- Fri May 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-16
- added missing check for null pointer (#1102355)
- Thu May 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-15
- fix session ID length check and null pointer dereference (#1102355)
- fix minitasn1 issues (#1102355)
- Renamed gnutls-1.4.1-cve-2014-5138.patch to cve-2009-5138.patch - Thu Feb 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-14
- Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch
- Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch - Wed Feb 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 1.4.1-13
- fix issues of CVE-2014-0092 (#1069888)
- Mon May 27 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-12
- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619
upstream patch (#966754) - Thu Feb 21 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-11
- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)
- Wed Jun 6 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-10
- do not generate invalid certificate requests without challenge password
- store subject DN instead of issuer DN in the CA list - Thu Mar 22 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-9
- fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)
- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)
- fix CVE-2012-1573 - security issue in packet parsing (#805432) - Wed Feb 8 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-8
- fix multiple possible NULL dereferences and other problems
that can potentially lead to segfault in the client - Tue Mar 9 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-7
- fix safe renegotiation on SSL3 protocol
- Wed Mar 3 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-6
- implement safe renegotiation - CVE-2009-3555 (#533125)
- do not allow MD2 in certificate signatures by default - CVE-2009-2409
(#510197) - Fri Aug 14 2009 Tomas Mraz <tmraz@redhat.com> 1.4.1-5
- fix NUL characters in DN and SAN cert fields issue,
make sure gnutls_x509_crt_check_hostname() fails when certificate
has no CN or SAN CVE-2009-2730 (#516231) - Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-4
- fix chain verification issue CVE-2008-4989 (#470079)
- Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-3
- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
(#447461, #447462, #447463) - Thu Sep 14 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2
- detect forged signatures - CVE-2006-4790 (#206411), patch
from upstream - Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1
- upgrade to new upstream version, only minor changes
- Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1
- rebuild
- Wed Jun 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1
- upgrade to new upstream version (#192070), rebuild
of dependent packages required - Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2
- added missing buildrequires
- Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1
- updated to new version (fixes CVE-2006-0645)
- Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2
- bump again for double-long bug on ppc(64)
- Tue Feb 7 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes
- Tue Jan 3 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3
- rebuilt
- Fri Dec 9 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2
- replaced *-config scripts with calls to pkg-config to
solve multilib conflicts - Wed Nov 23 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1
- upgrade to newest upstream
- removed .la files (#172635) - Sun Aug 7 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1
- upgrade to newest upstream (rebuild of dependencies necessary)
- Mon Jul 4 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2
- split the command line tools to utils subpackage
- Sat Apr 30 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1
- new upstream version fixes potential DOS attack
- Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2
- readd the version script dropped by upstream
- Fri Apr 22 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1
- update to the latest upstream version on the 1.0 branch
- Wed Mar 2 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6
- gcc4 rebuild
- Tue Jan 4 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5
- add gnutls Requires zlib-devel (#144069)
- Mon Nov 8 2004 Colin Walters <walters@redhat.com> 1.0.20-4
- Make gnutls-devel Require libgcrypt-devel
- Tue Sep 21 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3
- rebuild with release++, otherwise unchanged.
- Tue Sep 7 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2
- patent tainted SRP code removed.
- Sun Sep 5 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1
- update to 1.0.20.
- add --with-included-opencdk --with-included-libtasn1
- add --with-included-libcfg --with-included-lzo
- add --disable-srp-authentication.
- do "make check" after build. - Fri Mar 21 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1
- upgrade to 0.9.2
- Tue Jun 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1
- update to 0.4.4.
- Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
- Sat May 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1
- update to 0.4.3.
- Tue May 21 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1
- update to 0.4.2.
- change license to LGPL.
- include splint annotations patch. - Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1
- update to 0.4.0
- Thu Jan 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1
- update to 0.3.2
- Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1
- add a URL
- Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package