Overview
Request 222335 accepted
- Upgraded to 3.2.11
** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
** libgnutls: Reduced the TLS and DTLS version requirements for all
ciphersuites that are not GCM.
** libgnutls: When two initial keywords are specified then treat the
second as having the '+' modifier.
** libgnutls: When using a PKCS #11 module for verification ensure that
it has been marked a trusted policy module in p11-kit. Moreover, when an
empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
in the system for verification.
http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
CA certificates. Reported and investigated by Suman Jana.
CVE-2014-1959 / bnc#863989
** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed
- Upgrade to 3.1.20 (released 2014-01-31)
** libgnutls: fixed null pointer derefence when printing a certificate
DN and an LDAP description isn't present.
** libgnutls: gnutls_db_check_entry_time will correctly report the time;
report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.
** libgnutls: %COMPAT implies %DUMBFW.
** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.
Request History
msmeissn created request
- Upgraded to 3.2.11
** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
** libgnutls: Reduced the TLS and DTLS version requirements for all
ciphersuites that are not GCM.
** libgnutls: When two initial keywords are specified then treat the
second as having the '+' modifier.
** libgnutls: When using a PKCS #11 module for verification ensure that
it has been marked a trusted policy module in p11-kit. Moreover, when an
empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
in the system for verification.
http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
CA certificates. Reported and investigated by Suman Jana.
CVE-2014-1959 / bnc#863989
** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed
- Upgrade to 3.1.20 (released 2014-01-31)
** libgnutls: fixed null pointer derefence when printing a certificate
DN and an LDAP description isn't present.
** libgnutls: gnutls_db_check_entry_time will correctly report the time;
report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.
** libgnutls: %COMPAT implies %DUMBFW.
** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.
factory-auto added a reviewer
Please review sources
factory-auto added a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
factory-auto added a reviewer
Check Staging Project
licensedigger accepted review
{"approve": "preliminary, version number changed"}
coolo accepted review
ok, tested in openSUSE:Factory:Staging:B
factory-repo-checker accepted review
Builds for repo openSUSE_Factory
dimstar approved review
Ok
dimstar accepted review
Ok
coolo accepted request
checkin
