[SCM] GNU gnutls annotated tag, gnutls_2_11_7, created. gnutls_2_11_7

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=42466a154971345b53049096ac0be420c9a879f2

The annotated tag, gnutls_2_11_7 has been created
        at  42466a154971345b53049096ac0be420c9a879f2 (tag)
   tagging  27661a06352657353ccfe2e6bea98b7681bb3144 (commit)
  replaces  gnutls_2_11_6
 tagged by  Nikos Mavrogiannopoulos
        on  Wed Mar 9 20:52:29 2011 +0100

- Log -----------------------------------------------------------------
Released 2.11.7. A prerelease for 2.12.0.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAABAgAGBQJNd9p+AAoJEJ1eqvaQE7hCGfIH/jg6+rOFYIUhwvbvFH7SdtB+
ZcVdgnSpHkFodRdVKqhsQKBrmb5XvFhCzzblP8LH6Eok8cqQ0XCTxztPHG5iBVGO
UTA2/p28WafbQCmdM5Wp+7MkbyGoNc6ZMWQWinUW4HyOzW5L1TiucO8hyJO7gBzG
A8syI7RvBVYeLRD+ojQWe3vZPQydWgYkls5GQAjXqBIIFecku8n0HF2LbSHl9U7Q
cBwd4zp2OpNKGG3PAYusfcMYOD0HRtusq4K3Q04lH5GSWKrisqzk7ZKKL39SZLyu
huemFYIivzTMj8Ffo5oecQKpdPKUr0JGcb3fhje0i1s8UyDpX3TcIEAalBbrF6k=
=GlNZ
-----END PGP SIGNATURE-----

Andreas Metzler (2):
      adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to 
AC_LIB_HAVE_LINKFLAGS
      fix duplicate symbols in version script

Nikos Mavrogiannopoulos (113):
      export_raw() functions now add leading zero in mpis.
      documented previous update.
      gnutls_x509_privkey_sign_hash() is dangerous and was deprecated. Added 
some text explaining why some functions were deprecated.
      All the sign hash functions were deprecated.
      documented deprecated functions.
      Separated the sign_data functions to a hashing phase, a preparing phase, 
and the actual signing.
      Introduced gnutls_*_privkey_sign_hash2() that is a high level function to 
produce signatures.
      reorganization of the privkey_ functions().
      better comments
      pk_hash_data() will fail unless DSA or RSA are specified.
      deprecated x509/sign.h and moved functionality of it in gnutls_sig.h.
      Simplified preparation of signing code.
      added gnutls_privkey_sign_hash2()
      Added gnutls_openpgp_crt_verify_hash().
      de-deprecated gnutls_x509_crt_verify_hash()
      Added new functions.
      Added new functions.
      documented new functions
      Do not export the non-existant symbols gnutls_pkcs11_privkey_sign_hash 
and gnutls_privkey_sign_hash.
      Added gnutls_pubkey_import_privkey(), that will copy the public key from 
a gnutls_privkey_t structure.
      _gnutls_privkey_get_public_mpis() handles openpgp keys.
      Indented code. Use same indentation but with -nut to avoid usage of tabs. 
In several editors tabs can be configured not to be 8 spaces and this produces 
artifacts with the current indentation that is a mixture of tabs and spaces.
      Added gnutls_pubkey_verify_data and test vectors.
      Documented the addtion of gnutls_pubkey_import_privkey() and 
gnutls_pubkey_verify_data()
      importing a pubkey from raw params will set the bits field correctly.
      The default input format for p11tool is PEM.
      The verification functions now return a GNUTLS_E_PK_SIG_VERIFY_FAILED on 
signature verification error.
      some fixes in pk_prepare_hash().
      Corrected bug in gnutls_privkey_sign_data().
      Account for GNUTLS_E_PK_SIG_VERIFY_FAILED.
      updated certificates to account for extra null byte added in negative 
numbers.
      Removed unneeded definitions, and more careful deinitializations in 
parse_der_cert_mem().
      Do not be strict on RSA hash algorithm selection for signatures.
      Removed the newly added functions:
      gnutls_pkcs11_privkey_sign_data(), gnutls_pkcs11_privkey_sign_hash2() and
      Set public key bits on all import functions. Issue reported by Murray 
Kucheawy.
      Documented key usage of pubkey.
      gnutls_x509_privkey_verify_data() was deprecated.
      Do not include deprecated functions to library documentation.
      Use SRP for password authentication.
      Use snprintf() to print IPs. There was a check just before that, but be 
safe, just in case.
      Use snprintf() to print an integer.
      Extra sanity check.
      Renamed gnutls_privkey_sign_data() to  gnutls_privkey_sign_data2() to 
match the
      Added discussion on crypto backend for crypto libraries and /dev/crypto.
      Revert "Remove, it is generated."
      Simplified macro to snprintf() in order to prevent issues caused when 
snprintf() is a macro itself. Reported and initial patch by Camillo Lugaresi.
      gnutls_x509_crt_verify_hash: DEPRECATED
      minor fixes.
      Deprecated gnutls_x509_crq_sign2() and gnutls_x509_crq_sign() in
      deprecated gnutls_x509_crl_sign(), gnutls_x509_crl_sign2() and 
gnutls_x509_crq_get_preferred_hash_algorithm().
      depends on gnutls/x509.h to compile.
      replaced old gnutls_pk_algorithm.
      fixes in internal build with the new deprecated functions. We allow them 
to be used since they are inter-dependent.
      updated Makefile.in
      Added checks before importing keys and updated documentation.
      Reverted removal of gnutls_openpgp_privkey_sign_hash() to retain 
compatibility with 2.10.x. That function is now deprecated instead.
      CKR_CRYPTOKI_ALREADY_INITIALIZED is not treated as an error, and Finalize 
is not called in that case.
      corrected typos
      exported gnutls_x509_crl_get_raw_issuer_dn()
      better output in chain output.
      Updated references of rfc5081 to rfc6091.
      Deprecated gnutls_certificate_get_* functions.
      updated coding style.
      Add the nettle libs into gnutls.pc.
      gnutls_certificate_verify_peers is deprecated.
      Deprecated the Inner Application extension.
      Added IV to max_record_overhead.
      Removed documentation and tests related to TLS/IA.
      check the error of hash set_key.
      Corrected return message from check_recv_type().
      Several updates in signature algorithms parsing and sending to avoid 
sending invalid signature algorithms.
      deprecated the old set_priority functions.
      Moved documentation of priority strings to manual and removed information 
from manpages and function pages that now reference the manual section.
      removed GCM mode from documentation.
      Added documentation on p11tool.
      SRP and PSK are no longer set on the default priorities. They have to be 
explicitly set.
      corrected bug in reading signature algorithms for including in the 
signature algo extension.
      Modernized the test applications that now use the 
gnutls_priority_set_direct().
      In TLS 1.2 under DSS use the hash algorithm required by DSS.
      Allow DSA2 even in protocols before TLS 1.2.
      removed unused variable.
      updated openssl layer to new priority functions (untested).
      Callback function is being called in both PSK-DHE and PSK.
      Removed deprecated option such as --protocols, ciphers etc.
      fix in PSK.
      deprecated the old priority functions in C++ API.
      documented DHE-PSK fix.
      removed duplicate assignments.
      Corrected signature generation and verification
      Corrected bug in DHE-PSK in freeing username/key.
      The safe renegotiation ciphersuite is not required to be registered.
      Allow using the minus "-" in the -ALL priority strings.
      reorganization of ciphersuite discussion.
      DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1 as hash. That is we 
reverted to previous gnutls behavior. That violates DSS but all implementations 
handle it like that.
      documented gnutls_transport_set_push_function2().
      store entities as numbers to avoid issues in big-little endian machines.
      Renamed gnutls_transport_set_push_function2() to 
gnutls_transport_set_vec_push_function().
      corrected documentation of gnutls_transport_set_vec_push_function in NEWS.
      Detect fork() in the random number generator and reseed.
      updated for 2.12
      corrected finished packet check.
      updates on -ALL priorities.
      Restrict the signature algorithms we advertize to SHA1 and SHA256.
      consistently print all interactive questions to stderr. Reported by 
Daniel Kahn Gillmor.
      Allow providing no password for PKCS #12 structure generation. Reported 
by Daniel Kahn Gillmor.
      Deprecated gnutls_transport_set_lowat().
      bumped version.
      changed for 2.11.7 release.
      gnutlsxx.cpp for some reason cannot use deprecated functions. Added
      updated
      bumped version.
      updated

Simon Josefsson (31):
      Bump versions.
      Update gnulib files.
      C++ fixes, tiny patch from "Brendan Doherty" <address@hidden>.
      Add.
      Specify minimum libgcrypt version.
      Fix MD2 documentation.
      Update gnulib files.
      Fix syntax-check warnings.
      Ignore more.
      Link with -lnettle too.
      Add abstract_int.h.
      Dist gnutls-crypto-layers.*.
      Add doc/gnutls-crypto-layers.eps.
      Fix docstring of deprecated functions.
      Rename gnutls_privkey_sign_data2 to gnutls_privkey_sign_data and 
gnutls_privkey_sign_hash2 to gnutls_privkey_sign_hash.
      Fix description.
      Doc fix of new function.
      Make it build.
      Fix docstring of deprecated function.
      Fix docstrinf of new function.
      Fix typo.
      Improve text.
      Fix docstring of new function.
      Fix docstring for deprecated functions.
      Fix docstring of deprecated function.
      Drop removed functions.
      Remove dropped functions.
      Add deprecated docstring.
      Fix deprecated docstring.
      Fix docstring.
      Remove gnutls_x509_crq_get_preferred_hash_algorithm.

-----------------------------------------------------------------------


hooks/post-receive
-- 
GNU gnutls