The following changes since commit 53b41bb78950912ba2d9809eef6b45e4df30c647:

  Merge tag 'pull-target-arm-20251031' of https://gitlab.com/pm215/qemu into staging (2025-11-01 10:52:48 +0100)

are available in the Git repository at:

  https://gitlab.com/berrange/qemu tags/next-pr-pull-request

for you to fetch changes up to 2aaca8c6d22b18786ceff51189704113d0639590:

  docs: creation of x509 certs compliant with post-quantum crypto (2025-11-03 10:45:55 +0000)

----------------------------------------------------------------
Merge crypto and other misc fixes / features

 * Increase minimum gnutls to 3.7.5
 * Increase minimum libgcrypt to 1.9.4
 * Increase minimum nettle to 3.7.3
 * Drop obsolete in-tree XTS impl
 * Fix memory leak when loading certificates
 * Remove/reduce duplication when loading certifcates
 * Fix possible crash when certificates are unloaded
   while an active TLS connection is using when in a
   TLS handshake operation
 * Deprecate use of dh-params.pem file
 * Document how to create certificates with Post-Quantum
   Cryptography compliant algorithms.
 * Support loading multiple certificate identities to
   allow support for Post-Quantum crypto in parallel
   with traditional RSA/ECC
 * Add "-run-with exit-with-parent=on" parameter
 * Flush pending errors when seeing ENOBUFS with
   a zero-copy send attempt
 * Fix data buffer parameters in hash & IO channel APIs
   to use 'void *'

----------------------------------------------------------------

Daniel P. Berrangé (26):
  crypto: bump min gnutls to 3.7.5
  crypto: unconditionally enable gnutls XTS support
  crypto: bump min libgcrypt to 1.9.4
  crypto: bump min nettle to 3.7.3
  crypto: drop in-tree XTS cipher mode impl
  crypto: remove redundant parameter checking CA certs
  crypto: add missing free of certs array
  crypto: replace stat() with access() for credential checks
  crypto: remove redundant access() checks before loading certs
  crypto: move check for TLS creds 'dir' property
  crypto: use g_autofree when loading x509 credentials
  crypto: remove needless indirection via parent_obj field
  crypto: move release of DH parameters into TLS creds parent
  crypto: shorten the endpoint == server check in TLS creds
  crypto: remove duplication loading x509 CA cert
  crypto: reduce duplication in handling TLS priority strings
  crypto: introduce method for reloading TLS creds
  crypto: introduce a wrapper around gnutls credentials
  crypto: fix lifecycle handling of gnutls credentials objects
  crypto: make TLS credentials structs private
  crypto: deprecate use of external dh-params.pem file
  crypto: avoid loading the CA certs twice
  crypto: avoid loading the identity certs twice
  crypto: expand logic to cope with multiple certificate identities
  crypto: support upto 5 parallel certificate identities
  docs: creation of x509 certs compliant with post-quantum crypto

Manish Mishra (1):
  io: flush zerocopy socket error queue on sendmsg failure due to ENOBUF

Philippe Mathieu-Daudé (2):
  crypto/hash: Have hashing functions take void * buffer argument
  io/channel: Have read/write functions take void * buffer argument

Richard W.M. Jones (2):
  Implement -run-with exit-with-parent=on
  tests/qtest: Use exit-with-parent=on in qtest invocations

Tejus GK (1):
  io: add a "blocking" field to QIOChannelSocket

 crypto/cipher-gnutls.c.inc            |   8 -
 crypto/cipher-nettle.c.inc            |  44 --
 crypto/cipher.c                       |   2 +-
 crypto/hash.c                         |  16 +-
 crypto/hmac.c                         |   8 +-
 crypto/meson.build                    |  10 +-
 crypto/tlscreds.c                     |  79 ++--
 crypto/tlscredsanon.c                 |  64 +--
 crypto/tlscredsbox.c                  | 101 +++++
 crypto/tlscredsbox.h                  |  50 +++
 crypto/tlscredspriv.h                 |  36 +-
 crypto/tlscredspsk.c                  |  64 ++-
 crypto/tlscredsx509.c                 | 593 +++++++++++++++++---------
 crypto/tlssession.c                   | 139 ++----
 crypto/trace-events                   |   1 +
 crypto/xts.c                          | 250 -----------
 docs/about/deprecated.rst             |   9 +
 docs/system/tls.rst                   | 134 +++++-
 include/crypto/hash.h                 |   8 +-
 include/crypto/hmac.h                 |   4 +-
 include/crypto/tlscreds.h             |  26 ++
 include/crypto/tlscredsx509.h         |   6 +
 include/crypto/tlssession.h           |   4 +-
 include/crypto/xts.h                  |  82 ----
 include/io/channel-socket.h           |   6 +
 include/io/channel.h                  |  14 +-
 include/qemu/exit-with-parent.h       |  57 +++
 io/channel-socket.c                   |  86 +++-
 io/channel-tls.c                      |   4 +-
 io/channel.c                          |  14 +-
 meson.build                           |  69 +--
 qemu-options.hx                       |  13 +-
 system/exit-with-parent.c             | 140 ++++++
 system/meson.build                    |   1 +
 system/vl.c                           |  13 +
 tests/qtest/libqtest.c                |  22 +-
 tests/unit/meson.build                |   3 -
 tests/unit/test-crypto-block.c        |   3 +-
 tests/unit/test-crypto-tlscredsx509.c |   8 +-
 tests/unit/test-crypto-tlssession.c   |   4 +-
 tests/unit/test-crypto-xts.c          | 529 -----------------------
 ui/vnc.c                              |   9 +-
 42 files changed, 1208 insertions(+), 1525 deletions(-)
 create mode 100644 crypto/tlscredsbox.c
 create mode 100644 crypto/tlscredsbox.h
 delete mode 100644 crypto/xts.c
 delete mode 100644 include/crypto/xts.h
 create mode 100644 include/qemu/exit-with-parent.h
 create mode 100644 system/exit-with-parent.c
 delete mode 100644 tests/unit/test-crypto-xts.c

-- 
2.51.1

On 11/3/25 14:36, Daniel P. Berrangé wrote:
> The following changes since commit 53b41bb78950912ba2d9809eef6b45e4df30c647:
> 
>    Merge tag 'pull-target-arm-20251031' ofhttps://gitlab.com/pm215/qemu into staging (2025-11-01 10:52:48 +0100)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/berrange/qemu tags/next-pr-pull-request
> 
> for you to fetch changes up to 2aaca8c6d22b18786ceff51189704113d0639590:
> 
>    docs: creation of x509 certs compliant with post-quantum crypto (2025-11-03 10:45:55 +0000)
> 
> ----------------------------------------------------------------
> Merge crypto and other misc fixes / features
> 
>   * Increase minimum gnutls to 3.7.5
>   * Increase minimum libgcrypt to 1.9.4
>   * Increase minimum nettle to 3.7.3
>   * Drop obsolete in-tree XTS impl
>   * Fix memory leak when loading certificates
>   * Remove/reduce duplication when loading certifcates
>   * Fix possible crash when certificates are unloaded
>     while an active TLS connection is using when in a
>     TLS handshake operation
>   * Deprecate use of dh-params.pem file
>   * Document how to create certificates with Post-Quantum
>     Cryptography compliant algorithms.
>   * Support loading multiple certificate identities to
>     allow support for Post-Quantum crypto in parallel
>     with traditional RSA/ECC
>   * Add "-run-with exit-with-parent=on" parameter
>   * Flush pending errors when seeing ENOBUFS with
>     a zero-copy send attempt
>   * Fix data buffer parameters in hash & IO channel APIs
>     to use 'void *'


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/10.2 as appropriate.

r~