Fwd: GNU Libtasn1 2.12 released

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Mar 19 11:18:43 CET 2012

Note that the bug fixed affects all gnutls versions.

---------- Forwarded message ----------
From: Simon Josefsson <simon at josefsson.org>
Date: Mon, Mar 19, 2012 at 10:57 AM
Subject: GNU Libtasn1 2.12 released
To: help-libtasn1 at gnu.org, info-gnu at gnu.org

GNU Libtasn1 is a standalone library written in C for manipulating ASN.1
objects including DER/BER encoding/decoding.  GNU Libtasn1 is used by
GnuTLS to handle X.509 structures and by GNU Shishi to handle Kerberos
V5 structures.

* Noteworthy changes in release 2.12 (2012-03-19) [stable]
- Cleanup license headers.
- build: Update gnulib files.
- Corrected DER decoding issue (reported by Matthew Hall).
 Added self check to detect the problem, see tests/Test_overflow.c.
 This problem can lead to at least remotely triggered crashes, see
 further analysis on the libtasn1 mailing list.


Here are the compressed sources (1.9MB):

Here are GPG detached signatures using key 0xB565716F:

We publish Windows binaries for this release (32 and 64 bits):

Commercial support contracts for Libtasn1 are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding Libtasn1
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

If you need help to use Libtasn1, or want to help others, you are
invited to join the help-libtasn1 mailing list, see:

All manuals are available from:

Direct links to the manual:
 HTML: https://www.gnu.org/software/libtasn1/manual/libtasn1.html
 PDF: https://www.gnu.org/software/libtasn1/manual/libtasn1.pdf

Direct links to the API Reference manual:
 HTML: https://www.gnu.org/software/libtasn1/reference/
 PDF: https://www.gnu.org/software/libtasn1/reference/libtasn1.pdf

For developers interested in improving code quality, we publish
Cyclomatic code complexity charts that help you find code that may
need review and improvements:

Code coverage charts indicate parts of the source code that needs
to be tested better by the included self-tests:

Clang can analyse the source code for common problems, here is its
report for libtasn1:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2013-05-10]
     Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <simon at josefsson.org>
uid                  Simon Josefsson <simon at yubico.com>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2013-05-10]
sub   2048R/105E722E 2012-03-13 [expires: 2013-07-26]
sub   2048R/728AB82C 2012-03-13 [expires: 2013-07-26]
sub   2048R/9394F626 2012-03-13 [expires: 2013-07-26]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

b73539aee5444efb5e606b94bdf3ec5bfedb8620  libtasn1-2.12.tar.gz
011e8ab84d57b441f0c1dc18eebdda2ce3960bc9b7fdf8e1d4e35085  libtasn1-2.12.tar.gz

919933732983e5075a2df288c1a3eb413e8c86c5  libtasn1-2.12-win32.zip

de3add4d82aef98b7e52fff1ae72c1136781363d  libtasn1-2.12-win64.zip

Happy hacking,

More information about the Gnutls-devel mailing list