Changeset 82cb66b in mod_gnutls
- Timestamp:
- Feb 23, 2023, 1:32:13 PM (4 weeks ago)
- Branches:
- main, master
- Children:
- 17b2836
- Parents:
- b2b3700
- git-author:
- Fiona Klute <fiona.klute@…> (02/23/23 13:31:31)
- git-committer:
- Fiona Klute <fiona.klute@…> (02/23/23 13:32:13)
- Files:
-
- 2 edited
-
CHANGELOG (modified) (1 diff)
-
configure.ac (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
CHANGELOG
rb2b3700 r82cb66b 1 ** Version 0.12.1 (2023-02-23) 2 3 - Security fix: Remove an infinite loop in blocking read on transport 4 timeout. Mod_gnutls versions from 0.9.0 to 0.12.0 (including) did 5 not properly fail blocking read operations on TLS connections when 6 the transport hit timeouts. Instead it entered an endless loop 7 retrying the read operation, consuming CPU resources. This could be 8 exploited for denial of service attacks. If trace level logging was 9 enabled, it would also produce an excessive amount of log output 10 during the loop, consuming disk space. 11 12 - Replace obsolete Autoconf macros. Generating ./configure now 13 requires Autoconf 2.69 (present in Debian Bullseye). 14 1 15 ** Version 0.12.0 (2021-08-14) 2 16 -
configure.ac
rb2b3700 r82cb66b 1 1 AC_PREREQ([2.69]) 2 AC_INIT([mod_gnutls],[0.12. 0])2 AC_INIT([mod_gnutls],[0.12.1]) 3 3 OOO_CONFIG_NICE(config.nice) 4 4 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
Note: See TracChangeset
for help on using the changeset viewer.
