Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.

Log message:
Changes 3.2.12:

** libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2)

** libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw
when provided with invalid data. Reported by Dmitriy Anisimkov.

** libgnutls: Corrected timeout issue in subsequent to the first
DTLS handshakes.

** libgnutls: Removed unconditional not-trusted message in
gnutls_certificate_verification_status_print() when used with
OpenPGP certificates. Reported by Michel Briand.

** libgnutls: All ciphersuites that were available in TLS1.0 or
later are now made available in SSL3.0 or later to prevent
any incompatibilities with servers that negotiate them in SSL 3.0.

** ocsptool: When verifying a response and a signer isn't provided
assume that the signer is the issuer.

** ocsptool: When sending a nonce, verify that the nonce exists
in the OCSP response.

** gnutls-cli: Added --strict-tofu option; contributed by Jens
Lechtenboerger.

** API and ABI modifications:
No changes since last version.

Log message:
update to 3.2.11
changes:
Fix bug that prevented the rejection of v1 intermediate CA certificates
(CVE-2014-1959)

Log message:
Add patch from GnuTLS repository to fix build of assembler routines
under Mac OS X. Crucial hint provided by Nikos Mavrogiannopoulos.

Log message:
Update comment:
Assembler support is still broken under Mac OS X in version 3.2.9.
Somebody should re-check Solaris as well.

Log message:
Update to 3.2.9 based on patch from Richard Palo.
Assembler issues still seem to be there at least on SunOS.

* Version 3.2.9 (released 2014-01-24)

** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.

** libgnutls: %COMPAT implies %DUMBFW.

** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.

* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.

** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.

** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html

** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.

** p11tool: Added --so-login option to force login as security
officer (admin).

** API and ABI modifications:
No changes since last version.

Log message:
Disable inline assembly on SunOS for now too.

Log message:
Disable assembler code under Mac OS X which is broken in this release.

Log message:
Update to 3.2.8.1.

Changes in 3.2.8.1:
Note, that I've realized that this release has issues with the
assembly files in win32 and macosx systems. In these systems
use gnutls 3.2.8.1.

3.2.8:

* Version 3.2.8 (released 2013-12-20)

** libgnutls: Updated code for AES-NI. That prevents an uninitialized
variable complaint from valgrind.

** libgnutls: Enforce a maximum size for DH primes.

** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy Polyakov's
code.

** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.

** libgnutls: It only links to librt if the required functions are
not present in libc. This also prevents an indirect linking to libpthread.

** libgnutls: Fixed issue with gnulib strerror replacement by adding
the strerror gnulib module.

** libgnutls: The time provided in the TLS random values is only precise
on its first 3 bytes. That prevents leakage of the precise system
time (at least on the client side when only few connections are
done on a single server).

** certtool: The --verify option will use the system CAs if the
load-ca-certificate option is not provided.

** configure: Added option --with-default-blacklist-file to allow
specifying a certificate blacklist file.

** configure: Added --disable-non-suiteb-curves option. This option
restricts the supported curves to SuiteB curves.

** API and ABI modifications:
gnutls_record_check_corked: Added

Log message:
Disable autogen detection.
Addresses PR 48523 by Kai-Uwe Eckhardt.