[gnutls-help] gnutls 3.7.7

Zoltan Fridrich zfridric at redhat.com
Thu Jul 28 16:43:21 CEST 2022 

Hello,

We have just released gnutls-3.7.7. This is a bug fix and enhancement 
release on the 3.7.x branch.

We would like to thank everyone who contributed in this release:
Ludovic Courtès, Brad Smith, Richard Costa, Gregor Jasny, Alexander 
Sosedkin, František Krenželok, Daiki Ueno and Zoltan Fridrich

The detailed list of changes follows:

* Version 3.7.7 (released 2022-07-28)

** libgnutls: Fixed double free during verification of pkcs7 signatures. 
Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium] 
[CVE-2022-2509]

** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less 
than or equal to 255 times hash digest size, to comply with RFC 5869 2.3.

** libgnutls: Length limit for TLS PSK usernames has been increased from 
128 to 65535 characters (#1323).

** libgnutls: AES-GCM encryption function now limits plaintext length to 
2^39-256 bits, according to SP800-38D 5.2.1.1.

** libgnutls: New block cipher functions have been added to 
transparently handle padding. gnutls_cipher_encrypt3 and 
gnutls_cipher_decrypt3 can be used in combination of 
GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove padding if 
the length of the original plaintext is not a multiple of the block size.

** libgnutls: New function for manual FIPS self-testing.

** API and ABI modifications:
gnutls_fips140_run_self_tests: New function
gnutls_cipher_encrypt3: New function
gnutls_cipher_decrypt3: New function
gnutls_cipher_padding_flags_t: New enum

** guile: Guile 1.8 is no longer supported

** guile: Session record port treats premature termination as EOF 
Previously, a ‘gnutls-error’ exception with the 
‘error/premature-termination’ value would be thrown while reading from a 
session record port when the underlying session was terminated 
prematurely. This was inconvenient since users of the port may not be 
prepared to handle such an exception. Reading from the session record 
port now returns the end-of-file object instead of throwing an 
exception, just like it would for a proper session termination.

** guile: Session record ports can have a ‘close’ procedure. The 
‘session-record-port’ procedure now takes an optional second parameter, 
and a new ‘set-session-record-port-close!’ procedure is provided to 
specify a ‘close’ procedure for a session record port. This ‘close’ 
procedure lets users specify cleanup operations for when the port is 
closed, such as closing the file descriptor or port that backs the 
underlying session.

Getting the Software
================

GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/>
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html <http://www.gnutls.org/download.html>

Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.7.tar.xz 
<https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.7.tar.xz>

Here are OpenPGP detached signatures signed using keys:
5D46CB0F763405A7053556F47A75A648B3F9220C
and
462225C3B46F34879FC8496CD605848ED7E69871
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.7.tar.xz.sig 
<https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.7.tar.xz.sig>

Note that it has been signed with my openpgp key:
pub   ed25519 2021-12-23 [SC] [expires: 2023-12-23]
       5D46CB0F763405A7053556F47A75A648B3F9220C
uid           [ultimate] Zoltan Fridrich <zfridric at redhat.com>
sub   cv25519 2021-12-23 [E] [expires: 2023-12-23]

and Daiki Uenos openpgp key:
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno at unixuser.org 
<http://lists.gnupg.org/mailman/listinfo/gnutls-help>>
uid           [ultimate] Daiki Ueno <ueno at gnu.org 
<http://lists.gnupg.org/mailman/listinfo/gnutls-help>>
sub rsa4096 2010-02-04 [E]

Regards,
Zoltan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220728/a6ac843e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x7A75A648B3F9220C.asc
Type: application/pgp-keys
Size: 669 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220728/a6ac843e/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220728/a6ac843e/attachment-0001.sig>

More information about the Gnutls-help mailing list