[gnutls-devel] gnutls 3.5.8

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jan 9 09:17:16 CET 2017

 I've just released gnutls 3.5.8. This is a bug fix release, and is also
the release in the 3.5.x marked as stable. As such the 3.5.x fully replaces
the (ABI-compatible) 3.4.x branch which will no longer receive updates.

Several issues fixed at this release were found using the oss-fuzz project.
I'd like to thank Alex Gaynor for bringing gnutls to OSS-FUZZ and fixing
issues. The existing fuzzers for gnutls/ are available on the devel/fuzz
directory in the master branch.

* Version 3.5.8 (released 2016-01-09)

** libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
   functions will not leave the verification profiles field to an
   undefined state. The last call will take precedence.

** libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
   by PKCS#8 decryption functions when an invalid key is provided. This
   addresses regression on decrypting certain PKCS#8 keys.

** libgnutls: Introduced option to override the default priority string
   used by the library. The intention is to allow support of system-wide
   priority strings (as set with --with-system-priority-file). The
   configure option is --with-default-priority-string.

** libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
   This prevents crashes when decrypting malformed PKCS#8 keys.
   (issue found using oss-fuzz project)

** libgnutls: Fix crash on the loading of malformed private keys with certain
   parameters set to zero. (issue found using oss-fuzz project)

** libgnutls: Fix double free in certificate information printing. If the PKIX
   extension proxy was set with a policy language set but no policy specified,
   that could lead to a double free. (issue found using oss-fuzz project)

** libgnutls: Addressed memory leaks in client and server side error paths
   (issues found using oss-fuzz project)

** libgnutls: Addressed memory leaks in X.509 certificate printing error paths
   (issues found using oss-fuzz project)

** libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
   parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)

** libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
   (issues found using oss-fuzz project)

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list