[PATCH] gnutls: Update to version 3.8.10

[Adolf Belka <adolf.belka@ipfire.org>]

- Update from version 3.8.9 to 3.8.10
- Update of rootfile
- 4 CVE fixes in this version
- Changelog
    3.8.10
	** libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
	   Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
	   [CVE-2025-6395]
	** libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
	   Spotted by oss-fuzz and reported by OpenAI Security Research Team,
	   and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
	   CVSS: medium] [CVE-2025-32989]
	** libgnutls: Fix double-free upon error when exporting otherName in SAN
	   Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
	   CVSS: low] [CVE-2025-32988]
	** certtool: Fix 1-byte write buffer overrun when parsing template
	   Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
	   CVSS: low] [CVE-2025-32990]
	** libgnutls: PKCS#11 modules can now be used to override the default
	   cryptographic backend. Use the [provider] section in the system-wide config
	   to specify path and pin to the module (see system-wide config Documentation).
	** libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update
	   support. The library running on the aforementioned version now utilizes the
	   kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
	   TLS session. The --enable-ktls configure option as well as the system-wide
	   kTLS configuration(see GnuTLS Documentation) are still required to enable
	   this feature.
	** libgnutls: liboqs support for PQC has been removed
	   For maintenance purposes, support for post-quantum cryptography
	   (PQC) is now only provided through leancrypto. The experimental key
	   exchange algorithm, X25519Kyber768Draft00, which is based on the
	   round 3 candidate of Kyber and only supported through liboqs has
	   also been removed altogether.
	** libgnutls: TLS certificate compression methods can now be set with
	   cert-compression-alg configuration option in the gnutls priority file.
	** libgnutls: All variants of ML-DSA private key formats are supported
	   While the previous implementation of ML-DSA was based on
	   draft-ietf-lamps-dilithium-certificates-04, this updates it to
	   draft-ietf-lamps-dilithium-certificates-12 with support for all 3
	   variants of private key formats: "seed", "expandedKey", and "both".
	** libgnutls: ML-DSA signatures can now be used in TLS
	   The ML-DSA signature algorithms, ML-DSA-44, ML-DSA-65, and
	   ML-DSA-87, can now be used to digitally sign TLS handshake
	   messages.
	** API and ABI modifications:
	   GNUTLS_PKCS_MLDSA_SEED: New enum member of gnutls_pkcs_encrypt_flags_t
	   GNUTLS_PKCS_MLDSA_EXPANDED: New enum member of gnutls_pkcs_encrypt_flags_t

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/gnutls | 2 +-
 lfs/gnutls                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
index 824631734..e86384325 100644
--- a/config/rootfiles/common/gnutls
+++ b/config/rootfiles/common/gnutls
@@ -32,7 +32,7 @@ usr/lib/libgnutls-dane.so.0.4.1
 #usr/lib/libgnutls.la
 #usr/lib/libgnutls.so
 usr/lib/libgnutls.so.30
-usr/lib/libgnutls.so.30.40.3
+usr/lib/libgnutls.so.30.40.4
 #usr/lib/libgnutlsxx.la
 #usr/lib/libgnutlsxx.so
 usr/lib/libgnutlsxx.so.30
diff --git a/lfs/gnutls b/lfs/gnutls
index cc5b255fb..25920dfe7 100644
--- a/lfs/gnutls
+++ b/lfs/gnutls
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.8.9
+VER        = 3.8.10
 
 THISAPP    = gnutls-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 0fd4751e24649a9c4b8ee7616350a4b6a504ec10b3ef39b450af25abc4935f30df9e8f732435166516f89c692ac7cb7a0aafb76c4c86c1faff53119840d26ae7
+$(DL_FILE)_BLAKE2 = 0b62e93b2818d2265ca11e561724547fa3c24d08986eb77ea743b4af52773db975c1859164c7d405d9a9bedfa981af58f10f85100b6c0e3542a38c49af407a4d
 
 install : $(TARGET)
 
-- 
2.50.1