Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Feb 5 19:29:25 2026 +0100

    Release 3.8.12
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 4 20:03:49 2026 +0100

    x509/name_constraints: name_constraints_node_list_intersect over sorted
    
    Fixes: #1773
    Fixes: GNUTLS-SA-2026-02-09-2
    Fixes: CVE-2025-14831
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 4 18:31:37 2026 +0100

    x509/name_constraints: make types_with_empty_intersection a bitmask
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 4 13:30:08 2026 +0100

    x509/name_constraints: implement name_constraints_node_list_union
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Feb 4 09:09:46 2026 +0100

    x509/name_constraints: add sorted_view in preparation...
    
    ... for actually using it later for performance gains.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 26 20:16:36 2026 +0100

    x509/name_constraints: introduce a rich comparator
    
    These are preparatory changes before implementing N * log N intersection
    over sorted lists of constraints.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Feb 5 13:22:10 2026 +0100

    x509/name_constraints: name_constraints_node_add_{new,copy}
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 26 20:14:33 2026 +0100

    x509/name_constraints: reject some malformed domain names
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 26 19:10:58 2026 +0100

    tests/name-constraints-ip: stop swallowing errors...
    
    ... now when it started to pass
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 26 19:02:27 2026 +0100

    x509/name_constraints: use actual zeroes in universal exclude IP NC
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Jan 29 17:38:01 2026 +0100

    pre_shared_key: add null check on pskcred
    
    Fixes: #1790
    Fixes: GNUTLS-SA-2026-02-09-1
    Fixes: CVE-2026-1584
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Feb 5 19:58:11 2026 +0100

    NEWS: add an entry for overflows reported by Tim Rühsen

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 23 16:29:25 2026 +0900

    _gnutls_bin2hex: make it robuster against empty input
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 23 16:18:35 2026 +0900

    tests: use public API in pkcs12_s2k test as possible
    
    The pkcs12_s2k was using _gnutls_bin2hex, which is a private
    function. This changes the test logic to compare with binary blogs
    instead of hex encoded data, and switches to using a public function,
    gnutls_hex_decode.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Jan 16 11:26:21 2026 +0900

    x509: avoid integer overflow when escaping DN
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 15 09:31:47 2026 +0900

    buffer: add more extensive integer overflow checks
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 9 07:46:40 2026 +0100

    doc/Makefile: re-add three binaries to DISTCLEANFILES
    
    This has previously been fixed in
    8daba130cc0c4100186af0b61bc3e65d54a46727,
    but then 5300a8683d937ccf09ed01170d3bcb93d97ed605 reverted it out
    together with the other change.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 9 12:42:22 2026 +0100

    .gitlab-ci.yml: kill wineserver before running tests

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 9 09:58:06 2026 +0100

    .gitlab-ci.yml: do not run fedora-i686/test w/o fedora-i686/build
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 9 09:54:31 2026 +0100

    .gitlab-ci.yml: unregister qemu binfmt handler first
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Feb 9 07:30:43 2026 +0100

    .gitlab-ci.yml: fix .mingw/test binfmt setup
    
    Previously, multiple inheritance has shadowed the before_script
    of .mingw/test, so the binfmt preparation didn't run.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Sun Feb 8 20:56:33 2026 +0100

    .gitlab-ci.yml: add --skip-po hack to fedora-docdist/test as well
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Sun Feb 8 19:25:31 2026 +0100

    .gitlab-ci.yml: move mingw job to Fedora 43 for newer nettle
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Feb 5 19:27:48 2026 +0100

    NEWS: mention 3.8.12 changes
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Feb 6 18:35:56 2026 +0100

    cligen: update submodule
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Feb 6 15:50:17 2026 +0100

    tests/Makefile: specify overlooked pkcs11-long-label dependencies
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 22 18:32:47 2026 +0900

    ocsp: suppress false-positive reported by GCC 15 analyzer
    
    GCC 15 analyzer reports:
    
      ocsp.c:2470:17: warning: dereference of NULL '*ocsps' [CWE-476] [-Wanalyzer-null-dereference]
       2470 |                 gnutls_ocsp_resp_deinit((*ocsps)[i]);
            |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    *ocsps should always be non-NULL when this part is exercised. This
    adds an assertion for that.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 22 17:01:34 2026 +0900

    dane: use matching deallocator for gnutls_malloc
    
    Spotted by GCC analyzer:
    
      dane.c:972:17: warning: memory allocated with 'gnutls_malloc' should be deallocated with 'free' but was deallocated with 'free'
        972 |                 free(new_cert_list);
            |                 ^~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Jan 22 16:59:33 2026 +0900

    rnd: use matching allocator for gnutls_free
    
    Spotted by GCC 15 analyzer:
    
      ./../includes/gnutls/gnutls.h:2321:24: warning: memory allocated with 'calloc' should be deallocated with 'gnutls_free' but was deallocated with 'gnutls_free'
       2321 | #define gnutls_free(a) gnutls_free((void *)(a)), a = NULL
            |                        ^~~~~~~~~~~~~~~~~~~~~~~~
      rnd.c:166:9: note: in expansion of macro 'gnutls_free'
        166 |         gnutls_free(ctx);
            |         ^~~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Feb 3 13:30:32 2026 +0900

    configure.ac: hide m4_ifdef from autopoint
    
    The recent version of autopoint warns about multiple invocation of
    AM_GNU_GETTEXT_REQUIRE_VERSION, without evaluating m4_ifdef. This
    obfuscates the first occurrence with a quote to work around that.
    
    Suggested by Bruno Haible.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 20 01:34:05 2026 +0100

    tests/scripts/common.sh: avoid IPv6 in check_if_port_*
    
    I've encountered a race condition when IPv4 couldn't bind, IPv6 did bind,
    the check passed because IPv6 could bind,
    but then tlsfuzzer testsuite used IPv4 and failed.
    One of the simplest solutions is to filter out IPv6 in the checks.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Maxim Cournoyer <maxim@guixotic.coop>
Date:   Thu Oct 16 12:50:06 2025 +0900

    doc: Fix races in a parallel build, take 2.
    
    This is an alternative solution to that originally made in commit
    8daba130c (now reverted), that doesn't break 'make distcheck'.
    
    * doc/Makefile.am (error_codes.texi, algorithms.texi, alerts.texi):
    Group as a single grouped target.  Document.
    
    Fixes: <https://gitlab.com/gnutls/gnutls/-/issues/1635>
    Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>

Author: Maxim Cournoyer <maxim@guixotic.coop>
Date:   Thu Oct 16 12:49:33 2025 +0900

    Partially re-apply "doc: Fix races in a parallel build."
    
    This partially reverts commit
    5300a8683d937ccf09ed01170d3bcb93d97ed605, reinstating just the MKDIR_P
    change, which is a good one.
    
    Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Jan 22 17:28:58 2026 +0100

    tests/suite/tls-fuzzer: exclude test‑tls13‑finished.py padding tests...
    
    ... as gnutls sends NST early (explicitly valid by RFC8446 4.6.1)
    and that races against sending malformed Finished.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Jan 22 16:27:31 2026 +0100

    tests/suite/tls-fuzzer/gnutls-nocert-tls13.json: clarify a comment
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jan 21 18:58:20 2026 +0100

    tests/resume.c: use a callback for processing NST data
    
    This is supposed to avoid a rare race condition with NST coming late.
    The callback and its use are taken from
    tests/tls13/hello_retry_request_resume.c
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jan 21 17:59:47 2026 +0100

    tests/suite/testrng.sh: shorten with a helper
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Jan 21 17:51:33 2026 +0100

    tests/suite/testrng.sh: check ./rng return code
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 20 18:36:26 2026 +0100

    tests/cert-reencoding.sh: clean up, valgrind, IPv4
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 19 18:53:21 2026 +0100

    tests/suite/testdane.sh: just skip on hosts with a long hostname
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Jan 19 15:40:27 2026 +0100

    tests/suite/tls-fuzzer: update submodules, tweak/enable tests
    
    Modifies existing invocations of some updated tests:
    * test-dhe-rsa-key-exchange-with-bad-messages.py: wrong alert on missing dh_Yc
    * test-ecdsa-in-certificate-verify.py: skip sha224 and brainpool
    * test-tls13-ccs.py: see #1788
    * test-tls13-certificate-verify.py: expect ML-DSA sigalgs
    * test-tls13-ecdsa-in-certificate-verify.py: expect ML-DSA sigalgs
    * test-tls13-ecdsa-support.py: no support for brainpool
    * test-tls13-keyupdate.py: see #1789
    * test-tls13-session-resumption.py: no NST on PSK_ONLY; wrong cert on 1.2 -> 1.3
    
    Adds invocations for select new tests:
    * test-ccs.py
    * test-connection-abort.py
    * test-interleaved-CKE-with-CCS.py
    * test-no-mlkem-in-old-tls.py
    * test-point-extension.py (with a lot of waiving)
    * test-tls13-connection-abort.py
    * test-tls13-no-unknown-groups.py
    * test-tls13-unencrypted-alert.py
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Jan 16 17:43:35 2026 +0100

    tests/suite/testdane.sh: with and w/o --local-dns; 50% success rate
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Jan 20 01:25:08 2026 +0100

    tests/scripts/common.sh: avoid ephemeral port range in GETPORT
    
    The idea is to avoid a race condition between checking the port
    and some outgoing connection snatching it before the server binds to it.
    We're still racing against others, just outside of the ephemeral range.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Jan 16 18:01:35 2026 +0100

    tests/suite/testdane.sh: add more SMTP hosts
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Jan 16 17:57:41 2026 +0100

    tests/suite/testdane.sh: add more HTTPS hosts
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Fri Jan 16 17:42:25 2026 +0100

    tests/suite/testdane.sh: insignificant tweaks
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Markus Theil <theil.markus@gmail.com>
Date:   Tue Jan 13 12:05:13 2026 +0100

    rnd: always clear internal RNG state and confidential temporary data
    
    Internal RNG state should not be left in memory after deallocating
    the RNG or exiting a process using GnuTLS. Fix this for the ChaCha20
    based RNG implementation. The FIPS RNG impl. already does this, due
    to FIPS requirements.
    
    Signed-off-by: Markus Theil <theil.markus@gmail.com>

Author: Dmitrichenko Mikhail <m.dmitrichenko222@gmail.com>
Date:   Mon Jan 12 10:28:14 2026 +0000

    srptool: fix stack buffer overflow with large SRP groups
    
    The static buffer result in _srp_crypt() was only 1024 bytes, while the
    8192-bit SRP group code produces base64-encoded verifier of 1366
    characters.
    
    Using sprintf() with the old buffer caused a stack buffer overflow
    (undefined behaviour) when --index=6 or --index=7 was used.
    
    This commit:
    - increases the static buffer size to 2048 bytes (sufficient for all
      currently supported groups),
    - replaces sprintf() with snprintf() to prevent overflow even if the
      buffer were accidentally too small.
    
    Found by Linux Verification Center (linuxtesting.org) with SVACE.
    
    Fixes: #1777
    
    Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>

Author: xinpeng.wang <wangxinpeng@uniontech.com>
Date:   Wed Jan 14 13:19:46 2026 +0800

    lib: add support for Hygon Genuine CPUs in x86 acceleration
    
    Hygon CPUs (HygonGenuine) share the same AES-NI and other crypto
    instruction sets with AMD Zen architecture. However, they were previously
    falling back to the generic software provider because the vendor check
    only recognized Intel and AMD.
    
    This fallback to the software provider (Nettle wrapper) could lead to
    numerical issues or crashes (e.g., divide-by-zero) in certain
    environments like Photoshop.
    
    This patch:
    1. Adds X86_CPU_VENDOR_HYGON to x86_cpu_vendor enum.
    2. Updates check_x86_cpu_vendor() to recognize Hygon CPUs.
    3. Enables hardware acceleration for Hygon CPUs.
    
    Signed-off-by: xinpeng.wang <wangxinpeng@uniontech.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Jan 14 13:27:49 2026 +0900

    Update year of copyright notices in doc/gnutls.texi
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 22 18:20:25 2025 +0900

    pkcs11: fix module name resolution for unconfigured modules
    
    When a PKCS#11 module is not configured, p11_kit_module_get_name()
    returns NULL. In that case, use the filename instead.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 22 15:29:06 2025 +0900

    pkcs11: properly fall back to thread-unsafe module init
    
    The PKCS#11 module initialization logic introduced in
    aa5f15a872e62e54abe58624ee393e68d1faf689 first attempts to initialize
    the module with CKR_NEED_TO_CREATE_THREADS|CKF_OS_LOCKING_OK, which
    may return either CKR_CANT_LOCK or CKR_NEED_TO_CREATE_THREADS, where
    the latter was previously treated as a hard error. This fixes it and
    also makes the second attempt to not supply any flags.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 2 11:42:05 2025 +0900

    tests/slow: set TEST_EXTENSIONS for wrappers
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 2 09:33:22 2025 +0900

    crypto-selftests: exercise gnutls_hash_output(..., NULL)
    
    This moves the test introduced in commit
    7a7d3e44c0f769eb7bae6c6ee21a0a8a3f9e5144, from tests/slow/hash-large.c
    to the library selftests, because the former is tailored for
    excessively large input, ignoring SIGSEGV.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Dec 2 15:10:37 2025 +0900

    accelerated: accept NULL as digest argument for gnutls_hash_output
    
    As a follow-up of commit eced4c0c2b3d3ee6a35dab99616a25910b623f79 this
    also extends the accelerated version of gnutls_hash_output to be able
    to reset the context by passing NULL as the digest argument.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Dec 1 18:16:06 2025 +0900

    devel/release-steps.md: update CI job name to the latest
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 20 18:27:14 2025 +0900

    abi-dump: update git submodule
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 19:31:59 2025 +0100

    .gitlab-ci.yml: move i686 to a separate image
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date:   Mon Nov 24 16:02:23 2025 +0100

    Add missing copyright/license headers
    
    Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Nov 5 13:22:08 2025 +0100

    .gitlab-ci.yml: move mingw and cross jobs to Fedora 42
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Mon Nov 3 16:06:21 2025 +0100

    .gitlab-ci.yml: move vanilla Fedora jobs to Fedora 42
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Julien Olivain <ju.o@free.fr>
Date:   Sun Nov 23 18:17:19 2025 +0100

    audit: crau: fix compilation with gcc < 11
    
    If the CRAU_MAYBE_UNUSED macro is unset, the crau.h file tries to
    automatically detect an appropriate value for it.
    
    This autodetection is using the cpp special operator
    `__has_c_attribute` [1], introduced in gcc 11 [2].
    
    When compiling with a gcc older than version 11, the compilation fails
    with the error:
    
        In file included from audit.h:22,
                         from audit.c:26:
        crau/crau.h:255:23: error: missing binary operator before token "("
             __has_c_attribute (__maybe_unused__)
                               ^
    
    This has been observed, for example, in Rocky Linux 8.10, which
    contains a gcc v8.5.0.
    
    The issue happens because the test for the `__has_c_attribute`
    availability and the test for the `__maybe_unused__` attribute
    are in the same directive. Those tests should be separated in
    two different directives, following the same logic described in
    the `__has_builtin` documentation [3].
    
    This issue was found in Buildroot, after updating gnutls to
    version 3.8.11 in [4].
    
    This commit fixes the issue by splitting the test in two.
    
    [1] https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fc_005fattribute.html
    [2] https://gcc.gnu.org/gcc-11/changes.html#c
    [3] https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fbuiltin.html
    [4] https://gitlab.com/buildroot.org/buildroot/-/commit/81dbfe1c2ae848b4eb1f896198d13455df50e548
    
    Reported-by: Neal Frager <neal.frager@amd.com>
    Signed-off-by: Julien Olivain <ju.o@free.fr>

Author: Jan Palus <jpalus@fastmail.com>
Date:   Thu Nov 20 18:51:59 2025 +0100

    mem: include headers for size_t and uint8_t
    
    Fixes: #1764
    
    Signed-off-by: Jan Palus <jpalus@fastmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Nov 20 08:52:53 2025 +0900

    build: update symbols.last to include gnutls_audit_* functions
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 18 09:05:29 2025 +0900

    Release 3.8.11
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 18 13:17:55 2025 +0900

    pkcs11: avoid stack overwrite when initializing a token
    
    If gnutls_pkcs11_token_init is called with label longer than 32
    characters, the internal storage used to blank-fill it would
    overflow. This adds a guard to prevent that.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 18 09:28:26 2025 +0900

    build: bump Nettle version requirement from 3.6 to 3.10
    
    Given Nettle 3.10 is ABI compatible with 3.6 and includes several
    security relevant fixes, this updates the library's minimum
    requirement of Nettle to 3.10. The bundled code will stay for the
    next couple of release cycles in case any downstream issues are found,
    as suggested in:
    https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004905.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daniel P. Berrangé <berrange@redhat.com>
Date:   Wed Oct 29 13:29:34 2025 +0000

    lib: clarify docs for gnutls_credentials_set
    
    Make it explicit that only a single credentials object of a given
    type may be set against a session. Any further attempts to set
    credentials for a type will replace previously set crdentials.
    The act of replacement also allows the previously set credentials
    to be freed by the caller.
    
    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Author: Alistair Francis <alistair.francis@wdc.com>
Date:   Thu Oct 9 14:57:08 2025 +1000

    lib/kx: Only report file open error if there is an error
    
    Previously all attempts to open a `SSLKEYLOGFILE` would result in a
    "unable to open keylog file" regardless of if the file was opened or
    not. Instead let's only report the issue if the file fails to open.
    
    Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Wed Nov 19 11:02:53 2025 +0100

    .gitlab-ci.yml: run all the jobs untagged...
    
    ... to let them use either self-hosted runners
    or saas-linux-small-amd64 GitLab-hosted runners.
    
    Also revert `except: [tags]` resource preservation measure.
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 12:38:30 2025 +0100

    .gitlab-ci.yml: move fedora-docdist to a doc image
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Tue Nov 11 20:53:06 2025 +0100

    .gitlab-ci.yml: register binfmt handlers only if missing
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 10:58:52 2025 +0100

    .gitlab-ci.yml: remove bz2049401 workaround
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 10:57:43 2025 +0100

    .gitlab-ci.yml: enable binfmt for mingw
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 10:52:40 2025 +0100

    tests/suite/tls-interoperability: update submodule
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 11:38:26 2025 +0100

    .gitlab-ci.yml: GIT_STRATEGY: clone for commit-check
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 11:35:42 2025 +0100

    devel/check_if_signed: fix a condition
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Nov 18 08:57:43 2025 +0900

    tests/pkcs11-provider: match token with --provider when initializing
    
    Even if the "module-path" query attribute is given in the PKCS#11 URI,
    p11tool does not filter tokens based on that when called with
    --initialize. As this is not part of the pkcs11-provider
    functionality, use --provider option to specify the token.
    
    Also defer the settings of GNUTLS_SYSTEM_PRIORITY_FILE and
    GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID after the token initialization.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Alexander Sosedkin <asosedkin@redhat.com>
Date:   Thu Nov 6 19:06:55 2025 +0100

    lib/Makefile: remove audit_int.h reference
    
    Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

Author: Karthik Das <kartheekdasari1998@gmail.com>
Date:   Sun Nov 16 08:31:29 2025 +0000

    Add missing parameter documentation in lib/audit.c
    
    Signed-off-by: Karthik Das <kartheekdasari1998@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Oct 29 12:45:00 2025 +0900

    build: ignore new functions at "make abi-check-latest"
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 31 13:08:20 2025 +0900

    build: pacify GCC analyzer false-positive in src/ocsptool.c
    
    Without the guard (chain_size - 1), GCC analyzer spews the warning
    below, which should be a false-positive:
    
    ocsptool.c:532:32: warning: use of uninitialized value 'chain[1]' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
      532 |                         signer = chain[1];
          |                         ~~~~~~~^~~~~~~~~~
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Samuel Zeter <samuelzeter@gmail.com>
Date:   Tue Oct 14 18:00:26 2025 +0200

    lib: Fix Wunterminated-string-initialization warnings
    
    Building on a newer gcc version (15) results in the following warnings:
    
    status_request.c: In function 'client_send':
    status_request.c:71:33: warning: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (6 chars into 5 available) [-Wunterminated-string-initialization]
       71 |         const uint8_t data[5] = "\x01\x00\x00\x00\x00";
          |                                 ^~~~~~~~~~~~~~~~~~~~~~
    x86-common.c: In function 'check_phe_partial':
    x86-common.c:342:31: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (65 chars into 64 available) [-Wunterminated-string-initialization]
      342 |         const char text[64] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
          |
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Samuel Zeter <samuelzeter@gmail.com>
    Modified-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 31 11:16:28 2025 +0900

    build: exclude duplicate entries in src/mech-list.h
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 30 14:12:54 2025 +0900

    build: derive the location of default config file from $sysconfdir
    
    Previously we hard-coded "/etc" as part of the path of the default
    configuration file. It is more palatable to respect the --sysconfdir
    configure option and locate the file there.
    
    Per recommendation at [1], the path is expanded at "make" time, not at
    "configure" time.
    
    1. https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.72/html_node/Installation-Directory-Variables.html
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Fri Oct 24 15:33:45 2025 +0900

    build: fix compiler warnings with -Wstrict-prototypes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Mon Oct 20 16:42:36 2025 +0900

    x509: encode ECDSA private key in fixed length
    
    RFC 5915 section 3 says that the privateKey field of ECPrivateKey
    structure should be fixed length, though the library encoded it in
    variable length, depending on the leading byte. This patch enforces
    that the field is always encoded in fixed length, as well as
    consolidates the code paths for EdDSA and X25519/X448 keys.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 14 14:32:33 2025 +0900

    audit: wrap crau interface and expose it partly as public API
    
    This adds 3 new functions: gnutls_audit_push_context,
    gnutls_audit_pop_context, and gnutls_audit_current_context, which
    would be useful when the applications define their own crypto-auditing
    probe points.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 14 14:57:00 2025 +0900

    configure: disable crypto-auditing support by default
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 9 09:21:29 2025 +0900

    configure: fix faketime detection
    
    This fixes the cache variable name (gnutls_cv_prog_faketime_works, not
    gnutls_cv_faketime_works), and avoids extraneous output from the
    configure.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 9 09:11:06 2025 +0900

    po: ignore new files introduced by gettext
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 9 09:09:59 2025 +0900

    m4/hooks.m4: check <sys/sdt.h> defines DTrace compatible macros
    
    On macOS, <sys/sdt.h> defines a different interface than on
    GNU/Linux. Check if DTRACE_PROBE* macros are actually usable.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Samuel Zeter <samuelzeter@gmail.com>
Date:   Fri Oct 3 01:20:58 2025 +1000

    x509: Remove misleading comments
    
    These comments were originally from an old function called
    check_schema() which has since been removed.
    
    Signed-off-by: Samuel Zeter <samuelzeter@gmail.com>

Author: Samuel Zeter <samuelzeter@gmail.com>
Date:   Fri Oct 3 01:06:30 2025 +1000

    x509: Remove extraneous asn1_delete
    
    No need for deletion given we already call asn1_delete_structure2.
    
    Signed-off-by: Samuel Zeter <samuelzeter@gmail.com>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 2 14:11:42 2025 +0900

    tls-sig: instrument crypto-auditing probes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Thu Oct 2 17:56:37 2025 +0900

    _gnutls_handshake_sign_data: resolve signing algorithm only once
    
    This avoids unnecessary look up of algorithm entry.
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 24 13:23:09 2025 +0900

    key_share: instrument crypto-auditing probes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Wed Sep 24 10:38:07 2025 +0900

    handshake: instrument crypto-auditing probes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Sep 2 17:45:27 2025 +0900

    pk: instrument crypto-auditing probes
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>

Author: Daiki Ueno <ueno@gnu.org>
Date:   Tue Oct 25 16:27:16 2022 +0900

    build: bundle crypto-auditing helper library as copylib
    
    Signed-off-by: Daiki Ueno <ueno@gnu.org>
    Co-authored-by: Zoltan Fridrich <zfridric@redhat.com>

Author: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Date:   Tue Aug 19 18:49:14 2025 +0000

    lib/nettle/int/drbg-aes-self-test: Replace free() with gnutls_free()
    
    Replace free() with gnutls_free() for consistent memory deallocation.
    
    Fixes: 1421e31ff ("Added DRBG submitted to nettle in gnutls.")
    Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

Author: Alistair Francis <alistair.francis@wdc.com>
Date:   Mon May 26 14:41:46 2025 +1000

    tls13/key_update: Expose a manual KeyUpdate function
    
    As part of supporting KeyUpdate in ktls-utils and NVMe-OF we need to
    trigger an update of the local keys after the kernel has received a
    KeyUpdate message.
    
