Release 3.6.14 [ci skip]

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/NEWS b/NEWS
index 8f81bd3dc45712bfa99d4ba73302fce15c758be0..755a67c88cc4bcf0a5955c1ba8f035e1efaddef0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,39 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
 Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
 See the end for copying conditions.
 
-* Version 3.6.14 (unreleased)
+* Version 3.6.14 (released 2020-06-03)
+
+** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
+   The TLS server would not bind the session ticket encryption key with a
+   value supplied by the application until the initial key rotation, allowing
+   attacker to bypass authentication in TLS 1.3 and recover previous
+   conversations in TLS 1.2 (#1011).
+   [GNUTLS-SA-2020-06-03, CVSS: high]
+
+** libgnutls: Fixed handling of certificate chain with cross-signed
+   intermediate CA certificates (#1008).
+
+** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
+
+** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
+   (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
+   Key Identifier (AKI) properly (#989, #991).
+
+** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
+
+** libgnutls: Added several improvements on Windows Vista and later releases
+   (!1257, !1254, !1256). Most notably the system random number generator now
+   uses Windows BCrypt* API if available (!1255).
+
+** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
+   Also both accelerated and non-accelerated implementations check key block
+   according to FIPS-140-2 IG A.9 (!1233).
+
+** libgnutls: Added support for AES-SIV ciphers (#463).
+
+** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
+
+** libgnutls: No longer use internal symbols exported from Nettle (!1235)
 
 ** API and ABI modifications:
 GNUTLS_CIPHER_AES_128_SIV: Added

diff --git a/configure.ac b/configure.ac
index a09cbfd92dfd13a203717c99a84f749c78afcad1..d59553b6a180ed066aabe7654d8f541e23c1025c 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -23,7 +23,7 @@ dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.63)
 
 dnl when updating version also update LT_REVISION in m4/hooks.m4
-AC_INIT([GnuTLS], [3.6.13], [bugs@gnutls.org])
+AC_INIT([GnuTLS], [3.6.14], [bugs@gnutls.org])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4])
 AC_CANONICAL_HOST

diff --git a/m4/hooks.m4 b/m4/hooks.m4
index d0963f35cd87f5548360027d5b5cf992cff9333d..1f83d35f686c24cdf150af529caec6bef64dc44f 100644 (file)
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -40,9 +40,9 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
   #     in CONTRIBUTION.md for more info.
   #
   # Interfaces removed:                           AGE=0 (+bump all symbol versions in .map)
-  AC_SUBST(LT_CURRENT, 57)
+  AC_SUBST(LT_CURRENT, 58)
   AC_SUBST(LT_REVISION, 0)
-  AC_SUBST(LT_AGE, 27)
+  AC_SUBST(LT_AGE, 28)
 
   AC_SUBST(LT_SSL_CURRENT, 27)
   AC_SUBST(LT_SSL_REVISION, 2)