Hello, I've just released gnutls 3.3.26. This is a bug-fix release on the previous stable branch which addresses GNUTLS-SA-2017-1, and GNUTLS-SA-2017-2, while backports some functionality to enable certain PKCS#11 smart card use-cases.
* Version 3.3.26 (released 2016-01-09) ** libgnutls: Handle status request responses as optional (following RFC6066). This improves compatibility with implementations not sending these messages (including specific versions of the GnuTLS 3.5.x branch). ** libgnutls: Set limits on the maximum number of alerts handled. That is, applications using gnutls could be tricked into an busy loop if the peer sends continuously alert messages. Applications which set a maximum handshake time (via gnutls_handshake_set_timeout) will eventually recover but others may remain in a busy loops indefinitely. This is related but not identical to CVE-2016-8610, due to the difference in alert handling of the libraries (gnutls delegates that handling to applications). ** libgnutls: Fixed issue in PKCS#12 password encoding, which truncated passwords over 32-characters. Reported by Mario Klebsch. ** libgnutls: Backported functionality allowing to manipulate the IDs of PKCS#11 objects. ** libgnutls: Link to trousers (TPM library) dynamically. Backported TPM key handling improvements from master branch. ** libgnutls: Backported several fixes in PKCS#8 decryption (related to gitlab issue #148). ** libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. [GNUTLS-SA-2017-1] ** libgnutls: Addressed memory leak in server side error path (issue found using oss-fuzz project) ** libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) ** libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) [GNUTLS-SA-2017-2] ** tpmtool: backported the --test-sign option. ** API and ABI modifications: gnutls_pkcs11_obj_set_info: Added gnutls_pkcs11_privkey_generate3: Added gnutls_pkcs11_copy_x509_privkey2: Added gnutls_pkcs11_copy_x509_crt2: Added Getting the Software ==================== GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>. Here are the XZ compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.26.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.26.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
