537054 – net-libs/gnutls-3.3.12 version bump

Bug 537054 - net-libs/gnutls-3.3.12 version bump

Summary: net-libs/gnutls-3.3.12 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Library (show other bugs)
Hardware:	All All

Importance:	Normal normal (vote)
Assignee:	Crypto team [DISABLED]

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-19 15:08 UTC by Arfrever Frehtes Taifersar Arahesis
Modified:	2015-01-19 19:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arfrever Frehtes Taifersar Arahesis 2015-01-19 15:08:50 UTC

net-libs/gnutls-3.3.12 was released on 2015-01-17.


* Version 3.3.12 (released 2015-01-17)

** libgnutls: When negotiating TLS use the lowest enabled version in
the client hello, rather than the lowest supported. In addition, do
not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0
is the only protocol supported. That addresses issues with servers that
immediately drop the connection when the encounter SSL 3.0 as the record
version number. See:
http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html

** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters.

** libgnutls: Handle zero length plaintext for VIA PadLock functions.
This solves a potential crash on AES encryption for small size plaintext.
Patch by Matthias-Christian Ott.

** libgnutls: In DTLS don't combine multiple packets which exceed MTU.
Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715

** libgnutls: In DTLS decode all handshake packets present in a record
packet, in a single pass. Reported by Andreas Schultz.
https://savannah.gnu.org/support/?108712

** libgnutls: When importing a CA file with a PKCS #11 URL, simply
import the certificates, if the URL specifies objects, rather than
treating it as trust module.

** libgnutls: When importing a PKCS #11 URL and we know the type of
object we are importing, don't require the object type in the URL.

** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2
was used by the server.

** guile: Fix compilation on MinGW. Previously only the static version of the 
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.

** guile: Fix harmless warning during compilation of gnutls.scm
Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.

** certtool: --pubkey-info will also attempt to load a public key
from stdin.

** gnutls-cli: Added --starttls-proto option. That allows to specify a
protocol for starttls negotiation.

** API and ABI modifications:
No changes since last version.