Hello, We have just released gnutls-3.8.5. This is a bug fix and enhancement release on the 3.8.x branch. We would like to thank everyone who contributed in this release: Alyssa Ross, Daiki Ueno and Zoltan Fridrich The detailed list of changes follows: * Version 3.8.5 (released 2024-04-04) ** libgnutls: Due to majority of usages and implementations of RSA decryption with PKCS#1 v1.5 padding being incorrect, leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5 is being deprecated (encryption and decryption) and will be disabled in the future. A new option `allow-rsa-pkcs1-encrypt` has been added into the system-wide library configuration which allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the RSAES-PKCS1-v1_5 is enabled by default. ** libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for backward compatibility with GCR. ** libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA with earlier versions of GMP. These were a regression introduced in the 3.8.4 release. See #1535 and !1827. ** build: Fixed a bug where building gnutls statically failed due to a duplicate definition of nettle_rsa_compute_root_tr(). ** API and ABI modifications: GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of gnutls_pkcs_encrypt_flags_t Getting the Software ================ GnuTLS may be downloaded directly from https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/> A list of GnuTLS mirrors can be found at http://www.gnutls.org/download.html <http://www.gnutls.org/download.html> Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.5.tar.xz <https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.5.tar.xz> Here are OpenPGP detached signatures signed using key: 5D46CB0F763405A7053556F47A75A648B3F9220C https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.5.tar.xz.sig <https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.5.tar.xz.sig> Note that it has been signed with my openpgp key: pub ed25519 2021-12-23 [SC] [expires: 2027-01-01] 5D46CB0F763405A7053556F47A75A648B3F9220C uid [ultimate] Zoltan Fridrich <zfridric at redhat.com> sub cv25519 2021-12-23 [E] [expires: 2027-01-01] Regards, Zoltan -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240404/75fd7208/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x7A75A648B3F9220C.asc Type: application/pgp-keys Size: 1054 bytes Desc: OpenPGP public key URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240404/75fd7208/attachment.key> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240404/75fd7208/attachment.sig>