File ktls-utils.changes of Package ktls-utils
-------------------------------------------------------------------
Fri Mar 27 15:39:48 UTC 2026 - Ales Novak <alnovak@suse.com>
- Update to version 0.10+186.ge65f3b6:
* tlshd: Send fatal alert to client when there are server config issues
* tlshd: Fix session leak on error paths in x509 server handshake
* tlshd: Fix the error in kernel capability probe
* tlshd: Add extensible kernel capability detection
* tlshd: Implement atomic reload of TLS session tags
* tlshd: Add handshake tags to the DONE command
* tlshd: Update netlink.h
* tlshd: Match ingress certificates with defined TLS session tags
* tlshd: Add parsing for tag definitions
* tlshd: Parse filter definitions
* tlshd: Add a YAML parser
* tlshd: Add tag filter types
* tlshd: man update for TLS session tags
* tlshd: Add init/shutdown hooks for the session tagging subsystem
* tlshd: Add a SIGHUP handler
* tlshd: use gnutls_handshake_write() for Session Ticket processing in quic
* tlshd: support setting the record size limit
* tlshd: set conn errcode to EACCES on GnuTLS failure in QUIC handshake
* tlshd: leave session_status as EIO on GnuTLS failure in QUIC session setup
* tlshd: Add kernel's quic.h
* tlshd: fix priority cache initialization
* tlshd: Clean up logic in tlshd_start_tls_handshake()
* tlshd: Restore the date in tlshd.conf(5)
* tlshd: Relocate /etc/tlshd.conf
* Remove TLS_DEFAULT_PRIORITIES
* Remove the parms::msg_status field
* tlshd: Kernel should not parse incoming client certificates
* tlshd: Client-side dual certificate support
* tlshd: Server-side dual certificate support
* tlshd: Fix priority string to allow PQC
* tlshd: deduplicate client and server config functions
* netlink: Handle SIGTERM like SIGINT
* netlink: Introduce event loop and use signalfd to catch signals
* tlshd: Dynamically allocate hostname
* tlshd: Convert parms->peeraddr to a presentation address
* tlshd: Store peer IDs in a GArray
* tlshd: Store remote peerids in a GArray
* tlshd: Add tlshd_genl_put_handshake_parms() API
* tlshd: Add x509.crl option to man page.
* Add client-side CRL checking
* tlshd: Add server-side CRL checking
* tlshd: Refactor trust store management
* tlshd: Child should close the notification socket
* tlshd: Child process should shut down before exiting
* tlshd: Free netlink messages after fork(3) returns
* tlshd: Preserve pcache during tlshd_gnutls_priority_init()
* tlshd: Restore GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR
* tlshd: Add tlshd_log_completion()
* tlshd: Remove useless verification status report
* tlshd: Show ingress certificate on successful handshake
* tlshd: Check for an empty string
* tlshd: Display errno message
* tlshd: Don't set errno in tlshd_keyring_link_session()
* tlshd: Fix silent tlshd_keyring_link_session() failures
* tlshd: Handshake needs to check for CERTIFICATE_ERROR
* tlshd: Relocate TLSHD_ALLPERMS
* tlshd: Add default keyrings for NFS
* tlshd: Fix a minor race
* tlshd: remove redundant gnutls_global_deinit()
* tlshd: fix a regression for certificate verification
* tlshd: Define TLSHD_ACCESSPERMS instead of using ALLPERMS to fix musl build
* tlshd: add 'keyring' handshake accept parameter
* keyring: fixup function description for tlshd_keyring_link_session()
* tlshd: use gnutls_psk_allocate_{client,server}_credentials2 (bsc#1258084)
* tlshd: replace IPPROTO_QUIC with SOL_QUIC for cmsg_level in quic
* tlshd: Pass ETIMEDOUT from gnutls to kernel
-------------------------------------------------------------------
Fri Dec 06 13:56:33 UTC 2024 - Daniel Wagner <daniel.wagner@suse.com>
- Update to version 0.10+33.g311d943:
* tlshd: always link .nvme default keyring into the session (bsc#1229034)
* tlshd: Ensure libnl-genl3 is available
* tlshd: receive new session ticket msg after completing quic handshake
* tlshd: use quic_config to get parameters for quic handshake
* tlshd: clean up some unnecessary code in quic handshake
* tlshd: improve error logging for tlshd_server_psk_cb()
* tlshd: guard against possible overrun of tlshd_peername
* tlshd: fix optlen passed to getsockopt()
* tlshd: free pathname before it goes out of scope
* tlshd: add support for quic handshake
* tlshd: include socket ip_proto in tlshd_handshake_parms
* tlshd: Refactor tlshd_service_socket()
* config: supply meaningful error for non-existing pathnames
* tlshd: Fix implicit signedness conversion
* tlshd: Fix memory leaks
-------------------------------------------------------------------
Thu Mar 21 21:50:44 UTC 2024 - Martin Wilck <mwilck@suse.com>
- Update to version 0.10+12.gc3923f7:
* Rework priority string setting for PSK (bsc#1221437)
* config: use 'authenticate' as a section name
* server: add missing priority setting (gh#oracle/ktls-utils#49)
-------------------------------------------------------------------
Tue Mar 5 17:24:44 UTC 2024 - Martin Wilck <mwilck@suse.com>
- Update to upstream version 0.10+9.gf28f084:
* ktls: restrict hash functions to supported sizes (bsc#1218037)
* tlshd: Add support for chained certs
-------------------------------------------------------------------
Tue Feb 20 17:28:48 UTC 2024 - Martin Wilck <mwilck@suse.com>
- Update to upstream version 0.10:
* All previously SUSE_specific patches included
* tlshd: Reorganize tlshd.conf
- get rid of [main]
- add [debug] and move the debug-related options there
- move the "keyrings" option to [authenticate]
* tlshd: add 'delay' configuration parameter
* tlshd: Add .conf option to specify trust store
* Bug fixes and cleanups
-------------------------------------------------------------------
Wed Jan 17 11:56:19 UTC 2024 - Martin Wilck <mwilck@suse.com>
- Spec file:
* fix summary and license
* use pkgconfig for BuildRequires
* remove superfluous PreReq dependencies
* use %config(noreplace) for the config file (because it may
contain paths to key files)
* remove BuildRoot
* simplify build section
-------------------------------------------------------------------
Tue Jan 9 16:12:57 UTC 2024 - Martin Wilck <mwilck@suse.com>
- Update to version 0.9+4.g01b3018 (jsc#PED-7559)
* _service: move to openSUSE git repository
- Patches now in git, remove them from spec file:
* del 0001-netlink-de-constify-nla_policy
* del 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch
* del 0002-tlshd-Check-for-gnutls_get_system_config_file.patch
* del 0003-tlshd-add-delay-configuration-parameter.patch
-------------------------------------------------------------------
Wed Aug 16 18:21:59 UTC 2023 - Hannes Reinecke <hare@suse.de>
- Reshuffle patches to match upstream submission:
* Remove 0001-netlink-de-constify-nla_policy
* Add 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch
* Remove 0001-Check-for-gnutls_get_system_config_file.patch
* Add 0002-tlshd-Check-for-gnutls_get_system_config_file.patch
* Remove 0001-Add-tlshd_delay-configuration-option.patch
* Add 0003-tlshd-add-delay-configuration-parameter.patch
-------------------------------------------------------------------
Wed Aug 16 17:55:46 UTC 2023 - Hannes Reinecke <hare@suse.de>
- Add patch to exercise handshake timeout
* 0001-Add-tlshd_delay-configuration-option.patch
- Add patch to allow compilation on older releases
* 0001-Check-for-gnutls_get_system_config_file.patch
-------------------------------------------------------------------
Sat Jul 01 20:40:46 UTC 2023 - Hannes Reinecke <hare@suse.de>
- Add patch for older libnl versions
+ 0001-netlink-de-constify-nla_policy.patch
- Fix build error on 32-bit
+ 0001-tlshd-fix-max-config-file-size-comparison.patch
-------------------------------------------------------------------
Fri Jun 30 22:58:27 UTC 2023 - Hannes Reinecke <hare@suse.de>
- Initial package, version 0.9
