<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><font face="monospace">Hello,</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We have just released
gnutls-3.8.2. This is a bug fix and enhancement release
on the 3.8.x branch.</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We would like to thank everyone
who contributed in this release:</font></div>
<div><font face="monospace">Samuel Thibault, Adrian Bunk,
Sam James, Miroslav Lichvar, Dimitri Papadopoulos
Orfanos, Yongye Zhu, xuraoqing, Clemens Lang, Frediano
Ziglio, Ajit Singh, Daiki Ueno and Zoltan Fridrich<br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">The detailed list of changes
follows:</font> </div>
<div><font face="monospace"><span id="LC8"
data-testid="content" class="line" lang="plaintext"><span
class=""></span></span><span id="LC8"
data-testid="content" class="line" lang="plaintext"><span
class=""><br>
</span></span></font></div>
<div><font face="monospace"><span id="LC8"
data-testid="content" class="line" lang="plaintext"><span
class="">* Version 3.8.2 (released 2023-11-14)</span></span></font>
</div>
<div><font face="monospace"><span id="LC9"
data-testid="content" class="line" lang="plaintext"><span
class=""></span></span></font>
<font face="monospace"><span id="LC10"
data-testid="content" class="line" lang="plaintext"><span
class=""><br>
</span></span></font></div>
<div><font face="monospace"><span id="LC10"
data-testid="content" class="line" lang="plaintext"><span
class="">** libgnutls: Fix timing side-channel
inside RSA-PSK key exchange.</span></span>
<span id="LC11" data-testid="content" class="line"
lang="plaintext"><span class="">
[GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]</span></span></font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">
<span id="LC13" data-testid="content" class="line"
lang="plaintext"><span class="">** libgnutls: Add API
functions to perform ECDH and DH key agreement</span></span>.
<span id="LC14" data-testid="content" class="line"
lang="plaintext"><span class=""> The functionality has
been there for a long time though they were</span></span>
<span id="LC15" data-testid="content" class="line"
lang="plaintext"><span class=""> not available as part
of the public API. This enables applications</span></span>
<span id="LC16" data-testid="content" class="line"
lang="plaintext"><span class=""> to implement custom
protocols leveraging non-interactive key</span></span>
<span id="LC17" data-testid="content" class="line"
lang="plaintext"><span class=""> agreement with ECDH
and DH.</span></span><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">
<span id="LC19" data-testid="content" class="line"
lang="plaintext"><span class="">** libgnutls: Added
support for AES-GCM-SIV ciphers (RFC 8452)</span></span>.
<span id="LC20" data-testid="content" class="line"
lang="plaintext"><span class=""> The new algorithms
GNUTLS_CIPHER_AES_128_SIV_GCM and</span></span>
<span id="LC21" data-testid="content" class="line"
lang="plaintext"><span class="">
GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be
used through</span></span>
<span id="LC22" data-testid="content" class="line"
lang="plaintext"><span class=""> the AEAD interface.
Note that, unlike</span></span>
<span id="LC23" data-testid="content" class="line"
lang="plaintext"><span class="">
GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the
authentication tag is</span></span>
<span id="LC24" data-testid="content" class="line"
lang="plaintext"><span class=""> appended to the
ciphertext, not prepended.</span></span>
<span id="LC25" data-testid="content" class="line"
lang="plaintext"><span class=""></span></span><br>
</font></div>
<div><font face="monospace"><span id="LC26"
data-testid="content" class="line" lang="plaintext"><span
class=""><br>
</span></span></font></div>
<div><font face="monospace"><span id="LC26"
data-testid="content" class="line" lang="plaintext"><span
class="">** libgnutls: transparent KTLS support is
extended to FreeBSD kernel</span></span>.
<span id="LC27" data-testid="content" class="line"
lang="plaintext"><span class=""> The kernel TLS
feature can now be enabled on FreeBSD as well as</span></span>
<span id="LC28" data-testid="content" class="line"
lang="plaintext"><span class=""> Linux when compiled
with the --enable-ktls configure option.</span></span>
<span id="LC29" data-testid="content" class="line"
lang="plaintext"><span class=""></span></span><br>
</font></div>
<div><font face="monospace"><span id="LC30"
data-testid="content" class="line" lang="plaintext"><span
class=""><br>
</span></span></font></div>
<div><font face="monospace"><span id="LC30"
data-testid="content" class="line" lang="plaintext"><span
class="">** gnutls-cli: New option --starttls-name</span></span>
<span id="LC31" data-testid="content" class="line"
lang="plaintext"><span class=""> Depending on
deployment, application protocols such as XMPP may</span></span>
<span id="LC32" data-testid="content" class="line"
lang="plaintext"><span class=""> require a different
origin address than the external address to be</span></span>
<span id="LC33" data-testid="content" class="line"
lang="plaintext"><span class=""> presented prior to
STARTTLS negotiation. The --starttls-name can</span></span>
<span id="LC34" data-testid="content" class="line"
lang="plaintext"><span class=""> be used to specify
the addresses separately.</span></span><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">
<span id="LC36" data-testid="content" class="line"
lang="plaintext"><span class="">** API and ABI
modifications:</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC37"
data-testid="content" class="line" lang="plaintext"><span
class="">gnutls_pubkey_import_dh_raw: New function</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC38"
data-testid="content" class="line" lang="plaintext"><span
class="">gnutls_privkey_import_dh_raw: New function</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC39"
data-testid="content" class="line" lang="plaintext"><span
class="">gnutls_pubkey_export_dh_raw: New function</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC40"
data-testid="content" class="line" lang="plaintext"><span
class="">gnutls_privkey_export_dh_raw: New function</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC41"
data-testid="content" class="line" lang="plaintext"><span
class="">gnutls_x509_privkey_import_dh_raw: New
function</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC42"
data-testid="content" class="line" lang="plaintext"><span
class="">gnutls_privkey_derive_secret: New function</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC43"
data-testid="content" class="line" lang="plaintext"><span
class="">GNUTLS_KEYGEN_DH: New enum member of
gnutls_keygen_types_t</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC44"
data-testid="content" class="line" lang="plaintext"><span
class="">GNUTLS_CIPHER_AES_128_SIV_GCM: Added</span></span><br>
</font></div>
<div><font face="monospace"><span id="LC45"
data-testid="content" class="line" lang="plaintext"><span
class="">GNUTLS_CIPHER_AES_256_SIV_GCM: Added</span></span>
<br>
<br>
<br>
Getting the Software<br>
================</font></div>
</div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">GnuTLS may be downloaded
directly from <br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/&source=gmail&ust=1652432968350000&usg=AOvVaw3njjTg_V6cIskMjpkmAg7X">https://www.gnupg.org/ftp/<wbr>gcrypt/</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">A list of GnuTLS mirrors
can be found at</font></div>
<font face="monospace"> </font>
<div dir="ltr"> <font face="monospace"><a
href="http://www.gnutls.org/download.html"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://www.gnutls.org/download.html&source=gmail&ust=1652432968350000&usg=AOvVaw1J-wc5GojHL2n94ox7b_09">http://www.gnutls.org/<wbr>download.html</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Here are the XZ
compressed sources:<br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz&source=gmail&ust=1652432968350000&usg=AOvVaw3ybeveKudYmPlqI6U8OXIO"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>2.tar.xz</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">Here are OpenPGP
detached signatures signed using keys:</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">and<br>
</font> <font face="monospace">462225C3B46F34879FC8496CD60584</font><wbr><font
face="monospace">8ED7E69871</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.2.tar.xz.sig"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig&source=gmail&ust=1652432968350000&usg=AOvVaw1J49sWnCfoI9B3ou7WbdQ6"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>2.tar.xz.sig</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Note that it has been
signed with my openpgp key:<br>
pub ed25519 2021-12-23 [SC] [expires: 2023-12-23]<br>
5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C<br>
uid [ultimate] Zoltan Fridrich <<a
href="mailto:zfridric@redhat.com" target="_blank"
class="moz-txt-link-freetext">zfridric@redhat.com</a>><br>
sub cv25519 2021-12-23 [E] [expires: 2023-12-23]<br>
</font> <font face="monospace"><br>
</font> <font face="monospace">and Daiki Uenos openpgp key:<br>
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">
462225C3B46F34879FC8496CD60584</font><wbr><font
face="monospace">8ED7E69871</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">uid [ultimate]
Daiki Ueno <<a
href="http://lists.gnupg.org/mailman/listinfo/gnutls-help"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://lists.gnupg.org/mailman/listinfo/gnutls-help&source=gmail&ust=1652432968350000&usg=AOvVaw18rxrVXHJCQuhzQT8ikMTN">ueno
at unixuser.org</a>></font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">uid [ultimate]
Daiki Ueno <<a
href="http://lists.gnupg.org/mailman/listinfo/gnutls-help"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://lists.gnupg.org/mailman/listinfo/gnutls-help&source=gmail&ust=1652432968350000&usg=AOvVaw18rxrVXHJCQuhzQT8ikMTN">ueno
at gnu.org</a>></font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">sub rsa4096 2010-02-04
[E]<br>
</font> <font face="monospace"><br>
Regards,<br>
Zoltan</font></div>
</div>
</div>
</div>
<p></p>
</body>
</html>