Skip to content

CentOS 7 - Updates for x86_64: system environment/libraries: gnutls-dane

gnutls-dane - A DANE protocol implementation for GnuTLS

Website: http://www.gnutls.org/
License: GPLv3+ and LGPLv2+
Vendor: CentOS
Description:
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package contains library that implements the DANE protocol for verifying
TLS certificates through DNSSEC.

Packages

gnutls-dane-3.3.29-9.el7_6.x86_64 [35 KiB] Changelog by Anderson Sasaki (2019-02-12):
- Make sure the FIPS startup KAT selftest run for ECDSA (#1673919)
gnutls-dane-3.3.29-9.el7_6.i686 [35 KiB] Changelog by Anderson Sasaki (2019-02-12):
- Make sure the FIPS startup KAT selftest run for ECDSA (#1673919)
gnutls-dane-3.3.29-8.el7.i686 [35 KiB] Changelog by Anderson Sasaki (2018-07-20):
- Backported --sni-hostname option which allows overriding the hostname
  advertised to the peer (#1444792)
- Improved counter-measures in TLS CBC record padding for lucky13 attack
  (CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
  (CVE-2018-10846, #1589708)
- Address p11tool issue in object deletion in batch mode (#1375307)
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
  unsupported features in 3.3.x (--load-pubkey and --test-sign options, ECC key
  generation without login, and certificates do not inherit ID from the private
  key)
- p11tool explicitly marks certificates and public keys as NOT private objects
  and private keys as private objects
- Enlarge buffer size to support resumption with large keys (#1542461)
- Legacy HMAC-SHA384 cipher suites were disabled by default
- Added DSA key generation to p11tool (#1464896)
- Address session renegotiation issue using client certificate (#1434091)
- Address issue when importing private keys into Atos HSM (#1460125)
gnutls-dane-3.3.29-8.el7.x86_64 [35 KiB] Changelog by Anderson Sasaki (2018-07-20):
- Backported --sni-hostname option which allows overriding the hostname
  advertised to the peer (#1444792)
- Improved counter-measures in TLS CBC record padding for lucky13 attack
  (CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
  (CVE-2018-10846, #1589708)
- Address p11tool issue in object deletion in batch mode (#1375307)
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
  unsupported features in 3.3.x (--load-pubkey and --test-sign options, ECC key
  generation without login, and certificates do not inherit ID from the private
  key)
- p11tool explicitly marks certificates and public keys as NOT private objects
  and private keys as private objects
- Enlarge buffer size to support resumption with large keys (#1542461)
- Legacy HMAC-SHA384 cipher suites were disabled by default
- Added DSA key generation to p11tool (#1464896)
- Address session renegotiation issue using client certificate (#1434091)
- Address issue when importing private keys into Atos HSM (#1460125)
gnutls-dane-3.3.26-9.el7.i686 [34 KiB] Changelog by Nikos Mavrogiannopoulos (2017-05-26):
- Address crash in OCSP status request extension, by eliminating the
  unneeded parsing (CVE-2017-7507, #1455828)
gnutls-dane-3.3.26-9.el7.x86_64 [34 KiB] Changelog by Nikos Mavrogiannopoulos (2017-05-26):
- Address crash in OCSP status request extension, by eliminating the
  unneeded parsing (CVE-2017-7507, #1455828)
gnutls-dane-3.3.24-1.el7.x86_64 [33 KiB] Changelog by Nikos Mavrogiannopoulos (2016-07-12):
- Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
- Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
- When writing certificates to smart cards write the CKA_ISSUER and
  CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
- Use the shared system certificate store (#1110750)
- Address MD5 transcript collision attacks in TLS key exchange (#1289888, 
  CVE-2015-7575)
- Allow hashing data over 2^32 bytes (#1306953)
- Ensure written PKCS#11 public keys are not marked as private (#1339453)
- Ensure secure_getenv() is called on all uses of environment variables
  (#1344591).
- Fix issues related to PKCS #11 private key listing on certain HSMs
  (#1351389)
gnutls-dane-3.3.24-1.el7.i686 [33 KiB] Changelog by Nikos Mavrogiannopoulos (2016-07-12):
- Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
- Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
- When writing certificates to smart cards write the CKA_ISSUER and
  CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
- Use the shared system certificate store (#1110750)
- Address MD5 transcript collision attacks in TLS key exchange (#1289888, 
  CVE-2015-7575)
- Allow hashing data over 2^32 bytes (#1306953)
- Ensure written PKCS#11 public keys are not marked as private (#1339453)
- Ensure secure_getenv() is called on all uses of environment variables
  (#1344591).
- Fix issues related to PKCS #11 private key listing on certain HSMs
  (#1351389)
gnutls-dane-3.3.8-14.el7_2.x86_64 [32 KiB] Changelog by Nikos Mavrogiannopoulos (2015-12-09):
- Prevent downgrade attack to RSA-MD5 in server key exchange.
gnutls-dane-3.3.8-14.el7_2.i686 [32 KiB] Changelog by Nikos Mavrogiannopoulos (2015-12-09):
- Prevent downgrade attack to RSA-MD5 in server key exchange.
gnutls-dane-3.3.8-12.el7_1.1.x86_64 [32 KiB] Changelog by Nikos Mavrogiannopoulos (2015-06-05):
- Corrected reseed and respect of max_number_of_bits_per_request in 
  FIPS140-2 mode. Also enhanced the initial tests. (#1228199)
gnutls-dane-3.3.8-12.el7_1.1.i686 [32 KiB] Changelog by Nikos Mavrogiannopoulos (2015-06-05):
- Corrected reseed and respect of max_number_of_bits_per_request in 
  FIPS140-2 mode. Also enhanced the initial tests. (#1228199)

Listing created by repoview