- Version 3.2.15 (released 2014-05-30)
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon. (CVE-2014-3466 / bnc#880730)
** libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.
** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
** gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.
** ocsptool: Include path in ocsp request. This resolves#108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
- Version 3.2.14 (released 2014-05-06)
** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
** libgnutls: Several small bug fixes found by coverity.
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
OBS-URL: https://build.opensuse.org/request/show/236129
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=74
