_gnutls_ rebased to 3.3.29
The GNU Transport Layer Security (GnuTLS) library has been upgraded to upstream version 3.3.29, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:
* Improved the PKCS#11 cryptographic token interface for hardware security modules (HSMs): added DSA support in *p11tool* and fixed key import in certain Atos HSMs.
* Improved counter-measures for the TLS Cipher Block Chaining (CBC) record padding. The previous counter-measures had certain issues and were insufficient when the attacker had access to the CPU cache and performed a chosen-plaintext attack (CPA).
* Disabled the legacy `HMAC-SHA384` cipher suites by default.
Please rebase gnutls to 3.3.29 to fix outstanding bugs and deliver upstream HSM improvements.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.