<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><font face="monospace">Hello,</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We have just released gnutls-3.7.7.
This is a bug fix and enhancement release on the 3.7.x
branch.</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We would like to thank everyone who
contributed in this release:</font></div>
<font face="monospace"> </font>
<div><font face="monospace">Ludovic Courtès, Brad Smith, Richard
Costa, Gregor Jasny, Alexander Sosedkin, František
Krenželok, Daiki Ueno and Zoltan Fridrich<br>
</font> </div>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">The detailed list of changes
follows:</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">* Version 3.7.7 (released
2022-07-28)</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: Fixed double free
during verification of pkcs7 signatures. Reported by Jaak
Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium]
[CVE-2022-2509]</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: gnutls_hkdf_expand now
only accepts LENGTH argument less than or equal to 255 times
hash digest size, to comply with RFC 5869 2.3.</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: Length limit for TLS
PSK usernames has been increased from 128 to 65535
characters (#1323).</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: AES-GCM encryption
function now limits plaintext length to 2^39-256 bits,
according to SP800-38D 5.2.1.1.</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: New block cipher
functions have been added to transparently handle padding.
gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to
automatically add/remove padding if the length of the
original plaintext is not a multiple of the block size.</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: New function for
manual FIPS self-testing.</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** API and ABI modifications:</font></div>
<div><font face="monospace">gnutls_fips140_run_self_tests: New
function</font></div>
<div><font face="monospace">gnutls_cipher_encrypt3: New function</font></div>
<div><font face="monospace">gnutls_cipher_decrypt3: New function</font></div>
<div><font face="monospace">gnutls_cipher_padding_flags_t: New
enum</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** guile: Guile 1.8 is no longer
supported</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** guile: Session record port treats
premature termination as EOF Previously, a ‘gnutls-error’
exception with the ‘error/premature-termination’ value would
be thrown while reading from a session record port when the
underlying session was terminated prematurely. This was
inconvenient since users of the port may not be prepared to
handle such an exception. Reading from the session record
port now returns the end-of-file object instead of throwing
an exception, just like it would for a proper session
termination.</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** guile: Session record ports can
have a ‘close’ procedure. The ‘session-record-port’
procedure now takes an optional second parameter, and a new
‘set-session-record-port-close!’ procedure is provided to
specify a ‘close’ procedure for a session record port. This
‘close’ procedure lets users specify cleanup operations for
when the port is closed, such as closing the file descriptor
or port that backs the underlying session.</font><font
face="monospace"> </font><br>
</div>
<font face="monospace"><br>
Getting the Software<br>
================</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">GnuTLS may be downloaded
directly from <br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/&source=gmail&ust=1652432968350000&usg=AOvVaw3njjTg_V6cIskMjpkmAg7X"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">A list of GnuTLS mirrors can
be found at</font></div>
<font face="monospace"> </font>
<div dir="ltr"> <font face="monospace"><a
href="http://www.gnutls.org/download.html" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://www.gnutls.org/download.html&source=gmail&ust=1652432968350000&usg=AOvVaw1J-wc5GojHL2n94ox7b_09">http://www.gnutls.org/<wbr>download.html</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Here are the XZ compressed
sources:<br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.7.tar.xz"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz&source=gmail&ust=1652432968350000&usg=AOvVaw3ybeveKudYmPlqI6U8OXIO"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.7/gnutls-3.7.<wbr>7.tar.xz</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">Here are OpenPGP detached
signatures signed using keys:</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">and<br>
</font> <font face="monospace">462225C3B46F34879FC8496CD60584</font><wbr><font
face="monospace">8ED7E69871</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.7.tar.xz.sig"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig&source=gmail&ust=1652432968350000&usg=AOvVaw1J49sWnCfoI9B3ou7WbdQ6"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.7/gnutls-3.7.<wbr>7.tar.xz.sig</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Note that it has been
signed with my openpgp key:<br>
pub ed25519 2021-12-23 [SC] [expires: 2023-12-23]<br>
5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C<br>
uid [ultimate] Zoltan Fridrich <<a
href="mailto:zfridric@redhat.com" target="_blank"
class="moz-txt-link-freetext">zfridric@redhat.com</a>><br>
sub cv25519 2021-12-23 [E] [expires: 2023-12-23]<br>
</font> <font face="monospace"><br>
</font> <font face="monospace">and Daiki Uenos openpgp key:<br>
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">
462225C3B46F34879FC8496CD60584</font><wbr><font
face="monospace">8ED7E69871</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">uid [ultimate]
Daiki Ueno <<a
href="http://lists.gnupg.org/mailman/listinfo/gnutls-help"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://lists.gnupg.org/mailman/listinfo/gnutls-help&source=gmail&ust=1652432968350000&usg=AOvVaw18rxrVXHJCQuhzQT8ikMTN">ueno
at unixuser.org</a>></font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">uid [ultimate]
Daiki Ueno <<a
href="http://lists.gnupg.org/mailman/listinfo/gnutls-help"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://lists.gnupg.org/mailman/listinfo/gnutls-help&source=gmail&ust=1652432968350000&usg=AOvVaw18rxrVXHJCQuhzQT8ikMTN">ueno
at gnu.org</a>></font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">sub rsa4096 2010-02-04 [E]<br>
</font> <font face="monospace"><br>
Regards,<br>
Zoltan</font></div>
</div>
</body>
</html>