From patchwork Fri Jul 8 20:53:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 5727 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Lflr30zbfz3wwD for ; Fri, 8 Jul 2022 20:53:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Lflr06MYPz1Nm; Fri, 8 Jul 2022 20:53:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Lflr047qbz2xnF; Fri, 8 Jul 2022 20:53:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Lflqy6dVXz2xFl for ; Fri, 8 Jul 2022 20:53:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Lflqx4nZ8zMK; Fri, 8 Jul 2022 20:53:49 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1657313629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=lssf7dmn0CZRAoj3kfVW7zyUrq8gvDLB+DkqLKEmILk=; b=S3+CN5PilwaO0TqyiG9yUH1Me2gaH86w9ehmN1wAcNTGU8Rv2SSOZl/gW8X0xMtthl9rvO 8dtVc3X33PFARyCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1657313629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=lssf7dmn0CZRAoj3kfVW7zyUrq8gvDLB+DkqLKEmILk=; b=qiVWjyELSE/s2VsFBa+AtA5SI/wQdLF8yx/VXIVu8pL1AYlikJXr5ihOX931gE8uHnz1nI EnJ5iRLgBYfg9vVN0Yk0iC2hJ2WIRvSUGa97xp+TZgiE0X8TpOnkp9wfBN9C2zS53kDAwT QGfJBA2tK9jehipVXu+ELZK/INdiss4bEcG5Vw+2UfaO7KTeaHdXRUEFANJGUagJVdbFXo kfd3098bBTv9T2wIv6SHQlvPMCQTKWd23FDSCTnAivPEegouhWmcNXJqYsM/PaNJnpvc3b KWrJtgy6JaX2GpQ4ejbbfComjcV/jzurcgEp2Q8TAIALduPm/uxK/c0WXjb3nA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] gnutls: Update to version 3.7.6 Date: Fri, 8 Jul 2022 22:53:43 +0200 Message-Id: <20220708205343.2972564-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 3.6.16 to 3.7.6 - Update of rootfile - find-dependencies run on sobump libs. No dependencies flagged for the old or new libs - Changelog * Version 3.7.6 (released 2022-05-27) ** libgnutls: Fixed invalid write when gnutls_realloc_zero() is called with new_size < old_size. This bug caused heap corruption when gnutls_realloc_zero() has been set as gmp reallocfunc (!1592, #1367, #1368, #1369). ** API and ABI modifications: No changes since last version. * Version 3.7.5 (released 2022-05-15) ** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority modifier have been added to disable session ticket usage in TLS 1.2 because it does not provide forward secrecy (#477). On the other hand, since session tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now only disables session tickets in TLS 1.2. Future backward incompatibility: in the next major release of GnuTLS, we plan to remove those flag and modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2. ** gnutls-cli, gnutls-serv: Channel binding for printing information has been changed from tls-unique to tls-exporter as tls-unique is not supported in TLS 1.3. ** libgnutls: Certificate sanity checks has been enhanced to make gnutls more RFC 5280 compliant (!1583). Following changes were included: - critical extensions are parsed when loading x509 certificate to prohibit any random octet strings. Requires strict-x509 configure option to be enabled - garbage bits in Key Usage extension are prohibited - empty DirectoryStrings in Distinguished name structures of Issuer and Subject name are prohibited ** libgnutls: Removed 3DES from FIPS approved algorithms (#1353). According to the section 2 of SP800-131A Rev.2, 3DES algorithm will be disallowed for encryption after December 31, 2023: https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final ** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312). The existing AEAD API that works in a scatter-gather fashion (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC. For further optimization, new function (gnutls_aead_cipher_set_key) has been added to set key on the existing AEAD handle without re-allocation. ** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode when used in TLS (#1311). ** The configure arguments for Brotli and Zstandard (zstd) support have changed to reflect the previous help text: they are now --with-brotli/--with-zstd respectively (#1342). ** Detecting the Zstandard (zstd) library in configure has been fixed (#1343). ** API and ABI modifications: GNUTLS_NO_TICKETS_TLS12: New flag gnutls_aead_cipher_set_key: New function * Version 3.7.4 (released 2022-03-17) ** libgnutls: Added support for certificate compression as defined in RFC8879 (#1301). New API functions (gnutls_compress_certificate_get_selected_method and gnutls_compress_certificate_set_methods) allow client and server to set their preferences. ** certtool: Added option --compress-cert that allows user to specify compression methods for certificate compression. ** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure option to enforce stricter certificate sanity checks that are compliant with RFC5280. ** libgnutls: Removed IA5String type from DirectoryString within issuer and subject name to make DirectoryString RFC5280 compliant. ** libgnutls: Added function (gnutls_record_send_file) to send file content from open file descriptor (!1486). The implementation is optimized if KTLS (kernel TLS) is enabled. ** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name of current ciphersuite from TLS session (#1291). ** libgnutls: The run-time dependency on tpm2-tss is now re-implemented using dlopen, so GnuTLS does not indirectly link to other crypto libraries until TPM2 functionality is utilized (!1544). ** API and ABI modifications: GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member gnutls_compress_certificate_get_selected_method: Added gnutls_compress_certificate_set_methods: Added gnutls_ciphersuite_get: New function gnutls_record_send_file: New function libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1 * Version 3.7.3 (released 2022-01-17) ** libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). ** The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. ** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. ** libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. ** certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. ** certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. ** libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. ** libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. ** libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). ** libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. ** gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). ** libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] ** API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Version 3.7.2 (released 2021-05-29) ** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode ** libgnutls: The Linux kernel AF_ALG based acceleration has been added. This can be enabled with --enable-afalg configure option, when libkcapi package is installed (#308). ** libgnutls: Fixed timing of early data exchange. Previously, the client was sending early data after receiving Server Hello, which not only negates the benefit of 0-RTT, but also works under certain assumptions hold (e.g., the same ciphersuite is selected in initial and resumption handshake) (#1146). ** certtool: When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default (#1126). ** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now deprecated and will be removed in the future releases. ** certtool: When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale (e.g. Country before State, Organization before OrganizationalUnit). This change also affects the order in which certtool prompts interactively. Please rely on the template mechanism for automated use of certtool! (#1243) ** API and ABI modifications: gnutls_early_cipher_get: Added gnutls_early_prf_hash_get: Added ** guile: Writes to a session record port no longer throw an exception upon GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. * Version 3.7.1 (released 2021-03-10) ** libgnutls: Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. When sending those extensions, the client may dereference a pointer no longer valid after realloc. This happens only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] ** libgnutls: Fixed a regression in handling duplicated certs in a chain (#1131). ** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox compatibiltiy mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions (#1074). ** libgnutls: W32 performance improvement with a new sendmsg()-like transport implementation (!1377). ** libgnutls: Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode (#1101). ** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). ** API and ABI modifications: No changes since last version. * Version 3.7.0 (released 2020-12-02) ** libgnutls: Depend on nettle 3.6 (!1322). ** libgnutls: Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains (#202, #968, #1100). ** libgnutls: Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification (#1012). ** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension (#805). ** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849, #850). ** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are now no-op (#790). ** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161). ** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin CPU (#1079). ** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes (#932). ** API and ABI modifications: gnutls_x509_trust_list_set_getissuer_function: Added gnutls_x509_trust_list_get_ptr: Added gnutls_x509_trust_list_set_ptr: Added gnutls_session_set_verify_output_function: Added gnutls_record_encryption_level_t: New enum gnutls_handshake_read_func: New callback type gnutls_handshake_set_read_function: New function gnutls_handshake_write: New function gnutls_handshake_secret_func: New callback type gnutls_handshake_set_secret_function: New function gnutls_alert_read_func: New callback type gnutls_alert_set_read_function: New function gnutls_crypto_register_cipher: Deprecated; no-op gnutls_crypto_register_aead_cipher: Deprecated; no-op gnutls_crypto_register_mac: Deprecated; no-op gnutls_crypto_register_digest: Deprecated; no-op Signed-off-by: Adolf Belka Reviewed-by: Peter Müller --- config/rootfiles/common/gnutls | 42 +++++++++++++++++++++++++++++++--- lfs/gnutls | 4 ++-- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls index e59c1a84f..25173efd3 100644 --- a/config/rootfiles/common/gnutls +++ b/config/rootfiles/common/gnutls @@ -33,15 +33,16 @@ usr/lib/libgnutls-dane.so.0.4.1 #usr/lib/libgnutls.la #usr/lib/libgnutls.so usr/lib/libgnutls.so.30 -usr/lib/libgnutls.so.30.28.2 +usr/lib/libgnutls.so.30.33.1 #usr/lib/libgnutlsxx.la #usr/lib/libgnutlsxx.so -usr/lib/libgnutlsxx.so.28 -usr/lib/libgnutlsxx.so.28.1.0 +usr/lib/libgnutlsxx.so.30 +usr/lib/libgnutlsxx.so.30.0.0 #usr/lib/pkgconfig/gnutls-dane.pc #usr/lib/pkgconfig/gnutls.pc #usr/share/doc/gnutls #usr/share/doc/gnutls/gnutls-client-server-use-case.png +#usr/share/doc/gnutls/gnutls-crypto-layers.png #usr/share/doc/gnutls/gnutls-handshake-sequence.png #usr/share/doc/gnutls/gnutls-handshake-state.png #usr/share/doc/gnutls/gnutls-internals.png @@ -51,6 +52,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/doc/gnutls/gnutls-x509.png #usr/share/doc/gnutls/pkcs11-vision.png #usr/share/info/gnutls-client-server-use-case.png +#usr/share/info/gnutls-crypto-layers.png #usr/share/info/gnutls-guile.info #usr/share/info/gnutls-handshake-sequence.png #usr/share/info/gnutls-handshake-state.png @@ -119,11 +121,13 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_aead_cipher_encryptv.3 #usr/share/man/man3/gnutls_aead_cipher_encryptv2.3 #usr/share/man/man3/gnutls_aead_cipher_init.3 +#usr/share/man/man3/gnutls_aead_cipher_set_key.3 #usr/share/man/man3/gnutls_alert_get.3 #usr/share/man/man3/gnutls_alert_get_name.3 #usr/share/man/man3/gnutls_alert_get_strname.3 #usr/share/man/man3/gnutls_alert_send.3 #usr/share/man/man3/gnutls_alert_send_appropriate.3 +#usr/share/man/man3/gnutls_alert_set_read_function.3 #usr/share/man/man3/gnutls_alpn_get_selected_protocol.3 #usr/share/man/man3/gnutls_alpn_set_protocols.3 #usr/share/man/man3/gnutls_anon_allocate_client_credentials.3 @@ -234,6 +238,9 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_cipher_suite_get_name.3 #usr/share/man/man3/gnutls_cipher_suite_info.3 #usr/share/man/man3/gnutls_cipher_tag.3 +#usr/share/man/man3/gnutls_ciphersuite_get.3 +#usr/share/man/man3/gnutls_compress_certificate_get_selected_method.3 +#usr/share/man/man3/gnutls_compress_certificate_set_methods.3 #usr/share/man/man3/gnutls_compression_get.3 #usr/share/man/man3/gnutls_compression_get_id.3 #usr/share/man/man3/gnutls_compression_get_name.3 @@ -282,6 +289,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_digest_get_name.3 #usr/share/man/man3/gnutls_digest_get_oid.3 #usr/share/man/man3/gnutls_digest_list.3 +#usr/share/man/man3/gnutls_digest_set_secure.3 #usr/share/man/man3/gnutls_dtls_cookie_send.3 #usr/share/man/man3/gnutls_dtls_cookie_verify.3 #usr/share/man/man3/gnutls_dtls_get_data_mtu.3 @@ -291,6 +299,8 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_dtls_set_data_mtu.3 #usr/share/man/man3/gnutls_dtls_set_mtu.3 #usr/share/man/man3/gnutls_dtls_set_timeouts.3 +#usr/share/man/man3/gnutls_early_cipher_get.3 +#usr/share/man/man3/gnutls_early_prf_hash_get.3 #usr/share/man/man3/gnutls_ecc_curve_get.3 #usr/share/man/man3/gnutls_ecc_curve_get_id.3 #usr/share/man/man3/gnutls_ecc_curve_get_name.3 @@ -298,6 +308,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_ecc_curve_get_pk.3 #usr/share/man/man3/gnutls_ecc_curve_get_size.3 #usr/share/man/man3/gnutls_ecc_curve_list.3 +#usr/share/man/man3/gnutls_ecc_curve_set_enabled.3 #usr/share/man/man3/gnutls_encode_ber_digest_info.3 #usr/share/man/man3/gnutls_encode_gost_rs_value.3 #usr/share/man/man3/gnutls_encode_rs_value.3 @@ -312,8 +323,14 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_ext_register.3 #usr/share/man/man3/gnutls_ext_set_data.3 #usr/share/man/man3/gnutls_fingerprint.3 +#usr/share/man/man3/gnutls_fips140_context_deinit.3 +#usr/share/man/man3/gnutls_fips140_context_init.3 +#usr/share/man/man3/gnutls_fips140_get_operation_state.3 #usr/share/man/man3/gnutls_fips140_mode_enabled.3 +#usr/share/man/man3/gnutls_fips140_pop_context.3 +#usr/share/man/man3/gnutls_fips140_push_context.3 #usr/share/man/man3/gnutls_fips140_set_mode.3 +#usr/share/man/man3/gnutls_get_library_config.3 #usr/share/man/man3/gnutls_get_system_config_file.3 #usr/share/man/man3/gnutls_global_deinit.3 #usr/share/man/man3/gnutls_global_init.3 @@ -338,7 +355,10 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_handshake_set_post_client_hello_function.3 #usr/share/man/man3/gnutls_handshake_set_private_extensions.3 #usr/share/man/man3/gnutls_handshake_set_random.3 +#usr/share/man/man3/gnutls_handshake_set_read_function.3 +#usr/share/man/man3/gnutls_handshake_set_secret_function.3 #usr/share/man/man3/gnutls_handshake_set_timeout.3 +#usr/share/man/man3/gnutls_handshake_write.3 #usr/share/man/man3/gnutls_hash.3 #usr/share/man/man3/gnutls_hash_copy.3 #usr/share/man/man3/gnutls_hash_deinit.3 @@ -655,6 +675,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_protocol_get_name.3 #usr/share/man/man3/gnutls_protocol_get_version.3 #usr/share/man/man3/gnutls_protocol_list.3 +#usr/share/man/man3/gnutls_protocol_set_enabled.3 #usr/share/man/man3/gnutls_psk_allocate_client_credentials.3 #usr/share/man/man3/gnutls_psk_allocate_server_credentials.3 #usr/share/man/man3/gnutls_psk_client_get_hint.3 @@ -738,6 +759,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_record_send.3 #usr/share/man/man3/gnutls_record_send2.3 #usr/share/man/man3/gnutls_record_send_early_data.3 +#usr/share/man/man3/gnutls_record_send_file.3 #usr/share/man/man3/gnutls_record_send_range.3 #usr/share/man/man3/gnutls_record_set_max_early_data_size.3 #usr/share/man/man3/gnutls_record_set_max_recv_size.3 @@ -783,6 +805,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_session_set_verify_cert.3 #usr/share/man/man3/gnutls_session_set_verify_cert2.3 #usr/share/man/man3/gnutls_session_set_verify_function.3 +#usr/share/man/man3/gnutls_session_set_verify_output_function.3 #usr/share/man/man3/gnutls_session_supplemental_register.3 #usr/share/man/man3/gnutls_session_ticket_enable_client.3 #usr/share/man/man3/gnutls_session_ticket_enable_server.3 @@ -801,6 +824,8 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_sign_is_secure.3 #usr/share/man/man3/gnutls_sign_is_secure2.3 #usr/share/man/man3/gnutls_sign_list.3 +#usr/share/man/man3/gnutls_sign_set_secure.3 +#usr/share/man/man3/gnutls_sign_set_secure_for_certs.3 #usr/share/man/man3/gnutls_sign_supports_pk_algorithm.3 #usr/share/man/man3/gnutls_srp_allocate_client_credentials.3 #usr/share/man/man3/gnutls_srp_allocate_server_credentials.3 @@ -857,6 +882,7 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_transport_get_int2.3 #usr/share/man/man3/gnutls_transport_get_ptr.3 #usr/share/man/man3/gnutls_transport_get_ptr2.3 +#usr/share/man/man3/gnutls_transport_is_ktls_enabled.3 #usr/share/man/man3/gnutls_transport_set_errno.3 #usr/share/man/man3/gnutls_transport_set_errno_function.3 #usr/share/man/man3/gnutls_transport_set_fastopen.3 @@ -1113,6 +1139,8 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_x509_crt_sign2.3 #usr/share/man/man3/gnutls_x509_crt_verify.3 #usr/share/man/man3/gnutls_x509_crt_verify_data2.3 +#usr/share/man/man3/gnutls_x509_ct_sct_get.3 +#usr/share/man/man3/gnutls_x509_ct_sct_get_version.3 #usr/share/man/man3/gnutls_x509_dn_deinit.3 #usr/share/man/man3/gnutls_x509_dn_export.3 #usr/share/man/man3/gnutls_x509_dn_export2.3 @@ -1124,6 +1152,10 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_x509_dn_oid_known.3 #usr/share/man/man3/gnutls_x509_dn_oid_name.3 #usr/share/man/man3/gnutls_x509_dn_set_str.3 +#usr/share/man/man3/gnutls_x509_ext_ct_export_scts.3 +#usr/share/man/man3/gnutls_x509_ext_ct_import_scts.3 +#usr/share/man/man3/gnutls_x509_ext_ct_scts_deinit.3 +#usr/share/man/man3/gnutls_x509_ext_ct_scts_init.3 #usr/share/man/man3/gnutls_x509_ext_deinit.3 #usr/share/man/man3/gnutls_x509_ext_export_aia.3 #usr/share/man/man3/gnutls_x509_ext_export_authority_key_id.3 @@ -1233,12 +1265,16 @@ usr/lib/libgnutlsxx.so.28.1.0 #usr/share/man/man3/gnutls_x509_trust_list_get_issuer.3 #usr/share/man/man3/gnutls_x509_trust_list_get_issuer_by_dn.3 #usr/share/man/man3/gnutls_x509_trust_list_get_issuer_by_subject_key_id.3 +#usr/share/man/man3/gnutls_x509_trust_list_get_ptr.3 #usr/share/man/man3/gnutls_x509_trust_list_init.3 #usr/share/man/man3/gnutls_x509_trust_list_iter_deinit.3 #usr/share/man/man3/gnutls_x509_trust_list_iter_get_ca.3 #usr/share/man/man3/gnutls_x509_trust_list_remove_cas.3 #usr/share/man/man3/gnutls_x509_trust_list_remove_trust_file.3 #usr/share/man/man3/gnutls_x509_trust_list_remove_trust_mem.3 +#usr/share/man/man3/gnutls_x509_trust_list_set_getissuer_function.3 +#usr/share/man/man3/gnutls_x509_trust_list_set_ptr.3 #usr/share/man/man3/gnutls_x509_trust_list_verify_crt.3 #usr/share/man/man3/gnutls_x509_trust_list_verify_crt2.3 #usr/share/man/man3/gnutls_x509_trust_list_verify_named_crt.3 + diff --git a/lfs/gnutls b/lfs/gnutls index 169c8ce85..9c418890a 100644 --- a/lfs/gnutls +++ b/lfs/gnutls @@ -24,7 +24,7 @@ include Config -VER = 3.6.16 +VER = 3.7.6 THISAPP = gnutls-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2c40e199e4e107a81d22b84305cf27b3ca2a2b5d505a3fbd398dcfaec0ae30c71cae8a8b290523d3ad8636b2fb6b9da2a496315c20555265c681225b9b6bf6a4 +$(DL_FILE)_BLAKE2 = 9f3cce8dfc0b88f2c42d1d2633417dac649a265407b620b6d15967e5210debb99d287ef31d2b9dc37a527ac1e5b9db4c240b98a63293078fbd2e26ac694bf3d3 install : $(TARGET)