- Update to 3.7.7:
* libgnutls: Fixed double free during verification of pkcs7
signatures. CVE-2022-2509
* libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument
less than or equal to 255 times hash digest size, to comply with
RFC 5869 2.3.
* libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters
* libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
* libgnutls: New block cipher functions have been added to
transparently handle padding. gnutls_cipher_encrypt3 and
gnutls_cipher_decrypt3 can be used in combination of
GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove
padding if the length of the original plaintext is not a multiple
of the block size.
* libgnutls: New function for manual FIPS self-testing.
* API and ABI modifications:
- gnutls_fips140_run_self_tests: New function
- gnutls_cipher_encrypt3: New function
- gnutls_cipher_decrypt3: New function
- gnutls_cipher_padding_flags_t: New enum
* guile: Guile 1.8 is no longer supported
* guile: Session record port treats premature termination as EOF Previously,
a 'gnutls-error' exception with the 'error/premature-termination' value
would be thrown while reading from a session record port when the
underlying session was terminated prematurely. This was inconvenient
since users of the port may not be prepared to handle such an exception.
Reading from the session record port now returns the end-of-file object
instead of throwing an exception, just like it would for a proper
OBS-URL: https://build.opensuse.org/request/show/991873
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=69
