[gnutls-help] gnutls 3.7.1

Daiki Ueno ueno at gnu.org
Wed Mar 10 14:06:24 CET 2021

 We've just released gnutls 3.7.1. This is a bug fix and security
release on the 3.7.x branch.

We'd like to thank everyone who contributed in this release:
Airtower, Andreas Metzler, Daiki Ueno, Dmitriy Tsvettsikh, Dosenpfand,
Evgeny Grin, Fiona Klute, JonasZhou, Martin Storsjo, Norbert Pocs,
Ondrej Moris, Sadie Powell, Stanislav Zidek, Stefan Berger,
Steffen Jaeckel, Tom Carroll, and Tom Vrancken.

The detailed list of changes follows:

* Version 3.7.1 (released 2021-03-10)

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]

** libgnutls: Fixed a regression in handling duplicated certs in a
   chain (#1131).

** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox
   compatibiltiy mode. In that mode the client shall always send a
   non-zero session ID to make the handshake resemble the TLS 1.2
   resumption; this was not true in the previous versions (#1074).

** libgnutls: W32 performance improvement with a new sendmsg()-like
   transport implementation (!1377).

** libgnutls: Removed dependency on the external 'fipscheck' package,
   when compiled with --enable-fips140-mode (#1101).

** libgnutls: Added padlock acceleration for AES-192-CBC (#1004).

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from <
A list of GnuTLS mirrors can be found at <

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:


Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Daiki Ueno

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210310/7cfd1ee2/attachment-0001.sig>

More information about the Gnutls-help mailing list