[blfs-book] [BLFS Trac] #8208: libksba-1.3.5

Mon, 22 Aug 2016 23:01:56 -0700 

#8208: libksba-1.3.5
-------------------------+-------------------------
 Reporter:  renodr       |      Owner:  blfs-book@…
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  7.11
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:
-------------------------+-------------------------
 New security-oriented release.


 {{{
 2016-08-22  Werner Koch  <[email protected]>

         Release 1.3.5.
         * configure.ac: Set LT version to C19/A/11/R6.

         Use size_t for the result of fread.
         * src/reader.c (ksba_reader_read): Make 'n' and size_t.

         Limit allocation in the BER decoder to 16 MiB.
         * src/ber-decoder.c (MAX_IMAGE_LENGTH): New.
         (decoder_next): Limit allcoation to MAX_IMAGE_LENGTH.
         (_ksba_ber_decoder_dump, _ksba_ber_decoder_decode): Ditto.

 2016-07-17  Tomáš Trnka  <[email protected]>

         Encode OCSP nonce value as an octet string (RFC 6960)
         * src/ocsp.c (ksba_ocsp_set_nonce): Stop removing the sign bit.
          (write_request_extensions): Encode nonce as octet string.
          (parse_response_extensions): Decode nonce as octet string.

 2016-07-13  Werner Koch  <[email protected]>

         build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
         * build-aux/config.guess: Update.
         * build-aux/config.sub: Update.

 2016-06-27  Werner Koch  <[email protected]>

         tests: Fix a memory leak.
         * tests/t-oid.c (test_oid_to_str): Free STR.

         Use modern error macros and fix a missing assignment.
         * src/ocsp.c: Remove errno.h.  Replace gpg_error_from_errno(errno)
 by
         gpg_error_from_syserror ().
         (parse_response): Ditto.  Return direct becuase static analyzer
 may
         not grasp that  gpg_error_from_syserror will never return false.
         (ksba_ocsp_get_responder_id): Actually return an error for
 NO_DATA.

         Detect invalid RDN names and avoid a read from uninitialized
 variable.
         * src/dn.c (parse_rdn): Bail out for an invalid name.

 2016-05-25  Werner Koch  <[email protected]>
             Pascal Cuoq  <[email protected]>

         Fix OOB read in parse_distribution_point.
         * src/cert.c (parse_distribution_point): Check TI.length.

 2016-05-11  Werner Koch  <[email protected]>

         Make sure that ASN.1 data is stored in an all-initialized buffer.
         * src/ber-decoder.c (decoder_next): Clear the image buffer.
 }}}

 See thread at:

 http://www.openwall.com/lists/oss-security/2016/08/20/3

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/8208>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to