forked from pool/gnutls
Accepting request 236129 from Base:System
- Version 3.2.15 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730) ** libgnutls: Several memory leaks caused by error conditions were fixed. The leaks were identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** gnutls-cli: if dane is requested but not PKIX verification, then only do verify the end certificate. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. - Version 3.2.14 (released 2014-05-06) ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. OBS-URL: https://build.opensuse.org/request/show/236129 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=74
This commit is contained in:
Stephan Kulow
committed by
Git OBS Bridge
Git OBS Bridge
parent
46f6ba47ef
commit
b0904801b3
@@ -1,3 +1,42 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 3 07:48:04 UTC 2014 - meissner@suse.com
|
||||
|
||||
- Version 3.2.15 (released 2014-05-30)
|
||||
|
||||
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
|
||||
Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
|
||||
** libgnutls: Several memory leaks caused by error conditions were
|
||||
fixed. The leaks were identified using valgrind and the Codenomicon
|
||||
TLS test suite.
|
||||
** libgnutls: Increased the maximum certificate size buffer
|
||||
in the PKCS #11 subsystem.
|
||||
** libgnutls: Check the return code of getpwuid_r() instead of relying
|
||||
on the result value. That avoids issue in certain systems, when using
|
||||
tofu authentication and the home path cannot be determined. Issue reported
|
||||
by Viktor Dukhovni.
|
||||
** gnutls-cli: if dane is requested but not PKIX verification, then
|
||||
only do verify the end certificate.
|
||||
** ocsptool: Include path in ocsp request. This resolves #108582
|
||||
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
|
||||
|
||||
- Version 3.2.14 (released 2014-05-06)
|
||||
** libgnutls: Fixed issue with the check of incoming data when two
|
||||
different recv and send pointers have been specified. Reported and
|
||||
investigated by JMRecio.
|
||||
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
|
||||
result to illegal memory access if a server hint was provided.
|
||||
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
|
||||
server hint was provided.
|
||||
** libgnutls: Several small bug fixes identified using valgrind and
|
||||
the Codenomicon TLS test suite.
|
||||
** libgnutls: Several small bug fixes found by coverity.
|
||||
** libgnutls-dane: Accept a certificate using DANE if there is at least one
|
||||
entry that matches the certificate. Patch by simon [at] arlott.org.
|
||||
** configure: Added --with-nettle-mini option, which allows linking
|
||||
with a libnettle that contains gmp.
|
||||
** certtool: The ECDSA keys generated by default use the SECP256R1 curve
|
||||
which is supported more widely than the previously used SECP224R1.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 25 14:08:46 UTC 2014 - citypw@gmail.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user