Skip to content
Snippets Groups Projects
Commit ff2cf297 authored by Andreas Metzler's avatar Andreas Metzler Committed by Apertis package maintainers
Browse files

Import Debian changes 3.4.10-4

gnutls28 (3.4.10-4) unstable; urgency=medium

  * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
    GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
    unavailable. Closes: #818341

gnutls28 (3.4.10-3) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.4.10-2) experimental; urgency=medium

  * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
  * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
    another try for Closes: #813598

gnutls28 (3.4.10-1) experimental; urgency=medium

  * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
    master to fix FTBFS with parallel builds. Closes: #816148
  * New upstream version.
  * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
    master branch to fix occasional testsuite error. Closes: #813598

gnutls28 (3.4.9-2) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.4.9-1) experimental; urgency=medium

  * New upstream version.
  * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
    36_Revert-tests-updated-to-account-for-cert-generation.patch.

gnutls28 (3.4.8-3) unstable; urgency=medium

  * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
    36_Revert-tests-updated-to-account-for-cert-generation.patch
    from upstream GIT. Closes: #813243

gnutls28 (3.4.8-2) unstable; urgency=medium

  * Merge master branch into experimental.
    + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
      This is a kludge and technically wrong, but will prevent partial
      upgrades from stable. See: #788735
  * Upload to unstable.

gnutls28 (3.4.8-1) experimental; urgency=medium

  * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
    option was added to debhelper/unstable with version 9.20150628, bump
    build-dependency accordingly.
  * autoreconf requires automake 1.12.2, add build-dependency.
  * New upstream version.
    + Update symbol file.
  * Move Vcs-* from git/http to https.

gnutls28 (3.4.7-1) experimental; urgency=medium

  * New upstream version.
    + Update symbol file.

gnutls28 (3.4.6-1) experimental; urgency=medium

  * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
    later) to improve reproducibility of build.
  * New upstream version.
    + Update symbol file.
  * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
    (>= 1.17.14). Both are required for build-profile support added in
    previous upload. (Thanks, lintian.)

gnutls28 (3.4.5-1) experimental; urgency=medium

  [ Helmut Grohne ]
  * Turn Build-Depends: datefudge optional via <!nocheck> profile.
    Closes: #797544

  [ Andreas Metzler ]
  * New upstream version.

gnutls28 (3.4.4.1-1) experimental; urgency=medium

  * New upstream version.
    + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
      bump dependency info for functions taking it as argument or returning it.
    + Bump dependency info on private symbols.
    + Update debian/copyright.
    + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
      CVE-2015-6251

gnutls28 (3.4.3-1) experimental; urgency=medium

  * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
  * New upstream version.
    + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
      gnutls_pkcs11_token_info_t.
    + Add dependency info for new symbols, bump private symbol dependency.

gnutls28 (3.4.2-2) experimental; urgency=medium

  * Disable libidn support because CVE-2015-2059 is still not fixed. See
    <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
    of crywrap.

gnutls28 (3.4.2-1) experimental; urgency=medium

  * New upstream version.
    + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
    + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
      version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)

gnutls28 (3.4.1-1) experimental; urgency=medium

  * New upstream version.
    + Bump (build)-depends on nettle and p11-kit.
    + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
      55_nettle3.patch.
    + Update 14_version_gettextcat.diff.
    + Soname bump, library package renamed from libgnutls-deb0-28 to
      libgnutls30.
    + OpenSSL compat layer is not built by default anymore, pass
      --enable-openssl-compatibility to ./configure.
    + Update symbol file.
    + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
      restricted to the corresponding protocols only, and the VERS-ALL
      string is introduced to catch all possible protocols. Closes: #773145
    + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
      "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
      dependency on libidn11-dev to libgnutls28-dev.
  * Fix typo in debian/rules
    (s/-disable-silent-rules/--disable-silent-rules).

gnutls28 (3.3.20-1) unstable; urgency=medium

  * autoreconf requires automake 1.12.2, add build-dependency.
  * New upstream version.
  * Move Vcs-* from git/http to https.

gnutls28 (3.3.19-1) unstable; urgency=medium

  * New upstream version.
   + Refresh 20_debian_specific_soname.diff.
   + Update symbol file.

gnutls28 (3.3.18-1) unstable; urgency=medium

  * New upstream version.

gnutls28 (3.3.17-1) unstable; urgency=medium

  * New upstream version.
   + Drop superfluous patches.
    (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
     46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
     47_safe-renegotiation-simulate-receiving-the-extension-.patch)
   + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
     bump dependency info for functions taking it as argument or returning it.
   + Bump dependency info on private symbols.
   + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
     CVE-2015-6251

gnutls28 (3.3.16-2) unstable; urgency=medium

  * Refresh 40_no_more_ssl3.diff.
  * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
    46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
    47_safe-renegotiation-simulate-receiving-the-extension-.patch
    Pull three patches from upstream GIT to fix issue with server side sending
    the status request extension even when not requested.
    <http://article.gmane.org/gmane.network.gnutls.general/3929>

gnutls28 (3.3.16-1) unstable; urgency=medium

  * Limit watchfile to 3.3.x versions.
  * New upstream version.
    + Drop superfluous patches
      (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
      55_nettle3.patch,
      56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
    + Bump private symbol versioning.

gnutls28 (3.3.15-7) unstable; urgency=medium

  * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
    is a kludge and technically wrong, but will prevent partial upgrades from
    stable. Closes: #788735
  * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.

gnutls28 (3.3.15-6) unstable; urgency=high

  * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
    Closes: #788011

gnutls28 (3.3.15-5) unstable; urgency=medium

  * Upload to unstable.
  * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
    against both 2.7 and 3.x.

gnutls28 (3.3.15-4) experimental; urgency=medium

  * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
    allows compilation against both nettle 2.7 and 3.x.
  * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
    and libtasn1-6-dev, the =${binary:Version} dependency of the development
    packages on the respective library packages should make this superfluous.

gnutls28 (3.3.15-3) experimental; urgency=medium

  * Add 55_nettle3.patch from
    http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
    against nettle3.

gnutls28 (3.3.15-2) unstable; urgency=medium

  * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
    fixing a testsuite error on kfreebsd-*.

gnutls28 (3.3.15-1) unstable; urgency=medium

  * New upstream stable release.
    + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].

gnutls28 (3.3.14-3) experimental; urgency=medium

  * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
  * (Build-)depend on nettle-dev >= 3.0.

gnutls28 (3.3.14-2) unstable; urgency=medium

  * Upload to unstable.
  * Sync version of Depends and Build-Depends on libtasn1-6-dev.

gnutls28 (3.3.14-1) experimental; urgency=medium

  * New upstream version.
    + Bump libtasn b-d to >= 4.3.

gnutls28 (3.3.13-1) experimental; urgency=medium

  * New upstream version.
    + Includes fix for CVE-2015-0294, a certificate algorithm consistency
      checking issue.

gnutls28 (3.3.12-1) experimental; urgency=medium

  * New upstream version.
    + gnutls-cli-debug STARTTLS is working. Closes: #467022

gnutls28 (3.3.11-1) experimental; urgency=medium

  * New upstream version.
    + Includes fix for OCSP response parsing issue. Closes: #772055

gnutls28 (3.3.10-2) experimental; urgency=medium

  * Remove SSL 3.0 from default priorities list.
    Closes: #769904

gnutls28 (3.3.10-1) experimental; urgency=medium

  * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
    manpages.
  * New upstream version.
    + Includes fix for a denial of service issue CVE-2014-8564 /
      GNUTLS-SA-2014-5.
    + When gnutls_global_init() is called for a second time, it will check
      whether the /dev/urandom fd kept is still open and matches the original
      one. That behavior works around issues with servers that close all file
      descriptors. This should take care of #760476.

gnutls28 (3.3.9-1) experimental; urgency=medium

  * New upstream version.
    + Unfuzz 20_debian_specific_soname.diff.
    + Drop 31_fallback_to_RUSAGE_SELF.diff.
    + Bump private symbol dependency info.
    + Bump dependency version of gnutls_certificate_get_issuer() and
      gnutls_x509_trust_list_get_issuer() because of newly added
      GNUTLS_TL_GET_COPY flag.

gnutls28 (3.3.8-7) unstable; urgency=medium

  * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
    Pull two patches from upstream to a use-after-free flaw in
    gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
    Closes: #782776

gnutls28 (3.3.8-6) unstable; urgency=medium

  * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
    6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
    certificate import check whether the two signature algorithms match.
    CVE-2015-0294. Closes: #779428

gnutls28 (3.3.8-5) unstable; urgency=medium

  * Remove SSL 3.0 from default priorities list.
    Closes: #769904

gnutls28 (3.3.8-4) unstable; urgency=high

  * Drop 31_fallback_to_RUSAGE_SELF.diff.
  * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
    from the application check the urandom fd for validity. Closes: #768841
    and takes care of #760476.
  * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
    session deinit. It is already being refreshed during the session lifetime.
  * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
    format, perform additional sanity checks on input.
    CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
  * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
    uses a cert in binary der-format which is not representable in a quilt
    patches and we want to limit debian.tar.xz to modify stuff in debian/ we
    have some special handling in debian/rules.)

gnutls28 (3.3.8-3) unstable; urgency=high

  [ Daniel Kahn Gillmor ]
  * Add list of executables to gnutls-bin package description.
    Closes: #763671

  [ Andreas Metzler ]
  * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
    try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
    Mavrogiannopoulos!) Closes: #760476

gnutls28 (3.3.8-2) unstable; urgency=medium

  * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
    3.3.8 requires libtasn1 >= 3.9.
  * Upload to unstable.

gnutls28 (3.3.8-1) experimental; urgency=medium

  * New upstream version.
    + Refresh 20_debian_specific_soname.diff.
    + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
      with old experimental upload 0.21.2-1
    + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
      some functions in the gnutls_pkcs11_* family due to new members in enums
      gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
      symbol dependency info, and bump shlibs.
  * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
    The GnuTLS library package automatically gets a dependency on libp11-kit0
    (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
    libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
    enforce a version on libp11-kit-dev and we do not need to duplicate the
    info.
  * Add explicit build-dependency on libopts25-dev. Closes: #761618

gnutls28 (3.3.7-2) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.3.7-1) experimental; urgency=medium

  * New upstream release.
    + Refresh 20_debian_specific_soname.diff.
    + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
      symbol dependency info, and bump shlibs.
    + New member in gnutls_pkcs11_obj_attr_t, bump version of
      gnutls_pkcs11_obj_list_import_url*.

gnutls28 (3.3.6-2) unstable; urgency=medium

  * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
    lastest stable at freeze time.
  * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
    at-build-time-default-compiler) by exporting @CPP@.

gnutls28 (3.3.6-1) experimental; urgency=medium

  * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
    with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
  * New upstream release.
    + Refresh 20_debian_specific_soname.diff.
    + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
      symbol dependency info.

gnutls28 (3.3.5-1) experimental; urgency=medium

  * New upstream version.
  * Refresh patches/20_debian_specific_soname.diff.
  * Drop 30_Updated-asm-sources.patch.
  * Add new public symbols to symbol file, bump shlibs.

gnutls28 (3.3.3-1) experimental; urgency=medium

  * New upstream version, including a fix for GNUTLS-SA-2014-3
    CVE-2014-3466.
  * Refresh 20_debian_specific_soname.diff.
  * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
  * New symbol gnutls_credentials_get, update symbol file and bump shlibs.

gnutls28 (3.3.2-2) experimental; urgency=high

  * Fix crashes due to symbol clashes when a binary ends up being linked
    against GnuTLS v2 and v3 by bumping library symbol-versioning (and
    therefore also the soname) in a Debian specific way, to make sure there is
    no conflict with future:
    + 20_debian_specific_soname.diff
      - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
      - Add "-release deb0" to libtool link command.
    + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
    + Adapt symbol file accordingly.
    + Change 14_version_gettextcat.diff, too.
      Closes: #748742
   * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
     These have been unnecessary since we started using dh compat v9, where
     debugging symbols are installed to /usr/lib/debug/.build-id.

gnutls28 (3.3.2-1) experimental; urgency=medium

  * Do not build-depend on guile-2.0 on m68k. Closes: #745461
  * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
    enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
    corresponding versioned build-dependency, to prevent building of
    uninstallable packages.
  * New upstream version. Drop 20_guile_no_override_allocation.diff and
    21_Treat-othername-as-printable.diff.

gnutls28 (3.3.1-1) experimental; urgency=medium

  * New upstream version.
    + Drop 20_sparc_chainverify_buserror.diff.
    + Pull 20_guile_no_override_allocation.diff and
      21_Treat-othername-as-printable.diff from upstream GIT.
    + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
      upstream since it was never exported in a public header and is not
      used according to codesearch.d.o.

gnutls28 (3.3.0-2) experimental; urgency=medium

  * Drop last remains of -xssl from debian/.
  * Add debian/libgnutls28.symbols.
  * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
    increase the space available for certificates to fix sparc testsuite
    error.
  * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
    libgnutls28-dev.

gnutls28 (3.3.0-1) experimental; urgency=medium

  * New upstream version.
    + Bump shlibs.

gnutls28 (3.3.0~pre0-1) experimental; urgency=medium

  * Also version the p11-kit dependency.
  * New upstream version.
    + Set --enable-static, as only shared libs are built by default.
    + libgnutls-xssl is no more.
    + Bump shlibs.
  * Upload to experimental.

gnutls28 (3.2.16-1) unstable; urgency=medium

  * New upstream version.

gnutls28 (3.2.15-3) unstable; urgency=medium

  * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
    with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
  * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
    series.

gnutls28 (3.2.15-2) unstable; urgency=high

  * Fix crashes due to symbol clashes when a binary ends up being linked
    against GnuTLS v2 and v3 by bumping library symbol-versioning (and
    therefore also the soname) in a Debian specific way, to make sure there is
    no conflict with future:
    + 20_debian_specific_soname.diff
      - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
      - Add "-release deb0" to libtool link command.
    + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
    + Change 14_version_gettextcat.diff, too.
    Closes: #74874
  * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
    These have been unnecessary since we started using dh compat v9, where
    debugging symbols are installed to /usr/lib/debug/.build-id.
  * debian/copyright: Add info about GPLv2 compatibility.

gnutls28 (3.2.15-1) unstable; urgency=high

  * New upstream version.
    + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.

gnutls28 (3.2.14-1) unstable; urgency=medium

  * Do not build-depend on guile-2.0 on m68k. Closes: #745461
  * New upstream version.
  * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
    enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
    corresponding versioned build-dependency, to prevent building of
    uninstallable packages.

gnutls28 (3.2.13-2) unstable; urgency=medium

  * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
    libgnutls28-dev.

gnutls28 (3.2.13-1) unstable; urgency=medium

  * Also version the p11-kit dependency.
  * New upstream version.

gnutls28 (3.2.12.1-2) unstable; urgency=medium

  * Upload to unstable.
  * Sync from Ubuntu (Colin Watson):
    + Add arm64 and ppc64el to the list of non-ia64 architectures on which
      guile-gnutls is built.

gnutls28 (3.2.12.1-1) experimental; urgency=medium

  * New upstream version.
    + Drop superfluous patches: 
      20_bug-in-gnutls_pcert_list_import_x509_raw.patch
      20_CVE-2014-0092.diff

gnutls28 (3.2.11-2) unstable; urgency=high

  * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
  * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
    validation issue. CVE-2014-0092

gnutls28 (3.2.11-1) unstable; urgency=high

  * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
  * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.

gnutls28 (3.2.10-2) unstable; urgency=high

  * Upload to unstable.

gnutls28 (3.2.10-1) experimental; urgency=high

  * New upstream version.
  * New symbols exported, bump shlibs.

gnutls28 (3.2.9-2) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.2.9-1) experimental; urgency=medium

  * New upstream version.
    + %COMPAT implies %DUMBFW. (See #733039)
  * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
    dh_autoreconf.
  * Stop dh_clean from removing *.bak, upstream tarball actually contains
    files named such in src/ subdirectory.

gnutls28 (3.2.8.1-3) unstable; urgency=medium

  * Correct c'n'p error in Vcs-Git field.
  * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)

gnutls28 (3.2.8.1-2) unstable; urgency=low

  * Upload to unstable, without libgnutls-openssl27.

gnutls28 (3.2.8.1-1) experimental; urgency=low

  * New upstream version.
    + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
      upstream.
    + Bump shlibs.
  * Add debian/upstream-signing-key.pgp (listed in
    debian/source/include-binaries) and update watchfile to check
    upstream signature.

gnutls28 (3.2.7-4) experimental; urgency=low

  * Upload to experimental, with libgnutls-openssl27.
  * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)

gnutls28 (3.2.7-3) unstable; urgency=low

  * Point vcs* to git.
  * Upload to unstable, without libgnutls-openssl27.

gnutls28 (3.2.7-2) experimental; urgency=low

  * Fix kfreebsd FTBFS.
    + 45_add_strerror-module.patch add gnulib strerror module.
    + Use dh_autoreconf.

gnutls28 (3.2.7-1) experimental; urgency=low

  * New upstream version.
    + Add b-d on bison.
    + Bump shlibs.
    + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
    + Simplify debian/rules, stop removing autogened files.

gnutls28 (3.2.6-2) experimental; urgency=low

  * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
    for the hint.)
  * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.

gnutls28 (3.2.6-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

gnutls28 (3.2.5-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.
  * Ship examples/examples.h which is needed for building examples/*.c. Also
    add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
    Closes: #726971

gnutls28 (3.2.4-5) experimental; urgency=low

  * Re-enable building of libgnutls-openssl27 binary package.
  * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
    transition to gnutls28.

gnutls28 (3.2.4-4) unstable; urgency=low

  * 40_guilenoparallel.diff: Disable parallel build in
    guile/modules/.

gnutls28 (3.2.4-3) unstable; urgency=low

  * Looks like "Architecture" in debian/control cannot be folded, unfold the
    respective entry for guile-gnutls.

gnutls28 (3.2.4-2) unstable; urgency=low

  * Manpages were missing on binary-only builds. Closes: #721725
  * Build with
    --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
    ca-certificates not pulled in by build-dependencies anymore.
    Closes: #721726
  * Upload to unstable.

gnutls28 (3.2.4-1) experimental; urgency=low

  * New upstream release.
    + Drop 40_Clean-up-after-test.patch.
  * Fix path to png files in info files with sed instead of symlinking images.
  * Bump shlibs.

gnutls28 (3.2.3-3) experimental; urgency=low

  * Switch to dh, to easily allow us to move gtk-doc-tools to
    Build-Depends-Indep. Closes: #682596

gnutls28 (3.2.3-2) experimental; urgency=low

  * Build gnutls-guile against guile-2.0.
    + Drop --disable-largefile on armel armhf mipsel.
    + ia64 does not build guile-2.0, disable guile-support there.

gnutls28 (3.2.3-1) unstable; urgency=low

  * New upstream release.
  * Drop superfluous patches. (35_gnutls-priority-string.diff
    36_avoid-leaking-a-buffer-element.diff)
  * Bump shlibs.

gnutls28 (3.2.2-2) unstable; urgency=low

  * Pull two patches from upstream:
    +35_gnutls-priority-string.diff Fix priority string parsing broken in
     3.2.2 Closes: #717314
    +36_avoid-leaking-a-buffer-element.diff 

gnutls28 (3.2.2-1) unstable; urgency=low

  * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
    Closes: #678070
  * New upstream version.
  * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
  * Bump shlibs.

gnutls28 (3.2.1-2) unstable; urgency=low

  * Upload to unstable.
  * Do not link everything against nettle on mips(el), the issue being worked
    around was fixed by the latest eglibc upload.
  * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
    same.

gnutls28 (3.2.1-1) experimental; urgency=low

  * New upstream version.
    + Bump nettle build-dep to >= 2.7.
    + Bump shlibs.
    + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
      whether it still fails on kfreebsd-i386.
    + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
      false positive error in 32-bit systems.
    + [32_linkagainstgmp.diff] Link libgnutls against gmp.

gnutls28 (3.1.12-2) unstable; urgency=low

  * Upload to unstable.
  * Fix vcs-field-not-canonical lintian error by using anonscm instead of
    svn.debian.org.

gnutls28 (3.1.12-1) experimental; urgency=low

  * Use rm -f on clean, fixing an issue with building twice in row.
  * New upstream version.
  * On mips/mipsel link everything and the kitchen-sink against nettle to work
    around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").

gnutls28 (3.1.11-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

gnutls28 (3.1.10-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs.

gnutls28 (3.1.9.1-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs.
  * Force re-generation of autogen-ed manpages.

gnutls28 (3.1.8-1) experimental; urgency=low

  * New upstream version.

gnutls28 (3.1.7-1) experimental; urgency=low

  * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
    the build-depency. (Thanks, Daniel Kahn Gillmor)
  * New upstream version.
    + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
      CVE-2013-0169 CVE-2013-1619.
    + New symbols added, bump shlibs.
    + Ship newly available libgnutls-xssl0 library in a separate package.
  * Disable Heart Beat (RFC6520) support.

gnutls28 (3.1.6-1) experimental; urgency=low

  * Update watchfile, based on Bart Martens version for gnutls26 on 
    q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
    3.x versions.
  * New upstream version.
    + requires libtasn1 >= 3.1, bump build-depends.
    + requires a a newer version of autogen, bump build-depends.
    + update debian/copyright to reflect the fact that GnuTLS authors have
      stopped assigning copyright to FSF. 

gnutls28 (3.1.5-1) experimental; urgency=low

  * New upstream version.
    + Drop 40_danetestfail.diff
    + Unfuzz 20_test-select.diff
    + Bump shlibs.

gnutls28 (3.1.4-1) experimental; urgency=low

  * New upstream release.
    + Drop 40_fixtypo.diff.
    + debian/copyright: update upstream author list.
    + New symbols added, bump shlibs.
  * 40_danetestfail.diff - Do not try to run dane test without dane support.

gnutls28 (3.1.3-1) experimental; urgency=low

  * New upstream release.
  * Explicitly set --disable-libdane --without-tpm.
  * Bump shlibs.
  * 40_fixtypo.diff pulled from upstream git.
  * Update debian/copyright from AUTHORS.

gnutls28 (3.1.2-1) experimental; urgency=low

  * New upstream release.
    + Requires libtasn1-3 2.14, bump (b-)d.
    + New symbols added, bump shlibs.

gnutls28 (3.1.1-1) experimental; urgency=low

  * New upstream release.
    + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
      Closes: #686242
    + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
      42_dump-the-errno.diff 43_possiblefix.diff)
    + Bump shlibs.
  * Sync version of libgnutls-dev dependency on nettle-dev with the
    build-dependency.

gnutls28 (3.1.0-5) experimental; urgency=low

  * 43_possiblefix.diff might fix the test suite error.

gnutls28 (3.1.0-4) experimental; urgency=low

  * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
    testsuite error.

gnutls28 (3.1.0-3) experimental; urgency=low

  * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.

gnutls28 (3.1.0-2) experimental; urgency=low

  * Mention abbreviation "DTLS" in package description.
  * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
    it spuriously fails on about half of the buildds.

gnutls28 (3.1.0-1) experimental; urgency=low

  * New upstream release.
    + Bump nettle build-dep to >= 2.5.
    + Bump shlibs.

gnutls28 (3.0.22-2) unstable; urgency=low

  * Upload to unstable. This is a leaf-package, experimental should get
    3.1.0.

gnutls28 (3.0.22-1) experimental; urgency=low

  * New upstream version.

gnutls28 (3.0.21-1) experimental; urgency=low

  * New upstream version.
    + Drop 35_s390buildfix.diff.
  * Bump shlibs (new functions added.)

gnutls28 (3.0.20-3) unstable; urgency=low

  * 35_s390buildfix.diff - Fixes test-suite error on s390x.

gnutls28 (3.0.20-2) unstable; urgency=low

  * Upload to unstable.

gnutls28 (3.0.20-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs (new functions added.)
  * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
    CLOCK_MONOTONIC now. #662018

gnutls28 (3.0.19-2) unstable; urgency=low

  * Upload to unstable.

gnutls28 (3.0.19-1) experimental; urgency=low

  * New upstream version.
    + libgnutls: When decoding a PKCS #11 URL the pin-source field
      is assumed to be a file that stores the pin. (LP: #929108)
    + Drop 31_killchild.diff, included upstream.

gnutls28 (3.0.18-2) unstable; urgency=low

  * Upload to unstable.

gnutls28 (3.0.18-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.
  * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
    build to hang.

gnutls28 (3.0.17-2) unstable; urgency=low

  * Upload to unstable.

gnutls28 (3.0.17-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

gnutls28 (3.0.15-2) experimental; urgency=low

  * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
    support for CLOCK_MONOTONIC is missing there. (See #662018.)

gnutls28 (3.0.15-1) experimental; urgency=low

  * New upstream version.
    + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
      31_provide-accurate-value-to-select.patch)
    + Includes fix for CVE-2012-1573.
  * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
  * Bump libgnutls-dev dependency on libp11-kit-dev.

gnutls28 (3.0.14-1) experimental; urgency=low

  * New upstream version.
    + Drop 30_force-kill-of-child.diff.
  * Pull 30_microseconds-does-not-overflow.patch and
    31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
    error (tests/mini-loss) on kfreebsd-*.

gnutls28 (3.0.13-1) experimental; urgency=low

  * New upstream version.
    + bump libp11-kit-dev build-dep. to >= 0.11.
    + drop 30_guilegnutlserrorcodes.diff.
  * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
  * Use and link against Debian's packaged version of autogen/libopts.
    + B-d on autogen.
    + remove autogen-generated files (*.c, *.h) on clean. autogen requires
      that the system headers are at least of the same version as the
      one which was used to generate the files from their respective .def
      sources.
  * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
  * Bump shlibs.

gnutls28 (3.0.12-2) unstable; urgency=low

  * De-multiarch guile-gnutls. Closes: #658110

gnutls28 (3.0.12-1) unstable; urgency=low

  * New upstream version.
  * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
    testsuite error.
  * Update debian/copyright.
  * Bump shlibs. (OCSP support)
  * Add trivial ocsptool manpage.

gnutls28 (3.0.11-1) unstable; urgency=low

  * New upstream version.

gnutls28 (3.0.10-1) unstable; urgency=low

  * Drop guile-gnutls.README.Debian - binary guile modules are no longer
    directly installed in $libdir.
  * New upstream version.
    + Drop patches/30_correctly-set-the-odd-bits.patch.
    + gnutls_random_art() added. Update copyright, bump shlibs.
    + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
      Closes: #652552

gnutls28 (3.0.9-2) unstable; urgency=low

  * [20_test-select.diff] Do not run gnulib test-select test anymore. The
    test fails on kfreebsd-i386, the gnutls library does not use select().
  * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
  * Upload to unstable.

gnutls28 (3.0.9-1) experimental; urgency=low

  * New upstream version.
  * Include guile-gnutls package.
  * Bump shlibs.

gnutls28 (3.0.8-2) unstable; urgency=low

  * First upload to unstable.
    + Disable openssl-wrapper package, let it be provided by gnutls26 until
      gnutls28 is in testing.
    + Disable gnutls-guile package, let it be provided by gnutls26 until
      gnutls28 is in testing.

gnutls28 (3.0.8-1) experimental; urgency=low

  * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
    guile related FTBFS on these architectures.
    See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
  * New upstream version.
    + Bump shlibs.

gnutls28 (3.0.7-1) experimental; urgency=low

  * New upstream version.
    + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
  * Drop 20_addGNU-stack.diff, included upstream.
  * loadable Guile module no longer installed directly to $libdir but to
    $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
    Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
    DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
  * gnutls-extra is removed upstream, there is no need anymore to manually
    remove the bits and pieces in debian/rules.

gnutls28 (3.0.4-2) experimental; urgency=low

  * Drop libgnutls-dev.README.Debian, the information provided there stopped
    being relevant in 2.7.12.
  * Delete superfluous info from debian/README.source.
  * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
    seem to be possible.
    http://lists.debian.org/debian-devel/2011/10/msg00332.html
  * Simplify dependencies:
    + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
      also provided by gnutls26' libgnutls-dev).
    + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
      gnutls-dev (<< 0.4.0-0), libgnutls11-dev.

gnutls28 (3.0.4-1) experimental; urgency=low

  * New upstream version.
    + bump shlibs.
    + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
  * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
  * [20_addGNU-stack.diff] Add GNU-stack note to newly added
    padlock-common.s.
  * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
    be packaged for Debian again when it provides functionality.
  * Update debian/copyright, accelerated assembly code is non-FSF copyright.
  * Add crywrap.8 manpage.

gnutls28 (3.0.3-1) experimental; urgency=low

  * New upstream version. (Includes a fix for #640639)
  * Bump shlibs.

gnutls28 (3.0.2-1) experimental; urgency=low

  * Update debian/copyright for crywrap.
  * Since libgnutls*-dbg contains debugging symbols of helper applications
    libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
    Conflicts.
  * New upstream version. It also includes the fixes for #638586 (Correct
    parsing of XMPP subject alternative names) and #638595
    (gnutls_certificate_set_x509_key() and
    gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
    release of the private key during the lifetime of the certificate
    structure.)
  * Configure with --enable-gtk-doc, the included API reference is incomplete
    in the tarball.
  * [lintian] Get rid of binary-control-field-duplicates-source field
    warnings.
  * [lintian] Add description header to 14_version_gettextcat.diff
  * Bump shlibs.

gnutls28 (3.0.1-1) experimental; urgency=low

  * Update Vcs-Svn and Vcs-Browser for new source package name.
  * New upstream version.
    + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
  * Bump build-dependency on libp11-kit-dev to (>= 0.4).
  * Drop 20_executablestack.diff, included upstream.
  * Includes crywrap(8), an application that proxies TLS session to a port
    using a plaintext service. 
  * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
  * Bump shlibs. (New flags).

gnutls28 (3.0.0-2) experimental; urgency=low

  * Add missing b-d on chrpath.
  * Search for .xz instead of .bz2 in watchfile.

gnutls28 (3.0.0-1) experimental; urgency=low

  * Drop gcrypt related patches (16_unnecessarydep.diff
    17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
    20_gcrypt15compat.diff), update remaining one
    (14_version_gettextcat.diff).
  * Build against nettle and p11-kit.
    + Update DEB_CONFIGURE_EXTRA_FLAGS.
    + Update (Build-)Depends. (Add pkg-config, it is used for locating
      p11-kit.)
  * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
    libgnutls28.
  * Drop libgnutls Breaks, they are superfluous after the soname change.
  * Delete config.log on clean.
  * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
    assembly files.
  * Delete unneccessary rpath entries.
  * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
    NEWS entry for this license change.
  * Move gnutls-extra library to separate package.

gnutls26 (2.12.7-4) unstable; urgency=low

  * Upload to unstable.
  * Point watch file to stable release directory.
  * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
    Libs.private. Closes: #632891
  * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)

gnutls26 (2.12.7-3) experimental; urgency=low

  [ Simon Josefsson ]
  * Fix Debian BTS URL in --with-packager-bug-reports option.

  [ Andreas Metzler ]
  * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.

gnutls26 (2.12.7-2) experimental; urgency=low

  * Stop shipping libtool la files.
  * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
    + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
      *.install accordingly.
    + Bump cdbs Build-Depends to 0.4.93 (required for expanding
      $(DEB_HOST_MULTIARCH)).
    + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
    + runtime libraries and guile-wrapper are Multi-Arch: same with 
      Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
      Multi-Arch: foreign, -dev and -dbg remain unchanged.
    + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
      package. It contains debugging symbols for both library and helper
      binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
      co-installable with itself.

gnutls26 (2.12.7-1) experimental; urgency=low

  * New upstream version.
  * Update 17_ignoretestsuitteerrors.diff.
  * A new version of pokerth has been uploaded to sid, update libgnutls26
    Breaks accordingly.

gnutls26 (2.12.6.1-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs, global_set_time_function() was added.
  * Stop setting CFLAGS += -Wall, it is set by default again.
  * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
    errors.

gnutls26 (2.12.5-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs, gnutls_x509_crq_verify() was added.

gnutls26 (2.12.4-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs. (gnutls_certificate_get_issuer() added).

gnutls26 (2.12.3-1) experimental; urgency=low

  * New upstream version.
  * Drop patches included upstream: [18_restoreHMAC-MD5.diff]

gnutls26 (2.12.2-2) experimental; urgency=low

  * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
    for compatibility. Closes: #623001

gnutls26 (2.12.2-1) experimental; urgency=low

  * New upstream version.
  * [lintian] Drop article from short package descriptions.

gnutls26 (2.12.1-1) experimental; urgency=low

  * New upstream version.
    + certtool: Generated certificate request with stricter permissions.
      Closes: #619746
  * Drop superfluous patches:
    17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
    19_uninitializedvar.diff 20_access_freedmemory.diff
  * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
    need a binNMU when gnutls 2.12.x uploaded to unstable.

gnutls26 (2.12.0-1) experimental; urgency=low

  * New upstream stable release.
    + Drop superceded patches 17_goldhotfix.patch
      18_libgnutls-openssl_soname.diff.
  * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
    17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
    19_uninitializedvar.diff 20_access_freedmemory.diff

gnutls26 (2.11.7-2) experimental; urgency=low

  * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
    versioning: 27:0:0).
  * Split off libgnutls-openssl to a separate package, since the sonames are
    not in sync anymore.

gnutls26 (2.11.7-1) experimental; urgency=low

  * New upstream version (rc for 2.12)
    + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
    + Bump shlibs.
  * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.

gnutls26 (2.11.6-2) experimental; urgency=low

  * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
    on big endian architectures.

gnutls26 (2.11.6-1) experimental; urgency=low

  * Development release.
  * Continue building against libgcrypt, run configure with --with-libgcrypt.
  * Refresh patches/15_fixgnutlspc.diff.
  * Set --with-packager* options.
  * Install newly available p11tool binary.
  * Bump libgcrypt11-dev Build-Depends.
  * C++ wrapper soname bump, change package name accordingly.
  * Bump shlibs.
  * Update debian/copyright.
  * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
    seem to set it by default.

gnutls26 (2.10.5-3) unstable; urgency=medium

  * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.

gnutls26 (2.10.5-2) unstable; urgency=low

  * Stop shipping libtool la files.

gnutls26 (2.10.5-1) unstable; urgency=low

  * New upstream bugfix release.
    + Drop 15_fixgnutlspc.diff, included upstream.
  * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
    seem to set it by default.

gnutls26 (2.10.4-2) unstable; urgency=low

  * Use debhelper compatibility level 7.
  * Merge in changes from 2.8.6-1:
    + Use dh_lintian.
    + Use dh_makeshlibs for the guile stuff, too. This gets us 
      a) ldconfig in postinst. Closes: #553109
      and
      b) a shlibs file.
      However the shared objects /usr/lib/libguile-gnutls*so* are still not
      designed to be used as libraries (linking) but are dlopened. guile-1.10
      will address this issue by keeping this stuff in a private directory.
    + hotfix pkg-config files (proper fix to be included upstream).
    + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
      Closes: #405239
   * Upload to unstable.

gnutls26 (2.10.4-1) experimental; urgency=low

  * New upstream release. V1 CAs are trusted by default.

gnutls26 (2.10.3-1) experimental; urgency=low

  * Drop workaround for 519006, binutils is fixed even in squeeze.
  * New upstream bugfix release.

gnutls26 (2.10.2-1) experimental; urgency=low

  * New upstream version.
    + Fix asynchronous API handling. Closes: #588187
    + certtool does not crash on reading from /dev/null anymore.
      Closes: #588029
  * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.

gnutls26 (2.10.1-1) experimental; urgency=low

  * Update package descriptions. Closes: #588067
  * New upstream version.

gnutls26 (2.10.0-2) experimental; urgency=low

  * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
    libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
    support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
    (2.31.2-1) not yet. Closes: #587755

gnutls26 (2.10.0-1) experimental; urgency=low

  * New upstream stable release.
  * Point watchfile to stable releases.

gnutls26 (2.9.12-2) experimental; urgency=low

  * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
    without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
    useless and almost empty package on these archs.)
  * Drop ancient workaround for gcc bug on hppa.
    http://bugs.debian.org/128036

gnutls26 (2.9.12-1) experimental; urgency=low

  * New upstream version.

gnutls26 (2.9.11-1) experimental; urgency=low

  * New upstream version.
  * Drop 15_gnutlspriority.diff, superseded.

gnutls26 (2.9.10-2) experimental; urgency=low

  * [15_gnutlspriority.diff] Restore compatibility with programs using 
    gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
    Closes: #579831

gnutls26 (2.9.10-1) experimental; urgency=low

  * New upstream version.
  * New functions added, bump shlibs.

gnutls26 (2.9.9-1) experimental; urgency=low

  * Package upstream development branch for experimental.
  * Track development versions in watchfile.
  * Package C++ wrapper again. Closes: #548637

gnutls26 (2.8.6-1) unstable; urgency=low

  * Use dh_lintian.
  * Use dh_makeshlibs for the guile stuff, too. This gets us 
    a) ldconfig in postinst. Closes: #553109
    and
    b) a shlibs file.
    However the shared objects /usr/lib/libguile-gnutls*so* are still not
    designed to be used as libraries (linking) but are dlopened. guile-1.10
    will address this issue by keeping this stuff in a private directory.
  * hotfix pkg-config files (proper fix to be included upstream).
  * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff

gnutls26 (2.8.5-2) unstable; urgency=low

  * Add a huge bunch of lintian overrides for the guile stuff to make dak
    happy.

gnutls26 (2.8.5-1) unstable; urgency=low

  * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
  * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
    orig.tar.bz2 without repacking it to gz.
  * New upstream version.
    + Drop patches/20_fixtimebomb.diff.

gnutls26 (2.8.4-2) unstable; urgency=high

  * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

gnutls26 (2.8.4-1) unstable; urgency=low

  * New upstream version.
    + Drop debian/patches/15_openpgp.diff.
  * Sync priorities with override file, libgnutls26 has been bumped from
    important to standard.

gnutls26 (2.8.3-3) unstable; urgency=low

  * Empty dependency_libs in la-files. (Squeeze release goal.)

gnutls26 (2.8.3-2) unstable; urgency=low

  * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
    openpgp connections.

gnutls26 (2.8.3-1) unstable; urgency=high

  * New upstream version.
    + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
      was built against. Closes: #540449
    + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
      certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
      http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
  * Drop 15_chainverify_expiredcert.diff, included upstream.
  * Urgency high, since 541439 applies to testing, too.

gnutls26 (2.8.1-2) unstable; urgency=low

  [ Simon Josefsson ]
  * Remove cruft in rules file.
  * Remove patches/15_tasn1inpc.diff, not needed.

  [ Andreas Metzler ]
  * Finally add an entry to the NEWS.Debian file concerning the deprecation of
    RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
  * Upload to unstable.
  * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
    Fix testsuite error caused by expired certificate.

gnutls26 (2.8.1-1) experimental; urgency=low

  * New upstream stable release.

gnutls26 (2.7.14-1) experimental; urgency=low

  * [debian/control] set section setting of source package to libs instead of
    devel.
  * New upstream version.
    + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
    + Bump shlibs, new symbols added.

gnutls26 (2.7.12-1) experimental; urgency=low

  * Fix typo in changelog. Closes: #526427
  * New upstream release.
    + Does not ship the scripts libgnutls-extra-config and libgnutls-config
      and the .m4 snippet to use it anymore. Please switch to pkg-config or
      standard autoconf test. Drop manpages and
      both patches/13_lessdeps_gnutls-config.diff and
      patches/13_lessdeps_gnutls-config.diff from the debian diff.
    + Update remaining patches.
    + Bump shlibs, new symbols added.
  * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
    already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
    GNUTLS_2_8.
  * New upstream uses separate ./configure scripts for the different
    libraries. Invoke the main ./configure script with
    --cache-file=$(CURDIR)/config.cache to speed things up.

gnutls26 (2.6.6-1) unstable; urgency=high

  * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
    way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
  * New upstream security release.
    + libgnutls: Corrected double free on signature verification failure.
      GNUTLS-SA-2009-1 CVE-2009-1415
    + libgnutls: Fix DSA key generation. Noticed when investigating the
      previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
      2.6.x are corrupt.  See the advisory for more details.
      GNUTLS-SA-2009-2 CVE-2009-1416
    + libgnutls: Check expiration/activation time on untrusted certificates.
      Before the library did not check activation/expiration times on
      certificates, and was documented as not doing so.
      GNUTLS-SA-2009-3 CVE-2009-1417
   * The former two issues only apply to gnutls 2.6.x. The latter is a
     behavior change, add a NEWS.Debian file to document it.

gnutls26 (2.6.5-1) unstable; urgency=low

  * Sync sections in debian/control with override file. libgnutls26-dbg is
    section debug, guile-gnutls is section lisp.
  * New upstream version. (Needed for Libtasn1-3 2.0)
  * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
  * Standards-Version: 3.8.1, no changes required.

gnutls26 (2.6.4-2) unstable; urgency=low

  * Upload to unstable.
  * Merge changelog entries from unstable and experimental.

gnutls26 (2.6.4-1) experimental; urgency=low

  * New upstream version.

gnutls26 (2.6.3-1) experimental; urgency=low

  * New upstream version.
    + Corrects bug gnutls-cli which caused a rehandshake request
      to be ignored. Closes: #396867
  * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)

gnutls26 (2.6.2-2) experimental; urgency=low

  * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
    correct certificate chains were not recognized as verified.
    Closes: #507633
  * [lintian] Add ${misc:Depends} to multiple dendency lines.

gnutls26 (2.6.2-1) experimental; urgency=low

  * New upstream version.
    + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
    + Drop 20_fix_501077.diff.
  * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
    there.
  * Add Simon Josefsson to uploaders.

gnutls26 (2.6.0-1) experimental; urgency=low

  * New upstream stable release.
  * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
    gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077

gnutls26 (2.5.9-1) experimental; urgency=low

  * New upstream development version.
  * Bump shlibs.

gnutls26 (2.4.2-6) unstable; urgency=medium

  * New patches, syncing with 2.4.3 upstream oldstable release:
    + 24_intermedcertificate.patch If a non-root certificate ist trusted
      gnutls certificateificate verification stops there instead of checking
      up to the root of the certificate chain.
    + 22_whitespace.patch - Whitespace only changes, to make it possible to
      apply upstream fixes without manual changes. 
    + 25_bufferoverrun.patch. Fix buffer overrun bug in
      gnutls_x509_crt_list_import.
      http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e

gnutls26 (2.4.2-5) unstable; urgency=low

  * Pull two patches from upstream stable branch to make gnutls behavior
    match documentation:
   + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
     certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
     GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
   + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
     certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
     GNUTLS_CERT_INSECURE_ALGORITHM verification output.
     CVE-2009-2409

gnutls26 (2.4.2-4) unstable; urgency=medium

  * Add Simon Josefsson to uploaders.
  * Another fix for the verification fix. Some correct certificate chains were
    not recognized as verified. Closes: #507633

gnutls26 (2.4.2-3) unstable; urgency=low

  * Fix a crash on trying to verify self-signed certificates introduced by the
    patch for CVE-2008-4989. Closes: #505279

gnutls26 (2.4.2-2) unstable; urgency=medium

  * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
    verification. CVE-2008-4989 GNUTLS-SA-2008-3

gnutls26 (2.4.2-1) unstable; urgency=low

  * New upstream bugfix release.
  * Up to date gnutls-cli manpage. Closes: #492775

gnutls26 (2.4.1-1) unstable; urgency=medium

  * New upstream version, fixing a local denial of service vulnerability only
    present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377

gnutls26 (2.4.0-2) unstable; urgency=low

  * Standards version 3.8.0. Rename README.source_and_patches to README.source.
  * Upload to unstable.
  * Point watchfile to stable releases again.
  * Merge experimental and unstable changelog.

gnutls26 (2.4.0-1) experimental; urgency=low

  * New upstream stable release.
  * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.

gnutls26 (2.3.15-1) experimental; urgency=low

  * New upstream version. (rc4)
    Disables 'openpgp-certs' tests. Closes: #486269

gnutls26 (2.3.14-1) experimental; urgency=low

  * New upstream version. (rc3)

gnutls26 (2.3.13-1) experimental; urgency=low

  * New upstream version. 2nd rc for 2.4.0.
  * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.

gnutls26 (2.3.12-1) experimental; urgency=low

  * New upstream version. Bump shlibs.
  * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
  * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
    failure on sparc.

gnutls26 (2.3.11-1) experimental; urgency=low

  * New upstream version.
    + Fixes three security vulnerabilities.
      [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
      <http://www.gnu.org/software/gnutls/security.html>.
      CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    + Fixes subjectAltName wildcard matching. Closes: #479174
    + certtool now writes keyfiles with 0600 permissions. Closes: #373169

gnutls26 (2.2.5-1) unstable; urgency=high

  * New upstream version.
    Fixes three security vulnerabilities.
    [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
    <http://www.gnu.org/software/gnutls/security.html>.
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1

gnutls26 (2.3.9-1) experimental; urgency=low

  * New upstream development version.
    - OpenPGP support merged into libgnutls and is now licensed under LGPL.
      The included copy of OpenCDK has been stripped down and re-licensed
      under the LGPL. Using the external OpenCDK is not supported anymore, the
      external library will not be maintained anymore. Drop respective
      (build-)depends.
    - API extended, bump shlibs.
    - certtool asks for password confirmation. Closes: #364287
    - performance enhancements for gnutls_certificate_set_x509_trust_file.
      Closes: #400448
    - gnutls-cli: exits when hostname doesn't match certificate.
      Use --insecure to avoid hostname comparison.
  * For paranoia sake build with -D_REENTRANT even if upstream has stopped
    doing so.
  * [debian/copyright] : update, and stop including a GFDL copy.
  * Point watchfile to development versions.

gnutls26 (2.2.3-1) unstable; urgency=low

  * New upstream stable release.
    - --priority is documented in gnutls-cli(1) manpage. Closes: #467051

gnutls26 (2.2.3~rc-1) unstable; urgency=low

  * New upstream version. Release candidate for 2.2.3.
    + Increase default handshake packet size limit to 48kb. Closes: #478191
  * remove unsupported .l command from debian/libgnutls-config.1
  * Use Programming/C as doc-base section.

gnutls26 (2.2.2-1) unstable; urgency=low

  * New upstream version.
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
    strings and return the proper size.
    corrected string handling in parse_general_name.
    Closes: #465197
  * Point watchfile to ftp.gnutls.org.
  * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.

gnutls26 (2.2.1-3) unstable; urgency=low

  * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
    gnutls guile wrapper on ia64.

gnutls26 (2.2.1-2) unstable; urgency=low

  * Add Vcs-Svn: and Vcs-Browser control fields.
  * Upload to unstable.

gnutls26 (2.2.1-1) experimental; urgency=low

  * New upstream version.
  * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
    there.
  * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
    packages contain gnutls-bin debugging symbols. Closes: #459295.

gnutls26 (2.2.0-1) experimental; urgency=low

  * New upstream version.
    License change! Main library stays LGPLv2.1+ but libgnutls-extra,
    libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
    updated.
  * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
    versions were GPLv2+) and this license is not compatible with GPLv3+.
  * Non packaged 2.1.8 introduced new symbol
    gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
  * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
  * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
    DSA2 support. Closes: #455513
  * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.

gnutls26 (2.1.7-1) experimental; urgency=low

  * New upstream version.
    - Another soname bump. Packages renamed.
  * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
    dak does not allow that yet.
  * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
    libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035

gnutls25 (2.1.6-2) experimental; urgency=low

  * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
    experimental buildds happy.

gnutls25 (2.1.6-1) experimental; urgency=low

  * New upstream version. API changes! Please consult
    /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
    removed (mainly *_authz_*) and changed interfaces.
    This is the first release canddate for 2.2. The deprecation of
    gnutls_set_default_priority() is supposed to be undone before the final
    stable release.
  * Bump build-depends.
  * Stop building and shipping the C++ library, since nobody is using it. I
    will happly re-add it if requested.
  * Add Homepage field to debian/control.
  * Build and ship Guile bindings. Requested by Ludovic Courtès who also
    provided the initial patch. (On a sidenote I think guile generally does
    not do the right thing by throwing dlopened modules into /usr/lib/.)
  * Update debian/copyright.

gnutls13 (2.0.1-1) unstable; urgency=low

  * New upstream version.
  * Remove doc/*.info* on clean to allow building thrice in a row.
    (Closes: #441740)

gnutls13 (1.7.19-1) unstable; urgency=low

  * New upstream version 1.7.19.
    - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
      This takes of care of the mutt breakage. Closes: #439640

gnutls13 (1.7.18-2) unstable; urgency=low

  * Upload to unstable

gnutls13 (1.7.18-1) experimental; urgency=low

  * New upstream version 1.7.18, release candidate for 2.0.
  * Bump shlibs, since functions have been added.
  * Image files renamed upstream with gnutls- prefix and symlinked to
    /usr/share/info/ in Debian package. Closes: #423577

gnutls13 (1.7.16-1) experimental; urgency=low

  * New upstream version 1.7.16.

gnutls13 (1.7.14-1) experimental; urgency=low

  * New upstream version
    - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183

gnutls13 (1.7.12-1) experimental; urgency=low

  * New upstream version 1.7.12
    - Fixes memory errors in certificate parsing. Closes: #333050
  * Bump shlibs, due to API extensions in 1.7.10.
  * Rebuilding of docs simpified, strip debian/README.source_and_patches to
    reflect that.

gnutls13 (1.7.9-1) experimental; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
  * New upstream version.
    - Uses opencdk10 (0.6.x).
    - Improved gnutls_set_default_priority() priorities, with matching correct
      docs. (Closes: #422024)
    - bumped shlibs.
  * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
    twice in a row on the same sourcetree. (Closes: #424357) Document what is
    needed to rebuild doc/gnutls.pdf in README.source_and_patches.

gnutls13 (1.7.7-1) experimental; urgency=low

  * New development upstream version 1.7.7.
    - Point watchfile to development versions.
    - Bump shlibs for added APIs.
    - Includes German translation. (Closes: #392857)

gnutls13 (1.6.3-1) unstable; urgency=low

  * New upstream version, pulling selected fixes and features from 1.7.x.
  * Bump shlibs.

gnutls13 (1.6.2-2) unstable; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)

gnutls13 (1.6.2-1) unstable; urgency=low

  * New upstream version
    - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
      certificates, since it contains a regenerated pkix_asn1_tab.c.
    - Ship German translation. Closes: #392857

gnutls13 (1.6.1-2) unstable; urgency=low

  * [gnutls-bin.install] Ship psktool.
  * Ship gettext translations in deb package, but as gnutls13.mo instead of
    gnutls.mo.
  * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
    changelog entries after branchoff. Point watchfile to stable upstream
    versions again.
  * Drop dependency of libgnutls13-dbg on libgnutlsxx13.

gnutls13 (1.6.1-1) experimental; urgency=low

  [ James Westby ]
  * New upstream release.

gnutls13 (1.6.0-1) experimental; urgency=low

  * New upstream version.

gnutls13 (1.5.3-1) experimental; urgency=low

  [ Andreas Metzler ]
  * Fix debian/copyright.
    - Do not use "copyright" as title of a paragraph listing licenses.
      (Closes: #290194)
    - Add a copy of the FDL 1.2 to debian/copyright.
  * New upstream version 1.5.3.
  * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
  * Drop code for re-libtoolizing and running auto* from debian/rules, it is
    unused and would not work anymore. (We can later grab the from SVN and
    update it to make work if we ever need it.)

gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low

  [ Andreas Metzler ]
  * Add a watchfile.
  * New upstream development version.
    - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
    - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
      broken.
    - Drop unneeded patches/16_libs.private_gnutls.diff
      patches/16_libs.private_gnutls-extra.diff
    - Point watchfile to development versions.
    - Builds a C++ library.
  * Switch to debhelper v5 mode to be able to ship debug symbols of
    libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
  * Branched off from 1.4.4-1.

gnutls13 (1.4.4-3) unstable; urgency=low

  * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
       When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
       version, try to negotiate the highest version support by the GnuTLS
       server, instead of the lowest.

gnutls13 (1.4.4-2) unstable; urgency=low

  [ Andreas Metzler ]
  * Add a watchfile.
  * Fix debian/copyright.
    - Do not use "copyright" as title of a paragraph listing licenses.
      (Closes: #290194)
    - Add a copy of the FDL 1.2 to debian/copyright.

gnutls13 (1.4.4-1) unstable; urgency=high

  [ Andreas Metzler ]
  * New upstream version 1.4.4
    - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
      crash mutt. (closes: #386725)
      GNUTLS-SA-2006-4 is CVE-2006-4790.

gnutls13 (1.4.3-2) unstable; urgency=low

  * the lesser of two weevils release.
  [ Andreas Metzler ]
  * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
    various programs, including mutt. (closes: #386680)

gnutls13 (1.4.3-1) unstable; urgency=high

  [ Andreas Metzler ]
  * New upstream version 1.4.3.
    - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
      rump session attack. GNUTLS-SA-2006-4
    - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
      GNUTLS-SA-2006-3
    - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.

gnutls13 (1.4.2-1) unstable; urgency=medium

  [ Andreas Metzler ]
  * New upstream bugfix release.
    - Fixes a crash in the certificate verification logic.

gnutls13 (1.4.1-1) unstable; urgency=low

  [ James Westby ]
  * New upstream release.
  * Remove the following patches as they are now included upstream:
    - 10_certtoolmanpage.diff
    - 15_fixcompilewarning.diff
    - 30_man_hyphen_*.patch
  * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
    gnutls-api so that devhelp can find it.

gnutls13 (1.4.0-3) unstable; urgency=low

  [ Andreas Metzler ]
  * Strip "libgnutls-config --libs"' output to only list stuff required for
    dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
    README.Debian.
  * Pull patches/16_libs.private_gnutls.diff and
    debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
    pkg-config usable for static linking.

gnutls13 (1.4.0-2) unstable; urgency=low

  [ Andreas Metzler ]
  * Set maintainer to alioth mailinglist.
  * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
    handles this. Build-Depend on autotools-dev.
  * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
  * Use cdbs' simple-patchsys.mk.
    - add debian/README.source_and_patches
    - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
  * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
  * Also ship css-, devhelp- and sgml files in gnutls-doc.
  * patches/15_fixcompilewarning.diff correct order of funtion arguments.

  [ James Westby ]
  * This release allows the port to be specified as the name of the service
    when using gnutls-cli (closes: #342891)

gnutls13 (1.4.0-1) experimental; urgency=low

  * New maintainer team. Thanks, Matthias for all the work you did.
  * Re-add gnutls-doc package, featuring api-reference as manual pages and
    html, and reference manual in html and pdf format.
    (closes: #368185,#368449)
  * Fix reference to gnutls0.4-doc package in debian/copyright. Update
    debian/copyright and include actual copyright statements.
    (closes: #369071)
  * Bump shlibs because of changes to extra.h
  * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
    generate the necessary directories.
  * Drop debian/NEWS.Debian as it only talks about the move of the (since
    purged) gnutls-doc package to contrib a long time ago.
    (Thanks Simon Josefsson, for these suggestions.)
  * new upstream version. (closes: #368323)
  * clean packaging against upstream tarball.
    - Drop all patches, except for fixing error in certtool.1 and setting
      gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
    - Add  --enable-ld-version-script
      to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
      patching ./configure.in.
    (closes: #367358)
  * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
  * Build against external libtasn1-3. (closes: #363294)
  * Standards-Version: 3.7.2, no changes required.
  * debian/control and override file are in sync with respect to Priority and
    Section, everthing except libgnutls13-dbg already was. (closes: #366956)
  * acknowledge my own NMU. (closes: #367065)
  * libgnutls13-dbg is nonempty (closes: #367056)

gnutls13 (1.3.5-1.1) unstable; urgency=low

  * NMU
  * Invoke ./configure with --with-included-libtasn1 to prevent accidental
    linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
    contained libtasn1.so.3 and force gnutls13 to use the internal version of
    libtasn instead until libtasn1-3-dev is uploaded. Drop broken
    Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
  * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
    of --dbg-package=libgnutls12. (closes: #367056)

gnutls13 (1.3.5-1) unstable; urgency=low

  * New Upstream version.
    - Security fix.
    - Yet another ABI change.
  * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
  * Let -dev package depend on liblzo-dev (closes:#347438)
  * Fix certtool help output (closes:#338623)

gnutls12 (1.2.9-2) unstable; urgency=low

  * Install /usr/lib/pkgconfig/*.pc files.
  * Depend on texinfo (>= 4.8, for the @euro{} sign).

gnutls12 (1.2.9-1) unstable; urgency=low

  * New Upstream version.

gnutls12 (1.2.8-1) unstable; urgency=low

  * New Upstream version.
    - depends on libgcrypt11 1.2.2
  * Bumped shlibs version, just to be on the safe side.

gnutls12 (1.2.6-1) unstable; urgency=low

  * New Upstream version.
  * Remove Provides: on libgnutls11-dev.
    Hopefully this will be temporary (pending discussion with Upstream).

gnutls12 (1.2.5-3) unstable; urgency=high

  * Updated libgnutls12.shlibs file.
    Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
    Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                  dependencies on this library

gnutls12 (1.2.5-2) unstable; urgency=medium

  * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
    Added an explicit dependency as a stopgap fix.

gnutls12 (1.2.5-1) unstable; urgency=low

  * Merged with the latest stable release.
  * Renamed to gnutls12.
    - Changed the library version strings to GNUTLS_1_2.
    - Renamed the development package back to "libgnutls-dev".

gnutls11 (1.0.19-1) experimental; urgency=low

  * Merged with the latest stable release.

gnutls11 (1.0.16-13) unstable; urgency=high

  * Fixed an ASN.1 extraction error.
    Found by Pelle Johansson <morth@morth.org>.

gnutls11 (1.0.16-12) unstable; urgency=high

  * Fixed a segfault in certtool. Closes: #278361.

gnutls11 (1.0.16-11) unstable; urgency=medium

  * Merged binary (non-UF8) string printing code from Upstream.
  * Password code in certtool was somewhat broken.

gnutls11 (1.0.16-10) unstable; urgency=high

  * Fixed one instance of uninitialized memory usage.

gnutls11 (1.0.16-9) unstable; urgency=high

  * Pulled from Upstream CVS:
    - Fix two memory leaks.
    - Fix NULL dereference.

gnutls11 (1.0.16-8) unstable; urgency=high

  * Pulled these changes from Upstream CVS:
    - Added default limits in the verification of certificate chains,
      to avoid denial of service attacks.
    - Added gnutls_certificate_set_verify_limits() to override them.
    - Added gnutls_certificate_verify_peers2().

gnutls11 (1.0.16-7) unstable; urgency=low

  * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
    Thanks to joeyh@debian.org for reporting this problem.

gnutls11 (1.0.16-6) unstable; urgency=medium

  * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
    - Closes: #264420

gnutls11 (1.0.16-5) unstable; urgency=low

  * Depend on current libtasn1-2 (>= 0.2.10).
    - Closes: #264198.
  * Fixed maintainer email to point to Debian address.

gnutls11 (1.0.16-4) unstable; urgency=low

  * The OpenSSL compatibility library has been linked incorrectly
    (-ltasn1 was missing).
  * Need to build-depend on current opencdk8 and libtasn1-2 version.

gnutls11 (1.0.16-3) unstable; urgency=high

  * Documentation no longer includes LaTeX-produced output
    (the source contains latex2html-specific features, which is non-free).
  * Urgency: High because of pending base freeze.

gnutls11 (1.0.16-2) unstable; urgency=high

  * Actually *enable* debug symbols :-/
  * Urgency: High for speedy inclusion in d-i

gnutls11 (1.0.16-1) experimental; urgency=low

  * Update to latest Upstream version.
  * now depends on libgcrypt11
  * Include debugging package
  * Use hevea, not latex2html.

gnutls10 (1.0.4-4) unstable; urgency=low

  * New maintainer.
  * Run autotools at source package build time.
    - Closes: #257237: FTBFS (i386/sid): aclocal failed
  * Remove "package is still changed upstream" warning.
  * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.

gnutls10 (1.0.4-3) unstable; urgency=low

  * control: Changed the build dependency and the dependency of
    libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
    libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
    could cause linking against two versions of libgcrypt.

gnutls10 (1.0.4-2) unstable; urgency=low

  * libgnutls-doc.doc-base: Removed HTML manual listing.
  * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
    Jordi :)

gnutls10 (1.0.4-1) unstable; urgency=low

  * New upstream release  (Closes: #227527)
      * The new documentation in libgnutls-doc fixes several typo's and
        style glitches:  
        Closes: #215772: inconsistent auth method list in manual
        Closes: #215775: dangling footnote on page 14 of manual
        Closes: #215777: bad sentence on page 18 of manual
        Closes: #215780: incorrect info about ldaps/imaps in manual
  * rules:
      * Use --add-missing instead of --force in the call to automake.
      * Don't build gnutls.ps, use the upstream version.
        (Closes: #224846)
  * gnutls-bin.manpages: Use glob to find manpages.
  * patches/008_manpages.diff: Removed; included upstream.

gnutls10 (1.0.0-1) unstable; urgency=low

  * New upstream release.
  * Major soversion changed to 10.
  * control: Changed build dependencies of libtasn1-dev.
  * libgnutls10.shlibs: Added libgnutls-openssl to the list.

gnutls8 (0.9.99-1) experimental; urgency=low

  * New upstream release.
  * Included upstream GPG signature in .orig.tar.gz.

gnutls8 (0.9.98-1) experimental; urgency=low

  * New upstream release.
  * debian/control: libgnutls8-dev depends on libopencdk8-dev.
  * debian/libgnutls-doc.examples: Install src/*.[ch].

gnutls8 (0.9.95-1) experimental; urgency=low

  * New upstream version.

gnutls8 (0.9.94-1) experimental; urgency=low

  * New upstream version; package based on gnutls7 0.8.12-2.
  * debian/control:
      * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
  * debian/rules: Run auto* after the patches have been applied.
parent e1d89f40
No related branches found
No related tags found
No related merge requests found
Showing
with 1535 additions and 0 deletions
debian/tmp/usr/include/*
debian/tmp/usr/lib/*/libgnutls*.so
debian/tmp/usr/lib/*/libgnutls*.a
debian/tmp/usr/lib/*/pkgconfig/gnutls.pc
gnutls28 (3.0.0-1) experimental; urgency=low
GnuTLS is now using nettle instead of libgcrypt as crypto backend.
Related to this change (nettle uses LGPLv3+ licensed GMP) the licensing has
change. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. GnuTLS can therefore not
be used by projects using GPLv2 without the "or later" clause.
-- Andreas Metzler <ametzler@downhill.g.la> Sun, 14 Aug 2011 14:27:12 +0200
gnutls26 (2.6.6-1) unstable; urgency=high
libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so. We have realized that
many applications that use libgnutls, including gnutls-cli, fail to
perform proper checks. Implementing similar logic in all applications
leads to code duplication. Hence, we decided to check whether the
current time (as reported by the time function) is within the
activation/expiration period of certificates when verifying untrusted
certificates.
This changes the semantics of gnutls_x509_crt_list_verify, which in
turn is used by gnutls_certificate_verify_peers and
gnutls_certificate_verify_peers2. We add two new
gnutls_certificate_status_t codes for reporting the new error
condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
add a new gnutls_certificate_verify_flags flag,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
behaviour.
GNUTLS-SA-2009-3 CVE-2009-1417
http://www.gnu.org/software/gnutls/security.html
-- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200
gnutls26 (2.4.2-5) unstable; urgency=medium
* The gnutls certificate verification code has been changed to stop
trusting some weak algoritms. Verifying untrusted X.509 certificates
signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output.
See <http://www.win.tue.nl/hashclash/rogue-ca/>,
<http://bugs.debian.org/514578> and
<http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures>
"certtool -i < signature.pem" will inform about the algoritm used for
signing (Search for "Signature Algorithm" in its output.). The proper
fix is to re-issue the certificates with a more secure algoritm. As a
hotfix the respective certicate itself can be added to the list of
trusted certificates. Obviously this should only be done after
verifying the certificate by different means than relying on the weak
signature.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100
AUTHORS
NEWS
README
THANKS
debian/tmp/usr/lib/*/libgnutls.so.*
debian/tmp/usr/share/locale/*
This diff is collapsed.
debian/tmp/usr/lib/*/libgnutlsxx.so.*
Description: Version filename of locale data (gnutls28.mo instead of
gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
co-installable.
Author: Andreas Metzler <ametzler@debian.org>
Last-Update: 2014-05-24
--- gnutls28-3.3.2.orig/po/Makevars
+++ gnutls28-3.3.2/po/Makevars
@@ -1,7 +1,7 @@
# Makefile variables for PO directory in any package using GNU gettext.
# Usually the message domain is the same as the package name.
-DOMAIN = $(PACKAGE)
+DOMAIN = $(PACKAGE)30
# These two variables depend on the location of this directory.
subdir = po
Description: Work around guile-snarf hardcoding the at-build default compiler
which breaks when it changes ion Debian.
Author: Andreas Metzler <ametzler@debian.org>
Origin: vendor
Bug-Debian: https://bugs.debian.org/759096
Last-Update: 2014-08-24
--- gnutls28-3.3.6.orig/guile/src/Makefile.am
+++ gnutls28-3.3.6/guile/src/Makefile.am
@@ -15,6 +15,8 @@
# License along with GnuTLS; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+export CPP := @CPP@
+
GUILE_FOR_BUILD = \
GUILE_AUTO_COMPILE=0 $(GUILE) -L $(top_srcdir)/guile/modules
From 107e1df19715ffd4701bfcd3325c5cc80e5174b0 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 18 Feb 2016 09:17:17 +0100
Subject: [PATCH] src: added systemkey-args to BUILT_SOURCES
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 1901a76..fda8b9e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -25,7 +25,7 @@ BUILT_SOURCES = srptool-args.c srptool-args.h \
serv-args.c serv-args.h cli-args.c cli-args.h \
cli-debug-args.c cli-debug-args.h certtool-args.c certtool-args.h \
danetool-args.c danetool-args.h p11tool-args.c p11tool-args.h \
- tpmtool-args.c tpmtool-args.h
+ tpmtool-args.c tpmtool-args.h systemkey-args.c systemkey-args.h
if ENABLE_CRYWRAP
SUBDIRS += crywrap
--
2.7.0
From e6dcb14dbbd3e9e40a1f193a7bf6657e82b88cb9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 15 Feb 2016 09:52:10 +0100
Subject: [PATCH] tests: mini-loss-time: ensure client timeouts after the
server is
This addresses issue with the server detecting the client disconnection
prior to its timeout. Reported by Steven Chamberlain, Andreas Metzler.
---
tests/mini-loss-time.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/mini-loss-time.c b/tests/mini-loss-time.c
index 13de21e..b95f631 100644
--- a/tests/mini-loss-time.c
+++ b/tests/mini-loss-time.c
@@ -50,7 +50,7 @@ int main()
#include "utils.h"
/* This program tests whether a DTLS handshake would timeout
- * in a minute.
+ * in the expected time.
*/
static void print_type(const unsigned char *buf, int size)
@@ -136,7 +136,7 @@ static void client(int fd)
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
- gnutls_dtls_set_timeouts(session, 1 * 1000, 30 * 1000);
+ gnutls_dtls_set_timeouts(session, 1 * 1000, 31 * 1000);
/* Use default priorities */
gnutls_priority_set_direct(session,
--
2.7.0
From bbfde250fbbac0ce65569f9be1d2bc88925dcd4e Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 7 Mar 2016 09:30:44 +0100
Subject: [PATCH] tests: mini-loss-time: improved timeout detection
---
tests/mini-loss-time.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tests/mini-loss-time.c b/tests/mini-loss-time.c
index b95f631..33a5eec 100644
--- a/tests/mini-loss-time.c
+++ b/tests/mini-loss-time.c
@@ -116,7 +116,7 @@ push(gnutls_transport_ptr_t tr, const void *data, size_t len)
return send(fd, data, len, 0);
}
-static void client(int fd)
+static void client(int fd, unsigned timeout)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
@@ -136,7 +136,7 @@ static void client(int fd)
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
- gnutls_dtls_set_timeouts(session, 1 * 1000, 31 * 1000);
+ gnutls_dtls_set_timeouts(session, 1 * 1000, timeout * 1000);
/* Use default priorities */
gnutls_priority_set_direct(session,
@@ -178,7 +178,7 @@ static void client(int fd)
/* These are global */
pid_t child;
-static void server(int fd, int packet)
+static void server(int fd, int packet, unsigned timeout)
{
gnutls_anon_server_credentials_t anoncred;
gnutls_session_t session;
@@ -196,7 +196,7 @@ static void server(int fd, int packet)
gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
- gnutls_dtls_set_timeouts(session, 1 * 1000, 30 * 1000);
+ gnutls_dtls_set_timeouts(session, 1 * 1000, timeout * 1000);
/* avoid calling all the priority functions, since the defaults
* are adequate.
@@ -265,17 +265,17 @@ static void start(int server_packet, int wait_server)
/* parent */
close(fd[0]);
if (wait_server)
- server(fd[1], server_packet);
+ server(fd[1], server_packet, 30);
else
- client(fd[1]);
+ client(fd[1], 30);
close(fd[1]);
kill(child, SIGTERM);
} else {
close(fd[1]);
if (wait_server)
- client(fd[0]);
+ client(fd[0], 32);
else
- server(fd[0], server_packet);
+ server(fd[0], server_packet, 32);
close(fd[0]);
exit(0);
}
--
2.7.0
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: GnuTLS development list <gnutls-devel@lists.gnutls.org>
Subject: Re: [gnutls-devel] gnutls 3.4.10 testsuite error on amd64 (SSSE3
cipher tests failed)
Message-ID: <CAJU7zaL-5uaGwASBaqQEPnB34-k83HbALofNfNqEQwdYjmmEPw@mail.gmail.com>
On Wed, Mar 16, 2016 at 5:44 PM, Andreas Metzler <ametzler@bebt.de> wrote:
> On 2016-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org> wrote:
[...]
>> Thanks. It seems that the CPU has no SSSE3 and the test overrides the
>> cpuid to force SSSE3 usage. I'm wondering whether it is better to
>> change the test to detect cpu capabilities via /proc/cpuinfo, or
>> remove the ability to override a CPU flag if the CPU doesn't support
>> it.
> I thought that GNUTLS_CPUID_OVERRIDE was not supposed to enable
> unavailable features: "Note that CPU detection cannot be overriden,
> i.e., VIA options cannot be enabled on an Intel CPU."
Correct, and the statement is in a way precise :) Only VIA options
cannot be enabled on an Intel CPU. Let's fix that then. Does the
attached patch solves the issue in the system without ssse3?
diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index 18e3710..5cc8c00 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -76,18 +76,40 @@ unsigned int _gnutls_x86_cpuid_s[3];
static void capabilities_to_intel_cpuid(unsigned capabilities)
{
+ unsigned a,b,c,t;
+
memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
+
if (capabilities & EMPTY_SET) {
return;
}
+
+ gnutls_cpuid(1, &t, &a, &b, &c);
+
if (capabilities & INTEL_AES_NI) {
- _gnutls_x86_cpuid_s[1] |= bit_AES;
+ if (b & bit_AES) {
+ _gnutls_x86_cpuid_s[1] |= bit_AES;
+ } else {
+ _gnutls_debug_log
+ ("AESNI acceleration requested but not available\n");
+ }
}
+
if (capabilities & INTEL_SSSE3) {
- _gnutls_x86_cpuid_s[1] |= bit_SSSE3;
+ if (b & bit_SSSE3) {
+ _gnutls_x86_cpuid_s[1] |= bit_SSSE3;
+ } else {
+ _gnutls_debug_log
+ ("SSSE3 acceleration requested but not available\n");
+ }
}
- if (capabilities & INTEL_PCLMUL) { /* ecx */
- _gnutls_x86_cpuid_s[1] |= bit_PCLMUL;
+ if (capabilities & INTEL_PCLMUL) {
+ if (b & bit_PCLMUL) { /* ecx */
+ _gnutls_x86_cpuid_s[1] |= bit_PCLMUL;
+ } else {
+ _gnutls_debug_log
+ ("PCLMUL acceleration requested but not available\n");
+ }
}
}
@@ -111,19 +133,43 @@ static unsigned check_pclmul(void)
#ifdef ENABLE_PADLOCK
static unsigned capabilities_to_via_edx(unsigned capabilities)
{
+ unsigned a,b,c,t;
+
memset(_gnutls_x86_cpuid_s, 0, sizeof(_gnutls_x86_cpuid_s));
+
if (capabilities & EMPTY_SET) {
return 0;
}
- if (capabilities & VIA_PADLOCK) { /* edx */
- _gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK;
+
+ gnutls_cpuid(1, &t, &a, &b, &c);
+
+ if (capabilities & VIA_PADLOCK) {
+ if (c & via_bit_PADLOCK) {
+ _gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK;
+ } else {
+ _gnutls_debug_log
+ ("Padlock acceleration requested but not available\n");
+ }
}
- if (capabilities & VIA_PADLOCK_PHE) { /* edx */
- _gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK_PHE;
+
+ if (capabilities & VIA_PADLOCK_PHE) {
+ if (c & via_bit_PADLOCK_PHE) { /* edx */
+ _gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK_PHE;
+ } else {
+ _gnutls_debug_log
+ ("Padlock-PHE acceleration requested but not available\n");
+ }
}
- if (capabilities & VIA_PADLOCK_PHE_SHA512) { /* edx */
- _gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK_PHE_SHA512;
+
+ if (capabilities & VIA_PADLOCK_PHE_SHA512) {
+ if (c & via_bit_PADLOCK_PHE_SHA512) {
+ _gnutls_x86_cpuid_s[2] |= via_bit_PADLOCK_PHE_SHA512;
+ } else {
+ _gnutls_debug_log
+ ("Padlock-PHE-SHA512 acceleration requested but not available\n");
+ }
}
+
return _gnutls_x86_cpuid_s[2];
}
14_version_gettextcat.diff
30_guile-snarf.diff
40_src-added-systemkey-args-to-BUILT_SOURCES.patch
41_tests-mini-loss-time-ensure-client-timeouts.diff
42_mini-loss-time-improved-timeout-detection.patch
43_fix_cpucapoverride.diff
This diff is collapsed.
3.0 (quilt)
debian/upstream-signing-key.pgp
# Don't store changes on autogenerated files
extend-diff-ignore = "po/.*"
File added
version=3
opts=uversionmangle=s/(.*\d)(pre\d*)$/$1~$2/,pgpsigurlmangle=s/$/.sig/ \
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.(\d+)/gnutls-(3\.\d.*)\.(?:tgz|zip|tar\.(?:gz|bz2|xz))
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment