gnutls

rpm/gnutls

SHA256

Fork 0

forked from pool/gnutls

Commit Graph

Author	SHA256	Message	Date
Tomáš Chvátal	1c961377a9	Accepting request 832939 from home:vitezslav_cizek:branches:security:tls - Update to 3.6.15 * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. [GNUTLS-SA-2020-09-04, CVSS: medium] * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now indicates that with a false return value (!1306). * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked accordingly to SP800-56A rev 3 (!1295, !1299). * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than the size of the internal base64 blob (#1025). * libgnutls: Certificate verification failue due to OCSP must-stapling is not honered is now correctly marked with the GNUTLS_CERT_INVALID flag * libgnutls: The audit log message for weak hashes is no longer printed twice * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is disabled in the priority string. Previously, even when TLS 1.2 is explicitly disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is enabled (#1054). - drop upstreamed patches: * gnutls-detect_nettle_so.patch * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch OBS-URL: https://build.opensuse.org/request/show/832939 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=39	2020-09-08 11:31:26 +00:00
Dominique Leuenberger	74bc5eea8e	Accepting request 496936 from Base:System - skip trust-store tests to avoid build cycle with ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch (forwarded request 495815 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/496936 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=100	2017-05-20 12:31:57 +00:00

Author

SHA256

Message

Date

Tomáš Chvátal

1c961377a9

Accepting request 832939 from home:vitezslav_cizek:branches:security:tls

- Update to 3.6.15
 * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
   [GNUTLS-SA-2020-09-04, CVSS: medium]
 * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
   indicates that with a false return value (!1306).
 * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
   accordingly to SP800-56A rev 3 (!1295, !1299).
 * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
   the size of the internal base64 blob (#1025).
 * libgnutls: Certificate verification failue due to OCSP must-stapling is not
   honered is now correctly marked with the GNUTLS_CERT_INVALID flag
 * libgnutls: The audit log message for weak hashes is no longer printed twice
 * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
   disabled in the priority string. Previously, even when TLS 1.2 is explicitly
   disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
   enabled (#1054).
- drop upstreamed patches:
  * gnutls-detect_nettle_so.patch
  * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch

OBS-URL: https://build.opensuse.org/request/show/832939
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=39

2020-09-08 11:31:26 +00:00

Dominique Leuenberger

74bc5eea8e

Accepting request 496936 from Base:System

- skip trust-store tests to avoid build cycle with
  ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch (forwarded request 495815 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/496936
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=100

2017-05-20 12:31:57 +00:00

2 Commits