SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libtasn1-6-4.19.0-security.20.2.x86_64.rpm :

* Wed Aug 24 2022 Andreas Stieger - libtasn1 4.19.0:
* Clarify libtasn1.map license
* Fix ETYPE_OK out of bounds read
* Update gnulib files and various maintenance fixes
* Thu Nov 11 2021 Pedro Monreal - Update libtasn1.keyring with upstream keys
* Thu Nov 11 2021 Andreas Stieger - libtasn1 4.18.0:
* Improve GTK-DOC manual
* Improve --help and --version for tools with gnulib
* Update gnulib files and various maintenance fixes- drop libtasn1-rpmlintrc due to no longer being required on TW
* Mon May 17 2021 Andreas Stieger - libtasn1 4.17.0:
* Print deprecation messages for deprecated macros
* Fix some clang issues due to illegal pointers
* Restore handling of SIZE nodes
* Fix memory leak caught by oss-fuzz
* Gtk-doc fixes
* Fix bugs unveiled by Static Analysis
* Update gnulib files and many build fixes- move tools to -tools packages and clarify licenses- update upstream signing keyring- remove deprecated texinfo packaging macros
* Sun Feb 02 2020 Andreas Stieger - libtasn1 4.16.0:
* asn1_decode_simple_ber: added support for constructed definite octet strings
* asn1_get_object_id_der: enhance the range of decoded OIDs
* asn1_object_id_der: New function
* Fri Nov 22 2019 Andreas Stieger - libtasn1 4.15.0:
* The generated tree no longer contains ASN.1 built-in types even if they are explicitly defined in the description. Previously a warning was printed when these types were seen, now they are ignored.
* Several fixes in ASN.1 definition parser, preventing several crashes and leaks in the tools due to improper ASN.1.
* Switched to semantic versioning
* Wed Jul 31 2019 Andreas Stieger - libtasn1 4.14:
* New #defines for version checking
* other developer visible changes- drop libtasn1-object-id-recursion.patch, incorporating the upstream fix for boo#1105435 CVE-2018-1000654
* Mon Apr 29 2019 mgorseAATTsuse.com- Add libtasn1-object-id-recursion.patch: limit recursion in _asn1_expand_object_id (boo#1105435 CVE-2018-1000654 (https://gitlab.com/gnutls/libtasn1/merge_requests/8)
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Fri Jan 19 2018 kbabiochAATTsuse.com- update to 4.13
* On indefinite string decoding, set a maximum level of allowed recursions (3) to protect the BER decoder from a stack exhaustion. (CVE-2018-6003 boo#1076832)
* Sun Jun 04 2017 astiegerAATTsuse.com- libtasn1 4.12:
* Corrected so-name version- includes changes in 4.11:
* Introduce the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields.
* Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields.
* Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the \'name\' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names- includes changes from 4.10:
* Updated gnulib
* Removed -Werror from default compiler flags (drop patch 0001-configure-don-t-add-Werror-to-build-flags.patch)
* Fixed undefined behavior when negating integers in _asn1_ltostr().
* Pass the correct length to _asn1_get_indefinite_length_string in asn1_get_length_ber. This addresses reading 1-byte past the end of data.
* Wed Aug 10 2016 astiegerAATTsuse.com- update to 4.9:
* Fix OID encoding of OIDs which have elements which exceed 2^32- Do not treat i586 warning as error, adding upstream 0001-configure-don-t-add-Werror-to-build-flags.patch- fate#322523
* Mon Apr 11 2016 mpluskalAATTsuse.com- Update to 4.8
* Fixes to avoid reliance on C undefined behavior.
* Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq. (CVE-2016-4008 / bsc#982779)
* Combined all the BER octet string decoding functions to a single one based on asn1_decode_simple_ber().
* Wed Sep 16 2015 zaitorAATTopensuse.org- Update to version 4.7:
* Fixed regression introduced in the decoding of multi-byte tags fix.
* Mon Sep 07 2015 astiegerAATTsuse.com- libtasn1 4.6:
* Allow decoding OCTET STRINGs with multi-byte tags.
* Add asn1_get_object_id_der
* Fri May 01 2015 astiegerAATTsuse.com- update libtasn1 4.5:
* Corrected an invalid memory access in octet string decoding. CVE-2015-3622 [boo#929414]
* Sun Mar 29 2015 astiegerAATTsuse.com- update to libtasn1 4.4 [bsc#924828]:
* Corrected a two-byte stack overflow in asn1_der_decoding. CVE-2015-2806
* Sun Mar 22 2015 mpluskalAATTsuse.com- Update project url- Cleanup spec-file with spec-cleaner- Add info preun and post dependencies- Update to 4.3
* Added asn1_decode_simple_ber()
* Only assign a value if the previous node has one (bsc#961491).
* Sat Feb 14 2015 jengelhAATTinai.de- Put C API documentation into -devel package. Use modern %make_install. Description fix.
  
ICM