Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Feb 9 09:39:41 2023 +0100

    Release 3.7.9
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Jan 3 09:06:01 2023 +0100

    Update year of copyright notices in doc/gnutls.texi
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Hubert Kario <hkario@redhat.com>
Date:   Wed Feb 8 14:43:45 2023 +0100

    document the CVE fix
    
    Signed-off-by: Hubert Kario <hkario@redhat.com>

Author: Hubert Kario <hkario@redhat.com>
Date:   Wed Feb 8 14:32:09 2023 +0100

    rsa: remove dead code
    
    since the `ok` variable isn't used any more, we can remove all code
    used to calculate it
    
    Signed-off-by: Hubert Kario <hkario@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 9 16:05:53 2022 +0200

    auth/rsa: side-step potential side-channel
    
    Remove branching that depends on secret data.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
    Signed-off-by: Hubert Kario <hkario@redhat.com>
    Tested-by: Hubert Kario <hkario@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 21 14:56:49 2022 +0200

    Release 3.7.8
    
    Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Sep 21 14:26:55 2022 +0200

    NEWS: add an entry for allowlisting-relaxing functions restriction
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Sep 19 07:40:01 2022 +0900

    accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_s
    
    If the LD doesn't have support for version scripts,
    _gnutls_x86_cpuid_s is exported through libtool's
    --export-symbols-regex and that causes link error with clang:
    
      libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib
      /Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib
      __gnutls_x86_cpuid_s
      make[4]: *** [libgnutls.la] Error 1
    
    This patch renames _gnutls_x86_cpuid_s to GNUTLS_x86_cpuid_s to avoid
    the issue.
    
    Problem investigated and fix suggested by Clemens Lang in:
    https://gitlab.com/gnutls/gnutls/-/issues/1370#note_967832583
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Sep 18 17:38:46 2022 +0900

    compress-cert: support compression of client certificates
    
    Previously the compress_certificate extension was sent by the server
    as part of ServerHello, which violates RFC 8879.  This patch instead
    send it as an extension of CertificateRequest.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Sep 9 13:32:16 2022 +0200

    Report system config file location via gnutls-cli
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Aug 20 11:06:07 2022 +0900

    src: request tls-exporter only when unique master secrets are used
    
    This is to comply with RFC9266 4.2.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 29 06:41:46 2022 +0900

    gnutls_session_channel_binding: perform check on "tls-exporter"
    
    According to RFC9622 4.2, the "tls-exporter" channel binding is only
    usable when the handshake is bound to a unique master secret.  This
    adds a check whether either TLS 1.3 or extended master secret
    extension is negotiated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Aug 20 10:58:23 2022 +0900

    doc: mention GNUTLS_CB_TLS_EXPORTER
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Doug Nazar <nazard@nazar.ca>
Date:   Tue Aug 16 01:47:49 2022 -0400

    cipher: Ensure correct alignment
    
    Unsigned math is required to calculate the current alignment.
    
    Signed-off-by: Doug Nazar <nazard@nazar.ca>

Author: Tobias Heider <tobias.heider@canonical.com>
Date:   Tue Aug 23 13:47:38 2022 +0200

    Unload custom allocators in gnutls_crypto_deinit()
    
    Closes #1398
    
    Signed-off-by: Tobias Heider <tobias.heider@canonical.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 15 09:39:18 2022 +0900

    accelerated: clear AVX bits if it cannot be queried through XSAVE
    
    The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
    Architectures Software Developer’s Manual".
    
    GnuTLS previously only followed that algorithm when registering the
    crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
    that the extension bits are propagated to _gnutls_x86_cpuid_s.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 18 09:01:20 2022 +0900

    srptool: resurrect default value for -i
    
    The default option value for -i (--index) was dropped during the
    cligen conversion.  This adds it back for compatibility with the
    existing command line usage.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 18 09:00:44 2022 +0900

    cligen: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 16 10:34:05 2022 +0200

    tests: add fips-rsa-sizes
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 16 14:36:48 2022 +0100

    update documentation on allowlisting API
    
    (in a separate commit so that it's easier to compare)
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 16 14:28:18 2022 +0100

    plumb allowlisting API through the config, restrict usage to early times
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Martin Storsjo <martin@martin.st>
Date:   Mon Aug 15 23:50:16 2022 +0300

    windows: Avoid -Wint-conversion errors
    
    Clang 15 made "incompatible pointer to integer conversion" an error
    instead of a plain warning. This fixes errors like these:
    
    system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion]
            HCRYPTHASH hHash = NULL;
                       ^       ~~~~
    
    Signed-off-by: Martin Storsjo <martin@martin.st>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Feb 15 16:26:52 2022 +0100

    lib/priority: extract parts of cfg_apply into cfg_*_set_array*
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 14 18:00:25 2022 +0100

    lib/priority: move sigalgs filtering to set_ciphersuite_list
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Aug 3 16:39:47 2022 +0900

    nettle: mark RSA SigVer operation approved for known modulus sizes
    
    SP800-131A rev2 suggests certain RSA modulus sizes under 2048
    bits (1024, 1280, 1536, and 1792) may continue to be used for
    signature verification but not for signature generation.  This loosen
    the current service indicator report to approve them.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Aug 9 12:55:04 2022 +0900

    nettle: check RSA modulus size in bits rather than bytes
    
    Previously we checked RSA modulus size clamped to byte unit instead of
    bits.  This makes the check stricter by explicitly calculating the
    modulus size in bits.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Aug 9 12:08:24 2022 +0200

    fips: disable GNUTLS_CIPHER_3DES_CBC self-test
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Aug 8 13:54:13 2022 +0900

    .gitlab-ci.yml: mark all CI jobs interruptible
    
    This allows previous pipelines to be cancelled if a new job is
    submitted subsequently:
    https://docs.gitlab.com/ee/ci/yaml/#interruptible
    
    Suggested-by: Zoltán Fridrich <zfridric@redhat.com>
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Mon Aug 8 23:07:21 2022 +0200

    Moved TLS interoperability tests to submodule.
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Andreas Metzler <ametzler@debian.org>
Date:   Sun Jul 31 10:28:15 2022 +0200

    Avoid &> redirection bashism in testsuite
    
    Broken by 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Stanislav Zidek <szidek@redhat.com>
Date:   Thu Feb 11 13:57:27 2021 +0100

    interoperability testing with openssl
    
    GitLab CI extended to run 2way interoperability tests with openssl on
    Fedora. Also prepared for adding further interoperability tests once
    they are in better shape.
    
    Signed-off-by: Stanislav Zidek <szidek@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Aug 4 16:37:51 2022 +0900

    _gnutls_decrypt_pbes1_des_md5_data: use public crypto API
    
    This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd.  In
    the decryption code path with PBES1, algorithm checks for FIPS was not
    applied, because it used internal functions that bypass those checks.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Simon Josefsson <jas@josefsson.org>
Date:   Sat Jul 30 21:06:42 2022 +0200

    Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.
    
    Signed-off-by: Simon Josefsson <simon@josefsson.org>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Fri Jul 29 10:38:42 2022 +0200

    KTLS: hotfix
    
    session->internals.pull_func is set to system_read during gnutls_init()
    so check for user set pull/push function added in commit mentioned
    bellow will never pass.
    
    source: 2d3cba6bb21acb40141180298f3924c73c7de8f8
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Jul 28 12:49:59 2022 +0200

    Release 3.7.7
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 26 11:39:57 2022 +0900

    socket: only set pull/push functions when --save-*-trace is used
    
    This allows gnutls-cli to use KTLS for the transport, unless either
    --save-client-trace or --save-server-trace is used.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jul 26 11:38:41 2022 +0900

    handshake: do not enable KTLS if custom pull/push functions are set
    
    If gnutls_transport_set_pull_function or
    gnutls_transport_set_push_function is used, we can't assume the
    underlying transport handle is an FD.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Jul 22 12:00:11 2022 +0200

    Fix double free during gnutls_pkcs7_verify
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 27 20:23:26 2022 +0900

    guile: revert gnutls/build/tests.scm to use use-modules
    
    This partially reverts e727eb7901a3f1754de970c8529925ae3d591b90.  For
    some reason, the usage of #:use-module causes some behavioral
    difference that affects reauth.scm test.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Mon Jul 25 16:07:54 2022 +0200

    Fix memory leak in gnutls_pkcs7_import
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jul 14 15:19:23 2022 +0900

    crypto-api: add block cipher API with automatic padding
    
    This adds a couple of functions gnutls_cipher_encrypt3 and
    gnutls_cipher_decrypt3, which add or remove padding as necessary if
    the length of the plaintext is not a multiple of the block size.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jul 22 11:54:29 2022 +0900

    tests: temporarily disable checking against unresolvable hosts
    
    *.dane.verisignlabs.com and fedoraproject.org are no longer
    resolvable.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 20 15:00:10 2022 +0900

    src: add __attribute__((malloc)) to safe_open_rw
    
    This silences -Wsuggest-attribute=malloc warning with GCC 12.  While
    we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not
    possible to use it until Gnulib is updated.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jul 20 14:54:48 2022 +0900

    src: add NULL check on return value of realloc used in tests
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 21:24:23 2022 +0900

    tests: resume-with-previous-stek: initialize session data
    
    Spotted by gcc-analyzer 12.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 21:23:31 2022 +0900

    tests: add __attribute__((__noreturn__)) to _fail and fail_ignore
    
    To suppress warnings with gcc-analyzer 12.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 21:13:53 2022 +0900

    crypto-selftests: fix decryption check condition in test_cipher_aead
    
    Spotted by gcc-analyzer 12.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jun 30 20:57:30 2022 +0900

    x509, tpm2: use asn1_node instead of deprecated ASN1_TYPE
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 23:41:26 2022 +0200

    guile: Allow session record ports to have a 'close' procedure.
    
    This addition makes it easy to close the backing file descriptor or port
    of a session when its record port is closed.
    
    * guile/src/core.c (SCM_GNUTLS_SESSION_RECORD_PORT_SESSION): Add SCM_CAR.
    (SCM_GNUTLS_SESSION_RECORD_PORT_CLOSE_PROCEDURE)
    (SCM_GNUTLS_SET_SESSION_RECORD_PORT_CLOSE)
    (SCM_GNUTLS_SESSION_RECORD_PORT_P)
    (SCM_VALIDATE_SESSION_RECORD_PORT): New macros.
    (make_session_record_port): Change "stream" argument to a pair.
    (close_session_record_port): New function.
    (scm_gnutls_session_record_port): Add optional 'close' parameter and
    honor it.
    (scm_gnutls_set_session_record_port_close_x): New function.
    (scm_init_gnutls_session_record_port_type): Add call to
    'scm_set_port_close' and 'scm_set_port_needs_close_on_gc'.
    * guile/tests/session-record-port.scm: Test it.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 17:03:03 2022 +0200

    guile: Remove support for the 1.8.x series.
    
    The last Guile 1.8.x release dates back to 2010.
    
    * configure.ac: Remove 1.8 from 'GUILE_PKG'.
    * doc/gnutls-guile.texi (Guile Preparations): Remove mention of Guile 1.8.
    * guile/src/core.c (mark_session_record_port)
    (free_session_record_port): Remove.
    (scm_init_gnutls_session_record_port_type): Remove corresponding
    'scm_set_port_mark' and 'scm_set_port_free' calls.
    * guile/modules/gnutls.in: Remove top-level 'cond-expand' forms for
    Guile 1.8.
    * guile/modules/gnutls/build/tests.scm: Likewise.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 17:02:17 2022 +0200

    maint: Update guile.m4.
    
    * m4/guile.m4: Update from Guile 3.0.7.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Brad Smith <brad@comstyle.com>
Date:   Fri Jul 15 22:44:03 2022 -0400

    accelerated: aarch64: add OpenBSD/aarch64 support
    
    Signed-off-by: Brad Smith <brad@comstyle.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 27 11:14:50 2022 +0900

    cipher: limit plaintext length supplied to AES-GCM
    
    According to SP800-38D 5.2.1.1, input data length of AES-GCM
    encryption function must be less than or equal to 2^39-256 bits.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Ludovic Courtès <ludo@gnu.org>
Date:   Sun Jul 10 18:54:54 2022 +0200

    guile: Session record port treats premature termination as EOF.
    
    * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Treat
    GNUTLS_E_PREMATURE_TERMINATION as EOF.
    (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise.
    * guile/tests/premature-termination.scm: New file.
    * guile/Makefile.am (TESTS): Add it.
    * NEWS: Update.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>

Author: Richard Costa <richard.costa@suse.com>
Date:   Sat Jul 9 00:50:21 2022 +0000

    Add self-test code inside a FIPS context
    
    Self-test code exercise lots of different FIPS-related code with
    side-effects. So, in order to prevent it from losing information when
    executing inside another context, we create an appropriated one.
    
    If the self-test fails, then the library is placed in error state, so it
    doesn't matter for other contexts.
    
    Signed-off-by: Richard Maciel Costa <richard.costa@suse.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue May 10 15:20:45 2022 +0200

    Increase the limit of TLS PSK usernames from 128 to 65535 characters
    
    Co-authored-by: Hannes Reinecke <hare@suse.de>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 1 08:04:57 2022 +0200

    fips: make service indicator logging louder
    
    Previously, the only way to monitor the FIPS context transtion was to
    increase logging level to debug (2), which produces unrelated output.
    
    This changes the minimum logging level to audit (1) for when the
    transition happens.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jun 27 09:29:13 2022 +0900

    nettle: restrict output size of HKDF-Expand to 255 * HashLen
    
    RFC 5869 2.3 requires that requested output length of HKDF-Expand to
    be equal to or less than 255 times hash output size.
    
    Inspired by the report by Guido Vranken in:
    https://lists.gnupg.org/pipermail/gcrypt-devel/2022-June/005328.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jun 28 17:22:36 2022 +0200

    tests/fips-test: minor extension
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 13:46:44 2022 +0900

    .gitlab-ci.yml: add fedora-ktls pipeline
    
    This is to ensure that the same testsuite succeeds even if we compile
    the library with --enable-ktls and KTLS is enabled with a run-time
    configuration.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 10:53:55 2022 +0900

    ktls: _gnutls_ktls_enable: fix GNUTLS_KTLS_SEND calculation
    
    Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the
    same socket is used for both sending and receiving, GNUTLS_KTLS_SEND
    was unconditionally set.  This fixes the conditions and also adds more
    logging.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 10:23:33 2022 +0900

    handshake: do not reset KTLS enablement in gnutls_handshake
    
    As gnutls_handshake can be repeatedly called upon non-blocking setup,
    we shouldn't try to call setsockopt for KTLS upon every call.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Jun 28 09:37:22 2022 +0900

    tests: enable KTLS config while running gnutls_ktls test
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Gregor Jasny <gjasny@googlemail.com>
Date:   Tue Jun 21 11:18:16 2022 +0200

    README.md: explicitly install libtasn1-bin
    
    Signed-off-by: Gregor Jasny <gjasny@googlemail.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Tue Jun 14 16:16:11 2022 +0200

    KTLS: disable by default enable by config
    
    KTLS will be disabled by default when build with `--enable-ktls` to
    enable it, use config file option `ktls = true` in [global] section.
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jun 3 15:43:00 2022 +0900

    fips: provide function to manually run FIPS self-tests
    
    FIPS140-3 IG 10.3.E Periodic Self-Testing says:
    
      At security levels 1 and 2, acceptable means for initiating the
      periodic self-tests include a provided service, resetting, rebooting
      or power cycling.
    
    Neither resetting, rebooting, nor power-cycling is suitable because
    those involve operations outside of the module.  Therefore this patch
    adds a new API to manually run the substance of FIPS140 self-tests.
    
    Suggeested by Richard Costa and Stephan Mueller in:
    https://gitlab.com/gnutls/gnutls/-/issues/1364
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed May 18 15:38:21 2022 +0200

    tests/suite/tls-fuzzer: remove most of the -n limiters...
    
    ... since tlsfuzzer now sets reasonable (~<10s/script) limits
    for most of the scripts by default
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed May 18 13:41:18 2022 +0200

    tests/suite/tls-fuzzer: pin current error messages with -X
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun May 29 10:54:48 2022 +0900

    build: Revert "Disable test scripts on windows"
    
    This reverts commit d2b99e3b3429e9b9a6fbff46598fd4c6a0910f65.
    
    It turned out that the test failures under mingw were caused by a
    regression in wine 7.5, possibly:
    https://bugs.winehq.org/show_bug.cgi?id=52743
    
    Now that the latest wine package based on wine 7.9 has no issues with
    running those test scripts, this enables them again in the build
    process.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri May 27 09:17:55 2022 +0200

    Release 3.7.6
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Asad Mehmood <asad78611@googlemail.com>
Date:   Mon May 23 14:35:46 2022 +0000

    libdane: fix typo in Makefile.am
    
    Signed-off-by: Asad Mehmood <asad78611@googlemail.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri May 13 14:37:05 2022 +0200

    Add release steps for windows builds
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Wed May 18 11:43:26 2022 +0200

    Fix out-of-bounds memcpy in gnutls_realloc_zero()
    
    Co-authored-by: Tobias Heider <tobias.heider@canonical.com>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu May 19 10:27:51 2022 +0200

    Disable test scripts on windows
    
    This is a temporary solution to avoid failures
    of test scripts when ran on windows
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu May 12 10:38:23 2022 +0200

    Release 3.7.5
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue May 10 09:52:26 2022 +0200

    cligen: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Fri Apr 29 12:28:50 2022 +0200

    Improve certificate sanity checks
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date:   Mon Mar 28 17:49:22 2022 +0200

    Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID
    
    If the preferred side (as per session->internals.priorities->server_precedence)
    only supports one algorithm and if it is not the first in the other side's list
    of algorithms, then psk_ke_modes_recv_params did wrongly set
    session->internals.hsk_flags to HSK_PSK_KE_MODE_INVALID.
    
    Fixes #1303
    
    This issue was originally discovered while analyzing
    https://forum.filezilla-project.org/viewtopic.php?t=54333
    
    Signed-off-by: Tim Kosse <tim.kosse@filezilla-project.org>
    Co-authored-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat May 7 10:07:01 2022 +0200

    tests/cmocka-common.h: include <stdarg.h> before <cmocka.h>
    
    As documented in <https://api.cmocka.org/group__cmocka.html#details>,
    <stdarg.h> must be included before <cmocka.h>.
    
    Suggested by Brad Smith in:
    https://gitlab.com/gnutls/gnutls/-/issues/1360
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 29 12:01:53 2022 +0200

    configure.ac: check if compiler supports -Wa,-march=all
    
    Clang from LLVM 13.0.0 caused a segumentation fault if an unknown
    architecture is supplied through -march.  While this has been fixed in
    13.0.1, until it is widely deployed this adds a configure check as a
    safeguard:
    https://github.com/llvm/llvm-project/commit/d31f8cc6884ba3cc3e088fd57c4c533868e8a8b2
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Jan 15 11:27:20 2022 +0100

    gnutls_aead_cipher_set_key: new function
    
    This adds gnutls_aead_cipher_set_key, which enables to reuse the same
    handle but reset the context and key, without releasing the memory.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 11:48:39 2022 +0100

    crypto-api: support AES-SIV with scatter-gather API
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 11:17:46 2022 +0100

    crypto-api: refactor iov_store_st operations
    
    This replaces copy_from_iov to more generic append_from_iov.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 10:36:44 2022 +0100

    crypto-api: split scatter-gather AEAD implementation to helper funcs
    
    These _encryptv, _encryptv2, and _decryptv2 functions take orthogonal
    code paths depending on whether the underlying AEAD implementation
    supports message based API.  This patch split the implementation to
    dedicated helper functions.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Jan 17 10:07:02 2022 +0100

    crypto-api: add integer overflow checks around copying IOV
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu May 5 12:10:46 2022 +0200

    Extend fipshmac to take a path to libgnutls.so
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:27:16 2022 +0200

    .github/workflows/macos.yml: display tests/cert-tests/*.log
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:23:49 2022 +0200

    lib/fips.c: suppress -Wdiscarded-qualifiers warning
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:22:16 2022 +0200

    .gitignore: ignore tests/tls13/compress-cert*
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed May 4 15:19:17 2022 +0200

    tests/cert-tests/pkcs12.sh: use portable sed invocations
    
    The BSD sed doesn't recognize '\|' as the alternative operator, and
    the last '}' must be preceded with a newline.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 21 08:07:25 2021 +0200

    tls: add flag to disable session ticket in TLS 1.2
    
    The existing GNUTLS_NO_TICKETS flag affects all versions of TLS, where
    PFS is assured in TLS 1.3, while it is not in TLS 1.2.  This adds a
    new flag GNUTLS_NO_TICKETS_TLS12 to allow applications to disable
    session tickets only in TLS 1.2.
    
    As the only means of resumption in TLS 1.3 is using session tickets,
    we could repurpose the GNUTLS_NO_TICKETS flag make it no-op in TLS
    1.3.  However it would break backward compatibility, so we defer it to
    the next major release.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Nov 28 11:31:30 2021 +0100

    session_ticket: avoid invalid free on error path
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 21 11:08:06 2021 +0200

    _gnutls_version_max: return NULL if priorities are not populated
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon May 2 07:41:12 2022 +0200

    m4: update from autoconf-archive
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sun Apr 17 10:56:35 2022 +0200

    .github/workflows/macos.yml: pull in gtk-doc
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Apr 28 12:17:16 2022 +0200

    gnutls-cli, gnutls-serv: print supported channel binding
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Sat Sep 4 07:16:18 2021 +0200

    .gitlab-ci.yml: replace valgrind checks with ASan
    
    Running the full test suite under valgrind wastes a lot of time and
    may cause intermittent failures due to timeout.  We have them mainly
    for VALGRIND_MAKE_MEM_UNDEFINED client request, though the ASan tests
    now cover the equivalent after
    f23c3a6cba43706a6ebb3f9b0018cd658dcc0a72.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Thu Apr 14 11:29:26 2022 +0200

    Use packit to automate fedora upstream release
    
    Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date:   Sun Apr 24 17:03:18 2022 +0900

    Preserve mbuffer type when linearized
    
    Signed-off-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>

Author: Brian Wickman <bwickman97@outlook.com>
Date:   Thu Apr 21 05:52:36 2022 +0000

    Fix for #1132

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Apr 11 14:00:16 2022 +0200

    .gitignore: ignore files generated by asn1Parser
    
    These files are no longer maintained in the repository, after commit
    16061937.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Apr 8 10:23:51 2022 +0200

    cligen: update git submodule
    
    This also reverts commit fd0e28a3 and changes how the cligen python
    files are included in the distribution.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Zoltan Fridrich <zfridric@redhat.com>
Date:   Tue Apr 12 16:34:52 2022 +0200

    Small fips-test refactoring
