Path to this page:
Subject: CVS commit: pkgsrc/security/gnutls
From: Adam Ciarcinski
Date: 2024-11-06 15:51:41
Message id: 20241106145141.8A4E3FC7E@cvs.NetBSD.org
Log Message:
gnutls: updated to 3.8.8
Version 3.8.8 (released 2024-11-05)
** libgnutls: Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key \
exchange in TLS 1.3
The support for post-quantum key exchanges has been extended to
cover the final standard of ML-KEM, following
draft-kwiatkowski-tls-ecdhe-mlkem. The minimum supported version of
liboqs is bumped to 0.11.0.
** libgnutls: All records included in an OCSP response are now checked in TLS
Previously, when multiple records are provided in a single OCSP
response, only the first record was considered; now all those
records are examined until the server certificate matches.
** libgnutls: Handling of malformed compress_certificate extension is now more \
standard compliant
The server behavior of receiving a malformed compress_certificate
extension now more strictly follows RFC 8879; return
illegal_parameter alert instead of bad_certificate, as well as
overlong extension data is properly rejected.
** build: More flexible library linking options for compression libraries, TPM, \
and liboqs support
The configure options, --with-zstd, --with-brotli, --with-zlib,
--with-tpm2, and --with-liboqs now take 4 states:
yes/link/dlopen/no, to specify how the libraries are linked or
loaded.
** API and ABI modifications:
No changes since last version.
Files: