rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

Accepting request 811391 from home:vitezslav_cizek:branches:security:tls

Browse Source 
- Update to 3.6.14
  * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
    The TLS server would not bind the session ticket encryption key with a
    value supplied by the application until the initial key rotation, allowing
    attacker to bypass authentication in TLS 1.3 and recover previous
    conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
    [GNUTLS-SA-2020-06-03, CVSS: high]
  * libgnutls: Fixed handling of certificate chain with cross-signed
    intermediate CA certificates (#1008). (bsc#1172461)
  * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
  * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
    (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
    Key Identifier (AKI) properly (#989, #991).
  * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
  * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
    Also both accelerated and non-accelerated implementations check key block
    according to FIPS-140-2 IG A.9 (!1233).
  * libgnutls: Added support for AES-SIV ciphers (#463).
  * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
  * libgnutls: No longer use internal symbols exported from Nettle (!1235)
  * API and ABI modifications:
    GNUTLS_CIPHER_AES_128_SIV: Added
    GNUTLS_CIPHER_AES_256_SIV: Added
    GNUTLS_CIPHER_AES_192_GCM: Added
    gnutls_pkcs7_print_signature_info: Added
- Add key D605848ED7E69871: public key "Daiki Ueno <ueno@unixuser.org>" to
  the keyring
- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/811391
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=34
This commit is contained in:
Tomáš Chvátal
2020-06-04 11:03:13 +00:00
committed by Git OBS Bridge
parent e21a7d8076
commit 8169157125
8 changed files with 567 additions and 519 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls.spec
View File

@@ -28,7 +28,7 @@
%bcond_with tpm
%bcond_without guile
Name: gnutls
Version: 3.6.13
Version: 3.6.14
Release: 0
Summary: The GNU Transport Layer Security Library
License: LGPL-2.1-or-later AND GPL-3.0-or-later
@@ -39,7 +39,6 @@ Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.x
Source2: %{name}.keyring
Source3: baselibs.conf
Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
Patch2: gnutls-fips_correct_nettle_soversion.patch
Patch4: gnutls-3.6.6-set_guile_site_dir.patch
BuildRequires: autogen
BuildRequires: automake