Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libtasn1-6 | Distribution: openSUSE Step 15 |
Version: 4.13 | Vendor: openSUSE |
Release: 4.9.1 | Build date: Wed Oct 26 18:44:39 2022 |
Group: System/Libraries | Build host: obs-arm-5 |
Size: 67336 | Source RPM: libtasn1-4.13-4.9.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://www.gnu.org/software/libtasn1/ | |
Summary: ASN.1 parsing library |
This is the ASN.1 library used by GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org
LGPL-2.1-or-later AND GPL-3.0-only
* Tue Oct 25 2022 abergmann@suse.com - Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690). * Mon Apr 29 2019 mgorse@suse.com - Add libtasn1-object-id-recursion.patch: limit recursion in _asn1_expand_object_id (boo#1105435 CVE-2018-1000654 (https://gitlab.com/gnutls/libtasn1/merge_requests/8) * Thu Feb 22 2018 fvogt@suse.com - Use %license (boo#1082318) * Fri Jan 19 2018 kbabioch@suse.com - update to 4.13 * On indefinite string decoding, set a maximum level of allowed recursions (3) to protect the BER decoder from a stack exhaustion. (CVE-2018-6003 boo#1076832) * Sun Jun 04 2017 astieger@suse.com - libtasn1 4.12: * Corrected so-name version - includes changes in 4.11: * Introduce the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields. * Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields. * Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the 'name' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names - includes changes from 4.10: * Updated gnulib * Removed -Werror from default compiler flags (drop patch 0001-configure-don-t-add-Werror-to-build-flags.patch) * Fixed undefined behavior when negating integers in _asn1_ltostr(). * Pass the correct length to _asn1_get_indefinite_length_string in asn1_get_length_ber. This addresses reading 1-byte past the end of data. * Wed Aug 10 2016 astieger@suse.com - update to 4.9: * Fix OID encoding of OIDs which have elements which exceed 2^32 - Do not treat i586 warning as error, adding upstream 0001-configure-don-t-add-Werror-to-build-flags.patch - fate#322523 * Mon Apr 11 2016 mpluskal@suse.com - Update to 4.8 * Fixes to avoid reliance on C undefined behavior. * Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq. (CVE-2016-4008 / bsc#982779) * Combined all the BER octet string decoding functions to a single one based on asn1_decode_simple_ber(). * Wed Sep 16 2015 zaitor@opensuse.org - Update to version 4.7: * Fixed regression introduced in the decoding of multi-byte tags fix. * Mon Sep 07 2015 astieger@suse.com - libtasn1 4.6: * Allow decoding OCTET STRINGs with multi-byte tags. * Add asn1_get_object_id_der * Fri May 01 2015 astieger@suse.com - update libtasn1 4.5: * Corrected an invalid memory access in octet string decoding. CVE-2015-3622 [boo#929414] * Sun Mar 29 2015 astieger@suse.com - update to libtasn1 4.4 [bsc#924828]: * Corrected a two-byte stack overflow in asn1_der_decoding. CVE-2015-2806 * Sun Mar 22 2015 mpluskal@suse.com - Update project url - Cleanup spec-file with spec-cleaner - Add info preun and post dependencies - Update to 4.3 * Added asn1_decode_simple_ber() * Only assign a value if the previous node has one (bsc#961491). * Sat Feb 14 2015 jengelh@inai.de - Put C API documentation into -devel package. Use modern %make_install. Description fix.
/usr/lib/libtasn1.so.6 /usr/lib/libtasn1.so.6.5.5
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:42:22 2024