043a1c5c47
http://secunia.com/advisories/53818/ From NEWS: == GNU ZRTP 4.1.1 == Is a bug fix release that fixes some problems when building a standalone version of the library, i.e. with embedded crypto algorithms and not using on openSSL. Another fix was necessary for NetBSD thread handling. == GNU ZRTP 4.1.0 == Small enhancements when dealing with non-NIST algorithms. An application may set a ''algorithm selection policy'' to control the selection behaviour. In addition the the standrad selection policy (as per RFC6189) this version provides a _non-NIST_ selection policy: if the selected public key algorithm is a non-NIST ECC algorithm then the other selection functions prefer non-NIST HASH algorithms (Skein etc). == GNU ZRTP 4.0.0 == For this version I added some new algorithms for the DH key agreement and the Skein Hash for ZRTP. Not further functional enhancments. Added a new (old) build parameter -DCORE_LIB that will build a ZRTP core library. This was available in V2.3 but I somehow lost this for 3.0 You may add other build parameters, such as SQLITE and CRYPTO_STANDALONE if you build the core library. == GNU ZRTP 3.2.0 == The main ZRTP modules contain fixes for three vulnerabilities found by Mark Dowd. Thus we advise application developers to use this version of the library. The vulnerabilities may lead to application crashes during ZRTP negotiation if an attacker sends prepared ZRTP packets. The fixes remove these attack vectors. Some small other enhancements and cleanup, mainly inside client code. Some enhancements in cache handling and the handling of retained shared secrets. This change was proposed by Phil, is a slight security enhacement and is fully backward comaptible. Because of some API changes clients must be compiled and linked with the new library. For details please refer to the Git logs. == GNU ZRTP 3.1.0 == This version adds some new features and code that supports some other client and this accounts for the most changes inside this release. The ZRTP core functionality was not changed as much (bug fixes, cleanup mainly) and remains fully backward compatible with older library versions. However, one nice enhancement was done: the addition of a standalone SDES support module. This module supports basic SDES only without the fancy stuff like many other SDES implementations. Thus it's pretty interoperable. Some other features are: - add some android support for a client, may serve as template for others - documentation and code cleanup Because of some API changes clients must be compiled and linked with the new library. == GNU ZRTP 3.0.0 == This is a major enhancement and restructuring of the overall ZRTP distribution. This was necessary because more and more other clients use ZRTP and add their specific glue code. Also some clients are not prepared to use openSSL or other crypto libraries to their code and distributions. Here a summary of the changes - a new directory layout to accomodate various clients - add standalone crypto modules, for example for AES, to have a real standalone ZRTP/SRTP library that does not require any other crypto library (optional via CMake configuration) - Re-structure ZRTP cache and add SQlite3 as optional storage backend The default settings for CMake build the normal ZRTP library that use openSSL as crypto backend, use the normal file based cache and include the GNU ccRTP modules. This is a librray that is to a large degree compatible with the earlier builds. Please refer to the top level CMakeFile.txt for options how to switch on the standalone crypto mode or the SQlite3 based cache storage. |
||
---|---|---|
.. | ||
patches | ||
buildlink3.mk | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |