Hello,We have just released gnutls-3.8.4. This is a bug fix and enhancement release on the 3.8.x branch.
We would like to thank everyone who contributed in this release:Avinash Sonawane, Xin Long, Alexander Sosedkin, Sahil Siddiq, Ramesh Adhikari, Stanislav Zidek, Dmitri Papadopoulos Orfanos, Daiki Ueno and Zoltan Fridrich
The detailed list of changes follows: * Version 3.8.4 (released 2024-03-18)** libgnutls: RSA-OAEP encryption scheme is now supported To use it with an unrestricted RSA private key, one would need to initialize a gnutls_x509_spki_t object with necessary parameters for RSA-OAEP and attach it to the private key. It is also possible to import restricted private keys if they are stored in PKCS#8 format.
** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
** libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
** libgnutls: Compression libraries are now loaded dynamically as needed instead of all being loaded during gnutls library initialization. As a result, the library initialization should be faster.
** build: The gnutls library can now be linked with the static library of GMP. Note that in order for this to work libgmp.a needs to be compiled with -fPIC and libhogweed in Nettle also has to be linked to the static library of GMP. This can be used to prevent custom memory allocators from being overriden by other applications.
** API and ABI modifications: gnutls_x509_spki_get_rsa_oaep_params: New function. gnutls_x509_spki_set_rsa_oaep_params: New function. GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t. Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/> A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html <http://www.gnutls.org/download.html> Here are the XZ compressed sources:https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz <https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz>
Here are OpenPGP detached signatures signed using key: 5D46CB0F763405A7053556F47A75A648B3F9220Chttps://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig <https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig>
Note that it has been signed with my openpgp key: pub ed25519 2021-12-23 [SC] [expires: 2027-01-01] 5D46CB0F763405A7053556F47A75A648B3F9220C uid [ultimate] Zoltan Fridrich <zfrid...@redhat.com> sub cv25519 2021-12-23 [E] [expires: 2027-01-01] Regards, Zoltan
OpenPGP_0x7A75A648B3F9220C.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help
