From patchwork Mon Jun  3 14:47:29 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 7840
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4VtGmW0LFkz3wxV
	for <patchwork@web04.haj.ipfire.org>; Mon,  3 Jun 2024 14:47:55 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4VtGmG0LDJz5n7;
	Mon,  3 Jun 2024 14:47:42 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4VtGmF4mQWz33DK;
	Mon,  3 Jun 2024 14:47:41 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4VtGmC3TbQz331F
	for <development@lists.ipfire.org>; Mon,  3 Jun 2024 14:47:39 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4VtGmC1zmqz1Hm;
	Mon,  3 Jun 2024 14:47:39 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1717426059;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ROUMz00Fbzk4wTnkYzy9Z+Sto/+tbfozm/xqTYDSzU4=;
	b=thw8MPxftzKk6L5ob5/rgBmEz+zB+FH/LwJ4DX+jPeqPuH2/x9gQXRo6jhNw1LgC76CV7+
	Vhre25ePS3ljECBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1717426059;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ROUMz00Fbzk4wTnkYzy9Z+Sto/+tbfozm/xqTYDSzU4=;
	b=jyb3AcOYFU0QEX/3/Pvb/9opQo1cKBP/xoNkC3k96NzUI0FJ3KgQ1oPvCpsPRpln7ziKwf
	27wU1zOe9Yeq50s13I16CCq5P9bbQ8mPDGDaiGO0wmDNJ5OJNPXKkr19TM1IgfYco+ix0v
	3P5/Fv3NB5hFm0xqPAHBKzQ6vLUtoI+jzWCffa8FAnarBnl7J8fu6tpE49DRW38z2lk1VZ
	6WWPN2zwFuCIdQAZlY3fqEJkJu7HZi6sYzq1ilv5QhYwLvNhBLB+4WzYMNNgzlJs6J40jW
	87s0zZDYsUsDkA4S1Hxnj4tQjC72v8S6+MM1bJb/yIpVc2T+5gsFZA9dAKw27A==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] gnutls: Update to version 3.8.5
Date: Mon,  3 Jun 2024 16:47:29 +0200
Message-ID: <20240603144731.2620910-3-adolf.belka@ipfire.org>
In-Reply-To: <20240603144731.2620910-1-adolf.belka@ipfire.org>
References: <20240603144731.2620910-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: AITNJOZJETEQI3ZD6LFN32JPE7JR6DE4
X-Message-ID-Hash: AITNJOZJETEQI3ZD6LFN32JPE7JR6DE4
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/AITNJOZJETEQI3ZD6LFN32JPE7JR6DE4/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Update from version 3.8.3 to 3.8.5
- Update of rootfile
- Changelog
    3.8.5
	** libgnutls: Due to majority of usages and implementations of
	   RSA decryption with PKCS#1 v1.5 padding being incorrect,
	   leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
	   is being deprecated (encryption and decryption) and will be
	   disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
	   has been added into the system-wide library configuration which
	   allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
	   RSAES-PKCS1-v1_5 is enabled by default.
	** libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
	   backward compatibility with GCR.
	** libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
	   v1.5 decryption error handling and deterministic ECDSA with earlier
	   versions of GMP.  These were a regression introduced in the 3.8.4
	   release. See #1535 and !1827.
	** build: Fixed a bug where building gnutls statically failed due
	   to a duplicate definition of nettle_rsa_compute_root_tr().
	** API and ABI modifications:
	GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of gnutls_pkcs_encrypt_flags_t

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/gnutls | 4 +++-
 lfs/gnutls                     | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
index 6cdaeb151..6a5d1a3bf 100644
--- a/config/rootfiles/common/gnutls
+++ b/config/rootfiles/common/gnutls
@@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1
 #usr/lib/libgnutls.la
 #usr/lib/libgnutls.so
 usr/lib/libgnutls.so.30
-usr/lib/libgnutls.so.30.37.1
+usr/lib/libgnutls.so.30.39.0
 #usr/lib/libgnutlsxx.la
 #usr/lib/libgnutlsxx.so
 usr/lib/libgnutlsxx.so.30
@@ -1257,8 +1257,10 @@ usr/lib/libgnutlsxx.so.30.0.0
 #usr/share/man/man3/gnutls_x509_rdn_get_by_oid.3
 #usr/share/man/man3/gnutls_x509_rdn_get_oid.3
 #usr/share/man/man3/gnutls_x509_spki_deinit.3
+#usr/share/man/man3/gnutls_x509_spki_get_rsa_oaep_params.3
 #usr/share/man/man3/gnutls_x509_spki_get_rsa_pss_params.3
 #usr/share/man/man3/gnutls_x509_spki_init.3
+#usr/share/man/man3/gnutls_x509_spki_set_rsa_oaep_params.3
 #usr/share/man/man3/gnutls_x509_spki_set_rsa_pss_params.3
 #usr/share/man/man3/gnutls_x509_tlsfeatures_add.3
 #usr/share/man/man3/gnutls_x509_tlsfeatures_check_crt.3
diff --git a/lfs/gnutls b/lfs/gnutls
index 39e1d0bd1..81030e483 100644
--- a/lfs/gnutls
+++ b/lfs/gnutls
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.8.3
+VER        = 3.8.5
 
 THISAPP    = gnutls-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 27a4bb4d8a5697e2187113351b2ad1e849bca7bcfb556c1b54fc2d02bef16e2789e7c437ac8db8fe6d2bcfc0e3e3467bbff2dd5d2fc0adb9bf8bda81cb89e452
+$(DL_FILE)_BLAKE2 = 30ea0e213b426df896af7cddfc39a7c50fd3130f99ced8386dc55e851122a37f6171722d2cb4abb68b9d2523cd3ba044b01248d740571a3bdd0cadf555894cdf
 
 install : $(TARGET)