Skip to content
Snippets Groups Projects
Forked from pkg / gnutls28
Loading
  • Andreas Metzler's avatar
    ff2cf297
    Import Debian changes 3.4.10-4 · ff2cf297
    Andreas Metzler authored
    gnutls28 (3.4.10-4) unstable; urgency=medium
    
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    
    gnutls28 (3.4.10-3) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.10-2) experimental; urgency=medium
    
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    
    gnutls28 (3.4.10-1) experimental; urgency=medium
    
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    
    gnutls28 (3.4.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.9-1) experimental; urgency=medium
    
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    
    gnutls28 (3.4.8-3) unstable; urgency=medium
    
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    
    gnutls28 (3.4.8-2) unstable; urgency=medium
    
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    
    gnutls28 (3.4.8-1) experimental; urgency=medium
    
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.4.7-1) experimental; urgency=medium
    
      * New upstream version.
        + Update symbol file.
    
    gnutls28 (3.4.6-1) experimental; urgency=medium
    
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    
    gnutls28 (3.4.5-1) experimental; urgency=medium
    
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    
      [ Andreas Metzler ]
      * New upstream version.
    
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    
    gnutls28 (3.4.3-1) experimental; urgency=medium
    
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    
    gnutls28 (3.4.2-2) experimental; urgency=medium
    
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    
    gnutls28 (3.4.2-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    
    gnutls28 (3.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    
    gnutls28 (3.3.20-1) unstable; urgency=medium
    
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.3.19-1) unstable; urgency=medium
    
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    
    gnutls28 (3.3.18-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.3.17-1) unstable; urgency=medium
    
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    
    gnutls28 (3.3.16-2) unstable; urgency=medium
    
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    
    gnutls28 (3.3.16-1) unstable; urgency=medium
    
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    
    gnutls28 (3.3.15-7) unstable; urgency=medium
    
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    
    gnutls28 (3.3.15-6) unstable; urgency=high
    
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    
    gnutls28 (3.3.15-5) unstable; urgency=medium
    
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    
    gnutls28 (3.3.15-4) experimental; urgency=medium
    
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    
    gnutls28 (3.3.15-3) experimental; urgency=medium
    
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    
    gnutls28 (3.3.15-2) unstable; urgency=medium
    
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    
    gnutls28 (3.3.15-1) unstable; urgency=medium
    
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    
    gnutls28 (3.3.14-3) experimental; urgency=medium
    
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    
    gnutls28 (3.3.14-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    
    gnutls28 (3.3.14-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    
    gnutls28 (3.3.13-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    
    gnutls28 (3.3.12-1) experimental; urgency=medium
    
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    
    gnutls28 (3.3.11-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    
    gnutls28 (3.3.10-2) experimental; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.10-1) experimental; urgency=medium
    
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    
    gnutls28 (3.3.9-1) experimental; urgency=medium
    
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    
    gnutls28 (3.3.8-7) unstable; urgency=medium
    
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    
    gnutls28 (3.3.8-6) unstable; urgency=medium
    
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    
    gnutls28 (3.3.8-5) unstable; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.8-4) unstable; urgency=high
    
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    
    gnutls28 (3.3.8-3) unstable; urgency=high
    
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    
    gnutls28 (3.3.8-2) unstable; urgency=medium
    
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    
    gnutls28 (3.3.8-1) experimental; urgency=medium
    
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    
    gnutls28 (3.3.7-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.3.7-1) experimental; urgency=medium
    
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    
    gnutls28 (3.3.6-2) unstable; urgency=medium
    
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    
    gnutls28 (3.3.6-1) experimental; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    
    gnutls28 (3.3.5-1) experimental; urgency=medium
    
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    
    gnutls28 (3.3.3-1) experimental; urgency=medium
    
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    
    gnutls28 (3.3.2-2) experimental; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    
    gnutls28 (3.3.2-1) experimental; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    
    gnutls28 (3.3.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    
    gnutls28 (3.3.0-2) experimental; urgency=medium
    
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.3.0-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    
    gnutls28 (3.2.16-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.2.15-3) unstable; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    
    gnutls28 (3.2.15-2) unstable; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    
    gnutls28 (3.2.15-1) unstable; urgency=high
    
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    
    gnutls28 (3.2.14-1) unstable; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    
    gnutls28 (3.2.13-2) unstable; urgency=medium
    
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.2.13-1) unstable; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
    
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop superfluous patches: 
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    
    gnutls28 (3.2.11-2) unstable; urgency=high
    
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    
    gnutls28 (3.2.11-1) unstable; urgency=high
    
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    
    gnutls28 (3.2.10-2) unstable; urgency=high
    
      * Upload to unstable.
    
    gnutls28 (3.2.10-1) experimental; urgency=high
    
      * New upstream version.
      * New symbols exported, bump shlibs.
    
    gnutls28 (3.2.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.2.9-1) experimental; urgency=medium
    
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    
    gnutls28 (3.2.7-4) experimental; urgency=low
    
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    
    gnutls28 (3.2.7-3) unstable; urgency=low
    
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.7-2) experimental; urgency=low
    
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    
    gnutls28 (3.2.7-1) experimental; urgency=low
    
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    
    gnutls28 (3.2.6-2) experimental; urgency=low
    
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    
    gnutls28 (3.2.6-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.2.5-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    
    gnutls28 (3.2.4-5) experimental; urgency=low
    
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    
    gnutls28 (3.2.4-4) unstable; urgency=low
    
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    
    gnutls28 (3.2.4-3) unstable; urgency=low
    
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    
    gnutls28 (3.2.4-2) unstable; urgency=low
    
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    
    gnutls28 (3.2.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    
    gnutls28 (3.2.3-3) experimental; urgency=low
    
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    
    gnutls28 (3.2.3-2) experimental; urgency=low
    
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    
    gnutls28 (3.2.3-1) unstable; urgency=low
    
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    
    gnutls28 (3.2.2-2) unstable; urgency=low
    
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff 
    
    gnutls28 (3.2.2-1) unstable; urgency=low
    
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    
    gnutls28 (3.2.1-2) unstable; urgency=low
    
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    
    gnutls28 (3.2.1-1) experimental; urgency=low
    
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    
    gnutls28 (3.1.12-2) unstable; urgency=low
    
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    
    gnutls28 (3.1.12-1) experimental; urgency=low
    
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    
    gnutls28 (3.1.11-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.1.10-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
    
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    
    gnutls28 (3.1.8-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.1.7-1) experimental; urgency=low
    
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    
    gnutls28 (3.1.6-1) experimental; urgency=low
    
      * Update watchfile, based on Bart Martens version for gnutls26 on 
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF. 
    
    gnutls28 (3.1.5-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    
    gnutls28 (3.1.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    
    gnutls28 (3.1.3-1) experimental; urgency=low
    
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    
    gnutls28 (3.1.2-1) experimental; urgency=low
    
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    
    gnutls28 (3.1.1-1) experimental; urgency=low
    
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    
    gnutls28 (3.1.0-5) experimental; urgency=low
    
      * 43_possiblefix.diff might fix the test suite error.
    
    gnutls28 (3.1.0-4) experimental; urgency=low
    
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    
    gnutls28 (3.1.0-3) experimental; urgency=low
    
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    
    gnutls28 (3.1.0-2) experimental; urgency=low
    
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    
    gnutls28 (3.1.0-1) experimental; urgency=low
    
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    
    gnutls28 (3.0.22-2) unstable; urgency=low
    
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    
    gnutls28 (3.0.22-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.21-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    
    gnutls28 (3.0.20-3) unstable; urgency=low
    
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    
    gnutls28 (3.0.20-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.20-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    
    gnutls28 (3.0.19-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.19-1) experimental; urgency=low
    
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    
    gnutls28 (3.0.18-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.18-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    
    gnutls28 (3.0.17-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.17-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.15-2) experimental; urgency=low
    
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    
    gnutls28 (3.0.15-1) experimental; urgency=low
    
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    
    gnutls28 (3.0.14-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    
    gnutls28 (3.0.13-1) experimental; urgency=low
    
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    
    gnutls28 (3.0.12-2) unstable; urgency=low
    
      * De-multiarch guile-gnutls. Closes: #658110
    
    gnutls28 (3.0.12-1) unstable; urgency=low
    
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    
    gnutls28 (3.0.11-1) unstable; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.10-1) unstable; urgency=low
    
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    
    gnutls28 (3.0.9-2) unstable; urgency=low
    
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    
    gnutls28 (3.0.9-1) experimental; urgency=low
    
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    
    gnutls28 (3.0.8-2) unstable; urgency=low
    
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    
    gnutls28 (3.0.8-1) experimental; urgency=low
    
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.7-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    
    gnutls28 (3.0.4-2) experimental; urgency=low
    
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    
    gnutls28 (3.0.4-1) experimental; urgency=low
    
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    
    gnutls28 (3.0.3-1) experimental; urgency=low
    
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    
    gnutls28 (3.0.2-1) experimental; urgency=low
    
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    
    gnutls28 (3.0.1-1) experimental; urgency=low
    
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service. 
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    
    gnutls28 (3.0.0-2) experimental; urgency=low
    
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    
    gnutls28 (3.0.0-1) experimental; urgency=low
    
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    
    gnutls26 (2.12.7-4) unstable; urgency=low
    
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    
    gnutls26 (2.12.7-3) experimental; urgency=low
    
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.12.7-2) experimental; urgency=low
    
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with 
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    
    gnutls26 (2.12.7-1) experimental; urgency=low
    
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    
    gnutls26 (2.12.5-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    
    gnutls26 (2.12.4-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    
    gnutls26 (2.12.3-1) experimental; urgency=low
    
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    
    gnutls26 (2.12.2-2) experimental; urgency=low
    
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    
    gnutls26 (2.12.2-1) experimental; urgency=low
    
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    
    gnutls26 (2.12.1-1) experimental; urgency=low
    
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    
    gnutls26 (2.12.0-1) experimental; urgency=low
    
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    
    gnutls26 (2.11.7-2) experimental; urgency=low
    
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    
    gnutls26 (2.11.7-1) experimental; urgency=low
    
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    
    gnutls26 (2.11.6-2) experimental; urgency=low
    
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    
    gnutls26 (2.11.6-1) experimental; urgency=low
    
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.5-3) unstable; urgency=medium
    
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.10.5-2) unstable; urgency=low
    
      * Stop shipping libtool la files.
    
    gnutls26 (2.10.5-1) unstable; urgency=low
    
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.4-2) unstable; urgency=low
    
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    
    gnutls26 (2.10.4-1) experimental; urgency=low
    
      * New upstream release. V1 CAs are trusted by default.
    
    gnutls26 (2.10.3-1) experimental; urgency=low
    
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    
    gnutls26 (2.10.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    
    gnutls26 (2.10.1-1) experimental; urgency=low
    
      * Update package descriptions. Closes: #588067
      * New upstream version.
    
    gnutls26 (2.10.0-2) experimental; urgency=low
    
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    
    gnutls26 (2.10.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Point watchfile to stable releases.
    
    gnutls26 (2.9.12-2) experimental; urgency=low
    
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    
    gnutls26 (2.9.12-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.9.11-1) experimental; urgency=low
    
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    
    gnutls26 (2.9.10-2) experimental; urgency=low
    
      * [15_gnutlspriority.diff] Restore compatibility with programs using 
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    
    gnutls26 (2.9.10-1) experimental; urgency=low
    
      * New upstream version.
      * New functions added, bump shlibs.
    
    gnutls26 (2.9.9-1) experimental; urgency=low
    
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    
    gnutls26 (2.8.6-1) unstable; urgency=low
    
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us 
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    
    gnutls26 (2.8.5-2) unstable; urgency=low
    
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    
    gnutls26 (2.8.5-1) unstable; urgency=low
    
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    
    gnutls26 (2.8.4-2) unstable; urgency=high
    
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    
    gnutls26 (2.8.4-1) unstable; urgency=low
    
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    
    gnutls26 (2.8.3-3) unstable; urgency=low
    
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    
    gnutls26 (2.8.3-2) unstable; urgency=low
    
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    
    gnutls26 (2.8.3-1) unstable; urgency=high
    
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    
    gnutls26 (2.8.1-2) unstable; urgency=low
    
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    
    gnutls26 (2.8.1-1) experimental; urgency=low
    
      * New upstream stable release.
    
    gnutls26 (2.7.14-1) experimental; urgency=low
    
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    
    gnutls26 (2.7.12-1) experimental; urgency=low
    
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    
    gnutls26 (2.6.6-1) unstable; urgency=high
    
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    
    gnutls26 (2.6.5-1) unstable; urgency=low
    
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    
    gnutls26 (2.6.4-2) unstable; urgency=low
    
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    
    gnutls26 (2.6.4-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.6.3-1) experimental; urgency=low
    
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    
    gnutls26 (2.6.2-2) experimental; urgency=low
    
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    
    gnutls26 (2.6.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    
    gnutls26 (2.6.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    
    gnutls26 (2.5.9-1) experimental; urgency=low
    
      * New upstream development version.
      * Bump shlibs.
    
    gnutls26 (2.4.2-6) unstable; urgency=medium
    
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes. 
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    
    gnutls26 (2.4.2-5) unstable; urgency=low
    
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    
    gnutls26 (2.4.2-4) unstable; urgency=medium
    
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    
    gnutls26 (2.4.2-3) unstable; urgency=low
    
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    
    gnutls26 (2.4.2-2) unstable; urgency=medium
    
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    
    gnutls26 (2.4.2-1) unstable; urgency=low
    
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    
    gnutls26 (2.4.1-1) unstable; urgency=medium
    
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    
    gnutls26 (2.4.0-2) unstable; urgency=low
    
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    
    gnutls26 (2.4.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    
    gnutls26 (2.3.15-1) experimental; urgency=low
    
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    
    gnutls26 (2.3.14-1) experimental; urgency=low
    
      * New upstream version. (rc3)
    
    gnutls26 (2.3.13-1) experimental; urgency=low
    
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    
    gnutls26 (2.3.12-1) experimental; urgency=low
    
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    
    gnutls26 (2.3.11-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    
    gnutls26 (2.2.5-1) unstable; urgency=high
    
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    
    gnutls26 (2.3.9-1) experimental; urgency=low
    
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    
    gnutls26 (2.2.3-1) unstable; urgency=low
    
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    
    gnutls26 (2.2.2-1) unstable; urgency=low
    
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    
    gnutls26 (2.2.1-3) unstable; urgency=low
    
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    
    gnutls26 (2.2.1-2) unstable; urgency=low
    
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    
    gnutls26 (2.2.1-1) experimental; urgency=low
    
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    
    gnutls26 (2.2.0-1) experimental; urgency=low
    
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    
    gnutls26 (2.1.7-1) experimental; urgency=low
    
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    
    gnutls25 (2.1.6-2) experimental; urgency=low
    
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    
    gnutls25 (2.1.6-1) experimental; urgency=low
    
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    
    gnutls13 (2.0.1-1) unstable; urgency=low
    
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    
    gnutls13 (1.7.19-1) unstable; urgency=low
    
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    
    gnutls13 (1.7.18-2) unstable; urgency=low
    
      * Upload to unstable
    
    gnutls13 (1.7.18-1) experimental; urgency=low
    
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    
    gnutls13 (1.7.16-1) experimental; urgency=low
    
      * New upstream version 1.7.16.
    
    gnutls13 (1.7.14-1) experimental; urgency=low
    
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    
    gnutls13 (1.7.12-1) experimental; urgency=low
    
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    
    gnutls13 (1.7.9-1) experimental; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    
    gnutls13 (1.7.7-1) experimental; urgency=low
    
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    
    gnutls13 (1.6.3-1) unstable; urgency=low
    
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    
    gnutls13 (1.6.2-2) unstable; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    
    gnutls13 (1.6.2-1) unstable; urgency=low
    
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    
    gnutls13 (1.6.1-2) unstable; urgency=low
    
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    
    gnutls13 (1.6.1-1) experimental; urgency=low
    
      [ James Westby ]
      * New upstream release.
    
    gnutls13 (1.6.0-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls13 (1.5.3-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    
    gnutls13 (1.4.4-3) unstable; urgency=low
    
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    
    gnutls13 (1.4.4-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    
    gnutls13 (1.4.4-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    
    gnutls13 (1.4.3-2) unstable; urgency=low
    
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    
    gnutls13 (1.4.3-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    
    gnutls13 (1.4.2-1) unstable; urgency=medium
    
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    
    gnutls13 (1.4.1-1) unstable; urgency=low
    
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    
    gnutls13 (1.4.0-3) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    
    gnutls13 (1.4.0-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    
    gnutls13 (1.4.0-1) experimental; urgency=low
    
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    
    gnutls13 (1.3.5-1) unstable; urgency=low
    
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    
    gnutls12 (1.2.9-2) unstable; urgency=low
    
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    
    gnutls12 (1.2.9-1) unstable; urgency=low
    
      * New Upstream version.
    
    gnutls12 (1.2.8-1) unstable; urgency=low
    
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    
    gnutls12 (1.2.6-1) unstable; urgency=low
    
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    
    gnutls12 (1.2.5-3) unstable; urgency=high
    
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    
    gnutls12 (1.2.5-2) unstable; urgency=medium
    
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    
    gnutls12 (1.2.5-1) unstable; urgency=low
    
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    
    gnutls11 (1.0.19-1) experimental; urgency=low
    
      * Merged with the latest stable release.
    
    gnutls11 (1.0.16-13) unstable; urgency=high
    
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    
    gnutls11 (1.0.16-12) unstable; urgency=high
    
      * Fixed a segfault in certtool. Closes: #278361.
    
    gnutls11 (1.0.16-11) unstable; urgency=medium
    
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    
    gnutls11 (1.0.16-10) unstable; urgency=high
    
      * Fixed one instance of uninitialized memory usage.
    
    gnutls11 (1.0.16-9) unstable; urgency=high
    
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    
    gnutls11 (1.0.16-8) unstable; urgency=high
    
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    
    gnutls11 (1.0.16-7) unstable; urgency=low
    
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    
    gnutls11 (1.0.16-6) unstable; urgency=medium
    
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    
    gnutls11 (1.0.16-5) unstable; urgency=low
    
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    
    gnutls11 (1.0.16-4) unstable; urgency=low
    
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    
    gnutls11 (1.0.16-3) unstable; urgency=high
    
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    
    gnutls11 (1.0.16-2) unstable; urgency=high
    
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    
    gnutls11 (1.0.16-1) experimental; urgency=low
    
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    
    gnutls10 (1.0.4-4) unstable; urgency=low
    
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    
    gnutls10 (1.0.4-3) unstable; urgency=low
    
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    
    gnutls10 (1.0.4-2) unstable; urgency=low
    
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    
    gnutls10 (1.0.4-1) unstable; urgency=low
    
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:  
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    
    gnutls10 (1.0.0-1) unstable; urgency=low
    
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    
    gnutls8 (0.9.99-1) experimental; urgency=low
    
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    
    gnutls8 (0.9.98-1) experimental; urgency=low
    
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    
    gnutls8 (0.9.95-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls8 (0.9.94-1) experimental; urgency=low
    
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    ff2cf297
    History
    Import Debian changes 3.4.10-4
    Andreas Metzler authored
    gnutls28 (3.4.10-4) unstable; urgency=medium
    
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    
    gnutls28 (3.4.10-3) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.10-2) experimental; urgency=medium
    
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    
    gnutls28 (3.4.10-1) experimental; urgency=medium
    
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    
    gnutls28 (3.4.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.9-1) experimental; urgency=medium
    
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    
    gnutls28 (3.4.8-3) unstable; urgency=medium
    
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    
    gnutls28 (3.4.8-2) unstable; urgency=medium
    
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    
    gnutls28 (3.4.8-1) experimental; urgency=medium
    
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.4.7-1) experimental; urgency=medium
    
      * New upstream version.
        + Update symbol file.
    
    gnutls28 (3.4.6-1) experimental; urgency=medium
    
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    
    gnutls28 (3.4.5-1) experimental; urgency=medium
    
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    
      [ Andreas Metzler ]
      * New upstream version.
    
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    
    gnutls28 (3.4.3-1) experimental; urgency=medium
    
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    
    gnutls28 (3.4.2-2) experimental; urgency=medium
    
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    
    gnutls28 (3.4.2-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    
    gnutls28 (3.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    
    gnutls28 (3.3.20-1) unstable; urgency=medium
    
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.3.19-1) unstable; urgency=medium
    
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    
    gnutls28 (3.3.18-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.3.17-1) unstable; urgency=medium
    
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    
    gnutls28 (3.3.16-2) unstable; urgency=medium
    
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    
    gnutls28 (3.3.16-1) unstable; urgency=medium
    
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    
    gnutls28 (3.3.15-7) unstable; urgency=medium
    
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    
    gnutls28 (3.3.15-6) unstable; urgency=high
    
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    
    gnutls28 (3.3.15-5) unstable; urgency=medium
    
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    
    gnutls28 (3.3.15-4) experimental; urgency=medium
    
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    
    gnutls28 (3.3.15-3) experimental; urgency=medium
    
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    
    gnutls28 (3.3.15-2) unstable; urgency=medium
    
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    
    gnutls28 (3.3.15-1) unstable; urgency=medium
    
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    
    gnutls28 (3.3.14-3) experimental; urgency=medium
    
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    
    gnutls28 (3.3.14-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    
    gnutls28 (3.3.14-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    
    gnutls28 (3.3.13-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    
    gnutls28 (3.3.12-1) experimental; urgency=medium
    
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    
    gnutls28 (3.3.11-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    
    gnutls28 (3.3.10-2) experimental; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.10-1) experimental; urgency=medium
    
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    
    gnutls28 (3.3.9-1) experimental; urgency=medium
    
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    
    gnutls28 (3.3.8-7) unstable; urgency=medium
    
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    
    gnutls28 (3.3.8-6) unstable; urgency=medium
    
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    
    gnutls28 (3.3.8-5) unstable; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.8-4) unstable; urgency=high
    
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    
    gnutls28 (3.3.8-3) unstable; urgency=high
    
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    
    gnutls28 (3.3.8-2) unstable; urgency=medium
    
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    
    gnutls28 (3.3.8-1) experimental; urgency=medium
    
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    
    gnutls28 (3.3.7-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.3.7-1) experimental; urgency=medium
    
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    
    gnutls28 (3.3.6-2) unstable; urgency=medium
    
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    
    gnutls28 (3.3.6-1) experimental; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    
    gnutls28 (3.3.5-1) experimental; urgency=medium
    
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    
    gnutls28 (3.3.3-1) experimental; urgency=medium
    
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    
    gnutls28 (3.3.2-2) experimental; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    
    gnutls28 (3.3.2-1) experimental; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    
    gnutls28 (3.3.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    
    gnutls28 (3.3.0-2) experimental; urgency=medium
    
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.3.0-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    
    gnutls28 (3.2.16-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.2.15-3) unstable; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    
    gnutls28 (3.2.15-2) unstable; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    
    gnutls28 (3.2.15-1) unstable; urgency=high
    
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    
    gnutls28 (3.2.14-1) unstable; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    
    gnutls28 (3.2.13-2) unstable; urgency=medium
    
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.2.13-1) unstable; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
    
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop superfluous patches: 
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    
    gnutls28 (3.2.11-2) unstable; urgency=high
    
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    
    gnutls28 (3.2.11-1) unstable; urgency=high
    
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    
    gnutls28 (3.2.10-2) unstable; urgency=high
    
      * Upload to unstable.
    
    gnutls28 (3.2.10-1) experimental; urgency=high
    
      * New upstream version.
      * New symbols exported, bump shlibs.
    
    gnutls28 (3.2.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.2.9-1) experimental; urgency=medium
    
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    
    gnutls28 (3.2.7-4) experimental; urgency=low
    
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    
    gnutls28 (3.2.7-3) unstable; urgency=low
    
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.7-2) experimental; urgency=low
    
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    
    gnutls28 (3.2.7-1) experimental; urgency=low
    
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    
    gnutls28 (3.2.6-2) experimental; urgency=low
    
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    
    gnutls28 (3.2.6-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.2.5-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    
    gnutls28 (3.2.4-5) experimental; urgency=low
    
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    
    gnutls28 (3.2.4-4) unstable; urgency=low
    
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    
    gnutls28 (3.2.4-3) unstable; urgency=low
    
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    
    gnutls28 (3.2.4-2) unstable; urgency=low
    
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    
    gnutls28 (3.2.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    
    gnutls28 (3.2.3-3) experimental; urgency=low
    
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    
    gnutls28 (3.2.3-2) experimental; urgency=low
    
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    
    gnutls28 (3.2.3-1) unstable; urgency=low
    
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    
    gnutls28 (3.2.2-2) unstable; urgency=low
    
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff 
    
    gnutls28 (3.2.2-1) unstable; urgency=low
    
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    
    gnutls28 (3.2.1-2) unstable; urgency=low
    
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    
    gnutls28 (3.2.1-1) experimental; urgency=low
    
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    
    gnutls28 (3.1.12-2) unstable; urgency=low
    
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    
    gnutls28 (3.1.12-1) experimental; urgency=low
    
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    
    gnutls28 (3.1.11-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.1.10-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
    
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    
    gnutls28 (3.1.8-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.1.7-1) experimental; urgency=low
    
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    
    gnutls28 (3.1.6-1) experimental; urgency=low
    
      * Update watchfile, based on Bart Martens version for gnutls26 on 
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF. 
    
    gnutls28 (3.1.5-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    
    gnutls28 (3.1.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    
    gnutls28 (3.1.3-1) experimental; urgency=low
    
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    
    gnutls28 (3.1.2-1) experimental; urgency=low
    
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    
    gnutls28 (3.1.1-1) experimental; urgency=low
    
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    
    gnutls28 (3.1.0-5) experimental; urgency=low
    
      * 43_possiblefix.diff might fix the test suite error.
    
    gnutls28 (3.1.0-4) experimental; urgency=low
    
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    
    gnutls28 (3.1.0-3) experimental; urgency=low
    
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    
    gnutls28 (3.1.0-2) experimental; urgency=low
    
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    
    gnutls28 (3.1.0-1) experimental; urgency=low
    
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    
    gnutls28 (3.0.22-2) unstable; urgency=low
    
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    
    gnutls28 (3.0.22-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.21-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    
    gnutls28 (3.0.20-3) unstable; urgency=low
    
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    
    gnutls28 (3.0.20-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.20-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    
    gnutls28 (3.0.19-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.19-1) experimental; urgency=low
    
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    
    gnutls28 (3.0.18-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.18-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    
    gnutls28 (3.0.17-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.17-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.15-2) experimental; urgency=low
    
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    
    gnutls28 (3.0.15-1) experimental; urgency=low
    
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    
    gnutls28 (3.0.14-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    
    gnutls28 (3.0.13-1) experimental; urgency=low
    
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    
    gnutls28 (3.0.12-2) unstable; urgency=low
    
      * De-multiarch guile-gnutls. Closes: #658110
    
    gnutls28 (3.0.12-1) unstable; urgency=low
    
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    
    gnutls28 (3.0.11-1) unstable; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.10-1) unstable; urgency=low
    
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    
    gnutls28 (3.0.9-2) unstable; urgency=low
    
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    
    gnutls28 (3.0.9-1) experimental; urgency=low
    
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    
    gnutls28 (3.0.8-2) unstable; urgency=low
    
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    
    gnutls28 (3.0.8-1) experimental; urgency=low
    
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.7-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    
    gnutls28 (3.0.4-2) experimental; urgency=low
    
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    
    gnutls28 (3.0.4-1) experimental; urgency=low
    
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    
    gnutls28 (3.0.3-1) experimental; urgency=low
    
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    
    gnutls28 (3.0.2-1) experimental; urgency=low
    
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    
    gnutls28 (3.0.1-1) experimental; urgency=low
    
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service. 
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    
    gnutls28 (3.0.0-2) experimental; urgency=low
    
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    
    gnutls28 (3.0.0-1) experimental; urgency=low
    
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    
    gnutls26 (2.12.7-4) unstable; urgency=low
    
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    
    gnutls26 (2.12.7-3) experimental; urgency=low
    
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.12.7-2) experimental; urgency=low
    
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with 
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    
    gnutls26 (2.12.7-1) experimental; urgency=low
    
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    
    gnutls26 (2.12.5-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    
    gnutls26 (2.12.4-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    
    gnutls26 (2.12.3-1) experimental; urgency=low
    
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    
    gnutls26 (2.12.2-2) experimental; urgency=low
    
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    
    gnutls26 (2.12.2-1) experimental; urgency=low
    
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    
    gnutls26 (2.12.1-1) experimental; urgency=low
    
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    
    gnutls26 (2.12.0-1) experimental; urgency=low
    
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    
    gnutls26 (2.11.7-2) experimental; urgency=low
    
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    
    gnutls26 (2.11.7-1) experimental; urgency=low
    
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    
    gnutls26 (2.11.6-2) experimental; urgency=low
    
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    
    gnutls26 (2.11.6-1) experimental; urgency=low
    
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.5-3) unstable; urgency=medium
    
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.10.5-2) unstable; urgency=low
    
      * Stop shipping libtool la files.
    
    gnutls26 (2.10.5-1) unstable; urgency=low
    
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.4-2) unstable; urgency=low
    
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    
    gnutls26 (2.10.4-1) experimental; urgency=low
    
      * New upstream release. V1 CAs are trusted by default.
    
    gnutls26 (2.10.3-1) experimental; urgency=low
    
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    
    gnutls26 (2.10.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    
    gnutls26 (2.10.1-1) experimental; urgency=low
    
      * Update package descriptions. Closes: #588067
      * New upstream version.
    
    gnutls26 (2.10.0-2) experimental; urgency=low
    
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    
    gnutls26 (2.10.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Point watchfile to stable releases.
    
    gnutls26 (2.9.12-2) experimental; urgency=low
    
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    
    gnutls26 (2.9.12-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.9.11-1) experimental; urgency=low
    
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    
    gnutls26 (2.9.10-2) experimental; urgency=low
    
      * [15_gnutlspriority.diff] Restore compatibility with programs using 
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    
    gnutls26 (2.9.10-1) experimental; urgency=low
    
      * New upstream version.
      * New functions added, bump shlibs.
    
    gnutls26 (2.9.9-1) experimental; urgency=low
    
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    
    gnutls26 (2.8.6-1) unstable; urgency=low
    
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us 
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    
    gnutls26 (2.8.5-2) unstable; urgency=low
    
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    
    gnutls26 (2.8.5-1) unstable; urgency=low
    
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    
    gnutls26 (2.8.4-2) unstable; urgency=high
    
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    
    gnutls26 (2.8.4-1) unstable; urgency=low
    
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    
    gnutls26 (2.8.3-3) unstable; urgency=low
    
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    
    gnutls26 (2.8.3-2) unstable; urgency=low
    
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    
    gnutls26 (2.8.3-1) unstable; urgency=high
    
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    
    gnutls26 (2.8.1-2) unstable; urgency=low
    
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    
    gnutls26 (2.8.1-1) experimental; urgency=low
    
      * New upstream stable release.
    
    gnutls26 (2.7.14-1) experimental; urgency=low
    
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    
    gnutls26 (2.7.12-1) experimental; urgency=low
    
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    
    gnutls26 (2.6.6-1) unstable; urgency=high
    
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    
    gnutls26 (2.6.5-1) unstable; urgency=low
    
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    
    gnutls26 (2.6.4-2) unstable; urgency=low
    
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    
    gnutls26 (2.6.4-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.6.3-1) experimental; urgency=low
    
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    
    gnutls26 (2.6.2-2) experimental; urgency=low
    
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    
    gnutls26 (2.6.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    
    gnutls26 (2.6.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    
    gnutls26 (2.5.9-1) experimental; urgency=low
    
      * New upstream development version.
      * Bump shlibs.
    
    gnutls26 (2.4.2-6) unstable; urgency=medium
    
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes. 
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    
    gnutls26 (2.4.2-5) unstable; urgency=low
    
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    
    gnutls26 (2.4.2-4) unstable; urgency=medium
    
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    
    gnutls26 (2.4.2-3) unstable; urgency=low
    
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    
    gnutls26 (2.4.2-2) unstable; urgency=medium
    
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    
    gnutls26 (2.4.2-1) unstable; urgency=low
    
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    
    gnutls26 (2.4.1-1) unstable; urgency=medium
    
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    
    gnutls26 (2.4.0-2) unstable; urgency=low
    
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    
    gnutls26 (2.4.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    
    gnutls26 (2.3.15-1) experimental; urgency=low
    
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    
    gnutls26 (2.3.14-1) experimental; urgency=low
    
      * New upstream version. (rc3)
    
    gnutls26 (2.3.13-1) experimental; urgency=low
    
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    
    gnutls26 (2.3.12-1) experimental; urgency=low
    
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    
    gnutls26 (2.3.11-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    
    gnutls26 (2.2.5-1) unstable; urgency=high
    
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    
    gnutls26 (2.3.9-1) experimental; urgency=low
    
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    
    gnutls26 (2.2.3-1) unstable; urgency=low
    
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    
    gnutls26 (2.2.2-1) unstable; urgency=low
    
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    
    gnutls26 (2.2.1-3) unstable; urgency=low
    
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    
    gnutls26 (2.2.1-2) unstable; urgency=low
    
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    
    gnutls26 (2.2.1-1) experimental; urgency=low
    
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    
    gnutls26 (2.2.0-1) experimental; urgency=low
    
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    
    gnutls26 (2.1.7-1) experimental; urgency=low
    
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    
    gnutls25 (2.1.6-2) experimental; urgency=low
    
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    
    gnutls25 (2.1.6-1) experimental; urgency=low
    
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    
    gnutls13 (2.0.1-1) unstable; urgency=low
    
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    
    gnutls13 (1.7.19-1) unstable; urgency=low
    
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    
    gnutls13 (1.7.18-2) unstable; urgency=low
    
      * Upload to unstable
    
    gnutls13 (1.7.18-1) experimental; urgency=low
    
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    
    gnutls13 (1.7.16-1) experimental; urgency=low
    
      * New upstream version 1.7.16.
    
    gnutls13 (1.7.14-1) experimental; urgency=low
    
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    
    gnutls13 (1.7.12-1) experimental; urgency=low
    
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    
    gnutls13 (1.7.9-1) experimental; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    
    gnutls13 (1.7.7-1) experimental; urgency=low
    
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    
    gnutls13 (1.6.3-1) unstable; urgency=low
    
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    
    gnutls13 (1.6.2-2) unstable; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    
    gnutls13 (1.6.2-1) unstable; urgency=low
    
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    
    gnutls13 (1.6.1-2) unstable; urgency=low
    
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    
    gnutls13 (1.6.1-1) experimental; urgency=low
    
      [ James Westby ]
      * New upstream release.
    
    gnutls13 (1.6.0-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls13 (1.5.3-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    
    gnutls13 (1.4.4-3) unstable; urgency=low
    
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    
    gnutls13 (1.4.4-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    
    gnutls13 (1.4.4-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    
    gnutls13 (1.4.3-2) unstable; urgency=low
    
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    
    gnutls13 (1.4.3-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    
    gnutls13 (1.4.2-1) unstable; urgency=medium
    
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    
    gnutls13 (1.4.1-1) unstable; urgency=low
    
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    
    gnutls13 (1.4.0-3) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    
    gnutls13 (1.4.0-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    
    gnutls13 (1.4.0-1) experimental; urgency=low
    
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    
    gnutls13 (1.3.5-1) unstable; urgency=low
    
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    
    gnutls12 (1.2.9-2) unstable; urgency=low
    
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    
    gnutls12 (1.2.9-1) unstable; urgency=low
    
      * New Upstream version.
    
    gnutls12 (1.2.8-1) unstable; urgency=low
    
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    
    gnutls12 (1.2.6-1) unstable; urgency=low
    
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    
    gnutls12 (1.2.5-3) unstable; urgency=high
    
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    
    gnutls12 (1.2.5-2) unstable; urgency=medium
    
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    
    gnutls12 (1.2.5-1) unstable; urgency=low
    
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    
    gnutls11 (1.0.19-1) experimental; urgency=low
    
      * Merged with the latest stable release.
    
    gnutls11 (1.0.16-13) unstable; urgency=high
    
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    
    gnutls11 (1.0.16-12) unstable; urgency=high
    
      * Fixed a segfault in certtool. Closes: #278361.
    
    gnutls11 (1.0.16-11) unstable; urgency=medium
    
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    
    gnutls11 (1.0.16-10) unstable; urgency=high
    
      * Fixed one instance of uninitialized memory usage.
    
    gnutls11 (1.0.16-9) unstable; urgency=high
    
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    
    gnutls11 (1.0.16-8) unstable; urgency=high
    
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    
    gnutls11 (1.0.16-7) unstable; urgency=low
    
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    
    gnutls11 (1.0.16-6) unstable; urgency=medium
    
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    
    gnutls11 (1.0.16-5) unstable; urgency=low
    
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    
    gnutls11 (1.0.16-4) unstable; urgency=low
    
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    
    gnutls11 (1.0.16-3) unstable; urgency=high
    
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    
    gnutls11 (1.0.16-2) unstable; urgency=high
    
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    
    gnutls11 (1.0.16-1) experimental; urgency=low
    
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    
    gnutls10 (1.0.4-4) unstable; urgency=low
    
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    
    gnutls10 (1.0.4-3) unstable; urgency=low
    
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    
    gnutls10 (1.0.4-2) unstable; urgency=low
    
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    
    gnutls10 (1.0.4-1) unstable; urgency=low
    
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:  
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    
    gnutls10 (1.0.0-1) unstable; urgency=low
    
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    
    gnutls8 (0.9.99-1) experimental; urgency=low
    
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    
    gnutls8 (0.9.98-1) experimental; urgency=low
    
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    
    gnutls8 (0.9.95-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls8 (0.9.94-1) experimental; urgency=low
    
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.