[ol7_latest] gnutls-3.3.26-9.0.1.el7.aarch64

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

Changelog (Show File list) (Show related packages)

• Fri Feb 02 2018 Ilya Okomin <ilya.okomin@oracle.com> 3.3.26-9.0.1

  - Include ECDSA KAT into selftests for FIPS140-2 compliance [Orabug 27484156]

• Fri May 26 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.26-9

  - Address crash in OCSP status request extension, by eliminating the
    unneeded parsing (CVE-2017-7507, #1455828)

• Wed Apr 26 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.26-7

  - Address interoperability issue with 3.5.x (#1388932)
  - Reject CAs which are both trusted and blacklisted in trust module (#1375303)
  - Added new functions to set issuer and subject ID in certificates (#1378373)
  - Reject connections with less than 1024-bit DH parameters (#1335931)
  - Fix issue that made GnuTLS parse only the first 32 extensions (#1383748)
  - Mention limitations of certtool in manpage (#1375463)
  - Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642)
  - Do not link directly to trousers but instead use dlopen (#1379739)
  - Fix incorrect OCSP validation (#1377569)
  - Added support for pin-value in PKCS#11 URIs (#1379283)
  - Added the --id option to p11tool (#1399232)
  - Improved sanity checks in RSA key generation (#1444780)
  - Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337,
    CVE-2017-7869

• Tue Jul 12 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.24-1

  - Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
  - Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
  - When writing certificates to smart cards write the CKA_ISSUER and
    CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
  - Use the shared system certificate store (#1110750)
  - Address MD5 transcript collision attacks in TLS key exchange (#1289888, 
    CVE-2015-7575)
  - Allow hashing data over 2^32 bytes (#1306953)
  - Ensure written PKCS#11 public keys are not marked as private (#1339453)
  - Ensure secure_getenv() is called on all uses of environment variables
    (#1344591).
  - Fix issues related to PKCS #11 private key listing on certain HSMs
    (#1351389)

• Fri Jun 05 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-13

  - Corrected reseed and respect of max_number_of_bits_per_request in 
    FIPS140-2 mode. Also enhanced the initial tests. (#1228199)

• Mon Jan 05 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-12

  - corrected fix of handshake buffer resets (#1153106)

• Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-11

  - Applied fix for urandom FD in FIPS140 mode (#1165047)
  - Applied fix for FIPS140-2 related regression (#1110696)

• Tue Dec 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-10

  - Amended fix for urandom FD to avoid regression in FIPS140 mode (#1165047)

• Tue Nov 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-9

  - Amended fix for FIPS enforcement issue (#1163848)
  - Fixed issue with applications that close all file descriptors (#1165047)

• Thu Nov 13 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-8

  - Applied fix for FIPS enforcement issue when only /etc/system-fips
    existed (#1163848)