From: Richard Henderson Date: Tue, 4 Nov 2025 14:17:31 +0000 (+0100) Subject: Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into staging X-Git-Tag: v10.2.0-rc1~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9c692eabbbb7f395347605a6ef33a32d398ea25;p=thirdparty%2Fqemu.git Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into staging Merge crypto and other misc fixes / features * Increase minimum gnutls to 3.7.5 * Increase minimum libgcrypt to 1.9.4 * Increase minimum nettle to 3.7.3 * Drop obsolete in-tree XTS impl * Fix memory leak when loading certificates * Remove/reduce duplication when loading certifcates * Fix possible crash when certificates are unloaded while an active TLS connection is using when in a TLS handshake operation * Deprecate use of dh-params.pem file * Document how to create certificates with Post-Quantum Cryptography compliant algorithms. * Support loading multiple certificate identities to allow support for Post-Quantum crypto in parallel with traditional RSA/ECC * Add "-run-with exit-with-parent=on" parameter * Flush pending errors when seeing ENOBUFS with a zero-copy send attempt * Fix data buffer parameters in hash & IO channel APIs to use 'void *' # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmkIr/8ACgkQvobrtBUQ # T9+2RhAAhEak/krdlTJw8OlJonUop7G5mlLU2TEoX0duRORcFhScsdSwb2pyc/wM # tnwfWXsnsKFItJx1y3STkOICtdNqizGoU3+c7wl4anQBurydu+XTs4ESBtVJtMYr # 1lTYvp0HFyKvaXwDWKE+ztltlJiog51tHPDLUIBCnyJysLVqxCHMHmkbG46IPBZo # A2XXxp3j/VBPmhls0JHpbAD4iVE3PChdK7zhyeGe/rld9+0JA12EPCvZ5Uokdj41 # aYP/okvnVH1atucoygPdDE3P5GYBKaSXZUWqzfkKhU7FgaF2863Td7ff1ip+WyWN # FFPNEU1hVg+T5hfsZVQmmIFDdSJWqoZaZM/WJVYdrRY4dKUCPnJ9OINbbnhuWz5E # JFmZOPibRZKQ44XcHX49JRfJEBvoq1z9OT1r7HkEP4D9/O7V/riIunbAESMk0sgi # 0/fatvdhNKMN6YBQM3mtN3yNOcfRSWFtSy9XS9zDjdpEKT7ui2t9FC0ZNSP0FRkS # aTY31FyacjHwU3zaoh6NoqqpxV9wwHrgsJwNbA/IztjmX/jvGG0Gb/sXVEqM59tR # e3VWTmlmZ1T8OLImh1hG4t+nY+XzI64QpVX8H9RCGm21o28DyTcOnTFK4OyIfWe5 # ttnNfEJN8WCVCsA8tcM8yAbZ/0qXrYfiZSO7hq79wE7LvyholAQ= # =9ESG # -----END PGP SIGNATURE----- # gpg: Signature made Mon 03 Nov 2025 02:37:03 PM CET # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange " [unknown] # gpg: aka "Daniel P. Berrange " [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu: (32 commits) docs: creation of x509 certs compliant with post-quantum crypto crypto: support upto 5 parallel certificate identities crypto: expand logic to cope with multiple certificate identities crypto: avoid loading the identity certs twice crypto: avoid loading the CA certs twice crypto: deprecate use of external dh-params.pem file crypto: make TLS credentials structs private crypto: fix lifecycle handling of gnutls credentials objects crypto: introduce a wrapper around gnutls credentials crypto: introduce method for reloading TLS creds crypto: reduce duplication in handling TLS priority strings crypto: remove duplication loading x509 CA cert crypto: shorten the endpoint == server check in TLS creds crypto: move release of DH parameters into TLS creds parent crypto: remove needless indirection via parent_obj field crypto: use g_autofree when loading x509 credentials crypto: move check for TLS creds 'dir' property crypto: remove redundant access() checks before loading certs crypto: replace stat() with access() for credential checks crypto: add missing free of certs array ... Signed-off-by: Richard Henderson --- e9c692eabbbb7f395347605a6ef33a32d398ea25