diff options
| author | Andre McCurdy <armccurdy@gmail.com> | 2018-07-30 12:07:27 -0700 |
|---|---|---|
| committer | Ross Burton <ross.burton@intel.com> | 2018-08-06 10:51:44 +0100 |
| commit | f038b824192526a0d561ef977bba7c3fb1ed3fab (patch) | |
| tree | bb59af562b397e674f6aa63d2438e5953fa2ace4 /recipes-core | |
| parent | 108981aa8947b043a0ad463de18ac84fcc3a30eb (diff) | |
| download | meta-gplv2-f038b824192526a0d561ef977bba7c3fb1ed3fab.tar.gz | |
gnutls: update 3.3.29 -> 3.3.30
* Version 3.3.30 (released 2018-07-16)
** libgnutls: Corrected infinite loop when an incorrect PIN was provided
via pin-value or pin-source.
** gnutls-cli: backported the --sni-hostname option. This allows overriding the
hostname advertised to the peer.
** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
and Adi Shamir reported that the existing counter-measures had certain issues and
were insufficient when the attacker has additional access to the CPU cache and
performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]
** The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
priority strings. They are not necessary for compatibility or other purpose and
provide no advantage over their SHA1 counter-parts, as they all depend on the legacy
TLS CBC block mode.
** API and ABI modifications:
No changes since last version.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'recipes-core')
0 files changed, 0 insertions, 0 deletions