All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
* Noteworthy changes in release 4.17.0 (2021-05-13) [stable]
- Print deprecation messages for deprecated macros, thanks to Tim Rühsen.
- Fix some clang issues due to illegal pointers, thanks to Stefan Weil.
- Restore handling of SIZE nodes, thanks to Dmitry Baryshkov.
- Fix memory leak caught by oss-fuzz, thanks to Dmitry Baryshkov.
- Gtk-doc fixes, thanks to Dmitry Baryshkov.
- Fix bugs unveiled by Static Analysis, reported by Simo Sorce.
- Update gnulib files and many build fixes.
* Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable]
- asn1_decode_simple_ber: added support for constructed definite
octet strings. This allows this function decode the whole set of
BER encodings for OCTET STRINGs.
- asn1_get_object_id_der: enhance the range of decoded OIDs (#25).
This also makes OID encoding and decoding more strict on invalid
input. This may break gnutls' test suite before 3.6.12 as it was
relying on decoding some invalid OIDs.
- asn1_object_id_der: New function
* Noteworthy changes in release 4.15.0 (released 2019-11-21) [stable]
- The generated tree no longer contains ASN.1 built-in types even
if they are explicitly defined in the description. Previously
a warning was printed when these types were seen, now they are
ignored.
- Several fixes in ASN.1 definition parser, preventing several
crashes and leaks in the tools due to improper ASN.1.
- Switched to semantic versioning.
* Noteworthy changes in release 4.14 (released 2019-07-21) [stable]
- New #defines for version checking: ASN1_VERSION_MAJOR, ASN1_VERSION_MINOR,
ASN1_VERSION_PATCH, ASN1_VERSION_NUMBER. The next release will switch
to semantic version semantics.
- Simplify ordering of SET OF elements by using qsort().
- Marked explicitly const uses of asn1_node with the introduction
of the (compatible) asn1_node_const type.
- Limit recursion in _asn1_expand_object_id() to detect infinite
recursion in incorrect .asn files (#4).
- asn1_array2tree(): fixed thread safety issues.
- Several fixes in gtk-doc generation.
fixes CVE-2018-1000654
- Corrected so-name version
release 4.11:
- Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate
an invalid encoding in the DER time fields.
- Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag
allows decoding errors in time fields even when in strict DER mode.
That is introduced in order to allow toleration of invalid times in
X.509 certificates (which are common) even though strict DER adherence
is enforced in other fields.
- Added safety check in asn1_find_node(). That prevents a crash
when a very long variable name is provided by the developer.
Note that this to be exploited requires controlling the ASN.1
definitions used by the developer, i.e., the 'name' parameter of
asn1_write_value() or asn1_read_value(). The library is
not designed to protect against malicious manipulation of the
developer assigned variable names.
* Noteworthy changes in release 4.8 (released 2016-04-11) [stable]
- Fixes to avoid reliance on C undefined behavior.
- Fixes to avoid an infinite recursion when decoding without
the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.
- Combined all the BER octet string decoding functions to a single
one based on asn1_decode_simple_ber().
* Noteworthy changes in release 4.7 (released 2015-09-14) [stable]
- Fixed regression introduced in the decoding of multi-byte tags
fix.
* Noteworthy changes in release 4.6 (released 2015-09-05) [stable]
- Allow decoding OCTET STRINGs with multi-byte tags.
- API and ABI changes since last version:
asn1_get_object_id_der: New function
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* Noteworthy changes in release 4.5 (released 2015-04-29) [stable]
- Corrected an invalid memory access in octet string decoding.
Reported by Hanno Böck.
- Added sanity checks in the decoding of time when
ASN1_DECODE_FLAG_STRICT_DER is used.
- Fixes in the decoding of OCTET STRING when close to the end
of the structure.
- Corrected an off-by-one error in ASN.1 DER tag decoding.
- Several improvements and new safety checks on DER decoding;
issues found using Codenomicon TLS test suite.
- Marked asn1_der_decoding_element() as deprecated. Use
asn1_der_decoding() instead.
- Correctly handle decoding of recursive CHOICE options.
- Allow deleting elements of SET OF.
- Several small bug fixes found by coverity.
- Code improvements
* Noteworthy changes in release 3.1 (released 2012-11-24) [stable]
- Completed rename of types:
ASN1_ARRAY_TYPE -> asn1_static_node (was asn1_static_node_t)
- Added new types: VisibleString, NumericString, IA5String, TeletexString,
PrintableString, UniversalString, BMPString, UTF8String. When re-defined
a warning is being print instead of failing.
- Parser outputs more detailed syntax error messages.
- Added asn1_decode_simple_der() and asn1_encode_simple_der().
- Added asn1_read_value_type() to return value and type.
- Introduced ASN1_ETYPE_UTC_TIME and ASN1_ETYPE_GENERALIZED_TIME
* Noteworthy changes in release 3.0 (2012-10-28) [stable]
- Added tool in tests/ to benchmark X.509 structure decoding.
- Added asn1_read_node_value() to obtain a node's value.
- Optimizations in internal tree allocation.
- Optimizations in tree search.
- libtasn1.h no longer exports internal structures.
- Types were renamed for consistency:
ASN1_DATA_NODE -> asn1_data_node_st
ASN1_ARRAY_TYPE -> asn1_static_node
ASN1_TYPE -> asn1_node
ASN1_TYPE_EMPTY -> NULL
static_struct_asn -> asn1_static_node_st
node_asn_struct -> asn1_node_st
node_asn -> asn1_node_st
(the old types are still available as definitions)
* Noteworthy changes in release 2.14 (2012-09-24) [stable]
- Added asn1_read_node_value() to obtain a node's value.
This is to deprecate the export of the node_asn internal structure
for the upcoming 3.x release. The ASN1_DATA_NODE type and the
ASN1_ETYPE_* constants were added to support the new function.
* Noteworthy changes in release 2.13 (2012-05-31) [stable]
- Updated fix for DER decoding issue to not depend on specific compilers.
- Updated DER decoding check to apply to short form integers as well.
* Noteworthy changes in release 2.12 (2012-03-19) [stable]
- Cleanup license headers.
- build: Update gnulib files.
- Corrected DER decoding issue (reported by Matthew Hall).
Added self check to detect the problem, see tests/Test_overflow.c.
This problem can lead to at least remotely triggered crashes, see
further analysis on the libtasn1 mailing list.
* Noteworthy changes in release 2.11 (2011-11-25) [stable]
- qa: Now builds without compiler warnings with Solaris CC.
- qa: Added clang analysis. Fixed cyclomatic complexity output.
- tests: Added self-test of bit string functions.
- build: Added windows/libtasn14win.mk rules to produce Windows binaries.
- build: Don't hard code path to perl in doc/gdoc.
- Various minor fixes.
* Noteworthy changes in release 2.9 (2010-12-06) [stable]
- tests: Link to gnulib to avoid build error related to 'rpl_ftello' on Solaris.
Reported by Dagobert Michelsen.
- doc: Fix bug reporting address to point at help-libtasn1@gnu.org.
- doc: Fix Returns: documentation in Texinfo. Reported by Jeffrey Walton.
- build: Update gnulib files.
The patch looks wrong to me, though, because stdint.h should be
generated in lib/gllib/ if the system does not have it (or if it is not
correct), and the -I's should make the code find the local file instead.
Thus, the code should be able to unconditionally include the header
file.
* Noteworthy changes in release 2.7 (2010-05-20) [stable]
- Doc: Build a PDF manual using GTK-PDC.
- Doc: Fix of asn1_check_version, documentation was missing from last release.
- Build: Avoid warnings about ignored visibility attributes on Windows.
* Noteworthy changes in release 2.6 (2010-04-20) [stable]
- Fix build failure on platforms without support for GNU LD version scripts.
- libtasn1: Simplified implementation of asn1_check_version.
- tests: Improved self-checks.
- Update gnulib files, fix many syntax-check nits, indent code,
fix license templates.
* Noteworthy changes in release 2.3 (2009-07-29) [stable]
- Libtasn1 is now an official GNU project.
- Solve build problem on Tru64 related to TRUE/FALSE.
- More careful decoding of OIDs.
- Fixed warning in ASN1.y.
- Use "Software libraries" info dircategory.
- Drop GPL/LGPL copies from the manual (not needed there).
- New configure parameters to set packaging specific information.
The parameters are --with-packager, --with-packager-version, and
--with-packager-bug-reports. See
<http://article.gmane.org/gmane.comp.lib.gnulib.bugs/17791> for more
details.
Version 2.2 (released 2009-05-20)
- Change how the ASN1_API decorator is used in libtasn1.h, for GTK-DOC.
- Changed license of libtasn1.pc from GPLv3+ to LGPLv2.1+.
Reported by Jeff Cai <Jeff.Cai@Sun.COM>.
- Building with many warning flags now requires --enable-gcc-warnings.
- Some warnings fixed.
Version 2.1 (released 2009-04-17)
- Fix compilation failure on platforms that can't generate empty archives,
e.g., Mac OS X. Reported by David Reiser <dbreiser@gmail.com>.
Version 2.0 (released 2009-04-13)
- Optimized tree generation.
- ASN1 parser code re-generated using Bison 2.4.1.
- Build with more warning flags. Many compiler warnings fixed.
- Compiled with -fvisibility=hidden by default if supported.
See http://gcc.gnu.org/wiki/Visibility
- The libtasn1-config tool has been removed.
For application developers, please stop using libtasn1-config for
finding libtasn1, use proper autoconf checks or pkg-config instead.
For users that need a libtasn1 that provides a libtasn1-config
script (for use with older applications), use libtasn1 v1.x instead.
Version 1.x is still supported.
- Add libtasn1-config for compatibility.
Please stop use it as it will disappear in v2.0!
Use standard AC_CHECK_FUNCS autoconf tests or pkg-config instead.
- Read PKCS-12 blob as binary file, fixes self-tests under Mingw.
- Fix use of __attribute__ ((deprecated)) to work on non-GCC.
Changes 1.6:
- Fixed namespace violation for MAX_NAME_SIZE and MAX_ERROR_DESCRIPTION_SIZE.
The new names are ASN1_MAX_NAME_SIZE and ASN1_MAX_ERROR_DESCRIPTION_SIZE.
- Fixed namespace violation for libtasn1_perror and libtasn1_strerror.
The new names are asn1_perror and asn1_strerror.
- Fix namespace violation for LIBASN1_VERSION.
The new name is ASN1_VERSION.
- Decoder can now decode BER encoded octet strings.
- doc: Change license on the manual to GFDLv1.3+.
- doc: Sync gdoc script with GnuTLS, changes license on man-pages to GAP.
- doc: Improve gtk-doc manual.
- Assumes system has strdup and string.h.
- Remove libtasn1-config and libtasn1.m4,
use standard AC_CHECK_FUNCS autoconf tests or pkg-config instead.
- Change detection of when to use a linker version script,
use --enable-ld-version-script or --disable-ld-version-script to
override auto-detection logic.
Version 1.3 (released 2008-02-01)
- Handle 'INTEGER { ... } (a..b)' regression.
Revert parts of earlier fix. asn1Parser can now again parse src/pkix.asn1.
The ASN1.c file was generated using Bison 2.3.
- Move examples from src/ to new directory examples/.
- Duplicate copy of divergated pkix.asn removed.
- Merge unnecessary lib/defines.h into lib/int.h.
- Configure no longer tries to use gcc -pipe.
- Update gnulib files.
- Fix mem leak in self-test.
Version 1.2 (released 2007-12-10)
- Update gnulib files.
Version 1.1 (released 2007-08-31)
- Fix bug that made asn1_check_version believe that 1.0 is older than 0.3.10.
Version 1.0 (released 2007-08-31)
- The self-tests, command line tools and build infrastructure have
been re-licensed from GPLv2 to GPLv3.
- Doc fixes.
- Update gnulib files.
Version 0.3.10 (released 2007-05-25)
- Update gnulib files.
Version 0.3.9 (released 2007-03-02)
- In generated code, config.h is pulled in if HAVE_CONFIG_H.
- Development changes: changed from CVS to GIT as an experiment.
I push my changes to <http://repo.or.cz/w/libtasn1.git>.
- Autoconf 2.61 and automake 1.10 is required.
Version 0.3.8 (released 2006-11-16)
- Fix reading of binary files in asn1Decoding, for Windows.
Version 0.3.7 (released 2006-10-19)
- When asn1_der_coding encoded a TYPE_NULL and the output buffer is
NULL, it would not increment the counter properly, so the size of
the required buffer would be off by one. Fixed. Reported by
Stephen Wrobleski <steve@localtoast.org>.
- Fix configure to respect user-definable flags. Reported by "Diego
'Flameeyes' Pettenò" <flameeyes@gentoo.org>.
- The --help and --version outputs from the tools have been improved.
Version 0.3.6 (released 2006-08-13)
- Fix man pages to use \- instead of - for negative signs (as in "-1").
- Add -I's when building in src/, so that unistd.h etc is found on
systems that doesn't have them.
- Valgrind isn't used for cross-compilation by default, and there is
also --disable-valgrind-tests to unconditionally disable it.
- Valgrind is invoked without parameters, put things you like into
~/.valgrindrc instead.
changes:
- Fix asn1_octet_der to handle writes of zero-length buffers, before
it did not write the ASN.1 length for a zero-length buffer. This caused
ASN.1 encodings to be incorrect on 64-bit platforms.
- Add self test that attempt to trigger the above bug.
- Fix test of -Wno-pointer-sign.
- Improve cross-compilation to MinGW by using AC_LIBTOOL_WIN32_DLL.
Version 0.3.4 (released 2006-05-10)
- Really fix encodings.
- Add new self test, tests/Test_encoding.c.
- Self tests are ran under valgrind, if it is available.
- We test for the -Wno-pointer-sign parameter before using it.
Version 0.3.3 (released 2006-05-07)
- Add some 'const' to prototypes.
- Remove some 'unsigned' keywords.
- Corrected asn1_der_coding() bug introduced when it became reentrant.
Now it produces correct encodings.
Version 0.3.2
- Corrected bug in asn1_der_coding() which overwrited some
data in the original structure.
- The asn1Parser, asn1Coding and asn1Decoding programs are now installed.
- Support constant size bit strings, as in 'BIT STRING (SIZE(42))'.
Reported by Cyril Holweck <cyril.holweck@q-free.com>.
- Add two more APIs required by GnuTLS.
- New public APIs:
asn1_find_node function
asn1_copy_node
Version 0.3.0
- Export DER utility functions, mostly so that GnuTLS can avoid using
libtasn1 internals.
- The _asn1* symbols are not exported in the shared library file (when
using GNU ld).
- The library can now be built using Visual Studio, and the project
files are included in windows/.
- New public APIs:
asn1_get_tag_der
asn1_octet_der
asn1_get_octet_der
asn1_bit_der
asn1_get_bit_der
asn1_get_length_der
asn1_length_der
