %{with tpm} +BuildRequires: trousers-devel +%endif +%if %{with dane} +Requires: libgnutls-dane%{gnutls_dane_sover} = %{version} +%if 0%{?suse_version} <= 1320 +BuildRequires: unbound-devel +%else +BuildRequires: libunbound-devel +%endif +%endif +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +BuildRequires: crypto-policies +BuildRequires: jitterentropy-devel >= 3.4.0 +Requires: crypto-policies +Requires: libjitterentropy3 >= 3.4.0 +%endif + +%description +The GnuTLS library provides a secure layer over a reliable transport +layer. Currently the GnuTLS library implements the proposed standards +of the IETF's TLS working group. + +%package -n libgnutls%{gnutls_sover} +Summary: The GNU Transport Layer Security Library +License: LGPL-2.1-or-later +Group: System/Libraries +Provides: libgnutls%{gnutls_sover}-hmac = %{version}-%{release} +Obsoletes: libgnutls%{gnutls_sover}-hmac < %{version}-%{release} +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies +%endif + +%description -n libgnutls%{gnutls_sover} +The GnuTLS library provides a secure layer over a reliable transport +layer. Currently the GnuTLS library implements the proposed standards +of the IETF's TLS working group. + +%package -n libgnutls-dane%{gnutls_dane_sover} +Summary: DANE support for the GNU Transport Layer Security Library +License: LGPL-2.1-or-later +Group: System/Libraries + +%description -n libgnutls-dane%{gnutls_dane_sover} +The GnuTLS project aims to develop a library that provides a secure +layer over a reliable transport layer. +This package contains the "DANE" part of gnutls. + +%package -n libgnutlsxx%{gnutlsxx_sover} +Summary: C++ API for the GNU Transport Layer Security Library +License: LGPL-2.1-or-later +Group: System/Libraries +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies +%endif + +%description -n libgnutlsxx%{gnutlsxx_sover} +The GnuTLS library provides a secure layer over a reliable transport +layer. Currently the GnuTLS library implements the proposed standards +of the IETF's TLS working group. + +%package -n libgnutls-devel +Summary: Development package for the GnuTLS C API +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: gnutls = %{version} +Requires: libgnutls%{gnutls_sover} = %{version} +Provides: gnutls-devel = %{version}-%{release} +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies +%endif + +%description -n libgnutls-devel +Files needed for software development using gnutls. + +%package -n libgnutls-dane-devel +Summary: Development package for GnuTLS DANE component +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +Requires: libgnutls-dane%{gnutls_dane_sover} = %{version} + +%description -n libgnutls-dane-devel +Files needed for software development using gnutls. + +%package -n libgnutls-devel-doc +Summary: Manual and Info pages for libgnutls +License: LGPL-2.1-or-later +BuildArch: noarch + +%description -n libgnutls-devel-doc +Manpages (troff) and GNU Info pages for libgnutls. + +%package -n libgnutlsxx-devel +Summary: Development package for the GnuTLS C++ API +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +Requires: libgnutls-devel = %{version} +Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} +Requires: libstdc++-devel + +%description -n libgnutlsxx-devel +Files needed for software development using gnutls. + +%prep +%autosetup -p1 + +echo "SYSTEM=NORMAL" >> tests/system.prio + +%build +export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro" +export CFLAGS="%{optflags} -fPIE" +export CXXFLAGS="%{optflags} -fPIE" + +autoreconf -fiv + +%configure \ + gl_cv_func_printf_directive_n=yes \ + gl_cv_func_printf_infinite_long_double=yes \ + --disable-static \ + --disable-rpath \ + --disable-gcc-warnings \ + --disable-silent-rules \ + %{?with_kcapi:--enable-afalg} \ + --with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \ + --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \ + --with-default-priority-string="@SYSTEM" \ + --with-sysroot=/%{?_sysroot} \ +%if %{without tpm} + --without-tpm \ +%endif +%if %{with dane} + --with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \ +%else + --disable-libdane \ +%endif +%if %{with srp} + --enable-srp-authentication \ +%endif +%if %{with leancrypto} + --with-leancrypto \ +%else + --without-leancrypto \ +%endif +%ifarch %{ix86} %{arm} + --disable-year2038 \ +%endif + --enable-shared \ + --enable-fips140-mode \ + --with-fips140-module-name="GnuTLS version" \ + --with-fips140-module-version="%{version}-%{release}" \ + --enable-ktls \ + %{nil} + +# Replace python with python3 in cligen/cli-docgen.py +[ -f cligen/cli-docgen.py ] && sed -i "1s@#!.*python.*@#!$(realpath /usr/bin/python3)@" $f cligen/cli-docgen.py + +%make_build + +%install +%make_install + +# Compute the FIPS hmac using the brp-50-generate-fips-hmac script +# export BRP_FIPSHMAC_FILES=%%{buildroot}%%{_libdir}/libgnutls.so.%%{gnutls_sover} + +# the hmac hashes: +# +# this is a hack that re-defines the __os_install_post macro +# for a simple reason: the macro strips the binaries and thereby +# invalidates a HMAC that may have been created earlier. +# solution: create the hashes _after_ the macro runs. +# +# this shows up earlier because otherwise the %%expand of +# the macro is too late. +# remark: This is the same as running +# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' +# Note: The FIPS hmac is now calculated with an internal tool since +# commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed +%{expand:%%global __os_install_post {%__os_install_post + ./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac" + sed -i "s^%{buildroot}/usr^^" "%{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac" +}} + +rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot +# Do not package static libs and libtool files +find %{buildroot} -type f -name "*.la" -delete -print + +# install docs +mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ +cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/ +mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples +cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ + +# PNG files are replaced with the compressed files and that breaks +# deduplication, this is workaround +find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} + +rm -rf %{buildroot}%{_datadir}/doc/gnutls +%fdupes -s %{buildroot}%{_datadir} + +%find_lang libgnutls --all-name + +%check +%if ! 0%{?qemu_user_space_build} +%make_build check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { + find -name test-suite.log -print -exec cat {} + + exit 1 +} + +# Run the regression tests also in forced FIPS mode +GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || { + find -name test-suite.log -print -exec cat {} + + exit 1 +} +%endif + +%ldconfig_scriptlets -n libgnutls%{gnutls_sover} +%ldconfig_scriptlets -n libgnutls-dane%{gnutls_dane_sover} +%ldconfig_scriptlets -n libgnutlsxx%{gnutlsxx_sover} + +%files -f libgnutls.lang +%license COPYING COPYING.LESSERv2 +%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO +%{_bindir}/certtool +%{_bindir}/gnutls-cli +%{_bindir}/gnutls-cli-debug +%{_bindir}/gnutls-serv +%{_bindir}/ocsptool +%{_bindir}/psktool +%{_bindir}/p11tool +%if %{with srp} +%{_bindir}/srptool +%endif +%if %{with dane} +%{_bindir}/danetool +%endif +%if %{with tpm} +%{_bindir}/tpmtool +%endif +%{_mandir}/man1/* + +%files -n libgnutls%{gnutls_sover} +%license COPYING COPYING.LESSERv2 +%{_libdir}/libgnutls.so.%{gnutls_sover}* +%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac + +%if %{with dane} +%files -n libgnutls-dane%{gnutls_dane_sover} +%license COPYING COPYING.LESSERv2 +%{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}* +%endif + +%files -n libgnutlsxx%{gnutlsxx_sover} +%license COPYING COPYING.LESSERv2 +%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* + +%files -n libgnutls-devel +%license COPYING COPYING.LESSERv2 +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/abstract.h +%{_includedir}/%{name}/crypto.h +%{_includedir}/%{name}/compat.h +%{_includedir}/%{name}/dtls.h +%{_includedir}/%{name}/gnutls.h +%{_includedir}/%{name}/openpgp.h +%{_includedir}/%{name}/ocsp.h +%{_includedir}/%{name}/pkcs7.h +%{_includedir}/%{name}/pkcs11.h +%{_includedir}/%{name}/pkcs12.h +%{_includedir}/%{name}/self-test.h +%{_includedir}/%{name}/socket.h +%{_includedir}/%{name}/x509.h +%{_includedir}/%{name}/x509-ext.h +%{_includedir}/%{name}/tpm.h +%{_includedir}/%{name}/system-keys.h +%{_includedir}/%{name}/urls.h +%{_libdir}/libgnutls.so +%{_libdir}/pkgconfig/gnutls.pc + +%files -n libgnutls-devel-doc +%{_mandir}/man3/* +%{_infodir}/*%{ext_info} +%{_docdir}/libgnutls-devel + +%if %{with dane} +%files -n libgnutls-dane-devel +%license COPYING COPYING.LESSERv2 +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/dane.h +%{_libdir}/pkgconfig/gnutls-dane.pc +%{_libdir}/libgnutls-dane.so +%endif + +%files -n libgnutlsxx-devel +%license COPYING COPYING.LESSERv2 +%{_libdir}/libgnutlsxx.so +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/gnutlsxx.h + +%changelog -- 2.51.1

    GNUTLS_FIPS140_DISABLED

    		 +-

    The FIPS140-2 mode is disabled.

    ++

    The FIPS140-3 mode is disabled.

    +     		 

    GNUTLS_FIPS140_LAX

    		 +-

    The library still uses the FIPS140-2 relevant algorithms but all +-forbidden by FIPS140-2 operations are allowed; this is useful when the ++

    The library still uses the FIPS140-3 relevant algorithms but all ++forbidden by FIPS140-3 operations are allowed; this is useful when the + application is aware of the followed security policy, and needs + to utilize disallowed operations for other reasons (e.g., compatibility).

    +