Opened 4 years ago

Closed 4 years ago

#12317 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Bruce Dubbs, 4 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 4 years ago

  • Version 3.6.9 (released 2019-07-25)
    ** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
       of digest or MAC context. Copying contexts for externally-registered digest and MAC
       contexts is unupported (#787).
    ** Marked the crypto implementation override APIs as deprecated. These APIs are rarely
       used, are for a niche use case, but have significant side effects, such as preventing
       any internal re-organization and extension of the internal cipher API. The APIs remain
       functional though a compiler warning will be issued, and a future minor version update
       may transform them to a no-op while keeping ABI compatibility (#789).
    ** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781).
    ** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
       flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash().
    ** libgnutls: Added support for Generalname registeredID.
    ** The priority configuration was enhanced to allow more elaborate
       system-wide configuration of the library (#587).
       The following changes were included:
        - The file is read as an ini file with '#' indicating a comment.
        - The section "[priorities]" or global follows the existing semantics of
          the configuration file, and allows to specify system-wide priority strings
          which are accessed with the '@' prefix.
        - The section "[overrides]" is added with the parameters "insecure-hash",
          "insecure-sig", "insecure-sig-for-cert", "disabled-curve",
          "disabled-version", "min-verification-profile", "tls-disabled-cipher",
          "tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit
          specific algorithms or options globally. Existing algorithms in the
          library can be marked as disabled and insecure, but no hard-coded
          insecure algorithm can be marked as secure (so that the configuration
          cannot be abused to make the system vulnerable).
        - Unknown sections or options are skipped with a debug message, unless
          the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is
          set to 1.
    ** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE
        - 0x20: Enable SHA_NI instruction set
    ** API and ABI modifications:
    gnutls_crypto_register_cipher: Deprecated
    gnutls_crypto_register_aead_cipher: Deprecated
    gnutls_crypto_register_digest: Deprecated
    gnutls_crypto_register_mac: Deprecated
    gnutls_get_system_config_file: Added
    gnutls_hash_copy: Added
    gnutls_hmac_copy: Added
    GNUTLS_MAC_AES_GMAC_128: Added
    GNUTLS_MAC_AES_GMAC_192: Added
    GNUTLS_MAC_AES_CMAC_256: Added

comment:3 by Bruce Dubbs, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21872.

Note: See TracTickets for help on using tickets.