2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: tests: added missing file

2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: bumped version

2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2017-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-03  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore: gitignore: update Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-03  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore: gitignore: sort() Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk: added error checking in the
	stream reading functions This addresses an out of memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/data/openpgp-invalid4.pub,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers an out of memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/pubkey.c: opencdk: cdk_pk_get_keyid: fix stack
	overflow Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk: read_attribute: added more
	precise checks when reading stream That addresses heap read overflows found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/openpgp-cert-parser: tests: openpgp-cert-parser:
	simplified

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key: avoid
	division by zero when salt_size = 0 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: gnutls_x509_ext_import_policies: fixed memory
	leak on error path Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added test case with invalid X.509 cert This triggers a memory leak. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added test case with invalid X.509 cert Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509 output: fixed memory leak in AIA extension
	printing Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: proc_server_kx: eliminated leak on error
	path Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am: tests: do not run key-tests under
	leak sanitizer The reason is that we cannot distinguish between a memory leak on
	application failure (which is followed by exit- thus should be
	ignored) and an address sanitizer issue (which should never be
	ignored).  As such we disable leak detection with asan and rely on
	valgrind.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/illegal-rsa: tests: illegal-rsa: don't hide stderr

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: _gnutls_x509_get_signature: fix memory leak on
	error path

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added test case with invalid X.509
	certificate This certificate causes a memory leak while printing.  Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280 Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: address leak in print_altname - cert
	printing

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added certificate to reproduce memory
	leak Found by oss-fuzz project:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 Relates #156

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: status_request: eliminated leak on error
	path Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitmodules: submodules: use the github mirror of openssl

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa.c: auth rsa: eliminated memory leak on pkcs-1
	formatting attack path Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/valgrind-tests.m4, gl/override/m4/valgrind-tests.m4.diff: 
	valgrind: use different exit code to signify error This allows the test suite to differentiate between valgrind and
	expected errors from tools.

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am: tests: cert-tests: force asan to
	return an error code other than one on failure

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: gnutls_pkcs8_info: addressed memory leak
	on error path

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: pkcs8_info_int: fix memory leak

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/mpi.c: wrap_nettle_mpi_modm: bail on a modulus that is
	zero Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/key-invalid: tests:
	added test for invalid private keys Also force asan to return an error code other than one (the normally
	expected for invalid keys).

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/pkcs8-invalid: tests:
	added test case with invalid PKCS#8 data Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363 Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: pkcs7 decrypt: require a valid IV size on
	all ciphers That is, do not accept the IV size present in the structure as valid
	without checking.  Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: don't print PKCS#8 information when
	outputting DER data

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: pkcs8: pkcs8_key_info() will correctly
	detect non-encrypted files

2017-01-01  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/data/subpkt-leak.pub,
	tests/cert-tests/openpgp-cert-parser: Corrected a leak in OpenPGP
	sub-packet parsing.  Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2016-12-30  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/openpgp-cert-parser: 
	Attempt to fix a leak in OpenPGP cert parsing.

2016-12-26  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/Makefile.am,
	tests/cert-tests/data/truncated.pub,
	tests/cert-tests/openpgp-cert-parser: Do not infinite loop if an EOF
	occurs while skipping a PGP packet Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/gnutls.texi: doc: fixed copyright date in gnutls.texi

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/random.c: gnutls_rnd: document the available values of level
	[ci skip] This enables using the function by only checking the man page.

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: enable all the
	ciphersuite in openssl cli for DSS checks

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: don't check against
	3DES if disabled in openssl

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: do not pass the
	-dhparams to openssl 1.1.0; it doesn't work

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/params.dh: tests: simplified DH params format Also switch to RFC7919 DH params.

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-common,
	tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: added common variable
	for DH parameters

2016-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-common: tests: fixed paths in compat tests

2016-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: better termination
	checking in compat tests This ensures that the exit code of all spawned processes is checked.

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: improved error reporting on file error

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: changed buildroot to fedora25

2016-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: properly report unencrypted PKCS#8 keys
	in --p8-info

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/priority.c: configure: introduced
	--with-priority-string option This allows specifying the priority string to be used with
	gnutls_set_default_priority() on configure time.

2016-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auto-verify.c, lib/gnutls_int.h, lib/priority.c: priorities:
	reset the profile flags when appending new flags That is, to avoid causing issues to applications calling
	gnutls_*priority_set() multiple times with different parameters. In
	that case if multiple profiles are used the outcome could be
	undefined. Now, the last call will prevail.

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auto-verify.c: gnutls_session_set_verify_cert: doc update

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/priority.c: Revert "priorities: set the additional verify
	flags instead of appending them" This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 6c22fa8349384267e7c2ab99edea8bd43420e823 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Mon Dec 19 11:09:41 2016
	+0000

2016-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 82f132aa61edf1e663b005f8305b8e82dd028fab Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Fri Dec 16 16:19:29 2016
	+0000

2016-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 3debe362faa62e5b381b880e3ba23aee07c85f6e Author:
	Alexander Kanavin <alex.kanavin@gmail.com> Date:   Wed Dec 14
	17:42:45 2016 +0200

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: _gnutls_pkcs_raw_decrypt_data: merge all
	errors during decryption to GNUTLS_E_DECRYPTION_FAILED This makes the function's return values simpler to handle.

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: bumped version and doc update [ci skip]

2016-12-14  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* configure.ac: configure.ac: remove autogen'erated files only if
	necessary Currently autogen'erated files will be removed on each call to
	configure. However this would break the build if one of previous
	make invocations have created corresponding stamp files.  Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs8-key-decode-encrypted.c,
	tests/pkcs8-key-decode.c: tests: added test for PKCS#8 encrypted key
	decoding This also verifies that the return value when attempting to decrypt
	without a password is GNUTLS_E_DECRYPTION_FAILED.

2016-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: pkcs8: ensure that the correct error
	code is returned on decryption failure

2016-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update [ci skip]

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc: updated to documentation of certtool
	[ci skip] This corrects options which incorrectly mentioned they support URLs.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/verify-high.c,
	lib/x509/verify-high2.c: x509: better documented
	gnutls_trust_list_flags_t

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: disable ASAN leak checks on suite
	tests These detect memory leaks in the tools in src/ which are not
	critical nor there is serious reason to address.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am: tests: disable ASAN leak checks on
	certificate tests These detect memory leaks in the tools in src/ which are not
	critical nor there is serious reason to address.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c: tests: enhanced long-session-id test This ensures that no leaks exist during exit (to avoid asan
	failures), and that we test for the specific error code that
	gnutls_handshake() is expected to return.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake.c: handshake: return GNUTLS_E_ILLEGAL_PARAMETER on
	invalid ID size This is a more sensible error code to return on invalid packet.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq-basic.c: tests: eliminate compilation warning in
	crq-basic [ci skip]

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: do not enable IDN support in
	minimal build

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure.ac: use AC_CONFIG_LINKS to copy
	autogenerated files

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.c.bak, src/certtool-args.h.bak,
	src/cli-args.c.bak, src/cli-args.h.bak, src/cli-debug-args.c.bak,
	src/cli-debug-args.h.bak, src/danetool-args.c.bak,
	src/danetool-args.h.bak, src/ocsptool-args.c.bak,
	src/ocsptool-args.h.bak, src/p11tool-args.c.bak,
	src/p11tool-args.h.bak, src/psktool-args.c.bak,
	src/psktool-args.h.bak, src/serv-args.c.bak, src/serv-args.h.bak,
	src/srptool-args.c.bak, src/srptool-args.h.bak,
	src/systemkey-args.c.bak, src/systemkey-args.h.bak,
	src/tpmtool-args.c.bak, src/tpmtool-args.h.bak: Added autogen
	pre-generated files into repository This allows building gnutls from git in systems without using
	autogen.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, configure.ac: configure: added option to enable
	maintainer mode That makes normal builds, not regenerate Makefiles or configure,
	allowing for faster CI builds on second stage.

2016-11-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, README.md, devel/README.ci-runners: 
	.gitlab-ci.yml: split the CI run into stages In addition avoid re-generating images for operating systems on
	every build and use pre-built images, which are generated in the
	gnutls-build-images sub-project. That allows for faster and more
	reliable (independent of network) CI runs.

2016-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: use local libopts on x86 This works around autogen failures on x86-64 centos7 CI hosts.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: updated documentation on
	multithreading [ci skip] Resolves #154

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: list gnutls_init_flags_t [ci skip] Suggested by Tyler Burns.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_apis.c, tests/crt_apis.c: tests: make conditional (to
	HAVE_LIBIDN) any IDN related checks This allows the test suite to successfully complete even when
	compiled without libidn.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str.h: str: do not call gnutls_assert in inline function This allows the build to succeed when compiled without libidn.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rsa-md5-collision/rsa-md5-collision.sh: tests: disable leak
	checks in rsa-md5-collision.sh

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/hostname-check-utf8.c,
	tests/hostname-check.c: tests: split and enhanced UTF-8 name checks
	from hostname-check That is, added checks to ensure that non-ASCII DNS names in
	certificates fail, and that properly encoded IDNA2003 names,
	succeed.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h,
	tests/cert_verify_inv_utf8.c, tests/utils.h: tests: added check with
	failed verification on invalid UTF-8 That is, check whether raw UTF-8 in the certificate will fail
	verification. Raw UTF-8 is prohibited by IETF PKIX (RFC5280) on a
	certificate.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-common.h: tests: updated cert with UTF8 names to
	contain proper IDNA2003 encoded names

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/email-verify.c: 
	gnutls_x509_crt_check_email type changed to unsigned This reflects the documented returned value type (bool), and allows
	the compiler to warn on accidental checks for negative value.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/email-verify.c, lib/x509/hostname-verify.c: x509: do not
	attempt to ACE encode values stored in certificates The email and hostname values are required to be in ASCII form by
	PKIX.  We instead ignore these names, if their values are outside
	the ASCII printable character set.

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: removed libintl references They are no longer shipped in the build systems.

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: tests: added missing test in dist

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/starttls.sh: tests: corrected typos in starttls.sh This allows to detect chat in most systems.

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am,
	tests/rsa-md5-collision/colliding-chain-md5-1.pem,
	tests/rsa-md5-collision/colliding-chain-md5-2.pem,
	tests/rsa-md5-collision/rsa-md5-collision.sh: tests: reduced the
	intermediate steps in rsa-md5-collision

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: break after finding the first libtspi It may happen that multiple versions are available on a system, and
	by using the first one we ensure, that we are using the 64-bit
	version on 64-bit system, instead of falling back to the 32-bit.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/keygen.c: tests: added operational -sign/verify- tests in
	keygen app This will check that a generated key is immediately usable for
	operations.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_cpy: use
	_gnutls_pk_params_copy This ensures that all fields of parameters are copied. Inspired by
	patch of Dmitry Eremin-Solenikov.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/keygen.c: tests: enhanced keygen to include check of
	gnutls_x509_privkey_cpy

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/crl_apis.c: tests: added tests for CRL
	generation APIs

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c: x509 crl: document the nextUpdate field
	limitation

2016-12-06  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* src/certtool.c, tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/template-tlsfeature.csr: Don't trash DER CRQ
	output with text data Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c: x509 crl: Allow generation of CRLs not to
	specify a nextUpdate

2016-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2016-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-overhead.c: tests: updated overhead calculation for new
	code

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/dtls.c: DTLS: more precise overhead calculation That takes into account space available due to padding, and allows
	it to be included for use in the gnutls_get_data_mtu().  Resolves #140

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dtls1-2-mtu-check.c: tests: added check
	for MTU calculation on DTLS 1.2

2016-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: src: clean all stamp files on 'make clean'

2016-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: search 64-bit paths for libtspi before
	32-bit paths That is, because 64-bit systems may have both 64-bit and 32-bit
	paths while 32-bit systems only the latter.

2016-12-03  James Bottomley <James.Bottomley@HansenPartnership.com>

	* lib/tpm.c: tpm: fix handling of keys requiring authorization There are several problems with the key handling in the tpm code.  The first, and most serious, is that we should make sure we
	understand the authorization requirements of a key *before* using
	it.  The reason for this is that the TPM has a dictionary attack
	defence and is programmed to lock up after a certain number of
	authorization failures (which can be very small).  If we try first
	without authorization, we may lock up the TPM.  The fix for this is
	to check whether authorization is required and supply it before
	using the key.  Secondly, if the key does require authorization but no password is
	supplied we should return immediately, since we know the TPM will
	give us an authorization error anyway.  Thirdly, we should unconditionally read the policy of the key rather
	than checking if a policy exists: Policies are tied to key objects,
	so if there is an old policy in s->tpm_key_policy, but we're
	creating a new key, the key it belonged to will be closed, meaning
	the policy will be invalid.  Fix this by always setting the policy
	each time we get a new key object.  Signed-off-by: James Bottomley
	<James.Bottomley@HansenPartnership.com>

2016-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/privkey.c, lib/tpm.c: In
	import_tpm_key_cb() fix the wrong password loop When calling import_tpm_key() once it initializes the key, but a
	second call fails due to the key being already initialized. Ensure
	that failure of import_tpm_key() leaves the key on a clear state.  Reported by James Bottomley <James.Bottomley@HansenPartnership.com>.

2016-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/basename-lgpl.c,
	src/gl/bind.c, src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
	src/gl/connect.c, src/gl/dirname-lgpl.c, src/gl/dirname.h,
	src/gl/dosname.h, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/flexmember.h,
	src/gl/float+.h, src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c,
	src/gl/fseeko.c, src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
	src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
	src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
	src/gl/getpeername.c, src/gl/getprogname.c, src/gl/getprogname.h,
	src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
	src/gl/inet_ntop.c, src/gl/inet_pton.c, src/gl/intprops.h,
	src/gl/itold.c, src/gl/limits.in.h, src/gl/listen.c,
	src/gl/lseek.c, src/gl/m4/00gnulib.m4,
	src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
	src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
	src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dirname.m4,
	src/gl/m4/double-slash-root.m4, src/gl/m4/dup2.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/flexmember.m4, src/gl/m4/float_h.m4, src/gl/m4/fseek.m4,
	src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4, src/gl/m4/ftell.m4,
	src/gl/m4/ftello.m4, src/gl/m4/getaddrinfo.m4,
	src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
	src/gl/m4/getprogname.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
	src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
	src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
	src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
	src/gl/m4/limits-h.m4, src/gl/m4/longlong.m4, src/gl/m4/lseek.m4,
	src/gl/m4/malloc.m4, src/gl/m4/malloca.m4, src/gl/m4/math_h.m4,
	src/gl/m4/memchr.m4, src/gl/m4/minmax.m4, src/gl/m4/mktime.m4,
	src/gl/m4/mmap-anon.m4, src/gl/m4/msvc-inval.m4,
	src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
	src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
	src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
	src/gl/m4/printf.m4, src/gl/m4/read-file.m4, src/gl/m4/realloc.m4,
	src/gl/m4/select.m4, src/gl/m4/servent.m4, src/gl/m4/setenv.m4,
	src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
	src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
	src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
	src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4, src/gl/m4/stdbool.m4,
	src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdint_h.m4,
	src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strdup.m4,
	src/gl/m4/strerror.m4, src/gl/m4/strftime.m4,
	src/gl/m4/string_h.m4, src/gl/m4/sys_select_h.m4,
	src/gl/m4/sys_socket_h.m4, src/gl/m4/sys_stat_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
	src/gl/m4/sys_uio_h.m4, src/gl/m4/time_h.m4, src/gl/m4/time_r.m4,
	src/gl/m4/time_rz.m4, src/gl/m4/timegm.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
	src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
	src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
	src/gl/minmax.h, src/gl/mktime-internal.h, src/gl/mktime.c,
	src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
	src/gl/msvc-nothrow.h, src/gl/netdb.in.h, src/gl/netinet_in.in.h,
	src/gl/parse-datetime.h, src/gl/parse-datetime.y,
	src/gl/printf-args.c, src/gl/printf-args.h, src/gl/printf-parse.c,
	src/gl/printf-parse.h, src/gl/progname.c, src/gl/progname.h,
	src/gl/read-file.c, src/gl/read-file.h, src/gl/realloc.c,
	src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
	src/gl/sendto.c, src/gl/setenv.c, src/gl/setsockopt.c,
	src/gl/shutdown.c, src/gl/signal.in.h, src/gl/size_max.h,
	src/gl/snprintf.c, src/gl/socket.c, src/gl/sockets.c,
	src/gl/sockets.h, src/gl/stdalign.in.h, src/gl/stdbool.in.h,
	src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdio-impl.h,
	src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strdup.c,
	src/gl/strerror-override.c, src/gl/strerror-override.h,
	src/gl/strerror.c, src/gl/strftime.c, src/gl/strftime.h,
	src/gl/string.in.h, src/gl/stripslash.c, src/gl/sys_select.in.h,
	src/gl/sys_socket.c, src/gl/sys_socket.in.h, src/gl/sys_stat.in.h,
	src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/sys_uio.in.h,
	src/gl/time-internal.h, src/gl/time.in.h, src/gl/time_r.c,
	src/gl/time_rz.c, src/gl/timegm.c, src/gl/timespec.h,
	src/gl/unistd.c, src/gl/unistd.in.h, src/gl/unsetenv.c,
	src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
	src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
	src/gl/xsize.h: src gl: updated

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe2html,
	build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h,
	build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
	build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
	gl/alloca.in.h, gl/getdelim.c, gl/iconv_open-aix.h,
	gl/iconv_open-hpux.h, gl/iconv_open-irix.h, gl/iconv_open-osf.h,
	gl/iconv_open-solaris.h, gl/intprops.h, gl/limits.in.h,
	gl/m4/extensions.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/iconv.m4, gl/m4/limits-h.m4, gl/m4/manywarnings.m4,
	gl/m4/printf.m4, gl/m4/secure_getenv.m4, gl/m4/stdbool.m4,
	gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/wchar_h.m4, gl/secure_getenv.c,
	gl/stdint.in.h, gl/stdlib.in.h, gl/string.in.h, gl/strverscmp.c,
	gl/sys_socket.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
	gl/tests/init.sh, gl/tests/test-iconv.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-limits-h.c,
	gl/tests/test-stdint.c, gl/tests/test-strverscmp.c,
	gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h, lib/Makefile.am,
	lib/gnutls.pc.in, maint.mk: gl: removed iconv module It is no longer used by the library.

2016-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure.ac: detect trousers library on debian

2016-12-03  Andreas Metzler <ametzler@bebt.de>

	* configure.ac: Prevent unwanted linkage to -lhogweed Specify action-if-found for AC_CHECK_LIB when checking for !SuiteB
	curves to keep autoconf from adding -lhogweed to LIBS. This caused
	linkage of e.g. openssl wrapper and C++ library to -lhogweed. The
	issue only shows up if --disable-libdane is specified, since the
	dane autoconf test resets LIBS.

2016-12-02  James Bottomley <James.Bottomley@HansenPartnership.com>

	* configure.ac: Fix inability to find libtspi (trousers) on openSUSE For distro reasons, the path on openSUSE is /lib[64]/libtspi.so.1
	which the current code doesn't find.  Fix this by having it search
	all viable system library locations (/lib /lib64 /usr/lib and
	/usr/lib/lib64) Signed-off-by: James Bottomley
	<James.Bottomley@HansenPartnership.com>

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: fixed output of pubkey

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c, lib/x509/x509_write.c: doc: document the
	fact that certificates and CRLs are unusable after generation They must be exported and re-imported if intended to be used for
	signing or verification.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c, lib/x509/x509_write.c: doc: no longer list
	SHA1 as a safe choice in X.509 signing

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: prevent-null termination of buffers
	allocated with fread_file() We do not know whether their allocated size allows for that
	additional null, and we do not need the null termination.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: gnutls_x509_crl_verify: always return zero on
	success Also document that in previous versions a positive number could be
	returned on success. Reported by Adrien Beraud.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-usage-ecdhe-rsa.c, tests/key-usage-rsa.c: tests:
	corrected space-tab issue

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tls-sig.c: Improved messages and violation handling in
	signature key usage checks This will now tolerate violations in server certificate, if
	%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/cert.c, lib/x509.c, lib/x509.h: Removed
	redundant certificate key usage checks.  There were redundant checks when a certificate was obtained, as well
	as prior to performing operations with certificates/pubkeys.  Kept
	the checks prior to operations.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/publickey.c, lib/cert.c,
	lib/handshake.c: _gnutls_map_pk_get_pk -> _gnutls_map_kx_get_pk

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: gnutls_kx_get: allow calling the function during
	handshake Previous this function would return garbage during handshake,
	because parameters were not considered established, however there
	are valid uses of this function during it. For that reason this
	function is modified to return a correct value even during handshake
	(after a hello is being exchanged).

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: _gnutls_check_key_usage: check for invalid key
	exchange algorithm Reported by Dmitry Eremin-Solenikov.

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/key-usage-ecdhe-rsa.c,
	tests/{key-usage.c => key-usage-rsa.c}: tests: added checks on
	signature key usage violations

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added docker tag on mingw builds That ensures that these builds are done on the gitlab.com runners
	which run as privileged containers (and thus have access to mount).

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: privkey: set the key parameters algorithm
	prior to returning success

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/key_decode.c: When decoding a public key ensure that
	algorithm is written in the params struct Reported by Dmitry Eremin-Solenikov.

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: cfg.mk: disable checks for public submodule updates in CI

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: do not require update to
	/proc/sys/fs/binfmt_misc to succeed In some CI systems, it is not possible to write to this filesystem,
	and they already have the wine executable registered. In the case we
	cannot write proceed to running the check and hope for the best.

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rsa-md5-collision/rsa-md5-collision.sh: tests: use datefudge
	in rsa-md5-collision check This makes sure that any failure detected is not because of expired
	certificates, but because of MD5 being disabled.

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, src/Makefile.am: tools: use stamp files to allow
	parallel build of autogen files Autogen seems to output on the creates files gradually, something
	that makes 'make' believe that the command is complete prior to the
	output file being fully populated. The current approach uses stamp
	files to ensure that no incomplete files are used for compilation.

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* guile/tests/priorities.scm: guile: do not use +COMP-DEFLATE in
	priorities test This allows the test to work even in the cases where gnutls is
	compiled without zlib support.

2016-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, cfg.mk: moved all syntax check exceptions in
	cfg.mk

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added zlib dependency

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: fixed artifacts paths for Debian
	build

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-unicode.c: tests: str-unicode: check whether exceptions
	are tolerated on decryption

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-unicode.c: tests: added exception and join control
	characters in str-unicode

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/unictype/pr_join_control.c,
	lib/unistring/unictype/pr_join_control.h: unistring: added
	property-join-control

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/unictype/pr_default_ignorable_code_point.c,
	lib/unistring/unictype/pr_default_ignorable_code_point.h,
	lib/unistring/unictype/pr_not_a_character.c,
	lib/unistring/unictype/pr_not_a_character.h: unistring: added
	default_ignorable_code_point and not_a_character tests

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/uninorm/compat-decomposition.c,
	lib/unistring/uninorm/decomposition.c,
	lib/unistring/uninorm/nfkc.c, lib/unistring/uninorm/nfkd.c: 
	unistring: added NFKC normalization

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/unicase/special-casing-table.h,
	lib/unistring/unictype/categ_C.c, lib/unistring/unictype/categ_C.h,
	lib/unistring/unictype/categ_Cc.c,
	lib/unistring/unictype/categ_Cc.h,
	lib/unistring/unictype/categ_Cf.c,
	lib/unistring/unictype/categ_Cf.h,
	lib/unistring/unictype/categ_Cn.c,
	lib/unistring/unictype/categ_Cn.h,
	lib/unistring/unictype/categ_Co.c,
	lib/unistring/unictype/categ_Co.h,
	lib/unistring/unictype/categ_Cs.c,
	lib/unistring/unictype/categ_Cs.h,
	lib/unistring/unictype/categ_L.c, lib/unistring/unictype/categ_L.h,
	lib/unistring/unictype/categ_LC.c,
	lib/unistring/unictype/categ_LC.h,
	lib/unistring/unictype/categ_Ll.c,
	lib/unistring/unictype/categ_Ll.h,
	lib/unistring/unictype/categ_Lm.c,
	lib/unistring/unictype/categ_Lm.h,
	lib/unistring/unictype/categ_Lo.c,
	lib/unistring/unictype/categ_Lo.h,
	lib/unistring/unictype/categ_Lt.c,
	lib/unistring/unictype/categ_Lt.h,
	lib/unistring/unictype/categ_Lu.c,
	lib/unistring/unictype/categ_Lu.h,
	lib/unistring/unictype/categ_M.c, lib/unistring/unictype/categ_M.h,
	lib/unistring/unictype/categ_Mc.c,
	lib/unistring/unictype/categ_Mc.h,
	lib/unistring/unictype/categ_Me.c,
	lib/unistring/unictype/categ_Me.h,
	lib/unistring/unictype/categ_Mn.c,
	lib/unistring/unictype/categ_Mn.h,
	lib/unistring/unictype/categ_N.c, lib/unistring/unictype/categ_N.h,
	lib/unistring/unictype/categ_Nd.c,
	lib/unistring/unictype/categ_Nd.h,
	lib/unistring/unictype/categ_Nl.c,
	lib/unistring/unictype/categ_Nl.h,
	lib/unistring/unictype/categ_No.c,
	lib/unistring/unictype/categ_No.h,
	lib/unistring/unictype/categ_P.c, lib/unistring/unictype/categ_P.h,
	lib/unistring/unictype/categ_Pc.c,
	lib/unistring/unictype/categ_Pc.h,
	lib/unistring/unictype/categ_Pd.c,
	lib/unistring/unictype/categ_Pd.h,
	lib/unistring/unictype/categ_Pe.c,
	lib/unistring/unictype/categ_Pe.h,
	lib/unistring/unictype/categ_Pf.c,
	lib/unistring/unictype/categ_Pf.h,
	lib/unistring/unictype/categ_Pi.c,
	lib/unistring/unictype/categ_Pi.h,
	lib/unistring/unictype/categ_Po.c,
	lib/unistring/unictype/categ_Po.h,
	lib/unistring/unictype/categ_Ps.c,
	lib/unistring/unictype/categ_Ps.h,
	lib/unistring/unictype/categ_S.c, lib/unistring/unictype/categ_S.h,
	lib/unistring/unictype/categ_Sc.c,
	lib/unistring/unictype/categ_Sc.h,
	lib/unistring/unictype/categ_Sk.c,
	lib/unistring/unictype/categ_Sk.h,
	lib/unistring/unictype/categ_Sm.c,
	lib/unistring/unictype/categ_Sm.h,
	lib/unistring/unictype/categ_So.c,
	lib/unistring/unictype/categ_So.h,
	lib/unistring/unictype/categ_Z.c, lib/unistring/unictype/categ_Z.h,
	lib/unistring/unictype/categ_Zl.c,
	lib/unistring/unictype/categ_Zl.h,
	lib/unistring/unictype/categ_Zp.c,
	lib/unistring/unictype/categ_Zp.h,
	lib/unistring/unictype/categ_and.c,
