Hello, We've just released gnutls 3.7.1. This is a bug fix and security release on the 3.7.x branch.
We'd like to thank everyone who contributed in this release: Airtower, Andreas Metzler, Daiki Ueno, Dmitriy Tsvettsikh, Dosenpfand, Evgeny Grin, Fiona Klute, JonasZhou, Martin Storsjo, Norbert Pocs, Ondrej Moris, Sadie Powell, Stanislav Zidek, Stefan Berger, Steffen Jaeckel, Tom Carroll, and Tom Vrancken. The detailed list of changes follows: * Version 3.7.1 (released 2021-03-10) ** libgnutls: Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. When sending those extensions, the client may dereference a pointer no longer valid after realloc. This happens only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] ** libgnutls: Fixed a regression in handling duplicated certs in a chain (#1131). ** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox compatibiltiy mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions (#1074). ** libgnutls: W32 performance improvement with a new sendmsg()-like transport implementation (!1377). ** libgnutls: Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode (#1101). ** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from < ftp://ftp.gnutls.org/gcrypt/gnutls/>;. A list of GnuTLS mirrors can be found at < http://www.gnutls.org/download.html> Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.1.tar.xz Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.1.tar.xz.sig Note that it has been signed with my openpgp key: pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25] 462225C3B46F34879FC8496CD605848ED7E69871 uid [ultimate] Daiki Ueno <u...@unixuser.org> uid [ultimate] Daiki Ueno <u...@gnu.org> sub rsa4096 2010-02-04 [E] Regards, -- Daiki Ueno
signature.asc
Description: PGP signature
_______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help