| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Oleksandr Kravchuk <dev@sashko.rv.ua>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Version 3.3.30 (released 2018-07-16)
** libgnutls: Corrected infinite loop when an incorrect PIN was provided
via pin-value or pin-source.
** gnutls-cli: backported the --sni-hostname option. This allows overriding the
hostname advertised to the peer.
** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
and Adi Shamir reported that the existing counter-measures had certain issues and
were insufficient when the attacker has additional access to the CPU cache and
performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]
** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
priority strings. They are not necessary for compatibility or other purpose and
provide no advantage over their SHA1 counter-parts, as they all depend on the legacy
TLS CBC block mode.
** API and ABI modifications:
No changes since last version.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Version 3.3.29 (released 2018-02-16)
** libgnutls: Fixed issue which caused 1-byte handshake fragments to be refused.
Reported by Balázs Kéri.
** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was
used. Resolves gitlab issue #259.
** libgnutls: Use readdir() instead of readdir_r internally. The latter
is deprecated and on our use we don't need readdir() to be thread safe
(which it is in most common platforms).
** libgnutls: require strict DER encoding for certificates, OCSP requests, private
keys, CRLs and certificate requests. This backports the already default behavior
from the 3.5.x branch, in order to reduce issues due to the complexity of BER rules.
** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
Vitezslav Cizek).
** libgnutls: Addressed issue in the accelerated code which may affect interoperability
with versions of nettle > 3.4.
** p11tool: Fixed issue preventing the deletion of objects in batch mode.
** p11tool: Mark all generated objects as sensitive by default.
** API and ABI modifications:
No changes since last version.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Version 3.3.28 (released 2017-07-04)
** libgnutls: Fixed issue when rehandshaking without a client certificate in
a session which initially used one. Reported by Frantisek Sumsal.
** libgnutls: fix issue in RSA-PSK client callback which resulted in no username
being sent to the peer. Patch by Nicolas Dufresne.
** libgnutls: no longer parse the ResponseID field of the status response
TLS extension. The field is not used by GnuTLS nor is made available to
calling applications. That addresses a null pointer dereference on server
side caused by packets containing the ResponseID field. Reported
by Hubert Kario. [GNUTLS-SA-2017-4]
** libgnutls: Handle specially HSMs which request explicit authentication.
There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key
operation. Detect that state and try to login.
** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
a login will be forced. This improves operation on certain Safenet HSMs.
** libgnutls: do not set leading zeros when copying integers on HSMs.
PKCS#11 defines integers as unsigned having most significant byte
first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
some HSMs which do not accept an integer with a leading zero. This
improves operation with certain Atos HSMs.
** libgnutls: Backported PKCS#11 key generation functionality for DSA keys.
** libgnutls: Improve check for /dev/urandom uniqueness. Ensure that when
gnutls_global_init() is called for a second time that /dev/urandom is
re-opened when the inode or device ID has changed.
** API and ABI modifications:
No changes since last version.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* also remove correct_rpl_gettimeofday_signature.patch like in
commit e01e7c543a559c8926d72159b5cd55db0c661434
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Thu Jun 15 23:15:00 2017 +0100
meta: Remove further uclibc remnants (inc. patches and site files)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* it was modified in oe-core/master in this commit:
commit ba7e5f51327d9833776aa066f30c5e46606be374
Author: Fan Xin <fan.xin@jp.fujitsu.com>
Date: Fri Jun 9 15:49:18 2017 +0900
gnutls: Upgrade to 3.5.13
1. Upgrade gnutls from 3.5.9 to 3.5.13
2. Rebase the following patch file.
use-pkg-config-to-locate-zlib.patch
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
and no longer applies for this version.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* gnutls depends on nettle-3.1* since 3.4.0:
The requirement for nettle was bumped from 3.0 to 3.1 in gnutls_3_4_0
https://gitlab.com/gnutls/gnutls/commit/c84129af91b21d33ffe086e507632771b0e76498
and from 2.7 to 3.0 a bit earlier also in gnutls_3_4_0
https://gitlab.com/gnutls/gnutls/commit/3fa80cf68919f07b3351b2722278ba463d6e731c
* add recipe for last release in 3.3 branch which is compatible
with nettle 2.7.1 used in meta-gplv2
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Oleksandr Kravchuk
Andre McCurdy
Martin Jansa