diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-06-03 12:52:17 +0000 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-06-03 12:52:17 +0000 |
| commit | 86012fd64e248c31554d42e6d6b38bfcd4357f92 (patch) | |
| tree | bc044c35d9b63b4d7e3f93740575bfa699f9a8bf | |
| parent | c8dd845025bc1f16224a77d39873a23e2244c7b8 (diff) | |
| parent | 73a735bd852df5b1f742f4cc815281a4f7f64328 (diff) | |
| download | gnutls-3.6.14.tar.gz | |
Merge branch 'tmp-release-3.6.14' into 'master'3.6.14
Release 3.6.14 [ci skip]
See merge request gnutls/gnutls!1272
| -rw-r--r-- | NEWS | 34 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | m4/hooks.m4 | 4 |
3 files changed, 36 insertions, 4 deletions
@@ -5,7 +5,39 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. -* Version 3.6.14 (unreleased) +* Version 3.6.14 (released 2020-06-03) + +** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. + The TLS server would not bind the session ticket encryption key with a + value supplied by the application until the initial key rotation, allowing + attacker to bypass authentication in TLS 1.3 and recover previous + conversations in TLS 1.2 (#1011). + [GNUTLS-SA-2020-06-03, CVSS: high] + +** libgnutls: Fixed handling of certificate chain with cross-signed + intermediate CA certificates (#1008). + +** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). + +** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName + (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority + Key Identifier (AKI) properly (#989, #991). + +** certtool: PKCS #7 attributes are now printed with symbolic names (!1246). + +** libgnutls: Added several improvements on Windows Vista and later releases + (!1257, !1254, !1256). Most notably the system random number generator now + uses Windows BCrypt* API if available (!1255). + +** libgnutls: Use accelerated AES-XTS implementation if possible (!1244). + Also both accelerated and non-accelerated implementations check key block + according to FIPS-140-2 IG A.9 (!1233). + +** libgnutls: Added support for AES-SIV ciphers (#463). + +** libgnutls: Added support for 192-bit AES-GCM cipher (!1267). + +** libgnutls: No longer use internal symbols exported from Nettle (!1235) ** API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added diff --git a/configure.ac b/configure.ac index a09cbfd92d..d59553b6a1 100644 --- a/configure.ac +++ b/configure.ac @@ -23,7 +23,7 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.63) dnl when updating version also update LT_REVISION in m4/hooks.m4 -AC_INIT([GnuTLS], [3.6.13], [bugs@gnutls.org]) +AC_INIT([GnuTLS], [3.6.14], [bugs@gnutls.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4]) AC_CANONICAL_HOST diff --git a/m4/hooks.m4 b/m4/hooks.m4 index d0963f35cd..1f83d35f68 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -40,9 +40,9 @@ AC_DEFUN([LIBGNUTLS_HOOKS], # in CONTRIBUTION.md for more info. # # Interfaces removed: AGE=0 (+bump all symbol versions in .map) - AC_SUBST(LT_CURRENT, 57) + AC_SUBST(LT_CURRENT, 58) AC_SUBST(LT_REVISION, 0) - AC_SUBST(LT_AGE, 27) + AC_SUBST(LT_AGE, 28) AC_SUBST(LT_SSL_CURRENT, 27) AC_SUBST(LT_SSL_REVISION, 2) |