[el5_latest] gnutls-devel-1.4.1-14.el5_10.i386

GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.
This package contains files needed for developing applications with
the GnuTLS library.

Changelog (Show File list) (Show related packages)

• Fri Feb 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-14

  - Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch
  - Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch

• Thu Feb 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-13

  - fix issues of CVE-2014-0092 (#1069888)

• Tue May 28 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-12

  - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619
    upstream patch (#966754)

• Fri Feb 22 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-11

  - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)

• Thu Jun 07 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-10

  - do not generate invalid certificate requests without challenge password
  - store subject DN instead of issuer DN in the CA list

• Fri Mar 23 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-9

  - fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)
  - fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)
  - fix CVE-2012-1573 - security issue in packet parsing (#805432)

• Thu Feb 09 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-8

  - fix multiple possible NULL dereferences and other problems
    that can potentially lead to segfault in the client

• Wed Mar 10 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-7

  - fix safe renegotiation on SSL3 protocol

• Thu Mar 04 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-6

  - implement safe renegotiation - CVE-2009-3555 (#533125)
  - do not allow MD2 in certificate signatures by default - CVE-2009-2409
    (#510197)

• Sat Aug 15 2009 Tomas Mraz <tmraz@redhat.com> 1.4.1-5

  - fix NUL characters in DN and SAN cert fields issue,
    make sure gnutls_x509_crt_check_hostname() fails when certificate
    has no CN or SAN CVE-2009-2730 (#516231)

• Wed Nov 12 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-4

  - fix chain verification issue CVE-2008-4989 (#470079)

• Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-3

  - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
    (#447461, #447462, #447463)

• Fri Sep 15 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2

  - detect forged signatures - CVE-2006-4790 (#206411), patch
    from upstream

• Wed Jul 19 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1

  - upgrade to new upstream version, only minor changes

• Thu Jul 13 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1

  - rebuild

• Thu Jun 15 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1

  - upgrade to new upstream version (#192070), rebuild
    of dependent packages required

• Wed May 17 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2

  - added missing buildrequires

• Tue Feb 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1

  - updated to new version (fixes CVE-2006-0645)

• Sat Feb 11 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2

  - bump again for double-long bug on ppc(64)

• Wed Feb 08 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1

  - rebuilt for new gcc4.1 snapshot and glibc changes

• Wed Jan 04 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3

  - rebuilt

• Sat Dec 10 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2

  - replaced *-config scripts with calls to pkg-config to
    solve multilib conflicts

• Thu Nov 24 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1

  - upgrade to newest upstream
  - removed .la files (#172635)

• Mon Aug 08 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1

  - upgrade to newest upstream (rebuild of dependencies necessary)

• Tue Jul 05 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2

  - split the command line tools to utils subpackage

• Sun May 01 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1

  - new upstream version fixes potential DOS attack

• Sun Apr 24 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2

  - readd the version script dropped by upstream

• Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1

  - update to the latest upstream version on the 1.0 branch

• Thu Mar 03 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6

  - gcc4 rebuild

• Wed Jan 05 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5

  - add gnutls Requires zlib-devel (#144069)

• Tue Nov 09 2004 Colin Walters <walters@redhat.com> 1.0.20-4

  - Make gnutls-devel Require libgcrypt-devel

• Wed Sep 22 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3

  - rebuild with release++, otherwise unchanged.

• Wed Sep 08 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2

  - patent tainted SRP code removed.

• Mon Sep 06 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1

  - update to 1.0.20.
  - add --with-included-opencdk --with-included-libtasn1
  - add --with-included-libcfg --with-included-lzo
  - add --disable-srp-authentication.
  - do "make check" after build.

• Sat Mar 22 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1

  - upgrade to 0.9.2

• Wed Jun 26 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1

  - update to 0.4.4.

• Sat Jun 22 2002 Tim Powers <timp@redhat.com>

  - automated rebuild

• Sun May 26 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1

  - update to 0.4.3.

• Wed May 22 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1

  - update to 0.4.2.
  - change license to LGPL.
  - include splint annotations patch.

• Wed Apr 03 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1

  - update to 0.4.0

• Fri Jan 18 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1

  - update to 0.3.2

• Fri Jan 11 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1

  - add a URL

• Fri Dec 21 2001 Nalin Dahyabhai <nalin@redhat.com>

  - initial package