Bug 7529 - GnuTLS is out of date
Summary: GnuTLS is out of date
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Build system (show other bugs)
Target Milestone: 4.13.0
Assignee: Niko Lehto
Keywords: ossman_tester, prosaic
Depends on:
Reported: 2020-07-01 10:00 CEST by Niko Lehto
Modified: 2021-08-30 16:44 CEST (History)
0 users

See Also:
Acceptance Criteria:


Description Niko Lehto cendio 2020-07-01 10:00:48 CEST
Newer versions of GnuTLS is out there, so we should update it.
Comment 2 Niko Lehto cendio 2020-07-03 14:08:05 CEST
GnuTLS is now upgraded. The new version included a fix we had a patch for before (Bug 7481).
I could reproduce this in 4.11 and the fix present in 4.12 still works after upgrading GnuTLS. Tested on RHEL8 server.

I also updated libtasn1 and nettle in conjunction with the GnuTLS upgrade.

Tested that Webaccess works well against RHEL8 server on:
Fedora 31 - Chrome 83, Firefox 77.
Windows 10 - Internet Explorer 11, Microsoft Edge 44.
macOs 10.15 - Safari 13
iOS 13.5 - Safari
Android 8.1 - Chrome 83

And additionally tested smart card authentication (to test libtasn1) with the client on Fedora 31.

All of the tests were done before the commit.
Comment 3 Niko Lehto cendio 2020-07-03 15:53:53 CEST
This upgrade fixes two GnuTLS security problems. But these two does not affect us.

discussed further in Bug 7515.
which is an issue in DTLS and as it uses UDP it's not an problem for ThinLinc.
Comment 4 Niko Lehto cendio 2020-07-03 15:57:12 CEST
Also looked into the release notes of libtasn1 and nettle, couldn't find anything noteworthy there.
Comment 5 Pierre Ossman cendio 2020-07-06 10:12:09 CEST
I can confirm that the build system has an updated GnuTLS. Also tested connecting Epiphany, Chrome and Firefox on Linux to tlwebaccess, as well as Internet Explorer. No complaints from any browser (except untrusted issuer).

Also tried some various smart cards and all could be read by tlclient.

Note You need to log in before you can comment on or make changes to this bug.