Accepting request 84235 from Base:System

Update to 3.0.3 -- fix some crashes in telepathy (forwarded request 83992 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/84235
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=35

gnutls.changes

@@ -1,3 +1,73 @@
+-------------------------------------------------------------------
+Tue Sep 20 16:03:50 UTC 2011 - vuntz@opensuse.org
+
+- Update to version 3.0.3:
+  + libgnutls:
+    - Added gnutls_record_get_discarded() to return the number of
+      discarded records in a DTLS session.
+    - All functions related to RSA-EXPORT were deprecated.
+    - Memory leak fixes in credentials private key
+      deinitialization.
+    - Memory leak fixes in ECC ciphersuites.
+    - Do not send an empty extension structure in server hello.
+      This affected old implementations that do not support
+      extensions.
+    - Allow CA importing of 0 certificates to succeed.
+    - Added support for VIA padlock AES optimizations. (disabled by
+      default)
+    - Added support for elliptic curves in PKCS #11.
+    - Added gnutls_pkcs11_privkey_generate() to allow generating a
+      key in a token.
+    - gnutls_transport_set_lowat dummy macro was removed.
+  + p11tool: Added generate-rsa, generate-dsa and generate-ecc
+    options to allow generating private keys in the token.
+- Changes from version 3.0.2:
+  + libgnutls:
+    - OpenPGP certificate type is not enabled by default.
+    - Added %NO_EXTENSIONS priority string.
+    - Corrected issue in gnutls_record_recv() triggered on
+      encryption or compression error.
+    - Compatibility fixes in CPU ID detection for i386 and old GCC.
+    - Corrected parsing of XMPP subject alternative names.
+    - Allow for out-of-order ChangeCipherSpec message in DTLS.
+    - gnutls_certificate_set_x509_key() and
+      gnutls_certificate_set_openpgp_key() operate as in 2.10.x and
+      allow the release of the private key during the lifetime of
+      the certificate structure.
+  + gnutls-cli: Benchmark applications were incorporated with it.
+- Changes from version 3.0.1:
+  + libgnutls:
+    - gnutls_certificate_set_x509_key_file() and friends support
+      server name indication. If multiple certificates are set
+      using these functions the proper one will be selected during
+      a handshake.
+    - Added AES-256-GCM which was left out from the previous
+      release.
+    - When asking for a PKCS# 11 PIN multiple times, the flags in
+      the callback were not being updated to reflect for PIN low
+      count or final try.
+    - Do not allow second instances of PKCS #11 modules.
+    - Fixed alignment issue in AES-NI code.
+    - The config file at gnutls_pkcs11_init() is being read if
+      provided.
+    - Ensure that a certificate list specified using
+      gnutls_certificate_set_x509_key() and friends, is sorted
+      according to TLS specification (from subject to issuer).
+    - Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
+      gnutls_x509_crt_list_import. It checks whether the list to be
+      imported is properly sorted.
+  + crywrap: Added to the distribution. It is an application that
+    proxies TLS session to a port using a plaintext service.
+  + Many GTK-DOC improvements.
+  + Updated translations.
+- Drop 0001-Included-appro-s-updates-to-AES-NI.patch,
+  0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch,
+  0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch,
+  0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch: all fixed
+  upstream.
+- Drop call to autoreconf: it was only needed for the patches.
+- Add libidn-devel BuildRequires for the new crywrap tool.
+
 -------------------------------------------------------------------
 Mon Aug 29 08:00:03 UTC 2011 - coolo@novell.com