[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ANNOUNCE: Nettle-3.9.1
From: |
Niels Möller |
Subject: |
ANNOUNCE: Nettle-3.9.1 |
Date: |
Thu, 01 Jun 2023 21:13:46 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (berkeley-unix) |
I've prepared a bugfix release for GNU Nettle, a low-level
cryptographics library. The most severe of the fixed bugs was a memory
corruption bug in the new OCB implementation. Se below for complete list
of bug fixes.
The Nettle home page can be found at
https://www.lysator.liu.se/~nisse/nettle/, and the manual at
https://www.lysator.liu.se/~nisse/nettle/nettle.html.
The release can be downloaded from
https://ftp.gnu.org/gnu/nettle/nettle-3.9.1.tar.gz
ftp://ftp.gnu.org/gnu/nettle/nettle-3.9.1.tar.gz
https://www.lysator.liu.se/~nisse/archive/nettle-3.9.1.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.9.1 release
This is a bugfix release, fixing a few bugs reported for
Nettle-3.9. The bug in the new OCB code may be exploitable for
denial of service or worse, since triggering it leads to
memory corruption. Upgrading from Nettle-3.9 to the new
version is strongly recommended.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.8 and libhogweed.so.6.8, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix OCB loop for processing messages of size 272 bytes or
larger. Reported and fixed by Jussi Kivilinna.
* Fix alignment bug in the new x86_64 non-pclmul assembly
implementation of ghash. Reported by Henrik Grubbström.
* Fix build-time memory leak in eccdata. Reported by Noah
Watkins.
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- ANNOUNCE: Nettle-3.9.1,
Niels Möller <=