Packages changed:
 gnutls (3.8.9 -> 3.8.10)
 ncurses (6.5.20250720 -> 6.5.20250726)
 nghttp2
 nghttp3 (1.10.1 -> 1.11.0)
 openSUSE-release (20250804 -> 20250805)
 tpm2-0-tss (4.1.0 -> 4.1.3)

=== Details ===

==== gnutls ====
Version update (3.8.9 -> 3.8.10)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit

- Build with leancrypto. The liboqs support for post-quantum
 cryptography (PQC) has been removed and is only provided through
 leancrypto.
- Update to 3.8.10:
 * libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK
   Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium]
   [bsc#1246299, CVE-2025-6395]
 * libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
   Spotted by oss-fuzz and reported by OpenAI Security Research Team,
   and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
   CVSS: medium] [bsc#1246233, CVE-2025-32989]
 * libgnutls: Fix double-free upon error when exporting otherName in SAN
   Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
   CVSS: low] [bsc#1246232, CVE-2025-32988]
 * certtool: Fix 1-byte write buffer overrun when parsing template
   Reported by David Aitel. [GNUTLS-SA-2025-07-07-3,
   CVSS: low] [bsc#1246267, CVE-2025-32990]
 * libgnutls: PKCS#11 modules can now be used to override the default
   cryptographic backend. Use the [provider] section in the system-wide config
   to specify path and pin to the module (see system-wide config Documentation).
 * libgnutls: Linux kernel version 6.14 brings a Kernel TLS (kTLS) key update
   support. The library running on the aforementioned version now utilizes the
   kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
   TLS session. The --enable-ktls configure option as well as the system-wide
   kTLS configuration(see GnuTLS Documentation) are still required to enable
   this feature.
 * libgnutls: liboqs support for PQC has been removed
   For maintenance purposes, support for post-quantum cryptography
   (PQC) is now only provided through leancrypto. The experimental key
   exchange algorithm, X25519Kyber768Draft00, which is based on the
   round 3 candidate of Kyber and only supported through liboqs has
   also been removed altogether.
 * libgnutls: TLS certificate compression methods can now be set with
   cert-compression-alg configuration option in the gnutls priority file.
 * libgnutls: All variants of ML-DSA private key formats are supported
   While the previous implementation of ML-DSA was based on
   draft-ietf-lamps-dilithium-certificates-04, this updates it to
   draft-ietf-lamps-dilithium-certificates-12 with support for all 3
   variants of private key formats: "seed", "expandedKey", and "both".
 * libgnutls: ML-DSA signatures can now be used in TLS
   The ML-DSA signature algorithms, ML-DSA-44, ML-DSA-65, and
   ML-DSA-87, can now be used to digitally sign TLS handshake
   messages.
 * API and ABI modifications:
 - GNUTLS_PKCS_MLDSA_SEED: New enum member of gnutls_pkcs_encrypt_flags_t
 - GNUTLS_PKCS_MLDSA_EXPANDED: New enum member of gnutls_pkcs_encrypt_flags_t
- Add patch gnutls-3.8.10-disable-ktls_test.patch
- Rebased patches:
 * gnutls-FIPS-140-3-references.patch
 * gnutls-FIPS-disable-mac-sha1.patch
 * gnutls-disable-flaky-test-dtls-resume.patch
 * gnutls-skip-pqx-test.patch
- enable ktls support
- enable brotli and zstd compression support

==== ncurses ====
Version update (6.5.20250720 -> 6.5.20250726)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Add ncurses patch 20250726
 + modify configure script cases for $host_os, to accommodate 64-bit
   big-endian POWER linux with glibc (patch by Cosima Neidahl).
 + add warning to configure script to address conflict between the
 - -enable-lp64 option and the options for overriding the types used
   for chtype and mmask_t.
- Port patch ncurses-6.4.dif

==== nghttp2 ====

- Account for the libngtcp2 devel split for openssl and gnutls.

==== nghttp3 ====
Version update (1.10.1 -> 1.11.0)

- Update to 1.11.0:
 * Revert "Tighten up :path validation"
 * Implement RFC 9412 ORIGIN frame
 * Clarify the life time of the object pointed
 * Update doc
 * Port ngtcp2 map changes
 * Treat malformed HTTP message as a connection error
 * Map seed
 * Add nghttp3_qpack_encoder_new2
 * Make nghttp3_rand accept uint8_t buffer
 * Origin changes
 * No need to zero-clear frent
 * Use compound literals instead of filling with zeros
 * Make macros static inline functions
 * Remove length from nghttp3_frame

==== openSUSE-release ====
Version update (20250804 -> 20250805)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== tpm2-0-tss ====
Version update (4.1.0 -> 4.1.3)
Subpackages: libtss2-esys0 libtss2-fapi-common libtss2-fapi1 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tcti-device0 libtss2-tctildr0

- Update to 4.1.3:
 * Fix name collisions during dlopen() on some linkers
- Update to 4.1.2:
 * configure.ac: Fix test of == to = to be POSIX comliant
 * Remove use of which in favor of command -v
- Update to 4.1.1:
 * Fixed inclusion of .map and .def files in release tar balls

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.