* [PATCH 1/2] gnutls: Update to 3.6.14
@ 2020-06-10 22:08 Matthias Fischer
2020-06-10 22:08 ` [PATCH 2/2] gmp: Update to 6.2.0 Matthias Fischer
2020-06-11 8:44 ` [PATCH 1/2] gnutls: Update to 3.6.14 Michael Tremer
0 siblings, 2 replies; 6+ messages in thread
From: Matthias Fischer @ 2020-06-10 22:08 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 10353 bytes --]
For details see:
https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
"** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011).
[GNUTLS-SA-2020-06-03, CVSS: high]
** libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008).
** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
** libgnutls: Added several improvements on Windows Vista and later releases
(!1257, !1254, !1256). Most notably the system random number generator now
uses Windows BCrypt* API if available (!1255).
** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
** libgnutls: Added support for AES-SIV ciphers (#463).
** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
** libgnutls: No longer use internal symbols exported from Nettle (!1235)
** API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
config/rootfiles/common/gnutls | 25 ++++++++++++++++++++++++-
lfs/gnutls | 9 ++++-----
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
index b8adaa9d9..cb7ecf8e5 100644
--- a/config/rootfiles/common/gnutls
+++ b/config/rootfiles/common/gnutls
@@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1
#usr/lib/libgnutls.la
#usr/lib/libgnutls.so
usr/lib/libgnutls.so.30
-usr/lib/libgnutls.so.30.23.2
+usr/lib/libgnutls.so.30.28.0
#usr/lib/libgnutlsxx.la
#usr/lib/libgnutlsxx.so
usr/lib/libgnutlsxx.so.28
@@ -113,9 +113,11 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/dane_verify_crt_raw.3
#usr/share/man/man3/dane_verify_session_crt.3
#usr/share/man/man3/gnutls_aead_cipher_decrypt.3
+#usr/share/man/man3/gnutls_aead_cipher_decryptv2.3
#usr/share/man/man3/gnutls_aead_cipher_deinit.3
#usr/share/man/man3/gnutls_aead_cipher_encrypt.3
#usr/share/man/man3/gnutls_aead_cipher_encryptv.3
+#usr/share/man/man3/gnutls_aead_cipher_encryptv2.3
#usr/share/man/man3/gnutls_aead_cipher_init.3
#usr/share/man/man3/gnutls_alert_get.3
#usr/share/man/man3/gnutls_alert_get_name.3
@@ -206,6 +208,8 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_certificate_type_get_id.3
#usr/share/man/man3/gnutls_certificate_type_get_name.3
#usr/share/man/man3/gnutls_certificate_type_list.3
+#usr/share/man/man3/gnutls_certificate_verification_profile_get_id.3
+#usr/share/man/man3/gnutls_certificate_verification_profile_get_name.3
#usr/share/man/man3/gnutls_certificate_verification_status_print.3
#usr/share/man/man3/gnutls_certificate_verify_peers.3
#usr/share/man/man3/gnutls_certificate_verify_peers2.3
@@ -271,6 +275,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_dh_params_import_pkcs3.3
#usr/share/man/man3/gnutls_dh_params_import_raw.3
#usr/share/man/man3/gnutls_dh_params_import_raw2.3
+#usr/share/man/man3/gnutls_dh_params_import_raw3.3
#usr/share/man/man3/gnutls_dh_params_init.3
#usr/share/man/man3/gnutls_dh_set_prime_bits.3
#usr/share/man/man3/gnutls_digest_get_id.3
@@ -302,12 +307,14 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_ext_get_current_msg.3
#usr/share/man/man3/gnutls_ext_get_data.3
#usr/share/man/man3/gnutls_ext_get_name.3
+#usr/share/man/man3/gnutls_ext_get_name2.3
#usr/share/man/man3/gnutls_ext_raw_parse.3
#usr/share/man/man3/gnutls_ext_register.3
#usr/share/man/man3/gnutls_ext_set_data.3
#usr/share/man/man3/gnutls_fingerprint.3
#usr/share/man/man3/gnutls_fips140_mode_enabled.3
#usr/share/man/man3/gnutls_fips140_set_mode.3
+#usr/share/man/man3/gnutls_get_system_config_file.3
#usr/share/man/man3/gnutls_global_deinit.3
#usr/share/man/man3/gnutls_global_init.3
#usr/share/man/man3/gnutls_global_set_audit_log_function.3
@@ -333,6 +340,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_handshake_set_random.3
#usr/share/man/man3/gnutls_handshake_set_timeout.3
#usr/share/man/man3/gnutls_hash.3
+#usr/share/man/man3/gnutls_hash_copy.3
#usr/share/man/man3/gnutls_hash_deinit.3
#usr/share/man/man3/gnutls_hash_fast.3
#usr/share/man/man3/gnutls_hash_get_len.3
@@ -349,9 +357,13 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_hex_decode2.3
#usr/share/man/man3/gnutls_hex_encode.3
#usr/share/man/man3/gnutls_hex_encode2.3
+#usr/share/man/man3/gnutls_hkdf_expand.3
+#usr/share/man/man3/gnutls_hkdf_extract.3
#usr/share/man/man3/gnutls_hmac.3
+#usr/share/man/man3/gnutls_hmac_copy.3
#usr/share/man/man3/gnutls_hmac_deinit.3
#usr/share/man/man3/gnutls_hmac_fast.3
+#usr/share/man/man3/gnutls_hmac_get_key_size.3
#usr/share/man/man3/gnutls_hmac_get_len.3
#usr/share/man/man3/gnutls_hmac_init.3
#usr/share/man/man3/gnutls_hmac_output.3
@@ -425,6 +437,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_openpgp_send_cert.3
#usr/share/man/man3/gnutls_packet_deinit.3
#usr/share/man/man3/gnutls_packet_get.3
+#usr/share/man/man3/gnutls_pbkdf2.3
#usr/share/man/man3/gnutls_pcert_deinit.3
#usr/share/man/man3/gnutls_pcert_export_openpgp.3
#usr/share/man/man3/gnutls_pcert_export_x509.3
@@ -557,6 +570,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_pkcs7_import.3
#usr/share/man/man3/gnutls_pkcs7_init.3
#usr/share/man/man3/gnutls_pkcs7_print.3
+#usr/share/man/man3/gnutls_pkcs7_print_signature_info.3
#usr/share/man/man3/gnutls_pkcs7_set_crl.3
#usr/share/man/man3/gnutls_pkcs7_set_crl_raw.3
#usr/share/man/man3/gnutls_pkcs7_set_crt.3
@@ -569,6 +583,8 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_pkcs_schema_get_name.3
#usr/share/man/man3/gnutls_pkcs_schema_get_oid.3
#usr/share/man/man3/gnutls_prf.3
+#usr/share/man/man3/gnutls_prf_early.3
+#usr/share/man/man3/gnutls_prf_hash_get.3
#usr/share/man/man3/gnutls_prf_raw.3
#usr/share/man/man3/gnutls_prf_rfc5705.3
#usr/share/man/man3/gnutls_priority_certificate_type_list.3
@@ -645,11 +661,15 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_psk_free_client_credentials.3
#usr/share/man/man3/gnutls_psk_free_server_credentials.3
#usr/share/man/man3/gnutls_psk_server_get_username.3
+#usr/share/man/man3/gnutls_psk_server_get_username2.3
#usr/share/man/man3/gnutls_psk_set_client_credentials.3
+#usr/share/man/man3/gnutls_psk_set_client_credentials2.3
#usr/share/man/man3/gnutls_psk_set_client_credentials_function.3
+#usr/share/man/man3/gnutls_psk_set_client_credentials_function2.3
#usr/share/man/man3/gnutls_psk_set_params_function.3
#usr/share/man/man3/gnutls_psk_set_server_credentials_file.3
#usr/share/man/man3/gnutls_psk_set_server_credentials_function.3
+#usr/share/man/man3/gnutls_psk_set_server_credentials_function2.3
#usr/share/man/man3/gnutls_psk_set_server_credentials_hint.3
#usr/share/man/man3/gnutls_psk_set_server_dh_params.3
#usr/share/man/man3/gnutls_psk_set_server_known_dh_params.3
@@ -720,6 +740,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_record_send_early_data.3
#usr/share/man/man3/gnutls_record_send_range.3
#usr/share/man/man3/gnutls_record_set_max_early_data_size.3
+#usr/share/man/man3/gnutls_record_set_max_recv_size.3
#usr/share/man/man3/gnutls_record_set_max_size.3
#usr/share/man/man3/gnutls_record_set_state.3
#usr/share/man/man3/gnutls_record_set_timeout.3
@@ -746,6 +767,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_session_get_flags.3
#usr/share/man/man3/gnutls_session_get_id.3
#usr/share/man/man3/gnutls_session_get_id2.3
+#usr/share/man/man3/gnutls_session_get_keylog_function.3
#usr/share/man/man3/gnutls_session_get_master_secret.3
#usr/share/man/man3/gnutls_session_get_ptr.3
#usr/share/man/man3/gnutls_session_get_random.3
@@ -755,6 +777,7 @@ usr/lib/libgnutlsxx.so.28.1.0
#usr/share/man/man3/gnutls_session_resumption_requested.3
#usr/share/man/man3/gnutls_session_set_data.3
#usr/share/man/man3/gnutls_session_set_id.3
+#usr/share/man/man3/gnutls_session_set_keylog_function.3
#usr/share/man/man3/gnutls_session_set_premaster.3
#usr/share/man/man3/gnutls_session_set_ptr.3
#usr/share/man/man3/gnutls_session_set_verify_cert.3
diff --git a/lfs/gnutls b/lfs/gnutls
index 6d24800b8..07344a8c4 100644
--- a/lfs/gnutls
+++ b/lfs/gnutls
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,11 +24,10 @@
include Config
-VER = 3.6.7
-SUBVER = .1
+VER = 3.6.14
THISAPP = gnutls-$(VER)
-DL_FILE = $(THISAPP)$(SUBVER).tar.xz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -41,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 92a8049e618afa60e2c852da1884c457
+$(DL_FILE)_MD5 = bf70632d420e421baff482247f01dbfe
install : $(TARGET)
--
2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] gmp: Update to 6.2.0
2020-06-10 22:08 [PATCH 1/2] gnutls: Update to 3.6.14 Matthias Fischer
@ 2020-06-10 22:08 ` Matthias Fischer
2020-06-11 8:44 ` Michael Tremer
2020-06-11 8:44 ` [PATCH 1/2] gnutls: Update to 3.6.14 Michael Tremer
1 sibling, 1 reply; 6+ messages in thread
From: Matthias Fischer @ 2020-06-10 22:08 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4082 bytes --]
Needed for gnutls 3.6.14
For details see:
https://gmplib.org/gmp6.2
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
config/rootfiles/common/aarch64/gmp | 4 ++--
config/rootfiles/common/armv5tel/gmp | 4 ++--
config/rootfiles/common/i586/gmp | 8 ++++----
config/rootfiles/common/x86_64/gmp | 6 ++++--
lfs/gmp | 6 +++---
5 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/aarch64/gmp b/config/rootfiles/common/aarch64/gmp
index 919b0845a..8a95add05 100644
--- a/config/rootfiles/common/aarch64/gmp
+++ b/config/rootfiles/common/aarch64/gmp
@@ -4,12 +4,12 @@
#usr/lib/libgmp.la
#usr/lib/libgmp.so
usr/lib/libgmp.so.10
-usr/lib/libgmp.so.10.3.2
+usr/lib/libgmp.so.10.4.0
#usr/lib/libgmpxx.a
#usr/lib/libgmpxx.la
#usr/lib/libgmpxx.so
usr/lib/libgmpxx.so.4
-usr/lib/libgmpxx.so.4.5.2
+usr/lib/libgmpxx.so.4.6.0
#usr/share/info/gmp.info
#usr/share/info/gmp.info-1
#usr/share/info/gmp.info-2
diff --git a/config/rootfiles/common/armv5tel/gmp b/config/rootfiles/common/armv5tel/gmp
index 919b0845a..8a95add05 100644
--- a/config/rootfiles/common/armv5tel/gmp
+++ b/config/rootfiles/common/armv5tel/gmp
@@ -4,12 +4,12 @@
#usr/lib/libgmp.la
#usr/lib/libgmp.so
usr/lib/libgmp.so.10
-usr/lib/libgmp.so.10.3.2
+usr/lib/libgmp.so.10.4.0
#usr/lib/libgmpxx.a
#usr/lib/libgmpxx.la
#usr/lib/libgmpxx.so
usr/lib/libgmpxx.so.4
-usr/lib/libgmpxx.so.4.5.2
+usr/lib/libgmpxx.so.4.6.0
#usr/share/info/gmp.info
#usr/share/info/gmp.info-1
#usr/share/info/gmp.info-2
diff --git a/config/rootfiles/common/i586/gmp b/config/rootfiles/common/i586/gmp
index 636dc5c45..c1d6a7d9d 100644
--- a/config/rootfiles/common/i586/gmp
+++ b/config/rootfiles/common/i586/gmp
@@ -4,14 +4,14 @@
#usr/lib/libgmp.la
#usr/lib/libgmp.so
usr/lib/libgmp.so.10
-usr/lib/libgmp.so.10.3.2
+usr/lib/libgmp.so.10.4.0
#usr/lib/libgmpxx.a
#usr/lib/libgmpxx.la
#usr/lib/libgmpxx.so
usr/lib/libgmpxx.so.4
-usr/lib/libgmpxx.so.4.5.2
-usr/lib/sse2/libgmp.so.10
-usr/lib/sse2/libgmp.so.10.3.2
+usr/lib/libgmpxx.so.4.6.0
+#usr/lib/pkgconfig/gmp.pc
+#usr/lib/pkgconfig/gmpxx.pc
#usr/share/info/gmp.info
#usr/share/info/gmp.info-1
#usr/share/info/gmp.info-2
diff --git a/config/rootfiles/common/x86_64/gmp b/config/rootfiles/common/x86_64/gmp
index 919b0845a..c1d6a7d9d 100644
--- a/config/rootfiles/common/x86_64/gmp
+++ b/config/rootfiles/common/x86_64/gmp
@@ -4,12 +4,14 @@
#usr/lib/libgmp.la
#usr/lib/libgmp.so
usr/lib/libgmp.so.10
-usr/lib/libgmp.so.10.3.2
+usr/lib/libgmp.so.10.4.0
#usr/lib/libgmpxx.a
#usr/lib/libgmpxx.la
#usr/lib/libgmpxx.so
usr/lib/libgmpxx.so.4
-usr/lib/libgmpxx.so.4.5.2
+usr/lib/libgmpxx.so.4.6.0
+#usr/lib/pkgconfig/gmp.pc
+#usr/lib/pkgconfig/gmpxx.pc
#usr/share/info/gmp.info
#usr/share/info/gmp.info-1
#usr/share/info/gmp.info-2
diff --git a/lfs/gmp b/lfs/gmp
index 98671b594..ea6e96402 100644
--- a/lfs/gmp
+++ b/lfs/gmp
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 6.1.2
+VER = 6.2.0
THISAPP = gmp-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f58fa8001d60c4c77595fbbb62b63c1d
+$(DL_FILE)_MD5 = a325e3f09e6d91e62101e59f9bda3ec1
install : $(TARGET)
--
2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] gmp: Update to 6.2.0
2020-06-10 22:08 ` [PATCH 2/2] gmp: Update to 6.2.0 Matthias Fischer
@ 2020-06-11 8:44 ` Michael Tremer
0 siblings, 0 replies; 6+ messages in thread
From: Michael Tremer @ 2020-06-11 8:44 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4430 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 10 Jun 2020, at 23:08, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>
> Needed for gnutls 3.6.14
>
> For details see:
> https://gmplib.org/gmp6.2
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> config/rootfiles/common/aarch64/gmp | 4 ++--
> config/rootfiles/common/armv5tel/gmp | 4 ++--
> config/rootfiles/common/i586/gmp | 8 ++++----
> config/rootfiles/common/x86_64/gmp | 6 ++++--
> lfs/gmp | 6 +++---
> 5 files changed, 15 insertions(+), 13 deletions(-)
>
> diff --git a/config/rootfiles/common/aarch64/gmp b/config/rootfiles/common/aarch64/gmp
> index 919b0845a..8a95add05 100644
> --- a/config/rootfiles/common/aarch64/gmp
> +++ b/config/rootfiles/common/aarch64/gmp
> @@ -4,12 +4,12 @@
> #usr/lib/libgmp.la
> #usr/lib/libgmp.so
> usr/lib/libgmp.so.10
> -usr/lib/libgmp.so.10.3.2
> +usr/lib/libgmp.so.10.4.0
> #usr/lib/libgmpxx.a
> #usr/lib/libgmpxx.la
> #usr/lib/libgmpxx.so
> usr/lib/libgmpxx.so.4
> -usr/lib/libgmpxx.so.4.5.2
> +usr/lib/libgmpxx.so.4.6.0
> #usr/share/info/gmp.info
> #usr/share/info/gmp.info-1
> #usr/share/info/gmp.info-2
> diff --git a/config/rootfiles/common/armv5tel/gmp b/config/rootfiles/common/armv5tel/gmp
> index 919b0845a..8a95add05 100644
> --- a/config/rootfiles/common/armv5tel/gmp
> +++ b/config/rootfiles/common/armv5tel/gmp
> @@ -4,12 +4,12 @@
> #usr/lib/libgmp.la
> #usr/lib/libgmp.so
> usr/lib/libgmp.so.10
> -usr/lib/libgmp.so.10.3.2
> +usr/lib/libgmp.so.10.4.0
> #usr/lib/libgmpxx.a
> #usr/lib/libgmpxx.la
> #usr/lib/libgmpxx.so
> usr/lib/libgmpxx.so.4
> -usr/lib/libgmpxx.so.4.5.2
> +usr/lib/libgmpxx.so.4.6.0
> #usr/share/info/gmp.info
> #usr/share/info/gmp.info-1
> #usr/share/info/gmp.info-2
> diff --git a/config/rootfiles/common/i586/gmp b/config/rootfiles/common/i586/gmp
> index 636dc5c45..c1d6a7d9d 100644
> --- a/config/rootfiles/common/i586/gmp
> +++ b/config/rootfiles/common/i586/gmp
> @@ -4,14 +4,14 @@
> #usr/lib/libgmp.la
> #usr/lib/libgmp.so
> usr/lib/libgmp.so.10
> -usr/lib/libgmp.so.10.3.2
> +usr/lib/libgmp.so.10.4.0
> #usr/lib/libgmpxx.a
> #usr/lib/libgmpxx.la
> #usr/lib/libgmpxx.so
> usr/lib/libgmpxx.so.4
> -usr/lib/libgmpxx.so.4.5.2
> -usr/lib/sse2/libgmp.so.10
> -usr/lib/sse2/libgmp.so.10.3.2
> +usr/lib/libgmpxx.so.4.6.0
> +#usr/lib/pkgconfig/gmp.pc
> +#usr/lib/pkgconfig/gmpxx.pc
> #usr/share/info/gmp.info
> #usr/share/info/gmp.info-1
> #usr/share/info/gmp.info-2
> diff --git a/config/rootfiles/common/x86_64/gmp b/config/rootfiles/common/x86_64/gmp
> index 919b0845a..c1d6a7d9d 100644
> --- a/config/rootfiles/common/x86_64/gmp
> +++ b/config/rootfiles/common/x86_64/gmp
> @@ -4,12 +4,14 @@
> #usr/lib/libgmp.la
> #usr/lib/libgmp.so
> usr/lib/libgmp.so.10
> -usr/lib/libgmp.so.10.3.2
> +usr/lib/libgmp.so.10.4.0
> #usr/lib/libgmpxx.a
> #usr/lib/libgmpxx.la
> #usr/lib/libgmpxx.so
> usr/lib/libgmpxx.so.4
> -usr/lib/libgmpxx.so.4.5.2
> +usr/lib/libgmpxx.so.4.6.0
> +#usr/lib/pkgconfig/gmp.pc
> +#usr/lib/pkgconfig/gmpxx.pc
> #usr/share/info/gmp.info
> #usr/share/info/gmp.info-1
> #usr/share/info/gmp.info-2
> diff --git a/lfs/gmp b/lfs/gmp
> index 98671b594..ea6e96402 100644
> --- a/lfs/gmp
> +++ b/lfs/gmp
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 6.1.2
> +VER = 6.2.0
>
> THISAPP = gmp-$(VER)
> DL_FILE = $(THISAPP).tar.xz
> @@ -49,7 +49,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = f58fa8001d60c4c77595fbbb62b63c1d
> +$(DL_FILE)_MD5 = a325e3f09e6d91e62101e59f9bda3ec1
>
> install : $(TARGET)
>
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] gnutls: Update to 3.6.14
2020-06-10 22:08 [PATCH 1/2] gnutls: Update to 3.6.14 Matthias Fischer
2020-06-10 22:08 ` [PATCH 2/2] gmp: Update to 6.2.0 Matthias Fischer
@ 2020-06-11 8:44 ` Michael Tremer
2020-06-11 10:09 ` Matthias Fischer
1 sibling, 1 reply; 6+ messages in thread
From: Michael Tremer @ 2020-06-11 8:44 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 10951 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Looks good.
Did you check if there is a new version of gcrypt? That kind of is part of this group, too.
-Michael
> On 10 Jun 2020, at 23:08, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>
> For details see:
> https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
>
> "** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
> The TLS server would not bind the session ticket encryption key with a
> value supplied by the application until the initial key rotation, allowing
> attacker to bypass authentication in TLS 1.3 and recover previous
> conversations in TLS 1.2 (#1011).
> [GNUTLS-SA-2020-06-03, CVSS: high]
>
> ** libgnutls: Fixed handling of certificate chain with cross-signed
> intermediate CA certificates (#1008).
>
> ** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
>
> ** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
> (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
> Key Identifier (AKI) properly (#989, #991).
>
> ** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
>
> ** libgnutls: Added several improvements on Windows Vista and later releases
> (!1257, !1254, !1256). Most notably the system random number generator now
> uses Windows BCrypt* API if available (!1255).
>
> ** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
> Also both accelerated and non-accelerated implementations check key block
> according to FIPS-140-2 IG A.9 (!1233).
>
> ** libgnutls: Added support for AES-SIV ciphers (#463).
>
> ** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
>
> ** libgnutls: No longer use internal symbols exported from Nettle (!1235)
>
> ** API and ABI modifications:
> GNUTLS_CIPHER_AES_128_SIV: Added
> GNUTLS_CIPHER_AES_256_SIV: Added
> GNUTLS_CIPHER_AES_192_GCM: Added
> gnutls_pkcs7_print_signature_info: Added"
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> config/rootfiles/common/gnutls | 25 ++++++++++++++++++++++++-
> lfs/gnutls | 9 ++++-----
> 2 files changed, 28 insertions(+), 6 deletions(-)
>
> diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
> index b8adaa9d9..cb7ecf8e5 100644
> --- a/config/rootfiles/common/gnutls
> +++ b/config/rootfiles/common/gnutls
> @@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1
> #usr/lib/libgnutls.la
> #usr/lib/libgnutls.so
> usr/lib/libgnutls.so.30
> -usr/lib/libgnutls.so.30.23.2
> +usr/lib/libgnutls.so.30.28.0
> #usr/lib/libgnutlsxx.la
> #usr/lib/libgnutlsxx.so
> usr/lib/libgnutlsxx.so.28
> @@ -113,9 +113,11 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/dane_verify_crt_raw.3
> #usr/share/man/man3/dane_verify_session_crt.3
> #usr/share/man/man3/gnutls_aead_cipher_decrypt.3
> +#usr/share/man/man3/gnutls_aead_cipher_decryptv2.3
> #usr/share/man/man3/gnutls_aead_cipher_deinit.3
> #usr/share/man/man3/gnutls_aead_cipher_encrypt.3
> #usr/share/man/man3/gnutls_aead_cipher_encryptv.3
> +#usr/share/man/man3/gnutls_aead_cipher_encryptv2.3
> #usr/share/man/man3/gnutls_aead_cipher_init.3
> #usr/share/man/man3/gnutls_alert_get.3
> #usr/share/man/man3/gnutls_alert_get_name.3
> @@ -206,6 +208,8 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_certificate_type_get_id.3
> #usr/share/man/man3/gnutls_certificate_type_get_name.3
> #usr/share/man/man3/gnutls_certificate_type_list.3
> +#usr/share/man/man3/gnutls_certificate_verification_profile_get_id.3
> +#usr/share/man/man3/gnutls_certificate_verification_profile_get_name.3
> #usr/share/man/man3/gnutls_certificate_verification_status_print.3
> #usr/share/man/man3/gnutls_certificate_verify_peers.3
> #usr/share/man/man3/gnutls_certificate_verify_peers2.3
> @@ -271,6 +275,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_dh_params_import_pkcs3.3
> #usr/share/man/man3/gnutls_dh_params_import_raw.3
> #usr/share/man/man3/gnutls_dh_params_import_raw2.3
> +#usr/share/man/man3/gnutls_dh_params_import_raw3.3
> #usr/share/man/man3/gnutls_dh_params_init.3
> #usr/share/man/man3/gnutls_dh_set_prime_bits.3
> #usr/share/man/man3/gnutls_digest_get_id.3
> @@ -302,12 +307,14 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_ext_get_current_msg.3
> #usr/share/man/man3/gnutls_ext_get_data.3
> #usr/share/man/man3/gnutls_ext_get_name.3
> +#usr/share/man/man3/gnutls_ext_get_name2.3
> #usr/share/man/man3/gnutls_ext_raw_parse.3
> #usr/share/man/man3/gnutls_ext_register.3
> #usr/share/man/man3/gnutls_ext_set_data.3
> #usr/share/man/man3/gnutls_fingerprint.3
> #usr/share/man/man3/gnutls_fips140_mode_enabled.3
> #usr/share/man/man3/gnutls_fips140_set_mode.3
> +#usr/share/man/man3/gnutls_get_system_config_file.3
> #usr/share/man/man3/gnutls_global_deinit.3
> #usr/share/man/man3/gnutls_global_init.3
> #usr/share/man/man3/gnutls_global_set_audit_log_function.3
> @@ -333,6 +340,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_handshake_set_random.3
> #usr/share/man/man3/gnutls_handshake_set_timeout.3
> #usr/share/man/man3/gnutls_hash.3
> +#usr/share/man/man3/gnutls_hash_copy.3
> #usr/share/man/man3/gnutls_hash_deinit.3
> #usr/share/man/man3/gnutls_hash_fast.3
> #usr/share/man/man3/gnutls_hash_get_len.3
> @@ -349,9 +357,13 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_hex_decode2.3
> #usr/share/man/man3/gnutls_hex_encode.3
> #usr/share/man/man3/gnutls_hex_encode2.3
> +#usr/share/man/man3/gnutls_hkdf_expand.3
> +#usr/share/man/man3/gnutls_hkdf_extract.3
> #usr/share/man/man3/gnutls_hmac.3
> +#usr/share/man/man3/gnutls_hmac_copy.3
> #usr/share/man/man3/gnutls_hmac_deinit.3
> #usr/share/man/man3/gnutls_hmac_fast.3
> +#usr/share/man/man3/gnutls_hmac_get_key_size.3
> #usr/share/man/man3/gnutls_hmac_get_len.3
> #usr/share/man/man3/gnutls_hmac_init.3
> #usr/share/man/man3/gnutls_hmac_output.3
> @@ -425,6 +437,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_openpgp_send_cert.3
> #usr/share/man/man3/gnutls_packet_deinit.3
> #usr/share/man/man3/gnutls_packet_get.3
> +#usr/share/man/man3/gnutls_pbkdf2.3
> #usr/share/man/man3/gnutls_pcert_deinit.3
> #usr/share/man/man3/gnutls_pcert_export_openpgp.3
> #usr/share/man/man3/gnutls_pcert_export_x509.3
> @@ -557,6 +570,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_pkcs7_import.3
> #usr/share/man/man3/gnutls_pkcs7_init.3
> #usr/share/man/man3/gnutls_pkcs7_print.3
> +#usr/share/man/man3/gnutls_pkcs7_print_signature_info.3
> #usr/share/man/man3/gnutls_pkcs7_set_crl.3
> #usr/share/man/man3/gnutls_pkcs7_set_crl_raw.3
> #usr/share/man/man3/gnutls_pkcs7_set_crt.3
> @@ -569,6 +583,8 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_pkcs_schema_get_name.3
> #usr/share/man/man3/gnutls_pkcs_schema_get_oid.3
> #usr/share/man/man3/gnutls_prf.3
> +#usr/share/man/man3/gnutls_prf_early.3
> +#usr/share/man/man3/gnutls_prf_hash_get.3
> #usr/share/man/man3/gnutls_prf_raw.3
> #usr/share/man/man3/gnutls_prf_rfc5705.3
> #usr/share/man/man3/gnutls_priority_certificate_type_list.3
> @@ -645,11 +661,15 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_psk_free_client_credentials.3
> #usr/share/man/man3/gnutls_psk_free_server_credentials.3
> #usr/share/man/man3/gnutls_psk_server_get_username.3
> +#usr/share/man/man3/gnutls_psk_server_get_username2.3
> #usr/share/man/man3/gnutls_psk_set_client_credentials.3
> +#usr/share/man/man3/gnutls_psk_set_client_credentials2.3
> #usr/share/man/man3/gnutls_psk_set_client_credentials_function.3
> +#usr/share/man/man3/gnutls_psk_set_client_credentials_function2.3
> #usr/share/man/man3/gnutls_psk_set_params_function.3
> #usr/share/man/man3/gnutls_psk_set_server_credentials_file.3
> #usr/share/man/man3/gnutls_psk_set_server_credentials_function.3
> +#usr/share/man/man3/gnutls_psk_set_server_credentials_function2.3
> #usr/share/man/man3/gnutls_psk_set_server_credentials_hint.3
> #usr/share/man/man3/gnutls_psk_set_server_dh_params.3
> #usr/share/man/man3/gnutls_psk_set_server_known_dh_params.3
> @@ -720,6 +740,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_record_send_early_data.3
> #usr/share/man/man3/gnutls_record_send_range.3
> #usr/share/man/man3/gnutls_record_set_max_early_data_size.3
> +#usr/share/man/man3/gnutls_record_set_max_recv_size.3
> #usr/share/man/man3/gnutls_record_set_max_size.3
> #usr/share/man/man3/gnutls_record_set_state.3
> #usr/share/man/man3/gnutls_record_set_timeout.3
> @@ -746,6 +767,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_session_get_flags.3
> #usr/share/man/man3/gnutls_session_get_id.3
> #usr/share/man/man3/gnutls_session_get_id2.3
> +#usr/share/man/man3/gnutls_session_get_keylog_function.3
> #usr/share/man/man3/gnutls_session_get_master_secret.3
> #usr/share/man/man3/gnutls_session_get_ptr.3
> #usr/share/man/man3/gnutls_session_get_random.3
> @@ -755,6 +777,7 @@ usr/lib/libgnutlsxx.so.28.1.0
> #usr/share/man/man3/gnutls_session_resumption_requested.3
> #usr/share/man/man3/gnutls_session_set_data.3
> #usr/share/man/man3/gnutls_session_set_id.3
> +#usr/share/man/man3/gnutls_session_set_keylog_function.3
> #usr/share/man/man3/gnutls_session_set_premaster.3
> #usr/share/man/man3/gnutls_session_set_ptr.3
> #usr/share/man/man3/gnutls_session_set_verify_cert.3
> diff --git a/lfs/gnutls b/lfs/gnutls
> index 6d24800b8..07344a8c4 100644
> --- a/lfs/gnutls
> +++ b/lfs/gnutls
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,11 +24,10 @@
>
> include Config
>
> -VER = 3.6.7
> -SUBVER = .1
> +VER = 3.6.14
>
> THISAPP = gnutls-$(VER)
> -DL_FILE = $(THISAPP)$(SUBVER).tar.xz
> +DL_FILE = $(THISAPP).tar.xz
> DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> @@ -41,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = 92a8049e618afa60e2c852da1884c457
> +$(DL_FILE)_MD5 = bf70632d420e421baff482247f01dbfe
>
> install : $(TARGET)
>
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] gnutls: Update to 3.6.14
2020-06-11 8:44 ` [PATCH 1/2] gnutls: Update to 3.6.14 Michael Tremer
@ 2020-06-11 10:09 ` Matthias Fischer
2020-06-11 12:15 ` Michael Tremer
0 siblings, 1 reply; 6+ messages in thread
From: Matthias Fischer @ 2020-06-11 10:09 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 11726 bytes --]
Hi,
On 11.06.2020 10:44, Michael Tremer wrote:
> Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
>
> Looks good.
>
> Did you check if there is a new version of gcrypt? That kind of is part of this group, too.
Software is buggy => evil... *sigh* ;-)
I did take a look.
I found:
libgcrypt => 1.8.5
libgpg-error => 1.38
libassuan => 2.5.3
gnupg => 2.2.0
Could you also please take a look at:
https://patchwork.ipfire.org/patch/3196/
or
https://patchwork.ipfire.org/patch/3198/
and
https://patchwork.ipfire.org/patch/3199/
Somehow these patches (gmp => 6.2.0 + fix for lfs) didn't make it to the
list. Blacklisted because of URL!?
Best,
Matthias
> -Michael
>
>> On 10 Jun 2020, at 23:08, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>>
>> For details see:
>> https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
>>
>> "** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
>> The TLS server would not bind the session ticket encryption key with a
>> value supplied by the application until the initial key rotation, allowing
>> attacker to bypass authentication in TLS 1.3 and recover previous
>> conversations in TLS 1.2 (#1011).
>> [GNUTLS-SA-2020-06-03, CVSS: high]
>>
>> ** libgnutls: Fixed handling of certificate chain with cross-signed
>> intermediate CA certificates (#1008).
>>
>> ** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
>>
>> ** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
>> (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
>> Key Identifier (AKI) properly (#989, #991).
>>
>> ** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
>>
>> ** libgnutls: Added several improvements on Windows Vista and later releases
>> (!1257, !1254, !1256). Most notably the system random number generator now
>> uses Windows BCrypt* API if available (!1255).
>>
>> ** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
>> Also both accelerated and non-accelerated implementations check key block
>> according to FIPS-140-2 IG A.9 (!1233).
>>
>> ** libgnutls: Added support for AES-SIV ciphers (#463).
>>
>> ** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
>>
>> ** libgnutls: No longer use internal symbols exported from Nettle (!1235)
>>
>> ** API and ABI modifications:
>> GNUTLS_CIPHER_AES_128_SIV: Added
>> GNUTLS_CIPHER_AES_256_SIV: Added
>> GNUTLS_CIPHER_AES_192_GCM: Added
>> gnutls_pkcs7_print_signature_info: Added"
>>
>> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
>> ---
>> config/rootfiles/common/gnutls | 25 ++++++++++++++++++++++++-
>> lfs/gnutls | 9 ++++-----
>> 2 files changed, 28 insertions(+), 6 deletions(-)
>>
>> diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
>> index b8adaa9d9..cb7ecf8e5 100644
>> --- a/config/rootfiles/common/gnutls
>> +++ b/config/rootfiles/common/gnutls
>> @@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1
>> #usr/lib/libgnutls.la
>> #usr/lib/libgnutls.so
>> usr/lib/libgnutls.so.30
>> -usr/lib/libgnutls.so.30.23.2
>> +usr/lib/libgnutls.so.30.28.0
>> #usr/lib/libgnutlsxx.la
>> #usr/lib/libgnutlsxx.so
>> usr/lib/libgnutlsxx.so.28
>> @@ -113,9 +113,11 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/dane_verify_crt_raw.3
>> #usr/share/man/man3/dane_verify_session_crt.3
>> #usr/share/man/man3/gnutls_aead_cipher_decrypt.3
>> +#usr/share/man/man3/gnutls_aead_cipher_decryptv2.3
>> #usr/share/man/man3/gnutls_aead_cipher_deinit.3
>> #usr/share/man/man3/gnutls_aead_cipher_encrypt.3
>> #usr/share/man/man3/gnutls_aead_cipher_encryptv.3
>> +#usr/share/man/man3/gnutls_aead_cipher_encryptv2.3
>> #usr/share/man/man3/gnutls_aead_cipher_init.3
>> #usr/share/man/man3/gnutls_alert_get.3
>> #usr/share/man/man3/gnutls_alert_get_name.3
>> @@ -206,6 +208,8 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_certificate_type_get_id.3
>> #usr/share/man/man3/gnutls_certificate_type_get_name.3
>> #usr/share/man/man3/gnutls_certificate_type_list.3
>> +#usr/share/man/man3/gnutls_certificate_verification_profile_get_id.3
>> +#usr/share/man/man3/gnutls_certificate_verification_profile_get_name.3
>> #usr/share/man/man3/gnutls_certificate_verification_status_print.3
>> #usr/share/man/man3/gnutls_certificate_verify_peers.3
>> #usr/share/man/man3/gnutls_certificate_verify_peers2.3
>> @@ -271,6 +275,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_dh_params_import_pkcs3.3
>> #usr/share/man/man3/gnutls_dh_params_import_raw.3
>> #usr/share/man/man3/gnutls_dh_params_import_raw2.3
>> +#usr/share/man/man3/gnutls_dh_params_import_raw3.3
>> #usr/share/man/man3/gnutls_dh_params_init.3
>> #usr/share/man/man3/gnutls_dh_set_prime_bits.3
>> #usr/share/man/man3/gnutls_digest_get_id.3
>> @@ -302,12 +307,14 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_ext_get_current_msg.3
>> #usr/share/man/man3/gnutls_ext_get_data.3
>> #usr/share/man/man3/gnutls_ext_get_name.3
>> +#usr/share/man/man3/gnutls_ext_get_name2.3
>> #usr/share/man/man3/gnutls_ext_raw_parse.3
>> #usr/share/man/man3/gnutls_ext_register.3
>> #usr/share/man/man3/gnutls_ext_set_data.3
>> #usr/share/man/man3/gnutls_fingerprint.3
>> #usr/share/man/man3/gnutls_fips140_mode_enabled.3
>> #usr/share/man/man3/gnutls_fips140_set_mode.3
>> +#usr/share/man/man3/gnutls_get_system_config_file.3
>> #usr/share/man/man3/gnutls_global_deinit.3
>> #usr/share/man/man3/gnutls_global_init.3
>> #usr/share/man/man3/gnutls_global_set_audit_log_function.3
>> @@ -333,6 +340,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_handshake_set_random.3
>> #usr/share/man/man3/gnutls_handshake_set_timeout.3
>> #usr/share/man/man3/gnutls_hash.3
>> +#usr/share/man/man3/gnutls_hash_copy.3
>> #usr/share/man/man3/gnutls_hash_deinit.3
>> #usr/share/man/man3/gnutls_hash_fast.3
>> #usr/share/man/man3/gnutls_hash_get_len.3
>> @@ -349,9 +357,13 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_hex_decode2.3
>> #usr/share/man/man3/gnutls_hex_encode.3
>> #usr/share/man/man3/gnutls_hex_encode2.3
>> +#usr/share/man/man3/gnutls_hkdf_expand.3
>> +#usr/share/man/man3/gnutls_hkdf_extract.3
>> #usr/share/man/man3/gnutls_hmac.3
>> +#usr/share/man/man3/gnutls_hmac_copy.3
>> #usr/share/man/man3/gnutls_hmac_deinit.3
>> #usr/share/man/man3/gnutls_hmac_fast.3
>> +#usr/share/man/man3/gnutls_hmac_get_key_size.3
>> #usr/share/man/man3/gnutls_hmac_get_len.3
>> #usr/share/man/man3/gnutls_hmac_init.3
>> #usr/share/man/man3/gnutls_hmac_output.3
>> @@ -425,6 +437,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_openpgp_send_cert.3
>> #usr/share/man/man3/gnutls_packet_deinit.3
>> #usr/share/man/man3/gnutls_packet_get.3
>> +#usr/share/man/man3/gnutls_pbkdf2.3
>> #usr/share/man/man3/gnutls_pcert_deinit.3
>> #usr/share/man/man3/gnutls_pcert_export_openpgp.3
>> #usr/share/man/man3/gnutls_pcert_export_x509.3
>> @@ -557,6 +570,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_pkcs7_import.3
>> #usr/share/man/man3/gnutls_pkcs7_init.3
>> #usr/share/man/man3/gnutls_pkcs7_print.3
>> +#usr/share/man/man3/gnutls_pkcs7_print_signature_info.3
>> #usr/share/man/man3/gnutls_pkcs7_set_crl.3
>> #usr/share/man/man3/gnutls_pkcs7_set_crl_raw.3
>> #usr/share/man/man3/gnutls_pkcs7_set_crt.3
>> @@ -569,6 +583,8 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_pkcs_schema_get_name.3
>> #usr/share/man/man3/gnutls_pkcs_schema_get_oid.3
>> #usr/share/man/man3/gnutls_prf.3
>> +#usr/share/man/man3/gnutls_prf_early.3
>> +#usr/share/man/man3/gnutls_prf_hash_get.3
>> #usr/share/man/man3/gnutls_prf_raw.3
>> #usr/share/man/man3/gnutls_prf_rfc5705.3
>> #usr/share/man/man3/gnutls_priority_certificate_type_list.3
>> @@ -645,11 +661,15 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_psk_free_client_credentials.3
>> #usr/share/man/man3/gnutls_psk_free_server_credentials.3
>> #usr/share/man/man3/gnutls_psk_server_get_username.3
>> +#usr/share/man/man3/gnutls_psk_server_get_username2.3
>> #usr/share/man/man3/gnutls_psk_set_client_credentials.3
>> +#usr/share/man/man3/gnutls_psk_set_client_credentials2.3
>> #usr/share/man/man3/gnutls_psk_set_client_credentials_function.3
>> +#usr/share/man/man3/gnutls_psk_set_client_credentials_function2.3
>> #usr/share/man/man3/gnutls_psk_set_params_function.3
>> #usr/share/man/man3/gnutls_psk_set_server_credentials_file.3
>> #usr/share/man/man3/gnutls_psk_set_server_credentials_function.3
>> +#usr/share/man/man3/gnutls_psk_set_server_credentials_function2.3
>> #usr/share/man/man3/gnutls_psk_set_server_credentials_hint.3
>> #usr/share/man/man3/gnutls_psk_set_server_dh_params.3
>> #usr/share/man/man3/gnutls_psk_set_server_known_dh_params.3
>> @@ -720,6 +740,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_record_send_early_data.3
>> #usr/share/man/man3/gnutls_record_send_range.3
>> #usr/share/man/man3/gnutls_record_set_max_early_data_size.3
>> +#usr/share/man/man3/gnutls_record_set_max_recv_size.3
>> #usr/share/man/man3/gnutls_record_set_max_size.3
>> #usr/share/man/man3/gnutls_record_set_state.3
>> #usr/share/man/man3/gnutls_record_set_timeout.3
>> @@ -746,6 +767,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_session_get_flags.3
>> #usr/share/man/man3/gnutls_session_get_id.3
>> #usr/share/man/man3/gnutls_session_get_id2.3
>> +#usr/share/man/man3/gnutls_session_get_keylog_function.3
>> #usr/share/man/man3/gnutls_session_get_master_secret.3
>> #usr/share/man/man3/gnutls_session_get_ptr.3
>> #usr/share/man/man3/gnutls_session_get_random.3
>> @@ -755,6 +777,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>> #usr/share/man/man3/gnutls_session_resumption_requested.3
>> #usr/share/man/man3/gnutls_session_set_data.3
>> #usr/share/man/man3/gnutls_session_set_id.3
>> +#usr/share/man/man3/gnutls_session_set_keylog_function.3
>> #usr/share/man/man3/gnutls_session_set_premaster.3
>> #usr/share/man/man3/gnutls_session_set_ptr.3
>> #usr/share/man/man3/gnutls_session_set_verify_cert.3
>> diff --git a/lfs/gnutls b/lfs/gnutls
>> index 6d24800b8..07344a8c4 100644
>> --- a/lfs/gnutls
>> +++ b/lfs/gnutls
>> @@ -1,7 +1,7 @@
>> ###############################################################################
>> # #
>> # IPFire.org - A linux based firewall #
>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
>> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
>> # #
>> # This program is free software: you can redistribute it and/or modify #
>> # it under the terms of the GNU General Public License as published by #
>> @@ -24,11 +24,10 @@
>>
>> include Config
>>
>> -VER = 3.6.7
>> -SUBVER = .1
>> +VER = 3.6.14
>>
>> THISAPP = gnutls-$(VER)
>> -DL_FILE = $(THISAPP)$(SUBVER).tar.xz
>> +DL_FILE = $(THISAPP).tar.xz
>> DL_FROM = $(URL_IPFIRE)
>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>> @@ -41,7 +40,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_MD5 = 92a8049e618afa60e2c852da1884c457
>> +$(DL_FILE)_MD5 = bf70632d420e421baff482247f01dbfe
>>
>> install : $(TARGET)
>>
>> --
>> 2.17.1
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] gnutls: Update to 3.6.14
2020-06-11 10:09 ` Matthias Fischer
@ 2020-06-11 12:15 ` Michael Tremer
0 siblings, 0 replies; 6+ messages in thread
From: Michael Tremer @ 2020-06-11 12:15 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 12533 bytes --]
Hi,
> On 11 Jun 2020, at 11:09, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>
> Hi,
>
> On 11.06.2020 10:44, Michael Tremer wrote:
>> Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
>>
>> Looks good.
>>
>> Did you check if there is a new version of gcrypt? That kind of is part of this group, too.
>
> Software is buggy => evil... *sigh* ;-)
>
> I did take a look.
>
> I found:
>
> libgcrypt => 1.8.5
> libgpg-error => 1.38
> libassuan => 2.5.3
> gnupg => 2.2.0
>
> Could you also please take a look at:
>
> https://patchwork.ipfire.org/patch/3196/
>
> or
>
> https://patchwork.ipfire.org/patch/3198/
>
> and
>
> https://patchwork.ipfire.org/patch/3199/
I have received them all. They are also on the list:
https://lists.ipfire.org/pipermail/development/2020-June/007914.html
https://lists.ipfire.org/pipermail/development/2020-June/007913.html
It is just that you might not have received a copy of them because t-online.de is bouncing emails to you all day long. I hope you will read this.
Maybe change to a mailbox hosted on our servers?
-Michael
>
> Somehow these patches (gmp => 6.2.0 + fix for lfs) didn't make it to the
> list. Blacklisted because of URL!?
>
> Best,
> Matthias
>
>> -Michael
>>
>>> On 10 Jun 2020, at 23:08, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>>>
>>> For details see:
>>> https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
>>>
>>> "** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
>>> The TLS server would not bind the session ticket encryption key with a
>>> value supplied by the application until the initial key rotation, allowing
>>> attacker to bypass authentication in TLS 1.3 and recover previous
>>> conversations in TLS 1.2 (#1011).
>>> [GNUTLS-SA-2020-06-03, CVSS: high]
>>>
>>> ** libgnutls: Fixed handling of certificate chain with cross-signed
>>> intermediate CA certificates (#1008).
>>>
>>> ** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
>>>
>>> ** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
>>> (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
>>> Key Identifier (AKI) properly (#989, #991).
>>>
>>> ** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
>>>
>>> ** libgnutls: Added several improvements on Windows Vista and later releases
>>> (!1257, !1254, !1256). Most notably the system random number generator now
>>> uses Windows BCrypt* API if available (!1255).
>>>
>>> ** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
>>> Also both accelerated and non-accelerated implementations check key block
>>> according to FIPS-140-2 IG A.9 (!1233).
>>>
>>> ** libgnutls: Added support for AES-SIV ciphers (#463).
>>>
>>> ** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
>>>
>>> ** libgnutls: No longer use internal symbols exported from Nettle (!1235)
>>>
>>> ** API and ABI modifications:
>>> GNUTLS_CIPHER_AES_128_SIV: Added
>>> GNUTLS_CIPHER_AES_256_SIV: Added
>>> GNUTLS_CIPHER_AES_192_GCM: Added
>>> gnutls_pkcs7_print_signature_info: Added"
>>>
>>> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
>>> ---
>>> config/rootfiles/common/gnutls | 25 ++++++++++++++++++++++++-
>>> lfs/gnutls | 9 ++++-----
>>> 2 files changed, 28 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls
>>> index b8adaa9d9..cb7ecf8e5 100644
>>> --- a/config/rootfiles/common/gnutls
>>> +++ b/config/rootfiles/common/gnutls
>>> @@ -33,7 +33,7 @@ usr/lib/libgnutls-dane.so.0.4.1
>>> #usr/lib/libgnutls.la
>>> #usr/lib/libgnutls.so
>>> usr/lib/libgnutls.so.30
>>> -usr/lib/libgnutls.so.30.23.2
>>> +usr/lib/libgnutls.so.30.28.0
>>> #usr/lib/libgnutlsxx.la
>>> #usr/lib/libgnutlsxx.so
>>> usr/lib/libgnutlsxx.so.28
>>> @@ -113,9 +113,11 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/dane_verify_crt_raw.3
>>> #usr/share/man/man3/dane_verify_session_crt.3
>>> #usr/share/man/man3/gnutls_aead_cipher_decrypt.3
>>> +#usr/share/man/man3/gnutls_aead_cipher_decryptv2.3
>>> #usr/share/man/man3/gnutls_aead_cipher_deinit.3
>>> #usr/share/man/man3/gnutls_aead_cipher_encrypt.3
>>> #usr/share/man/man3/gnutls_aead_cipher_encryptv.3
>>> +#usr/share/man/man3/gnutls_aead_cipher_encryptv2.3
>>> #usr/share/man/man3/gnutls_aead_cipher_init.3
>>> #usr/share/man/man3/gnutls_alert_get.3
>>> #usr/share/man/man3/gnutls_alert_get_name.3
>>> @@ -206,6 +208,8 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_certificate_type_get_id.3
>>> #usr/share/man/man3/gnutls_certificate_type_get_name.3
>>> #usr/share/man/man3/gnutls_certificate_type_list.3
>>> +#usr/share/man/man3/gnutls_certificate_verification_profile_get_id.3
>>> +#usr/share/man/man3/gnutls_certificate_verification_profile_get_name.3
>>> #usr/share/man/man3/gnutls_certificate_verification_status_print.3
>>> #usr/share/man/man3/gnutls_certificate_verify_peers.3
>>> #usr/share/man/man3/gnutls_certificate_verify_peers2.3
>>> @@ -271,6 +275,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_dh_params_import_pkcs3.3
>>> #usr/share/man/man3/gnutls_dh_params_import_raw.3
>>> #usr/share/man/man3/gnutls_dh_params_import_raw2.3
>>> +#usr/share/man/man3/gnutls_dh_params_import_raw3.3
>>> #usr/share/man/man3/gnutls_dh_params_init.3
>>> #usr/share/man/man3/gnutls_dh_set_prime_bits.3
>>> #usr/share/man/man3/gnutls_digest_get_id.3
>>> @@ -302,12 +307,14 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_ext_get_current_msg.3
>>> #usr/share/man/man3/gnutls_ext_get_data.3
>>> #usr/share/man/man3/gnutls_ext_get_name.3
>>> +#usr/share/man/man3/gnutls_ext_get_name2.3
>>> #usr/share/man/man3/gnutls_ext_raw_parse.3
>>> #usr/share/man/man3/gnutls_ext_register.3
>>> #usr/share/man/man3/gnutls_ext_set_data.3
>>> #usr/share/man/man3/gnutls_fingerprint.3
>>> #usr/share/man/man3/gnutls_fips140_mode_enabled.3
>>> #usr/share/man/man3/gnutls_fips140_set_mode.3
>>> +#usr/share/man/man3/gnutls_get_system_config_file.3
>>> #usr/share/man/man3/gnutls_global_deinit.3
>>> #usr/share/man/man3/gnutls_global_init.3
>>> #usr/share/man/man3/gnutls_global_set_audit_log_function.3
>>> @@ -333,6 +340,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_handshake_set_random.3
>>> #usr/share/man/man3/gnutls_handshake_set_timeout.3
>>> #usr/share/man/man3/gnutls_hash.3
>>> +#usr/share/man/man3/gnutls_hash_copy.3
>>> #usr/share/man/man3/gnutls_hash_deinit.3
>>> #usr/share/man/man3/gnutls_hash_fast.3
>>> #usr/share/man/man3/gnutls_hash_get_len.3
>>> @@ -349,9 +357,13 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_hex_decode2.3
>>> #usr/share/man/man3/gnutls_hex_encode.3
>>> #usr/share/man/man3/gnutls_hex_encode2.3
>>> +#usr/share/man/man3/gnutls_hkdf_expand.3
>>> +#usr/share/man/man3/gnutls_hkdf_extract.3
>>> #usr/share/man/man3/gnutls_hmac.3
>>> +#usr/share/man/man3/gnutls_hmac_copy.3
>>> #usr/share/man/man3/gnutls_hmac_deinit.3
>>> #usr/share/man/man3/gnutls_hmac_fast.3
>>> +#usr/share/man/man3/gnutls_hmac_get_key_size.3
>>> #usr/share/man/man3/gnutls_hmac_get_len.3
>>> #usr/share/man/man3/gnutls_hmac_init.3
>>> #usr/share/man/man3/gnutls_hmac_output.3
>>> @@ -425,6 +437,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_openpgp_send_cert.3
>>> #usr/share/man/man3/gnutls_packet_deinit.3
>>> #usr/share/man/man3/gnutls_packet_get.3
>>> +#usr/share/man/man3/gnutls_pbkdf2.3
>>> #usr/share/man/man3/gnutls_pcert_deinit.3
>>> #usr/share/man/man3/gnutls_pcert_export_openpgp.3
>>> #usr/share/man/man3/gnutls_pcert_export_x509.3
>>> @@ -557,6 +570,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_pkcs7_import.3
>>> #usr/share/man/man3/gnutls_pkcs7_init.3
>>> #usr/share/man/man3/gnutls_pkcs7_print.3
>>> +#usr/share/man/man3/gnutls_pkcs7_print_signature_info.3
>>> #usr/share/man/man3/gnutls_pkcs7_set_crl.3
>>> #usr/share/man/man3/gnutls_pkcs7_set_crl_raw.3
>>> #usr/share/man/man3/gnutls_pkcs7_set_crt.3
>>> @@ -569,6 +583,8 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_pkcs_schema_get_name.3
>>> #usr/share/man/man3/gnutls_pkcs_schema_get_oid.3
>>> #usr/share/man/man3/gnutls_prf.3
>>> +#usr/share/man/man3/gnutls_prf_early.3
>>> +#usr/share/man/man3/gnutls_prf_hash_get.3
>>> #usr/share/man/man3/gnutls_prf_raw.3
>>> #usr/share/man/man3/gnutls_prf_rfc5705.3
>>> #usr/share/man/man3/gnutls_priority_certificate_type_list.3
>>> @@ -645,11 +661,15 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_psk_free_client_credentials.3
>>> #usr/share/man/man3/gnutls_psk_free_server_credentials.3
>>> #usr/share/man/man3/gnutls_psk_server_get_username.3
>>> +#usr/share/man/man3/gnutls_psk_server_get_username2.3
>>> #usr/share/man/man3/gnutls_psk_set_client_credentials.3
>>> +#usr/share/man/man3/gnutls_psk_set_client_credentials2.3
>>> #usr/share/man/man3/gnutls_psk_set_client_credentials_function.3
>>> +#usr/share/man/man3/gnutls_psk_set_client_credentials_function2.3
>>> #usr/share/man/man3/gnutls_psk_set_params_function.3
>>> #usr/share/man/man3/gnutls_psk_set_server_credentials_file.3
>>> #usr/share/man/man3/gnutls_psk_set_server_credentials_function.3
>>> +#usr/share/man/man3/gnutls_psk_set_server_credentials_function2.3
>>> #usr/share/man/man3/gnutls_psk_set_server_credentials_hint.3
>>> #usr/share/man/man3/gnutls_psk_set_server_dh_params.3
>>> #usr/share/man/man3/gnutls_psk_set_server_known_dh_params.3
>>> @@ -720,6 +740,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_record_send_early_data.3
>>> #usr/share/man/man3/gnutls_record_send_range.3
>>> #usr/share/man/man3/gnutls_record_set_max_early_data_size.3
>>> +#usr/share/man/man3/gnutls_record_set_max_recv_size.3
>>> #usr/share/man/man3/gnutls_record_set_max_size.3
>>> #usr/share/man/man3/gnutls_record_set_state.3
>>> #usr/share/man/man3/gnutls_record_set_timeout.3
>>> @@ -746,6 +767,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_session_get_flags.3
>>> #usr/share/man/man3/gnutls_session_get_id.3
>>> #usr/share/man/man3/gnutls_session_get_id2.3
>>> +#usr/share/man/man3/gnutls_session_get_keylog_function.3
>>> #usr/share/man/man3/gnutls_session_get_master_secret.3
>>> #usr/share/man/man3/gnutls_session_get_ptr.3
>>> #usr/share/man/man3/gnutls_session_get_random.3
>>> @@ -755,6 +777,7 @@ usr/lib/libgnutlsxx.so.28.1.0
>>> #usr/share/man/man3/gnutls_session_resumption_requested.3
>>> #usr/share/man/man3/gnutls_session_set_data.3
>>> #usr/share/man/man3/gnutls_session_set_id.3
>>> +#usr/share/man/man3/gnutls_session_set_keylog_function.3
>>> #usr/share/man/man3/gnutls_session_set_premaster.3
>>> #usr/share/man/man3/gnutls_session_set_ptr.3
>>> #usr/share/man/man3/gnutls_session_set_verify_cert.3
>>> diff --git a/lfs/gnutls b/lfs/gnutls
>>> index 6d24800b8..07344a8c4 100644
>>> --- a/lfs/gnutls
>>> +++ b/lfs/gnutls
>>> @@ -1,7 +1,7 @@
>>> ###############################################################################
>>> # #
>>> # IPFire.org - A linux based firewall #
>>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
>>> +# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
>>> # #
>>> # This program is free software: you can redistribute it and/or modify #
>>> # it under the terms of the GNU General Public License as published by #
>>> @@ -24,11 +24,10 @@
>>>
>>> include Config
>>>
>>> -VER = 3.6.7
>>> -SUBVER = .1
>>> +VER = 3.6.14
>>>
>>> THISAPP = gnutls-$(VER)
>>> -DL_FILE = $(THISAPP)$(SUBVER).tar.xz
>>> +DL_FILE = $(THISAPP).tar.xz
>>> DL_FROM = $(URL_IPFIRE)
>>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>>> TARGET = $(DIR_INFO)/$(THISAPP)
>>> @@ -41,7 +40,7 @@ objects = $(DL_FILE)
>>>
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>
>>> -$(DL_FILE)_MD5 = 92a8049e618afa60e2c852da1884c457
>>> +$(DL_FILE)_MD5 = bf70632d420e421baff482247f01dbfe
>>>
>>> install : $(TARGET)
>>>
>>> --
>>> 2.17.1
>>>
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-06-11 12:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-10 22:08 [PATCH 1/2] gnutls: Update to 3.6.14 Matthias Fischer
2020-06-10 22:08 ` [PATCH 2/2] gmp: Update to 6.2.0 Matthias Fischer
2020-06-11 8:44 ` Michael Tremer
2020-06-11 8:44 ` [PATCH 1/2] gnutls: Update to 3.6.14 Michael Tremer
2020-06-11 10:09 ` Matthias Fischer
2020-06-11 12:15 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox