[gnutls-devel] gnutls 3.3.3

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri May 30 07:28:26 CEST 2014


Hello,
 I've just released gnutls 3.3.3. This is a bugfix release on 
the next stable branch, which addresses the http://www.gnutls.org/security.html#GNUTLS-SA-2014-3
security advisory.

* Version 3.3.3 (released 2014-05-30)

** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.

** libgnutls: gnutls_global_set_mutex() was modified to operate with the
new initialization process.

** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.

** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.

** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to
create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552

** gnutls-cli: --dane will only check the end certificate if PKIX validation
has been disabled.

** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot
be emulated with the implicit initialization of gnutls.

** certtool: Allow multiple organizations and organizational unit names to
be specified in a template.

** certtool: Warn when invalid configuration options are set to a template.

** ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.

** API and ABI modifications:
gnutls_credentials_get: Added


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.3.tar.xz
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.3.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.3.tar.xz.sig
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.3.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos





More information about the Gnutls-devel mailing list