rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity
119 Commits 2 Branches 0 Tags
Commit Graph

5 Commits

Author SHA256 Message Date
Vítězslav Čížek
bdab2e0cbb Accepting request 691550 from home:jsikes:branches:security:tls 
Forgot changelog entry.

OBS-URL: https://build.opensuse.org/request/show/691550
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=19
 2019-04-04 14:11:38 +00:00
Tomáš Chvátal
6e5080fb38 Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 
- Update to 3.6.5
  ** libgnutls: Provide the option of transparent re-handshake/reauthentication
     when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
  ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
  ** libgnutls: The priority functions will ignore and not enable TLS1.3 if
     requested with legacy TLS versions enabled but not TLS1.2. That is because
     if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
     servers which do not support TLS1.3 will negotiate TLS1.2 which will be
     rejected by the client as disabled (#621).
  ** libgnutls: Change RSA decryption to use a new side-channel silent function.
     This addresses a security issue where memory access patterns as well as timing
     on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
     attacks. Side-channel resistant code is slower due to the need to mask
     access and timings. When used in TLS the new functions cause RSA based
     handshakes to be between 13% and 28% slower on average (Numbers are indicative,
     the tests where performed on a relatively modern Intel CPU, results vary
     depending on the CPU and architecture used). This change makes nettle 3.4.1
     the minimum requirement of gnutls (#630). [CVSS: medium]
  ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
     in the priority string. It is only accepted as legacy option and is ignored.
  ** libgnutls: Added support for EdDSA under PKCS#11 (#417)
  ** libgnutls: Added support for AES-CFB8 cipher (#357)
  ** libgnutls: Added support for AES-CMAC MAC (#351)
  ** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
       have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
     S-BOXes). They are fixed now.
  ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
     keys parsing, as specified in R 50.1.112-2016.
  ** gnutls-serv: It applies the default settings when no --priority option is given,
     using gnutls_set_default_priority().

OBS-URL: https://build.opensuse.org/request/show/662795
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=16
 2019-01-04 13:39:42 +00:00
Tomáš Chvátal
65aedfc27d Accepting request 636362 from home:Andreas_Schwab:Factory 
- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
  test/Makefile.in as autoreconf does not work

OBS-URL: https://build.opensuse.org/request/show/636362
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=8
 2018-09-18 10:23:08 +00:00
Dominique Leuenberger
a4e4513bc5 Accepting request 591143 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/591143
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=109
 2018-03-30 09:56:05 +00:00
Dominique Leuenberger
ca879abd51 Accepting request 528289 from Base:System 
1

OBS-URL: https://build.opensuse.org/request/show/528289
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=104
 2017-09-25 11:50:29 +00:00