** libgnutls: Corrected file descriptor leak on random generator
initialization.
+** libgnutls: Corrected file descriptor leak on PSK password file
+reading. Issue identified using the Codenomicon TLS test suite.
+
** libgnutls: Avoid deinitialization if initialization has failed.
** libgnutls: null-terminate othername alternative names.
** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly
on a PKCS #11 trust list.
+** libgnutls: Several small bug fixes identified using valgrind and
+the Codenomicon TLS test suite.
+
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.