GnuTLS 2.7.2

Simon Josefsson simon at josefsson.org
Tue Nov 18 01:25:14 CET 2008


The GnuTLS 2.7.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.7.2.tar.bz2 (5.7MB)
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.7.2.tar.bz2

Here is the OpenPGP signature:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.7.2.tar.bz2.sig
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.7.2.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

/Simon

* Version 2.7.2 (released 2008-11-18)

** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
The flaw makes it possible for man in the middle attackers (i.e.,
active attackers) to assume any name and trick GNU TLS clients into
trusting that name.  Thanks for report and analysis from Martin von
Gagern <Martin.vGagern at gmx.net>.  [CVE-2008-4989]

Any updates with more details about this vulnerability will be added
to <http://www.gnu.org/software/gnutls/security.html>

** libgnutls: Fix namespace issue with version symbols.
The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR,
LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and
LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER,
GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and
GNUTLS_VERSION_NUMBER respectively.  The old symbols will continue to
work but are deprecated.

** certtool: allow setting arbitrary key purpose object identifiers.

** libgnutls: Fix detection of C99 macros, to make debug logging work again.

** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
Reported by Kevin Quick <quick at sparq.org> in
<https://savannah.gnu.org/support/index.php?106454>.

** libgnutls-extra: Make building with LZO compression work again.
Build failure reported by Arfrever Frehtes Taifersar Arahesis
<arfrever.fta at gmail.com> in
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3194>.

** libgnutls: Change detection of when to use a linker version script.
Use --enable-ld-version-script or --disable-ld-version-script to
override auto-detection logic.

** doc: Change license on the manual to GFDLv1.3+.

** doc: GTK-DOC fixes for new splitted configuration system.

** doc: Texinfo stylesheet uses white background.

** tests: Add cve-2008-4989.c self-test.
Tests regressions of the GNUTLS-SA-2008-3 security problem, and the
follow-on problem with crashes on length 1 certificate chains.

** gnulib: Deprecated modules removed.
Modules include memchr and memcmp.

** Fix warnings and build GnuTLS with more warnings enabled.

** minitasn1: Internal copy updated to libtasn1 v1.7.

** API and ABI modifications:
gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.
GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.
GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.
GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.
GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.
LIBGNUTLS_VERSION: DEPRECATED.
LIBGNUTLS_VERSION_MAJOR: DEPRECATED.
LIBGNUTLS_VERSION_MINOR: DEPRECATED.
LIBGNUTLS_VERSION_PATCH: DEPRECATED.
LIBGNUTLS_VERSION_NUMBER: DEPRECATED.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20081118/9dd2ee83/attachment.pgp>


More information about the Gnutls-devel mailing list