#8281: gnutls-3.5.4 -------------------------+-------------------------- Reporter: bdubbs@… | Owner: blfs-book@… Type: enhancement | Status: new Priority: high | Milestone: 7.11 Component: BOOK | Version: SVN Severity: normal | Resolution: Keywords: | -------------------------+-------------------------- Changes (by renodr):
* priority: normal => high Old description: > Monthly releases: > > {{{ > gnutls-3.5.0.tar.xz 05/09/2016 08:05:00 AM > gnutls-3.5.1.tar.xz 06/14/2016 04:43:00 PM > gnutls-3.5.2.tar.xz 07/06/2016 09:10:00 AM > gnutls-3.5.3.tar.xz 08/09/2016 07:29:00 AM > gnutls-3.5.4.tar.xz 09/08/2016 07:33:00 AM > }}} New description: Monthly releases: {{{ gnutls-3.5.0.tar.xz 05/09/2016 08:05:00 AM gnutls-3.5.1.tar.xz 06/14/2016 04:43:00 PM gnutls-3.5.2.tar.xz 07/06/2016 09:10:00 AM gnutls-3.5.3.tar.xz 08/09/2016 07:29:00 AM gnutls-3.5.4.tar.xz 09/08/2016 07:33:00 AM }}} {{{ Hello, I've just released gnutls 3.5.4. This is a minor enhancements and bugfix release for the 3.5.x branch. * Version 3.5.4 (released 2016-09-08) ** libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). Reported by Stefan Buehler. ** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop. ** libgnutls: Added support for PKCS#8 file decryption using DES-CBC-MD5. This is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0. ** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0. ** libgnutls: Added support for internationalized passwords in PKCS#12 files. Previous versions would only encrypt or decrypt using passwords from the ASCII set. ** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. ** gnutls-cli: Fixed starttls regression from 3.5.3. ** API and ABI modifications: GNUTLS_E_MALFORMED_CIDR: Added gnutls_x509_cidr_to_rfc5280: Added gnutls_oid_to_mac: Added }}} {{{ Stefan Bühler discovered an issue that affects validation of certificates using OCSP responses, which can falsely report a certificate as valid under certain circumstances. That issue affects gnutls 3.3.24, 3.4.14, 3.5.3 and previous versions. Write-up by Stefan Bühler Recommendation: Upgrade to GnuTLS versions 3.4.15, 3.5.4 or apply the patch referenced in the mail above. }}} {{{ http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html }}} -- -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/8281#comment:1> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page