On Fri, Oct 31, 2025 at 03:32:51PM +0400, Marc-André Lureau wrote: > Hi > > On Thu, Oct 30, 2025 at 6:50 PM Daniel P. Berrangé <[email protected]> > wrote: > > > GNUTLS has deprecated use of externally provided diffie-hellman > > parameters, since it will automatically negotiate DH params in > > accordance with RFC7919. > > > > The doc says: > Since 3.6.0, DH parameters are negotiated following RFC7919. > > But QEMU doesn't require >= 3.6. Add a preliminary patch?
Oh whoops. I mis-read the meson.build rules. Our gnutls bump to 3.5.18 was done in: commit d4c7ee330cd0ca05cc0c026f845af6711e37b0f7 Author: Daniel P. Berrangé <[email protected]> Date: Fri May 14 13:04:09 2021 +0100 crypto: bump min gnutls to 3.5.18, dropping RHEL-7 support It has been over two years since RHEL-8 was released, and thus per the platform build policy, we no longer need to support RHEL-7 as a build target. This lets us increment the minimum required gnutls version Per repology, current shipping versions are: RHEL-8: 3.6.14 Debian Buster: 3.6.7 openSUSE Leap 15.2: 3.6.7 Ubuntu LTS 18.04: 3.5.18 Ubuntu LTS 20.04: 3.6.13 FreeBSD: 3.6.15 Fedora 33: 3.6.16 Fedora 34: 3.7.1 OpenBSD: 3.6.15 macOS HomeBrew: 3.6.15 the only one not already on 3.6 was Ubuntu 18.04 and that is long outside our support matrix. IOW we can easily assume at least 3.6 these days and this patch is safe on that basis. I'll prepare another standalone patch to explicit increase the min version though. Can probably bump gcrypt & nettle min versions too. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
