From zfridric at redhat.com Wed Mar 20 10:35:16 2024
From: zfridric at redhat.com (Zoltan Fridrich)
Date: Wed, 20 Mar 2024 10:35:16 +0100
Subject: [gnutls-help] gnutls 3.8.4
Message-ID: <89db3791-d41b-921b-2639-bd25198fc2d4@redhat.com>
Hello,
We have just released gnutls-3.8.4. This is a bug fix and enhancement
release on the 3.8.x branch.
We would like to thank everyone who contributed in this release:
Avinash Sonawane, Xin Long, Alexander Sosedkin, Sahil Siddiq, Ramesh
Adhikari, Stanislav Zidek, Dmitri Papadopoulos Orfanos, Daiki Ueno and
Zoltan Fridrich
The detailed list of changes follows:
* Version 3.8.4 (released 2024-03-18)
** libgnutls: RSA-OAEP encryption scheme is now supported To use it with
an unrestricted RSA private key, one would need to initialize a
gnutls_x509_spki_t object with necessary parameters for RSA-OAEP and
attach it to the private key. It is also possible to import restricted
private keys if they are stored in PKCS#8 format.
** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by
George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium]
[CVE-2024-28834]
** libgnutls: Fixed a bug where certtool crashed when verifying a
certificate chain with more than 16 certificates. Reported by William
Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS:
medium] [CVE-2024-28835]
** libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization. As a
result, the library initialization should be faster.
** build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked to
the static library of GMP. This can be used to prevent custom memory
allocators from being overriden by other applications.
** API and ABI modifications:
gnutls_x509_spki_get_rsa_oaep_params: New function.
gnutls_x509_spki_set_rsa_oaep_params: New function.
GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.
Getting the Software
================
GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html
Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz
Here are OpenPGP detached signatures signed using key:
5D46CB0F763405A7053556F47A75A648B3F9220C
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig
Note that it has been signed with my openpgp key:
pub ? ed25519 2021-12-23 [SC] [expires: 2027-01-01]
? ? ? 5D46CB0F763405A7053556F47A75A648B3F9220C
uid ? ? ? ? ? [ultimate] Zoltan Fridrich
sub ? cv25519 2021-12-23 [E] [expires: 2027-01-01]
Regards,
Zoltan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x7A75A648B3F9220C.asc
Type: application/pgp-keys
Size: 1054 bytes
Desc: OpenPGP public key
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: