File _patchinfo of Package patchinfo.36178

<patchinfo incident="36178">
  <issue tracker="bnc" id="1226724">[FIPS 140-3][GNUTLS] adapt hmacs</issue>
  <issue tracker="bnc" id="1227642">[FIPS 140-3][GNUTLS] remove sha1</issue>
  <issue tracker="bnc" id="1230166">[FIPS 140-3l[GNUTLS] Missing SLI usage in hashes</issue>
  <issue tracker="bnc" id="1226731">[FIPS 140-3][GNUTLS] disable noncompliant ciphers and key lengths</issue>
  <issue tracker="bnc" id="1226733">[FIPS 140-3][GNUTLS] full hash+sign required</issue>
  <issue tracker="bnc" id="1227670">[FIPS 140-3][GNUTLS] only rsa with at least 2048 bits</issue>
  <issue tracker="bnc" id="1227671">[FIPS 140-3][GNUTLS] remove code</issue>
  <issue tracker="bnc" id="1227669">[FIPS 140-3][GNUTLS] deactivate P-192</issue>
  <packager>ayankov</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for gnutls</summary>
  <description>This update for gnutls fixes the following issues:

- FIPS: Do not allow curve P-192 for signature or keypair verification [bsc#1227669]
- FIPS: Allow to perform the integrity check with the hmac provided by each library [bsc#1226724]
- FIPS: Mark gnutls_hash_fast operations as approved in SLI. [bsc#1230166]
- FIPS: Run pairwise consistency test only in FIPS mode. [bsc#1226733]
- FIPS: Use full hash+sign operations, not low level primitives in PCT test. [bsc#1226733]
- FIPS: Mark SHA1 as not allowed for signature verification in both RSA and ECDSA sigVer. [bsc#1227642]
- FIPS: Allow RSA signature verification with min of 2048 bit modulus. [bsc#1227670]
- FIPS: Remove not needed DSA in selfchecks in FIPS mode. [bsc#1227671, bsc#1226731]
</description>
</patchinfo>