<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><font face="monospace">Hello,</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We have just released
gnutls-3.8.5. This is a bug fix and enhancement release
on the 3.8.x branch.</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We would like to thank everyone
who contributed in this release:</font></div>
<font face="monospace"> </font>
<div><font face="monospace">Alyssa Ross, Daiki Ueno and
Zoltan Fridrich<br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">The detailed list of changes
follows:</font> </div>
</div>
<div dir="ltr"><font face="monospace"><span><span class=""><br>
</span></span></font></div>
<div dir="ltr"><font face="monospace"><span><span class="">*
Version 3.8.5 (released 2024-04-04)</span></span></font></div>
<div dir="ltr"><font face="monospace"><span><span class=""><br>
</span></span></font></div>
<div dir="ltr"><font face="monospace"><span><span class=""></span></span></font>
<font face="monospace"><span><span class="">** libgnutls:
Due to majority of usages and implementations of</span></span>
<span><span class=""> RSA decryption with PKCS#1 v1.5
padding being incorrect,</span></span>
<span><span class=""> leaving them vulnerable to Marvin
attack, the RSAES-PKCS1-v1_5</span></span>
<span><span class=""> is being deprecated (encryption and
decryption) and will be</span></span>
<span><span class=""> disabled in the future. A new option
`allow-rsa-pkcs1-encrypt`</span></span>
<span><span class=""> has been added into the system-wide
library configuration which</span></span>
<span><span class=""> allows to enable/disable the
RSAES-PKCS1-v1_5. Currently, the</span></span>
<span><span class=""> RSAES-PKCS1-v1_5 is enabled by
default.</span></span>
<span><span class=""></span></span><br>
</font></div>
<div dir="ltr"><font face="monospace"><span><span class=""><br>
</span></span></font></div>
<div dir="ltr"><font face="monospace"><span><span class="">**
libgnutls: Added support for RIPEMD160 and
PBES1-DES-SHA1 for</span></span>
<span><span class=""> backward compatibility with GCR.</span></span>
<span><span class=""></span></span><br>
</font></div>
<div dir="ltr"><font face="monospace"><span><span class=""><br>
</span></span></font></div>
<div dir="ltr"><font face="monospace"><span><span class="">**
libgnutls: A couple of memory related issues have been
fixed in RSA PKCS#1</span></span>
<span><span class=""> v1.5 decryption error handling and
deterministic ECDSA with earlier</span></span>
<span><span class=""> versions of GMP. These were a
regression introduced in the 3.8.4</span></span>
<span><span class=""> release. See #1535 and !1827.</span></span>
<span><span class=""></span></span><br>
</font></div>
<div dir="ltr"><font face="monospace"><span><span class=""><br>
</span></span></font></div>
<div dir="ltr"><font face="monospace"><span><span class="">**
build: Fixed a bug where building gnutls statically
failed due</span></span>
<span><span class=""> to a duplicate definition of
nettle_rsa_compute_root_tr().</span></span><br>
</font></div>
<div dir="ltr"><font face="monospace"><br>
</font></div>
<div dir="ltr"><font face="monospace">
<span><span class="">** API and ABI modifications:</span></span><br>
</font></div>
<div dir="ltr"><font face="monospace"><span><span class="">GNUTLS_PKCS_PBES1_DES_SHA1:
New enum member of gnutls_pkcs_encrypt_flags_t</span></span></font><br>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">Getting the Software<br>
================</font></div>
</div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">GnuTLS may be downloaded
directly from <br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/&source=gmail&ust=1652432968350000&usg=AOvVaw3njjTg_V6cIskMjpkmAg7X">https://www.gnupg.org/ftp/<wbr>gcrypt/</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">A list of GnuTLS mirrors
can be found at</font></div>
<font face="monospace"> </font>
<div dir="ltr"> <font face="monospace"><a
href="http://www.gnutls.org/download.html"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://www.gnutls.org/download.html&source=gmail&ust=1652432968350000&usg=AOvVaw1J-wc5GojHL2n94ox7b_09">http://www.gnutls.org/<wbr>download.html</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Here are the XZ
compressed sources:<br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.5.tar.xz"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz&source=gmail&ust=1652432968350000&usg=AOvVaw3ybeveKudYmPlqI6U8OXIO"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>5.tar.xz</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">Here are OpenPGP
detached signatures signed using key:</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C</font></div>
<font face="monospace"> </font> <font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.5.tar.xz.sig"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig&source=gmail&ust=1652432968350000&usg=AOvVaw1J49sWnCfoI9B3ou7WbdQ6"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>5.tar.xz.sig</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Note that it has been
signed with my openpgp key:<br>
pub ed25519 2021-12-23 [SC] [expires: 2027-01-01]<br>
5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C<br>
uid [ultimate] Zoltan Fridrich <<a
href="mailto:zfridric@redhat.com" target="_blank"
class="moz-txt-link-freetext">zfridric@redhat.com</a>><br>
sub cv25519 2021-12-23 [E] [expires: 2027-01-01]</font><font
face="monospace"><br>
</font> <font face="monospace"><br>
Regards,<br>
Zoltan</font></div>
</div>
</div>
</div>
<p></p>
</body>
</html>