* Merge gnutls-FIPS-jitterentropy-deinit-threads.patch into the
main jitterentropy patch gnutls-FIPS-jitterentropy.patch
* Merge the soname gnutls-fips-sonames-check.patch and V3
gnutls-FIPS-HMAC-x86_64-v3-opt.patch patches together into
gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
* Remove gnutls-set-cligen-python-interp.patch with a sed command.
- Enable back the failing tests that have been fixed upstream:
* Remove patches:
- gnutls-disable-flaky-test-dtls-resume.patch
- gnutls-srp-test-SIGPIPE.patch
- gnutls-skip-pqx-test.patch
- gnutls-3.8.10-disable-ktls_test.patch
- Update to 3.8.11:
* libgnutls: Fix stack overwrite in gnutls_pkcs11_token_init
Reported by Luigino Camastra from Aisle Research.
[GNUTLS-SA-2025-11-18, CVSS: low] [bsc#1254132, CVE-2025-9820]
* libgnutls: MAC algorithms for PSK binders is now configurable
The previous implementation assumed HMAC-SHA256 to calculate the
PSK binders. With the new gnutls_psk_allocate_client_credentials2()
and gnutls_psk_allocate_server_credentials2() functions, the
application can use other MAC algorithms such as HMAC-SHA384.
* libgnutls: Expose a new function to provide the maximum record send size
A new function gnutls_record_get_max_send_size() has been added to
determine the maximum size of a TLS record to be sent to the peer.
* libgnutls: Expose a new function to update keys without sending a KeyUpdate
to the peer. A new function gnutls_handshake_update_receiving_key()
has been added to allow updating the local receiving key without
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=133
