Changelog for libgnutls26-2.10.3-9.1.x86_64.rpm :
Sat Apr 24 14:00:00 2010
- buildrequire pkg-config to fix provides

Thu Apr 15 14:00:00 2010
- updated to stable 2.8.6

* libgnutls: For CSRs, don\'t null pad integers for RSA/DSA value.
VeriSign rejected CSRs with this padding.
Note: As a side effect of this change, the \"public key identifier\"
value computed for a certificate using this version of GnuTLS will be
different from values computed using earlier versions of GnuTLS.

* libgnutls: For CSRs on DSA keys, don\'t add DSA parameters to the
optional SignatureAlgorithm parameter field.
VeriSign rejected these CSRs. They are stricly speaking not needed
since you need the signer\'s certificate to verify the certificate
signature anyway.

* libgnutls: When checking openpgp self signature also check the signatures
of all subkeys.
Ilari Liusvaara noticed and reported the issue and provided test
vectors as well.

* libgnutls: Cleanups and several bug fixes.
Found by Steve Grubb and Tomas Mraz.

* Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.

* Fix --disable-valgrind-tests.

* examples: Use the new APIs for printing X.509 certificate information.

* i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese
translations. Added Simplified Chinese translation.

Tue Apr 6 14:00:00 2010
- use system libtasn1 instead of the bundled copy

Thu Feb 4 13:00:00 2010
- some build fixes.

Thu Feb 4 13:00:00 2010
- updated to stable 2.8.5

Fri Dec 25 13:00:00 2009
- add baselibs.conf as a source
- enable parallel building

Wed Sep 2 14:00:00 2009
- update to lastest stable version 2.8.3

Fri Mar 13 13:00:00 2009
- fix security bug [bnc#457938]
new CVE-2008-4989

Wed Dec 10 13:00:00 2008
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade

Fri Nov 28 13:00:00 2008
- fix security bug [bnc#441856]

Thu Oct 30 13:00:00 2008
- obsolete old -XXbit packages (bnc#437293)

Sat Aug 2 14:00:00 2008
- run testsuite

Thu Jul 17 14:00:00 2008
- update to version 2.4.1

* libgnutls: Fix local crash in gnutls_handshake

* libgnutls: Fix memory leaks when doing a re-handshake

* Fix compiler warnings

* Fix ordering of -I\'s to avoid opencdk.h conflict with
system headers

* srptool: Fix a problem where --verify check does not succeed
- remove C++ wrapper lib, it is not usable without SRP
- remove patch

Wed Jul 2 14:00:00 2008
- remove gnutls main package from baselibs.conf

Thu Jun 26 14:00:00 2008
- update to version 2.4.0

* The OpenPGP sub-system has been improved and now supports subkeys

* The PSK sub-system has been improved and now supports password
derivation and PSK identity hints

* The certtool --inder and --outder has been replaced
by --inraw and --outraw

* New APIs to access the raw X.509 Subject and Issuer DN\'s and
elements from the certificate credentials structure

* New APIs to improve working with username/passwords and PSK

* Names of constants to affect certificate printing changed

* The function gnutls_openpgp_privkey_get_id has been renamed to

* API/ABI changes in GnuTLS 2.4
All OpenPGP related functions have been moved from
libgnutls-extra to libgnutls, and several new functions have
been added
- remove SRP functionality from C++ wrapper, otherwise it cannot
be linked against it
- removed patches

Mon Jun 23 14:00:00 2008
- disable SRP [bnc#65192]

Wed May 21 14:00:00 2008
- fix three security bugs [bnc#392947]
CVE-2008-1948 GNUTLS-SA-2008-1-1
Fix crash when sending invalid server name
CVE-2008-1949 GNUTLS-SA-2008-1-2
Fix crash when sending repeated client hellos
CVE-2008-1950 GNUTLS-SA-2008-1-3
Fix crash in cipher padding decoding for invalid record lengths

Thu May 8 14:00:00 2008
- fix build

Tue Apr 29 14:00:00 2008
- obsolete gnutls- via baselibs.conf

Thu Apr 10 14:00:00 2008
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Apr 3 14:00:00 2008
- update to version 2.2.2

* Cipher priority string handling now handle strings that
starts with NULL

* Corrected memory leaks in session resuming and DHE ciphersuites

* Increased the default certificate verification chain limits and
allowed for checks without limitation

* Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate
binary strings and return the proper size

Thu Jan 31 13:00:00 2008
- update to version 2.2.1

* Fixes the post_client_hello_function()

* Fix for certificate selection in servers with certificate callbacks

* certtool: Fixed data corruption when using --outder

* TLS authorization support removed.

* Corrected bug which did not allow a server to run without
supporting certificates

* Introduced gnutls_session_enable_compatibility_mode()

* Added gnutls_record_disable_padding() to allow servers talking to
buggy clients

* Fixed PKCS #3 parameter export

* Added support for Camellia cipher

* certtool: Add option --quick-random

* Added capability to set a callback after the client hello is
received by the server in order to adjust parameters before
the handshake

* certtool: Fixed data corruption when using --outder

* SRP was corrected to adhere to the latest draft

* Updated the DN parser

* Added support for DSA2 using libgcrypt 1.3.0

* Removed all the trustdb code from openpgp authentication.
We now use only the well-specified keyrings

* The gnutls_certificate_set_openpgp_
* functions were modified
to include the format. This makes the interface consistent with
the x509 functions

* Introduced gnutls_session_enable_compatibility_mode()

* Added gnutls_set_default_priority2()

* Added priority functions that accept strings

* certtool: Add option --disable-quick-random to enable the
old behaviour of using /dev/random to generate keys

* Added the --v1 option to certtool, to allow generating X.509
version 1 certificates

* Fix PKCS#3 parameter export problem


* gnutls_certificate_set_x509_key_
* can now read PKCS #8 unencrypted
private keys

* Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code

* Added the --to-p8 option to certtool to convert private keys
to PKCS #8 keys

* Corrected bug in decompression of expanded compression data

* The gnutls_
*_convert_priority() functions were deprecated

* gnutls-cli and gnutls-serv now have a --priority option

* PKCS #8 parser can now encode/decode DSA keys

* Corrected a segfault when setting an empty gnutls_priority_t
at gnutls_priority_set()

* Added gnutls_x509_crt_get_subject_alt_name2()

* The GPL version has been changed from version 2 to version 3.
This affects the self-tests, command-line tools, the libgnutls-extra
library, the relevant guile parts, and the build environment
- API and ABI modifications, library soname switch from 13 to 26
- change package structure:

* branch off libgnutls-extra
since this is now GPLv3 or later while libgnutls remains
LGPLv2.1 or later

* gnutls license change to GPLv3
- build without lzo support to avoid license problems
since lzo is currently GPLv2 only
- removed merged patches:

Tue Oct 23 14:00:00 2007
- update to version 2.0.1
- change package layout to conform shlib policy:
rename gnutls-devel -> libgnutls-devel
new subpackage libgnutls13
- removed patches:

Thu Aug 30 14:00:00 2007
- fix srptool [#208227]
- fix some compiler warnings

Fri Aug 3 14:00:00 2007
- Some additions for evolution smart card support

Thu May 10 14:00:00 2007
- Fix segfault on s390x [#97441]

Tue Jan 23 13:00:00 2007
- update to new stable branch 1.6.1:

* Fix the list of trusted CAs that server\'s send to clients.

* Fix gnutls_certificate_set_x509_crl to initialize the CRL
before using it.

* Encode UID fields in DN\'s as DirectoryString.

* Fix ./configure failure with non-GCC compilers.

* A GnuTLS C++ library is part of the official distribution.

* New APIs for custom push/pull function error reporting.

Tue Oct 24 14:00:00 2006
- move developer related docs to devel package and remove
binary stuff from docs [#212454]

Tue Sep 19 14:00:00 2006
- update to version 1.4.4:

* bugfix release

* fixes security vulnerability [#206636] (CVE-2006-4790)

Thu Aug 31 14:00:00 2006
- update to new stable branch 1.4.1:

* The command line tools now use getaddrinfo and support IPv6.

* gnutls-cli can now recognize services and port numbers with
the -p option.

* Error messages are now translated using GNU Gettext.

* GnuTLS now support TLS Inner application (TLS/IA).

* API and ABI modifications:
+ Support for DHE-PSK cipher suites has been added.
+ Removed the RIPEMD ciphersuites.
+ Remove GnuTLS 0.8.x compatibility functions.
+ Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have
been added.
+ Certtool now generate keys in unencrypted PKCS#8 format for
empty passwords.
+ Certtool now accept --password for --key-info and encrypted
PKCS#8 keys.
+ gnutls_x509_privkey_import_pkcs8 now accept unencrypted
PEM PKCS#8 keys,
+ New function to set a X.509 private key and certificate
pairs, and/or CRLs, from an PKCS#12 file.
+ New APIs to acceess the client and server random fields in
a session.
+ New APIs to access the TLS Pseudo-Random-Function (PRF).
+ New API to access the TLS master secret.
+ The function gnutls_x509_crt_to_xml now return an internal

* Several bugfixes:
+ Corrected a bug in certtool for 64 bit machines.
+ Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly.
+ Fix crash in TLS resume code, caused by TLS/IA changes.
+ Corrected bugs in gnutls_certificate_set_x509_crl() and
+ Fixed bug in non-blocking gnutls_bye().
+ Fix read of out bounds bug in DER parser.
+ Fixed bug in OpenPGP authentication handshake.