From 516e69d31621007293aa46f6c1052df813085294 Mon Sep 17 00:00:00 2001 From: Alexander Sosedkin Date: Wed, 21 Sep 2022 14:26:55 +0200 Subject: [PATCH 1/2] NEWS: add an entry for allowlisting-relaxing functions restriction Signed-off-by: Alexander Sosedkin --- NEWS | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/NEWS b/NEWS index 4595555829..49a9686c4d 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,16 @@ See the end for copying conditions. master secret extension is negotiated). Otherwise the function now returns error. +** libgnutls: usage the following functions, designed to loosen restrictions + imposed by allowlisting mode of configuration, + has been additionally restricted; + invoking them is now only allowed if system-wide TLS priority string + has not been initialized yet: +gnutls_digest_set_secure +gnutls_sign_set_secure +gnutls_sign_set_secure_for_certs +gnutls_protocol_set_enabled + * Version 3.7.7 (released 2022-07-28) ** libgnutls: Fixed double free during verification of pkcs7 signatures. From c9c67f45231421eafd57cbd9ad231334fb80b778 Mon Sep 17 00:00:00 2001 From: Alexander Sosedkin Date: Wed, 21 Sep 2022 14:56:49 +0200 Subject: [PATCH 2/2] Release 3.7.8 Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes. Signed-off-by: Alexander Sosedkin --- NEWS | 14 ++++++++------ configure.ac | 2 +- m4/hooks.m4 | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index 49a9686c4d..beaa5ebae8 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. -* Version 3.7.8 (unreleased) +* Version 3.7.8 (released 2022-09-27) ** libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, @@ -19,16 +19,18 @@ See the end for copying conditions. master secret extension is negotiated). Otherwise the function now returns error. -** libgnutls: usage the following functions, designed to loosen restrictions - imposed by allowlisting mode of configuration, - has been additionally restricted; - invoking them is now only allowed if system-wide TLS priority string - has not been initialized yet: +** libgnutls: usage of the following functions, which are designed to + loosen restrictions imposed by allowlisting mode of configuration, + has been additionally restricted. Invoking them is now only allowed + if system-wide TLS priority string has not been initialized yet: gnutls_digest_set_secure gnutls_sign_set_secure gnutls_sign_set_secure_for_certs gnutls_protocol_set_enabled +** API and ABI modifications: +No changes since last version. + * Version 3.7.7 (released 2022-07-28) ** libgnutls: Fixed double free during verification of pkcs7 signatures. diff --git a/configure.ac b/configure.ac index 96894b0be3..e78bcc1698 100644 --- a/configure.ac +++ b/configure.ac @@ -23,7 +23,7 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.64) dnl when updating version also update LT_REVISION in m4/hooks.m4 -AC_INIT([GnuTLS], [3.7.7], [bugs@gnutls.org]) +AC_INIT([GnuTLS], [3.7.8], [bugs@gnutls.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 lib/unistring/m4]) AC_CANONICAL_HOST diff --git a/m4/hooks.m4 b/m4/hooks.m4 index c32b3bc380..f3cdaa8586 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -41,7 +41,7 @@ AC_DEFUN([LIBGNUTLS_HOOKS], # # Interfaces removed: AGE=0 (+bump all symbol versions in .map) AC_SUBST(LT_CURRENT, 64) - AC_SUBST(LT_REVISION, 1) + AC_SUBST(LT_REVISION, 2) AC_SUBST(LT_AGE, 34) AC_SUBST(LT_SSL_CURRENT, 27)