Path to this page:
Subject: CVS commit: pkgsrc/security/gnutls
From: Adam Ciarcinski
Date: 2024-04-05 10:51:33
Message id: 20240405085133.27F24FA2C@cvs.NetBSD.org
Log Message:
gnutls: updated to 3.8.5
Version 3.8.5 (released 2024-04-04)
** libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
** libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
** libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release.
** build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
** API and ABI modifications:
GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of gnutls_pkcs_encrypt_flags_t
Files: