Changelog for libtasn1-6-4.9-6.1.x86_64.rpm :
Thu May 9 14:00:00 2019 qzheng
- Add libtasn1-CVE-2017-6891.patch: added safety check to fix a
stack overflow issue (CVE-2017-6891, bsc1040621).

Tue Apr 30 14:00:00 2019
- Add libtasn1-object-id-recursion.patch: limit recursion in
_asn1_expand_object_id (boo#1105435 CVE-2018-1000654

Fri Jan 19 13:00:00 2018
- Add libtasn1-CVE-2018-6003.patch: Fix a stack exhaustion in
_asn1_decode_simple_ber (lib/decoding.c) when decoding BER encoded structure
CVE-2018-6003 (boo#1076832)

Thu Apr 20 14:00:00 2017
- Patches dropped after revision, fixed upstream:

* libtasn1-CVE-2015-2806.patch

* libtasn1-bsc961491-value-crash.patch

* libtasn1-CVE-2016-4008-1.patch

* libtasn1-CVE-2016-4008-2.patch

* libtasn1-CVE-2015-3622.patch
- fate#322523

Wed Aug 10 14:00:00 2016
- update to 4.9:

* Fix OID encoding of OIDs which have elements which exceed 2^32
- Do not treat i586 warning as error, adding upstream

Fri Jun 3 14:00:00 2016
- libtasn1-CVE-2015-3622.patch: Fixed invalid read in octet string
decoding (CVE-2015-3622, bsc#929414)
- libtasn1-CVE-2016-4008-1.patch, libtasn1-CVE-2016-4008-2.patch:
Fixed infinite loop while parsing DER certificates (CVE-2016-4008, bsc#982779)

Mon Apr 11 14:00:00 2016
- Update to 4.8

* Fixes to avoid reliance on C undefined behavior.

* Fixes to avoid an infinite recursion when decoding without the
ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.
(CVE-2016-4008 / bsc#982779)

* Combined all the BER octet string decoding functions to a
single one based on asn1_decode_simple_ber().

Tue Jan 12 13:00:00 2016
- Add libtasn1-bsc961491-value-crash.patch: only assign a value if
the previous node had one. Fixes a crash (bsc#961491).

Wed Sep 16 14:00:00 2015
- Update to version 4.7:

* Fixed regression introduced in the decoding of multi-byte tags

Mon Sep 7 14:00:00 2015
- libtasn1 4.6:

* Allow decoding OCTET STRINGs with multi-byte tags.

* Add asn1_get_object_id_der

Fri May 1 14:00:00 2015
- update libtasn1 4.5:

* Corrected an invalid memory access in octet string decoding.
CVE-2015-3622 [boo#929414]

Fri Apr 24 14:00:00 2015
- libtasn1-CVE-2015-2806.patch: fixed a two-byte stack overflow in
(bsc#924828 CVE-2015-2806)
- info deinstall needs to be in %preun

Sun Mar 22 13:00:00 2015
- Update project url
- Cleanup spec-file with spec-cleaner
- Add info preun and post dependencies
- Update to 4.3

* Added asn1_decode_simple_ber()

Sat Feb 14 13:00:00 2015
- Put C API documentation into -devel package.
Use modern %make_install. Description fix.

Wed Oct 8 14:00:00 2014
- updated to libtasn1 4.2:

* Noteworthy changes in release 4.2 (released 2014-09-15) [stable]
- Added sanity checks in the decoding of time when
- Fixes in the decoding of OCTET STRING when close to the end
of the structure.

* Noteworthy changes in release 4.1 (released 2014-08-23) [stable]
- Corrected indefinite tag check in ANY constructions. That allows
the decoding of BER-encoded structures that contain indefinite
encoding within an ANY element.
- Added DER decoding flag ASN1_DECODE_FLAG_STRICT_DER. Over the
years BER functionality was added to the decoder and this flag
provides the way to disable it.
- API and ABI changes since last version:

* Noteworthy changes in release 4.0 (released 2014-06-26) [stable]
- Optimized asn1_der_decoding_startEnd(). It no longer requires the
additional decoding step.
- asn1_read_value() understands the ?CURRENT keyword, which can be used
to indicate the current element of a sequence, when the provided node
is a sequence element.
- Several optimizations in DER decoding of structures with sequences
containing many elements.
- asn1_der_decoding2() is introduced and allows flags to be passed on
the decoding process. Currently only ASN1_DECODE_FLAG_ALLOW_PADDING is
defined and that allows decoding DER structures that contain arbitrary
data past their end. Contributed by Karel Slany.
- API and ABI changes since last version:
asn1_dup_node: New function
asn1_der_decoding2: New function
asn1_der_decoding_element: It is now an alias to asn1_der_decoding

Fri Jul 25 14:00:00 2014
- updated to libtasn1 3.7:

* Noteworthy changes in release 3.7 (released 2014-06-26) [stable]
- Fixes in length calculation in _asn1_extract_der_octet().
- Fixes in DER decoding.
- Fixes: CVE-2014-3468 CVE-2014-3467 CVE-2014-3469 bnc#880738
bnc#880737 bnc#880735

Tue Jun 3 14:00:00 2014
- libtasn1.keyring: added Nikos Mavrogiannopoulos
key, who did this release (and shares responsibility with Simon).
- updated to libtasn1 3.6

* Noteworthy changes in release 3.6 (released 2014-05-25) [stable]
- Corrected an off-by-one error in ASN.1 DER tag decoding. (CVE-2014-3468/bnc#880735)
- Several improvements and new safety checks on DER decoding;
issues found using Codenomicon TLS test suite. (CVE-2014-3469/bnc#880738,
- Marked asn1_der_decoding_element() as deprecated. Use
asn1_der_decoding() instead.

* Noteworthy changes in release 3.5 (released 2014-05-01) [stable]
- Correctly handle decoding of recursive CHOICE options.
- Allow deleting elements of SET OF. Patch by Jean-Louis Thekekara.
- Several small bug fixes found by coverity.
- Code improvements contributed by Kurt Roeckx.

* Noteworthy changes in release 3.4 (released 2013-11-25) [stable]
- Added asn1_delete_structure2() which allows zeroizing the contents
of all values in the structure prior to deinitialization.
- The parser accepts negative numbers in an INTEGER range (but
still does no enforce them).

Tue Jun 25 14:00:00 2013
- remove gpg source checking again to avoid this cycle:
libtasn1 -> libssh2_org -> openssh -> krb5 -> python-Jinja2 -> vim -> libtasn1

Thu Jun 20 14:00:00 2013
- updated to libtasn1 3.3

* Noteworthy changes in release 3.3 (released 2013-03-23) [stable]
- More precise overflow checks using gnulib\'s intprops module.
- Updates to compile in Android systems.

* Noteworthy changes in release 3.2 (released 2012-11-30) [stable]
- Corrected buffer overflow in the error reporting of the parser (reported
by Andreas Metzler).

* Noteworthy changes in release 3.1 (released 2012-11-24) [stable]
- Completed rename of types:
ASN1_ARRAY_TYPE -> asn1_static_node (was asn1_static_node_t)
- Added new types: VisibleString, NumericString, IA5String, TeletexString,
PrintableString, UniversalString, BMPString, UTF8String. When re-defined
a warning is being print instead of failing.
- Parser outputs more detailed syntax error messages.
- Added asn1_decode_simple_der() and asn1_encode_simple_der().
- Added asn1_read_value_type() to return value and type.
- added gpg source checking

Sat Nov 17 13:00:00 2012
- update to libtasn1 3.0, SONAME
- Added tool in tests/ to benchmark X.509 structure decoding.
- Added asn1_read_node_value() to obtain a node\'s value.
- Optimizations in internal tree allocation.
- Optimizations in tree search.
- libtasn1.h no longer exports internal structures.
- Types were renamed for consistency:
ASN1_DATA_NODE -> asn1_data_node_st
ASN1_ARRAY_TYPE -> asn1_static_node
ASN1_TYPE -> asn1_node
static_struct_asn -> asn1_static_node_st
node_asn_struct -> asn1_node_st
node_asn -> asn1_node_st
(the old types are still available as definitions)
- fix W: devel-package-with-non-devel-group

Fri Sep 28 14:00:00 2012
- updated to version 2.14
This release adds asn1_read_node_value() to obtain a node\'s value. This
is to deprecate the export of the node_asn internal structure for the
upcoming 3.x release. The ASN1_DATA_NODE type and the ASN1_ETYPE_
constants were added to support the new function.
- removed upstreamed libtasn1-stdio.h patch
- make check

Sun Jul 22 14:00:00 2012
- Fix build with missing gets declaration (glibc 2.16)

Fri Jun 29 14:00:00 2012
- license update: LGPL-2.1+ and GPL-3.0
Tools are GPL-3.0

Sat Apr 14 14:00:00 2012
- update to version 2.12
+ Cleanup license headers.
+ build: Update gnulib files.
+ Corrected DER decoding issue (reported by Matthew Hall).
Added self check to detect the problem, see tests/Test_overflow.c.
This problem can lead to at least remotely triggered crashes, see
further analysis on the libtasn1 mailing list.

Sun Jan 8 13:00:00 2012
- update to version 2.11
+ qa: now builds without compiler warnings with Solaris CC
+ qa: added clang analysis. fixed cyclomatic complexity output
+ tests: added self-test of bit string functions
+ build: added windows/ rules to produce Windows
+ build: don\'t hard code path to perl in doc/gdoc
+ various minor fixes
- changes in version 2.10
+ lib: small optimization, possibly working around gcc/valgrind issue
+ build: update gnulib files
+ asn1Coding: actually implement the -c parameter
+ asn1Decoding: the -c parameter serves no purpose. remove it.
+ doc: add examples to asn1Coding and ans1Decoding description
- changes in version 2.9
+ tests: link to gnulib to avoid build error related to \'rpl_ftello\'
on Solaris. Reported by Dagobert Michelsen
+ doc: fix bug reporting address to point at
+ doc: fix returns: documentation in Texinfo. Reported by Jeffery
+ build : update gnulib files
- changes in version 2.8
+ update gnulib files
+ use libtool 2.2.10 to ease MinGW64 builds
- changes in version 2.7
+ Doc: build PDF manual using GTK-DOC
+ Doc: fix of asn1_check_version, documentation was missing from
last release
+ Build: avoid warnings about ignored visibility attributes on
- changes in version 2.6
+ Fix build failure on platforms without support for GNU_LD
version scripts
+ libtasn1: simplified implementation of asn1_check_version
+ tests: improved self-checks
+ update gnulib files, fix many syntax-check nits, indent code,
fix license templates
- changes in version 2.5
+ doc: improve GTK-DOC comments
+ misc: updated gnulib files
- changes in version 2.4
+ Doc fixes
+ updated gnulib files
+ clean up copyright notices
- changes in version 2.3
+ libtasn1 is now an official GNU project
+ solve build problem on Tru64 related to TRUE/FALSE
+ More careful decoding of OIDs
+ Fixed warning in ANS1.y
+ Use \"Software libraries\" info dircategory
+ Drop GPL/LGPL copies from the manual (not needed there)
+ New configure parameters to set packagin specific information
The parameters are --with-packager, --with-packager-version,
and --with-packager-bug-reports. See
more details.

Sun Oct 31 13:00:00 2010
- Use %_smp_mflags

Sat Apr 24 14:00:00 2010
- buildrequire pkg-config to fix provides

Thu Dec 17 13:00:00 2009
- Add baselibs.conf as a source

Thu May 21 14:00:00 2009
- Update to version 2.2:
+ Change how the ASN1_API decorator is used in libtasn1.h, for
+ Changed license of libtasn1.pc from GPLv3+ to LGPLv2.1+.
+ Building with many warning flags now requires
- -enable-gcc-warnings.
+ Some warnings fixed.
- Fix license of library packages: it\'s LGPL not GPL.

Wed May 6 14:00:00 2009
- Update to version 2.1:
+ Fix compilation failure on platforms that can\'t generate empty
archives, e.g., Mac OS X.
- Changes from version 2.0:
+ Optimized tree generation.
+ ASN1 parser code re-generated using Bison 2.4.1.
+ Build with more warning flags. Many compiler warnings fixed.
+ Compiled with -fvisibility=hidden by default if supported.
+ The libtasn1-config tool has been removed. For application
developers, please stop using libtasn1-config for finding
libtasn1, use proper autoconf checks or pkg-config instead.
- Remove AutoReqProv: it\'s default now.
- Pass --disable-static to configure.