From patchwork Sat Nov 9 17:38:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8210 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Xm31x22YCz3xDv for ; Sat, 9 Nov 2024 17:38:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Xm31t5QFnz4gp; Sat, 9 Nov 2024 17:38:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Xm31t4qG5z34K1; Sat, 9 Nov 2024 17:38:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Xm31m0rPcz32VK for ; Sat, 9 Nov 2024 17:38:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Xm31l6VRBz15G; Sat, 9 Nov 2024 17:38:19 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1731173900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VO8wEe/3IEOx1qAQ5GTYCMTYoPRfmc1SCUkZNcs2Pmg=; b=nhNUgkPRKQ6PM1ynzyMrub0Y9o9bcdZ67171VZcKbs+ZQpe32zgfAOF9dBFvmw+60KSwwF cSHohrFD12wxKPDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1731173900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VO8wEe/3IEOx1qAQ5GTYCMTYoPRfmc1SCUkZNcs2Pmg=; b=rTpDPmWQ+YSFcg5+YoS3Wn4ePLrVPgNgLViHc92olQxannGNEylIOSSgnYf0gcs0Ic7233 1Hahk57N2A1hVIuG+QmuqwUftL8rAnNH/UG2qIbogGDzcspRPX3AjBycuCbxyDJNnxNoDa HKeG0GqioN7D8Ob/5p/C98ObDfLu4ClyF8lcBRyAoOOrLJTUzPhCHUzsYNBTOiGJJtliT3 aDgP3dK4HIITvX5IBGAquZ67UoAjzwZoBF1g/cPI+DF2J8Whq5h22qw6rC461wikoaT+5J GrqfDiuxVt+PB68H/2SnIaDrhqm8kR1bSxKZAGlLply0vY3+30QadNkLkOnKlQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] gnutls: Update to version 3.8.8 Date: Sat, 9 Nov 2024 18:38:11 +0100 Message-ID: <20241109173814.1058040-4-adolf.belka@ipfire.org> In-Reply-To: <20241109173814.1058040-1-adolf.belka@ipfire.org> References: <20241109173814.1058040-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: B4BQP3PYXEUISJJ4JWUMNON2N622JPOY X-Message-ID-Hash: B4BQP3PYXEUISJJ4JWUMNON2N622JPOY X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.8.7 to 3.8.8 - Update of rootfile - Changelog 3.8.8 ** libgnutls: Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange in TLS 1.3 The support for post-quantum key exchanges has been extended to cover the final standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem. The minimum supported version of liboqs is bumped to 0.11.0. ** libgnutls: All records included in an OCSP response are now checked in TLS Previously, when multiple records are provided in a single OCSP response, only the first record was considered; now all those records are examined until the server certificate matches. ** libgnutls: Handling of malformed compress_certificate extension is now more standard compliant The server behavior of receiving a malformed compress_certificate extension now more strictly follows RFC 8879; return illegal_parameter alert instead of bad_certificate, as well as overlong extension data is properly rejected. ** build: More flexible library linking options for compression libraries, TPM, and liboqs support The configure options, --with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs now take 4 states: yes/link/dlopen/no, to specify how the libraries are linked or loaded. Signed-off-by: Adolf Belka --- config/rootfiles/common/gnutls | 20 +++++++++++++++++++- lfs/gnutls | 4 ++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index 6707e8290..4f496435f 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.40.1 +usr/lib/libgnutls.so.30.40.2 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so usr/lib/libgnutlsxx.so.30 @@ -68,6 +68,24 @@ usr/lib/libgnutlsxx.so.30.0.0 #usr/share/info/gnutls.info-6 #usr/share/info/gnutls.info-7 #usr/share/info/pkcs11-vision.png +#usr/share/locale/cs/LC_MESSAGES/gnutls.mo +#usr/share/locale/de/LC_MESSAGES/gnutls.mo +#usr/share/locale/eo/LC_MESSAGES/gnutls.mo +#usr/share/locale/es/LC_MESSAGES/gnutls.mo +#usr/share/locale/fi/LC_MESSAGES/gnutls.mo +#usr/share/locale/fr/LC_MESSAGES/gnutls.mo +#usr/share/locale/it/LC_MESSAGES/gnutls.mo +#usr/share/locale/ka/LC_MESSAGES/gnutls.mo +#usr/share/locale/ms/LC_MESSAGES/gnutls.mo +#usr/share/locale/nl/LC_MESSAGES/gnutls.mo +#usr/share/locale/pl/LC_MESSAGES/gnutls.mo +#usr/share/locale/pt_BR/LC_MESSAGES/gnutls.mo +#usr/share/locale/ro/LC_MESSAGES/gnutls.mo +#usr/share/locale/sr/LC_MESSAGES/gnutls.mo +#usr/share/locale/sv/LC_MESSAGES/gnutls.mo +#usr/share/locale/uk/LC_MESSAGES/gnutls.mo +#usr/share/locale/vi/LC_MESSAGES/gnutls.mo +#usr/share/locale/zh_CN/LC_MESSAGES/gnutls.mo #usr/share/man/man1/certtool.1 #usr/share/man/man1/danetool.1 #usr/share/man/man1/gnutls-cli-debug.1 diff --git a/lfs/gnutls b/lfs/gnutls index 596350c3d..ad8269338 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -24,7 +24,7 @@ include Config -VER = 3.8.7 +VER = 3.8.8 THISAPP = gnutls-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 900019c5f53d6c81c2761d02008a1bd7651bf4e70043d2a74f1fca0c3cda3c3c8c87a1f9dfc090517e875e9861b6ad9dd251f8121135aeaee209b54c2538ade0 +$(DL_FILE)_BLAKE2 = d1498b0b9f14789599fd5b984d5370b632611f2702e9f4fc504ddba2a3e0dd4137bec858eb6150d031f9f50e6b3a3a7d905864f0a9f50a1f01e5ea8f37a44ba8 install : $(TARGET)