info-gnu
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ANNOUNCE: Nettle-3.10.1


From: Niels Möller
Subject: ANNOUNCE: Nettle-3.10.1
Date: Mon, 30 Dec 2024 22:01:24 +0100
User-agent: Gnus/5.13 (Gnus v5.13)

I'm happy to announce a new release of GNU Nettle, a low-level
cryptographics library. This release includes a few bug fixes and
portability improvements. See NEWS entries below.

Users of powerpc64 are adviced to upgrade; the bugs in the powerpc64
sha256 assembly of nettle-3.10 has the potential to cause crashes due to
invalid memory read accesses. It's unclear if it could be exploitable,
but it seems unlikely that any exploit could do worse than denial of
service.

The Nettle home page can be found at
https://www.lysator.liu.se/~nisse/nettle/, and the manual at
https://www.lysator.liu.se/~nisse/nettle/nettle.html.

The release can be downloaded from

  https://ftp.gnu.org/gnu/nettle/nettle-3.10.1.tar.gz
  https://www.lysator.liu.se/~nisse/archive/nettle-3.10.1.tar.gz

Happy hacking,
/Niels Möller

NEWS for the Nettle 3.10.1 release

        This is a maintenance release, with only a few bugfixes and
        portability improvements.

        The new version is intended to be fully source and binary
        compatible with Nettle-3.6. The shared library names are
        libnettle.so.8.10 and libhogweed.so.6.10, with sonames
        libnettle.so.8 and libhogweed.so.6.

        Bug fixes:

        * Fix buffer overread in the new sha256 assembly for
          powerpc64, as well as a stack alignment issue.

        * Added missing nettle_mac structs for hmac-gosthash.

        * Fix configure test for valgrind, to not attempt to run
          valgrind on executables built using memory sanitizers.

        Optimizations:

        * Improved runtime detection of cpu features for OpenBSD and
          FreeBSD, using elf_aux_info when available. This also adds
          runtime detection for FreeBSD on arm64. Contributed by Brad
          Smith.

-- 
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]