[Help-gnutls] GnuTLS 1.3.4 - Experimental

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] GnuTLS 1.3.4 - Experimental - Security release

From:	Simon Josefsson
Subject:	[Help-gnutls] GnuTLS 1.3.4 - Experimental - Security release
Date:	Thu, 09 Feb 2006 16:51:12 +0100
User-agent:	Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

This release solves the DER security issue on the experimental branch
too.  It contains a few other fixes too.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network
applications.

Noteworthy changes since version 1.3.3:
- Fix read of out bounds bug in DER parser.
Reported by Evgeny Legerov <address@hidden>, and debugging help from
Protover SSL.  Libtasn1 0.2.18 is now required, which contains the
previous bug fix.  The included libtasn1 version in GnuTLS has been
updated.

- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no 
longer invalidate a session if the underlying send fails, but it will 
prevent future writes. That is to allow reading the already received data.
Patches and bug reports by Yoann Vandoorselaere <address@hidden>

- Corrected bugs in gnutls_certificate_set_x509_crl() and
gnutls_certificate_set_x509_trust(), that caused memory corruption if 
more than one certificates were added. Report and patch by Max Kellermann.

- Fix build problems of OpenCDK on AIX.
Thanks to "Heiden, John" <address@hidden>.

- API and ABI modifications:
No changes since last version.

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.

The project page of the library is available at:
  http://www.gnutls.org/
  http://www.gnu.org/software/gnutls/
  http://josefsson.org/gnutls/ (updated fastest)

Here are the compressed sources:
  http://josefsson.org/gnutls/releases/gnutls-1.3.4.tar.bz2 (3.1MB)
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.4.tar.bz2

Here are GPG detached signatures signed using key 0xB565716F:
  http://josefsson.org/gnutls/releases/gnutls-1.3.4.tar.bz2.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.4.tar.bz2.sig

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
  1280R/B565716F 2002-05-05 [expires: 2006-02-28]
  Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F

The key is available from:
  http://josefsson.org/key.txt
  dns:b565716f.josefsson.org?TYPE=CERT

Here are the build reports for various platforms:
  http://josefsson.org/autobuild-logs/gnutls.html

Here are the SHA-1 checksums:

f412262ab6299f6e4603c3f524551ae0357ff983  gnutls-1.3.4.tar.bz2
3c9ac687440b5e36b4d41eaf15fc6ea98a199a06  gnutls-1.3.4.tar.bz2.sig

Enjoy,
Nikos and Simon

pgpzhOAxrYbyR.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] GnuTLS 1.3.4 - Experimental - Security release, Simon Josefsson <=

Prev by Date: [Help-gnutls] memory leak in gnutls in multithreaded program??
Next by Date: [Help-gnutls] GnuTLS 1.2.10 - Security release
Previous by thread: [Help-gnutls] memory leak in gnutls in multithreaded program??
Next by thread: [Help-gnutls] GnuTLS 1.2.10 - Security release
Index(es):
- Date
- Thread