On 2017-05-27 Nikos Mavrogiannopoulos <[email protected]> wrote: [...] > * Noteworthy changes in release 4.11 (released 2017-05-27) [stable] > - Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate > an invalid encoding in the DER time fields. > - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag > allows decoding errors in time fields even when in strict DER mode. > That is introduced in order to allow toleration of invalid times in > X.509 certificates (which are common) even though strict DER adherence > is enforced in other fields. > - Added safety check in asn1_find_node(). That prevents a crash > when a very long variable name is provided by the developer. > Note that this to be exploited requires controlling the ASN.1 > definitions used by the developer, i.e., the 'name' parameter of > asn1_write_value() or asn1_read_value(). The library is > not designed to protect against malicious manipulation of the > developer assigned variable names. Reported by Jakub Jirasek. [...]
Hello, this release features a soname bump (libtasn1.so.6 -> libtasn1.so.7). As the changelog does not mention an ABI break I assume this was not done intentionally. Perhaps a typo, bumping LT_CURRENT instead of LT_REVISION? cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
