[ol7_u5_base] gnutls-3.3.26-9.0.1.el7.aarch64

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

Changelog (Show File list) (Show related packages)

• Fri Feb 02 2018 Ilya Okomin <ilya.okomin@oracle.com> 3.3.26-9.0.1

  - Include ECDSA KAT into selftests for FIPS140-2 compliance [Orabug 27484156]

• Fri May 26 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.26-9

  - Address crash in OCSP status request extension, by eliminating the
    unneeded parsing (CVE-2017-7507, #1455828)

• Wed Apr 26 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.26-7

  - Address interoperability issue with 3.5.x (#1388932)
  - Reject CAs which are both trusted and blacklisted in trust module (#1375303)
  - Added new functions to set issuer and subject ID in certificates (#1378373)
  - Reject connections with less than 1024-bit DH parameters (#1335931)
  - Fix issue that made GnuTLS parse only the first 32 extensions (#1383748)
  - Mention limitations of certtool in manpage (#1375463)
  - Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642)
  - Do not link directly to trousers but instead use dlopen (#1379739)
  - Fix incorrect OCSP validation (#1377569)
  - Added support for pin-value in PKCS#11 URIs (#1379283)
  - Added the --id option to p11tool (#1399232)
  - Improved sanity checks in RSA key generation (#1444780)
  - Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337,
    CVE-2017-7869

• Tue Jul 12 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.24-1

  - Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
  - Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
  - When writing certificates to smart cards write the CKA_ISSUER and
    CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
  - Use the shared system certificate store (#1110750)
  - Address MD5 transcript collision attacks in TLS key exchange (#1289888, 
    CVE-2015-7575)
  - Allow hashing data over 2^32 bytes (#1306953)
  - Ensure written PKCS#11 public keys are not marked as private (#1339453)
  - Ensure secure_getenv() is called on all uses of environment variables
    (#1344591).
  - Fix issues related to PKCS #11 private key listing on certain HSMs
    (#1351389)

• Fri Jun 05 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-13

  - Corrected reseed and respect of max_number_of_bits_per_request in 
    FIPS140-2 mode. Also enhanced the initial tests. (#1228199)

• Mon Jan 05 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-12

  - corrected fix of handshake buffer resets (#1153106)

• Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-11

  - Applied fix for urandom FD in FIPS140 mode (#1165047)
  - Applied fix for FIPS140-2 related regression (#1110696)

• Tue Dec 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-10

  - Amended fix for urandom FD to avoid regression in FIPS140 mode (#1165047)

• Tue Nov 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-9

  - Amended fix for FIPS enforcement issue (#1163848)
  - Fixed issue with applications that close all file descriptors (#1165047)

• Thu Nov 13 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-8

  - Applied fix for FIPS enforcement issue when only /etc/system-fips
    existed (#1163848)

• Fri Nov 07 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-7

  - Applied fix for CVE-2014-8564 (#1161473)

• Wed Oct 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-6

  - when generating test DH keys, enforce the q_bits.

• Tue Oct 21 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-5

  - do not enforce FIPS140-2 policies in non-FIPS140 mode (#1154774)

• Thu Oct 16 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-4

  - reverted change to use the p11-kit certificate storage (#1110750)
  - added functions to test DH/ECDH in FIPS-140-2 mode and fixed
    RSA key generation (#1110696)
  - added manual dependencies on libtasn1 3.8 as well as p11-kit 0.20.7
  - fixed SHA224 in SSSE3 optimized code
  - fixed issue with handshake buffer resets (#1153106)
  - fixed issue in RSA key generation with specific seeds in FIPS140-2 mode

• Wed Oct 01 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-3

  - added dependency on libtasn1 3.8 (#1110696)

• Thu Sep 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-2

  - disabled padlock CPU support in FIPS140-2 mode

• Thu Sep 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-1

  - updated to latest stable release

• Fri Sep 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-1.b2

  - updated with latest bug fixes for 3.3.x branch
  - delete bundled files

• Thu Sep 04 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8b1-1

  - updated with latest bug fixes for 3.3.x branch

• Fri Aug 22 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.7-1

  - new upstream release (#1110696)
  - allow DSA/DH key generation with 1024 when not in FIPS140-2 mode (#1132705)

• Fri Aug 15 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.7b1-1

  - updated with latest bug fixes for 3.3.x branch
  - utilize the p11-kit trust store (#1110750)

• Tue Jul 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.6-2

  - correct path of fipscheck links

• Wed Jul 23 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.6-1

  - rebased to 3.3.6 and enabled fips mode (#1110696)

• Wed May 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-9

  - fix session ID length check (#1102027)
  - fixes null pointer dereference (#1101727)

• Tue Feb 25 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-8

  - fixes CVE-2014-0092 (#1071815)

• Fri Feb 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-7

  - fixes CVE-2014-1959

• Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.1.18-6

  - Mass rebuild 2014-01-24

• Tue Jan 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.1.18-5

  - Fixed issue with gnutls.info not being available (#1053487)

• Tue Jan 14 2014 Tomáš Mráz <tmraz@redhat.com> 3.1.18-4

  - build the crywrap tool

• Thu Jan 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-3

  - fixes crash in gnutls_global_deinit (#1047037)

• Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 3.1.18-2

  - Mass rebuild 2013-12-27

• Mon Dec 23 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.1.18-1

  - new upstream release (#1040886)
  - Use the correct root key for unbound

• Tue Nov 05 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.16-1

  - new upstream release
  - fixes CVE-2013-4466 off-by-one in dane_query_tlsa()

• Tue Oct 29 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.15-1

  - new upstream release
  - fixes CVE-2013-4466 buffer overflow in handling DANE entries

• Mon Jul 15 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.13-1

  - new upstream release

• Thu May 23 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.11-1

  - new upstream release
  - enable ECC NIST Suite B curves

• Mon Mar 25 2013 Tomas Mraz <tmraz@redhat.com> 3.1.10-1

  - new upstream release
  - license of the library is back to LGPLv2.1+

• Fri Mar 15 2013 Tomas Mraz <tmraz@redhat.com> 3.1.9-1

  - new upstream release

• Thu Mar 07 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-3

  - drop the temporary old library

• Tue Feb 26 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-2

  - don't send ECC algos as supported (#913797)

• Thu Feb 21 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-1

  - new upstream version

• Wed Feb 06 2013 Tomas Mraz <tmraz@redhat.com> 3.1.7-1

  - new upstream version, requires rebuild of dependencies
  - this release temporarily includes old compatibility .so

• Tue Feb 05 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-2

  - rebuilt with new libtasn1
  - make guile bindings optional - breaks i686 build and there is
    no dependent package

• Tue Jan 08 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-1

  - new upstream version

• Wed Nov 28 2012 Tomas Mraz <tmraz@redhat.com> 2.12.21-2

  - use RSA bit sizes supported by libgcrypt in FIPS mode for security
    levels (#879643)

• Fri Nov 09 2012 Tomas Mraz <tmraz@redhat.com> 2.12.21-1

  - new upstream version

• Thu Nov 01 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-4

  - negotiate only FIPS approved algorithms in the FIPS mode (#871826)

• Wed Aug 08 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-3

  - fix the gnutls-cli-debug manpage - patch by Peter Schiffer

• Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12.20-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

• Mon Jun 18 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-1

  - new upstream version

• Fri May 18 2012 Tomas Mraz <tmraz@redhat.com> 2.12.19-1

  - new upstream version

• Thu Mar 29 2012 Tomas Mraz <tmraz@redhat.com> 2.12.18-1

  - new upstream version

• Thu Mar 08 2012 Tomas Mraz <tmraz@redhat.com> 2.12.17-1

  - new upstream version
  - fix leaks in key generation (#796302)

• Fri Feb 03 2012 Kevin Fenzi <kevin@scrye.com> - 2.12.14-3

  - Disable largefile on arm arch. (#787287)

• Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12.14-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

• Tue Nov 08 2011 Tomas Mraz <tmraz@redhat.com> 2.12.14-1

  - new upstream version

• Mon Oct 24 2011 Tomas Mraz <tmraz@redhat.com> 2.12.12-1

  - new upstream version

• Thu Sep 29 2011 Tomas Mraz <tmraz@redhat.com> 2.12.11-1

  - new upstream version

• Fri Aug 26 2011 Tomas Mraz <tmraz@redhat.com> 2.12.9-1

  - new upstream version

• Tue Aug 16 2011 Tomas Mraz <tmraz@redhat.com> 2.12.8-1

  - new upstream version

• Mon Jul 25 2011 Tomas Mraz <tmraz@redhat.com> 2.12.7-2

  - fix problem when using new libgcrypt
  - split libgnutlsxx to a subpackage (#455146)
  - drop libgnutls-openssl (#460310)

• Tue Jun 21 2011 Tomas Mraz <tmraz@redhat.com> 2.12.7-1

  - new upstream version

• Mon May 09 2011 Tomas Mraz <tmraz@redhat.com> 2.12.4-1

  - new upstream version

• Tue Apr 26 2011 Tomas Mraz <tmraz@redhat.com> 2.12.3-1

  - new upstream version

• Mon Apr 18 2011 Tomas Mraz <tmraz@redhat.com> 2.12.2-1

  - new upstream version

• Thu Mar 03 2011 Tomas Mraz <tmraz@redhat.com> 2.10.5-1

  - new upstream version

• Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.10.4-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

• Wed Dec 08 2010 Tomas Mraz <tmraz@redhat.com> 2.10.4-1

  - new upstream version

• Thu Dec 02 2010 Tomas Mraz <tmraz@redhat.com> 2.10.3-2

  - fix buffer overflow in gnutls-serv (#659259)

• Fri Nov 19 2010 Tomas Mraz <tmraz@redhat.com> 2.10.3-1

  - new upstream version

• Thu Sep 30 2010 Tomas Mraz <tmraz@redhat.com> 2.10.2-1

  - new upstream version

• Wed Sep 29 2010 jkeating - 2.10.1-4

  - Rebuilt for gcc bug 634757

• Thu Sep 23 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-3

  - more patching for internal errors regression (#629858)
    patch by Vivek Dasmohapatra

• Tue Sep 21 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-2

  - backported patch from upstream git hopefully fixing internal errors
    (#629858)

• Wed Aug 04 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-1

  - new upstream version

• Wed Jun 02 2010 Tomas Mraz <tmraz@redhat.com> 2.8.6-2

  - add support for safe renegotiation CVE-2009-3555 (#533125)

• Wed May 12 2010 Tomas Mraz <tmraz@redhat.com> 2.8.6-1

  - upgrade to a new upstream version

• Mon Feb 15 2010 Rex Dieter <rdieter@fedoraproject.org> 2.8.5-4

  - FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624)

• Thu Jan 28 2010 Tomas Mraz <tmraz@redhat.com> 2.8.5-3

  - drop superfluous rpath from binaries
  - do not call autoreconf during build
  - specify the license on utils subpackage

• Mon Jan 18 2010 Tomas Mraz <tmraz@redhat.com> 2.8.5-2

  - do not create static libraries (#556052)

• Mon Nov 02 2009 Tomas Mraz <tmraz@redhat.com> 2.8.5-1

  - upgrade to a new upstream version

• Wed Sep 23 2009 Tomas Mraz <tmraz@redhat.com> 2.8.4-1

  - upgrade to a new upstream version

• Fri Aug 14 2009 Tomas Mraz <tmraz@redhat.com> 2.8.3-1

  - upgrade to a new upstream version

• Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.1-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

• Wed Jun 10 2009 Tomas Mraz <tmraz@redhat.com> 2.8.1-1

  - upgrade to a new upstream version

• Wed Jun 03 2009 Tomas Mraz <tmraz@redhat.com> 2.8.0-1

  - upgrade to a new upstream version

• Mon May 04 2009 Tomas Mraz <tmraz@redhat.com> 2.6.6-1

  - upgrade to a new upstream version - security fixes

• Tue Apr 14 2009 Tomas Mraz <tmraz@redhat.com> 2.6.5-1

  - upgrade to a new upstream version, minor bugfixes only

• Fri Mar 06 2009 Tomas Mraz <tmraz@redhat.com> 2.6.4-1

  - upgrade to a new upstream version

• Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.3-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

• Mon Dec 15 2008 Tomas Mraz <tmraz@redhat.com> 2.6.3-1

  - upgrade to a new upstream version

• Thu Dec 04 2008 Tomas Mraz <tmraz@redhat.com> 2.6.2-1

  - upgrade to a new upstream version

• Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-3

  - fix chain verification issue CVE-2008-4989 (#470079)

• Thu Sep 25 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-2

  - add guile subpackage (#463735)
  - force new libtool through autoreconf to drop unnecessary rpaths

• Tue Sep 23 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-1

  - new upstream version

• Tue Jul 01 2008 Tomas Mraz <tmraz@redhat.com> 2.4.1-1

  - new upstream version
  - correct the license tag
  - explicit --with-included-opencdk not needed
  - use external lzo library, internal not included anymore

• Tue Jun 24 2008 Tomas Mraz <tmraz@redhat.com> 2.4.0-1

  - upgrade to latest upstream

• Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 2.0.4-3

  - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
    (#447461, #447462, #447463)

• Mon Feb 04 2008 Joe Orton <jorton@redhat.com> 2.0.4-2

  - use system libtasn1

• Tue Dec 04 2007 Tomas Mraz <tmraz@redhat.com> 2.0.4-1

  - upgrade to latest upstream

• Tue Aug 21 2007 Tomas Mraz <tmraz@redhat.com> 1.6.3-2

  - license tag fix

• Wed Jun 06 2007 Tomas Mraz <tmraz@redhat.com> 1.6.3-1

  - upgrade to latest upstream (#232445)

• Tue Apr 10 2007 Tomas Mraz <tmraz@redhat.com> 1.4.5-2

  - properly require install-info (patch by Ville Skyttä)
  - standard buildroot and use dist tag
  - add COPYING and README to doc

• Wed Feb 07 2007 Tomas Mraz <tmraz@redhat.com> 1.4.5-1

  - new upstream version
  - drop libtermcap-devel from buildrequires

• Thu Sep 14 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2

  - detect forged signatures - CVE-2006-4790 (#206411), patch
    from upstream

• Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1

  - upgrade to new upstream version, only minor changes

• Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1

  - rebuild

• Wed Jun 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1

  - upgrade to new upstream version (#192070), rebuild
    of dependent packages required

• Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2

  - added missing buildrequires

• Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1

  - updated to new version (fixes CVE-2006-0645)

• Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2

  - bump again for double-long bug on ppc(64)

• Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1

  - rebuilt for new gcc4.1 snapshot and glibc changes

• Tue Jan 03 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3

  - rebuilt

• Fri Dec 09 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2

  - replaced *-config scripts with calls to pkg-config to
    solve multilib conflicts

• Wed Nov 23 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1

  - upgrade to newest upstream
  - removed .la files (#172635)

• Sun Aug 07 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1

  - upgrade to newest upstream (rebuild of dependencies necessary)

• Mon Jul 04 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2

  - split the command line tools to utils subpackage

• Sat Apr 30 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1

  - new upstream version fixes potential DOS attack

• Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2

  - readd the version script dropped by upstream

• Fri Apr 22 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1

  - update to the latest upstream version on the 1.0 branch

• Wed Mar 02 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6

  - gcc4 rebuild

• Tue Jan 04 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5

  - add gnutls Requires zlib-devel (#144069)

• Mon Nov 08 2004 Colin Walters <walters@redhat.com> 1.0.20-4

  - Make gnutls-devel Require libgcrypt-devel

• Tue Sep 21 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3

  - rebuild with release++, otherwise unchanged.

• Tue Sep 07 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2

  - patent tainted SRP code removed.

• Sun Sep 05 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1

  - update to 1.0.20.
  - add --with-included-opencdk --with-included-libtasn1
  - add --with-included-libcfg --with-included-lzo
  - add --disable-srp-authentication.
  - do "make check" after build.

• Fri Mar 21 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1

  - upgrade to 0.9.2

• Tue Jun 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1

  - update to 0.4.4.

• Fri Jun 21 2002 Tim Powers <timp@redhat.com>

  - automated rebuild

• Sat May 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1

  - update to 0.4.3.

• Tue May 21 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1

  - update to 0.4.2.
  - change license to LGPL.
  - include splint annotations patch.

• Tue Apr 02 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1

  - update to 0.4.0

• Thu Jan 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1

  - update to 0.3.2

• Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1

  - add a URL

• Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>

  - initial package