From gnutls-devel at lists.gnutls.org Sat Nov 1 13:54:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 01 Nov 2025 12:54:36 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2861016403 @dueno Pls review and let me know if I am missing anything. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2861016403 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 4 11:18:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Nov 2025 10:18:05 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) References: Message-ID: GUILLAUME GARDET created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038 Project:Branches: ggardet/gnutls:master to gnutls/gnutls:master Author: GUILLAUME GARDET When building with GCC15+, binutils 2.44+, glibc 2.41+ and `-mbranch-protection=standard` on (openSUSE Tumbleweed) aarch64, this enables PAC, BTI and GCS (Guarded Control Stack). For GCS, we need to add some gnu properties when assembler code is used, similarly to what we already did for PAC/BTI. More details on GCS: * https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/gcc-15-continuously-improving#guarded * https://docs.kernel.org/next/arch/arm64/gcs.html Please note aarch64 assembler code will need to be regenerated after this patch. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 4 17:00:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 04 Nov 2025 16:00:19 +0000 Subject: [gnutls-devel] GnuTLS | Add positive value check for preventing NULL Pointer Dereference (#1759) References: Message-ID: 7erry created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1759 ## [CVE-2021-4209](https://nvd.nist.gov/vuln/detail/CVE-2021-4209) `wrap_nettle_hash_fast` in `lib/nettle/mac.c` once caused NULL Pointer Dereference reported as CVE-2021-4209 and was fixed in Commit 3db3527 ## Similar issues Each of the following functions contains a similar logic - `wrap_aarch64_hmac_fast` in `lib/accelerated/aarch64/hmac-sha-aarch64.c` - `wrap_aarch64_hash_fast` in `lib/accelerated/aarch64/sha-aarch64.c` - `wrap_x86_hmac_fast` in `lib/accelerated/x86/hmac-x86-ssse3.c` - `wrap_x86_hash_fast` in `lib/accelerated/x86/sha-x86-ssse3.c` - `wrap_nettle_mac_fast` in `lib/nettle/mac.c` Would it make sense to fix them in the same way Commit 3db3527 did? Thank you for spending your time reading this issue. Apologies if I missed anything.`` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 5 02:58:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 05 Nov 2025 01:58:13 +0000 Subject: [gnutls-devel] GnuTLS | Add positive value check for preventing NULL Pointer Dereference (#1759) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1759#note_2867906915 Thank you for the report. However, now that the issue has been [fixed](https://git.lysator.liu.se/nettle/nettle/-/commit/99e62003c3916fdef04a2d3327281f8f498b609e) in Nettle itself, I don't see much benefit of fixing them by ourselves. We could instead bump the Nettle requirement to 3.10 or later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1759#note_2867906915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 15:38:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 14:38:59 +0000 Subject: [gnutls-devel] GnuTLS | Assorted build fixes and improvements (!2036) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036#note_2872399219 not sure if it's worth to make a NEWS entry for packagers stating "if you used `--sysconfdir`, it's now respected for default config location". maybe not. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036#note_2872399219 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 15:39:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 14:39:06 +0000 Subject: [gnutls-devel] GnuTLS | Assorted build fixes and improvements (!2036) In-Reply-To: References: Message-ID: Merge request !2036 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036 Project:Branches: dueno/gnutls:wip/dueno/usretc to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 16:42:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 15:42:04 +0000 Subject: [gnutls-devel] GnuTLS | mem: define symbol aliases for memory allocation functions (!2033) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2033 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/libgnutls.map: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2872594342 > gnutls_audit_pop_context; > gnutls_audit_current_context; > + gnutls_secure_malloc; why is it in the `GNUTLS_3_8_6` -- `GNUTLS_3_8_11` section? shouldn't it get split up into more of them? -- Alexander Sosedkin started a new discussion on devel/symbols.last: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2872594366 > gnutls_bye at GNUTLS_3_4 > -gnutls_calloc at GNUTLS_3_4 > +gnutls_calloc@(GNUTLS_3_4) do I understand correctly that the parentheses are an artifact of `objdump -T` output, signifying it's not a default version of the symbol? do we want it reflected in this file or do we want them stripped maybe? -- Alexander Sosedkin started a new discussion on lib/mem.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2872594389 > - * gnutls_global_set_mem_functions(). > + * This function should be used to deallocate memory if the library > + * allocate it. s/allocate/allocates/ -- Alexander Sosedkin started a new discussion on devel/libgnutls.abignore: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2872594412 > [suppress_function] > name = gnutls_psk_allocate_server_credentials2 > + the order of commits seems backwards to me, is it only merge commits that are supposed to be testable? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 23:13:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 22:13:04 +0000 Subject: [gnutls-devel] GnuTLS | Assorted build fixes and improvements (!2036) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036#note_2873564662 Good point, I'll include it in the 3.8.11 release notes. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036#note_2873564662 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 23:13:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 22:13:10 +0000 Subject: [gnutls-devel] GnuTLS | Assorted build fixes and improvements (!2036) In-Reply-To: References: Message-ID: All discussions on merge request !2036 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2036 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 23:13:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 22:13:25 +0000 Subject: [gnutls-devel] GnuTLS | Assorted build fixes and improvements (!2036) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036#note_2873565193 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036#note_2873565193 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 23:13:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 22:13:32 +0000 Subject: [gnutls-devel] GnuTLS | Assorted build fixes and improvements (!2036) In-Reply-To: References: Message-ID: Merge request !2036 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036 Project:Branches: dueno/gnutls:wip/dueno/usretc to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2036 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 6 23:37:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 06 Nov 2025 22:37:28 +0000 Subject: [gnutls-devel] GnuTLS | Add positive value check for preventing NULL Pointer Dereference (#1759) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1759: https://gitlab.com/gnutls/gnutls/-/issues/1759 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 7 01:46:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Nov 2025 00:46:20 +0000 Subject: [gnutls-devel] GnuTLS | mem: define symbol aliases for memory allocation functions (!2033) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on devel/symbols.last: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2873711572 > gnutls_base64_encode2 at GNUTLS_3_6_0 > gnutls_buffer_append_data at GNUTLS_3_4 > gnutls_bye at GNUTLS_3_4 > -gnutls_calloc at GNUTLS_3_4 > +gnutls_calloc@(GNUTLS_3_4) @ametzler do you know? Afaik the symbols file is for Debian. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2873711572 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 7 09:52:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Nov 2025 08:52:48 +0000 Subject: [gnutls-devel] GnuTLS | mem: define symbol aliases for memory allocation functions (!2033) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/libgnutls.map: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2874250453 > gnutls_audit_push_context; > gnutls_audit_pop_context; > gnutls_audit_current_context; > + gnutls_secure_malloc; Not sure if I get it right, but there were no new symbols introduced between 3.8.6 and 3.8.10, and the first version since then, that will have new symbols is 3.8.11. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2874250453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 7 09:54:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Nov 2025 08:54:19 +0000 Subject: [gnutls-devel] GnuTLS | mem: define symbol aliases for memory allocation functions (!2033) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on devel/libgnutls.abignore: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2874253591 > > [suppress_function] > name = gnutls_psk_allocate_server_credentials2 > + "make abi-check-latest" check runs abidiff in the reverse order, because it doesn't treat addition of symbols as an error. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2874253591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 7 15:51:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Nov 2025 14:51:03 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 Project:Branches: asosedkin/gnutls:ci-f42 to gnutls/gnutls:master Author: Alexander Sosedkin Comes with multiple other assorted fixes, the CI isn't entirely green yet. Here's an incomplete list of known remaining issues (though not exactly Fedora 42-provoked): * documentation generation needs at least !2037 * cross- jobs need privileged runners + somehow binfmt_misc doesn't work even then on Debian, but seems to work fine on Fedora. would consider moving CI runners to Fedora * tests are sometimes flaky by themselves ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 7 19:26:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 07 Nov 2025 18:26:22 +0000 Subject: [gnutls-devel] GnuTLS | mem: define symbol aliases for memory allocation functions (!2033) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on devel/symbols.last: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2875656702 > gnutls_base64_encode2 at GNUTLS_3_6_0 > gnutls_buffer_append_data at GNUTLS_3_4 > gnutls_bye at GNUTLS_3_4 > -gnutls_calloc at GNUTLS_3_4 > +gnutls_calloc@(GNUTLS_3_4) Afaict the file is used for Makefile.am's symbol-check target, for checking unwanted API breakage. The check compares current and saved "objdump -T "output. (A light weight abi-check.) It is not used by Debian. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2033#note_2875656702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 9 11:59:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 09 Nov 2025 10:59:13 +0000 Subject: [gnutls-devel] GnuTLS | timedatectl list the ntp ip/host it is using (#1760) References: Message-ID: Johannes kingma created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1760 ## Description of the feature: Currently timedatectl shows it is using an ntp server. It is not telling which one. ``` # timedatectl status Local time: Sun 2025-11-09 11:56:42 CET Universal time: Sun 2025-11-09 10:56:42 UTC RTC time: Sun 2025-11-09 10:56:42 Time zone: Europe/Zurich (CET, +0100) System clock synchronized: yes NTP service: active RTC in local TZ: no ``` ## Applications that this feature may be relevant to: It would be helpful in troubleshooting scenarios. Example output: ``` # timedatectl status Local time: Sun 2025-11-09 11:56:42 CET Universal time: Sun 2025-11-09 10:56:42 UTC RTC time: Sun 2025-11-09 10:56:42 Time zone: Europe/Zurich (CET, +0100) System clock synchronized: yes NTP service: active (ntp.example.com:123) RTC in local TZ: no ``` ## Is this feature implemented in other libraries (and which) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1760 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 9 13:01:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 09 Nov 2025 12:01:39 +0000 Subject: [gnutls-devel] GnuTLS | timedatectl list the ntp ip/host it is using (#1760) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/work_items/1760#note_2876977910 I think you got the wrong bug-tracker, **timedatectl** is not part of GnuTLS. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1760#note_2876977910 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 9 13:01:43 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 09 Nov 2025 12:01:43 +0000 Subject: [gnutls-devel] GnuTLS | timedatectl list the ntp ip/host it is using (#1760) In-Reply-To: References: Message-ID: Issue was closed by Andreas Metzler Issue #1760: https://gitlab.com/gnutls/gnutls/-/work_items/1760 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1760 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 11 18:18:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 11 Nov 2025 17:18:50 +0000 Subject: [gnutls-devel] libtasn1 | Ongoing security disclosure access (#56) References: Message-ID: Vijay Sarvepalli created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/56 Hello libtasn1 Team, We have had interactions with Nikos Mavrogiannopoulos @nmav on libtasn1 security report. Can you please give me access to it? I am from CERT/CC helping with Coordination of this security issue. It is tracked in CERT/CC with private id 271649 Thanks Vijay Sarvepalli Principal Engineer CERT/CC Vulnerability Team -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/56 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 13 11:59:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Nov 2025 10:59:42 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2886377048 This look good, and the bug is pretty annoying... Approving but rerun your pipeline with higher timeout, although the change is trivial it is always good to get at least the commit checked. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2886377048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 13 11:59:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Nov 2025 10:59:53 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Merge request !2037 was approved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037 Project:Branches: devkdas/gnutls:master to gnutls/gnutls:master Author: Karthik Das Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 13 12:02:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 13 Nov 2025 11:02:28 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2886384047 Suggested steps: 1. increase your CI timeout 2. rebase on top just to be safe 3. force push -> pipeline starts again Thanks for the contribution! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2886384047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 14 08:09:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Nov 2025 07:09:00 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2888507875 This is very trival small @FrantisekKrenzelok. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2888507875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 14 13:01:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Nov 2025 12:01:20 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Merge request !2037 was unapproved by Franti?ek Kren?elok Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037 Project:Branches: devkdas/gnutls:master to gnutls/gnutls:master Author: Karthik Das Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 14 13:13:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Nov 2025 12:13:07 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2889260610 Even if i wanted i can't override the pipeline, could you please rebase instead of merging. Or return it to the previous state, this MR will already create the merge commit, there shouldn't be one directly in the MR. If you need assistance with git commands for the above, feel free to ask. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2889260610 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 14 14:26:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Nov 2025 13:26:08 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2889482867 I am using webIDE. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2889482867 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 14 18:11:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 14 Nov 2025 17:11:27 +0000 Subject: [gnutls-devel] libtasn1 | Ongoing security disclosure access (#56) In-Reply-To: References: Message-ID: Vijay Sarvepalli commented: https://gitlab.com/gnutls/libtasn1/-/issues/56#note_2890085179 Hello libtasn1 Team, CERT/CC has planned a public release date for this vulnerability as December 3, 2025. It follows our 90-day, September 4, 2025 when the notification was initiated. I am happy to provide a private patch or support this disclosure. A CVE has been reserved as well for the said vulnerability. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/56#note_2890085179 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 16 00:49:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 15 Nov 2025 23:49:36 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2891209715 @devkdas sorry for the late reply. While the `Signed-off-by:` line is in the merge-request description, it's not in the commit message. I don't believe you can't do that with Web IDE, but if that's the case, you can simply use the git commands and attach the patch here. For example: ```console git clone https://gitlab.com/gnutls/gnutls.git cd gnutls # edit lib/audit.c git add -u git commit -s "Add missing parameter documentation in lib/audit.c" git format-patch -1 ``` This will generate a file `0001-*.patch` with `Signed-off-by:`, which you can attach to a comment. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2891209715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 16 09:35:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 16 Nov 2025 08:35:34 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2891356083 [0001-Add-missing-parameter-documentation-in-lib-audit.c.patch](/uploads/40ece2d3b09a5d07ede7dece7a961b06/0001-Add-missing-parameter-documentation-in-lib-audit.c.patch) @dueno Thanks for providing the git commands. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2891356083 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 08:52:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 07:52:11 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2040) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040 Project:Branches: dueno/gnutls:wip/devkdas/audit to gnutls/gnutls:master Author: Daiki Ueno This is a clone of !2037, filed for CI purposes. * Add missing parameter documentation in lib/audit.c ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 08:52:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 07:52:58 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2892046642 @devkdas Thank you, created a clone (!2040) to merge it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2892046642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 08:53:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 07:53:00 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Merge request !2037 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037 Project:Branches: devkdas/gnutls:master to gnutls/gnutls:master Author: Karthik Das Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 10:12:47 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 09:12:47 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2892243678 Thanks @dueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037#note_2892243678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 22:13:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 21:13:32 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2040) In-Reply-To: References: Message-ID: Merge request !2040 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040 Project:Branches: dueno/gnutls:wip/devkdas/audit to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 22:13:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 21:13:41 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2040) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040#note_2894351615 Merging this without approval, as the original MR has already been reviewed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040#note_2894351615 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 22:20:26 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 21:20:26 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2040) In-Reply-To: References: Message-ID: Merge request !2040 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040 Project:Branches: dueno/gnutls:wip/devkdas/audit to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 17 22:21:15 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 17 Nov 2025 21:21:15 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on devel/check_if_signed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2894366909 > git remote add gitlab-gnutls-upstream-git-tree https://gitlab.com/gnutls/gnutls.git > git fetch -q gitlab-gnutls-upstream-git-tree master > > -if [ -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"]; then > +if [[ -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" ]]; then Could you explain why this change is needed? While this script has a bash shebang, I'd try to avoid any unnecessary bashism. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2894366909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 01:07:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 00:07:13 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.11 (!2041) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.11 to gnutls/gnutls:master Author: Daiki Ueno * Release 3.8.11 * tests/pkcs11-provider: match token with --provider when initializing Even if the "module-path" query attribute is given in the PKCS#11 URI, p11tool does not filter tokens based on that when called with --initialize. As this is not part of the pkcs11-provider functionality, use --provider option to specify the token. Also defer the settings of GNUTLS_SYSTEM_PRIORITY_FILE and GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID after the token initialization. * lib: clarify docs for gnutls_credentials_set Make it explicit that only a single credentials object of a given type may be set against a session. Any further attempts to set credentials for a type will replace previously set crdentials. The act of replacement also allows the previously set credentials to be freed by the caller. * lib/kx: Only report file open error if there is an error Previously all attempts to open a `SSLKEYLOGFILE` would result in a "unable to open keylog file" regardless of if the file was opened or not. Instead let's only report the issue if the file fails to open. * lib/Makefile: remove audit_int.h reference ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 01:07:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 00:07:58 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/pkcs11-provider/test-pkcs11-provider.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2894576023 > echo "Initializing token" > > # init token I'm picking this up in !2041, with a slight modification. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2894576023 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 05:11:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 04:11:39 +0000 Subject: [gnutls-devel] GnuTLS | lib: clarify docs for gnutls_credentials_set (!2034) In-Reply-To: References: Message-ID: Merge request !2034 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2034 Project:Branches: berrange/gnutls:cred-set-docs to gnutls/gnutls:master Author: Daniel P_ Berrang? Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 05:11:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 04:11:38 +0000 Subject: [gnutls-devel] GnuTLS | lib: clarify docs for gnutls_credentials_set (!2034) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2034#note_2894820918 Included in !2041 for the 3.8.11 release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2034#note_2894820918 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 11:33:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 10:33:38 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on devel/check_if_signed: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2895667354 > git remote add gitlab-gnutls-upstream-git-tree https://gitlab.com/gnutls/gnutls.git > git fetch -q gitlab-gnutls-upstream-git-tree master > > -if [ -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"]; then > +if [[ -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" ]]; then the primary idea was to add a missing space; I can stick to single bracket test if that's preferred -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2895667354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 16:39:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 15:39:39 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.11 (!2041) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041#note_2896678726 LGTM @ 6d1a4288 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041#note_2896678726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 18 16:44:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 18 Nov 2025 15:44:24 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: assorted fixes in preparation for moving it to Fedora 42 (!2042) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 Project:Branches: asosedkin/gnutls:ci-pre-f42 to gnutls/gnutls:master Author: Alexander Sosedkin Split off https://gitlab.com/gnutls/gnutls/-/merge_requests/2039, this is for CI fixes not exactly related to moving to Fedora 42. 6ce08775 is picked from https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 08:21:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 07:21:53 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.11 (!2041) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !2041 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 10:10:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 09:10:02 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.11 (!2041) In-Reply-To: References: Message-ID: Merge request !2041 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.11 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 10:15:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 09:15:35 +0000 Subject: [gnutls-devel] GnuTLS | CI: assorted fixes in preparation for moving it to Fedora 42 (!2042) In-Reply-To: References: Message-ID: Alexander Sosedkin marked merge request !2042 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 10:33:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 09:33:18 +0000 Subject: [gnutls-devel] GnuTLS | CI: assorted fixes in preparation for moving it to Fedora 42 (!2042) In-Reply-To: References: Message-ID: Merge request !2042 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 Project:Branches: asosedkin/gnutls:ci-pre-f42 to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 12:46:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 11:46:19 +0000 Subject: [gnutls-devel] GnuTLS | CI: assorted fixes in preparation for moving it to Fedora 42 (!2042) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042#note_2898968371 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042#note_2898968371 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 12:46:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 11:46:28 +0000 Subject: [gnutls-devel] GnuTLS | CI: assorted fixes in preparation for moving it to Fedora 42 (!2042) In-Reply-To: References: Message-ID: Merge request !2042 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 Project:Branches: asosedkin/gnutls:ci-pre-f42 to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 19 16:05:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 15:05:17 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.11 (!2041) In-Reply-To: References: Message-ID: Merge request !2041 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.11 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2041 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 00:54:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 23:54:59 +0000 Subject: [gnutls-devel] GnuTLS | build: update symbols.last to include gnutls_audit_* functions (!2043) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.11-symbols to gnutls/gnutls:master Author: Daiki Ueno * build: update symbols.last to include gnutls_audit_* functions ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 00:59:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 23:59:17 +0000 Subject: [gnutls-devel] GnuTLS | build: update symbols.last to include gnutls_audit_* functions (!2043) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043#note_2900987488 Merging this without approval, as it's a minor fixup for the release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043#note_2900987488 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 00:59:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 19 Nov 2025 23:59:24 +0000 Subject: [gnutls-devel] GnuTLS | build: update symbols.last to include gnutls_audit_* functions (!2043) In-Reply-To: References: Message-ID: Merge request !2043 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.11-symbols to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 02:48:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 01:48:30 +0000 Subject: [gnutls-devel] GnuTLS | build: update symbols.last to include gnutls_audit_* functions (!2043) In-Reply-To: References: Message-ID: Merge request !2043 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.11-symbols to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2043 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:21:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:21:07 +0000 Subject: [gnutls-devel] GnuTLS | Stack overflow in gnutls_pkcs11_token_init() (#1732) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1732: https://gitlab.com/gnutls/gnutls/-/issues/1732 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:25:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:25:05 +0000 Subject: [gnutls-devel] GnuTLS | Stack overflow in gnutls_pkcs11_token_init() (#1732) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:27:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:27:00 +0000 Subject: [gnutls-devel] GnuTLS | Null binder algorithm type causing segmentation fault (#1729) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1729 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:28:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:28:18 +0000 Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if gnutls 3.8.10 is built with linked tpm2-tss (#1722) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:28:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:28:44 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:30:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:30:31 +0000 Subject: [gnutls-devel] GnuTLS | Add missing parameter documentation in lib/audit.c (!2037) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2037 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:30:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:30:10 +0000 Subject: [gnutls-devel] GnuTLS | lib: clarify docs for gnutls_credentials_set (!2034) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:30:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:30:49 +0000 Subject: [gnutls-devel] GnuTLS | lib: Fix Wunterminated-string-initialization warnings (!2029) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2029 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:31:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:31:38 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free() (!2012) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:34:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:34:39 +0000 Subject: [gnutls-devel] GnuTLS | tests/psk-importer.c: Add check for gnutls_malloc to avoid potential NULL pointer dereference (!2003) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2003 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:34:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:34:55 +0000 Subject: [gnutls-devel] GnuTLS | src/pkcs11.c: Add check for gnutls_malloc and gnutls_strdup (!2002) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2002 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:35:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:35:08 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/mini-record-timing.c: Add check for gnutls_malloc (!2001) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2001 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:37:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:37:10 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1987) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:37:47 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:37:47 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:38:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:38:04 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for gnutls_strdup() (!1985) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:38:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:38:31 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the error path (!1983) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 06:38:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 05:38:30 +0000 Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 08:21:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 07:21:41 +0000 Subject: [gnutls-devel] GnuTLS | Stack overflow in gnutls_pkcs11_token_init() (#1732) In-Reply-To: References: Message-ID: GitLab Support Bot commented: https://gitlab.com/gnutls/gnutls/-/issues/1732#note_2901587486 Amazing, thank you! Is the CVE-2025-9820 published yet with a disclosure? -Stanislav Fort, Aisle Research
... On Thu, Nov 20, 2025 at 6:20?AM 'Daiki Ueno (@dueno)' via Disclosure < disclosure at aisle.com> wrote: > This has been fixed in 3.8.11 release. > > ? > Unsubscribe > >
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1732#note_2901587486 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 17:30:43 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 16:30:43 +0000 Subject: [gnutls-devel] GnuTLS | can't send mlkem768x25519 and x25519 key shares together; would rather see both sent with x25519 value reused (#1763) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1763 ## Description of problem: If I enable both mlkem768x25519 and x25519 with `@SYSTEM:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519`, they're both present in Supported Groups, but only one share, the X25519-MLKEM768 one, gets sent, despite that sending two shares is supposed to be the default behaviour: `GNUTLS_KEY_SHARE_TOP2 : Generate key shares for the top-2 different groups which are enabled. For example (ECDH + x25519). This is the default.` The code that skips sending the x25519 one is likely the `if (pk_types_overlap(group, selected_groups[j])) break;` from https://gitlab.com/gnutls/gnutls/-/merge_requests/1892/diffs?commit_id=1065654c828eaad638fab3c4af7096ab0c8ee615 This ticket is related to https://gitlab.com/gnutls/gnutls/-/issues/1710 and https://gitlab.com/gnutls/gnutls/-/issues/1551, but I'm filing it separately because fixing this particular quirk in isolation might be simpler than any of these two. ## Version of gnutls used: 3.8.10 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: reliably Steps to Reproduce: * `tcpdump ...` * `gnutls-cli --priority @SYSTEM:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519 ...` * inspect the ClientHellos ## Actual results: Both key shares are correctly advertised as supported, but only one is being offered. A server offering just X25519 will HelloRetryRequest back, gnutls will send a second ClientHello with a X25519 key share, the connection will be established, but with an extra roundtrip. ## Expected results: Both key shares are sent. A server offering just X25519 will use the X25519 key share, the connection will be established with no extra roundtrip. https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/16 3.2 suggests it's legal to reuse the single X25519 value across both key shares instead of generating a second one, which would make it a preferred outcome due to the performance considerations. Would also be fun if servers were smart enough to pick apart the hybrid key share and use the X25519 part of it with no HRR; fun, but, I presume, not spec-compliant. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1763 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 18:52:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 17:52:35 +0000 Subject: [gnutls-devel] GnuTLS | Build failure with TPM2 and GCC15 (#1764) References: Message-ID: Jan Palus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1764 ## Description of problem: Compilation fails if gnutls is configured with TPM2 and GCC15 is used. ## Version of gnutls used: 3.8.11 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) N/A ## How reproducible: Steps to Reproduce: * Install GCC 15 * `./configure --with-tpm2` * `make` ## Actual results: Build failure: ``` In file included from tpm2/callbacks/rsa/rsa_callbacks.c:28: ./mem.h:48:36: error: unknown type name 'uint8_t' 48 | unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size); | ^~~~~~~ ./mem.h:37:1: note: 'uint8_t' is defined in header ''; this is probably fixable by adding '#include ' 36 | #include "attribute.h" +++ |+#include 37 | ``` ## Expected results: Build succeeds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 20 18:56:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 20 Nov 2025 17:56:10 +0000 Subject: [gnutls-devel] GnuTLS | mem: include headers for size_t and uint8_t (!2044) References: Message-ID: Jan Palus created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044 Project:Branches: jpalus/gnutls:missing-includes to gnutls/gnutls:master Author: Jan Palus * mem: include headers for size_t and uint8_t Fixes: #1764 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 21 08:16:15 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 07:16:15 +0000 Subject: [gnutls-devel] GnuTLS | mem: include headers for size_t and uint8_t (!2044) In-Reply-To: References: Message-ID: Merge request !2044 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044 Project:Branches: jpalus/gnutls:missing-includes to gnutls/gnutls:master Author: Jan Palus Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 21 08:16:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 07:16:24 +0000 Subject: [gnutls-devel] GnuTLS | mem: include headers for size_t and uint8_t (!2044) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044#note_2904531493 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044#note_2904531493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 21 08:16:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 07:16:28 +0000 Subject: [gnutls-devel] GnuTLS | mem: include headers for size_t and uint8_t (!2044) In-Reply-To: References: Message-ID: Merge request !2044 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044 Project:Branches: jpalus/gnutls:missing-includes to gnutls/gnutls:master Author: Jan Palus -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2044 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 21 08:16:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 07:16:29 +0000 Subject: [gnutls-devel] GnuTLS | Build failure with TPM2 and GCC15 (#1764) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !2044 (https://gitlab.com/gnutls/gnutls/-/merge_requests/2044) Issue #1764: https://gitlab.com/gnutls/gnutls/-/issues/1764 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 22 00:47:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 23:47:00 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: All discussions on merge request !2039 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 22 00:47:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 23:47:33 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2906638356 @asosedkin is there anything remaining to merge this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2906638356 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 22 00:48:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 23:48:52 +0000 Subject: [gnutls-devel] GnuTLS | can't send mlkem768x25519 and x25519 key shares together; would rather see both sent with x25519 value reused (#1763) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.12 (Nov 18, 2025?Jan 18, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/50 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1763 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 22 00:49:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 23:49:36 +0000 Subject: [gnutls-devel] GnuTLS | Compilation warnings and documentation generation failures in GnuTLS build (#1754) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1754#note_2906639357 This should be fixed in 3.8.11 release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1754#note_2906639357 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 22 00:49:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 21 Nov 2025 23:49:35 +0000 Subject: [gnutls-devel] GnuTLS | Compilation warnings and documentation generation failures in GnuTLS build (#1754) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1754: https://gitlab.com/gnutls/gnutls/-/issues/1754 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1754 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Nov 22 07:08:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 22 Nov 2025 06:08:11 +0000 Subject: [gnutls-devel] GnuTLS | Compilation warnings and documentation generation failures in GnuTLS build (#1754) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/issues/1754#note_2906799768 Got it. Thanks @dueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1754#note_2906799768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Nov 23 18:19:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 23 Nov 2025 17:19:36 +0000 Subject: [gnutls-devel] GnuTLS | audit: crau: fix compilation with gcc < 11 (!2045) References: Message-ID: Julien Olivain created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045 Project:Branches: jolivain/gnutls:fix_crau_with_old_gcc to gnutls/gnutls:master Author: Julien Olivain audit: crau: fix compilation with gcc < 11 If the CRAU_MAYBE_UNUSED macro is unset, the crau.h file tries to automatically detect an appropriate value for it. This autodetection is using the cpp special operator `__has_c_attribute` [1], introduced in gcc 11 [2]. When compiling with a gcc older than version 11, the compilation fails with the error: In file included from audit.h:22, from audit.c:26: crau/crau.h:255:23: error: missing binary operator before token "(" __has_c_attribute (__maybe_unused__) ^ This has been observed, for example, in Rocky Linux 8.10, which contains a gcc v8.5.0. The issue happens because the test for the `__has_c_attribute` availability and the test for the `__maybe_unused__` attribute are in the same directive. Those tests should be separated in two different directives, following the same logic described in the `__has_builtin` documentation [3]. This issue was found in Buildroot, after updating gnutls to version 3.8.11 in [4]. This commit fixes the issue by splitting the test in two. [1] https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fc_005fattribute.html [2] https://gcc.gnu.org/gcc-11/changes.html#c [3] https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fbuiltin.html [4] https://gitlab.com/buildroot.org/buildroot/-/commit/81dbfe1c2ae848b4eb1f896198d13455df50e548 Reported-by: Neal Frager Signed-off-by: Julien Olivain ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 08:55:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 07:55:44 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli on macOS aborts with "Curve 1.3.36.3.3.2.8.1.1.7 is not supported" and assertions when server cert uses brainpoolP256r1 (#1767) References: Message-ID: ma ma created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1767 Summary When connecting with gnutls-cli on macOS to a server whose X.509 certificate uses an EC public key with the Brainpool curve (brainpoolP256r1, OID 1.3.36.3.3.2.8.1.1.7), gnutls fails while parsing the certificate. The client prints "Curve ... is not supported" and a chain of ASSERTs, then aborts the handshake with a fatal certificate error. Expected behavior gnutls-cli should either successfully import the certificate (if brainpool is supported) or return a clear, non?assertive error such as "unsupported curve OID". It should not hit internal ASSERTs and crash/abort. Actual behavior gnutls aborts the handshake. Relevant log excerpts: |\<2\>| Curve 1.3.36.3.3.2.8.1.1.7 is not supported |\<3\>| ASSERT: key_decode.c\[\_gnutls_x509_read_ecc_params\]:274 |\<3\>| ASSERT: mpi.c\[\_gnutls_get_asn_mpis\]:155 ... \*\*\* Fatal error: Fehler im Zertifikat.
Reproduction steps 1. Run (example on macOS): gnutls-cli -p 443 -d 25 --x509certfile=pki/server.crt.pem --x509keyfile=pki/server.key.pem 192.168.165.101 2. Observe the debug output; the certificate parsing fails with the messages shown above. Technical notes / hypothesis * The logs indicate gnutls does not recognize the brainpool OID and therefore cannot decode the ECC parameters from the certificate. This leads to unexpected NULL/invalid values while parsing MPIs and triggers internal ASSERTs. * Likely causes: * The crypto backend (nettle/libgcrypt) used by this gnutls build does not expose the Brainpool curve OID/parameters. * The macOS build may be missing OID-to-curve mapping or configuration to register brainpool curves. * Request: even if brainpool support is not desired, the library should handle unsupported curves gracefully (return a proper error), instead of aborting with assertions. Requested assistance 1. Can maintainers confirm whether gnutls (which versions) is expected to support RFC?5639 Brainpool curves? 2. If yes: what exact build dependencies and configure flags are required to enable brainpool support on macOS? 3. If this is a bug: please consider a patch to avoid ASSERTs and return a clean error path when encountering unknown curve OIDs in certificates.
-- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1767 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 16:06:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 15:06:10 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 16:06:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 15:06:13 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) References: Message-ID: Franti?ek Kren?elok created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 Project:Branches: FrantisekKrenzelok/gnutls:master to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno * Add missing copyright/license headers ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 16:06:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 15:06:12 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Reassigned merge request 2046 https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 Franti?ek Kren?elok was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 18:05:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 17:05:24 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046#note_2910094253 Thank you Franti?ek! I think the header for `lib/system/ktls.h` needs to read LGPL 2.1+ to match GnuTLS licensing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046#note_2910094253 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 18:37:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 17:37:07 +0000 Subject: [gnutls-devel] GnuTLS | Draft: CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2910212989 rebased, most importantly to incorporate https://gitlab.com/gnutls/gnutls/-/merge_requests/2042 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2910212989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 18:37:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 17:37:16 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Alexander Sosedkin marked merge request !2039 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 18:38:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 17:38:17 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2910215748 If you're fine with these changes, feel free to merge. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2910215748 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Nov 24 20:42:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 24 Nov 2025 19:42:06 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046#note_2910500532 Thanks! I have copied the LGPL 2.1 license from the `.../ktls.c` so that they match. Additionally realized that I was unable to spell my name correctly in the past... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046#note_2910500532 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:35:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:35:56 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2911587502 > timeout: 2h > allow_failure: true > > -fedora-cross/i686-linux-gnu/build: > +fedora-i686/build: > extends: > - .build > - - .fedora > + - .fedora-i686 > needs: > - fedora/bootstrap > script: > # Fedora's softhsm package is not multiarch yet. Missing softhsm libraries > # for the target will cause the test suite to fail when p11-kit is enabled. > - - setarch i686 -- ./configure --disable-gcc-warnings > + - env PKG_CONFIG=i686-redhat-linux-gnu-pkg-config Couldn't this be moved to a `variables` table somewhere? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2911587502 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:36:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:36:08 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Merge request !2039 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 Project:Branches: asosedkin/gnutls:ci-f42 to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:36:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:36:18 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2911588271 Thank you, looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2911588271 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:46:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:46:30 +0000 Subject: [gnutls-devel] GnuTLS | audit: crau: fix compilation with gcc < 11 (!2045) In-Reply-To: References: Message-ID: Merge request !2045 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045 Project:Branches: jolivain/gnutls:fix_crau_with_old_gcc to gnutls/gnutls:master Author: Julien Olivain Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:46:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:46:50 +0000 Subject: [gnutls-devel] GnuTLS | audit: crau: fix compilation with gcc < 11 (!2045) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045#note_2911615516 Thank you for reporting the issue and providing a fix. Looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045#note_2911615516 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:53:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:53:57 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Merge request !2046 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 Project:Branches: FrantisekKrenzelok/gnutls:master to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 09:54:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 08:54:12 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046#note_2911640081 Thank you; LGTM. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046#note_2911640081 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 13:37:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 12:37:25 +0000 Subject: [gnutls-devel] GnuTLS | audit: crau: fix compilation with gcc < 11 (!2045) In-Reply-To: References: Message-ID: Merge request !2045 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045 Project:Branches: jolivain/gnutls:fix_crau_with_old_gcc to gnutls/gnutls:master Author: Julien Olivain -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 13:37:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 12:37:49 +0000 Subject: [gnutls-devel] GnuTLS | Add missing copyright/license headers (!2046) In-Reply-To: References: Message-ID: Merge request !2046 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 Project:Branches: FrantisekKrenzelok/gnutls:master to gnutls/gnutls:master Author: Franti?ek Kren?elok Assignee: Franti?ek Kren?elok Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2046 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 13:40:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 12:40:21 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_2912303395 @ggardet Thank you, this looks good to me. Could you rebase to retrigger the CI? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_2912303395 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 13:40:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 12:40:46 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: Merge request !2038 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038 Project:Branches: ggardet/gnutls:master to gnutls/gnutls:master Author: GUILLAUME GARDET Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 15:28:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 14:28:58 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2912678271 > timeout: 2h > allow_failure: true > > -fedora-cross/i686-linux-gnu/build: > +fedora-i686/build: > extends: > - .build > - - .fedora > + - .fedora-i686 > needs: > - fedora/bootstrap > script: > # Fedora's softhsm package is not multiarch yet. Missing softhsm libraries > # for the target will cause the test suite to fail when p11-kit is enabled. > - - setarch i686 -- ./configure --disable-gcc-warnings > + - env PKG_CONFIG=i686-redhat-linux-gnu-pkg-config moved it to `variables` section of the job -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039#note_2912678271 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Nov 25 15:28:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 25 Nov 2025 14:28:58 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli (Version 3.8.10) on macOS aborts with "Curve 1.3.36.3.3.2.8.1.1.7 is not supported" and assertions when server cert uses brainpoolP256r1 (#1767) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1767#note_2912678352 > 1. Can maintainers confirm whether gnutls (which versions) is expected to support RFC?5639 Brainpool curves? No, and it is not easy to support, as the underlying crypto library we use (Nettle) doesn't support it. That said, we can consider adding them if you file an issue for the enhancement. > 2. If yes: what exact build dependencies and configure flags are required to enable brainpool support on macOS? N/A > 3. If this is a bug: please consider a patch to avoid ASSERTs and return a clean error path when encountering unknown curve OIDs in certificates. To be clear: ASSERTs are only shown if you increase debug level; by default it shouldn't be printed. Also note that here they do not imply "assertion failure" (unlike the `assert` macro), but just print debugging information. I agree that we probably should return a more friendly error message in that case, rather than `*** Fatal error: Fehler im Zertifikat`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1767#note_2912678352 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 26 04:56:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Nov 2025 03:56:17 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: All discussions on merge request !2039 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 26 04:56:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Nov 2025 03:56:25 +0000 Subject: [gnutls-devel] GnuTLS | CI: move to Fedora 42 (!2039) In-Reply-To: References: Message-ID: Merge request !2039 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 Project:Branches: asosedkin/gnutls:ci-f42 to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2039 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 26 05:11:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Nov 2025 04:11:06 +0000 Subject: [gnutls-devel] GnuTLS | NULL pointer deref in _gnutls_figure_common_ciphersuite (#1718) In-Reply-To: References: Message-ID: Neustradamus commented: https://gitlab.com/gnutls/gnutls/-/issues/1718#note_2914310058 @stbuehler: Thanks for your ticket and @dueno for this merging the fix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1718#note_2914310058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 26 08:16:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Nov 2025 07:16:18 +0000 Subject: [gnutls-devel] GnuTLS | add API to get access to early exporter (#329) In-Reply-To: References: Message-ID: Neustradamus commented: https://gitlab.com/gnutls/gnutls/-/issues/329#note_2914543001 --------------- Note: - @rufferson has done a good job in GnuTLS to have all Channel Binding: "tls-unique" (initially added by @jas), "tls-server-end-point", "tls-exporter" - @dueno has done a good job in GnuTLS about RFC 5705: Keying Material Exporters for Transport Layer Security (TLS) aka TLS Exporter GnuTLS source code researches (recall, when it is good commented, it is easy): - tls-unique: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-unique - tls-server-end-point: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-server-end-point - rfc5929: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc5929 - rfc 5929: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+5929 - tls-exporter: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-exporter - rfc9266: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc9266 - rfc 9266: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+9266 - rfc5705: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc5705 - rfc 5705: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+5705 GnuTLS linked Issues: - @nmav: 2017-11-24: add API to get access to early exporter: https://gitlab.com/gnutls/gnutls/-/issues/329 - @tomato42: 2019-03-21: gnutls_prf_rfc5705() API not exposed by command line utilities: https://gitlab.com/gnutls/gnutls/-/issues/736 - @rufferson: 2020-06-18: gnutls_session_channel_binding returns empty binding data for TLS1.3: https://gitlab.com/gnutls/gnutls/-/issues/1041 - @dueno: 2021-04-27: Implement channel bindings for TLS 1.3: https://gitlab.com/gnutls/gnutls/-/issues/1214 - @dueno: 2022-03-20: gnutls-cli, gnutls-serv: "Channel binding error: The request is invalid" when TLS 1.3 is negotiated: https://gitlab.com/gnutls/gnutls/-/issues/1350 - @Neustradamus: 2022-08-02: RFC 9266: Channel Bindings for TLS 1.3 support: https://gitlab.com/gnutls/gnutls/-/issues/1391 GnuTLS linked PR: - @dueno: 2019-01-25: prf: add function to retrieve early keying material: https://gitlab.com/gnutls/gnutls/-/merge_requests/894 - @rufferson: 2020-06-20: Copy Finished packet to cb_tls_unique buffer in tls13/finished: https://gitlab.com/gnutls/gnutls/-/merge_requests/1293 - @rufferson: 2021-05-01: Implement new tls channel biding types: https://gitlab.com/gnutls/gnutls/-/merge_requests/1422 - @jas: 2022-07-20: Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 GnuTLS linked commits: - @jas: 2010-10-15: Implement RFC 5929 tls-unique channel binding.: https://gitlab.com/gnutls/gnutls/-/commit/3f86e31a554d02a2d92b5423942915554af7fc59 - @rufferson: 2021-05-01: Add tls-server-end-point tls channel binding implementation.: https://gitlab.com/gnutls/gnutls/-/commit/9ebee00c793e40e3e8c797c645577c9e025b9f1e - @rufferson: 2021-05-01: Introduce new tls channel binding types into gnutls_channel_binding_t: https://gitlab.com/gnutls/gnutls/-/commit/480a3ed6e2fa1201fd54448c6fcb05ed2e4372f2 - @rufferson: 2021-05-01: Restructure gnutls_session_channel_binding and add tls-exporter: https://gitlab.com/gnutls/gnutls/-/commit/8ff4eaf19875d1088e8e24f1810fa99083cdee16 - @dueno: 2022-08-20: src: request tls-exporter only when unique master secrets are used: https://gitlab.com/gnutls/gnutls/-/commit/25beb4af246870b1f6c7e024aaf054ef18c9d8cf - @dueno: 2022-08-28: gnutls_session_channel_binding: perform check on "tls-exporter": https://gitlab.com/gnutls/gnutls/-/commit/12bd7e5337351473bcdf080a602b3336230e689e -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/329#note_2914543001 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 26 08:16:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Nov 2025 07:16:30 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_prf_rfc5705() API not exposed by command line utilities (#736) In-Reply-To: References: Message-ID: Neustradamus commented: https://gitlab.com/gnutls/gnutls/-/issues/736#note_2914543796 --------------- Note: - @rufferson has done a good job in GnuTLS to have all Channel Binding: "tls-unique" (initially added by @jas), "tls-server-end-point", "tls-exporter" - @dueno has done a good job in GnuTLS about RFC 5705: Keying Material Exporters for Transport Layer Security (TLS) aka TLS Exporter GnuTLS source code researches (recall, when it is good commented, it is easy): - tls-unique: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-unique - tls-server-end-point: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-server-end-point - rfc5929: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc5929 - rfc 5929: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+5929 - tls-exporter: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-exporter - rfc9266: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc9266 - rfc 9266: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+9266 - rfc5705: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc5705 - rfc 5705: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+5705 GnuTLS linked Issues: - @nmav: 2017-11-24: add API to get access to early exporter: https://gitlab.com/gnutls/gnutls/-/issues/329 - @tomato42: 2019-03-21: gnutls_prf_rfc5705() API not exposed by command line utilities: https://gitlab.com/gnutls/gnutls/-/issues/736 - @rufferson: 2020-06-18: gnutls_session_channel_binding returns empty binding data for TLS1.3: https://gitlab.com/gnutls/gnutls/-/issues/1041 - @dueno: 2021-04-27: Implement channel bindings for TLS 1.3: https://gitlab.com/gnutls/gnutls/-/issues/1214 - @dueno: 2022-03-20: gnutls-cli, gnutls-serv: "Channel binding error: The request is invalid" when TLS 1.3 is negotiated: https://gitlab.com/gnutls/gnutls/-/issues/1350 - @Neustradamus: 2022-08-02: RFC 9266: Channel Bindings for TLS 1.3 support: https://gitlab.com/gnutls/gnutls/-/issues/1391 GnuTLS linked PR: - @dueno: 2019-01-25: prf: add function to retrieve early keying material: https://gitlab.com/gnutls/gnutls/-/merge_requests/894 - @rufferson: 2020-06-20: Copy Finished packet to cb_tls_unique buffer in tls13/finished: https://gitlab.com/gnutls/gnutls/-/merge_requests/1293 - @rufferson: 2021-05-01: Implement new tls channel biding types: https://gitlab.com/gnutls/gnutls/-/merge_requests/1422 - @jas: 2022-07-20: Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 GnuTLS linked commits: - @jas: 2010-10-15: Implement RFC 5929 tls-unique channel binding.: https://gitlab.com/gnutls/gnutls/-/commit/3f86e31a554d02a2d92b5423942915554af7fc59 - @rufferson: 2021-05-01: Add tls-server-end-point tls channel binding implementation.: https://gitlab.com/gnutls/gnutls/-/commit/9ebee00c793e40e3e8c797c645577c9e025b9f1e - @rufferson: 2021-05-01: Introduce new tls channel binding types into gnutls_channel_binding_t: https://gitlab.com/gnutls/gnutls/-/commit/480a3ed6e2fa1201fd54448c6fcb05ed2e4372f2 - @rufferson: 2021-05-01: Restructure gnutls_session_channel_binding and add tls-exporter: https://gitlab.com/gnutls/gnutls/-/commit/8ff4eaf19875d1088e8e24f1810fa99083cdee16 - @dueno: 2022-08-20: src: request tls-exporter only when unique master secrets are used: https://gitlab.com/gnutls/gnutls/-/commit/25beb4af246870b1f6c7e024aaf054ef18c9d8cf - @dueno: 2022-08-28: gnutls_session_channel_binding: perform check on "tls-exporter": https://gitlab.com/gnutls/gnutls/-/commit/12bd7e5337351473bcdf080a602b3336230e689e -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/736#note_2914543796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Nov 26 08:19:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 26 Nov 2025 07:19:33 +0000 Subject: [gnutls-devel] GnuTLS | prf: add function to retrieve early keying material (!894) In-Reply-To: References: Message-ID: Neustradamus commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/894#note_2914552084 --------------- Note: - @rufferson has done a good job in GnuTLS to have all Channel Binding: "tls-unique" (initially added by @jas), "tls-server-end-point", "tls-exporter" - @dueno has done a good job in GnuTLS about RFC 5705: Keying Material Exporters for Transport Layer Security (TLS) aka TLS Exporter GnuTLS source code researches (recall, when it is good commented, it is easy): - tls-unique: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-unique - tls-server-end-point: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-server-end-point - rfc5929: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc5929 - rfc 5929: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+5929 - tls-exporter: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=commits&search=tls-exporter - rfc9266: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc9266 - rfc 9266: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+9266 - rfc5705: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc5705 - rfc 5705: https://gitlab.com/search?group_id=121613&project_id=179611&repository_ref=master&scope=blobs&search=rfc+5705 GnuTLS linked Issues: - @nmav: 2017-11-24: add API to get access to early exporter: https://gitlab.com/gnutls/gnutls/-/issues/329 - @tomato42: 2019-03-21: gnutls_prf_rfc5705() API not exposed by command line utilities: https://gitlab.com/gnutls/gnutls/-/issues/736 - @rufferson: 2020-06-18: gnutls_session_channel_binding returns empty binding data for TLS1.3: https://gitlab.com/gnutls/gnutls/-/issues/1041 - @dueno: 2021-04-27: Implement channel bindings for TLS 1.3: https://gitlab.com/gnutls/gnutls/-/issues/1214 - @dueno: 2022-03-20: gnutls-cli, gnutls-serv: "Channel binding error: The request is invalid" when TLS 1.3 is negotiated: https://gitlab.com/gnutls/gnutls/-/issues/1350 - @Neustradamus: 2022-08-02: RFC 9266: Channel Bindings for TLS 1.3 support: https://gitlab.com/gnutls/gnutls/-/issues/1391 GnuTLS linked PR: - @dueno: 2019-01-25: prf: add function to retrieve early keying material: https://gitlab.com/gnutls/gnutls/-/merge_requests/894 - @rufferson: 2020-06-20: Copy Finished packet to cb_tls_unique buffer in tls13/finished: https://gitlab.com/gnutls/gnutls/-/merge_requests/1293 - @rufferson: 2021-05-01: Implement new tls channel biding types: https://gitlab.com/gnutls/gnutls/-/merge_requests/1422 - @jas: 2022-07-20: Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.: https://gitlab.com/gnutls/gnutls/-/merge_requests/1621 GnuTLS linked commits: - @jas: 2010-10-15: Implement RFC 5929 tls-unique channel binding.: https://gitlab.com/gnutls/gnutls/-/commit/3f86e31a554d02a2d92b5423942915554af7fc59 - @rufferson: 2021-05-01: Add tls-server-end-point tls channel binding implementation.: https://gitlab.com/gnutls/gnutls/-/commit/9ebee00c793e40e3e8c797c645577c9e025b9f1e - @rufferson: 2021-05-01: Introduce new tls channel binding types into gnutls_channel_binding_t: https://gitlab.com/gnutls/gnutls/-/commit/480a3ed6e2fa1201fd54448c6fcb05ed2e4372f2 - @rufferson: 2021-05-01: Restructure gnutls_session_channel_binding and add tls-exporter: https://gitlab.com/gnutls/gnutls/-/commit/8ff4eaf19875d1088e8e24f1810fa99083cdee16 - @dueno: 2022-08-20: src: request tls-exporter only when unique master secrets are used: https://gitlab.com/gnutls/gnutls/-/commit/25beb4af246870b1f6c7e024aaf054ef18c9d8cf - @dueno: 2022-08-28: gnutls_session_channel_binding: perform check on "tls-exporter": https://gitlab.com/gnutls/gnutls/-/commit/12bd7e5337351473bcdf080a602b3336230e689e -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/894#note_2914552084 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 27 06:29:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Nov 2025 05:29:22 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_2917142121 @ggardet thanks, but the commit history is messed up for some reason; perhaps you did `git merge` instead of `git rebase`? Maybe it's easier for you to just close this and open a new MR? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_2917142121 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Nov 27 09:44:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 27 Nov 2025 08:44:33 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) References: Message-ID: Renaud created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1768 Hello, On the [official download page](https://gnutls.org/download.html) the two w32 and w64 builds of release 3.8.11 are not available. The download links are dead. It was already the case for the previous 3.8.10 release, so I assume your CI has been failing the Windows builds for some time now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Nov 28 12:29:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 28 Nov 2025 11:29:50 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1768#note_2920209537 Yes, that's correct. GnuTLS 3.8.11 bumped nettle requirement to 3.10, though Fedora 42 has only 3.7 for mingw. Maybe we can update the CI base image to Fedora 43+ (which has nettle 3.10.1) at some point, but it's probably no earlier than 3.8.12 release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1768#note_2920209537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: