- Update to 3.8.5:
* libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option 'allow-rsa-pkcs1-encrypt'
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
* libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
* libgnutls: A couple of memory related issues have been fixed in
RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA
with earlier versions of GMP. These were a regression introduced
in the 3.8.4 release. See #1535 and !1827.
* build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
* API and ABI modifications:
- GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of
gnutls_pkcs_encrypt_flags_t
* Rebase patches:
- gnutls-FIPS-TLS_KDF_selftest.patch
- gnutls-FIPS-140-3-references.patch
OBS-URL: https://build.opensuse.org/request/show/1165440
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=109
Pedro Monreal Gonzalez
ea12736003