Pedro Monreal Gonzalez
f82cc71bfb
- libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
- libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
- libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
- libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243
- Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2
* Rebased gnutls-FIPS-140-3-references.patch
* Rebased gnutls-FIPS-TLS_KDF_selftest.patch
* Rebased gnutls-FIPS-jitterentropy.patch
* Rebased gnutls-disable-flaky-test-dtls-resume.patch
* Rebased gnutls-srp-test-SIGPIPE.patch
* Rebased gnutls-3.5.11-skip-trust-store-tests.patch
* Add gnutls-set-cligen-python-interp.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=119
32 lines
927 B
Diff
32 lines
927 B
Diff
From: Andreas Stieger <astieger@suse.com>
|
|
Date: Thu, 18 May 2017 10:31:42 +0200
|
|
References: https://build.opensuse.org/request/show/493998
|
|
Upstream: never
|
|
|
|
trust-store test added in
|
|
https://gitlab.com/gnutls/gnutls/commit/8d740ae87fae9c1237421dd24825b78103c5da36
|
|
need ca-certificates-mozilla to run.
|
|
|
|
[ 242s] FAIL: trust-store
|
|
[ 242s] =================
|
|
[ 242s]
|
|
[ 242s] doit:64: no certificates were found in system trust store!
|
|
[ 242s] FAIL trust-store (exit status: 1)
|
|
|
|
But this would create a build cycle. Skip test.
|
|
|
|
Index: gnutls-3.8.9/tests/trust-store.c
|
|
===================================================================
|
|
--- gnutls-3.8.9.orig/tests/trust-store.c
|
|
+++ gnutls-3.8.9/tests/trust-store.c
|
|
@@ -42,6 +42,9 @@ static void tls_log_func(int level, cons
|
|
|
|
void doit(void)
|
|
{
|
|
+ /* building without ca-certificates-mozilla, skip test */
|
|
+ exit(77);
|
|
+
|
|
gnutls_certificate_credentials_t x509_cred;
|
|
int ret;
|
|
|