From nmav at gnutls.org  Fri Feb 16 08:37:26 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Feb 2018 08:37:26 +0100
Subject: [gnutls-help] gnutls 3.3.29
Message-ID: <1518766646.18151.1.camel@gnutls.org>

Hello,?
?I've just released gnutls 3.3.29. This is a bug-fix release on
the previous stable branch.

* Version 3.3.29 (released 2018-02-16)

** libgnutls: Fixed issue which caused 1-byte handshake fragments to be refused.
???Reported by Bal?zs K?ri.

** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was
???used. Resolves gitlab issue #259.

** libgnutls: Use readdir() instead of readdir_r internally. The latter
???is deprecated and on our use we don't need readdir() to be thread safe
???(which it is in most common platforms).

** libgnutls: require strict DER encoding for certificates, OCSP requests, private
???keys, CRLs and certificate requests.??This backports the already default behavior
???from the 3.5.x branch, in order to reduce issues due to the complexity of BER rules.

** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
???Vitezslav Cizek).

** libgnutls: Addressed issue in the accelerated code which may affect interoperability
???with versions of nettle > 3.4.

** p11tool: Fixed issue preventing the deletion of objects in batch mode.

** p11tool: Mark all generated objects as sensitive by default.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.??A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.29.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.29.tar.xz.sig

Note that it has been signed with my openpgp key:
pub???3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid??????????????????Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid??????????????????Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Fri Feb 16 08:43:15 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Feb 2018 08:43:15 +0100
Subject: [gnutls-help] gnutls 3.6.2
Message-ID: <1518766995.18151.5.camel@gnutls.org>

Hello,?
?I've just released gnutls 3.6.2. This is a bug fix release for
the 3.6.x branch.?

* Version 3.6.2 (released 2018-02-16)

** libgnutls: When verifying against a self signed certificate ignore issuer.
???That is, ignore issuer when checking the issuer's parameters strength, resolving
???issue #347 which caused self signed certificates to be additionally marked as of
???insufficient security level.

** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
???MTU calculation now, it correctly accounts for the fixed overhead due to
???padding (as 1 byte), while at the same time considers the rest of the
???padding as part of data MTU.

** libgnutls: Address issue of loading of all PKCS#11 modules on startup
???on systems with a PKCS#11 trust store (as opposed to a file trust store).
???Introduced a multi-stage initialization which loads the trust modules, and
???other modules are deferred for the first pure PKCS#11 request.

** libgnutls: The SRP authentication will reject any parameters outside
???RFC5054. This protects any client from potential MitM due to insecure
???parameters. That also brings SRP in par with the RFC7919 changes to
???Diffie-Hellman.

** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
???for SRP authentication.

** libgnutls: Addressed issue in the accelerated code affecting interoperability
???with versions of nettle >= 3.4.

** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.

** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
???Vitezslav Cizek).

** srptool: the --create-conf option no longer includes 1024-bit parameters.

** p11tool: Fixed the deletion of objects in batch mode.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.??A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

? https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.2.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

??https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.2.tar.xz.sig

Note that it has been signed with my openpgp key:
pub???3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid??????????????????Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid??????????????????Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos



From nmav at gnutls.org  Fri Feb 16 08:40:03 2018
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 16 Feb 2018 08:40:03 +0100
Subject: [gnutls-help] gnutls 3.5.18
Message-ID: <1518766803.18151.3.camel@gnutls.org>

Hello,?
?I've just released gnutls 3.5.18. This is a bug fix release on the
current stable branch.


* Version 3.5.18 (released 2018-02-16)

** libgnutls: Addressed issue in the accelerated code which may affect interoperability
???with versions of nettle > 3.4.

** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.

** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
???Vitezslav Cizek).

** p11tool: Fixed issue preventing the deletion of objects in batch mode.

** API and ABI modifications:
No changes since last version.



Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.??A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

? https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.18.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

??https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.18.tar.xz.sig

Note that it has been signed with my openpgp key:
pub???3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid??????????????????Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid??????????????????Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos