Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libtasn1-4.13-150000.4.8.1 RPM for ppc64le

From OpenSuSE Leap 15.5 for ppc64le

Name: libtasn1 Distribution: SUSE Linux Enterprise 15
Version: 4.13 Vendor: SUSE LLC <>
Release: 150000.4.8.1 Build date: Tue Oct 25 14:49:02 2022
Group: Productivity/Networking/Security Build host: xinomavro
Size: 278037 Source RPM: libtasn1-4.13-150000.4.8.1.src.rpm
Summary: ASN.1 parsing library
This is the ASN.1 library used by GNUTLS. More up to date information
can be found at and




LGPL-2.1-or-later AND GPL-3.0-only


* Tue Oct 25 2022
  - Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
    that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
* Mon Apr 29 2019
  - Add libtasn1-object-id-recursion.patch: limit recursion in
    _asn1_expand_object_id (boo#1105435 CVE-2018-1000654
* Thu Feb 22 2018
  - Use %license (boo#1082318)
* Fri Jan 19 2018
  - update to 4.13
    * On indefinite string decoding, set a maximum level of allowed
      recursions (3) to protect the BER decoder from a stack exhaustion.
      (CVE-2018-6003 boo#1076832)
* Sun Jun 04 2017
  - libtasn1 4.12:
    * Corrected so-name version
  - includes changes in 4.11:
    * Introduce the ASN1_TIME_ENCODING_ERROR error code to indicate
      an invalid encoding in the DER time fields.
    * Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag
      allows decoding errors in time fields even when in strict DER mode.
      That is introduced in order to allow toleration of invalid times in
      X.509 certificates (which are common) even though strict DER adherence
      is enforced in other fields.
    * Added safety check in asn1_find_node(). That prevents a crash
      when a very long variable name is provided by the developer.
      Note that this to be exploited requires controlling the ASN.1
      definitions used by the developer, i.e., the 'name' parameter of
      asn1_write_value() or asn1_read_value(). The library is
      not designed to protect against malicious manipulation of the
      developer assigned variable names
  - includes changes from 4.10:
    * Updated gnulib
    * Removed -Werror from default compiler flags
      (drop patch 0001-configure-don-t-add-Werror-to-build-flags.patch)
    * Fixed undefined behavior when negating integers in _asn1_ltostr().
    * Pass the correct length to _asn1_get_indefinite_length_string in
      asn1_get_length_ber. This addresses reading 1-byte past the end
      of data.
* Wed Aug 10 2016
  - update to 4.9:
    * Fix OID encoding of OIDs which have elements which exceed 2^32
  - Do not treat i586 warning as error, adding upstream
  - fate#322523
* Mon Apr 11 2016
  - Update to 4.8
    * Fixes to avoid reliance on C undefined behavior.
    * Fixes to avoid an infinite recursion when decoding without the
      ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.
      (CVE-2016-4008 / bsc#982779)
    * Combined all the BER octet string decoding functions to a
      single one based on asn1_decode_simple_ber().
* Wed Sep 16 2015
  - Update to version 4.7:
    * Fixed regression introduced in the decoding of multi-byte tags
* Mon Sep 07 2015
  - libtasn1 4.6:
    * Allow decoding OCTET STRINGs with multi-byte tags.
    * Add asn1_get_object_id_der
* Fri May 01 2015
  - update libtasn1 4.5:
    * Corrected an invalid memory access in octet string decoding.
      CVE-2015-3622 [boo#929414]
* Sun Mar 29 2015
  - update to libtasn1 4.4 [bsc#924828]:
    * Corrected a two-byte stack overflow in asn1_der_decoding.
* Sun Mar 22 2015
  - Update project url
  - Cleanup spec-file with spec-cleaner
  - Add info preun and post dependencies
  - Update to 4.3
    * Added asn1_decode_simple_ber()
    * Only assign a value if the previous node has one (bsc#961491).
* Sat Feb 14 2015
  - Put C API documentation into -devel package.
    Use modern %make_install. Description fix.



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 9 19:33:45 2024