-
Tue May 28 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-10.2
- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619
upstream patch (#966754)
-
Fri Feb 22 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-10.1
- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)
-
Thu Jun 07 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-10
- do not generate invalid certificate requests without challenge password
- store subject DN instead of issuer DN in the CA list
-
Fri Mar 23 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-9
- fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)
- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)
- fix CVE-2012-1573 - security issue in packet parsing (#805432)
-
Thu Feb 09 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-8
- fix multiple possible NULL dereferences and other problems
that can potentially lead to segfault in the client
-
Wed Mar 10 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-7
- fix safe renegotiation on SSL3 protocol
-
Thu Mar 04 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-6
- implement safe renegotiation - CVE-2009-3555 (#533125)
- do not allow MD2 in certificate signatures by default - CVE-2009-2409
(#510197)
-
Sat Aug 15 2009 Tomas Mraz <tmraz@redhat.com> 1.4.1-5
- fix NUL characters in DN and SAN cert fields issue,
make sure gnutls_x509_crt_check_hostname() fails when certificate
has no CN or SAN CVE-2009-2730 (#516231)
-
Wed Nov 12 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-4
- fix chain verification issue CVE-2008-4989 (#470079)
-
Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-3
- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
(#447461, #447462, #447463)
-
Fri Sep 15 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2
- detect forged signatures - CVE-2006-4790 (#206411), patch
from upstream
-
Wed Jul 19 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1
- upgrade to new upstream version, only minor changes
-
Thu Jul 13 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1
- rebuild
-
Thu Jun 15 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1
- upgrade to new upstream version (#192070), rebuild
of dependent packages required
-
Wed May 17 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2
- added missing buildrequires
-
Tue Feb 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1
- updated to new version (fixes CVE-2006-0645)
-
Sat Feb 11 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2
- bump again for double-long bug on ppc(64)
-
Wed Feb 08 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes
-
Wed Jan 04 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3
- rebuilt
-
Sat Dec 10 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2
- replaced *-config scripts with calls to pkg-config to
solve multilib conflicts
-
Thu Nov 24 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1
- upgrade to newest upstream
- removed .la files (#172635)
-
Mon Aug 08 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1
- upgrade to newest upstream (rebuild of dependencies necessary)
-
Tue Jul 05 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2
- split the command line tools to utils subpackage
-
Sun May 01 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1
- new upstream version fixes potential DOS attack
-
Sun Apr 24 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2
- readd the version script dropped by upstream
-
Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1
- update to the latest upstream version on the 1.0 branch
-
Thu Mar 03 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6
- gcc4 rebuild
-
Wed Jan 05 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5
- add gnutls Requires zlib-devel (#144069)
-
Tue Nov 09 2004 Colin Walters <walters@redhat.com> 1.0.20-4
- Make gnutls-devel Require libgcrypt-devel
-
Wed Sep 22 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3
- rebuild with release++, otherwise unchanged.
-
Wed Sep 08 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2
- patent tainted SRP code removed.
-
Mon Sep 06 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1
- update to 1.0.20.
- add --with-included-opencdk --with-included-libtasn1
- add --with-included-libcfg --with-included-lzo
- add --disable-srp-authentication.
- do "make check" after build.
-
Sat Mar 22 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1
- upgrade to 0.9.2
-
Wed Jun 26 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1
- update to 0.4.4.
-
Sat Jun 22 2002 Tim Powers <timp@redhat.com>
- automated rebuild
-
Sun May 26 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1
- update to 0.4.3.
-
Wed May 22 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1
- update to 0.4.2.
- change license to LGPL.
- include splint annotations patch.
-
Wed Apr 03 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1
- update to 0.4.0
-
Fri Jan 18 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1
- update to 0.3.2
-
Fri Jan 11 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1
- add a URL
-
Fri Dec 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package