forked from pool/gnutls
Accepting request 769931 from security:tls
OBS-URL: https://build.opensuse.org/request/show/769931 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=122
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
5f3d031265
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:fbba12f3db9a55dbf027e14111755817ec44b57eabec3e8089aac8ac6f533cf8
|
|
||||||
size 5902328
|
|
||||||
Binary file not shown.
3
gnutls-3.6.12.tar.xz
Normal file
3
gnutls-3.6.12.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:bfacf16e342949ffd977a9232556092c47164bd26e166736cf3459a870506c4b
|
||||||
|
size 5942064
|
||||||
BIN
gnutls-3.6.12.tar.xz.sig
Normal file
BIN
gnutls-3.6.12.tar.xz.sig
Normal file
Binary file not shown.
@ -1,3 +1,49 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 4 09:49:44 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
|
||||||
|
|
||||||
|
- gnutls 3.6.12
|
||||||
|
* libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
|
||||||
|
to identify sessions that client request OCSP status request (#829).
|
||||||
|
* libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
|
||||||
|
signature algorithm (RFC 8032) under TLS (#86).
|
||||||
|
* libgnutls: Added the default-priority-string option to system configuration;
|
||||||
|
it allows overriding the compiled-in default-priority-string.
|
||||||
|
* libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
|
||||||
|
draft-smyshlyaev-tls12-gost-suites-07).
|
||||||
|
By default this ciphersuite is disabled. It can be enabled by adding
|
||||||
|
+GOST to priority string. In the future this priority string may enable
|
||||||
|
other GOST ciphersuites as well. Note, that server will fail to negotiate
|
||||||
|
GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
|
||||||
|
is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
|
||||||
|
are enabled on GnuTLS-based servers.
|
||||||
|
* libgnutls: added priority shortcuts for different GOST categories like
|
||||||
|
CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
|
||||||
|
* libgnutls: Reject certificates with invalid time fields. That is we reject
|
||||||
|
certificates with invalid characters in Time fields, or invalid time formatting
|
||||||
|
To continue accepting the invalid form compile with --disable-strict-der-time
|
||||||
|
* libgnutls: Reject certificates which contain duplicate extensions. We were
|
||||||
|
previously printing warnings when printing such a certificate, but that is
|
||||||
|
not always sufficient to flag such certificates as invalid. Instead we now
|
||||||
|
refuse to import them (#887).
|
||||||
|
* libgnutls: If a CA is found in the trusted list, check in addition to
|
||||||
|
time validity, whether the algorithms comply to the expected level prior
|
||||||
|
to accepting it. This addresses the problem of accepting CAs which would
|
||||||
|
have been marked as insecure otherwise (#877).
|
||||||
|
* libgnutls: The min-verification-profile from system configuration applies
|
||||||
|
for all certificate verifications, not only under TLS. The configuration can
|
||||||
|
be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.
|
||||||
|
* libgnutls: The stapled OCSP certificate verification adheres to the convention
|
||||||
|
used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.
|
||||||
|
* libgnutls: On client side only send OCSP staples if they have been requested
|
||||||
|
by the server, and on server side always advertise that we support OCSP stapling
|
||||||
|
* libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
|
||||||
|
with gnutls_ocsp_req_t but const.
|
||||||
|
* certtool: Added the --verify-profile option to set a certificate
|
||||||
|
verification profile. Use '--verify-profile low' for certificate verification
|
||||||
|
to apply the 'NORMAL' verification profile.
|
||||||
|
* certtool: The add_extension template option is considered even when generating
|
||||||
|
a certificate from a certificate request.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 3 19:34:20 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
Tue Dec 3 19:34:20 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package gnutls
|
# spec file for package gnutls
|
||||||
#
|
#
|
||||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2020 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -28,7 +28,7 @@
|
|||||||
%bcond_with tpm
|
%bcond_with tpm
|
||||||
%bcond_without guile
|
%bcond_without guile
|
||||||
Name: gnutls
|
Name: gnutls
|
||||||
Version: 3.6.11.1
|
Version: 3.6.12
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The GNU Transport Layer Security Library
|
Summary: The GNU Transport Layer Security Library
|
||||||
License: LGPL-2.1-or-later AND GPL-3.0-or-later
|
License: LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user