- Update to version 3.7.6:
* libgnutls: Fixed invalid write when gnutls_realloc_zero() is
called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc.
* Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed
upstream.
- Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory
corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367,
boo#1199929).
- update to 3.7.5:
* add options disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy
* For TLS 1.3 where session tickets do provide forward secrecy,
the PFS priority string now only disables session tickets in
TLS 1.2.
* Future backward incompatibility: in the next major release of
GnuTLS those flag and modifier are planned to be removed
* gnutls-cli, gnutls-serv: Channel binding for printing
information has been changed from tls-unique to tls-exporter
as tls-unique is not supported in TLS 1.3.
* Certificate sanity checks has been enhanced to make gnutls
more RFC 5280 compliant:
* Removed 3DES from FIPS approved algorithms
* Optimized support for AES-SIV-CMAC algorithms
* libgnutls: HKDF and AES-GCM algorithms are now approved in
FIPS-140 mode when used in TLS
OBS-URL: https://build.opensuse.org/request/show/979523
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=67
- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
* The IG 10.3.A and SP800-132 require some minimum parameters for
the salt length, password length and iteration count. These
parameters should be also used in the KAT.
* Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
- Enable to run the regression tests also in FIPS mode.
* Add gnutls-FIPS-disable-failing-tests.patch
OBS-URL: https://build.opensuse.org/request/show/964661
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=61
