[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS security update
|
From: |
Ludovic Courtès |
|
Subject: |
Re: GnuTLS security update |
|
Date: |
Sun, 11 Sep 2016 22:54:09 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Hi,
Leo Famulari <address@hidden> skribis:
> For master, the naive approach of cherry-picking the patch [1] did not
> work; the test 'system-prio-file' fails consistently with that change. I
> could instead try grafting the updated version.
These 3 GnuTLS commits appear to be related to this issue:
--8<---------------cut here---------------start------------->8---
commit 8469db9dbcdd6ec22094a4f095201d80d981b9f0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 28 00:55:30 2016 +0200
tests: added basic operational check of gnutls_ocsp_resp_get_single()
commit 8a0c9bbae25f75e30a913c6f4b29f468940398ca
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 28 00:40:49 2016 +0200
gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks
Simplified and optimized the function operation, by removing
unecessary memory allocations, as well as eliminate memory leaks
on certain error cases.
commit 964632f37dfdfb914ebc5e49db4fa29af35b1de9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 27 17:00:22 2016 +0200
ocsp: corrected the comparison of the serial size in OCSP response
Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.
Reported by Stefan Buehler.
--8<---------------cut here---------------end--------------->8---
If applying these patches on top of our current GnuTLS version (and then
using it as a graft) works, we could do that.
If not, using the later 3.5.x release should be OK (API- and
ABI-compatible).
Ludo’.