From jas at extundo.com Mon Oct 2 10:34:53 2006 From: jas at extundo.com (Simon Josefsson) Date: Mon, 02 Oct 2006 10:34:53 +0200 Subject: [gnutls-dev] Re: pkg-config support for opencdk In-Reply-To: <20060930163931.GD2869@downhill.g.la> (Andreas Metzler's message of "Sat\, 30 Sep 2006 18\:39\:31 +0200") References: <20060806180314.GA3872@downhill.g.la> <87bqqxjc4g.fsf@latte.josefsson.org> <20060807182414.GB11433@downhill.g.la> <87r6zrqtqs.fsf@latte.josefsson.org> <20060810170958.GA6152@cthulhu.lambers.home> <87veoqcu6s.fsf@latte.josefsson.org> <20060930163931.GD2869@downhill.g.la> Message-ID: <8764f3azf6.fsf@latte.josefsson.org> Andreas Metzler writes: > On 2006-08-18 Simon Josefsson wrote: >> Martin Lambers writes: >>> On Tue, 08. Aug 2006, 14:47:39 +0200, Simon Josefsson wrote: >>>> I think Bruno's AC_LIB_HAVE_LINKFLAGS is the best choice. It works >>>> for cross-compilations, can check for particular versions through the >>>> gnutls.h LIBGNUTLS_VERSION* symbols, and doesn't add unnecessary >>>> libraries to the link line, and works with and without libtool. > >>> How does the check for particular versions work with >>> AC_LIB_HAVE_LINKFLAGS? Can you give an example? > [...] >> You could modify it into: > >> AC_LIB_HAVE_LINKFLAGS(gnutls,, >> [#include >> #if LIBGNUTLS_VERSION_NUMBER < 0x010500 >> error too old gnutls >> #endif], >> [gnutls_certificate_verify_peers2 (0, 0);]) > >> I didn't test this, but something like it should work. > >> Note that the test for gnutls_certificate_verify_peers2() is an >> implicit version test -- gsasl need a gnutls version that have that >> particular feature. That is the best approach: test the GnuTLS >> library for the properties (e.g., APIs) that your application actually >> needs. Doing so will work even if someone has back-ported a feature >> to an older version, for example. > > Hello, > I have wasted a bit of time with this today by taking a look at an > obvious candidate, gnutls itself. It currently uses AM_PATH_LIBTASN1 > to search for a minimal version of tasn1. Afaiui the version > requirement is not due to some special function only available in this > version but to ignore known to be buggy versions. Libtasn1 doesn't > ship a LIBTASN1_VERSION_NUMBER available for the trick noted above. > > I have thought about ways to work around it: > > #1 Use a custom autoconf macro to pull the *value* of LIBTASN1_VERSION > from libtasn1.h using the C preprocessor and then compare this string > and GNUTLS_LIBTASN1_VERSION using to be written shell code. > (hideous, imho) > > #2 Use asn1_check_version("$GNUTLS_LIBTASN1_VERSION") in > AC_RUN_IFELSE. - This breaks cross-compilation. > > #3 continue using AM_PATH_LIBTASN1. > > #4 PKG_CHECK_MODULES([LIBTASN1], [libtasn1 >= $GNUTLS_LIBTASN1_VERSION]) > > #5 remove the version requirement and search for used features, > allowing linkage with buggy libtasn1. How about: #6: Add version symbols to libtasn1.h, so that the above AC_LIB_HAVE_LINKFLAGS check would work? Pro: * Make it possible to detect and not use known buggy versions. * Handle -R vs -Wl,-rpath etc linker differences. * Work under cross-compilation. Con: * A new libtasn1 release is needed, and gnutls will have to depend on it. * It doesn't check the libtasn1.so version, only the libtasn1.h version, at build-time. However, the libtasn1.so version can change after building, so I think this MUST be done in the application anyway. And gnutls already do that, so there is no problem. Thanks for thinking about this! /Simon From jas at extundo.com Tue Oct 3 15:44:25 2006 From: jas at extundo.com (Simon Josefsson) Date: Tue, 03 Oct 2006 15:44:25 +0200 Subject: [gnutls-dev] GnuTLS 1.5.2 - experimental Message-ID: <87lknxjyyu.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.5.2, a release on the current development branch. We still recommend the 1.4.x branch as the stable version. One goal with the 1.5.x branch is to make Windows x86 a supported platform for GnuTLS. We do this by providing a binary Windows installer of GnuTLS, cross-compiled from GNU/Linux using MinGW and NSIS. The installer is (lightly) tested on Windows 2000 and Windows XP. It is possible to develop applications in Visual Studio or MinGW that links to the library. See http://josefsson.org/gnutls4win/ for more information on the Windows releases. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. * Version 1.5.2 (released 2006-10-03) ** Decrement the shared library version back to 13 (as in the 1.4.x branch). Note that if you installed 1.5.0 or 1.5.1, they will have a higher shared library version than this version, so you'll have to remove them and possibly relink your applications. The reason for this is that no API/ABI changes have been made since the 1.4.x branch, and that incrementing the shared library version was a mistake. Reported by Andreas Metzler . ** Fix off-by-one error when computing length to malloc. The code is used by gnutls_openpgp_add_keyring_file and gnutls_openpgp_add_keyring_mem. Reported by "Adam Langley" . ** Add version script for the GnuTLS C++ library. Reported by Andreas Metzler . ** Fix the C++ compiler detection logic. Reported by Andreas Metzler . ** Update of gnulib files. ** API and ABI modifications: No changes since last version. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources (4.1MB): http://josefsson.org/gnutls/releases/gnutls-1.5.2.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.5.2.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.5.2.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.5.2.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 487a28ef457479c1caf16d0ab9985fb0d251a53a gnutls-1.5.2.tar.bz2 ea77991e03269352aeca64e5abc94edf3e7c9d14 gnutls-1.5.2.tar.bz2.sig b32ddc37f98b48eab8efe14df7fced1b7fff4235a06c8fbeb5f9bbb1 gnutls-1.5.2.tar.bz2 a4fb4063071cd1dd76dc95aec7bb70309428ada75cb6220a7fbcbe20 gnutls-1.5.2.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From agl at imperialviolet.org Mon Oct 9 23:04:29 2006 From: agl at imperialviolet.org (Adam Langley) Date: Mon, 9 Oct 2006 14:04:29 -0700 Subject: [gnutls-dev] OpenCDK double free bug Message-ID: <396556a20610091404m72243f0hc447430714874334@mail.gmail.com> (I hope opencdk is on topic for this list) Line numbers from opencdk-0.5.9 in keylist.c:cdk_pklist_encrypt:287 This call to cdk_pklist_encrypt also causes enc to be free'ed, however the pointer here isn't NULLed out so it's double free'ed at line 294 Suggested (e.g. it works for me): set enc to NULL after cdk_pklist_encrypt Cheers AGL -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org 650-283-9641 From jas at extundo.com Wed Oct 11 16:24:39 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 11 Oct 2006 16:24:39 +0200 Subject: [gnutls-dev] Re: OpenCDK double free bug In-Reply-To: <396556a20610091404m72243f0hc447430714874334@mail.gmail.com> (Adam Langley's message of "Mon\, 9 Oct 2006 14\:04\:29 -0700") References: <396556a20610091404m72243f0hc447430714874334@mail.gmail.com> Message-ID: <877iz7j5g8.fsf@latte.josefsson.org> "Adam Langley" writes: > (I hope opencdk is on topic for this list) Yes. > Line numbers from opencdk-0.5.9 > > in keylist.c:cdk_pklist_encrypt:287 > > This call to cdk_pklist_encrypt also causes enc to be free'ed, however > the pointer here isn't NULLed out so it's double free'ed at line 294 > > Suggested (e.g. it works for me): set enc to NULL after cdk_pklist_encrypt I assume you meant after cdk_pkt_write? That would make more sense. I'll be releasing opencdk 0.5.10 later today, so if you, or anyone else, have time, please check if CVS works fine. /Simon From jas at extundo.com Wed Oct 11 17:03:42 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 11 Oct 2006 17:03:42 +0200 Subject: [gnutls-dev] OpenCDK 0.5.10 Message-ID: <873b9uki7l.fsf@latte.josefsson.org> The OpenCDK library implement basic parts of the OpenPGP message format. Due to some possible security problems, the library also implements parts of draft-ietf-openpgp-rfc2440bis-08.txt. The aim of the library is *not* to replace any available OpenPGP version. There will be no real support for key management (sign, revoke, alter preferences, ...) and some other parts are only rudimentary available. The main purpose is to handle and understand OpenPGP packets and to use basic operations. For example, encrypt/decrypt, sign/verify and packet parsing routines. Noteworthy changes in version 0.5.10 (2006-10-11) ------------------------------------------------ * Fix double-free in cdk_pklist_encrypt, reported by Adam Langley. * Fix keydb_idx_search() to handle keys at offset 0, thanks to Adam Langley. * A pkg-config script was added, thanks to Andreas Metzler. * Autobuild time stamps are used, for easier build robot testing. Commercial support contracts for OpenCDK are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding OpenCDK maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use OpenCDK, or want to help others, you are invited to join our help-gnutls mailing list, see: . Here are the compressed sources (1.2MB): http://josefsson.org/gnutls/releases/opencdk/opencdk-0.5.10.tar.gz ftp://ftp.gnutls.org/pub/gnutls/opencdk/opencdk-0.5.10.tar.gz Here are GPG detached signatures using key 0xB565716F: http://josefsson.org/gnutls/releases/opencdk/opencdk-0.5.10.tar.gz.sig ftp://ftp.gnutls.org/pub/gnutls/opencdk/opencdk-0.5.10.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: db4af36730dcbb2ab9ac93f6ce1ec27e5a36876f opencdk-0.5.10.tar.gz 9259cdf60825d4e302349d6572b51f43ab4ff14d opencdk-0.5.10.tar.gz.sig a334e13b0b246c4af85d60936c73a453b73d482e915a09ae5cadb2e8 opencdk-0.5.10.tar.gz 8bce4e01c874a3197518970f95763367ed62112a781f97bc78a0ad99 opencdk-0.5.10.tar.gz.sig Enjoy, Timo, Nikos, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From agl at imperialviolet.org Fri Oct 13 19:50:22 2006 From: agl at imperialviolet.org (Adam Langley) Date: Fri, 13 Oct 2006 10:50:22 -0700 Subject: [gnutls-dev] cdk_stream_decrypt missing from opencdk.h (0.5.10) Message-ID: <396556a20610131050p77e43c1ds743d5b436e292c0a@mail.gmail.com> The subject says it all really, the header is just missing the prototype is all. Cheers, -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org 650-283-9641 From ametzler at downhill.at.eu.org Sat Oct 14 08:47:24 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 14 Oct 2006 08:47:24 +0200 Subject: [gnutls-dev] German package translation In-Reply-To: <20061013211256.GA4994@pluto> References: <20061013211256.GA4994@pluto> Message-ID: <20061014064724.GA2891@downhill.g.la> Hello, This is archived as . On 2006-10-13 Jens Seidel wrote: > Package: gnutls13 > Version: 1.5.1.cvs20060930 > Severity: minor > Tags: patch, l10n > I attached a new German translation of gnutls13. It contains also a few > FIXMEs, mostly to mention missing full stops in English texts. thanks for applying, cu andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutls.de.po.gz Type: application/octet-stream Size: 3435 bytes Desc: not available URL: From jas at extundo.com Sat Oct 14 15:56:16 2006 From: jas at extundo.com (Simon Josefsson) Date: Sat, 14 Oct 2006 15:56:16 +0200 Subject: [gnutls-dev] Re: German package translation In-Reply-To: <20061014064724.GA2891@downhill.g.la> (Andreas Metzler's message of "Sat\, 14 Oct 2006 08\:47\:24 +0200") References: <20061013211256.GA4994@pluto> <20061014064724.GA2891@downhill.g.la> Message-ID: <87lknjm267.fsf@latte.josefsson.org> Andreas Metzler writes: > Hello, > This is archived as . > > On 2006-10-13 Jens Seidel wrote: >> Package: gnutls13 >> Version: 1.5.1.cvs20060930 >> Severity: minor >> Tags: patch, l10n > >> I attached a new German translation of gnutls13. It contains also a few >> FIXMEs, mostly to mention missing full stops in English texts. > > thanks for applying, cu andreas Hi, thanks for this! Translations require a copyright assignment, and translations (including assignments) are typically handled by submitting the translation to the translation project, please see: http://www.iro.umontreal.ca/translation/ Read the information there, and contact the German translation team to submit the translation. If it is submitted correctly there, it will end up in GnuTLS semi-automatically. I can review the FIXME stuff now, though. Thanks, Simon From jas at extundo.com Sat Oct 14 16:01:37 2006 From: jas at extundo.com (Simon Josefsson) Date: Sat, 14 Oct 2006 16:01:37 +0200 Subject: [gnutls-dev] Re: cdk_stream_decrypt missing from opencdk.h (0.5.10) In-Reply-To: <396556a20610131050p77e43c1ds743d5b436e292c0a@mail.gmail.com> (Adam Langley's message of "Fri\, 13 Oct 2006 10\:50\:22 -0700") References: <396556a20610131050p77e43c1ds743d5b436e292c0a@mail.gmail.com> Message-ID: <87hcy7m1xa.fsf@latte.josefsson.org> "Adam Langley" writes: > The subject says it all really, the header is just missing the prototype is all. Added to CVS, thanks! Is it troublesome to work against the version in CVS for you? In other words, do you like to see a release soonish for this, or is it acceptable to have this in CVS until something more important comes along? If CVS is problematic for you, but a daily build of opencdk would help smooth things out, I'd be happy to set one up. /Simon From agl at imperialviolet.org Sat Oct 14 18:37:51 2006 From: agl at imperialviolet.org (Adam Langley) Date: Sat, 14 Oct 2006 09:37:51 -0700 Subject: [gnutls-dev] Re: cdk_stream_decrypt missing from opencdk.h (0.5.10) In-Reply-To: <87hcy7m1xa.fsf@latte.josefsson.org> References: <396556a20610131050p77e43c1ds743d5b436e292c0a@mail.gmail.com> <87hcy7m1xa.fsf@latte.josefsson.org> Message-ID: <396556a20610140937h6d976v82eedb86d3411b92@mail.gmail.com> On 10/14/06, Simon Josefsson wrote: > Is it troublesome to work against the version in CVS for you? In > other words, do you like to see a release soonish for this, or is it > acceptable to have this in CVS until something more important comes > along? This is just for my private use, so the CVS is just fine thanks! -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org 650-283-9641 From jas at extundo.com Thu Oct 19 21:20:49 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 19 Oct 2006 21:20:49 +0200 Subject: [gnutls-dev] Libtasn1 0.3.7 Message-ID: <87mz7sru26.fsf@latte.josefsson.org> Libtasn1 is a standalone library written in C for manipulating ASN.1 objects including DER/BER encoding and DER/BER decoding. Libtasn1 is used by GnuTLS to manipulate X.509 objects and by Shishi to handle Kerberos V5 packets. Version 0.3.7 (released 2006-10-19) - When asn1_der_coding encoded a TYPE_NULL and the output buffer is NULL, it would not increment the counter properly, so the size of the required buffer would be off by one. Fixed. Reported by Stephen Wrobleski . - Fix configure to respect user-definable flags. Reported by "Diego 'Flameeyes' Petten?" . - The --help and --version outputs from the tools have been improved. Commercial support contracts for Libtasn1 are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding Libtasn1 maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use Libtasn1, or want to help others, you are invited to join our help-gnutls mailing list, see: . Homepage: http://josefsson.org/libtasn1/ Manual in many formats: http://josefsson.org/gnutls/manual/libtasn1/ Here are the compressed sources (1.3MB): http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.7.tar.gz Here are GPG detached signatures using key 0xB565716F: http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.3.7.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2006-08-14] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2006-08-14] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 3b742b451999f97ab564cb9c8429eb4d48816029 libtasn1-0.3.7.tar.gz 62202a34d4bef421a2b162bebf0351120a672c83 libtasn1-0.3.7.tar.gz.sig 6bf5f6537934dc1b960f52d67ddeac12805a0eb6c81d36eedf117543 libtasn1-0.3.7.tar.gz 85782c986a7fa8619dadff80e96ff7a144747e85a88139a972ac0fdb libtasn1-0.3.7.tar.gz.sig Enjoy, Fabio, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From ametzler at downhill.at.eu.org Sun Oct 22 14:16:48 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 22 Oct 2006 14:16:48 +0200 Subject: [gnutls-dev] [wishlist] Testsuite for opencdk Message-ID: <20061022121648.GM2884@downhill.g.la> Hello, I have just realized that running make test for opencdk is a waste of time as it does not anything useful. (Input files missing, return code ignored.) It would be nice if this could be changed. thanks, cu andreas From jas at extundo.com Wed Oct 25 13:24:09 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 25 Oct 2006 13:24:09 +0200 Subject: [gnutls-dev] Re: [wishlist] Testsuite for opencdk In-Reply-To: <20061022121648.GM2884@downhill.g.la> (Andreas Metzler's message of "Sun\, 22 Oct 2006 14\:16\:48 +0200") References: <20061022121648.GM2884@downhill.g.la> Message-ID: <87iri8bpuu.fsf@latte.josefsson.org> Andreas Metzler writes: > Hello, > I have just realized that running > > make test > > for opencdk is a waste of time as it does not anything useful. (Input > files missing, return code ignored.) It would be nice if this could be > changed. Hi! Thanks for the report. I've confirmed this. It seems the self-tests in opencdk are broken, and it doesn't seem easy to fix. Still, I'd appreciate if you (in Debian) continue to call 'make check' so they will be invoked when we get around to fixing this. I'll try to get around writing some trivial self tests this afternoon, which will at least catch critical problems. /Simon From ametzler at downhill.at.eu.org Wed Oct 25 19:32:08 2006 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Wed, 25 Oct 2006 19:32:08 +0200 Subject: [gnutls-dev] Re: [wishlist] Testsuite for opencdk In-Reply-To: <87iri8bpuu.fsf@latte.josefsson.org> References: <20061022121648.GM2884@downhill.g.la> <87iri8bpuu.fsf@latte.josefsson.org> Message-ID: <20061025173208.GC3744@downhill.g.la> On 2006-10-25 Simon Josefsson wrote: [...] > Still, I'd appreciate if you (in Debian) continue to call 'make check' > so they will be invoked when we get around to fixing this. Ok. Will do. > I'll try to get around writing some trivial self tests this afternoon, > which will at least catch critical problems. Splendid, thanks a lot. cu andreas From jas at extundo.com Wed Oct 25 22:19:27 2006 From: jas at extundo.com (Simon Josefsson) Date: Wed, 25 Oct 2006 22:19:27 +0200 Subject: [gnutls-dev] Re: [wishlist] Testsuite for opencdk In-Reply-To: <20061025173208.GC3744@downhill.g.la> (Andreas Metzler's message of "Wed\, 25 Oct 2006 19\:32\:08 +0200") References: <20061022121648.GM2884@downhill.g.la> <87iri8bpuu.fsf@latte.josefsson.org> <20061025173208.GC3744@downhill.g.la> Message-ID: <87mz7k9mi8.fsf@latte.josefsson.org> Andreas Metzler writes: >> I'll try to get around writing some trivial self tests this afternoon, >> which will at least catch critical problems. > > Splendid, thanks a lot. It is in CVS now, and I'm preparing the 0.5.10 release. /Simon From jas at extundo.com Thu Oct 26 14:08:59 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 26 Oct 2006 14:08:59 +0200 Subject: [gnutls-dev] OpenCDK 0.5.11 Message-ID: <871wov8ejo.fsf@latte.josefsson.org> The OpenCDK library implement basic parts of the OpenPGP message format. Due to some possible security problems, the library also implements parts of draft-ietf-openpgp-rfc2440bis-08.txt. The aim of the library is *not* to replace any available OpenPGP version. There will be no support for key management (sign, revoke, alter preferences, ...) and some other parts are only rudimentary available. The main purpose is to handle and understand OpenPGP packets and to use basic operations. For example, encrypt/decrypt, sign/verify and packet parsing routines. The library is used by GnuTLS for OpenPGP support. Noteworthy changes in version 0.5.11 (2006-10-26) ------------------------------------------------ * Add a new self test "basic" to test cdk_check_version. * Add prototype of cdk_stream_decrypt to opencdk.h, reported by Adam Langley. * Fix crash in cdk_data_transform triggered by self-tests. Commercial support contracts for OpenCDK are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding OpenCDK maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. If you need help to use OpenCDK, or want to help others, you are invited to join our help-gnutls mailing list, see: . Here are the compressed sources (512KB): http://josefsson.org/gnutls/releases/opencdk/opencdk-0.5.11.tar.gz ftp://ftp.gnutls.org/pub/gnutls/opencdk/opencdk-0.5.11.tar.gz Here are GPG detached signatures using key 0xB565716F: http://josefsson.org/gnutls/releases/opencdk/opencdk-0.5.11.tar.gz.sig ftp://ftp.gnutls.org/pub/gnutls/opencdk/opencdk-0.5.11.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: c89bae403acfac96e8e987355cf9b633b0186fd3 opencdk-0.5.11.tar.gz 99830333678a2fd196cc7721d89f5bd6834002b5 opencdk-0.5.11.tar.gz.sig 7d57dcfba8f30e63a39ef148ee34c81a6f107b95861d4c0ca2539de3 opencdk-0.5.11.tar.gz 5687fab260c970b07c073350fa31b023636e4ee246fc0e53eda66c19 opencdk-0.5.11.tar.gz.sig Enjoy, Timo, Nikos, Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: From jas at extundo.com Thu Oct 26 17:08:17 2006 From: jas at extundo.com (Simon Josefsson) Date: Thu, 26 Oct 2006 17:08:17 +0200 Subject: [gnutls-dev] GnuTLS 1.5.3 - experimental Message-ID: <87bqnznmhq.fsf@latte.josefsson.org> I am happy to announce GnuTLS 1.5.3, a release on the current development branch. We still recommend the 1.4.x branch as the stable version. One goal with the 1.5.x branch is to make Windows x86 a supported platform for GnuTLS. We do this by providing a binary Windows installer of GnuTLS, cross-compiled from GNU/Linux using MinGW and NSIS. The installer is (lightly) tested on Windows 2000 and Windows XP. It is possible to develop applications in Visual Studio or MinGW that links to the library. See http://josefsson.org/gnutls4win/ for more information on the Windows releases. GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. * Version 1.5.3 (released 2006-10-26) ** Add new self-test of RSA-MD5 signature chains. Note that we already, since GnuTLS 1.2.9, reject RSA-MD5 signatures when verifying X.509 chains. The code is in tests/rsa-md5-collision/ and is based on the work by Marc Stevens et al, see . ** Re-factor self tests. ** The include copy of Libtasn1 is updated to version 0.3.7. ** The included copy of OpenCDK is updated to version 0.5.11. ** Fix the filename of the *.def file on Windows after library version bump. ** Separated the gnulib directory into one for LGPL modules and one for GPL. This allows the GPL'd part of GnuTLS to take advantage of the GPL'd gnulib modules. Earlier we could only use the LGPL'ed module from gnulib, because two gnulib directories in the same project didn't work. ** API and ABI modifications: No changes since last version. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: . The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ (updated fastest) Here are the compressed sources (4.1MB): http://josefsson.org/gnutls/releases/gnutls-1.5.3.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.5.3.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.5.3.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.5.3.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: f71a2a9fd09b2a1f7c368cd9eebb16d47feadff9 gnutls-1.5.3.tar.bz2 10011a138fb4cca9a09ab719e6e4c2642fff922b gnutls-1.5.3.tar.bz2.sig e4fc78b35c571c278db5771533d71b566242156efcfc3a3f8a99c5c1 gnutls-1.5.3.tar.bz2 944072cc6d54f22c9699fac33624d75a0864b675e462665cfd546fcf gnutls-1.5.3.tar.bz2.sig Enjoy, Nikos and Simon -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 419 bytes Desc: not available URL: