diff mbox series

gnutls: Update to version 3.8.11

Message ID 20251201161107.23245-2-adolf.belka@ipfire.org
State Staged
Commit 6a9462b69263f5d1d685012d7f73beba7b7effe2
Headers
Series gnutls: Update to version 3.8.11 |

Commit Message

Adolf Belka 1 Dec 2025, 4:11 p.m. UTC 
- Update from version 3.8.10 to 3.8.11
- Update of rootfile
- One CVE fix
- Changelog
    3.8.11
	libgnutls: Fix stack overwrite in gnutls_pkcs11_token_init
	   Reported by Luigino Camastra from Aisle Research. [GNUTLS-SA-2025-11-18,
	   CVSS: low] [CVE-2025-9820]
	libgnutls: MAC algorithms for PSK binders is now configurable
	   The previous implementation assumed HMAC-SHA256 to calculate the
	   PSK binders. With the new gnutls_psk_allocate_client_credentials2()
	   and gnutls_psk_allocate_server_credentials2() functions, the
	   application can use other MAC algorithms such as HMAC-SHA384.
	libgnutls: Expose a new function to provide the maximum record send size
	   A new function gnutls_record_get_max_send_size() has been added to
	   determine the maximum size of a TLS record to be sent to the peer.
	libgnutls: Expose a new function to update keys without sending a KeyUpdate
	   to the peer. A new function gnutls_handshake_update_receiving_key()
	   has been added to allow updating the local receiving key without
	   sending any KeyUpdate messages.
	libgnutls: PKCS#11 cryptographic provider configuration takes a token URI
	   instead of a module path. To allow using a PKCS#11 module exposing
	   multiple tokens, the "path" configuration keyword was replaced with
	   the "url" keyword.
	libgnutls: Support crypto-auditing probe points
	   crypto-auditing is a project to monitor which cryptographic
	   operations are taking place in the library at run time, through
	   eBPF. This adds necessary probe points for that, in public key
	   cryptography and the TLS use-case. To enable this, run configure
	   with --enable-crypto-auditing.
	build: The minimum version of Nettle has been updated to 3.10
	   Given Nettle 3.10 is ABI compatible with 3.6 and includes several
	   security relevant fixes, the library's minimum requirement of
	   Nettle is updated to 3.10.
	build: The default priority file path is now constructed from sysconfdir
	   Previously, the location of the default priority file was
	   hard-coded to be /etc/gnutls/config. Now it takes into account of
	   the --sysconfdir option given to the configure script.
	API and ABI modifications:
	   gnutls_psk_allocate_client_credentials2: New function
	   gnutls_psk_allocate_server_credentials2: New function
	   gnutls_record_get_max_send_size: New function
	   gnutls_handshake_update_receiving_key: New function
	   gnutls_audit_push_context: New function
	   gnutls_audit_pop_context: New function
	   gnutls_audit_current_context: New function

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/gnutls | 9 ++++++++-
 lfs/gnutls                     | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
index e86384325..52c3b6764 100644
--- a/config/rootfiles/common/gnutls
+++ b/config/rootfiles/common/gnutls
@@ -32,7 +32,7 @@  usr/lib/libgnutls-dane.so.0.4.1
 #usr/lib/libgnutls.la
 #usr/lib/libgnutls.so
 usr/lib/libgnutls.so.30
-usr/lib/libgnutls.so.30.40.4
+usr/lib/libgnutls.so.30.41.0
 #usr/lib/libgnutlsxx.la
 #usr/lib/libgnutlsxx.so
 usr/lib/libgnutlsxx.so.30
@@ -143,6 +143,9 @@  usr/lib/libgnutlsxx.so.30.0.0
 #usr/share/man/man3/gnutls_anti_replay_set_add_function.3
 #usr/share/man/man3/gnutls_anti_replay_set_ptr.3
 #usr/share/man/man3/gnutls_anti_replay_set_window.3
+#usr/share/man/man3/gnutls_audit_current_context.3
+#usr/share/man/man3/gnutls_audit_pop_context.3
+#usr/share/man/man3/gnutls_audit_push_context.3
 #usr/share/man/man3/gnutls_auth_client_get_type.3
 #usr/share/man/man3/gnutls_auth_get_type.3
 #usr/share/man/man3/gnutls_auth_server_get_type.3
@@ -360,6 +363,7 @@  usr/lib/libgnutlsxx.so.30.0.0
 #usr/share/man/man3/gnutls_handshake_set_read_function.3
 #usr/share/man/man3/gnutls_handshake_set_secret_function.3
 #usr/share/man/man3/gnutls_handshake_set_timeout.3
+#usr/share/man/man3/gnutls_handshake_update_receiving_key.3
 #usr/share/man/man3/gnutls_handshake_write.3
 #usr/share/man/man3/gnutls_hash.3
 #usr/share/man/man3/gnutls_hash_copy.3
@@ -684,7 +688,9 @@  usr/lib/libgnutlsxx.so.30.0.0
 #usr/share/man/man3/gnutls_protocol_list.3
 #usr/share/man/man3/gnutls_protocol_set_enabled.3
 #usr/share/man/man3/gnutls_psk_allocate_client_credentials.3
+#usr/share/man/man3/gnutls_psk_allocate_client_credentials2.3
 #usr/share/man/man3/gnutls_psk_allocate_server_credentials.3
+#usr/share/man/man3/gnutls_psk_allocate_server_credentials2.3
 #usr/share/man/man3/gnutls_psk_client_get_hint.3
 #usr/share/man/man3/gnutls_psk_format_imported_identity.3
 #usr/share/man/man3/gnutls_psk_free_client_credentials.3
@@ -761,6 +767,7 @@  usr/lib/libgnutlsxx.so.30.0.0
 #usr/share/man/man3/gnutls_record_get_direction.3
 #usr/share/man/man3/gnutls_record_get_discarded.3
 #usr/share/man/man3/gnutls_record_get_max_early_data_size.3
+#usr/share/man/man3/gnutls_record_get_max_send_size.3
 #usr/share/man/man3/gnutls_record_get_max_size.3
 #usr/share/man/man3/gnutls_record_get_state.3
 #usr/share/man/man3/gnutls_record_overhead_size.3
diff --git a/lfs/gnutls b/lfs/gnutls
index 25920dfe7..15d0362dd 100644
--- a/lfs/gnutls
+++ b/lfs/gnutls
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 3.8.10
+VER        = 3.8.11
 
 THISAPP    = gnutls-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 0b62e93b2818d2265ca11e561724547fa3c24d08986eb77ea743b4af52773db975c1859164c7d405d9a9bedfa981af58f10f85100b6c0e3542a38c49af407a4d
+$(DL_FILE)_BLAKE2 = 54ec3fb396187294ae59c65fa92a515175d8ab19d9f5656569b372b5764b3090724aaa8cedd9467b530f2c74e86a6bfd956d3bd9439a7b69656dcc24e303cbe6
 
 install : $(TARGET)