configure.ac | 3 3 + 0 - 0 !
lib/global.c | 2 1 + 1 - 0 !
lib/str.h | 2 1 + 1 - 0 !
libdane/errors.c | 2 1 + 1 - 0 !
po/Makevars | 2 1 + 1 - 0 !
5 files changed, 7 insertions(+), 4 deletions(-)

 version filename of locale data (gnutls30.mo instead of
 gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
 co-installable.

guile/src/Makefile.am | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 work around guile-snarf hardcoding the at-build default compiler
 which breaks when it changes ion Debian.

src/serv.c | 6 1 + 5 - 0 !
1 file changed, 1 insertion(+), 5 deletions(-)

 fix testsuite errors on ipv6 only hosts
 Do not set AI_ADDRCONFIG flag on getaddrinfo since it breaks the
 testsuite on hosts with no IPv4 addresses except for the loopback interface.
 With that flag present gnutls-Serv would on listen on IPv6 interfaces, but
 the testsuite talks to 127.0.0.1.

lib/handshake.c | 5 4 + 1 - 0 !
tests/tls13/prf-early.c | 8 4 + 4 - 0 !
tests/tls13/prf.c | 8 4 + 4 - 0 !
tests/tlsext-decoding.c | 14 10 + 4 - 0 !
4 files changed, 22 insertions(+), 13 deletions(-)

 [patch 1/6] fix non-empty session id (tls13_appendix_d4)

When TLS1.3 is used with middlebox compatible mode, the session id should be filled with random session id,
but remained empty.

Signed-off-by: Norbert Pocs <npocs@redhat.com>

Closes #1074

tests/tpmtool_test.sh | 37 27 + 10 - 0 !
1 file changed, 27 insertions(+), 10 deletions(-)

 [patch 2/6] tests: fix tpmtool_test due to changes in trousers

Recent changes to trousers now require an ownership of root:tss for
the tcsd config file, older ones requires tss:tss. So, start tcsd
using trial and error with either one of these ownership configurations
until one works.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

tests/testpkcs11.sh | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 [patch 3/6] testpkcs11: use datefudge to trick certificate expiry

The certificates stored in tests/testpkcs11-certs expired on
2020-12-13.  To avoid verification failure due to that, use datefudge
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.

Based on the patch by Andreas Metzler:
https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121

Signed-off-by: Daiki Ueno <ueno@gnu.org>

extra/Makefile.am | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 5/6] libgnutls-openssl: clean up list of exported symbols

Signed-off-by: Andreas Metzler <ametzler@bebt.de>

lib/algorithms/ciphersuites.c | 2 1 + 1 - 0 !
lib/priority.c | 26 13 + 13 - 0 !
2 files changed, 14 insertions(+), 14 deletions(-)

 [patch 6/6] fix a common typo of gnutls_priority_t.

Signed-off-by: Sadie Powell <sadie@witchery.services>

lib/x509/verify-high.c | 157 135 + 22 - 0 !
tests/missingissuer.c | 2 2 + 0 - 0 !
tests/test-chains-issuer.h | 82 81 + 1 - 0 !
3 files changed, 218 insertions(+), 23 deletions(-)

 [patch] gnutls_x509_trust_list_verify_crt2: ignore duplicate
 certificates

The commit ebb19db9165fed30d73c83bab1b1b8740c132dfd caused a
regression, where duplicate certificates in a certificate chain are no
longer ignored but treated as a non-contiguous segment and that
results in calling the issuer callback, or a verification failure.

This adds a mechanism to record certificates already seen in the
chain, and skip them while still allow the caller to inject missing
certificates.

Signed-off-by: Daiki Ueno <ueno@gnu.org>