From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] gnutls: Update to version 3.7.6 Date: Sat, 09 Jul 2022 09:03:02 +0000 Message-ID: In-Reply-To: <20220708205343.2972564-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7956252509828048540==" List-Id: --===============7956252509828048540== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Peter M=C3=BCller > - Update from version 3.6.16 to 3.7.6 > - Update of rootfile > - find-dependencies run on sobump libs. No dependencies flagged for the old= or new libs > - Changelog > * Version 3.7.6 (released 2022-05-27) > ** libgnutls: Fixed invalid write when gnutls_realloc_zero() > is called with new_size < old_size. This bug caused heap > corruption when gnutls_realloc_zero() has been set as gmp > reallocfunc (!1592, #1367, #1368, #1369). > ** API and ABI modifications: > No changes since last version. > * Version 3.7.5 (released 2022-05-15) > ** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 prior= ity > modifier have been added to disable session ticket usage in TLS 1.2 bec= ause > it does not provide forward secrecy (#477). On the other hand, since s= ession > tickets in TLS 1.3 do provide forward secrecy, the PFS priority string = now > only disables session tickets in TLS 1.2. Future backward incompatibil= ity: > in the next major release of GnuTLS, we plan to remove those flag and > modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.= 2. > ** gnutls-cli, gnutls-serv: Channel binding for printing information > has been changed from tls-unique to tls-exporter as tls-unique is > not supported in TLS 1.3. > ** libgnutls: Certificate sanity checks has been enhanced to make > gnutls more RFC 5280 compliant (!1583). > Following changes were included: > - critical extensions are parsed when loading x509 > certificate to prohibit any random octet strings. > Requires strict-x509 configure option to be enabled > - garbage bits in Key Usage extension are prohibited > - empty DirectoryStrings in Distinguished name structures > of Issuer and Subject name are prohibited > ** libgnutls: Removed 3DES from FIPS approved algorithms (#1353). > According to the section 2 of SP800-131A Rev.2, 3DES algorithm > will be disallowed for encryption after December 31, 2023: > https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final > ** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312). > The existing AEAD API that works in a scatter-gather fashion > (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMA= C. > For further optimization, new function (gnutls_aead_cipher_set_key) has= been > added to set key on the existing AEAD handle without re-allocation. > ** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode > when used in TLS (#1311). > ** The configure arguments for Brotli and Zstandard (zstd) support > have changed to reflect the previous help text: they are now > --with-brotli/--with-zstd respectively (#1342). > ** Detecting the Zstandard (zstd) library in configure has been > fixed (#1343). > ** API and ABI modifications: > GNUTLS_NO_TICKETS_TLS12: New flag > gnutls_aead_cipher_set_key: New function > * Version 3.7.4 (released 2022-03-17) > ** libgnutls: Added support for certificate compression as defined in RFC8= 879 > (#1301). New API functions (gnutls_compress_certificate_get_selected_me= thod > and gnutls_compress_certificate_set_methods) allow client and server to= set > their preferences. > ** certtool: Added option --compress-cert that allows user to specify > compression methods for certificate compression. > ** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configu= re > option to enforce stricter certificate sanity checks that are compliant= with > RFC5280. > ** libgnutls: Removed IA5String type from DirectoryString within issuer > and subject name to make DirectoryString RFC5280 compliant. > ** libgnutls: Added function (gnutls_record_send_file) to send file conten= t from > open file descriptor (!1486). The implementation is optimized if KTLS (= kernel > TLS) is enabled. > ** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name= of > current ciphersuite from TLS session (#1291). > ** libgnutls: The run-time dependency on tpm2-tss is now re-implemented us= ing > dlopen, so GnuTLS does not indirectly link to other crypto libraries un= til > TPM2 functionality is utilized (!1544). > ** API and ABI modifications: > GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member > GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member > gnutls_compress_certificate_get_selected_method: Added > gnutls_compress_certificate_set_methods: Added > gnutls_ciphersuite_get: New function > gnutls_record_send_file: New function > libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1 > * Version 3.7.3 (released 2022-01-17) > ** libgnutls: The allowlisting configuration mode has been added to the sy= stem-wide > settings. In this mode, all the algorithms are initially marked as inse= cure > or disabled, while the applications can re-enable them either through t= he > [overrides] section of the configuration file or the new API (#1172). > ** The build infrastructure no longer depends on GNU AutoGen for generating > command-line option handling, template file parsing in certtool, and > documentation generation (#773, #774). This change also removes run-tim= e or > bundled dependency on the libopts library, and requires Python 3.6 or l= ater > to regenerate the distribution tarball. > Note that this brings in known backward incompatibility in command-line > tools, such as long options are now case sensitive, while previously th= ey > were treated in a case insensitive manner: for example --RSA is no long= er a > valid option of certtool. The existing scripts using GnuTLS tools may n= eed > adjustment for this change. > ** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded a= nd > used as a gnutls_privkey_t (#594). The code was originally written for = the > OpenConnect VPN project by David Woodhouse. To generate such blobs, use= the > tpm2tss-genkey tool from tpm2-tss-engine: > https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations > or the tpm2_encodeobject tool from unreleased tpm2-tools. > ** libgnutls: The library now transparently enables Linux KTLS > (kernel TLS) when the feature is compiled in with --enable-ktls configu= ration > option (#1113). If the KTLS initialization fails it automatically falls= back > to the user space implementation. > ** certtool: The certtool command can now read the Certificate Transparency > (RFC 6962) SCT extension (#232). New API functions are also provided to > access and manipulate the extension values. > ** certtool: The certtool command can now generate, manipulate, and evalua= te > x25519 and x448 public keys, private keys, and certificates. > ** libgnutls: Disabling a hashing algorithm through "insecure-hash" > configuration directive now also disables TLS ciphersuites that use it = as a > PRF algorithm. > ** libgnutls: PKCS#12 files are now created with modern algorithms by defa= ult > (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation = and > HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC w= ith > PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the > default PBKDF2 iteration count has been increased to 600000. > ** libgnutls: PKCS#12 keys derived using GOST algorithm now uses > HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrit= y, to > conform with the latest TC-26 requirements (#1225). > ** libgnutls: The library now provides a means to report the status of app= roved > cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C.,= this > complements the existing mechanism to prohibit the use of unapproved > algorithms by making the library unusable state. > ** gnutls-cli: The gnutls-cli command now provides a --list-config option = to > print the library configuration (!1508). > ** libgnutls: Fixed possible race condition in > gnutls_x509_trust_list_verify_crt2 when a single trust list object is s= hared > among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] > ** API and ABI modifications: > GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_= flags_t > GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_ve= rify_flags > gnutls_ecc_curve_set_enabled: Added. > gnutls_sign_set_secure: Added. > gnutls_sign_set_secure_for_certs: Added. > gnutls_digest_set_secure: Added. > gnutls_protocol_set_enabled: Added. > gnutls_fips140_context_init: New function > gnutls_fips140_context_deinit: New function > gnutls_fips140_push_context: New function > gnutls_fips140_pop_context: New function > gnutls_fips140_get_operation_state: New function > gnutls_fips140_operation_state_t: New enum > gnutls_transport_is_ktls_enabled: New function > gnutls_get_library_configuration: New function > * Version 3.7.2 (released 2021-05-29) > ** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was ad= ded > to disable TLS 1.3 middlebox compatibility mode > ** libgnutls: The Linux kernel AF_ALG based acceleration has been added. > This can be enabled with --enable-afalg configure option, when libkcapi > package is installed (#308). > ** libgnutls: Fixed timing of early data exchange. Previously, the client = was > sending early data after receiving Server Hello, which not only negates= the > benefit of 0-RTT, but also works under certain assumptions hold (e.g., = the > same ciphersuite is selected in initial and resumption handshake) (#114= 6). > ** certtool: When signing a CSR, CRL distribution point (CDP) is no longer > copied from the signing CA by default (#1126). > ** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to > GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is n= ow > deprecated and will be removed in the future releases. > ** certtool: When producing certificates and certificate requests, subject= DN > components that are provided individually will now be ordered by > assumed scale (e.g. Country before State, Organization before > OrganizationalUnit). This change also affects the order in which > certtool prompts interactively. Please rely on the template > mechanism for automated use of certtool! (#1243) > ** API and ABI modifications: > gnutls_early_cipher_get: Added > gnutls_early_prf_hash_get: Added > ** guile: Writes to a session record port no longer throw an exception upon > GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. > * Version 3.7.1 (released 2021-03-10) > ** libgnutls: Fixed potential use-after-free in sending "key_share" > and "pre_shared_key" extensions. When sending those extensions, the > client may dereference a pointer no longer valid after > realloc. This happens only when the client sends a large Client > Hello message, e.g., when HRR is sent in a resumed session > previously negotiated large FFDHE parameters, because the initial > allocation of the buffer is large enough without having to call > realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] > ** libgnutls: Fixed a regression in handling duplicated certs in a > chain (#1131). > ** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox > compatibiltiy mode. In that mode the client shall always send a > non-zero session ID to make the handshake resemble the TLS 1.2 > resumption; this was not true in the previous versions (#1074). > ** libgnutls: W32 performance improvement with a new sendmsg()-like > transport implementation (!1377). > ** libgnutls: Removed dependency on the external 'fipscheck' package, > when compiled with --enable-fips140-mode (#1101). > ** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). > ** API and ABI modifications: > No changes since last version. > * Version 3.7.0 (released 2020-12-02) > ** libgnutls: Depend on nettle 3.6 (!1322). > ** libgnutls: Added a new API that provides a callback function to > retrieve missing certificates from incomplete certificate chains > (#202, #968, #1100). > ** libgnutls: Added a new API that provides a callback function to > output the complete path to the trusted root during certificate > chain verification (#1012). > ** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the > terminating null bytes, while the data field is null terminated. > The affected API functions are: gnutls_ocsp_req_get_extension, > gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension > (#805). > ** libgnutls: Added a new set of API to enable QUIC implementation (#826, = #849, > #850). > ** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 = are > now no-op (#790). > ** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161). > ** libgnutls: Support for padlock has been fixed to make it work with Zhao= xin > CPU (#1079). > ** libgnutls: The maximum PIN length for PKCS #11 has been increased from = 31 > bytes to 255 bytes (#932). > ** API and ABI modifications: > gnutls_x509_trust_list_set_getissuer_function: Added > gnutls_x509_trust_list_get_ptr: Added > gnutls_x509_trust_list_set_ptr: Added > gnutls_session_set_verify_output_function: Added > gnutls_record_encryption_level_t: New enum > gnutls_handshake_read_func: New callback type > gnutls_handshake_set_read_function: New function > gnutls_handshake_write: New function > gnutls_handshake_secret_func: New callback type > gnutls_handshake_set_secret_function: New function > gnutls_alert_read_func: New callback type > gnutls_alert_set_read_function: New function > gnutls_crypto_register_cipher: Deprecated; no-op > gnutls_crypto_register_aead_cipher: Deprecated; no-op > gnutls_crypto_register_mac: Deprecated; no-op > gnutls_crypto_register_digest: Deprecated; no-op >=20 > Signed-off-by: Adolf Belka > --- > config/rootfiles/common/gnutls | 42 +++++++++++++++++++++++++++++++--- > lfs/gnutls | 4 ++-- > 2 files changed, 41 insertions(+), 5 deletions(-) >=20 > diff --git a/config/rootfiles/common/gnutls b/config/rootfiles/common/gnutls > index e59c1a84f..25173efd3 100644 > --- a/config/rootfiles/common/gnutls > +++ b/config/rootfiles/common/gnutls > @@ -33,15 +33,16 @@ usr/lib/libgnutls-dane.so.0.4.1 > #usr/lib/libgnutls.la > #usr/lib/libgnutls.so > usr/lib/libgnutls.so.30 > -usr/lib/libgnutls.so.30.28.2 > +usr/lib/libgnutls.so.30.33.1 > #usr/lib/libgnutlsxx.la > #usr/lib/libgnutlsxx.so > -usr/lib/libgnutlsxx.so.28 > -usr/lib/libgnutlsxx.so.28.1.0 > +usr/lib/libgnutlsxx.so.30 > +usr/lib/libgnutlsxx.so.30.0.0 > #usr/lib/pkgconfig/gnutls-dane.pc > #usr/lib/pkgconfig/gnutls.pc > #usr/share/doc/gnutls > #usr/share/doc/gnutls/gnutls-client-server-use-case.png > +#usr/share/doc/gnutls/gnutls-crypto-layers.png > #usr/share/doc/gnutls/gnutls-handshake-sequence.png > #usr/share/doc/gnutls/gnutls-handshake-state.png > #usr/share/doc/gnutls/gnutls-internals.png > @@ -51,6 +52,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/doc/gnutls/gnutls-x509.png > #usr/share/doc/gnutls/pkcs11-vision.png > #usr/share/info/gnutls-client-server-use-case.png > +#usr/share/info/gnutls-crypto-layers.png > #usr/share/info/gnutls-guile.info > #usr/share/info/gnutls-handshake-sequence.png > #usr/share/info/gnutls-handshake-state.png > @@ -119,11 +121,13 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_aead_cipher_encryptv.3 > #usr/share/man/man3/gnutls_aead_cipher_encryptv2.3 > #usr/share/man/man3/gnutls_aead_cipher_init.3 > +#usr/share/man/man3/gnutls_aead_cipher_set_key.3 > #usr/share/man/man3/gnutls_alert_get.3 > #usr/share/man/man3/gnutls_alert_get_name.3 > #usr/share/man/man3/gnutls_alert_get_strname.3 > #usr/share/man/man3/gnutls_alert_send.3 > #usr/share/man/man3/gnutls_alert_send_appropriate.3 > +#usr/share/man/man3/gnutls_alert_set_read_function.3 > #usr/share/man/man3/gnutls_alpn_get_selected_protocol.3 > #usr/share/man/man3/gnutls_alpn_set_protocols.3 > #usr/share/man/man3/gnutls_anon_allocate_client_credentials.3 > @@ -234,6 +238,9 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_cipher_suite_get_name.3 > #usr/share/man/man3/gnutls_cipher_suite_info.3 > #usr/share/man/man3/gnutls_cipher_tag.3 > +#usr/share/man/man3/gnutls_ciphersuite_get.3 > +#usr/share/man/man3/gnutls_compress_certificate_get_selected_method.3 > +#usr/share/man/man3/gnutls_compress_certificate_set_methods.3 > #usr/share/man/man3/gnutls_compression_get.3 > #usr/share/man/man3/gnutls_compression_get_id.3 > #usr/share/man/man3/gnutls_compression_get_name.3 > @@ -282,6 +289,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_digest_get_name.3 > #usr/share/man/man3/gnutls_digest_get_oid.3 > #usr/share/man/man3/gnutls_digest_list.3 > +#usr/share/man/man3/gnutls_digest_set_secure.3 > #usr/share/man/man3/gnutls_dtls_cookie_send.3 > #usr/share/man/man3/gnutls_dtls_cookie_verify.3 > #usr/share/man/man3/gnutls_dtls_get_data_mtu.3 > @@ -291,6 +299,8 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_dtls_set_data_mtu.3 > #usr/share/man/man3/gnutls_dtls_set_mtu.3 > #usr/share/man/man3/gnutls_dtls_set_timeouts.3 > +#usr/share/man/man3/gnutls_early_cipher_get.3 > +#usr/share/man/man3/gnutls_early_prf_hash_get.3 > #usr/share/man/man3/gnutls_ecc_curve_get.3 > #usr/share/man/man3/gnutls_ecc_curve_get_id.3 > #usr/share/man/man3/gnutls_ecc_curve_get_name.3 > @@ -298,6 +308,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_ecc_curve_get_pk.3 > #usr/share/man/man3/gnutls_ecc_curve_get_size.3 > #usr/share/man/man3/gnutls_ecc_curve_list.3 > +#usr/share/man/man3/gnutls_ecc_curve_set_enabled.3 > #usr/share/man/man3/gnutls_encode_ber_digest_info.3 > #usr/share/man/man3/gnutls_encode_gost_rs_value.3 > #usr/share/man/man3/gnutls_encode_rs_value.3 > @@ -312,8 +323,14 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_ext_register.3 > #usr/share/man/man3/gnutls_ext_set_data.3 > #usr/share/man/man3/gnutls_fingerprint.3 > +#usr/share/man/man3/gnutls_fips140_context_deinit.3 > +#usr/share/man/man3/gnutls_fips140_context_init.3 > +#usr/share/man/man3/gnutls_fips140_get_operation_state.3 > #usr/share/man/man3/gnutls_fips140_mode_enabled.3 > +#usr/share/man/man3/gnutls_fips140_pop_context.3 > +#usr/share/man/man3/gnutls_fips140_push_context.3 > #usr/share/man/man3/gnutls_fips140_set_mode.3 > +#usr/share/man/man3/gnutls_get_library_config.3 > #usr/share/man/man3/gnutls_get_system_config_file.3 > #usr/share/man/man3/gnutls_global_deinit.3 > #usr/share/man/man3/gnutls_global_init.3 > @@ -338,7 +355,10 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_handshake_set_post_client_hello_function.3 > #usr/share/man/man3/gnutls_handshake_set_private_extensions.3 > #usr/share/man/man3/gnutls_handshake_set_random.3 > +#usr/share/man/man3/gnutls_handshake_set_read_function.3 > +#usr/share/man/man3/gnutls_handshake_set_secret_function.3 > #usr/share/man/man3/gnutls_handshake_set_timeout.3 > +#usr/share/man/man3/gnutls_handshake_write.3 > #usr/share/man/man3/gnutls_hash.3 > #usr/share/man/man3/gnutls_hash_copy.3 > #usr/share/man/man3/gnutls_hash_deinit.3 > @@ -655,6 +675,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_protocol_get_name.3 > #usr/share/man/man3/gnutls_protocol_get_version.3 > #usr/share/man/man3/gnutls_protocol_list.3 > +#usr/share/man/man3/gnutls_protocol_set_enabled.3 > #usr/share/man/man3/gnutls_psk_allocate_client_credentials.3 > #usr/share/man/man3/gnutls_psk_allocate_server_credentials.3 > #usr/share/man/man3/gnutls_psk_client_get_hint.3 > @@ -738,6 +759,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_record_send.3 > #usr/share/man/man3/gnutls_record_send2.3 > #usr/share/man/man3/gnutls_record_send_early_data.3 > +#usr/share/man/man3/gnutls_record_send_file.3 > #usr/share/man/man3/gnutls_record_send_range.3 > #usr/share/man/man3/gnutls_record_set_max_early_data_size.3 > #usr/share/man/man3/gnutls_record_set_max_recv_size.3 > @@ -783,6 +805,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_session_set_verify_cert.3 > #usr/share/man/man3/gnutls_session_set_verify_cert2.3 > #usr/share/man/man3/gnutls_session_set_verify_function.3 > +#usr/share/man/man3/gnutls_session_set_verify_output_function.3 > #usr/share/man/man3/gnutls_session_supplemental_register.3 > #usr/share/man/man3/gnutls_session_ticket_enable_client.3 > #usr/share/man/man3/gnutls_session_ticket_enable_server.3 > @@ -801,6 +824,8 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_sign_is_secure.3 > #usr/share/man/man3/gnutls_sign_is_secure2.3 > #usr/share/man/man3/gnutls_sign_list.3 > +#usr/share/man/man3/gnutls_sign_set_secure.3 > +#usr/share/man/man3/gnutls_sign_set_secure_for_certs.3 > #usr/share/man/man3/gnutls_sign_supports_pk_algorithm.3 > #usr/share/man/man3/gnutls_srp_allocate_client_credentials.3 > #usr/share/man/man3/gnutls_srp_allocate_server_credentials.3 > @@ -857,6 +882,7 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_transport_get_int2.3 > #usr/share/man/man3/gnutls_transport_get_ptr.3 > #usr/share/man/man3/gnutls_transport_get_ptr2.3 > +#usr/share/man/man3/gnutls_transport_is_ktls_enabled.3 > #usr/share/man/man3/gnutls_transport_set_errno.3 > #usr/share/man/man3/gnutls_transport_set_errno_function.3 > #usr/share/man/man3/gnutls_transport_set_fastopen.3 > @@ -1113,6 +1139,8 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_x509_crt_sign2.3 > #usr/share/man/man3/gnutls_x509_crt_verify.3 > #usr/share/man/man3/gnutls_x509_crt_verify_data2.3 > +#usr/share/man/man3/gnutls_x509_ct_sct_get.3 > +#usr/share/man/man3/gnutls_x509_ct_sct_get_version.3 > #usr/share/man/man3/gnutls_x509_dn_deinit.3 > #usr/share/man/man3/gnutls_x509_dn_export.3 > #usr/share/man/man3/gnutls_x509_dn_export2.3 > @@ -1124,6 +1152,10 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_x509_dn_oid_known.3 > #usr/share/man/man3/gnutls_x509_dn_oid_name.3 > #usr/share/man/man3/gnutls_x509_dn_set_str.3 > +#usr/share/man/man3/gnutls_x509_ext_ct_export_scts.3 > +#usr/share/man/man3/gnutls_x509_ext_ct_import_scts.3 > +#usr/share/man/man3/gnutls_x509_ext_ct_scts_deinit.3 > +#usr/share/man/man3/gnutls_x509_ext_ct_scts_init.3 > #usr/share/man/man3/gnutls_x509_ext_deinit.3 > #usr/share/man/man3/gnutls_x509_ext_export_aia.3 > #usr/share/man/man3/gnutls_x509_ext_export_authority_key_id.3 > @@ -1233,12 +1265,16 @@ usr/lib/libgnutlsxx.so.28.1.0 > #usr/share/man/man3/gnutls_x509_trust_list_get_issuer.3 > #usr/share/man/man3/gnutls_x509_trust_list_get_issuer_by_dn.3 > #usr/share/man/man3/gnutls_x509_trust_list_get_issuer_by_subject_key_id.3 > +#usr/share/man/man3/gnutls_x509_trust_list_get_ptr.3 > #usr/share/man/man3/gnutls_x509_trust_list_init.3 > #usr/share/man/man3/gnutls_x509_trust_list_iter_deinit.3 > #usr/share/man/man3/gnutls_x509_trust_list_iter_get_ca.3 > #usr/share/man/man3/gnutls_x509_trust_list_remove_cas.3 > #usr/share/man/man3/gnutls_x509_trust_list_remove_trust_file.3 > #usr/share/man/man3/gnutls_x509_trust_list_remove_trust_mem.3 > +#usr/share/man/man3/gnutls_x509_trust_list_set_getissuer_function.3 > +#usr/share/man/man3/gnutls_x509_trust_list_set_ptr.3 > #usr/share/man/man3/gnutls_x509_trust_list_verify_crt.3 > #usr/share/man/man3/gnutls_x509_trust_list_verify_crt2.3 > #usr/share/man/man3/gnutls_x509_trust_list_verify_named_crt.3 > + > diff --git a/lfs/gnutls b/lfs/gnutls > index 169c8ce85..9c418890a 100644 > --- a/lfs/gnutls > +++ b/lfs/gnutls > @@ -24,7 +24,7 @@ > =20 > include Config > =20 > -VER =3D 3.6.16 > +VER =3D 3.7.6 > =20 > THISAPP =3D gnutls-$(VER) > DL_FILE =3D $(THISAPP).tar.xz > @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) > =20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > =20 > -$(DL_FILE)_BLAKE2 =3D 2c40e199e4e107a81d22b84305cf27b3ca2a2b5d505a3fbd398d= cfaec0ae30c71cae8a8b290523d3ad8636b2fb6b9da2a496315c20555265c681225b9b6bf6a4 > +$(DL_FILE)_BLAKE2 =3D 9f3cce8dfc0b88f2c42d1d2633417dac649a265407b620b6d159= 67e5210debb99d287ef31d2b9dc37a527ac1e5b9db4c240b98a63293078fbd2e26ac694bf3d3 > =20 > install : $(TARGET) > =20 --===============7956252509828048540==--