<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p> </p>
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div><font face="monospace">Hello,</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We have just released
gnutls-3.8.4. This is a bug fix and enhancement
release on the 3.8.x branch.</font></div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">We would like to thank
everyone who contributed in this release:</font></div>
<font face="monospace"> </font>
<div><font face="monospace">Avinash Sonawane, Xin Long,
Alexander Sosedkin, Sahil Siddiq, Ramesh Adhikari,
Stanislav Zidek, Dmitri Papadopoulos Orfanos, Daiki
Ueno and Zoltan Fridrich<br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div><font face="monospace">The detailed list of changes
follows:</font> </div>
</div>
<div dir="ltr"><font face="monospace"><br>
</font>
<div><font face="monospace">* Version 3.8.4 (released
2024-03-18)</font>
</div>
<div>
<font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: RSA-OAEP
encryption scheme is now supported
To use it with an unrestricted RSA private key, one
would need to
initialize a gnutls_x509_spki_t object with necessary
parameters
for RSA-OAEP and attach it to the private key. It is
also possible
to import restricted private keys if they are stored
in PKCS#8
format.</font><font face="monospace"><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: Fix side-channel
in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
<br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: Fixed a bug
where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by
William Woodruff (#1525)
and yixiangzhike (#1527).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]<br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** libgnutls: Compression
libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library
initialization.
As a result, the library initialization should be
faster.</font><font face="monospace"><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** build: The gnutls library
can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a
needs to be
compiled with -fPIC and libhogweed in Nettle also has
to be linked
to the static library of GMP. This can be used to
prevent custom
memory allocators from being overriden by other
applications.</font><font face="monospace"><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">** API and ABI modifications:<br>
</font></div>
<div><font face="monospace">gnutls_x509_spki_get_rsa_oaep_params:
New function.
<br>
</font></div>
<div><font face="monospace">gnutls_x509_spki_set_rsa_oaep_params:
New function.<br>
</font></div>
<div><font face="monospace">GNUTLS_PK_RSA_OAEP: New enum
member of gnutls_pk_algorithm_t.</font>
</div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">Getting the Software<br>
================</font></div>
</div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">GnuTLS may be
downloaded directly from <br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/&source=gmail&ust=1652432968350000&usg=AOvVaw3njjTg_V6cIskMjpkmAg7X">https://www.gnupg.org/ftp/<wbr>gcrypt/</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">A list of GnuTLS
mirrors can be found at</font></div>
<font face="monospace"> </font>
<div dir="ltr"> <font face="monospace"><a
href="http://www.gnutls.org/download.html"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=http://www.gnutls.org/download.html&source=gmail&ust=1652432968350000&usg=AOvVaw1J-wc5GojHL2n94ox7b_09">http://www.gnutls.org/<wbr>download.html</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Here are the XZ
compressed sources:<br>
</font> <font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz&source=gmail&ust=1652432968350000&usg=AOvVaw3ybeveKudYmPlqI6U8OXIO"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>4.tar.xz</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">Here are OpenPGP
detached signatures signed using key:</font></div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace">5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C</font></div>
<font face="monospace"> </font> <font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><a
href="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig&source=gmail&ust=1652432968350000&usg=AOvVaw1J49sWnCfoI9B3ou7WbdQ6"
moz-do-not-send="true">https://www.gnupg.org/ftp/<wbr>gcrypt/gnutls/v3.8/gnutls-3.8.<wbr>4.tar.xz.sig</a>
<br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"><br>
</font> </div>
<font face="monospace"> </font>
<div dir="ltr"><font face="monospace"> Note that it has been
signed with my openpgp key:<br>
pub ed25519 2021-12-23 [SC] [expires: 2027-01-01]<br>
5D46CB0F763405A7053556F47A75A6</font><wbr><font
face="monospace">48B3F9220C<br>
uid [ultimate] Zoltan Fridrich <<a
href="mailto:zfridric@redhat.com" target="_blank"
class="moz-txt-link-freetext">zfridric@redhat.com</a>><br>
sub cv25519 2021-12-23 [E] [expires: 2027-01-01]</font><font
face="monospace"><br>
</font> <font face="monospace"><br>
Regards,<br>
Zoltan</font></div>
</div>
</div>
</div>
<p></p>
</div>
</body>
</html>