From: Daiki Ueno Date: Wed, 10 Mar 2021 04:06:13 +0000 (+0100) Subject: Release 3.7.1 X-Git-Tag: 3.7.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3aa1c455cc2fd7f63a0ee6fd90791b46bf06eb79;p=thirdparty%2Fgnutls.git Release 3.7.1 Signed-off-by: Daiki Ueno --- diff --git a/NEWS b/NEWS index 51d23ee66f..ba6827358d 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,36 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.7.1 (released 2021-03-10) + +** libgnutls: Fixed potential use-after-free in sending "key_share" + and "pre_shared_key" extensions. When sending those extensions, the + client may dereference a pointer no longer valid after + realloc. This happens only when the client sends a large Client + Hello message, e.g., when HRR is sent in a resumed session + previously negotiated large FFDHE parameters, because the initial + allocation of the buffer is large enough without having to call + realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] + +** libgnutls: Fixed a regression in handling duplicated certs in a + chain (#1131). + +** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox + compatibiltiy mode. In that mode the client shall always send a + non-zero session ID to make the handshake resemble the TLS 1.2 + resumption; this was not true in the previous versions (#1074). + +** libgnutls: W32 performance improvement with a new sendmsg()-like + transport implementation (!1377). + +** libgnutls: Removed dependency on the external 'fipscheck' package, + when compiled with --enable-fips140-mode (#1101). + +** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). + +** API and ABI modifications: +No changes since last version. + * Version 3.7.0 (released 2020-12-02) ** libgnutls: Depend on nettle 3.6 (!1322). diff --git a/configure.ac b/configure.ac index ec858b4ab1..126f95ee2e 100644 --- a/configure.ac +++ b/configure.ac @@ -23,7 +23,7 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.64) dnl when updating version also update LT_REVISION in m4/hooks.m4 -AC_INIT([GnuTLS], [3.7.0], [bugs@gnutls.org]) +AC_INIT([GnuTLS], [3.7.1], [bugs@gnutls.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4]) AC_CANONICAL_HOST diff --git a/m4/hooks.m4 b/m4/hooks.m4 index ed9a990c1d..09190102cc 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -41,7 +41,7 @@ AC_DEFUN([LIBGNUTLS_HOOKS], # # Interfaces removed: AGE=0 (+bump all symbol versions in .map) AC_SUBST(LT_CURRENT, 59) - AC_SUBST(LT_REVISION, 0) + AC_SUBST(LT_REVISION, 1) AC_SUBST(LT_AGE, 29) AC_SUBST(LT_SSL_CURRENT, 27)