From zfridric at redhat.com  Wed Mar 20 10:35:16 2024
From: zfridric at redhat.com (Zoltan Fridrich)
Date: Wed, 20 Mar 2024 10:35:16 +0100
Subject: [gnutls-help] gnutls 3.8.4
Message-ID: <89db3791-d41b-921b-2639-bd25198fc2d4@redhat.com>

Hello,

We have just released gnutls-3.8.4. This is a bug fix and enhancement 
release on the 3.8.x branch.

We would like to thank everyone who contributed in this release:
Avinash Sonawane, Xin Long, Alexander Sosedkin, Sahil Siddiq, Ramesh 
Adhikari, Stanislav Zidek, Dmitri Papadopoulos Orfanos, Daiki Ueno and 
Zoltan Fridrich


The detailed list of changes follows:

* Version 3.8.4 (released 2024-03-18)

** libgnutls: RSA-OAEP encryption scheme is now supported To use it with 
an unrestricted RSA private key, one would need to initialize a 
gnutls_x509_spki_t object with necessary parameters for RSA-OAEP and 
attach it to the private key. It is also possible to import restricted 
private keys if they are stored in PKCS#8 format.

** libgnutls: Fix side-channel in the deterministic ECDSA. Reported by 
George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] 
[CVE-2024-28834]

** libgnutls: Fixed a bug where certtool crashed when verifying a 
certificate chain with more than 16 certificates. Reported by William 
Woodruff (#1525) and yixiangzhike (#1527). [GNUTLS-SA-2024-01-23, CVSS: 
medium] [CVE-2024-28835]

** libgnutls: Compression libraries are now loaded dynamically as needed 
instead of all being loaded during gnutls library initialization. As a 
result, the library initialization should be faster.

** build: The gnutls library can now be linked with the static library 
of GMP. Note that in order for this to work libgmp.a needs to be 
compiled with -fPIC and libhogweed in Nettle also has to be linked to 
the static library of GMP. This can be used to prevent custom memory 
allocators from being overriden by other applications.

** API and ABI modifications:
gnutls_x509_spki_get_rsa_oaep_params: New function.
gnutls_x509_spki_set_rsa_oaep_params: New function.
GNUTLS_PK_RSA_OAEP: New enum member of gnutls_pk_algorithm_t.


Getting the Software
================
GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/ <https://www.gnupg.org/ftp/gcrypt/>
A list of GnuTLS mirrors can be found at
http://www.gnutls.org/download.html <http://www.gnutls.org/download.html>

Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz 
<https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz>

Here are OpenPGP detached signatures signed using key:
5D46CB0F763405A7053556F47A75A648B3F9220C
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig 
<https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.4.tar.xz.sig>

Note that it has been signed with my openpgp key:
pub ? ed25519 2021-12-23 [SC] [expires: 2027-01-01]
 ? ? ? 5D46CB0F763405A7053556F47A75A648B3F9220C
uid ? ? ? ? ? [ultimate] Zoltan Fridrich <zfridric at redhat.com>
sub ? cv25519 2021-12-23 [E] [expires: 2027-01-01]

Regards,
Zoltan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240320/efb88be1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x7A75A648B3F9220C.asc
Type: application/pgp-keys
Size: 1054 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240320/efb88be1/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20240320/efb88be1/attachment-0001.sig>