------------------------------------------------------------------- Wed May 21 16:32:26 CEST 2008 - mkoenig@suse.de - fix three security bugs [bnc#392947] CVE-2008-1948 GNUTLS-SA-2008-1-1 Fix crash when sending invalid server name CVE-2008-1949 GNUTLS-SA-2008-1-2 Fix crash when sending repeated client hellos CVE-2008-1950 GNUTLS-SA-2008-1-3 Fix crash in cipher padding decoding for invalid record lengths ------------------------------------------------------------------- Thu May 8 14:17:41 CEST 2008 - mkoenig@suse.de - fix build ------------------------------------------------------------------- Tue Apr 29 17:43:46 CEST 2008 - cthiel@suse.de - obsolete gnutls- via baselibs.conf ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Apr 3 17:40:32 CEST 2008 - mkoenig@suse.de - update to version 2.2.2 * Cipher priority string handling now handle strings that starts with NULL * Corrected memory leaks in session resuming and DHE ciphersuites * Increased the default certificate verification chain limits and allowed for checks without limitation * Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size ------------------------------------------------------------------- Thu Jan 31 11:12:46 CET 2008 - mkoenig@suse.de - update to version 2.2.1 * Fixes the post_client_hello_function() * Fix for certificate selection in servers with certificate callbacks * certtool: Fixed data corruption when using --outder * TLS authorization support removed. * Corrected bug which did not allow a server to run without supporting certificates * Introduced gnutls_session_enable_compatibility_mode() * Added gnutls_record_disable_padding() to allow servers talking to buggy clients * Fixed PKCS #3 parameter export * Added support for Camellia cipher * certtool: Add option --quick-random * Added capability to set a callback after the client hello is received by the server in order to adjust parameters before the handshake * certtool: Fixed data corruption when using --outder * SRP was corrected to adhere to the latest draft * Updated the DN parser * Added support for DSA2 using libgcrypt 1.3.0 * Removed all the trustdb code from openpgp authentication. We now use only the well-specified keyrings * The gnutls_certificate_set_openpgp_* functions were modified to include the format. This makes the interface consistent with the x509 functions * Introduced gnutls_session_enable_compatibility_mode() * Added gnutls_set_default_priority2() * Added priority functions that accept strings * certtool: Add option --disable-quick-random to enable the old behaviour of using /dev/random to generate keys * Added the --v1 option to certtool, to allow generating X.509 version 1 certificates * Fix PKCS#3 parameter export problem * Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM * gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted private keys * Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code * Added the --to-p8 option to certtool to convert private keys to PKCS #8 keys * Corrected bug in decompression of expanded compression data * The gnutls_*_convert_priority() functions were deprecated * gnutls-cli and gnutls-serv now have a --priority option * PKCS #8 parser can now encode/decode DSA keys * Corrected a segfault when setting an empty gnutls_priority_t at gnutls_priority_set() * Added gnutls_x509_crt_get_subject_alt_name2() * The GPL version has been changed from version 2 to version 3. This affects the self-tests, command-line tools, the libgnutls-extra library, the relevant guile parts, and the build environment - API and ABI modifications, library soname switch from 13 to 26 - change package structure: * branch off libgnutls-extra since this is now GPLv3 or later while libgnutls remains LGPLv2.1 or later * gnutls license change to GPLv3 - build without lzo support to avoid license problems since lzo is currently GPLv2 only - removed merged patches: gnutls-fix_size_t.patch ------------------------------------------------------------------- Tue Oct 23 13:59:25 CEST 2007 - mkoenig@suse.de - update to version 2.0.1 - change package layout to conform shlib policy: rename gnutls-devel -> libgnutls-devel new subpackage libgnutls13 - removed patches: gnutls-1.4.4-sign-callback.patch gnutls-1.6.1-compiler_warnings.patch ------------------------------------------------------------------- Thu Aug 30 12:35:34 CEST 2007 - mkoenig@suse.de - fix srptool [#208227] - fix some compiler warnings ------------------------------------------------------------------- Fri Aug 3 13:54:37 CEST 2007 - hvogel@suse.de - Some additions for evolution smart card support ------------------------------------------------------------------- Thu May 10 17:21:59 CEST 2007 - mkoenig@suse.de - Fix segfault on s390x [#97441] gnutls-fix_size_t.patch ------------------------------------------------------------------- Tue Jan 23 17:29:00 CET 2007 - mkoenig@suse.de - update to new stable branch 1.6.1: * Fix the list of trusted CAs that server's send to clients. * Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. * Encode UID fields in DN's as DirectoryString. * Fix ./configure failure with non-GCC compilers. * A GnuTLS C++ library is part of the official distribution. * New APIs for custom push/pull function error reporting. ------------------------------------------------------------------- Tue Oct 24 19:08:36 CEST 2006 - mkoenig@suse.de - move developer related docs to devel package and remove binary stuff from docs [#212454] ------------------------------------------------------------------- Tue Sep 19 11:06:39 CEST 2006 - mkoenig@suse.de - update to version 1.4.4: * bugfix release * fixes security vulnerability [#206636] (CVE-2006-4790) ------------------------------------------------------------------- Thu Aug 31 17:40:43 CEST 2006 - mkoenig@suse.de - update to new stable branch 1.4.1: * The command line tools now use getaddrinfo and support IPv6. * gnutls-cli can now recognize services and port numbers with the -p option. * Error messages are now translated using GNU Gettext. * GnuTLS now support TLS Inner application (TLS/IA). * API and ABI modifications: + Support for DHE-PSK cipher suites has been added. + Removed the RIPEMD ciphersuites. + Remove GnuTLS 0.8.x compatibility functions. + Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. + Certtool now generate keys in unencrypted PKCS#8 format for empty passwords. + Certtool now accept --password for --key-info and encrypted PKCS#8 keys. + gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys, + New function to set a X.509 private key and certificate pairs, and/or CRLs, from an PKCS#12 file. + New APIs to acceess the client and server random fields in a session. + New APIs to access the TLS Pseudo-Random-Function (PRF). + New API to access the TLS master secret. + The function gnutls_x509_crt_to_xml now return an internal error. * Several bugfixes: + Corrected a bug in certtool for 64 bit machines. + Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly. + Fix crash in TLS resume code, caused by TLS/IA changes. + Corrected bugs in gnutls_certificate_set_x509_crl() and gnutls_certificate_set_x509_trust(). + Fixed bug in non-blocking gnutls_bye(). + Fix read of out bounds bug in DER parser. + Fixed bug in OpenPGP authentication handshake. ------------------------------------------------------------------- Sat Feb 18 00:18:33 CET 2006 - ro@suse.de - cleanup doc directory (.deps,.libs) ------------------------------------------------------------------- Fri Feb 10 13:01:55 CET 2006 - hvogel@suse.de - Update to version 1.2.10. This release fixes several serious bugs that would make the DER decoder in libtasn1 crash on invalid input [#149897]. Including: * Corrected a bug in certtool for 64 bit machines. * Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly * Corrected bugs in gnutls_certificate_set_x509_crl() and gnutls_certificate_set_x509_trust(), that caused memory corruption if more than one certificates were added. * Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no longer invalidate a session if the underlying send fails, but it will prevent future writes. ------------------------------------------------------------------- Wed Jan 25 21:36:17 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Dec 20 15:04:31 CET 2005 - ro@suse.de - do not package /usr/share/info/dir ------------------------------------------------------------------- Fri Dec 9 14:26:44 CET 2005 - hvogel@suse.de - update to version 1.2.9 ------------------------------------------------------------------- Tue Oct 25 13:50:11 CEST 2005 - hvogel@suse.de - update to version 1.2.8 ------------------------------------------------------------------- Mon Aug 22 12:12:39 CEST 2005 - hvogel@suse.de - fix data type comparison [Bug #104617] ------------------------------------------------------------------- Sun Jul 3 16:06:29 CEST 2005 - hvogel@suse.de - update to version 1.2.5 ------------------------------------------------------------------- Wed Jun 29 10:30:02 CEST 2005 - hvogel@suse.de - patch from mrueckert to use external lzo again ------------------------------------------------------------------- Thu Jun 23 16:17:31 CEST 2005 - hvogel@suse.de - use %install_info/%install_info_delete ------------------------------------------------------------------- Tue Jun 7 12:50:53 CEST 2005 - hvogel@suse.de - update to version 1.2.4 ------------------------------------------------------------------- Fri Jun 3 01:13:12 CEST 2005 - ro@suse.de - fix specfile (don't apply non-existant patch1) ------------------------------------------------------------------- Thu Jun 2 18:03:17 CEST 2005 - hvogel@suse.de - use included minilzo ------------------------------------------------------------------- Wed May 25 13:09:39 CEST 2005 - hvogel@suse.de - Update to version 1.2.3 (fixes gnutls DOS Bug #83481) - Include defines.h before gnutls.h, to pull in config.h, to make sure memmem.h prototype memmem properly ------------------------------------------------------------------- Sat Jan 29 23:42:13 CET 2005 - hvogel@suse.de - Update to version 1.2.0 ------------------------------------------------------------------- Wed Jan 19 20:43:20 CET 2005 - hvogel@suse.de - update to version 1.1.23 - get rid of prebuild html/ps docu again, the devel packages has man-pages now ------------------------------------------------------------------- Mon Dec 13 20:07:38 CET 2004 - hvogel@suse.de - update to version 1.0.23 - make build of postscript/html docu configureable ------------------------------------------------------------------- Sat Oct 23 19:41:07 CEST 2004 - hvogel@suse.de - move config script to the devel package ------------------------------------------------------------------- Thu Oct 14 17:08:56 CEST 2004 - hvogel@suse.de - Update to version 1.0.21 ------------------------------------------------------------------- Tue Sep 28 18:04:28 CEST 2004 - hvogel@suse.de - add doc subpackage with prebuild html/ps docu (Bug #44496) ------------------------------------------------------------------- Mon Sep 27 14:38:19 CEST 2004 - hvogel@suse.de - fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035) ------------------------------------------------------------------- Tue Aug 31 14:13:40 CEST 2004 - kukuk@suse.de - Update to version 1.0.20 ------------------------------------------------------------------- Mon Aug 30 14:22:43 CEST 2004 - kukuk@suse.de - Add libopencdk-devel to neededforbuild ------------------------------------------------------------------- Thu Jul 15 18:54:57 CEST 2004 - hvogel@suse.de - add libgcrypt-devel and lipgpg-error-devel to nfb ------------------------------------------------------------------- Wed May 19 14:58:13 CEST 2004 - hvogel@suse.de - update to version 1.0.13 ------------------------------------------------------------------- Fri May 14 08:48:26 CEST 2004 - mmj@suse.de - Add C++ compiler to build - Don't remove buildroot when installing ------------------------------------------------------------------- Mon Mar 1 18:44:58 CET 2004 - hvogel@suse.de - update to version 1.0.8 ------------------------------------------------------------------- Tue Feb 17 15:57:15 CET 2004 - hvogel@suse.de - update to version 1.0.6 - fix autoconf quotations ------------------------------------------------------------------- Wed May 14 18:31:12 CEST 2003 - schubi@suse.de - initial; Sourcecode received from XIMIAN