rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity
110 Commits 2 Branches 0 Tags 14 MiB
Standard ML 100%
6e5080fb38
Go to file
Tomáš Chvátal 6e5080fb38 Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 
- Update to 3.6.5
  ** libgnutls: Provide the option of transparent re-handshake/reauthentication
     when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
  ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
  ** libgnutls: The priority functions will ignore and not enable TLS1.3 if
     requested with legacy TLS versions enabled but not TLS1.2. That is because
     if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
     servers which do not support TLS1.3 will negotiate TLS1.2 which will be
     rejected by the client as disabled (#621).
  ** libgnutls: Change RSA decryption to use a new side-channel silent function.
     This addresses a security issue where memory access patterns as well as timing
     on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
     attacks. Side-channel resistant code is slower due to the need to mask
     access and timings. When used in TLS the new functions cause RSA based
     handshakes to be between 13% and 28% slower on average (Numbers are indicative,
     the tests where performed on a relatively modern Intel CPU, results vary
     depending on the CPU and architecture used). This change makes nettle 3.4.1
     the minimum requirement of gnutls (#630). [CVSS: medium]
  ** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
     in the priority string. It is only accepted as legacy option and is ignored.
  ** libgnutls: Added support for EdDSA under PKCS#11 (#417)
  ** libgnutls: Added support for AES-CFB8 cipher (#357)
  ** libgnutls: Added support for AES-CMAC MAC (#351)
  ** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
       have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
     S-BOXes). They are fixed now.
  ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
     keys parsing, as specified in R 50.1.112-2016.
  ** gnutls-serv: It applies the default settings when no --priority option is given,
     using gnutls_set_default_priority().

OBS-URL: https://build.opensuse.org/request/show/662795
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=16
2019-01-04 13:39:42 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=1 2007-01-15 23:15:20 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=1 2007-01-15 23:15:20 +00:00
baselibs.conf Accepting request 295655 from Base:System 2015-04-18 08:38:18 +00:00
disable-psk-file-test.patch Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 2019-01-04 13:39:42 +00:00
gnutls-3.5.11-skip-trust-store-tests.patch Accepting request 496936 from Base:System 2017-05-20 12:31:57 +00:00
gnutls-3.6.0-disable-flaky-dtls_resume-test.patch Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 2019-01-04 13:39:42 +00:00
gnutls-3.6.5.tar.xz Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 2019-01-04 13:39:42 +00:00
gnutls-3.6.5.tar.xz.sig Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 2019-01-04 13:39:42 +00:00
gnutls-enbale-guile-2.2.patch Accepting request 652449 from home:jbrielmaier:guile2.2 2018-11-28 14:42:02 +00:00
gnutls.changes Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 2019-01-04 13:39:42 +00:00
gnutls.keyring Accepting request 587401 from Base:System 2018-03-16 09:33:36 +00:00
gnutls.spec Accepting request 662795 from home:vitezslav_cizek:branches:security:tls 2019-01-04 13:39:42 +00:00