www.cendio.com
Bug 4881 - GnuTLS needs to be updated.
: GnuTLS needs to be updated.
Status: CLOSED FIXED
: ThinLinc
Build system
: 4.1.0
: PC Unknown
: P2 Normal
: 4.2.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2013-11-01 10:51 by
Modified: 2014-04-01 16:05 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2013-11-01 10:51:00
Current buildsystem uses version 3.2.4 two releases behind upstream.

Version 3.2.6 (released 2013-10-31)
- libgnutls: Support for TPM via trousers is now enabled by default.
- libgnutls: Camellia in GCM mode has been added in default priorities,
  and GCM mode is prioritized over CBC in all of the default priority strings.
- libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
- libgnutls: Fixed ciphersuites
    GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
    GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and
    GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler.
- libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
- libgnutls: Minimum acceptable DH group parameters were increased to
  767 bits from 727.
- libgnutls: Added function to obtain random data from PKCS #11 tokens.
- gnulib: updated.
- libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
  previous fix. Reported by Tomas Mraz.
- p11tool: Added option generate-random.
- API and ABI modifications: gnutls_pkcs11_token_get_random: Added

Version 3.2.5 (released 2013-10-23)
- libgnutls: Documentation and build-time fixes.
- libgnutls: Allow the generation of DH groups of less than 700 bits.
- libgnutls: Added several combinations of ciphersuites with SHA256 and
  SHA384 as MAC, as well as Camellia with GCM.
- libdane: Added interfaces to allow initialization of dane_query_t
  from external DNS resolutions, and to allow direct verification of a
  certificate chain against a dane_query_t. Contributed by Christian Grothoff.
- libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
  triggered by a DNS server supplying more than 4 DANE records. Report and
  fix by Christian Grothoff.
- srptool: Fixed index command line option. Patch by Attila Molnar.
- gnutls-cli: Added support for inline commands, using the
  --inline-commands-prefix and --inline-commands options. Patch by Raj Raman.   
- certtool: pathlen constraint is now read correctly. Reported by
  Christoph Seitz.
------- Comment #1 From cendio 2014-02-14 10:24:56 -------
GnuTLS and friends upgraded in r28427. Will do a quick test of tlstunnel and
tl-certtool before I close this.
------- Comment #2 From cendio 2014-02-24 13:35:03 -------
tlstunnel works fine, and tlclient can parse several of the cards I have at my
disposal.
------- Comment #3 From cendio 2014-03-17 09:54:05 -------
Missing update package for win32 and osx32 GnuTLS:

rpm -qa | grep cendio | grep gnutls
cendio-build-gnutls-solsparc-3.2.11-1.noarch
cendio-build-gnutls-win32-2.8.6-1.noarch
cendio-build-gnutls-i386-3.2.11-1.noarch
cendio-build-gnutls-x86_64-3.2.11-1.noarch
cendio-build-gnutls-osx32-2.8.6-1.noarch
------- Comment #4 From cendio 2014-03-17 10:54:17 -------
(In reply to comment #3)
> Missing update package for win32 and osx32 GnuTLS:
> 
> rpm -qa | grep cendio | grep gnutls
> cendio-build-gnutls-solsparc-3.2.11-1.noarch
> cendio-build-gnutls-win32-2.8.6-1.noarch
> cendio-build-gnutls-i386-3.2.11-1.noarch
> cendio-build-gnutls-x86_64-3.2.11-1.noarch
> cendio-build-gnutls-osx32-2.8.6-1.noarch

gnutls is only used by the server. No idea why you have those installed. :)
------- Comment #5 From cendio 2014-03-17 10:58:56 -------
All is in order...