<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><font face="monospace">Hello,</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We have just released
gnutls-3.8.0. This is a bug fix and enhancement release on
the 3.8.x branch.</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We would like to thank everyone
who contributed in this release:</font></div>
<div><font face="monospace">Hubert Kario, Alexander Sosedkin,
xuraoqing, Nikolaos Chatzikonstantinou, Stefan Kangas,</font></div>
<div><font face="monospace">Peter Leitmann</font><font
face="monospace">, Samuel Thibault, Eric Blake, Simon
Josefsson, Tim Kosse, Stanislav </font><font
face="monospace"><span class="commit-author-link
js-user-link">Ž</span>idek,</font></div>
<div><font face="monospace">František Krenželok, Daiki Ueno
and Zoltan Fridrich</font><br>
<font face="monospace"> </font> </div>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">The detailed list of changes
follows:</font></div>
<pre class="code highlight" lang="mosel"><span class="line" id="LC8" lang="mosel"><span class="p">*</span> <span class="k">Version</span> <span class="m">3.8.0</span> <span class="p">(</span><span class="n">released</span> <span class="m">2023</span><span class="p">-</span><span class="m">02</span><span class="p">-</span><span class="m">09</span><span class="p">)</span></span>
<span class="line" id="LC9" lang="mosel"></span>
<span class="line" id="LC10" lang="mosel"><span class="p">**</span> <span class="n">libgnutls</span><span class="p">:</span> <span class="n">Fix</span> <span class="n">a</span> <span class="n">Bleichenbacher</span> <span class="n">oracle</span> <span class="k">in</span> <span class="n">the</span> <span class="n">TLS</span> <span class="n">RSA</span> <span class="n">key</span> <span class="n">exchange</span><span class="p">.</span></span>
<span class="line" id="LC11" lang="mosel"> <span class="n">Reported</span> <span class="n">by</span> <span class="n">Hubert</span> <span class="n">Kario</span> <span class="p">(#</span><span class="m">1050</span><span class="p">).</span> <span class="n">Fix</span> <span class="n">developed</span> <span class="n">by</span> <span class="n">Alexander</span> <span class="n">Sosedkin</span><span class="p">.</span></span>
<span class="line" id="LC12" lang="mosel"> <span class="p">[</span><span class="n">GNUTLS</span><span class="p">-</span><span class="n">SA</span><span class="p">-</span><span class="m">2020</span><span class="p">-</span><span class="m">07</span><span class="p">-</span><span class="m">14</span><span class="p">,</span> <span class="n">CVSS</span><span class="p">:</span> <span class="n">medium</span><span class="p">]</span> <span class="p">[</span><span class="n">CVE</span><span class="p">-</span><span class="m">2023</span><span class="p">-</span><span class="m">0361</span><span class="p">]</span></span>
<span class="line" id="LC13" lang="mosel"></span>
<span class="line" id="LC14" lang="mosel"><span class="p">**</span> <span class="n">libgnutls</span><span class="p">:</span> <span class="n">C</span><span class="p">++</span> <span class="n">library</span> <span class="n">is</span> <span class="n">now</span> <span class="n">header</span> <span class="n">only</span><span class="p">.</span> <span class="n">All</span> <span class="n">definitions</span> <span class="k">from</span></span>
<span class="line" id="LC15" lang="mosel"> <span class="n">gnutlsxx</span><span class="p">.</span><span class="n">c</span> <span class="n">have</span> <span class="n">been</span> <span class="n">moved</span> <span class="n">into</span> <span class="n">gnutlsxx</span><span class="p">.</span><span class="n">h</span><span class="p">.</span> <span class="n">Users</span> <span class="k">of</span> <span class="n">the</span> <span class="n">C</span><span class="p">++</span></span>
<span class="line" id="LC16" lang="mosel"> <span class="n">interface</span> <span class="n">have</span> <span class="n">two</span> <span class="k">options</span><span class="p">:</span></span>
<span class="line" id="LC17" lang="mosel"> <span class="m">1.</span> <span class="k">include</span> <span class="n">gnutlsxx</span><span class="p">.</span><span class="n">h</span> <span class="k">in</span> <span class="n">their</span> <span class="n">application</span> <span class="k">and</span> <span class="n">link</span> <span class="n">against</span></span>
<span class="line" id="LC18" lang="mosel"> <span class="n">the</span> <span class="n">C</span> <span class="n">library</span><span class="p">.</span> <span class="p">(</span><span class="n">default</span><span class="p">)</span></span>
<span class="line" id="LC19" lang="mosel"> <span class="m">2.</span> <span class="k">include</span> <span class="n">gnutlsxx</span><span class="p">.</span><span class="n">h</span> <span class="k">in</span> <span class="n">their</span> <span class="n">application</span><span class="p">,</span> <span class="nf">compile</span> <span class="k">with</span></span>
<span class="line" id="LC20" lang="mosel"> <span class="n">GNUTLS_GNUTLSXX_NO_HEADERONLY</span> <span class="n">macro</span> <span class="n">defined</span> <span class="k">and</span> <span class="n">link</span></span>
<span class="line" id="LC21" lang="mosel"> <span class="n">against</span> <span class="n">the</span> <span class="n">C</span><span class="p">++</span> <span class="n">library</span><span class="p">.</span></span>
<span class="line" id="LC22" lang="mosel"></span>
<span class="line" id="LC23" lang="mosel"><span class="p">**</span> <span class="n">libgnutls</span><span class="p">:</span> <span class="n">GNUTLS_NO_STATUS_REQUEST</span> <span class="n">flag</span> <span class="k">and</span> <span class="p">%</span><span class="n">NO_STATUS_REQUEST</span></span>
<span class="line" id="LC24" lang="mosel"> <span class="n">priority</span> <span class="n">modifier</span> <span class="n">have</span> <span class="n">been</span> <span class="n">added</span> <span class="k">to</span> <span class="n">allow</span> <span class="n">disabling</span> <span class="k">of</span> <span class="n">the</span></span>
<span class="line" id="LC25" lang="mosel"> <span class="n">status_request</span> <span class="n">TLS</span> <span class="n">extension</span> <span class="k">in</span> <span class="n">the</span> <span class="n">client</span> <span class="n">side</span><span class="p">.</span></span>
<span class="line" id="LC26" lang="mosel"></span>
<span class="line" id="LC27" lang="mosel"><span class="p">**</span> <span class="n">libgnutls</span><span class="p">:</span> <span class="n">TLS</span> <span class="n">heartbeat</span> <span class="n">is</span> <span class="n">disabled</span> <span class="n">by</span> <span class="n">default</span><span class="p">.</span></span>
<span class="line" id="LC28" lang="mosel"> <span class="n">The</span> <span class="n">heartbeat</span> <span class="n">extension</span> <span class="k">in</span> <span class="n">TLS</span> <span class="p">(</span><span class="n">RFC</span> <span class="m">6520</span><span class="p">)</span> <span class="n">is</span> <span class="k">not</span> <span class="n">widely</span> <span class="n">used</span> <span class="n">given</span></span>
<span class="line" id="LC29" lang="mosel"> <span class="n">other</span> <span class="n">implementations</span> <span class="n">dropped</span> <span class="n">support</span> <span class="n">for</span> <span class="n">it</span><span class="p">.</span> <span class="k">To</span> <span class="n">enable</span> <span class="n">back</span></span>
<span class="line" id="LC30" lang="mosel"> <span class="n">support</span> <span class="n">for</span> <span class="n">it</span><span class="p">,</span> <span class="n">supply</span> <span class="p">--</span><span class="n">enable</span><span class="p">-</span><span class="n">heartbeat</span><span class="p">-</span><span class="n">support</span> <span class="k">to</span> <span class="n">configure</span></span>
<span class="line" id="LC31" lang="mosel"> <span class="n">script</span><span class="p">.</span></span>
<span class="line" id="LC32" lang="mosel"></span>
<span class="line" id="LC33" lang="mosel"><span class="p">**</span> <span class="n">libgnutls</span><span class="p">:</span> <span class="n">SRP</span> <span class="n">authentication</span> <span class="n">is</span> <span class="n">now</span> <span class="n">disabled</span> <span class="n">by</span> <span class="n">default</span><span class="p">.</span></span>
<span class="line" id="LC34" lang="mosel"> <span class="n">It</span> <span class="n">is</span> <span class="n">disabled</span> <span class="n">because</span> <span class="n">the</span> <span class="n">SRP</span> <span class="n">authentication</span> <span class="k">in</span> <span class="n">TLS</span> <span class="n">is</span> <span class="k">not</span> <span class="n">up</span> <span class="k">to</span></span>
<span class="line" id="LC35" lang="mosel"> <span class="n">date</span> <span class="k">with</span> <span class="n">the</span> <span class="n">latest</span> <span class="n">TLS</span> <span class="n">standards</span> <span class="k">and</span> <span class="n">its</span> <span class="n">ciphersuites</span> <span class="n">are</span> <span class="n">based</span></span>
<span class="line" id="LC36" lang="mosel"> <span class="n">on</span> <span class="n">the</span> <span class="n">CBC</span> <span class="n">mode</span> <span class="k">and</span> <span class="n">SHA</span><span class="p">-</span><span class="m">1.</span> <span class="k">To</span> <span class="n">enable</span> <span class="n">it</span> <span class="n">back</span><span class="p">,</span> <span class="n">supply</span></span>
<span class="line" id="LC37" lang="mosel"> <span class="p">--</span><span class="n">enable</span><span class="p">-</span><span class="n">srp</span><span class="p">-</span><span class="n">authentication</span> <span class="n">option</span> <span class="k">to</span> <span class="n">configure</span> <span class="n">script</span><span class="p">.</span></span>
<span class="line" id="LC38" lang="mosel"></span>
<span class="line" id="LC39" lang="mosel"><span class="p">**</span> <span class="n">libgnutls</span><span class="p">:</span> <span class="n">All</span> <span class="n">code</span> <span class="n">has</span> <span class="n">been</span> <span class="n">indented</span> <span class="n">using</span> <span class="s2">"indent -ppi1 -linux"</span><span class="p">.</span></span>
<span class="line" id="LC40" lang="mosel"> <span class="n">CI</span><span class="p">/</span><span class="n">CD</span> <span class="n">has</span> <span class="n">been</span> <span class="n">adjusted</span> <span class="k">to</span> <span class="n">catch</span> <span class="n">regressions</span><span class="p">.</span> <span class="n">This</span> <span class="n">is</span> <span class="n">implemented</span></span>
<span class="line" id="LC41" lang="mosel"> <span class="n">through</span> <span class="n">devel</span><span class="p">/</span><span class="n">indent</span><span class="p">-</span><span class="n">gnutls</span><span class="p">,</span> <span class="n">devel</span><span class="p">/</span><span class="n">indent</span><span class="p">-</span><span class="n">maybe</span> <span class="k">and</span> <span class="p">.</span><span class="n">gitlab</span><span class="p">-</span><span class="n">ci</span><span class="p">.</span><span class="n">yml</span><span class="err">’</span><span class="n">s</span></span>
<span class="line" id="LC42" lang="mosel"> <span class="n">commit</span><span class="p">-</span><span class="n">check</span><span class="p">.</span> <span class="n">You</span> <span class="n">may</span> <span class="nf">run</span> <span class="n">devel</span><span class="p">/</span><span class="n">indent</span><span class="p">-</span><span class="n">gnutls</span> <span class="k">to</span> <span class="n">fix</span> <span class="n">any</span></span>
<span class="line" id="LC43" lang="mosel"> <span class="n">indentation</span> <span class="n">issues</span> <span class="k">if</span> <span class="n">you</span> <span class="n">make</span> <span class="n">code</span> <span class="n">modifications</span><span class="p">.</span></span>
<span class="line" id="LC44" lang="mosel"></span>
<span class="line" id="LC45" lang="mosel"><span class="p">**</span> <span class="n">guile</span><span class="p">:</span> <span class="n">Guile</span><span class="p">-</span><span class="n">bindings</span> <span class="n">removed</span><span class="p">.</span></span>
<span class="line" id="LC46" lang="mosel"> <span class="n">They</span> <span class="n">have</span> <span class="n">been</span> <span class="n">extracted</span> <span class="n">into</span> <span class="n">a</span> <span class="n">separate</span> <span class="n">project</span> <span class="k">to</span> <span class="n">reduce</span> <span class="n">complexity</span></span>
<span class="line" id="LC47" lang="mosel"> <span class="k">and</span> <span class="k">to</span> <span class="n">simplify</span> <span class="n">maintenance</span><span class="p">,</span> <span class="n">see</span> <span class="p"><</span><span class="n">https</span><span class="p">://</span><span class="n">gitlab</span><span class="p">.</span><span class="n">com</span><span class="p">/</span><span class="n">gnutls</span><span class="p">/</span><span class="n">guile</span><span class="p">/>.</span></span>
<span class="line" id="LC48" lang="mosel"></span>
<span class="line" id="LC49" lang="mosel"><span class="p">**</span> <span class="n">minitasn1</span><span class="p">:</span> <span class="n">Upgraded</span> <span class="k">to</span> <span class="n">libtasn1</span> <span class="k">version</span> <span class="m">4.19</span><span class="p">.</span></span>
<span class="line" id="LC50" lang="mosel"></span>
<span class="line" id="LC51" lang="mosel"><span class="p">**</span> <span class="n">API</span> <span class="k">and</span> <span class="n">ABI</span> <span class="n">modifications</span><span class="p">:</span></span>
<span class="line" id="LC52" lang="mosel"><span class="n">GNUTLS_NO_STATUS_REQUEST</span><span class="p">:</span> <span class="n">New</span> <span class="n">flag</span></span>
<span class="line" id="LC53" lang="mosel"><span class="n">GNUTLS_SRTP_AEAD_AES_128_GCM</span><span class="p">:</span> <span class="n">New</span> <span class="n">gnutls_srtp_profile_t</span> <span class="n">enum</span> <span class="n">member</span></span>
<span class="line" id="LC54" lang="mosel"><span class="n">GNUTLS_SRTP_AEAD_AES_256_GCM</span><span class="p">:</span> <span class="n">New</span> <span class="n">gnutls_srtp_profile_t</span> <span class="n">enum</span> <span class="n">member</span></span>
</pre>
<font face="monospace"> </font></div>
<div dir="ltr"><font face="monospace"><br>
</font></div>
<div dir="ltr"><font face="monospace">Getting the Software<br>
================</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">GnuTLS may be downloaded
directly from <br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/&source=gmail&ust=1652432968350000&usg=AOvVaw3njjTg_V6cIskMjpkmAg7X"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">A list of GnuTLS mirrors
can be found at</font></div>
<font face="monospace"> </font>
<div dir="ltr"> <font face="monospace"><a
href="http://www.gnutls.org/download.html" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://www.gnutls.org/download.html&source=gmail&ust=1652432968350000&usg=AOvVaw1J-wc5GojHL2n94ox7b_09"
moz-do-not-send="true">http://www.gnutls.org/<wbr>download.html</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Here are the XZ
compressed sources:<br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.0.tar.xz"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz&source=gmail&ust=1652432968350000&usg=AOvVaw3ybeveKudYmPlqI6U8OXIO"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>0.tar.xz</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">Here are OpenPGP detached
signatures signed using keys:</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">and<br>
</font> <font face="monospace">462225C3B46F34879FC8496CD60584</font><wbr><font
face="monospace">8ED7E69871</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.0.tar.xz.sig"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig&source=gmail&ust=1652432968350000&usg=AOvVaw1J49sWnCfoI9B3ou7WbdQ6"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>0.tar.xz.sig</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Note that it has been
signed with my openpgp key:<br>
pub ed25519 2021-12-23 [SC] [expires: 2023-12-23]<br>
5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C<br>
uid [ultimate] Zoltan Fridrich <<a
href="mailto:zfridric@redhat.com" target="_blank"
class="moz-txt-link-freetext">zfridric@redhat.com</a>><br>
sub cv25519 2021-12-23 [E] [expires: 2023-12-23]<br>
</font> <font face="monospace"><br>
</font> <font face="monospace">and Daiki Uenos openpgp key:<br>
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">
462225C3B46F34879FC8496CD60584</font><wbr><font
face="monospace">8ED7E69871</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">uid [ultimate]
Daiki Ueno <<a
href="http://lists.gnupg.org/mailman/listinfo/gnutls-help"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://lists.gnupg.org/mailman/listinfo/gnutls-help&source=gmail&ust=1652432968350000&usg=AOvVaw18rxrVXHJCQuhzQT8ikMTN">ueno
at unixuser.org</a>></font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">uid [ultimate]
Daiki Ueno <<a
href="http://lists.gnupg.org/mailman/listinfo/gnutls-help"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://lists.gnupg.org/mailman/listinfo/gnutls-help&source=gmail&ust=1652432968350000&usg=AOvVaw18rxrVXHJCQuhzQT8ikMTN">ueno
at gnu.org</a>></font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">sub rsa4096 2010-02-04 [E]<br>
</font> <font face="monospace"><br>
Regards,<br>
Zoltan</font></div>
</div>
</div>
</body>
</html>