Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: e9c692eabbbb7f395347605a6ef33a32d398ea25
https://github.com/qemu/qemu/commit/e9c692eabbbb7f395347605a6ef33a32d398ea25
Author: Richard Henderson <[email protected]>
Date: 2025-11-04 (Tue, 04 Nov 2025)
Changed paths:
M crypto/cipher-gnutls.c.inc
M crypto/cipher-nettle.c.inc
M crypto/cipher.c
M crypto/hash.c
M crypto/hmac.c
M crypto/meson.build
M crypto/tlscreds.c
M crypto/tlscredsanon.c
A crypto/tlscredsbox.c
A crypto/tlscredsbox.h
M crypto/tlscredspriv.h
M crypto/tlscredspsk.c
M crypto/tlscredsx509.c
M crypto/tlssession.c
M crypto/trace-events
R crypto/xts.c
M docs/about/deprecated.rst
M docs/system/tls.rst
M include/crypto/hash.h
M include/crypto/hmac.h
M include/crypto/tlscreds.h
M include/crypto/tlscredsx509.h
M include/crypto/tlssession.h
R include/crypto/xts.h
M include/io/channel-socket.h
M include/io/channel.h
A include/qemu/exit-with-parent.h
M io/channel-socket.c
M io/channel-tls.c
M io/channel.c
M meson.build
M qemu-options.hx
A system/exit-with-parent.c
M system/meson.build
M system/vl.c
M tests/qtest/libqtest.c
M tests/unit/meson.build
M tests/unit/test-crypto-block.c
M tests/unit/test-crypto-tlscredsx509.c
M tests/unit/test-crypto-tlssession.c
R tests/unit/test-crypto-xts.c
M ui/vnc.c
Log Message:
-----------
Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into
staging
Merge crypto and other misc fixes / features
* Increase minimum gnutls to 3.7.5
* Increase minimum libgcrypt to 1.9.4
* Increase minimum nettle to 3.7.3
* Drop obsolete in-tree XTS impl
* Fix memory leak when loading certificates
* Remove/reduce duplication when loading certifcates
* Fix possible crash when certificates are unloaded
while an active TLS connection is using when in a
TLS handshake operation
* Deprecate use of dh-params.pem file
* Document how to create certificates with Post-Quantum
Cryptography compliant algorithms.
* Support loading multiple certificate identities to
allow support for Post-Quantum crypto in parallel
with traditional RSA/ECC
* Add "-run-with exit-with-parent=on" parameter
* Flush pending errors when seeing ENOBUFS with
a zero-copy send attempt
* Fix data buffer parameters in hash & IO channel APIs
to use 'void *'
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmkIr/8ACgkQvobrtBUQ
# T9+2RhAAhEak/krdlTJw8OlJonUop7G5mlLU2TEoX0duRORcFhScsdSwb2pyc/wM
# tnwfWXsnsKFItJx1y3STkOICtdNqizGoU3+c7wl4anQBurydu+XTs4ESBtVJtMYr
# 1lTYvp0HFyKvaXwDWKE+ztltlJiog51tHPDLUIBCnyJysLVqxCHMHmkbG46IPBZo
# A2XXxp3j/VBPmhls0JHpbAD4iVE3PChdK7zhyeGe/rld9+0JA12EPCvZ5Uokdj41
# aYP/okvnVH1atucoygPdDE3P5GYBKaSXZUWqzfkKhU7FgaF2863Td7ff1ip+WyWN
# FFPNEU1hVg+T5hfsZVQmmIFDdSJWqoZaZM/WJVYdrRY4dKUCPnJ9OINbbnhuWz5E
# JFmZOPibRZKQ44XcHX49JRfJEBvoq1z9OT1r7HkEP4D9/O7V/riIunbAESMk0sgi
# 0/fatvdhNKMN6YBQM3mtN3yNOcfRSWFtSy9XS9zDjdpEKT7ui2t9FC0ZNSP0FRkS
# aTY31FyacjHwU3zaoh6NoqqpxV9wwHrgsJwNbA/IztjmX/jvGG0Gb/sXVEqM59tR
# e3VWTmlmZ1T8OLImh1hG4t+nY+XzI64QpVX8H9RCGm21o28DyTcOnTFK4OyIfWe5
# ttnNfEJN8WCVCsA8tcM8yAbZ/0qXrYfiZSO7hq79wE7LvyholAQ=
# =9ESG
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:37:03 PM CET
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>" [unknown]
# gpg: aka "Daniel P. Berrange <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu: (32 commits)
docs: creation of x509 certs compliant with post-quantum crypto
crypto: support upto 5 parallel certificate identities
crypto: expand logic to cope with multiple certificate identities
crypto: avoid loading the identity certs twice
crypto: avoid loading the CA certs twice
crypto: deprecate use of external dh-params.pem file
crypto: make TLS credentials structs private
crypto: fix lifecycle handling of gnutls credentials objects
crypto: introduce a wrapper around gnutls credentials
crypto: introduce method for reloading TLS creds
crypto: reduce duplication in handling TLS priority strings
crypto: remove duplication loading x509 CA cert
crypto: shorten the endpoint == server check in TLS creds
crypto: move release of DH parameters into TLS creds parent
crypto: remove needless indirection via parent_obj field
crypto: use g_autofree when loading x509 credentials
crypto: move check for TLS creds 'dir' property
crypto: remove redundant access() checks before loading certs
crypto: replace stat() with access() for credential checks
crypto: add missing free of certs array
...
Signed-off-by: Richard Henderson <[email protected]>
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
