-
gnutls28 (3.7.1-1) unstable; urgency=medium . * New upstream version Fixes potential use-after-free in sending "key_share" and "pre_shared_key" extensions. GNUTLS-SA-2021-03-10. * Upload to unstable. . gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium . * Fix autopkgtest skiplist. . gnutls28 (3.7.0+git20210306-1) experimental; urgency=low . * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa + Drop cherry-picked patches {48,49,50}_*. + Update copyright file. . gnutls28 (3.7.0-7) unstable; urgency=medium . * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch 50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch 50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl. (Thanks to Tim Kosse for the pointer) Closes: #980119 . gnutls28 (3.7.0-6) unstable; urgency=medium . * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch with merged version from upstream GIT master. Features a fix for an assert on connection to servers which send a duplicate chain including the self-signed CA. Closes: #980513 . gnutls28 (3.7.0-5) unstable; urgency=low . * Update from upstream GIT master, replace patches, add new ones. + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added. + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch Closes: #977552 + 45_opensslcompat_no_export_gl.diff --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch. + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added. * Upload to unstable. . gnutls28 (3.7.0-4) experimental; urgency=medium . * Test build of fixes from https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and #977552. . gnutls28 (3.7.0-3) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.7.0-2) experimental; urgency=low . * Fix guile-gnutls guile-x.x dependency. * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols. . gnutls28 (3.7.0-1) experimental; urgency=low . * New upstream version. + Drop 50_autopkgtestfixes.diff. + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher added). + Requires nettle >= 3.6. * [lintian] Use v4 watch file. * Add a symbol file for libgnutls-openssl27. * Use dh v13 compat, (Some fixes for dh_missing.) . gnutls28 (3.6.15-4) unstable; urgency=medium . * autopkgtest: Require build-essential. * autopkgtest: respect dpkg-buildflags for helper-binary build. . gnutls28 (3.6.15-3) unstable; urgency=medium . * More autopkgtest hotfixes. . gnutls28 (3.6.15-2) unstable; urgency=medium . * 50_autopkgtestfixes.diff: Fix testsuite issues when running against installed gnutls-bin. * In autopkgtest set top_builddir and builddir, ignore tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh. . gnutls28 (3.6.15-1) unstable; urgency=low . * New upstream version. + Fixes NULL pointer dereference if a no_renegotiation alert is sent with unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04 Closes: #969547 + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch 50_03-gnutls_cipher_init-fix-potential-memleak.patch 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + Fix build error due to outdated gettext in Debian by removing newer gettext m4 macros from m4/. . gnutls28 (3.6.14-2) unstable; urgency=medium . * Pull selected patches from upstream GIT: + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch: Fixes difference in generated docs on 32 and 64 bit archs. + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch 50_03-gnutls_cipher_init-fix-potential-memleak.patch Fix memleak in gnutls_aead_cipher_init() with keys having invalid length. (Broken since 3.6.3) + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch Closes: #962467 . gnutls28 (3.6.14-1) unstable; urgency=high . * Drop debugging code added in -4, fixes nocheck profile build error. Closes: #962199 * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to debian/upstream/signing-key.asc. * New upstream version. + Fixes insecure session ticket key construction. [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289 + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch 51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 51_02-x509-trigger-fallback-verification-path-when-cert-is.patch 51_03-tests-add-test-case-for-certificate-chain-supersedin.patch * Drop guile-gnutls.lintian-overrides. * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!) Hopefully Closes: #962218 . gnutls28 (3.6.13-4) unstable; urgency=medium . * Output some network related debugging from debian/rules. * Fix verification error with alternate chains. Closes: #961889 . gnutls28 (3.6.13-3) unstable; urgency=medium . * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS master: Handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers. (See LP 1876286) . gnutls28 (3.6.13-2) unstable; urgency=high . * Upload to unstable. . gnutls28 (3.6.13-1) experimental; urgency=low . * New upstream version. + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556 * Fix guile lintian override for shared-lib-without-dependency-information. . gnutls28 (3.6.12-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.6.12-1) experimental; urgency=low . [ Debian Janitor ] * Drop unnecessary dh arguments: --parallel . [ Andreas Metzler ] * Fix bindtextdomain() call and dgettext() invocations to search for the correct filename. (Thanks, Laurent Bigonville for report and diagnosis.) Closes: #949151 * [lintian] Drop superfluous debian/source/include-binaries. * New upstream version. + Update symbol file. + Drop workaround for #658110, install guile shared objects to multi-arch paths. . gnutls28 (3.6.11.1-2) unstable; urgency=low . * Use dh 12 compat level. + Install gtk-doc files from as-installed location instead of builddir to avoid dh_missing warnings. * List *.la files in debian/not-installed. * Upload to unstable. . gnutls28 (3.6.11.1-1) experimental; urgency=low . * New upstream version. Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch 50_02-guile-Silence-auto-compilation-warning-for-guild.patch * Update symbol file (VKO GOST key exchange supported was added). . gnutls28 (3.6.10-5) unstable; urgency=medium . * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch 50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!) Closes: #943905 . gnutls28 (3.6.10-4) unstable; urgency=medium . * Add support for noguile build profile. See #943905. . gnutls28 (3.6.10-3) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.6.10-2) experimental; urgency=medium . * Switch b-d from texlive-generic-recommended to texlive-plain-generic. Closes: #941526 . gnutls28 (3.6.10-1) experimental; urgency=low . * New upstream version. + Drop i386-fix-wrong-reloc.patch and 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch. + Update symbol files. + Update copyright. Stop shipping a copy of the GNU Affero General Public License version 3. (pkcs11-mock.* is now under a different license.) . gnutls28 (3.6.9-7) experimental; urgency=low . * Fix copy-paste error (missing line) in libgnutls-dane0 description. * Re-add guile-gnutls, test-build (including testsuite) was successful. Closes: #905272 . gnutls28 (3.6.9-6) experimental; urgency=low . * Test-build guile bindings. . gnutls28 (3.6.9-5) unstable; urgency=medium . * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream GIT master: Fix interop problems with gnutls 2.x. Closes: #933538 . gnutls28 (3.6.9-4) unstable; urgency=medium . * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken assembly code. (Thanks, Steve Langasek for report and patch!) Closes: #934193 . gnutls28 (3.6.9-3) unstable; urgency=medium . * autopkgtest: Skip system-override-sig-hash.sh. . gnutls28 (3.6.9-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.6.9-1) experimental; urgency=low . * New upstream version. + Update symbol file. . gnutls28 (3.6.8-2) unstable; urgency=low . * Use DH 11 compat again. * 3.6.8 builds with gcc-9. Closes: #925701 * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian Andres Klode) Closes: #930541 See also https://gitlab.com/gnutls/gnutls/merge_requests/986 * Upload to unstable. . gnutls28 (3.6.8-1) experimental; urgency=low . * New upstream version. + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended, texlive-latex-base. + Update symbol file. . gnutls28 (3.6.7-4) unstable; urgency=medium . * Cherry-pick important bug-fixes from 3.6.8: + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch The gnutls_srp_set_server_credentials_function can be used with the 8192 parameters as well. https://gitlab.com/gnutls/gnutls/issues/761 + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch Fix calculation of Streebog digests (incorrect carry operation in 512 bit addition). + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client. Closes: #929907 + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain crafting via IDNA conversion. https://gitlab.com/gnutls/gnutls/issues/720 + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch Fixed bug preventing the use of gnutls_pubkey_verify_data2() and gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag. https://gitlab.com/gnutls/gnutls/issues/754 . gnutls28 (3.6.7-3) unstable; urgency=medium . * Revert debhelper upgrade, use DH 10. . gnutls28 (3.6.7-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.6.7-1) experimental; urgency=medium . * New upstream version. + Update AUTHOR list in copyright file. + Update symbol file. + Fixes issue preventing sending and receiving from different threads when false start was enabled. Closes: #922879 + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477 + Fixes a memory corruption (double free) vulnerability in the certificate verification API. https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 GNUTLS-SA-2019-03-27 + Fixes an invalid pointer access via malformed TLS1.3 async messages; https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836 GNUTLS-SA-2019-03-27 . gnutls28 (3.6.6-3) unstable; urgency=low . * Add @ to autopkgtest's Depends. * Use DH 11 compat. . gnutls28 (3.6.6-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.6.6-1) experimental; urgency=low . * New upstream version. + Fixes certtool.1 syntax. Closes: #920215 + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff. + Update symbol file for released version. . gnutls28 (3.6.5+git20190105-1) experimental; urgency=low . * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6. + Update symbol and copyright file. * Delete autogen stamp-files on clean to enforce regeneration. . gnutls28 (3.6.5-2) unstable; urgency=low . * Upload to unstable. * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1. . gnutls28 (3.6.5-1) experimental; urgency=medium . * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments. * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is now in oldstable. * New upstream version. + Requires nettle >= 3.4.1(rc). + List newly added symbols in symbol file. Bump generated dependencies to >= 3.6.5 since multiple enums have been extended. + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835 * [lintian] Drop dh_strip override, stable has automatic debug packages. . gnutls28 (3.6.4-2) experimental; urgency=medium . * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch. . gnutls28 (3.6.4-1) experimental; urgency=medium . * New upstream version. * Update symbol file. * Drop --enable-tls13-support configure option. . gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium . * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback detection for the draft-tls support, because it will be triggered once TLS versions with the final numbering are deployed. (Thanks, Nikos!) . gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium . * Set Rules-Requires-Root: no. * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41. + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch + Update symbol file. . gnutls28 (3.6.3-2) experimental; urgency=medium . * Update basic feature list in package descriptions, based on short description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3 added.) Closes: #904681 * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes cherrypicked by Nikos for Fedora rawhide. . gnutls28 (3.6.3-1) experimental; urgency=medium . * New upstream version. * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. . gnutls28 (3.6.2+git20180714-1) experimental; urgency=low . * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94. + SSL 3.0 disabled by default at compile-time. * Bump symbol dependency info. . gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium . * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e. * Drop 40_add_missingm4.diff. * Bump symbol dependency info. * For testing build with --enable-tls13-support. . gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium . * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. . gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium . * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762. * Drop superfluous patches: + 40_increase_srp_test_timeout.diff + 50_mark_tests_xfail.diff + 52_fix_testcompat-main-openssl.diff * Add new functions to symbol file. * Many enums/flags extended, be conservative and bump sympol dependency info. * Bump libgnutlsxx28 shlibs. * Bump (b-)d on nettle-dev and libp11-kit-dev. . gnutls28 (3.6.2-3) experimental; urgency=low . * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix FTBFS with softhsm 2.4.0. * [lintian] Delete trailing empty lines in changelog. * 52_fix_testcompat-main-openssl.diff: Allow running test successfully and against binaries from installed gnutls-bin package. * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et al) of the upstream testsuite. . gnutls28 (3.6.2-2) experimental; urgency=low . * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test The new srp-8192 test failed on slow archs (mips/mipsel). * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and build-depends-on-1-revision. * Point Vcs-* to salsa. * Sort Build-Depends alphabetically. . gnutls28 (3.6.2-1) experimental; urgency=low . * (Build-)depend on libidn2-dev instead of transitional package libidn2-0-dev. Closes: #883187 * Point homepage field and watchfile to https URL. * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc (and stop uscan from doing so on every invocation). * Refresh upstream key, adding signing subkey A812CBFDFCDC4D0BE7A093129D5EAAF69013B842. * New upstream version. + When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. Closes: #885127 + Bump shlibs/symbol files for newly added symbols. * [lintian] Clean up trailing whitespace in debian/changelog. * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard -> optional). * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from build-depends. Stop specifying --parallel --with autoreconf. . gnutls28 (3.6.1-1) experimental; urgency=medium . * New upstream version. + Drop 35_modernize_gtkdoc.diff. + Fixes interoperability issue with openssl when safe renegotiation was used. Closes: #873055 + Update symbol file. . gnutls28 (3.6.0-2) experimental; urgency=medium . * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Closes: #876587 . gnutls28 (3.6.0-1) experimental; urgency=low . * New upstream version. + Multiple enums listing function flags have been extended, new algorithms have been added. Bump dependency info on all symbols in main GnuTLS library to >= 3.6.0, to make sure the versioning is strict enough. + Drop (build-)dependency on zlib1g-dev. + Update copyright info. + Calls to gnutls_record_send() and gnutls_record_recv() prior to handshake being complete are now refused. Closes: #849807 * Drop --without-lzo from ./configure, it has been a noop for a long time. * Build in private directory, using "dh --builddirectory=b4deb". . gnutls28 (3.5.19-1) unstable; urgency=low . * New upstream version. + Drop 35_modernize_gtkdoc.diff. . gnutls28 (3.5.18-1) unstable; urgency=medium . * New upstream version. * Refresh upstream key, adding new signing subkey. Move to ascii armored keyring. . gnutls28 (3.5.17-1) unstable; urgency=low . * New upstream version. + When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. Closes: #885127 . gnutls28 (3.5.16-1) unstable; urgency=medium . * New upstream version. + Fixes interoperability issue with openssl when safe renegotiation was used. Closes: #873055 * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Closes: #876587 . gnutls28 (3.5.15-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.15-1) experimental; urgency=medium . * New upstream version. Drop unneeded patches. (31_arm64ilp32-unaccelerated.patch 35_record-added-sanity-checking-in-the-record-layer-ver.patch 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch) . gnutls28 (3.5.14-3) unstable; urgency=low . * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from upstream gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an already terminated or deinitialized session. Closes: #867303 * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from upstream gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting to accessing past the input data. * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly code on arm64ilp32 to fix FTBFS. Closes: #872454 * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8. * Standards-Version 4.0.1, update priorities (extra->optional). . gnutls28 (3.5.14-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.14-1) experimental; urgency=low . [ Dan Nicholson ] * Build with --disable-rpath. Closes: #865674 . [ Andreas Metzler ] * New upstream version. * Build against external libunistring. . gnutls28 (3.5.13-2) unstable; urgency=medium . * Upload to unstable, merge changelogs. . gnutls28 (3.5.13-1) experimental; urgency=low . * New upstream version. + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch. + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer dereference. #864560 . gnutls28 (3.5.12-2) experimental; urgency=medium . * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct typo preventing the run of openpgp test. * Stop disabling heartbeat support. Closes: #861193 . gnutls28 (3.5.12-1) experimental; urgency=medium . * New upstream version. * Bump dep info on gnutls_session_ext_register. . gnutls28 (3.5.11-1) experimental; urgency=medium . * New upstream version. * gnutls.pc: do not include libtool options into Libs.private. Closes: #857943 * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and Libs.private. (LP: #1660915) * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. Closes: #857436 * Add b-d on ca-certificates, needed for trust-store check. . gnutls28 (3.5.10-1) experimental; urgency=medium . * New upstream version. + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888 + Includes fixes for GNUTLS-SA-2017-3[ABC]. + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct and gnutls_ocsp_resp_verify which now accept (more) flags. . gnutls28 (3.5.9-1) experimental; urgency=medium . * New upstream version. + Drop debian/patches/35_0*. + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map. * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of libidn11-dev. . gnutls28 (3.5.8-6) unstable; urgency=high . * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507 Closes: #864560 . gnutls28 (3.5.8-5) unstable; urgency=medium . * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch. * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch: Addressed large allocation in OpenPGP certificate parsing, that could lead in out-of-memory condition. Issue found using oss-fuzz project, and was fixed by Alex Gaynor. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C] . gnutls28 (3.5.8-4) unstable; urgency=medium . * More upstream fixes from gnutls_3_5_x branch: + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer overflow resulting to invalid memory write in OpenPGP certificate parsing. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 [GNUTLS-SA-2017-3A] + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch Addressed crashes in OpenPGP certificate parsing, related to private key parser. No longer allow OpenPGP certificates (public keys) to contain private key sub-packets. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B] . gnutls28 (3.5.8-3) unstable; urgency=high . * Another two bugfixes from upstream. + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch Address test suite failure due to timezone differences. Closes: #853732 + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch When returning success, but no elements gnutls_pkcs11_obj_list_import_url4 could have returned zero number of elements with a pointer that was uninitialized. . gnutls28 (3.5.8-2) unstable; urgency=medium . * Pull two fixes from upstream GIT gnutls_3_5_x branch 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch 35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch. . gnutls28 (3.5.8-1) unstable; urgency=medium . * New upstream release. * Upload to unstable. . gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium . * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding tests/key-tests/key-invalid.) + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch + libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. GNUTLS-SA-2017-1 CVE-2017-5334 + libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2 CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337 . gnutls28 (3.5.7-3) unstable; urgency=medium . * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch, 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned by PKCS#8 decryption functions when an invalid key is provided. This addresses regression on decrypting certain PKCS#8 keys. Closes: #848905 . gnutls28 (3.5.7-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.7-1) experimental; urgency=low . * New upstream version. * Drop unneeded patches. 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch 41_04_cleanups-in-_gnutls_buffer_to_datum.patch 41_05_x509-output-use-the-new-functions-for-DN-output.patch 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch * Add missing dependency of libgnutls28-dev on libgnutls-dane0. * Update symbol file. (Add new symbols, bump dependency on functions that might return new error codes.) * Build with --with-included-unistring, Debian's libunistring package is too old (non dual-licensed). . gnutls28 (3.5.6-7) unstable; urgency=low . * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest for dns-root-data to libgnutls-dane0. * Upload to unstable. . gnutls28 (3.5.6-6) experimental; urgency=medium . * Pull a patch set from upstream GIT which reverts the DN sorting change in 3.5.6 and adds new functions to provide a RFC4514 compliant sorting. Closes: #844539 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch 41_04_cleanups-in-_gnutls_buffer_to_datum.patch 41_05_x509-output-use-the-new-functions-for-DN-output.patch 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch * Update symbol file. . gnutls28 (3.5.6-5) experimental; urgency=low . * Merge changes from unstable. . gnutls28 (3.5.6-4) unstable; urgency=medium . * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from upstream git master. The latter fixes a gnutls-cli-debug segfault. Closes: #844061 . gnutls28 (3.5.6-3) experimental; urgency=low . * Package libgnutls-dane, as libunbound is now built against nettle instead of OpenSSL. Closes: #733295 . gnutls28 (3.5.6-2) unstable; urgency=low . * Upload to unstable. * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are longer than 32-bits. (Upstream GIT commit fcdb461e935dbdc0892241a35be7499116f22a67). . gnutls28 (3.5.6-1) experimental; urgency=low . * New upstream version. + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch). + Update symbol file. . gnutls28 (3.5.5-6) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.5-5) experimental; urgency=medium . * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility issue with GnuTLS 3.3 clients. Closes: #841723 * Bump symbol dependency info for multiple gnutls_certificate_(set|get)_*_key* functions. If %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a non-negative return code on success instead of 0 for success and negative numbers for failure. * Add b-d on openssl (for testsuite). . gnutls28 (3.5.5-4) unstable; urgency=medium . * Upload to unstable. * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch. . gnutls28 (3.5.5-3) experimental; urgency=medium . * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced in 3.5.5. . gnutls28 (3.5.5-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.5-1) experimental; urgency=medium . * New upstream version. + Update symbol file. . gnutls28 (3.5.4-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.4-1) experimental; urgency=medium . * New upstream version. + Drop superfluous patches: 35_gnutls-cli-print-Handshake-was-completed.patch 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch 37_openssl-format-fix-from-openconnect.patch 39_ocsptool-corrected-bug-in-session-establishment.patch 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch + Update symbol file. * Add b-d on softhsm2 for pkcs11 tests. . gnutls28 (3.5.3-5) experimental; urgency=medium . * Pull DTLS fixes from upstream GIT master. 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch Closes: #835587 . gnutls28 (3.5.3-4) unstable; urgency=high . * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of ocsptool --ask ... Closes: #836371 * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP certificate check doesn't actually verify the serial length and might succeed when it shouldn't. CVE-2016-7444 . gnutls28 (3.5.3-3) unstable; urgency=medium . * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake was completed', fixing emacs' lisp/net/tls.el. Closes: #834516 * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch gnutls-cli STARTTLS support was broken in 3.5.3. * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of OpenSSL encrypted PEM files. . gnutls28 (3.5.3-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.3-1) experimental; urgency=medium . * New upstream version. + Update libgnutls30.symbols. + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to apply it in the previous upload anyway.) + Add b-d on libcmocka-dev (marked with <!nocheck>). . gnutls28 (3.5.2-3) experimental; urgency=medium . * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch from upstream GIT, which should allow gnutls continue to work with CVE-2016-6489-patched nettle. . gnutls28 (3.5.2-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.5.2-1) experimental; urgency=low . * New upstream version. * Add libssl-dev b-d (marked with <!nocheck>), which can be used in testsuite. . gnutls28 (3.5.1-1) experimental; urgency=medium . * Merge from unstable: + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should have been dropped with the soname bump from libgnutls-deb0-28 to libgnutls30 in the first place. (Thanks, Andreas Beckmann) Closes: #825645 + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via the <!nocheck> profile. * New upstream version. + Drop 40_openssl_compat-removed-unneeded-headers.patch. + Install README.md instead of README. + Update symbol file. . gnutls28 (3.5.0-1) experimental; urgency=medium . * New upstream release. + Drop unneeded patches: 40_src-added-systemkey-args-to-BUILT_SOURCES.patch 45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch 45_03_configure-corrected-regression-which-prevented-the-b.patch 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT to fix FTBFS in openssl wrapper. * crywrap is not shipped with GnuTLS anymore. * Update copyright info, ship copy of the GNU Affero General Public License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of the testsuite use this license. * Update symbol file: + Add new functions. + Multiple core enums (including gnutls_init_flags_t) have been extended, and most gnutls users will invoke at least one function affected by this change. Bump symbol dependency info to >= 3.5.0 for all symbols, because we would end up with this dependency anyway. . gnutls28 (3.4.14-1) unstable; urgency=medium . * Also mark b-d on net-tools/freebsd-net-tools as optional via the <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and patch). Closes: #826693 * New upstream bugfix release. This includes the following fix: + libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2). The issue is not relevant for the Debian binary packages, since we do not build with --with-default-trust-store-pkcs11=. . gnutls28 (3.4.13-1) unstable; urgency=high . * New upstream bugfix release. + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was introduced in 3.4.12. + Testsuite requires netstat, add b-d. . gnutls28 (3.4.12-2) unstable; urgency=medium . * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should have been dropped with the soname bump from libgnutls-deb0-28 to libgnutls30 in the first place. (Thanks, Andreas Beckmann) Closes: #825645 . gnutls28 (3.4.12-1) unstable; urgency=medium . * New upstream version. + Drop superfluous patches. (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch 45_03_configure-corrected-regression-which-prevented-the-b.patch 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) + Update copyright info, ship copy of the GNU Affero General Public License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of the testsuite use this license. . gnutls28 (3.4.11-4) unstable; urgency=medium . * Drop guile-gnutls package, testsuite errors have stayed unfixed too long. Closes: #821457, #805863 . gnutls28 (3.4.11-3) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.4.11-2) experimental; urgency=medium . * Pull post-release fixes from upstream gnutls_3_4_x branch. (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch 45_03_configure-corrected-regression-which-prevented-the-b.patch 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) . gnutls28 (3.4.11-1) experimental; urgency=medium . * New upstream version. + Drop superfluous patches. (41_tests-mini-loss-time-ensure-client-timeouts.diff 42_mini-loss-time-improved-timeout-detection.patch 43_fix_cpucapoverride.diff) * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is not installed/built anymore. Update gnutls-doc file list. * Enable hardening=+bindnow. . gnutls28 (3.4.10-4) unstable; urgency=medium . * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is unavailable. Closes: #818341 . gnutls28 (3.4.10-3) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.4.10-2) experimental; urgency=medium . * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain) * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch, another try for Closes: #813598 . gnutls28 (3.4.10-1) experimental; urgency=medium . * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT master to fix FTBFS with parallel builds. Closes: #816148 * New upstream version. * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream master branch to fix occasional testsuite error. Closes: #813598 . gnutls28 (3.4.9-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.4.9-1) experimental; urgency=medium . * New upstream version. * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and 36_Revert-tests-updated-to-account-for-cert-generation.patch. . gnutls28 (3.4.8-3) unstable; urgency=medium . * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and 36_Revert-tests-updated-to-account-for-cert-generation.patch from upstream GIT. Closes: #813243 . gnutls28 (3.4.8-2) unstable; urgency=medium . * Merge master branch into experimental. + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This is a kludge and technically wrong, but will prevent partial upgrades from stable. See: #788735 * Upload to unstable. . gnutls28 (3.4.8-1) experimental; urgency=medium . * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration option was added to debhelper/unstable with version 9.20150628, bump build-dependency accordingly. * autoreconf requires automake 1.12.2, add build-dependency. * New upstream version. + Update symbol file. * Move Vcs-* from git/http to https. . gnutls28 (3.4.7-1) experimental; urgency=medium . * New upstream version. + Update symbol file. . gnutls28 (3.4.6-1) experimental; urgency=medium . * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and later) to improve reproducibility of build. * New upstream version. + Update symbol file. * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev (>= 1.17.14). Both are required for build-profile support added in previous upload. (Thanks, lintian.) . gnutls28 (3.4.5-1) experimental; urgency=medium . [ Helmut Grohne ] * Turn Build-Depends: datefudge optional via <!nocheck> profile. Closes: #797544 . [ Andreas Metzler ] * New upstream version. . gnutls28 (3.4.4.1-1) experimental; urgency=medium . * New upstream version. + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, bump dependency info for functions taking it as argument or returning it. + Bump dependency info on private symbols. + Update debian/copyright. + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 CVE-2015-6251 . gnutls28 (3.4.3-1) experimental; urgency=medium . * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31. * New upstream version. + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum gnutls_pkcs11_token_info_t. + Add dependency info for new symbols, bump private symbol dependency. . gnutls28 (3.4.2-2) experimental; urgency=medium . * Disable libidn support because CVE-2015-2059 is still not fixed. See <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building of crywrap. . gnutls28 (3.4.2-1) experimental; urgency=medium . * New upstream version. + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch. + Update libgnutls30.symbols. (Add new fuctions, bump private symbol version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.) . gnutls28 (3.4.1-1) experimental; urgency=medium . * New upstream version. + Bump (build)-depends on nettle and p11-kit. + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and 55_nettle3.patch. + Update 14_version_gettextcat.diff. + Soname bump, library package renamed from libgnutls-deb0-28 to libgnutls30. + OpenSSL compat layer is not built by default anymore, pass --enable-openssl-compatibility to ./configure. + Update symbol file. + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. Closes: #773145 + Since the pkg-config file gnutls.pc now lists libidn in Requires.private "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add dependency on libidn11-dev to libgnutls28-dev. * Fix typo in debian/rules (s/-disable-silent-rules/--disable-silent-rules). . gnutls28 (3.3.20-1) unstable; urgency=medium . * autoreconf requires automake 1.12.2, add build-dependency. * New upstream version. * Move Vcs-* from git/http to https. . gnutls28 (3.3.19-1) unstable; urgency=medium . * New upstream version. + Refresh 20_debian_specific_soname.diff. + Update symbol file. . gnutls28 (3.3.18-1) unstable; urgency=medium . * New upstream version. . gnutls28 (3.3.17-1) unstable; urgency=medium . * New upstream version. + Drop superfluous patches. (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch, 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch, 47_safe-renegotiation-simulate-receiving-the-extension-.patch) + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, bump dependency info for functions taking it as argument or returning it. + Bump dependency info on private symbols. + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 CVE-2015-6251 . gnutls28 (3.3.16-2) unstable; urgency=medium . * Refresh 40_no_more_ssl3.diff. * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch 47_safe-renegotiation-simulate-receiving-the-extension-.patch Pull three patches from upstream GIT to fix issue with server side sending the status request extension even when not requested. <http://article.gmane.org/gmane.network.gnutls.general/3929> . gnutls28 (3.3.16-1) unstable; urgency=medium . * Limit watchfile to 3.3.x versions. * New upstream version. + Drop superfluous patches (50_updated-sign-md5-rep-to-reduce-false-failures.patch, 55_nettle3.patch, 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch) + Bump private symbol versioning. . gnutls28 (3.3.15-7) unstable; urgency=medium . * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This is a kludge and technically wrong, but will prevent partial upgrades from stable. Closes: #788735 * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. . gnutls28 (3.3.15-6) unstable; urgency=high . * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch Closes: #788011 . gnutls28 (3.3.15-5) unstable; urgency=medium . * Upload to unstable. * Downgrade nettle-dev b-d to 2.7, this upload should build correctly against both 2.7 and 3.x. . gnutls28 (3.3.15-4) experimental; urgency=medium . * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it allows compilation against both nettle 2.7 and 3.x. * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev and libtasn1-6-dev, the =${binary:Version} dependency of the development packages on the respective library packages should make this superfluous. . gnutls28 (3.3.15-3) experimental; urgency=medium . * Add 55_nettle3.patch from http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building against nettle3. . gnutls28 (3.3.15-2) unstable; urgency=medium . * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT, fixing a testsuite error on kfreebsd-*. . gnutls28 (3.3.15-1) unstable; urgency=medium . * New upstream stable release. + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2]. . gnutls28 (3.3.14-3) experimental; urgency=medium . * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch. * (Build-)depend on nettle-dev >= 3.0. . gnutls28 (3.3.14-2) unstable; urgency=medium . * Upload to unstable. * Sync version of Depends and Build-Depends on libtasn1-6-dev. . gnutls28 (3.3.14-1) experimental; urgency=medium . * New upstream version. + Bump libtasn b-d to >= 4.3. . gnutls28 (3.3.13-1) experimental; urgency=medium . * New upstream version. + Includes fix for CVE-2015-0294, a certificate algorithm consistency checking issue. . gnutls28 (3.3.12-1) experimental; urgency=medium . * New upstream version. + gnutls-cli-debug STARTTLS is working. Closes: #467022 . gnutls28 (3.3.11-1) experimental; urgency=medium . * New upstream version. + Includes fix for OCSP response parsing issue. Closes: #772055 . gnutls28 (3.3.10-2) experimental; urgency=medium . * Remove SSL 3.0 from default priorities list. Closes: #769904 . gnutls28 (3.3.10-1) experimental; urgency=medium . * debian/rules: fix pattern for removal (and re-generation) of autogen-ed manpages. * New upstream version. + Includes fix for a denial of service issue CVE-2014-8564 / GNUTLS-SA-2014-5. + When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. This should take care of #760476. . gnutls28 (3.3.9-1) experimental; urgency=medium . * New upstream version. + Unfuzz 20_debian_specific_soname.diff. + Drop 31_fallback_to_RUSAGE_SELF.diff. + Bump private symbol dependency info. + Bump dependency version of gnutls_certificate_get_issuer() and gnutls_x509_trust_list_get_issuer() because of newly added GNUTLS_TL_GET_COPY flag. . gnutls28 (3.3.8-7) unstable; urgency=medium . * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff: Pull two patches from upstream to a use-after-free flaw in gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308 Closes: #782776 . gnutls28 (3.3.8-6) unstable; urgency=medium . * 39_check-whether-the-two-signatur.patch: Pull and unfuzz 6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On certificate import check whether the two signature algorithms match. CVE-2015-0294. Closes: #779428 . gnutls28 (3.3.8-5) unstable; urgency=medium . * Remove SSL 3.0 from default priorities list. Closes: #769904 . gnutls28 (3.3.8-4) unstable; urgency=high . * Drop 31_fallback_to_RUSAGE_SELF.diff. * 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually from the application check the urandom fd for validity. Closes: #768841 and takes care of #760476. * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on session deinit. It is already being refreshed during the session lifetime. * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63 format, perform additional sanity checks on input. CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154 * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test uses a cert in binary der-format which is not representable in a quilt patches and we want to limit debian.tar.xz to modify stuff in debian/ we have some special handling in debian/rules.) . gnutls28 (3.3.8-3) unstable; urgency=high . [ Daniel Kahn Gillmor ] * Add list of executables to gnutls-bin package description. Closes: #763671 . [ Andreas Metzler ] * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos Mavrogiannopoulos!) Closes: #760476 . gnutls28 (3.3.8-2) unstable; urgency=medium . * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS 3.3.8 requires libtasn1 >= 3.9. * Upload to unstable. . gnutls28 (3.3.8-1) experimental; urgency=medium . * New upstream version. + Refresh 20_debian_specific_soname.diff. + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts with old experimental upload 0.21.2-1 + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of some functions in the gnutls_pkcs11_* family due to new members in enums gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private symbol dependency info, and bump shlibs. * Drop version from libgnutls28-dev's dependency on libp11-kit-dev. The GnuTLS library package automatically gets a dependency on libp11-kit0 (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on libp11-kit0 (= ${binary:Version}). Therefore these dependencies already enforce a version on libp11-kit-dev and we do not need to duplicate the info. * Add explicit build-dependency on libopts25-dev. Closes: #761618 . gnutls28 (3.3.7-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.3.7-1) experimental; urgency=medium . * New upstream release. + Refresh 20_debian_specific_soname.diff. + Add newly added symbols to libgnutls-deb0-28.symbols, bump private symbol dependency info, and bump shlibs. + New member in gnutls_pkcs11_obj_attr_t, bump version of gnutls_pkcs11_obj_list_import_url*. . gnutls28 (3.3.6-2) unstable; urgency=medium . * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS lastest stable at freeze time. * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the at-build-time-default-compiler) by exporting @CPP@. . gnutls28 (3.3.6-1) experimental; urgency=medium . * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 * New upstream release. + Refresh 20_debian_specific_soname.diff. + Add newly added symbols to libgnutls-deb0-28.symbols and bump private symbol dependency info. . gnutls28 (3.3.5-1) experimental; urgency=medium . * New upstream version. * Refresh patches/20_debian_specific_soname.diff. * Drop 30_Updated-asm-sources.patch. * Add new public symbols to symbol file, bump shlibs. . gnutls28 (3.3.3-1) experimental; urgency=medium . * New upstream version, including a fix for GNUTLS-SA-2014-3 CVE-2014-3466. * Refresh 20_debian_specific_soname.diff. * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git. * New symbol gnutls_credentials_get, update symbol file and bump shlibs. . gnutls28 (3.3.2-2) experimental; urgency=high . * Fix crashes due to symbol clashes when a binary ends up being linked against GnuTLS v2 and v3 by bumping library symbol-versioning (and therefore also the soname) in a Debian specific way, to make sure there is no conflict with future: + 20_debian_specific_soname.diff - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* - Add "-release deb0" to libtool link command. + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + Adapt symbol file accordingly. + Change 14_version_gettextcat.diff, too. Closes: #748742 * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. These have been unnecessary since we started using dh compat v9, where debugging symbols are installed to /usr/lib/debug/.build-id. . gnutls28 (3.3.2-1) experimental; urgency=medium . * Do not build-depend on guile-2.0 on m68k. Closes: #745461 * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a corresponding versioned build-dependency, to prevent building of uninstallable packages. * New upstream version. Drop 20_guile_no_override_allocation.diff and 21_Treat-othername-as-printable.diff. . gnutls28 (3.3.1-1) experimental; urgency=medium . * New upstream version. + Drop 20_sparc_chainverify_buserror.diff. + Pull 20_guile_no_override_allocation.diff and 21_Treat-othername-as-printable.diff from upstream GIT. + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped upstream since it was never exported in a public header and is not used according to codesearch.d.o. . gnutls28 (3.3.0-2) experimental; urgency=medium . * Drop last remains of -xssl from debian/. * Add debian/libgnutls28.symbols. * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test increase the space available for certificates to fix sparc testsuite error. * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from libgnutls28-dev. . gnutls28 (3.3.0-1) experimental; urgency=medium . * New upstream version. + Bump shlibs. . gnutls28 (3.3.0~pre0-1) experimental; urgency=medium . * Also version the p11-kit dependency. * New upstream version. + Set --enable-static, as only shared libs are built by default. + libgnutls-xssl is no more. + Bump shlibs. * Upload to experimental. . gnutls28 (3.2.16-1) unstable; urgency=medium . * New upstream version. . gnutls28 (3.2.15-3) unstable; urgency=medium . * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3 series. . gnutls28 (3.2.15-2) unstable; urgency=high . * Fix crashes due to symbol clashes when a binary ends up being linked against GnuTLS v2 and v3 by bumping library symbol-versioning (and therefore also the soname) in a Debian specific way, to make sure there is no conflict with future: + 20_debian_specific_soname.diff - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* - Add "-release deb0" to libtool link command. + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + Change 14_version_gettextcat.diff, too. Closes: #74874 * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. These have been unnecessary since we started using dh compat v9, where debugging symbols are installed to /usr/lib/debug/.build-id. * debian/copyright: Add info about GPLv2 compatibility. . gnutls28 (3.2.15-1) unstable; urgency=high . * New upstream version. + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466. . gnutls28 (3.2.14-1) unstable; urgency=medium . * Do not build-depend on guile-2.0 on m68k. Closes: #745461 * New upstream version. * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a corresponding versioned build-dependency, to prevent building of uninstallable packages. . gnutls28 (3.2.13-2) unstable; urgency=medium . * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from libgnutls28-dev. . gnutls28 (3.2.13-1) unstable; urgency=medium . * Also version the p11-kit dependency. * New upstream version. . gnutls28 (3.2.12.1-2) unstable; urgency=medium . * Upload to unstable. * Sync from Ubuntu (Colin Watson): + Add arm64 and ppc64el to the list of non-ia64 architectures on which guile-gnutls is built. . gnutls28 (3.2.12.1-1) experimental; urgency=medium . * New upstream version. + Drop superfluous patches: 20_bug-in-gnutls_pcert_list_import_x509_raw.patch 20_CVE-2014-0092.diff . gnutls28 (3.2.11-2) unstable; urgency=high . * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11. * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate validation issue. CVE-2014-0092 . gnutls28 (3.2.11-1) unstable; urgency=high . * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1) * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git. . gnutls28 (3.2.10-2) unstable; urgency=high . * Upload to unstable. . gnutls28 (3.2.10-1) experimental; urgency=high . * New upstream version. * New symbols exported, bump shlibs. . gnutls28 (3.2.9-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.2.9-1) experimental; urgency=medium . * New upstream version. + %COMPAT implies %DUMBFW. (See #733039) * Drop 40_guilenoparallel.diff, which did not have any effect after enabling dh_autoreconf. * Stop dh_clean from removing *.bak, upstream tarball actually contains files named such in src/ subdirectory. . gnutls28 (3.2.8.1-3) unstable; urgency=medium . * Correct c'n'p error in Vcs-Git field. * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx) . gnutls28 (3.2.8.1-2) unstable; urgency=low . * Upload to unstable, without libgnutls-openssl27. . gnutls28 (3.2.8.1-1) experimental; urgency=low . * New upstream version. + Drop debian/patches/45_add_strerror-module.patch, which was pulled from upstream. + Bump shlibs. * Add debian/upstream-signing-key.pgp (listed in debian/source/include-binaries) and update watchfile to check upstream signature. . gnutls28 (3.2.7-4) experimental; urgency=low . * Upload to experimental, with libgnutls-openssl27. * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.) . gnutls28 (3.2.7-3) unstable; urgency=low . * Point vcs* to git. * Upload to unstable, without libgnutls-openssl27. . gnutls28 (3.2.7-2) experimental; urgency=low . * Fix kfreebsd FTBFS. + 45_add_strerror-module.patch add gnulib strerror module. + Use dh_autoreconf. . gnutls28 (3.2.7-1) experimental; urgency=low . * New upstream version. + Add b-d on bison. + Bump shlibs. + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch. + Simplify debian/rules, stop removing autogened files. . gnutls28 (3.2.6-2) experimental; urgency=low . * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain for the hint.) * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition. . gnutls28 (3.2.6-1) experimental; urgency=low . * New upstream version. + Bump shlibs. . gnutls28 (3.2.5-1) experimental; urgency=low . * New upstream version. + Bump shlibs. * Ship examples/examples.h which is needed for building examples/*.c. Also add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor) Closes: #726971 . gnutls28 (3.2.4-5) experimental; urgency=low . * Re-enable building of libgnutls-openssl27 binary package. * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless transition to gnutls28. . gnutls28 (3.2.4-4) unstable; urgency=low . * 40_guilenoparallel.diff: Disable parallel build in guile/modules/. . gnutls28 (3.2.4-3) unstable; urgency=low . * Looks like "Architecture" in debian/control cannot be folded, unfold the respective entry for guile-gnutls. . gnutls28 (3.2.4-2) unstable; urgency=low . * Manpages were missing on binary-only builds. Closes: #721725 * Build with --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since ca-certificates not pulled in by build-dependencies anymore. Closes: #721726 * Upload to unstable. . gnutls28 (3.2.4-1) experimental; urgency=low . * New upstream release. + Drop 40_Clean-up-after-test.patch. * Fix path to png files in info files with sed instead of symlinking images. * Bump shlibs. . gnutls28 (3.2.3-3) experimental; urgency=low . * Switch to dh, to easily allow us to move gtk-doc-tools to Build-Depends-Indep. Closes: #682596 . gnutls28 (3.2.3-2) experimental; urgency=low . * Build gnutls-guile against guile-2.0. + Drop --disable-largefile on armel armhf mipsel. + ia64 does not build guile-2.0, disable guile-support there. . gnutls28 (3.2.3-1) unstable; urgency=low . * New upstream release. * Drop superfluous patches. (35_gnutls-priority-string.diff 36_avoid-leaking-a-buffer-element.diff) * Bump shlibs. . gnutls28 (3.2.2-2) unstable; urgency=low . * Pull two patches from upstream: +35_gnutls-priority-string.diff Fix priority string parsing broken in 3.2.2 Closes: #717314 +36_avoid-leaking-a-buffer-element.diff . gnutls28 (3.2.2-1) unstable; urgency=low . * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam) Closes: #678070 * New upstream version. * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff * Bump shlibs. . gnutls28 (3.2.1-2) unstable; urgency=low . * Upload to unstable. * Do not link everything against nettle on mips(el), the issue being worked around was fixed by the latest eglibc upload. * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch: same. . gnutls28 (3.2.1-1) experimental; urgency=low . * New upstream version. + Bump nettle build-dep to >= 2.7. + Bump shlibs. + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check whether it still fails on kfreebsd-i386. + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent false positive error in 32-bit systems. + [32_linkagainstgmp.diff] Link libgnutls against gmp. . gnutls28 (3.1.12-2) unstable; urgency=low . * Upload to unstable. * Fix vcs-field-not-canonical lintian error by using anonscm instead of svn.debian.org. . gnutls28 (3.1.12-1) experimental; urgency=low . * Use rm -f on clean, fixing an issue with building twice in row. * New upstream version. * On mips/mipsel link everything and the kitchen-sink against nettle to work around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'"). . gnutls28 (3.1.11-1) experimental; urgency=low . * New upstream version. + Bump shlibs. . gnutls28 (3.1.10-1) experimental; urgency=low . * New upstream version. * Bump shlibs. . gnutls28 (3.1.9.1-1) experimental; urgency=low . * New upstream version. * Bump shlibs. * Force re-generation of autogen-ed manpages. . gnutls28 (3.1.8-1) experimental; urgency=low . * New upstream version. . gnutls28 (3.1.7-1) experimental; urgency=low . * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching the build-depency. (Thanks, Daniel Kahn Gillmor) * New upstream version. + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619. + New symbols added, bump shlibs. + Ship newly available libgnutls-xssl0 library in a separate package. * Disable Heart Beat (RFC6520) support. . gnutls28 (3.1.6-1) experimental; urgency=low . * Update watchfile, based on Bart Martens version for gnutls26 on q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 3.x versions. * New upstream version. + requires libtasn1 >= 3.1, bump build-depends. + requires a a newer version of autogen, bump build-depends. + update debian/copyright to reflect the fact that GnuTLS authors have stopped assigning copyright to FSF. . gnutls28 (3.1.5-1) experimental; urgency=low . * New upstream version. + Drop 40_danetestfail.diff + Unfuzz 20_test-select.diff + Bump shlibs. . gnutls28 (3.1.4-1) experimental; urgency=low . * New upstream release. + Drop 40_fixtypo.diff. + debian/copyright: update upstream author list. + New symbols added, bump shlibs. * 40_danetestfail.diff - Do not try to run dane test without dane support. . gnutls28 (3.1.3-1) experimental; urgency=low . * New upstream release. * Explicitly set --disable-libdane --without-tpm. * Bump shlibs. * 40_fixtypo.diff pulled from upstream git. * Update debian/copyright from AUTHORS. . gnutls28 (3.1.2-1) experimental; urgency=low . * New upstream release. + Requires libtasn1-3 2.14, bump (b-)d. + New symbols added, bump shlibs. . gnutls28 (3.1.1-1) experimental; urgency=low . * New upstream release. + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6. Closes: #686242 + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff 42_dump-the-errno.diff 43_possiblefix.diff) + Bump shlibs. * Sync version of libgnutls-dev dependency on nettle-dev with the build-dependency. . gnutls28 (3.1.0-5) experimental; urgency=low . * 43_possiblefix.diff might fix the test suite error. . gnutls28 (3.1.0-4) experimental; urgency=low . * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the testsuite error. . gnutls28 (3.1.0-3) experimental; urgency=low . * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout. . gnutls28 (3.1.0-2) experimental; urgency=low . * Mention abbreviation "DTLS" in package description. * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test, it spuriously fails on about half of the buildds. . gnutls28 (3.1.0-1) experimental; urgency=low . * New upstream release. + Bump nettle build-dep to >= 2.5. + Bump shlibs. . gnutls28 (3.0.22-2) unstable; urgency=low . * Upload to unstable. This is a leaf-package, experimental should get 3.1.0. . gnutls28 (3.0.22-1) experimental; urgency=low . * New upstream version. . gnutls28 (3.0.21-1) experimental; urgency=low . * New upstream version. + Drop 35_s390buildfix.diff. * Bump shlibs (new functions added.) . gnutls28 (3.0.20-3) unstable; urgency=low . * 35_s390buildfix.diff - Fixes test-suite error on s390x. . gnutls28 (3.0.20-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.20-1) experimental; urgency=low . * New upstream version. * Bump shlibs (new functions added.) * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for CLOCK_MONOTONIC now. #662018 . gnutls28 (3.0.19-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.19-1) experimental; urgency=low . * New upstream version. + libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be a file that stores the pin. (LP: #929108) + Drop 31_killchild.diff, included upstream. . gnutls28 (3.0.18-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.18-1) experimental; urgency=low . * New upstream version. + Bump shlibs. * patches/31_killchild.diff: Revert upstream change which caused tee-ing a build to hang. . gnutls28 (3.0.17-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.17-1) experimental; urgency=low . * New upstream version. + Bump shlibs. . gnutls28 (3.0.15-2) experimental; urgency=low . * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since support for CLOCK_MONOTONIC is missing there. (See #662018.) . gnutls28 (3.0.15-1) experimental; urgency=low . * New upstream version. + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 31_provide-accurate-value-to-select.patch) + Includes fix for CVE-2012-1573. * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts. * Bump libgnutls-dev dependency on libp11-kit-dev. . gnutls28 (3.0.14-1) experimental; urgency=low . * New upstream version. + Drop 30_force-kill-of-child.diff. * Pull 30_microseconds-does-not-overflow.patch and 31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite error (tests/mini-loss) on kfreebsd-*. . gnutls28 (3.0.13-1) experimental; urgency=low . * New upstream version. + bump libp11-kit-dev build-dep. to >= 0.11. + drop 30_guilegnutlserrorcodes.diff. * Drop debian/ocsptool.1 use, newly available upstream manpage instead. * Use and link against Debian's packaged version of autogen/libopts. + B-d on autogen. + remove autogen-generated files (*.c, *.h) on clean. autogen requires that the system headers are at least of the same version as the one which was used to generate the files from their respective .def sources. * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test. * Bump shlibs. . gnutls28 (3.0.12-2) unstable; urgency=low . * De-multiarch guile-gnutls. Closes: #658110 . gnutls28 (3.0.12-1) unstable; urgency=low . * New upstream version. * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile testsuite error. * Update debian/copyright. * Bump shlibs. (OCSP support) * Add trivial ocsptool manpage. . gnutls28 (3.0.11-1) unstable; urgency=low . * New upstream version. . gnutls28 (3.0.10-1) unstable; urgency=low . * Drop guile-gnutls.README.Debian - binary guile modules are no longer directly installed in $libdir. * New upstream version. + Drop patches/30_correctly-set-the-odd-bits.patch. + gnutls_random_art() added. Update copyright, bump shlibs. + src/serv.c: Only use configured interfaces. Patch by Pino Toscano. Closes: #652552 . gnutls28 (3.0.9-2) unstable; urgency=low . * [20_test-select.diff] Do not run gnulib test-select test anymore. The test fails on kfreebsd-i386, the gnutls library does not use select(). * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head. * Upload to unstable. . gnutls28 (3.0.9-1) experimental; urgency=low . * New upstream version. * Include guile-gnutls package. * Bump shlibs. . gnutls28 (3.0.8-2) unstable; urgency=low . * First upload to unstable. + Disable openssl-wrapper package, let it be provided by gnutls26 until gnutls28 is in testing. + Disable gnutls-guile package, let it be provided by gnutls26 until gnutls28 is in testing. . gnutls28 (3.0.8-1) experimental; urgency=low . * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix guile related FTBFS on these architectures. See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html * New upstream version. + Bump shlibs. . gnutls28 (3.0.7-1) experimental; urgency=low . * New upstream version. + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441 * Drop 20_addGNU-stack.diff, included upstream. * loadable Guile module no longer installed directly to $libdir but to $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module. * gnutls-extra is removed upstream, there is no need anymore to manually remove the bits and pieces in debian/rules. . gnutls28 (3.0.4-2) experimental; urgency=low . * Drop libgnutls-dev.README.Debian, the information provided there stopped being relevant in 2.7.12. * Delete superfluous info from debian/README.source. * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not seem to be possible. http://lists.debian.org/debian-devel/2011/10/msg00332.html * Simplify dependencies: + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is also provided by gnutls26' libgnutls-dev). + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0), libgnutls11-dev. . gnutls28 (3.0.4-1) experimental; urgency=low . * New upstream version. + bump shlibs. + bump nettle build-dependency to >= 2.4. (Required for ripemd-160). * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811 * [20_addGNU-stack.diff] Add GNU-stack note to newly added padlock-common.s. * Stop shipping libgnutls-extra.so. It is an empty shell currently and will be packaged for Debian again when it provides functionality. * Update debian/copyright, accelerated assembly code is non-FSF copyright. * Add crywrap.8 manpage. . gnutls28 (3.0.3-1) experimental; urgency=low . * New upstream version. (Includes a fix for #640639) * Bump shlibs. . gnutls28 (3.0.2-1) experimental; urgency=low . * Update debian/copyright for crywrap. * Since libgnutls*-dbg contains debugging symbols of helper applications libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update Conflicts. * New upstream version. It also includes the fixes for #638586 (Correct parsing of XMPP subject alternative names) and #638595 (gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure.) * Configure with --enable-gtk-doc, the included API reference is incomplete in the tarball. * [lintian] Get rid of binary-control-field-duplicates-source field warnings. * [lintian] Add description header to 14_version_gettextcat.diff * Bump shlibs. . gnutls28 (3.0.1-1) experimental; urgency=low . * Update Vcs-Svn and Vcs-Browser for new source package name. * New upstream version. + corrects formatting of gnutls-cli(1) manpage. Closes: #637551 * Bump build-dependency on libp11-kit-dev to (>= 0.4). * Drop 20_executablestack.diff, included upstream. * Includes crywrap(8), an application that proxies TLS session to a port using a plaintext service. * Add build-dependency on libidn11-dev, needed for newly added crywrap tool. * Bump shlibs. (New flags). . gnutls28 (3.0.0-2) experimental; urgency=low . * Add missing b-d on chrpath. * Search for .xz instead of .bz2 in watchfile. . gnutls28 (3.0.0-1) experimental; urgency=low . * Drop gcrypt related patches (16_unnecessarydep.diff 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff 20_gcrypt15compat.diff), update remaining one (14_version_gettextcat.diff). * Build against nettle and p11-kit. + Update DEB_CONFIGURE_EXTRA_FLAGS. + Update (Build-)Depends. (Add pkg-config, it is used for locating p11-kit.) * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 -> libgnutls28. * Drop libgnutls Breaks, they are superfluous after the soname change. * Delete config.log on clean. * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to assembly files. * Delete unneccessary rpath entries. * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a NEWS entry for this license change. * Move gnutls-extra library to separate package. . gnutls26 (2.12.7-4) unstable; urgency=low . * Upload to unstable. * Point watch file to stable release directory. * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config Libs.private. Closes: #632891 * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) . gnutls26 (2.12.7-3) experimental; urgency=low . [ Simon Josefsson ] * Fix Debian BTS URL in --with-packager-bug-reports option. . [ Andreas Metzler ] * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. . gnutls26 (2.12.7-2) experimental; urgency=low . * Stop shipping libtool la files. * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime libraries and guile-wrapper are Multi-Arch: same with Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are Multi-Arch: foreign, -dev and -dbg remain unchanged. + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not co-installable with itself. . gnutls26 (2.12.7-1) experimental; urgency=low . * New upstream version. * Update 17_ignoretestsuitteerrors.diff. * A new version of pokerth has been uploaded to sid, update libgnutls26 Breaks accordingly. . gnutls26 (2.12.6.1-1) experimental; urgency=low . * New upstream version. * Bump shlibs, global_set_time_function() was added. * Stop setting CFLAGS += -Wall, it is set by default again. * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite errors. . gnutls26 (2.12.5-1) experimental; urgency=low . * New upstream version. * Bump shlibs, gnutls_x509_crq_verify() was added. . gnutls26 (2.12.4-1) experimental; urgency=low . * New upstream version. * Bump shlibs. (gnutls_certificate_get_issuer() added). . gnutls26 (2.12.3-1) experimental; urgency=low . * New upstream version. * Drop patches included upstream: [18_restoreHMAC-MD5.diff] . gnutls26 (2.12.2-2) experimental; urgency=low . * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 for compatibility. Closes: #623001 . gnutls26 (2.12.2-1) experimental; urgency=low . * New upstream version. * [lintian] Drop article from short package descriptions. . gnutls26 (2.12.1-1) experimental; urgency=low . * New upstream version. + certtool: Generated certificate request with stricter permissions. Closes: #619746 * Drop superfluous patches: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will need a binNMU when gnutls 2.12.x uploaded to unstable. . gnutls26 (2.12.0-1) experimental; urgency=low . * New upstream stable release. + Drop superceded patches 17_goldhotfix.patch 18_libgnutls-openssl_soname.diff. * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff . gnutls26 (2.11.7-2) experimental; urgency=low . * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool versioning: 27:0:0). * Split off libgnutls-openssl to a separate package, since the sonames are not in sync anymore. . gnutls26 (2.11.7-1) experimental; urgency=low . * New upstream version (rc for 2.12) + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + Bump shlibs. * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. . gnutls26 (2.11.6-2) experimental; urgency=low . * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) on big endian architectures. . gnutls26 (2.11.6-1) experimental; urgency=low . * Development release. * Continue building against libgcrypt, run configure with --with-libgcrypt. * Refresh patches/15_fixgnutlspc.diff. * Set --with-packager* options. * Install newly available p11tool binary. * Bump libgcrypt11-dev Build-Depends. * C++ wrapper soname bump, change package name accordingly. * Bump shlibs. * Update debian/copyright. * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. . gnutls26 (2.10.5-3) unstable; urgency=medium . * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. . gnutls26 (2.10.5-2) unstable; urgency=low . * Stop shipping libtool la files. . gnutls26 (2.10.5-1) unstable; urgency=low . * New upstream bugfix release. + Drop 15_fixgnutlspc.diff, included upstream. * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. . gnutls26 (2.10.4-2) unstable; urgency=low . * Use debhelper compatibility level 7. * Merge in changes from 2.8.6-1: + Use dh_lintian. + Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. + hotfix pkg-config files (proper fix to be included upstream). + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff Closes: #405239 * Upload to unstable. . gnutls26 (2.10.4-1) experimental; urgency=low . * New upstream release. V1 CAs are trusted by default. . gnutls26 (2.10.3-1) experimental; urgency=low . * Drop workaround for 519006, binutils is fixed even in squeeze. * New upstream bugfix release. . gnutls26 (2.10.2-1) experimental; urgency=low . * New upstream version. + Fix asynchronous API handling. Closes: #588187 + certtool does not crash on reading from /dev/null anymore. Closes: #588029 * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. . gnutls26 (2.10.1-1) experimental; urgency=low . * Update package descriptions. Closes: #588067 * New upstream version. . gnutls26 (2.10.0-2) experimental; urgency=low . * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental (2.31.2-1) not yet. Closes: #587755 . gnutls26 (2.10.0-1) experimental; urgency=low . * New upstream stable release. * Point watchfile to stable releases. . gnutls26 (2.9.12-2) experimental; urgency=low . * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a useless and almost empty package on these archs.) * Drop ancient workaround for gcc bug on hppa. http://bugs.debian.org/128036 . gnutls26 (2.9.12-1) experimental; urgency=low . * New upstream version. . gnutls26 (2.9.11-1) experimental; urgency=low . * New upstream version. * Drop 15_gnutlspriority.diff, superseded. . gnutls26 (2.9.10-2) experimental; urgency=low . * [15_gnutlspriority.diff] Restore compatibility with programs using gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. Closes: #579831 . gnutls26 (2.9.10-1) experimental; urgency=low . * New upstream version. * New functions added, bump shlibs. . gnutls26 (2.9.9-1) experimental; urgency=low . * Package upstream development branch for experimental. * Track development versions in watchfile. * Package C++ wrapper again. Closes: #548637 . gnutls26 (2.8.6-1) unstable; urgency=low . * Use dh_lintian. * Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. * hotfix pkg-config files (proper fix to be included upstream). * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff . gnutls26 (2.8.5-2) unstable; urgency=low . * Add a huge bunch of lintian overrides for the guile stuff to make dak happy. . gnutls26 (2.8.5-1) unstable; urgency=low . * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) * Switch to '3.0 (quilt)' source format, allowing us to use upstreams orig.tar.bz2 without repacking it to gz. * New upstream version. + Drop patches/20_fixtimebomb.diff. . gnutls26 (2.8.4-2) unstable; urgency=high . * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 . gnutls26 (2.8.4-1) unstable; urgency=low . * New upstream version. + Drop debian/patches/15_openpgp.diff. * Sync priorities with override file, libgnutls26 has been bumped from important to standard. . gnutls26 (2.8.3-3) unstable; urgency=low . * Empty dependency_libs in la-files. (Squeeze release goal.) . gnutls26 (2.8.3-2) unstable; urgency=low . * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke openpgp connections. . gnutls26 (2.8.3-1) unstable; urgency=high . * New upstream version. + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it was built against. Closes: #540449 + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html * Drop 15_chainverify_expiredcert.diff, included upstream. * Urgency high, since 541439 applies to testing, too. . gnutls26 (2.8.1-2) unstable; urgency=low . [ Simon Josefsson ] * Remove cruft in rules file. * Remove patches/15_tasn1inpc.diff, not needed. . [ Andreas Metzler ] * Finally add an entry to the NEWS.Debian file concerning the deprecation of RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 * Upload to unstable. * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. Fix testsuite error caused by expired certificate. . gnutls26 (2.8.1-1) experimental; urgency=low . * New upstream stable release. . gnutls26 (2.7.14-1) experimental; urgency=low . * [debian/control] set section setting of source package to libs instead of devel. * New upstream version. + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + Bump shlibs, new symbols added. . gnutls26 (2.7.12-1) experimental; urgency=low . * Fix typo in changelog. Closes: #526427 * New upstream release. + Does not ship the scripts libgnutls-extra-config and libgnutls-config and the .m4 snippet to use it anymore. Please switch to pkg-config or standard autoconf test. Drop manpages and both patches/13_lessdeps_gnutls-config.diff and patches/13_lessdeps_gnutls-config.diff from the debian diff. + Update remaining patches. + Bump shlibs, new symbols added. * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of GNUTLS_2_8. * New upstream uses separate ./configure scripts for the different libraries. Invoke the main ./configure script with --cache-file=$(CURDIR)/config.cache to speed things up. . gnutls26 (2.6.6-1) unstable; urgency=high . * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. * New upstream security release. + libgnutls: Corrected double free on signature verification failure. GNUTLS-SA-2009-1 CVE-2009-1415 + libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. GNUTLS-SA-2009-2 CVE-2009-1416 + libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. GNUTLS-SA-2009-3 CVE-2009-1417 * The former two issues only apply to gnutls 2.6.x. The latter is a behavior change, add a NEWS.Debian file to document it. . gnutls26 (2.6.5-1) unstable; urgency=low . * Sync sections in debian/control with override file. libgnutls26-dbg is section debug, guile-gnutls is section lisp. * New upstream version. (Needed for Libtasn1-3 2.0) * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. * Standards-Version: 3.8.1, no changes required. . gnutls26 (2.6.4-2) unstable; urgency=low . * Upload to unstable. * Merge changelog entries from unstable and experimental. . gnutls26 (2.6.4-1) experimental; urgency=low . * New upstream version. . gnutls26 (2.6.3-1) experimental; urgency=low . * New upstream version. + Corrects bug gnutls-cli which caused a rehandshake request to be ignored. Closes: #396867 * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) . gnutls26 (2.6.2-2) experimental; urgency=low . * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 * [lintian] Add ${misc:Depends} to multiple dendency lines. . gnutls26 (2.6.2-1) experimental; urgency=low . * New upstream version. + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + Drop 20_fix_501077.diff. * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper there. * Add Simon Josefsson to uploaders. . gnutls26 (2.6.0-1) experimental; urgency=low . * New upstream stable release. * Add debian/patches/20_fix_501077.diff to fix an out of bound access in gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 . gnutls26 (2.5.9-1) experimental; urgency=low . * New upstream development version. * Bump shlibs. . gnutls26 (2.4.2-6) unstable; urgency=medium . * New patches, syncing with 2.4.3 upstream oldstable release: + 24_intermedcertificate.patch If a non-root certificate ist trusted gnutls certificateificate verification stops there instead of checking up to the root of the certificate chain. + 22_whitespace.patch - Whitespace only changes, to make it possible to apply upstream fixes without manual changes. + 25_bufferoverrun.patch. Fix buffer overrun bug in gnutls_x509_crt_list_import. http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e . gnutls26 (2.4.2-5) unstable; urgency=low . * Pull two patches from upstream stable branch to make gnutls behavior match documentation: + patch 23_permit_v1_CA.diff:Accept v1 x509 CA certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. CVE-2009-2409 . gnutls26 (2.4.2-4) unstable; urgency=medium . * Add Simon Josefsson to uploaders. * Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 . gnutls26 (2.4.2-3) unstable; urgency=low . * Fix a crash on trying to verify self-signed certificates introduced by the patch for CVE-2008-4989. Closes: #505279 . gnutls26 (2.4.2-2) unstable; urgency=medium . * [CVE-2008-4989.diff] Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3 . gnutls26 (2.4.2-1) unstable; urgency=low . * New upstream bugfix release. * Up to date gnutls-cli manpage. Closes: #492775 . gnutls26 (2.4.1-1) unstable; urgency=medium . * New upstream version, fixing a local denial of service vulnerability only present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 . gnutls26 (2.4.0-2) unstable; urgency=low . * Standards version 3.8.0. Rename README.source_and_patches to README.source. * Upload to unstable. * Point watchfile to stable releases again. * Merge experimental and unstable changelog. . gnutls26 (2.4.0-1) experimental; urgency=low . * New upstream stable release. * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. . gnutls26 (2.3.15-1) experimental; urgency=low . * New upstream version. (rc4) Disables 'openpgp-certs' tests. Closes: #486269 . gnutls26 (2.3.14-1) experimental; urgency=low . * New upstream version. (rc3) . gnutls26 (2.3.13-1) experimental; urgency=low . * New upstream version. 2nd rc for 2.4.0. * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. . gnutls26 (2.3.12-1) experimental; urgency=low . * New upstream version. Bump shlibs. * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite failure on sparc. . gnutls26 (2.3.11-1) experimental; urgency=low . * New upstream version. + Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See <http://www.gnu.org/software/gnutls/security.html>. CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + Fixes subjectAltName wildcard matching. Closes: #479174 + certtool now writes keyfiles with 0600 permissions. Closes: #373169 . gnutls26 (2.2.5-1) unstable; urgency=high . * New upstream version. Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See <http://www.gnu.org/software/gnutls/security.html>. CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 . gnutls26 (2.3.9-1) experimental; urgency=low . * New upstream development version. - OpenPGP support merged into libgnutls and is now licensed under LGPL. The included copy of OpenCDK has been stripped down and re-licensed under the LGPL. Using the external OpenCDK is not supported anymore, the external library will not be maintained anymore. Drop respective (build-)depends. - API extended, bump shlibs. - certtool asks for password confirmation. Closes: #364287 - performance enhancements for gnutls_certificate_set_x509_trust_file. Closes: #400448 - gnutls-cli: exits when hostname doesn't match certificate. Use --insecure to avoid hostname comparison. * For paranoia sake build with -D_REENTRANT even if upstream has stopped doing so. * [debian/copyright] : update, and stop including a GFDL copy. * Point watchfile to development versions. . gnutls26 (2.2.3-1) unstable; urgency=low . * New upstream stable release. - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 . gnutls26 (2.2.3~rc-1) unstable; urgency=low . * New upstream version. Release candidate for 2.2.3. + Increase default handshake packet size limit to 48kb. Closes: #478191 * remove unsupported .l command from debian/libgnutls-config.1 * Use Programming/C as doc-base section. . gnutls26 (2.2.2-1) unstable; urgency=low . * New upstream version. Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. corrected string handling in parse_general_name. Closes: #465197 * Point watchfile to ftp.gnutls.org. * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. . gnutls26 (2.2.1-3) unstable; urgency=low . * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build gnutls guile wrapper on ia64. . gnutls26 (2.2.1-2) unstable; urgency=low . * Add Vcs-Svn: and Vcs-Browser control fields. * Upload to unstable. . gnutls26 (2.2.1-1) experimental; urgency=low . * New upstream version. * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper there. * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both packages contain gnutls-bin debugging symbols. Closes: #459295. . gnutls26 (2.2.0-1) experimental; urgency=low . * New upstream version. License change! Main library stays LGPLv2.1+ but libgnutls-extra, libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is updated. * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older versions were GPLv2+) and this license is not compatible with GPLv3+. * Non packaged 2.1.8 introduced new symbol gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for DSA2 support. Closes: #455513 * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. . gnutls26 (2.1.7-1) experimental; urgency=low . * New upstream version. - Another soname bump. Packages renamed. * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since dak does not allow that yet. * Add Build-Conflicts: libgnutls-dev to stop libtool from linking libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 . gnutls25 (2.1.6-2) experimental; urgency=low . * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make experimental buildds happy. . gnutls25 (2.1.6-1) experimental; urgency=low . * New upstream version. API changes! Please consult /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, removed (mainly *_authz_*) and changed interfaces. This is the first release canddate for 2.2. The deprecation of gnutls_set_default_priority() is supposed to be undone before the final stable release. * Bump build-depends. * Stop building and shipping the C++ library, since nobody is using it. I will happly re-add it if requested. * Add Homepage field to debian/control. * Build and ship Guile bindings. Requested by Ludovic Courtès who also provided the initial patch. (On a sidenote I think guile generally does not do the right thing by throwing dlopened modules into /usr/lib/.) * Update debian/copyright. . gnutls13 (2.0.1-1) unstable; urgency=low . * New upstream version. * Remove doc/*.info* on clean to allow building thrice in a row. (Closes: #441740) . gnutls13 (1.7.19-1) unstable; urgency=low . * New upstream version 1.7.19. - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. This takes of care of the mutt breakage. Closes: #439640 . gnutls13 (1.7.18-2) unstable; urgency=low . * Upload to unstable . gnutls13 (1.7.18-1) experimental; urgency=low . * New upstream version 1.7.18, release candidate for 2.0. * Bump shlibs, since functions have been added. * Image files renamed upstream with gnutls- prefix and symlinked to /usr/share/info/ in Debian package. Closes: #423577 . gnutls13 (1.7.16-1) experimental; urgency=low . * New upstream version 1.7.16. . gnutls13 (1.7.14-1) experimental; urgency=low . * New upstream version - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 . gnutls13 (1.7.12-1) experimental; urgency=low . * New upstream version 1.7.12 - Fixes memory errors in certificate parsing. Closes: #333050 * Bump shlibs, due to API extensions in 1.7.10. * Rebuilding of docs simpified, strip debian/README.source_and_patches to reflect that. . gnutls13 (1.7.9-1) experimental; urgency=low . * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) * New upstream version. - Uses opencdk10 (0.6.x). - Improved gnutls_set_default_priority() priorities, with matching correct docs. (Closes: #422024) - bumped shlibs. * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage twice in a row on the same sourcetree. (Closes: #424357) Document what is needed to rebuild doc/gnutls.pdf in README.source_and_patches. . gnutls13 (1.7.7-1) experimental; urgency=low . * New development upstream version 1.7.7. - Point watchfile to development versions. - Bump shlibs for added APIs. - Includes German translation. (Closes: #392857) . gnutls13 (1.6.3-1) unstable; urgency=low . * New upstream version, pulling selected fixes and features from 1.7.x. * Bump shlibs. . gnutls13 (1.6.2-2) unstable; urgency=low . * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) . gnutls13 (1.6.2-1) unstable; urgency=low . * New upstream version - Really Closes: #403887 libgnutls failes to parse OpenSSL generated certificates, since it contains a regenerated pkix_asn1_tab.c. - Ship German translation. Closes: #392857 . gnutls13 (1.6.1-2) unstable; urgency=low . * [gnutls-bin.install] Ship psktool. * Ship gettext translations in deb package, but as gnutls13.mo instead of gnutls.mo. * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* changelog entries after branchoff. Point watchfile to stable upstream versions again. * Drop dependency of libgnutls13-dbg on libgnutlsxx13. . gnutls13 (1.6.1-1) experimental; urgency=low . [ James Westby ] * New upstream release. . gnutls13 (1.6.0-1) experimental; urgency=low . * New upstream version. . gnutls13 (1.5.3-1) experimental; urgency=low . [ Andreas Metzler ] * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. * New upstream version 1.5.3. * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. * Drop code for re-libtoolizing and running auto* from debian/rules, it is unused and would not work anymore. (We can later grab the from SVN and update it to make work if we ever need it.) . gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low . [ Andreas Metzler ] * Add a watchfile. * New upstream development version. - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was broken. - Drop unneeded patches/16_libs.private_gnutls.diff patches/16_libs.private_gnutls-extra.diff - Point watchfile to development versions. - Builds a C++ library. * Switch to debhelper v5 mode to be able to ship debug symbols of libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. * Branched off from 1.4.4-1. . gnutls13 (1.4.4-3) unstable; urgency=low . * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS version, try to negotiate the highest version support by the GnuTLS server, instead of the lowest. . gnutls13 (1.4.4-2) unstable; urgency=low . [ Andreas Metzler ] * Add a watchfile. * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. . gnutls13 (1.4.4-1) unstable; urgency=high . [ Andreas Metzler ] * New upstream version 1.4.4 - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't crash mutt. (closes: #386725) GNUTLS-SA-2006-4 is CVE-2006-4790. . gnutls13 (1.4.3-2) unstable; urgency=low . * the lesser of two weevils release. [ Andreas Metzler ] * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in various programs, including mutt. (closes: #386680) . gnutls13 (1.4.3-1) unstable; urgency=high . [ Andreas Metzler ] * New upstream version 1.4.3. - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. GNUTLS-SA-2006-4 - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. GNUTLS-SA-2006-3 - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. . gnutls13 (1.4.2-1) unstable; urgency=medium . [ Andreas Metzler ] * New upstream bugfix release. - Fixes a crash in the certificate verification logic. . gnutls13 (1.4.1-1) unstable; urgency=low . [ James Westby ] * New upstream release. * Remove the following patches as they are now included upstream: - 10_certtoolmanpage.diff - 15_fixcompilewarning.diff - 30_man_hyphen_*.patch * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than gnutls-api so that devhelp can find it. . gnutls13 (1.4.0-3) unstable; urgency=low . [ Andreas Metzler ] * Strip "libgnutls-config --libs"' output to only list stuff required for dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's README.Debian. * Pull patches/16_libs.private_gnutls.diff and debian/patches/16_libs.private_gnutls-extra.diff from upstream to make pkg-config usable for static linking. . gnutls13 (1.4.0-2) unstable; urgency=low . [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) * Also ship css-, devhelp- and sgml files in gnutls-doc. * patches/15_fixcompilewarning.diff correct order of funtion arguments. . [ James Westby ] * This release allows the port to be specified as the name of the service when using gnutls-cli (closes: #342891) . gnutls13 (1.4.0-1) experimental; urgency=low . * New maintainer team. Thanks, Matthias for all the work you did. * Re-add gnutls-doc package, featuring api-reference as manual pages and html, and reference manual in html and pdf format. (closes: #368185,#368449) * Fix reference to gnutls0.4-doc package in debian/copyright. Update debian/copyright and include actual copyright statements. (closes: #369071) * Bump shlibs because of changes to extra.h * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will generate the necessary directories. * Drop debian/NEWS.Debian as it only talks about the move of the (since purged) gnutls-doc package to contrib a long time ago. (Thanks Simon Josefsson, for these suggestions.) * new upstream version. (closes: #368323) * clean packaging against upstream tarball. - Drop all patches, except for fixing error in certtool.1 and setting gnutls_libs=-lgnutls-extra in libgnutls-extra-config. - Add --enable-ld-version-script to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of patching ./configure.in. (closes: #367358) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Build against external libtasn1-3. (closes: #363294) * Standards-Version: 3.7.2, no changes required. * debian/control and override file are in sync with respect to Priority and Section, everthing except libgnutls13-dbg already was. (closes: #366956) * acknowledge my own NMU. (closes: #367065) * libgnutls13-dbg is nonempty (closes: #367056) . gnutls13 (1.3.5-1.1) unstable; urgency=low . * NMU * Invoke ./configure with --with-included-libtasn1 to prevent accidental linking against the broken 0.3.1-1 upload of libtasn1-2-dev which contained libtasn1.so.3 and force gnutls13 to use the internal version of libtasn instead until libtasn1-3-dev is uploaded. Drop broken Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead of --dbg-package=libgnutls12. (closes: #367056) . gnutls13 (1.3.5-1) unstable; urgency=low . * New Upstream version. - Security fix. - Yet another ABI change. * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 * Let -dev package depend on liblzo-dev (closes:#347438) * Fix certtool help output (closes:#338623) . gnutls12 (1.2.9-2) unstable; urgency=low . * Install /usr/lib/pkgconfig/*.pc files. * Depend on texinfo (>= 4.8, for the @euro{} sign). . gnutls12 (1.2.9-1) unstable; urgency=low . * New Upstream version. . gnutls12 (1.2.8-1) unstable; urgency=low . * New Upstream version. - depends on libgcrypt11 1.2.2 * Bumped shlibs version, just to be on the safe side. . gnutls12 (1.2.6-1) unstable; urgency=low . * New Upstream version. * Remove Provides: on libgnutls11-dev. Hopefully this will be temporary (pending discussion with Upstream). . gnutls12 (1.2.5-3) unstable; urgency=high . * Updated libgnutls12.shlibs file. Thanks to Mike Paul <w5ydkaz02@sneakemail.com>. Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks dependencies on this library . gnutls12 (1.2.5-2) unstable; urgency=medium . * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. Added an explicit dependency as a stopgap fix. . gnutls12 (1.2.5-1) unstable; urgency=low . * Merged with the latest stable release. * Renamed to gnutls12. - Changed the library version strings to GNUTLS_1_2. - Renamed the development package back to "libgnutls-dev". . gnutls11 (1.0.19-1) experimental; urgency=low . * Merged with the latest stable release. . gnutls11 (1.0.16-13) unstable; urgency=high . * Fixed an ASN.1 extraction error. Found by Pelle Johansson <morth@morth.org>. . gnutls11 (1.0.16-12) unstable; urgency=high . * Fixed a segfault in certtool. Closes: #278361. . gnutls11 (1.0.16-11) unstable; urgency=medium . * Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken. . gnutls11 (1.0.16-10) unstable; urgency=high . * Fixed one instance of uninitialized memory usage. . gnutls11 (1.0.16-9) unstable; urgency=high . * Pulled from Upstream CVS: - Fix two memory leaks. - Fix NULL dereference. . gnutls11 (1.0.16-8) unstable; urgency=high . * Pulled these changes from Upstream CVS: - Added default limits in the verification of certificate chains, to avoid denial of service attacks. - Added gnutls_certificate_set_verify_limits() to override them. - Added gnutls_certificate_verify_peers2(). . gnutls11 (1.0.16-7) unstable; urgency=low . * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. Thanks to joeyh@debian.org for reporting this problem. . gnutls11 (1.0.16-6) unstable; urgency=medium . * Memory leak, found by Modestas Vainius <geromanas@mailas.com>. - Closes: #264420 . gnutls11 (1.0.16-5) unstable; urgency=low . * Depend on current libtasn1-2 (>= 0.2.10). - Closes: #264198. * Fixed maintainer email to point to Debian address. . gnutls11 (1.0.16-4) unstable; urgency=low . * The OpenSSL compatibility library has been linked incorrectly (-ltasn1 was missing). * Need to build-depend on current opencdk8 and libtasn1-2 version. . gnutls11 (1.0.16-3) unstable; urgency=high . * Documentation no longer includes LaTeX-produced output (the source contains latex2html-specific features, which is non-free). * Urgency: High because of pending base freeze. . gnutls11 (1.0.16-2) unstable; urgency=high . * Actually *enable* debug symbols :-/ * Urgency: High for speedy inclusion in d-i . gnutls11 (1.0.16-1) experimental; urgency=low . * Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html. . gnutls10 (1.0.4-4) unstable; urgency=low . * New maintainer. * Run autotools at source package build time. - Closes: #257237: FTBFS (i386/sid): aclocal failed * Remove "package is still changed upstream" warning. * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. . gnutls10 (1.0.4-3) unstable; urgency=low . * control: Changed the build dependency and the dependency of libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which could cause linking against two versions of libgcrypt. . gnutls10 (1.0.4-2) unstable; urgency=low . * libgnutls-doc.doc-base: Removed HTML manual listing. * control: Removed Jordi Mallach from the list of Uploaders. Thanks, Jordi :) . gnutls10 (1.0.4-1) unstable; urgency=low . * New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream. . gnutls10 (1.0.0-1) unstable; urgency=low . * New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list. . gnutls8 (0.9.99-1) experimental; urgency=low . * New upstream release. * Included upstream GPG signature in .orig.tar.gz. . gnutls8 (0.9.98-1) experimental; urgency=low . * New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch]. . gnutls8 (0.9.95-1) experimental; urgency=low . * New upstream version. . gnutls8 (0.9.94-1) experimental; urgency=low . * New upstream version; package based on gnutls7 0.8.12-2. * debian/control: * Build-depend on libgcrypt7-dev (>= 1.1.44-0). * debian/rules: Run auto* after the patches have been applied.gnutls28 (3.7.1-1) unstable; urgency=medium . * New upstream version Fixes potential use-after-free in sending "key_share" and "pre_shared_key" extensions. GNUTLS-SA-2021-03-10. * Upload to unstable. . gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium . * Fix autopkgtest skiplist. . gnutls28 (3.7.0+git20210306-1) experimental; urgency=low . * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa + Drop cherry-picked patches {48,49,50}_*. + Update copyright file. . gnutls28 (3.7.0-7) unstable; urgency=medium . * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch 50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch 50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl. (Thanks to Tim Kosse for the pointer) Closes: #980119 . gnutls28 (3.7.0-6) unstable; urgency=medium . * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch with merged version from upstream GIT master. Features a fix for an assert on connection to servers which send a duplicate chain including the self-signed CA. Closes: #980513 . gnutls28 (3.7.0-5) unstable; urgency=low . * Update from upstream GIT master, replace patches, add new ones. + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added. + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch Closes: #977552 + 45_opensslcompat_no_export_gl.diff --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch. + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added. * Upload to unstable. . gnutls28 (3.7.0-4) experimental; urgency=medium . * Test build of fixes from https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and #977552. . gnutls28 (3.7.0-3) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.7.0-2) experimental; urgency=low . * Fix guile-gnutls guile-x.x dependency. * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols. . gnutls28 (3.7.0-1) experimental; urgency=low . * New upstream version. + Drop 50_autopkgtestfixes.diff. + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher added). + Requires nettle >= 3.6. * [lintian] Use v4 watch file. * Add a symbol file for libgnutls-openssl27. * Use dh v13 compat, (Some fixes for dh_missing.) . gnutls28 (3.6.15-4) unstable; urgency=medium . * autopkgtest: Require build-essential. * autopkgtest: respect dpkg-buildflags for helper-binary build. . gnutls28 (3.6.15-3) unstable; urgency=medium . * More autopkgtest hotfixes. . gnutls28 (3.6.15-2) unstable; urgency=medium . * 50_autopkgtestfixes.diff: Fix testsuite issues when running against installed gnutls-bin. * In autopkgtest set top_builddir and builddir, ignore tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh. . gnutls28 (3.6.15-1) unstable; urgency=low . * New upstream version. + Fixes NULL pointer dereference if a no_renegotiation alert is sent with unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04 Closes: #969547 + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch 50_03-gnutls_cipher_init-fix-potential-memleak.patch 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + Fix build error due to outdated gettext in Debian by removing newer gettext m4 macros from m4/. . gnutls28 (3.6.14-2) unstable; urgency=medium . * Pull selected patches from upstream GIT: + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch: Fixes difference in generated docs on 32 and 64 bit archs. + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch 50_03-gnutls_cipher_init-fix-potential-memleak.patch Fix memleak in gnutls_aead_cipher_init() with keys having invalid length. (Broken since 3.6.3) + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch Closes: #962467 . gnutls28 (3.6.14-1) unstable; urgency=high . * Drop debugging code added in -4, fixes nocheck profile build error. Closes: #962199 * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to debian/upstream/signing-key.asc. * New upstream version. + Fixes insecure session ticket key construction. [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289 + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch 51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 51_02-x509-trigger-fallback-verification-path-when-cert-is.patch 51_03-tests-add-test-case-for-certificate-chain-supersedin.patch * Drop guile-gnutls.lintian-overrides. * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!) Hopefully Closes: #962218 . gnutls28 (3.6.13-4) unstable; urgency=medium . * Output some network related debugging from debian/rules. * Fix verification error with alternate chains. Closes: #961889 . gnutls28 (3.6.13-3) unstable; urgency=medium . * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS master: Handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers. (See LP 1876286) . gnutls28 (3.6.13-2) unstable; urgency=high . * Upload to unstable. . gnutls28 (3.6.13-1) experimental; urgency=low . * New upstream version. + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556 * Fix guile lintian override for shared-lib-without-dependency-information. . gnutls28 (3.6.12-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.6.12-1) experimental; urgency=low . [ Debian Janitor ] * Drop unnecessary dh arguments: --parallel . [ Andreas Metzler ] * Fix bindtextdomain() call and dgettext() invocations to search for the correct filename. (Thanks, Laurent Bigonville for report and diagnosis.) Closes: #949151 * [lintian] Drop superfluous debian/source/include-binaries. * New upstream version. + Update symbol file. + Drop workaround for #658110, install guile shared objects to multi-arch paths. . gnutls28 (3.6.11.1-2) unstable; urgency=low . * Use dh 12 compat level. + Install gtk-doc files from as-installed location instead of builddir to avoid dh_missing warnings. * List *.la files in debian/not-installed. * Upload to unstable. . gnutls28 (3.6.11.1-1) experimental; urgency=low . * New upstream version. Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch 50_02-guile-Silence-auto-compilation-warning-for-guild.patch * Update symbol file (VKO GOST key exchange supported was added). . gnutls28 (3.6.10-5) unstable; urgency=medium . * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch 50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!) Closes: #943905 . gnutls28 (3.6.10-4) unstable; urgency=medium . * Add support for noguile build profile. See #943905. . gnutls28 (3.6.10-3) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.6.10-2) experimental; urgency=medium . * Switch b-d from texlive-generic-recommended to texlive-plain-generic. Closes: #941526 . gnutls28 (3.6.10-1) experimental; urgency=low . * New upstream version. + Drop i386-fix-wrong-reloc.patch and 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch. + Update symbol files. + Update copyright. Stop shipping a copy of the GNU Affero General Public License version 3. (pkcs11-mock.* is now under a different license.) . gnutls28 (3.6.9-7) experimental; urgency=low . * Fix copy-paste error (missing line) in libgnutls-dane0 description. * Re-add guile-gnutls, test-build (including testsuite) was successful. Closes: #905272 . gnutls28 (3.6.9-6) experimental; urgency=low . * Test-build guile bindings. . gnutls28 (3.6.9-5) unstable; urgency=medium . * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream GIT master: Fix interop problems with gnutls 2.x. Closes: #933538 . gnutls28 (3.6.9-4) unstable; urgency=medium . * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken assembly code. (Thanks, Steve Langasek for report and patch!) Closes: #934193 . gnutls28 (3.6.9-3) unstable; urgency=medium . * autopkgtest: Skip system-override-sig-hash.sh. . gnutls28 (3.6.9-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.6.9-1) experimental; urgency=low . * New upstream version. + Update symbol file. . gnutls28 (3.6.8-2) unstable; urgency=low . * Use DH 11 compat again. * 3.6.8 builds with gcc-9. Closes: #925701 * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian Andres Klode) Closes: #930541 See also https://gitlab.com/gnutls/gnutls/merge_requests/986 * Upload to unstable. . gnutls28 (3.6.8-1) experimental; urgency=low . * New upstream version. + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended, texlive-latex-base. + Update symbol file. . gnutls28 (3.6.7-4) unstable; urgency=medium . * Cherry-pick important bug-fixes from 3.6.8: + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch The gnutls_srp_set_server_credentials_function can be used with the 8192 parameters as well. https://gitlab.com/gnutls/gnutls/issues/761 + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch Fix calculation of Streebog digests (incorrect carry operation in 512 bit addition). + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client. Closes: #929907 + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain crafting via IDNA conversion. https://gitlab.com/gnutls/gnutls/issues/720 + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch Fixed bug preventing the use of gnutls_pubkey_verify_data2() and gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag. https://gitlab.com/gnutls/gnutls/issues/754 . gnutls28 (3.6.7-3) unstable; urgency=medium . * Revert debhelper upgrade, use DH 10. . gnutls28 (3.6.7-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.6.7-1) experimental; urgency=medium . * New upstream version. + Update AUTHOR list in copyright file. + Update symbol file. + Fixes issue preventing sending and receiving from different threads when false start was enabled. Closes: #922879 + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477 + Fixes a memory corruption (double free) vulnerability in the certificate verification API. https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 GNUTLS-SA-2019-03-27 + Fixes an invalid pointer access via malformed TLS1.3 async messages; https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836 GNUTLS-SA-2019-03-27 . gnutls28 (3.6.6-3) unstable; urgency=low . * Add @ to autopkgtest's Depends. * Use DH 11 compat. . gnutls28 (3.6.6-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.6.6-1) experimental; urgency=low . * New upstream version. + Fixes certtool.1 syntax. Closes: #920215 + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff. + Update symbol file for released version. . gnutls28 (3.6.5+git20190105-1) experimental; urgency=low . * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6. + Update symbol and copyright file. * Delete autogen stamp-files on clean to enforce regeneration. . gnutls28 (3.6.5-2) unstable; urgency=low . * Upload to unstable. * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1. . gnutls28 (3.6.5-1) experimental; urgency=medium . * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments. * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is now in oldstable. * New upstream version. + Requires nettle >= 3.4.1(rc). + List newly added symbols in symbol file. Bump generated dependencies to >= 3.6.5 since multiple enums have been extended. + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835 * [lintian] Drop dh_strip override, stable has automatic debug packages. . gnutls28 (3.6.4-2) experimental; urgency=medium . * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch. . gnutls28 (3.6.4-1) experimental; urgency=medium . * New upstream version. * Update symbol file. * Drop --enable-tls13-support configure option. . gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium . * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback detection for the draft-tls support, because it will be triggered once TLS versions with the final numbering are deployed. (Thanks, Nikos!) . gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium . * Set Rules-Requires-Root: no. * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41. + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch + Update symbol file. . gnutls28 (3.6.3-2) experimental; urgency=medium . * Update basic feature list in package descriptions, based on short description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3 added.) Closes: #904681 * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes cherrypicked by Nikos for Fedora rawhide. . gnutls28 (3.6.3-1) experimental; urgency=medium . * New upstream version. * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. . gnutls28 (3.6.2+git20180714-1) experimental; urgency=low . * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94. + SSL 3.0 disabled by default at compile-time. * Bump symbol dependency info. . gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium . * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e. * Drop 40_add_missingm4.diff. * Bump symbol dependency info. * For testing build with --enable-tls13-support. . gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium . * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. . gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium . * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762. * Drop superfluous patches: + 40_increase_srp_test_timeout.diff + 50_mark_tests_xfail.diff + 52_fix_testcompat-main-openssl.diff * Add new functions to symbol file. * Many enums/flags extended, be conservative and bump sympol dependency info. * Bump libgnutlsxx28 shlibs. * Bump (b-)d on nettle-dev and libp11-kit-dev. . gnutls28 (3.6.2-3) experimental; urgency=low . * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix FTBFS with softhsm 2.4.0. * [lintian] Delete trailing empty lines in changelog. * 52_fix_testcompat-main-openssl.diff: Allow running test successfully and against binaries from installed gnutls-bin package. * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et al) of the upstream testsuite. . gnutls28 (3.6.2-2) experimental; urgency=low . * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test The new srp-8192 test failed on slow archs (mips/mipsel). * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and build-depends-on-1-revision. * Point Vcs-* to salsa. * Sort Build-Depends alphabetically. . gnutls28 (3.6.2-1) experimental; urgency=low . * (Build-)depend on libidn2-dev instead of transitional package libidn2-0-dev. Closes: #883187 * Point homepage field and watchfile to https URL. * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc (and stop uscan from doing so on every invocation). * Refresh upstream key, adding signing subkey A812CBFDFCDC4D0BE7A093129D5EAAF69013B842. * New upstream version. + When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. Closes: #885127 + Bump shlibs/symbol files for newly added symbols. * [lintian] Clean up trailing whitespace in debian/changelog. * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard -> optional). * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from build-depends. Stop specifying --parallel --with autoreconf. . gnutls28 (3.6.1-1) experimental; urgency=medium . * New upstream version. + Drop 35_modernize_gtkdoc.diff. + Fixes interoperability issue with openssl when safe renegotiation was used. Closes: #873055 + Update symbol file. . gnutls28 (3.6.0-2) experimental; urgency=medium . * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Closes: #876587 . gnutls28 (3.6.0-1) experimental; urgency=low . * New upstream version. + Multiple enums listing function flags have been extended, new algorithms have been added. Bump dependency info on all symbols in main GnuTLS library to >= 3.6.0, to make sure the versioning is strict enough. + Drop (build-)dependency on zlib1g-dev. + Update copyright info. + Calls to gnutls_record_send() and gnutls_record_recv() prior to handshake being complete are now refused. Closes: #849807 * Drop --without-lzo from ./configure, it has been a noop for a long time. * Build in private directory, using "dh --builddirectory=b4deb". . gnutls28 (3.5.19-1) unstable; urgency=low . * New upstream version. + Drop 35_modernize_gtkdoc.diff. . gnutls28 (3.5.18-1) unstable; urgency=medium . * New upstream version. * Refresh upstream key, adding new signing subkey. Move to ascii armored keyring. . gnutls28 (3.5.17-1) unstable; urgency=low . * New upstream version. + When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. Closes: #885127 . gnutls28 (3.5.16-1) unstable; urgency=medium . * New upstream version. + Fixes interoperability issue with openssl when safe renegotiation was used. Closes: #873055 * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from gtk-doc git head (that is 1.26 + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. Closes: #876587 . gnutls28 (3.5.15-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.15-1) experimental; urgency=medium . * New upstream version. Drop unneeded patches. (31_arm64ilp32-unaccelerated.patch 35_record-added-sanity-checking-in-the-record-layer-ver.patch 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch) . gnutls28 (3.5.14-3) unstable; urgency=low . * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from upstream gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an already terminated or deinitialized session. Closes: #867303 * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from upstream gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting to accessing past the input data. * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly code on arm64ilp32 to fix FTBFS. Closes: #872454 * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8. * Standards-Version 4.0.1, update priorities (extra->optional). . gnutls28 (3.5.14-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.14-1) experimental; urgency=low . [ Dan Nicholson ] * Build with --disable-rpath. Closes: #865674 . [ Andreas Metzler ] * New upstream version. * Build against external libunistring. . gnutls28 (3.5.13-2) unstable; urgency=medium . * Upload to unstable, merge changelogs. . gnutls28 (3.5.13-1) experimental; urgency=low . * New upstream version. + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch. + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer dereference. #864560 . gnutls28 (3.5.12-2) experimental; urgency=medium . * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct typo preventing the run of openpgp test. * Stop disabling heartbeat support. Closes: #861193 . gnutls28 (3.5.12-1) experimental; urgency=medium . * New upstream version. * Bump dep info on gnutls_session_ext_register. . gnutls28 (3.5.11-1) experimental; urgency=medium . * New upstream version. * gnutls.pc: do not include libtool options into Libs.private. Closes: #857943 * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and Libs.private. (LP: #1660915) * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, which includes TLS1.2 support. Closes: #857436 * Add b-d on ca-certificates, needed for trust-store check. . gnutls28 (3.5.10-1) experimental; urgency=medium . * New upstream version. + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888 + Includes fixes for GNUTLS-SA-2017-3[ABC]. + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct and gnutls_ocsp_resp_verify which now accept (more) flags. . gnutls28 (3.5.9-1) experimental; urgency=medium . * New upstream version. + Drop debian/patches/35_0*. + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map. * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of libidn11-dev. . gnutls28 (3.5.8-6) unstable; urgency=high . * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507 Closes: #864560 . gnutls28 (3.5.8-5) unstable; urgency=medium . * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch. * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch: Addressed large allocation in OpenPGP certificate parsing, that could lead in out-of-memory condition. Issue found using oss-fuzz project, and was fixed by Alex Gaynor. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C] . gnutls28 (3.5.8-4) unstable; urgency=medium . * More upstream fixes from gnutls_3_5_x branch: + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer overflow resulting to invalid memory write in OpenPGP certificate parsing. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 [GNUTLS-SA-2017-3A] + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of 1 byte past the end of buffer in OpenPGP certificate parsing. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch Addressed crashes in OpenPGP certificate parsing, related to private key parser. No longer allow OpenPGP certificates (public keys) to contain private key sub-packets. Issue found using oss-fuzz project: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B] . gnutls28 (3.5.8-3) unstable; urgency=high . * Another two bugfixes from upstream. + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch Address test suite failure due to timezone differences. Closes: #853732 + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch When returning success, but no elements gnutls_pkcs11_obj_list_import_url4 could have returned zero number of elements with a pointer that was uninitialized. . gnutls28 (3.5.8-2) unstable; urgency=medium . * Pull two fixes from upstream GIT gnutls_3_5_x branch 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch 35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch. . gnutls28 (3.5.8-1) unstable; urgency=medium . * New upstream release. * Upload to unstable. . gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium . * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding tests/key-tests/key-invalid.) + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch + libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. GNUTLS-SA-2017-1 CVE-2017-5334 + libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2 CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337 . gnutls28 (3.5.7-3) unstable; urgency=medium . * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch, 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned by PKCS#8 decryption functions when an invalid key is provided. This addresses regression on decrypting certain PKCS#8 keys. Closes: #848905 . gnutls28 (3.5.7-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.7-1) experimental; urgency=low . * New upstream version. * Drop unneeded patches. 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch 41_04_cleanups-in-_gnutls_buffer_to_datum.patch 41_05_x509-output-use-the-new-functions-for-DN-output.patch 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch * Add missing dependency of libgnutls28-dev on libgnutls-dane0. * Update symbol file. (Add new symbols, bump dependency on functions that might return new error codes.) * Build with --with-included-unistring, Debian's libunistring package is too old (non dual-licensed). . gnutls28 (3.5.6-7) unstable; urgency=low . * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest for dns-root-data to libgnutls-dane0. * Upload to unstable. . gnutls28 (3.5.6-6) experimental; urgency=medium . * Pull a patch set from upstream GIT which reverts the DN sorting change in 3.5.6 and adds new functions to provide a RFC4514 compliant sorting. Closes: #844539 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch 41_04_cleanups-in-_gnutls_buffer_to_datum.patch 41_05_x509-output-use-the-new-functions-for-DN-output.patch 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch * Update symbol file. . gnutls28 (3.5.6-5) experimental; urgency=low . * Merge changes from unstable. . gnutls28 (3.5.6-4) unstable; urgency=medium . * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from upstream git master. The latter fixes a gnutls-cli-debug segfault. Closes: #844061 . gnutls28 (3.5.6-3) experimental; urgency=low . * Package libgnutls-dane, as libunbound is now built against nettle instead of OpenSSL. Closes: #733295 . gnutls28 (3.5.6-2) unstable; urgency=low . * Upload to unstable. * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are longer than 32-bits. (Upstream GIT commit fcdb461e935dbdc0892241a35be7499116f22a67). . gnutls28 (3.5.6-1) experimental; urgency=low . * New upstream version. + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch). + Update symbol file. . gnutls28 (3.5.5-6) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.5-5) experimental; urgency=medium . * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility issue with GnuTLS 3.3 clients. Closes: #841723 * Bump symbol dependency info for multiple gnutls_certificate_(set|get)_*_key* functions. If %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a non-negative return code on success instead of 0 for success and negative numbers for failure. * Add b-d on openssl (for testsuite). . gnutls28 (3.5.5-4) unstable; urgency=medium . * Upload to unstable. * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch. . gnutls28 (3.5.5-3) experimental; urgency=medium . * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced in 3.5.5. . gnutls28 (3.5.5-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.5-1) experimental; urgency=medium . * New upstream version. + Update symbol file. . gnutls28 (3.5.4-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.4-1) experimental; urgency=medium . * New upstream version. + Drop superfluous patches: 35_gnutls-cli-print-Handshake-was-completed.patch 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch 37_openssl-format-fix-from-openconnect.patch 39_ocsptool-corrected-bug-in-session-establishment.patch 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch + Update symbol file. * Add b-d on softhsm2 for pkcs11 tests. . gnutls28 (3.5.3-5) experimental; urgency=medium . * Pull DTLS fixes from upstream GIT master. 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch Closes: #835587 . gnutls28 (3.5.3-4) unstable; urgency=high . * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of ocsptool --ask ... Closes: #836371 * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP certificate check doesn't actually verify the serial length and might succeed when it shouldn't. CVE-2016-7444 . gnutls28 (3.5.3-3) unstable; urgency=medium . * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake was completed', fixing emacs' lisp/net/tls.el. Closes: #834516 * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch gnutls-cli STARTTLS support was broken in 3.5.3. * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of OpenSSL encrypted PEM files. . gnutls28 (3.5.3-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.5.3-1) experimental; urgency=medium . * New upstream version. + Update libgnutls30.symbols. + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to apply it in the previous upload anyway.) + Add b-d on libcmocka-dev (marked with <!nocheck>). . gnutls28 (3.5.2-3) experimental; urgency=medium . * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch from upstream GIT, which should allow gnutls continue to work with CVE-2016-6489-patched nettle. . gnutls28 (3.5.2-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.5.2-1) experimental; urgency=low . * New upstream version. * Add libssl-dev b-d (marked with <!nocheck>), which can be used in testsuite. . gnutls28 (3.5.1-1) experimental; urgency=medium . * Merge from unstable: + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should have been dropped with the soname bump from libgnutls-deb0-28 to libgnutls30 in the first place. (Thanks, Andreas Beckmann) Closes: #825645 + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via the <!nocheck> profile. * New upstream version. + Drop 40_openssl_compat-removed-unneeded-headers.patch. + Install README.md instead of README. + Update symbol file. . gnutls28 (3.5.0-1) experimental; urgency=medium . * New upstream release. + Drop unneeded patches: 40_src-added-systemkey-args-to-BUILT_SOURCES.patch 45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch 45_03_configure-corrected-regression-which-prevented-the-b.patch 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT to fix FTBFS in openssl wrapper. * crywrap is not shipped with GnuTLS anymore. * Update copyright info, ship copy of the GNU Affero General Public License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of the testsuite use this license. * Update symbol file: + Add new functions. + Multiple core enums (including gnutls_init_flags_t) have been extended, and most gnutls users will invoke at least one function affected by this change. Bump symbol dependency info to >= 3.5.0 for all symbols, because we would end up with this dependency anyway. . gnutls28 (3.4.14-1) unstable; urgency=medium . * Also mark b-d on net-tools/freebsd-net-tools as optional via the <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and patch). Closes: #826693 * New upstream bugfix release. This includes the following fix: + libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2). The issue is not relevant for the Debian binary packages, since we do not build with --with-default-trust-store-pkcs11=. . gnutls28 (3.4.13-1) unstable; urgency=high . * New upstream bugfix release. + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was introduced in 3.4.12. + Testsuite requires netstat, add b-d. . gnutls28 (3.4.12-2) unstable; urgency=medium . * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should have been dropped with the soname bump from libgnutls-deb0-28 to libgnutls30 in the first place. (Thanks, Andreas Beckmann) Closes: #825645 . gnutls28 (3.4.12-1) unstable; urgency=medium . * New upstream version. + Drop superfluous patches. (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch 45_03_configure-corrected-regression-which-prevented-the-b.patch 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) + Update copyright info, ship copy of the GNU Affero General Public License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of the testsuite use this license. . gnutls28 (3.4.11-4) unstable; urgency=medium . * Drop guile-gnutls package, testsuite errors have stayed unfixed too long. Closes: #821457, #805863 . gnutls28 (3.4.11-3) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.4.11-2) experimental; urgency=medium . * Pull post-release fixes from upstream gnutls_3_4_x branch. (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch 45_03_configure-corrected-regression-which-prevented-the-b.patch 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) . gnutls28 (3.4.11-1) experimental; urgency=medium . * New upstream version. + Drop superfluous patches. (41_tests-mini-loss-time-ensure-client-timeouts.diff 42_mini-loss-time-improved-timeout-detection.patch 43_fix_cpucapoverride.diff) * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is not installed/built anymore. Update gnutls-doc file list. * Enable hardening=+bindnow. . gnutls28 (3.4.10-4) unstable; urgency=medium . * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is unavailable. Closes: #818341 . gnutls28 (3.4.10-3) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.4.10-2) experimental; urgency=medium . * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain) * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch, another try for Closes: #813598 . gnutls28 (3.4.10-1) experimental; urgency=medium . * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT master to fix FTBFS with parallel builds. Closes: #816148 * New upstream version. * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream master branch to fix occasional testsuite error. Closes: #813598 . gnutls28 (3.4.9-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.4.9-1) experimental; urgency=medium . * New upstream version. * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and 36_Revert-tests-updated-to-account-for-cert-generation.patch. . gnutls28 (3.4.8-3) unstable; urgency=medium . * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and 36_Revert-tests-updated-to-account-for-cert-generation.patch from upstream GIT. Closes: #813243 . gnutls28 (3.4.8-2) unstable; urgency=medium . * Merge master branch into experimental. + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This is a kludge and technically wrong, but will prevent partial upgrades from stable. See: #788735 * Upload to unstable. . gnutls28 (3.4.8-1) experimental; urgency=medium . * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration option was added to debhelper/unstable with version 9.20150628, bump build-dependency accordingly. * autoreconf requires automake 1.12.2, add build-dependency. * New upstream version. + Update symbol file. * Move Vcs-* from git/http to https. . gnutls28 (3.4.7-1) experimental; urgency=medium . * New upstream version. + Update symbol file. . gnutls28 (3.4.6-1) experimental; urgency=medium . * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and later) to improve reproducibility of build. * New upstream version. + Update symbol file. * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev (>= 1.17.14). Both are required for build-profile support added in previous upload. (Thanks, lintian.) . gnutls28 (3.4.5-1) experimental; urgency=medium . [ Helmut Grohne ] * Turn Build-Depends: datefudge optional via <!nocheck> profile. Closes: #797544 . [ Andreas Metzler ] * New upstream version. . gnutls28 (3.4.4.1-1) experimental; urgency=medium . * New upstream version. + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, bump dependency info for functions taking it as argument or returning it. + Bump dependency info on private symbols. + Update debian/copyright. + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 CVE-2015-6251 . gnutls28 (3.4.3-1) experimental; urgency=medium . * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31. * New upstream version. + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum gnutls_pkcs11_token_info_t. + Add dependency info for new symbols, bump private symbol dependency. . gnutls28 (3.4.2-2) experimental; urgency=medium . * Disable libidn support because CVE-2015-2059 is still not fixed. See <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building of crywrap. . gnutls28 (3.4.2-1) experimental; urgency=medium . * New upstream version. + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch. + Update libgnutls30.symbols. (Add new fuctions, bump private symbol version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.) . gnutls28 (3.4.1-1) experimental; urgency=medium . * New upstream version. + Bump (build)-depends on nettle and p11-kit. + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and 55_nettle3.patch. + Update 14_version_gettextcat.diff. + Soname bump, library package renamed from libgnutls-deb0-28 to libgnutls30. + OpenSSL compat layer is not built by default anymore, pass --enable-openssl-compatibility to ./configure. + Update symbol file. + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. Closes: #773145 + Since the pkg-config file gnutls.pc now lists libidn in Requires.private "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add dependency on libidn11-dev to libgnutls28-dev. * Fix typo in debian/rules (s/-disable-silent-rules/--disable-silent-rules). . gnutls28 (3.3.20-1) unstable; urgency=medium . * autoreconf requires automake 1.12.2, add build-dependency. * New upstream version. * Move Vcs-* from git/http to https. . gnutls28 (3.3.19-1) unstable; urgency=medium . * New upstream version. + Refresh 20_debian_specific_soname.diff. + Update symbol file. . gnutls28 (3.3.18-1) unstable; urgency=medium . * New upstream version. . gnutls28 (3.3.17-1) unstable; urgency=medium . * New upstream version. + Drop superfluous patches. (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch, 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch, 47_safe-renegotiation-simulate-receiving-the-extension-.patch) + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, bump dependency info for functions taking it as argument or returning it. + Bump dependency info on private symbols. + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 CVE-2015-6251 . gnutls28 (3.3.16-2) unstable; urgency=medium . * Refresh 40_no_more_ssl3.diff. * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch 47_safe-renegotiation-simulate-receiving-the-extension-.patch Pull three patches from upstream GIT to fix issue with server side sending the status request extension even when not requested. <http://article.gmane.org/gmane.network.gnutls.general/3929> . gnutls28 (3.3.16-1) unstable; urgency=medium . * Limit watchfile to 3.3.x versions. * New upstream version. + Drop superfluous patches (50_updated-sign-md5-rep-to-reduce-false-failures.patch, 55_nettle3.patch, 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch) + Bump private symbol versioning. . gnutls28 (3.3.15-7) unstable; urgency=medium . * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This is a kludge and technically wrong, but will prevent partial upgrades from stable. Closes: #788735 * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. . gnutls28 (3.3.15-6) unstable; urgency=high . * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch Closes: #788011 . gnutls28 (3.3.15-5) unstable; urgency=medium . * Upload to unstable. * Downgrade nettle-dev b-d to 2.7, this upload should build correctly against both 2.7 and 3.x. . gnutls28 (3.3.15-4) experimental; urgency=medium . * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it allows compilation against both nettle 2.7 and 3.x. * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev and libtasn1-6-dev, the =${binary:Version} dependency of the development packages on the respective library packages should make this superfluous. . gnutls28 (3.3.15-3) experimental; urgency=medium . * Add 55_nettle3.patch from http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building against nettle3. . gnutls28 (3.3.15-2) unstable; urgency=medium . * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT, fixing a testsuite error on kfreebsd-*. . gnutls28 (3.3.15-1) unstable; urgency=medium . * New upstream stable release. + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2]. . gnutls28 (3.3.14-3) experimental; urgency=medium . * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch. * (Build-)depend on nettle-dev >= 3.0. . gnutls28 (3.3.14-2) unstable; urgency=medium . * Upload to unstable. * Sync version of Depends and Build-Depends on libtasn1-6-dev. . gnutls28 (3.3.14-1) experimental; urgency=medium . * New upstream version. + Bump libtasn b-d to >= 4.3. . gnutls28 (3.3.13-1) experimental; urgency=medium . * New upstream version. + Includes fix for CVE-2015-0294, a certificate algorithm consistency checking issue. . gnutls28 (3.3.12-1) experimental; urgency=medium . * New upstream version. + gnutls-cli-debug STARTTLS is working. Closes: #467022 . gnutls28 (3.3.11-1) experimental; urgency=medium . * New upstream version. + Includes fix for OCSP response parsing issue. Closes: #772055 . gnutls28 (3.3.10-2) experimental; urgency=medium . * Remove SSL 3.0 from default priorities list. Closes: #769904 . gnutls28 (3.3.10-1) experimental; urgency=medium . * debian/rules: fix pattern for removal (and re-generation) of autogen-ed manpages. * New upstream version. + Includes fix for a denial of service issue CVE-2014-8564 / GNUTLS-SA-2014-5. + When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. This should take care of #760476. . gnutls28 (3.3.9-1) experimental; urgency=medium . * New upstream version. + Unfuzz 20_debian_specific_soname.diff. + Drop 31_fallback_to_RUSAGE_SELF.diff. + Bump private symbol dependency info. + Bump dependency version of gnutls_certificate_get_issuer() and gnutls_x509_trust_list_get_issuer() because of newly added GNUTLS_TL_GET_COPY flag. . gnutls28 (3.3.8-7) unstable; urgency=medium . * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff: Pull two patches from upstream to a use-after-free flaw in gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308 Closes: #782776 . gnutls28 (3.3.8-6) unstable; urgency=medium . * 39_check-whether-the-two-signatur.patch: Pull and unfuzz 6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On certificate import check whether the two signature algorithms match. CVE-2015-0294. Closes: #779428 . gnutls28 (3.3.8-5) unstable; urgency=medium . * Remove SSL 3.0 from default priorities list. Closes: #769904 . gnutls28 (3.3.8-4) unstable; urgency=high . * Drop 31_fallback_to_RUSAGE_SELF.diff. * 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually from the application check the urandom fd for validity. Closes: #768841 and takes care of #760476. * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on session deinit. It is already being refreshed during the session lifetime. * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63 format, perform additional sanity checks on input. CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154 * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test uses a cert in binary der-format which is not representable in a quilt patches and we want to limit debian.tar.xz to modify stuff in debian/ we have some special handling in debian/rules.) . gnutls28 (3.3.8-3) unstable; urgency=high . [ Daniel Kahn Gillmor ] * Add list of executables to gnutls-bin package description. Closes: #763671 . [ Andreas Metzler ] * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos Mavrogiannopoulos!) Closes: #760476 . gnutls28 (3.3.8-2) unstable; urgency=medium . * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS 3.3.8 requires libtasn1 >= 3.9. * Upload to unstable. . gnutls28 (3.3.8-1) experimental; urgency=medium . * New upstream version. + Refresh 20_debian_specific_soname.diff. + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts with old experimental upload 0.21.2-1 + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of some functions in the gnutls_pkcs11_* family due to new members in enums gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private symbol dependency info, and bump shlibs. * Drop version from libgnutls28-dev's dependency on libp11-kit-dev. The GnuTLS library package automatically gets a dependency on libp11-kit0 (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on libp11-kit0 (= ${binary:Version}). Therefore these dependencies already enforce a version on libp11-kit-dev and we do not need to duplicate the info. * Add explicit build-dependency on libopts25-dev. Closes: #761618 . gnutls28 (3.3.7-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.3.7-1) experimental; urgency=medium . * New upstream release. + Refresh 20_debian_specific_soname.diff. + Add newly added symbols to libgnutls-deb0-28.symbols, bump private symbol dependency info, and bump shlibs. + New member in gnutls_pkcs11_obj_attr_t, bump version of gnutls_pkcs11_obj_list_import_url*. . gnutls28 (3.3.6-2) unstable; urgency=medium . * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS lastest stable at freeze time. * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the at-build-time-default-compiler) by exporting @CPP@. . gnutls28 (3.3.6-1) experimental; urgency=medium . * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 * New upstream release. + Refresh 20_debian_specific_soname.diff. + Add newly added symbols to libgnutls-deb0-28.symbols and bump private symbol dependency info. . gnutls28 (3.3.5-1) experimental; urgency=medium . * New upstream version. * Refresh patches/20_debian_specific_soname.diff. * Drop 30_Updated-asm-sources.patch. * Add new public symbols to symbol file, bump shlibs. . gnutls28 (3.3.3-1) experimental; urgency=medium . * New upstream version, including a fix for GNUTLS-SA-2014-3 CVE-2014-3466. * Refresh 20_debian_specific_soname.diff. * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git. * New symbol gnutls_credentials_get, update symbol file and bump shlibs. . gnutls28 (3.3.2-2) experimental; urgency=high . * Fix crashes due to symbol clashes when a binary ends up being linked against GnuTLS v2 and v3 by bumping library symbol-versioning (and therefore also the soname) in a Debian specific way, to make sure there is no conflict with future: + 20_debian_specific_soname.diff - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* - Add "-release deb0" to libtool link command. + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + Adapt symbol file accordingly. + Change 14_version_gettextcat.diff, too. Closes: #748742 * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. These have been unnecessary since we started using dh compat v9, where debugging symbols are installed to /usr/lib/debug/.build-id. . gnutls28 (3.3.2-1) experimental; urgency=medium . * Do not build-depend on guile-2.0 on m68k. Closes: #745461 * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a corresponding versioned build-dependency, to prevent building of uninstallable packages. * New upstream version. Drop 20_guile_no_override_allocation.diff and 21_Treat-othername-as-printable.diff. . gnutls28 (3.3.1-1) experimental; urgency=medium . * New upstream version. + Drop 20_sparc_chainverify_buserror.diff. + Pull 20_guile_no_override_allocation.diff and 21_Treat-othername-as-printable.diff from upstream GIT. + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped upstream since it was never exported in a public header and is not used according to codesearch.d.o. . gnutls28 (3.3.0-2) experimental; urgency=medium . * Drop last remains of -xssl from debian/. * Add debian/libgnutls28.symbols. * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test increase the space available for certificates to fix sparc testsuite error. * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from libgnutls28-dev. . gnutls28 (3.3.0-1) experimental; urgency=medium . * New upstream version. + Bump shlibs. . gnutls28 (3.3.0~pre0-1) experimental; urgency=medium . * Also version the p11-kit dependency. * New upstream version. + Set --enable-static, as only shared libs are built by default. + libgnutls-xssl is no more. + Bump shlibs. * Upload to experimental. . gnutls28 (3.2.16-1) unstable; urgency=medium . * New upstream version. . gnutls28 (3.2.15-3) unstable; urgency=medium . * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3 series. . gnutls28 (3.2.15-2) unstable; urgency=high . * Fix crashes due to symbol clashes when a binary ends up being linked against GnuTLS v2 and v3 by bumping library symbol-versioning (and therefore also the soname) in a Debian specific way, to make sure there is no conflict with future: + 20_debian_specific_soname.diff - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* - Add "-release deb0" to libtool link command. + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + Change 14_version_gettextcat.diff, too. Closes: #74874 * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. These have been unnecessary since we started using dh compat v9, where debugging symbols are installed to /usr/lib/debug/.build-id. * debian/copyright: Add info about GPLv2 compatibility. . gnutls28 (3.2.15-1) unstable; urgency=high . * New upstream version. + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466. . gnutls28 (3.2.14-1) unstable; urgency=medium . * Do not build-depend on guile-2.0 on m68k. Closes: #745461 * New upstream version. * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a corresponding versioned build-dependency, to prevent building of uninstallable packages. . gnutls28 (3.2.13-2) unstable; urgency=medium . * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from libgnutls28-dev. . gnutls28 (3.2.13-1) unstable; urgency=medium . * Also version the p11-kit dependency. * New upstream version. . gnutls28 (3.2.12.1-2) unstable; urgency=medium . * Upload to unstable. * Sync from Ubuntu (Colin Watson): + Add arm64 and ppc64el to the list of non-ia64 architectures on which guile-gnutls is built. . gnutls28 (3.2.12.1-1) experimental; urgency=medium . * New upstream version. + Drop superfluous patches: 20_bug-in-gnutls_pcert_list_import_x509_raw.patch 20_CVE-2014-0092.diff . gnutls28 (3.2.11-2) unstable; urgency=high . * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11. * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate validation issue. CVE-2014-0092 . gnutls28 (3.2.11-1) unstable; urgency=high . * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1) * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git. . gnutls28 (3.2.10-2) unstable; urgency=high . * Upload to unstable. . gnutls28 (3.2.10-1) experimental; urgency=high . * New upstream version. * New symbols exported, bump shlibs. . gnutls28 (3.2.9-2) unstable; urgency=medium . * Upload to unstable. . gnutls28 (3.2.9-1) experimental; urgency=medium . * New upstream version. + %COMPAT implies %DUMBFW. (See #733039) * Drop 40_guilenoparallel.diff, which did not have any effect after enabling dh_autoreconf. * Stop dh_clean from removing *.bak, upstream tarball actually contains files named such in src/ subdirectory. . gnutls28 (3.2.8.1-3) unstable; urgency=medium . * Correct c'n'p error in Vcs-Git field. * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx) . gnutls28 (3.2.8.1-2) unstable; urgency=low . * Upload to unstable, without libgnutls-openssl27. . gnutls28 (3.2.8.1-1) experimental; urgency=low . * New upstream version. + Drop debian/patches/45_add_strerror-module.patch, which was pulled from upstream. + Bump shlibs. * Add debian/upstream-signing-key.pgp (listed in debian/source/include-binaries) and update watchfile to check upstream signature. . gnutls28 (3.2.7-4) experimental; urgency=low . * Upload to experimental, with libgnutls-openssl27. * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.) . gnutls28 (3.2.7-3) unstable; urgency=low . * Point vcs* to git. * Upload to unstable, without libgnutls-openssl27. . gnutls28 (3.2.7-2) experimental; urgency=low . * Fix kfreebsd FTBFS. + 45_add_strerror-module.patch add gnulib strerror module. + Use dh_autoreconf. . gnutls28 (3.2.7-1) experimental; urgency=low . * New upstream version. + Add b-d on bison. + Bump shlibs. + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch. + Simplify debian/rules, stop removing autogened files. . gnutls28 (3.2.6-2) experimental; urgency=low . * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain for the hint.) * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition. . gnutls28 (3.2.6-1) experimental; urgency=low . * New upstream version. + Bump shlibs. . gnutls28 (3.2.5-1) experimental; urgency=low . * New upstream version. + Bump shlibs. * Ship examples/examples.h which is needed for building examples/*.c. Also add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor) Closes: #726971 . gnutls28 (3.2.4-5) experimental; urgency=low . * Re-enable building of libgnutls-openssl27 binary package. * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless transition to gnutls28. . gnutls28 (3.2.4-4) unstable; urgency=low . * 40_guilenoparallel.diff: Disable parallel build in guile/modules/. . gnutls28 (3.2.4-3) unstable; urgency=low . * Looks like "Architecture" in debian/control cannot be folded, unfold the respective entry for guile-gnutls. . gnutls28 (3.2.4-2) unstable; urgency=low . * Manpages were missing on binary-only builds. Closes: #721725 * Build with --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since ca-certificates not pulled in by build-dependencies anymore. Closes: #721726 * Upload to unstable. . gnutls28 (3.2.4-1) experimental; urgency=low . * New upstream release. + Drop 40_Clean-up-after-test.patch. * Fix path to png files in info files with sed instead of symlinking images. * Bump shlibs. . gnutls28 (3.2.3-3) experimental; urgency=low . * Switch to dh, to easily allow us to move gtk-doc-tools to Build-Depends-Indep. Closes: #682596 . gnutls28 (3.2.3-2) experimental; urgency=low . * Build gnutls-guile against guile-2.0. + Drop --disable-largefile on armel armhf mipsel. + ia64 does not build guile-2.0, disable guile-support there. . gnutls28 (3.2.3-1) unstable; urgency=low . * New upstream release. * Drop superfluous patches. (35_gnutls-priority-string.diff 36_avoid-leaking-a-buffer-element.diff) * Bump shlibs. . gnutls28 (3.2.2-2) unstable; urgency=low . * Pull two patches from upstream: +35_gnutls-priority-string.diff Fix priority string parsing broken in 3.2.2 Closes: #717314 +36_avoid-leaking-a-buffer-element.diff . gnutls28 (3.2.2-1) unstable; urgency=low . * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam) Closes: #678070 * New upstream version. * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff * Bump shlibs. . gnutls28 (3.2.1-2) unstable; urgency=low . * Upload to unstable. * Do not link everything against nettle on mips(el), the issue being worked around was fixed by the latest eglibc upload. * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch: same. . gnutls28 (3.2.1-1) experimental; urgency=low . * New upstream version. + Bump nettle build-dep to >= 2.7. + Bump shlibs. + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check whether it still fails on kfreebsd-i386. + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent false positive error in 32-bit systems. + [32_linkagainstgmp.diff] Link libgnutls against gmp. . gnutls28 (3.1.12-2) unstable; urgency=low . * Upload to unstable. * Fix vcs-field-not-canonical lintian error by using anonscm instead of svn.debian.org. . gnutls28 (3.1.12-1) experimental; urgency=low . * Use rm -f on clean, fixing an issue with building twice in row. * New upstream version. * On mips/mipsel link everything and the kitchen-sink against nettle to work around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'"). . gnutls28 (3.1.11-1) experimental; urgency=low . * New upstream version. + Bump shlibs. . gnutls28 (3.1.10-1) experimental; urgency=low . * New upstream version. * Bump shlibs. . gnutls28 (3.1.9.1-1) experimental; urgency=low . * New upstream version. * Bump shlibs. * Force re-generation of autogen-ed manpages. . gnutls28 (3.1.8-1) experimental; urgency=low . * New upstream version. . gnutls28 (3.1.7-1) experimental; urgency=low . * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching the build-depency. (Thanks, Daniel Kahn Gillmor) * New upstream version. + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619. + New symbols added, bump shlibs. + Ship newly available libgnutls-xssl0 library in a separate package. * Disable Heart Beat (RFC6520) support. . gnutls28 (3.1.6-1) experimental; urgency=low . * Update watchfile, based on Bart Martens version for gnutls26 on q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 3.x versions. * New upstream version. + requires libtasn1 >= 3.1, bump build-depends. + requires a a newer version of autogen, bump build-depends. + update debian/copyright to reflect the fact that GnuTLS authors have stopped assigning copyright to FSF. . gnutls28 (3.1.5-1) experimental; urgency=low . * New upstream version. + Drop 40_danetestfail.diff + Unfuzz 20_test-select.diff + Bump shlibs. . gnutls28 (3.1.4-1) experimental; urgency=low . * New upstream release. + Drop 40_fixtypo.diff. + debian/copyright: update upstream author list. + New symbols added, bump shlibs. * 40_danetestfail.diff - Do not try to run dane test without dane support. . gnutls28 (3.1.3-1) experimental; urgency=low . * New upstream release. * Explicitly set --disable-libdane --without-tpm. * Bump shlibs. * 40_fixtypo.diff pulled from upstream git. * Update debian/copyright from AUTHORS. . gnutls28 (3.1.2-1) experimental; urgency=low . * New upstream release. + Requires libtasn1-3 2.14, bump (b-)d. + New symbols added, bump shlibs. . gnutls28 (3.1.1-1) experimental; urgency=low . * New upstream release. + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6. Closes: #686242 + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff 42_dump-the-errno.diff 43_possiblefix.diff) + Bump shlibs. * Sync version of libgnutls-dev dependency on nettle-dev with the build-dependency. . gnutls28 (3.1.0-5) experimental; urgency=low . * 43_possiblefix.diff might fix the test suite error. . gnutls28 (3.1.0-4) experimental; urgency=low . * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the testsuite error. . gnutls28 (3.1.0-3) experimental; urgency=low . * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout. . gnutls28 (3.1.0-2) experimental; urgency=low . * Mention abbreviation "DTLS" in package description. * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test, it spuriously fails on about half of the buildds. . gnutls28 (3.1.0-1) experimental; urgency=low . * New upstream release. + Bump nettle build-dep to >= 2.5. + Bump shlibs. . gnutls28 (3.0.22-2) unstable; urgency=low . * Upload to unstable. This is a leaf-package, experimental should get 3.1.0. . gnutls28 (3.0.22-1) experimental; urgency=low . * New upstream version. . gnutls28 (3.0.21-1) experimental; urgency=low . * New upstream version. + Drop 35_s390buildfix.diff. * Bump shlibs (new functions added.) . gnutls28 (3.0.20-3) unstable; urgency=low . * 35_s390buildfix.diff - Fixes test-suite error on s390x. . gnutls28 (3.0.20-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.20-1) experimental; urgency=low . * New upstream version. * Bump shlibs (new functions added.) * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for CLOCK_MONOTONIC now. #662018 . gnutls28 (3.0.19-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.19-1) experimental; urgency=low . * New upstream version. + libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be a file that stores the pin. (LP: #929108) + Drop 31_killchild.diff, included upstream. . gnutls28 (3.0.18-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.18-1) experimental; urgency=low . * New upstream version. + Bump shlibs. * patches/31_killchild.diff: Revert upstream change which caused tee-ing a build to hang. . gnutls28 (3.0.17-2) unstable; urgency=low . * Upload to unstable. . gnutls28 (3.0.17-1) experimental; urgency=low . * New upstream version. + Bump shlibs. . gnutls28 (3.0.15-2) experimental; urgency=low . * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since support for CLOCK_MONOTONIC is missing there. (See #662018.) . gnutls28 (3.0.15-1) experimental; urgency=low . * New upstream version. + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 31_provide-accurate-value-to-select.patch) + Includes fix for CVE-2012-1573. * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts. * Bump libgnutls-dev dependency on libp11-kit-dev. . gnutls28 (3.0.14-1) experimental; urgency=low . * New upstream version. + Drop 30_force-kill-of-child.diff. * Pull 30_microseconds-does-not-overflow.patch and 31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite error (tests/mini-loss) on kfreebsd-*. . gnutls28 (3.0.13-1) experimental; urgency=low . * New upstream version. + bump libp11-kit-dev build-dep. to >= 0.11. + drop 30_guilegnutlserrorcodes.diff. * Drop debian/ocsptool.1 use, newly available upstream manpage instead. * Use and link against Debian's packaged version of autogen/libopts. + B-d on autogen. + remove autogen-generated files (*.c, *.h) on clean. autogen requires that the system headers are at least of the same version as the one which was used to generate the files from their respective .def sources. * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test. * Bump shlibs. . gnutls28 (3.0.12-2) unstable; urgency=low . * De-multiarch guile-gnutls. Closes: #658110 . gnutls28 (3.0.12-1) unstable; urgency=low . * New upstream version. * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile testsuite error. * Update debian/copyright. * Bump shlibs. (OCSP support) * Add trivial ocsptool manpage. . gnutls28 (3.0.11-1) unstable; urgency=low . * New upstream version. . gnutls28 (3.0.10-1) unstable; urgency=low . * Drop guile-gnutls.README.Debian - binary guile modules are no longer directly installed in $libdir. * New upstream version. + Drop patches/30_correctly-set-the-odd-bits.patch. + gnutls_random_art() added. Update copyright, bump shlibs. + src/serv.c: Only use configured interfaces. Patch by Pino Toscano. Closes: #652552 . gnutls28 (3.0.9-2) unstable; urgency=low . * [20_test-select.diff] Do not run gnulib test-select test anymore. The test fails on kfreebsd-i386, the gnutls library does not use select(). * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head. * Upload to unstable. . gnutls28 (3.0.9-1) experimental; urgency=low . * New upstream version. * Include guile-gnutls package. * Bump shlibs. . gnutls28 (3.0.8-2) unstable; urgency=low . * First upload to unstable. + Disable openssl-wrapper package, let it be provided by gnutls26 until gnutls28 is in testing. + Disable gnutls-guile package, let it be provided by gnutls26 until gnutls28 is in testing. . gnutls28 (3.0.8-1) experimental; urgency=low . * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix guile related FTBFS on these architectures. See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html * New upstream version. + Bump shlibs. . gnutls28 (3.0.7-1) experimental; urgency=low . * New upstream version. + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441 * Drop 20_addGNU-stack.diff, included upstream. * loadable Guile module no longer installed directly to $libdir but to $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module. * gnutls-extra is removed upstream, there is no need anymore to manually remove the bits and pieces in debian/rules. . gnutls28 (3.0.4-2) experimental; urgency=low . * Drop libgnutls-dev.README.Debian, the information provided there stopped being relevant in 2.7.12. * Delete superfluous info from debian/README.source. * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not seem to be possible. http://lists.debian.org/debian-devel/2011/10/msg00332.html * Simplify dependencies: + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is also provided by gnutls26' libgnutls-dev). + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0), libgnutls11-dev. . gnutls28 (3.0.4-1) experimental; urgency=low . * New upstream version. + bump shlibs. + bump nettle build-dependency to >= 2.4. (Required for ripemd-160). * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811 * [20_addGNU-stack.diff] Add GNU-stack note to newly added padlock-common.s. * Stop shipping libgnutls-extra.so. It is an empty shell currently and will be packaged for Debian again when it provides functionality. * Update debian/copyright, accelerated assembly code is non-FSF copyright. * Add crywrap.8 manpage. . gnutls28 (3.0.3-1) experimental; urgency=low . * New upstream version. (Includes a fix for #640639) * Bump shlibs. . gnutls28 (3.0.2-1) experimental; urgency=low . * Update debian/copyright for crywrap. * Since libgnutls*-dbg contains debugging symbols of helper applications libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update Conflicts. * New upstream version. It also includes the fixes for #638586 (Correct parsing of XMPP subject alternative names) and #638595 (gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure.) * Configure with --enable-gtk-doc, the included API reference is incomplete in the tarball. * [lintian] Get rid of binary-control-field-duplicates-source field warnings. * [lintian] Add description header to 14_version_gettextcat.diff * Bump shlibs. . gnutls28 (3.0.1-1) experimental; urgency=low . * Update Vcs-Svn and Vcs-Browser for new source package name. * New upstream version. + corrects formatting of gnutls-cli(1) manpage. Closes: #637551 * Bump build-dependency on libp11-kit-dev to (>= 0.4). * Drop 20_executablestack.diff, included upstream. * Includes crywrap(8), an application that proxies TLS session to a port using a plaintext service. * Add build-dependency on libidn11-dev, needed for newly added crywrap tool. * Bump shlibs. (New flags). . gnutls28 (3.0.0-2) experimental; urgency=low . * Add missing b-d on chrpath. * Search for .xz instead of .bz2 in watchfile. . gnutls28 (3.0.0-1) experimental; urgency=low . * Drop gcrypt related patches (16_unnecessarydep.diff 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff 20_gcrypt15compat.diff), update remaining one (14_version_gettextcat.diff). * Build against nettle and p11-kit. + Update DEB_CONFIGURE_EXTRA_FLAGS. + Update (Build-)Depends. (Add pkg-config, it is used for locating p11-kit.) * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 -> libgnutls28. * Drop libgnutls Breaks, they are superfluous after the soname change. * Delete config.log on clean. * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to assembly files. * Delete unneccessary rpath entries. * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a NEWS entry for this license change. * Move gnutls-extra library to separate package. . gnutls26 (2.12.7-4) unstable; urgency=low . * Upload to unstable. * Point watch file to stable release directory. * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config Libs.private. Closes: #632891 * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) . gnutls26 (2.12.7-3) experimental; urgency=low . [ Simon Josefsson ] * Fix Debian BTS URL in --with-packager-bug-reports option. . [ Andreas Metzler ] * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. . gnutls26 (2.12.7-2) experimental; urgency=low . * Stop shipping libtool la files. * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime libraries and guile-wrapper are Multi-Arch: same with Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are Multi-Arch: foreign, -dev and -dbg remain unchanged. + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not co-installable with itself. . gnutls26 (2.12.7-1) experimental; urgency=low . * New upstream version. * Update 17_ignoretestsuitteerrors.diff. * A new version of pokerth has been uploaded to sid, update libgnutls26 Breaks accordingly. . gnutls26 (2.12.6.1-1) experimental; urgency=low . * New upstream version. * Bump shlibs, global_set_time_function() was added. * Stop setting CFLAGS += -Wall, it is set by default again. * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite errors. . gnutls26 (2.12.5-1) experimental; urgency=low . * New upstream version. * Bump shlibs, gnutls_x509_crq_verify() was added. . gnutls26 (2.12.4-1) experimental; urgency=low . * New upstream version. * Bump shlibs. (gnutls_certificate_get_issuer() added). . gnutls26 (2.12.3-1) experimental; urgency=low . * New upstream version. * Drop patches included upstream: [18_restoreHMAC-MD5.diff] . gnutls26 (2.12.2-2) experimental; urgency=low . * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 for compatibility. Closes: #623001 . gnutls26 (2.12.2-1) experimental; urgency=low . * New upstream version. * [lintian] Drop article from short package descriptions. . gnutls26 (2.12.1-1) experimental; urgency=low . * New upstream version. + certtool: Generated certificate request with stricter permissions. Closes: #619746 * Drop superfluous patches: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will need a binNMU when gnutls 2.12.x uploaded to unstable. . gnutls26 (2.12.0-1) experimental; urgency=low . * New upstream stable release. + Drop superceded patches 17_goldhotfix.patch 18_libgnutls-openssl_soname.diff. * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff . gnutls26 (2.11.7-2) experimental; urgency=low . * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool versioning: 27:0:0). * Split off libgnutls-openssl to a separate package, since the sonames are not in sync anymore. . gnutls26 (2.11.7-1) experimental; urgency=low . * New upstream version (rc for 2.12) + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + Bump shlibs. * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. . gnutls26 (2.11.6-2) experimental; urgency=low . * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) on big endian architectures. . gnutls26 (2.11.6-1) experimental; urgency=low . * Development release. * Continue building against libgcrypt, run configure with --with-libgcrypt. * Refresh patches/15_fixgnutlspc.diff. * Set --with-packager* options. * Install newly available p11tool binary. * Bump libgcrypt11-dev Build-Depends. * C++ wrapper soname bump, change package name accordingly. * Bump shlibs. * Update debian/copyright. * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. . gnutls26 (2.10.5-3) unstable; urgency=medium . * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. . gnutls26 (2.10.5-2) unstable; urgency=low . * Stop shipping libtool la files. . gnutls26 (2.10.5-1) unstable; urgency=low . * New upstream bugfix release. + Drop 15_fixgnutlspc.diff, included upstream. * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. . gnutls26 (2.10.4-2) unstable; urgency=low . * Use debhelper compatibility level 7. * Merge in changes from 2.8.6-1: + Use dh_lintian. + Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. + hotfix pkg-config files (proper fix to be included upstream). + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff Closes: #405239 * Upload to unstable. . gnutls26 (2.10.4-1) experimental; urgency=low . * New upstream release. V1 CAs are trusted by default. . gnutls26 (2.10.3-1) experimental; urgency=low . * Drop workaround for 519006, binutils is fixed even in squeeze. * New upstream bugfix release. . gnutls26 (2.10.2-1) experimental; urgency=low . * New upstream version. + Fix asynchronous API handling. Closes: #588187 + certtool does not crash on reading from /dev/null anymore. Closes: #588029 * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. . gnutls26 (2.10.1-1) experimental; urgency=low . * Update package descriptions. Closes: #588067 * New upstream version. . gnutls26 (2.10.0-2) experimental; urgency=low . * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental (2.31.2-1) not yet. Closes: #587755 . gnutls26 (2.10.0-1) experimental; urgency=low . * New upstream stable release. * Point watchfile to stable releases. . gnutls26 (2.9.12-2) experimental; urgency=low . * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a useless and almost empty package on these archs.) * Drop ancient workaround for gcc bug on hppa. http://bugs.debian.org/128036 . gnutls26 (2.9.12-1) experimental; urgency=low . * New upstream version. . gnutls26 (2.9.11-1) experimental; urgency=low . * New upstream version. * Drop 15_gnutlspriority.diff, superseded. . gnutls26 (2.9.10-2) experimental; urgency=low . * [15_gnutlspriority.diff] Restore compatibility with programs using gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. Closes: #579831 . gnutls26 (2.9.10-1) experimental; urgency=low . * New upstream version. * New functions added, bump shlibs. . gnutls26 (2.9.9-1) experimental; urgency=low . * Package upstream development branch for experimental. * Track development versions in watchfile. * Package C++ wrapper again. Closes: #548637 . gnutls26 (2.8.6-1) unstable; urgency=low . * Use dh_lintian. * Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. * hotfix pkg-config files (proper fix to be included upstream). * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff . gnutls26 (2.8.5-2) unstable; urgency=low . * Add a huge bunch of lintian overrides for the guile stuff to make dak happy. . gnutls26 (2.8.5-1) unstable; urgency=low . * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) * Switch to '3.0 (quilt)' source format, allowing us to use upstreams orig.tar.bz2 without repacking it to gz. * New upstream version. + Drop patches/20_fixtimebomb.diff. . gnutls26 (2.8.4-2) unstable; urgency=high . * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 . gnutls26 (2.8.4-1) unstable; urgency=low . * New upstream version. + Drop debian/patches/15_openpgp.diff. * Sync priorities with override file, libgnutls26 has been bumped from important to standard. . gnutls26 (2.8.3-3) unstable; urgency=low . * Empty dependency_libs in la-files. (Squeeze release goal.) . gnutls26 (2.8.3-2) unstable; urgency=low . * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke openpgp connections. . gnutls26 (2.8.3-1) unstable; urgency=high . * New upstream version. + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it was built against. Closes: #540449 + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html * Drop 15_chainverify_expiredcert.diff, included upstream. * Urgency high, since 541439 applies to testing, too. . gnutls26 (2.8.1-2) unstable; urgency=low . [ Simon Josefsson ] * Remove cruft in rules file. * Remove patches/15_tasn1inpc.diff, not needed. . [ Andreas Metzler ] * Finally add an entry to the NEWS.Debian file concerning the deprecation of RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 * Upload to unstable. * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. Fix testsuite error caused by expired certificate. . gnutls26 (2.8.1-1) experimental; urgency=low . * New upstream stable release. . gnutls26 (2.7.14-1) experimental; urgency=low . * [debian/control] set section setting of source package to libs instead of devel. * New upstream version. + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + Bump shlibs, new symbols added. . gnutls26 (2.7.12-1) experimental; urgency=low . * Fix typo in changelog. Closes: #526427 * New upstream release. + Does not ship the scripts libgnutls-extra-config and libgnutls-config and the .m4 snippet to use it anymore. Please switch to pkg-config or standard autoconf test. Drop manpages and both patches/13_lessdeps_gnutls-config.diff and patches/13_lessdeps_gnutls-config.diff from the debian diff. + Update remaining patches. + Bump shlibs, new symbols added. * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of GNUTLS_2_8. * New upstream uses separate ./configure scripts for the different libraries. Invoke the main ./configure script with --cache-file=$(CURDIR)/config.cache to speed things up. . gnutls26 (2.6.6-1) unstable; urgency=high . * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. * New upstream security release. + libgnutls: Corrected double free on signature verification failure. GNUTLS-SA-2009-1 CVE-2009-1415 + libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. GNUTLS-SA-2009-2 CVE-2009-1416 + libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. GNUTLS-SA-2009-3 CVE-2009-1417 * The former two issues only apply to gnutls 2.6.x. The latter is a behavior change, add a NEWS.Debian file to document it. . gnutls26 (2.6.5-1) unstable; urgency=low . * Sync sections in debian/control with override file. libgnutls26-dbg is section debug, guile-gnutls is section lisp. * New upstream version. (Needed for Libtasn1-3 2.0) * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. * Standards-Version: 3.8.1, no changes required. . gnutls26 (2.6.4-2) unstable; urgency=low . * Upload to unstable. * Merge changelog entries from unstable and experimental. . gnutls26 (2.6.4-1) experimental; urgency=low . * New upstream version. . gnutls26 (2.6.3-1) experimental; urgency=low . * New upstream version. + Corrects bug gnutls-cli which caused a rehandshake request to be ignored. Closes: #396867 * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) . gnutls26 (2.6.2-2) experimental; urgency=low . * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 * [lintian] Add ${misc:Depends} to multiple dendency lines. . gnutls26 (2.6.2-1) experimental; urgency=low . * New upstream version. + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + Drop 20_fix_501077.diff. * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper there. * Add Simon Josefsson to uploaders. . gnutls26 (2.6.0-1) experimental; urgency=low . * New upstream stable release. * Add debian/patches/20_fix_501077.diff to fix an out of bound access in gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 . gnutls26 (2.5.9-1) experimental; urgency=low . * New upstream development version. * Bump shlibs. . gnutls26 (2.4.2-6) unstable; urgency=medium . * New patches, syncing with 2.4.3 upstream oldstable release: + 24_intermedcertificate.patch If a non-root certificate ist trusted gnutls certificateificate verification stops there instead of checking up to the root of the certificate chain. + 22_whitespace.patch - Whitespace only changes, to make it possible to apply upstream fixes without manual changes. + 25_bufferoverrun.patch. Fix buffer overrun bug in gnutls_x509_crt_list_import. http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e . gnutls26 (2.4.2-5) unstable; urgency=low . * Pull two patches from upstream stable branch to make gnutls behavior match documentation: + patch 23_permit_v1_CA.diff:Accept v1 x509 CA certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. CVE-2009-2409 . gnutls26 (2.4.2-4) unstable; urgency=medium . * Add Simon Josefsson to uploaders. * Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 . gnutls26 (2.4.2-3) unstable; urgency=low . * Fix a crash on trying to verify self-signed certificates introduced by the patch for CVE-2008-4989. Closes: #505279 . gnutls26 (2.4.2-2) unstable; urgency=medium . * [CVE-2008-4989.diff] Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3 . gnutls26 (2.4.2-1) unstable; urgency=low . * New upstream bugfix release. * Up to date gnutls-cli manpage. Closes: #492775 . gnutls26 (2.4.1-1) unstable; urgency=medium . * New upstream version, fixing a local denial of service vulnerability only present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 . gnutls26 (2.4.0-2) unstable; urgency=low . * Standards version 3.8.0. Rename README.source_and_patches to README.source. * Upload to unstable. * Point watchfile to stable releases again. * Merge experimental and unstable changelog. . gnutls26 (2.4.0-1) experimental; urgency=low . * New upstream stable release. * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. . gnutls26 (2.3.15-1) experimental; urgency=low . * New upstream version. (rc4) Disables 'openpgp-certs' tests. Closes: #486269 . gnutls26 (2.3.14-1) experimental; urgency=low . * New upstream version. (rc3) . gnutls26 (2.3.13-1) experimental; urgency=low . * New upstream version. 2nd rc for 2.4.0. * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. . gnutls26 (2.3.12-1) experimental; urgency=low . * New upstream version. Bump shlibs. * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite failure on sparc. . gnutls26 (2.3.11-1) experimental; urgency=low . * New upstream version. + Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See <http://www.gnu.org/software/gnutls/security.html>. CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + Fixes subjectAltName wildcard matching. Closes: #479174 + certtool now writes keyfiles with 0600 permissions. Closes: #373169 . gnutls26 (2.2.5-1) unstable; urgency=high . * New upstream version. Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See <http://www.gnu.org/software/gnutls/security.html>. CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 . gnutls26 (2.3.9-1) experimental; urgency=low . * New upstream development version. - OpenPGP support merged into libgnutls and is now licensed under LGPL. The included copy of OpenCDK has been stripped down and re-licensed under the LGPL. Using the external OpenCDK is not supported anymore, the external library will not be maintained anymore. Drop respective (build-)depends. - API extended, bump shlibs. - certtool asks for password confirmation. Closes: #364287 - performance enhancements for gnutls_certificate_set_x509_trust_file. Closes: #400448 - gnutls-cli: exits when hostname doesn't match certificate. Use --insecure to avoid hostname comparison. * For paranoia sake build with -D_REENTRANT even if upstream has stopped doing so. * [debian/copyright] : update, and stop including a GFDL copy. * Point watchfile to development versions. . gnutls26 (2.2.3-1) unstable; urgency=low . * New upstream stable release. - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 . gnutls26 (2.2.3~rc-1) unstable; urgency=low . * New upstream version. Release candidate for 2.2.3. + Increase default handshake packet size limit to 48kb. Closes: #478191 * remove unsupported .l command from debian/libgnutls-config.1 * Use Programming/C as doc-base section. . gnutls26 (2.2.2-1) unstable; urgency=low . * New upstream version. Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. corrected string handling in parse_general_name. Closes: #465197 * Point watchfile to ftp.gnutls.org. * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. . gnutls26 (2.2.1-3) unstable; urgency=low . * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build gnutls guile wrapper on ia64. . gnutls26 (2.2.1-2) unstable; urgency=low . * Add Vcs-Svn: and Vcs-Browser control fields. * Upload to unstable. . gnutls26 (2.2.1-1) experimental; urgency=low . * New upstream version. * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper there. * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both packages contain gnutls-bin debugging symbols. Closes: #459295. . gnutls26 (2.2.0-1) experimental; urgency=low . * New upstream version. License change! Main library stays LGPLv2.1+ but libgnutls-extra, libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is updated. * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older versions were GPLv2+) and this license is not compatible with GPLv3+. * Non packaged 2.1.8 introduced new symbol gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for DSA2 support. Closes: #455513 * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. . gnutls26 (2.1.7-1) experimental; urgency=low . * New upstream version. - Another soname bump. Packages renamed. * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since dak does not allow that yet. * Add Build-Conflicts: libgnutls-dev to stop libtool from linking libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 . gnutls25 (2.1.6-2) experimental; urgency=low . * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make experimental buildds happy. . gnutls25 (2.1.6-1) experimental; urgency=low . * New upstream version. API changes! Please consult /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, removed (mainly *_authz_*) and changed interfaces. This is the first release canddate for 2.2. The deprecation of gnutls_set_default_priority() is supposed to be undone before the final stable release. * Bump build-depends. * Stop building and shipping the C++ library, since nobody is using it. I will happly re-add it if requested. * Add Homepage field to debian/control. * Build and ship Guile bindings. Requested by Ludovic Courtès who also provided the initial patch. (On a sidenote I think guile generally does not do the right thing by throwing dlopened modules into /usr/lib/.) * Update debian/copyright. . gnutls13 (2.0.1-1) unstable; urgency=low . * New upstream version. * Remove doc/*.info* on clean to allow building thrice in a row. (Closes: #441740) . gnutls13 (1.7.19-1) unstable; urgency=low . * New upstream version 1.7.19. - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. This takes of care of the mutt breakage. Closes: #439640 . gnutls13 (1.7.18-2) unstable; urgency=low . * Upload to unstable . gnutls13 (1.7.18-1) experimental; urgency=low . * New upstream version 1.7.18, release candidate for 2.0. * Bump shlibs, since functions have been added. * Image files renamed upstream with gnutls- prefix and symlinked to /usr/share/info/ in Debian package. Closes: #423577 . gnutls13 (1.7.16-1) experimental; urgency=low . * New upstream version 1.7.16. . gnutls13 (1.7.14-1) experimental; urgency=low . * New upstream version - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 . gnutls13 (1.7.12-1) experimental; urgency=low . * New upstream version 1.7.12 - Fixes memory errors in certificate parsing. Closes: #333050 * Bump shlibs, due to API extensions in 1.7.10. * Rebuilding of docs simpified, strip debian/README.source_and_patches to reflect that. . gnutls13 (1.7.9-1) experimental; urgency=low . * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) * New upstream version. - Uses opencdk10 (0.6.x). - Improved gnutls_set_default_priority() priorities, with matching correct docs. (Closes: #422024) - bumped shlibs. * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage twice in a row on the same sourcetree. (Closes: #424357) Document what is needed to rebuild doc/gnutls.pdf in README.source_and_patches. . gnutls13 (1.7.7-1) experimental; urgency=low . * New development upstream version 1.7.7. - Point watchfile to development versions. - Bump shlibs for added APIs. - Includes German translation. (Closes: #392857) . gnutls13 (1.6.3-1) unstable; urgency=low . * New upstream version, pulling selected fixes and features from 1.7.x. * Bump shlibs. . gnutls13 (1.6.2-2) unstable; urgency=low . * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) . gnutls13 (1.6.2-1) unstable; urgency=low . * New upstream version - Really Closes: #403887 libgnutls failes to parse OpenSSL generated certificates, since it contains a regenerated pkix_asn1_tab.c. - Ship German translation. Closes: #392857 . gnutls13 (1.6.1-2) unstable; urgency=low . * [gnutls-bin.install] Ship psktool. * Ship gettext translations in deb package, but as gnutls13.mo instead of gnutls.mo. * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* changelog entries after branchoff. Point watchfile to stable upstream versions again. * Drop dependency of libgnutls13-dbg on libgnutlsxx13. . gnutls13 (1.6.1-1) experimental; urgency=low . [ James Westby ] * New upstream release. . gnutls13 (1.6.0-1) experimental; urgency=low . * New upstream version. . gnutls13 (1.5.3-1) experimental; urgency=low . [ Andreas Metzler ] * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. * New upstream version 1.5.3. * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. * Drop code for re-libtoolizing and running auto* from debian/rules, it is unused and would not work anymore. (We can later grab the from SVN and update it to make work if we ever need it.) . gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low . [ Andreas Metzler ] * Add a watchfile. * New upstream development version. - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was broken. - Drop unneeded patches/16_libs.private_gnutls.diff patches/16_libs.private_gnutls-extra.diff - Point watchfile to development versions. - Builds a C++ library. * Switch to debhelper v5 mode to be able to ship debug symbols of libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. * Branched off from 1.4.4-1. . gnutls13 (1.4.4-3) unstable; urgency=low . * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS version, try to negotiate the highest version support by the GnuTLS server, instead of the lowest. . gnutls13 (1.4.4-2) unstable; urgency=low . [ Andreas Metzler ] * Add a watchfile. * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. . gnutls13 (1.4.4-1) unstable; urgency=high . [ Andreas Metzler ] * New upstream version 1.4.4 - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't crash mutt. (closes: #386725) GNUTLS-SA-2006-4 is CVE-2006-4790. . gnutls13 (1.4.3-2) unstable; urgency=low . * the lesser of two weevils release. [ Andreas Metzler ] * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in various programs, including mutt. (closes: #386680) . gnutls13 (1.4.3-1) unstable; urgency=high . [ Andreas Metzler ] * New upstream version 1.4.3. - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. GNUTLS-SA-2006-4 - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. GNUTLS-SA-2006-3 - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. . gnutls13 (1.4.2-1) unstable; urgency=medium . [ Andreas Metzler ] * New upstream bugfix release. - Fixes a crash in the certificate verification logic. . gnutls13 (1.4.1-1) unstable; urgency=low . [ James Westby ] * New upstream release. * Remove the following patches as they are now included upstream: - 10_certtoolmanpage.diff - 15_fixcompilewarning.diff - 30_man_hyphen_*.patch * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than gnutls-api so that devhelp can find it. . gnutls13 (1.4.0-3) unstable; urgency=low . [ Andreas Metzler ] * Strip "libgnutls-config --libs"' output to only list stuff required for dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's README.Debian. * Pull patches/16_libs.private_gnutls.diff and debian/patches/16_libs.private_gnutls-extra.diff from upstream to make pkg-config usable for static linking. . gnutls13 (1.4.0-2) unstable; urgency=low . [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) * Also ship css-, devhelp- and sgml files in gnutls-doc. * patches/15_fixcompilewarning.diff correct order of funtion arguments. . [ James Westby ] * This release allows the port to be specified as the name of the service when using gnutls-cli (closes: #342891) . gnutls13 (1.4.0-1) experimental; urgency=low . * New maintainer team. Thanks, Matthias for all the work you did. * Re-add gnutls-doc package, featuring api-reference as manual pages and html, and reference manual in html and pdf format. (closes: #368185,#368449) * Fix reference to gnutls0.4-doc package in debian/copyright. Update debian/copyright and include actual copyright statements. (closes: #369071) * Bump shlibs because of changes to extra.h * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will generate the necessary directories. * Drop debian/NEWS.Debian as it only talks about the move of the (since purged) gnutls-doc package to contrib a long time ago. (Thanks Simon Josefsson, for these suggestions.) * new upstream version. (closes: #368323) * clean packaging against upstream tarball. - Drop all patches, except for fixing error in certtool.1 and setting gnutls_libs=-lgnutls-extra in libgnutls-extra-config. - Add --enable-ld-version-script to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of patching ./configure.in. (closes: #367358) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Build against external libtasn1-3. (closes: #363294) * Standards-Version: 3.7.2, no changes required. * debian/control and override file are in sync with respect to Priority and Section, everthing except libgnutls13-dbg already was. (closes: #366956) * acknowledge my own NMU. (closes: #367065) * libgnutls13-dbg is nonempty (closes: #367056) . gnutls13 (1.3.5-1.1) unstable; urgency=low . * NMU * Invoke ./configure with --with-included-libtasn1 to prevent accidental linking against the broken 0.3.1-1 upload of libtasn1-2-dev which contained libtasn1.so.3 and force gnutls13 to use the internal version of libtasn instead until libtasn1-3-dev is uploaded. Drop broken Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead of --dbg-package=libgnutls12. (closes: #367056) . gnutls13 (1.3.5-1) unstable; urgency=low . * New Upstream version. - Security fix. - Yet another ABI change. * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 * Let -dev package depend on liblzo-dev (closes:#347438) * Fix certtool help output (closes:#338623) . gnutls12 (1.2.9-2) unstable; urgency=low . * Install /usr/lib/pkgconfig/*.pc files. * Depend on texinfo (>= 4.8, for the @euro{} sign). . gnutls12 (1.2.9-1) unstable; urgency=low . * New Upstream version. . gnutls12 (1.2.8-1) unstable; urgency=low . * New Upstream version. - depends on libgcrypt11 1.2.2 * Bumped shlibs version, just to be on the safe side. . gnutls12 (1.2.6-1) unstable; urgency=low . * New Upstream version. * Remove Provides: on libgnutls11-dev. Hopefully this will be temporary (pending discussion with Upstream). . gnutls12 (1.2.5-3) unstable; urgency=high . * Updated libgnutls12.shlibs file. Thanks to Mike Paul <w5ydkaz02@sneakemail.com>. Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks dependencies on this library . gnutls12 (1.2.5-2) unstable; urgency=medium . * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. Added an explicit dependency as a stopgap fix. . gnutls12 (1.2.5-1) unstable; urgency=low . * Merged with the latest stable release. * Renamed to gnutls12. - Changed the library version strings to GNUTLS_1_2. - Renamed the development package back to "libgnutls-dev". . gnutls11 (1.0.19-1) experimental; urgency=low . * Merged with the latest stable release. . gnutls11 (1.0.16-13) unstable; urgency=high . * Fixed an ASN.1 extraction error. Found by Pelle Johansson <morth@morth.org>. . gnutls11 (1.0.16-12) unstable; urgency=high . * Fixed a segfault in certtool. Closes: #278361. . gnutls11 (1.0.16-11) unstable; urgency=medium . * Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken. . gnutls11 (1.0.16-10) unstable; urgency=high . * Fixed one instance of uninitialized memory usage. . gnutls11 (1.0.16-9) unstable; urgency=high . * Pulled from Upstream CVS: - Fix two memory leaks. - Fix NULL dereference. . gnutls11 (1.0.16-8) unstable; urgency=high . * Pulled these changes from Upstream CVS: - Added default limits in the verification of certificate chains, to avoid denial of service attacks. - Added gnutls_certificate_set_verify_limits() to override them. - Added gnutls_certificate_verify_peers2(). . gnutls11 (1.0.16-7) unstable; urgency=low . * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. Thanks to joeyh@debian.org for reporting this problem. . gnutls11 (1.0.16-6) unstable; urgency=medium . * Memory leak, found by Modestas Vainius <geromanas@mailas.com>. - Closes: #264420 . gnutls11 (1.0.16-5) unstable; urgency=low . * Depend on current libtasn1-2 (>= 0.2.10). - Closes: #264198. * Fixed maintainer email to point to Debian address. . gnutls11 (1.0.16-4) unstable; urgency=low . * The OpenSSL compatibility library has been linked incorrectly (-ltasn1 was missing). * Need to build-depend on current opencdk8 and libtasn1-2 version. . gnutls11 (1.0.16-3) unstable; urgency=high . * Documentation no longer includes LaTeX-produced output (the source contains latex2html-specific features, which is non-free). * Urgency: High because of pending base freeze. . gnutls11 (1.0.16-2) unstable; urgency=high . * Actually *enable* debug symbols :-/ * Urgency: High for speedy inclusion in d-i . gnutls11 (1.0.16-1) experimental; urgency=low . * Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html. . gnutls10 (1.0.4-4) unstable; urgency=low . * New maintainer. * Run autotools at source package build time. - Closes: #257237: FTBFS (i386/sid): aclocal failed * Remove "package is still changed upstream" warning. * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. . gnutls10 (1.0.4-3) unstable; urgency=low . * control: Changed the build dependency and the dependency of libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which could cause linking against two versions of libgcrypt. . gnutls10 (1.0.4-2) unstable; urgency=low . * libgnutls-doc.doc-base: Removed HTML manual listing. * control: Removed Jordi Mallach from the list of Uploaders. Thanks, Jordi :) . gnutls10 (1.0.4-1) unstable; urgency=low . * New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream. . gnutls10 (1.0.0-1) unstable; urgency=low . * New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list. . gnutls8 (0.9.99-1) experimental; urgency=low . * New upstream release. * Included upstream GPG signature in .orig.tar.gz. . gnutls8 (0.9.98-1) experimental; urgency=low . * New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch]. . gnutls8 (0.9.95-1) experimental; urgency=low . * New upstream version. . gnutls8 (0.9.94-1) experimental; urgency=low . * New upstream version; package based on gnutls7 0.8.12-2. * debian/control: * Build-depend on libgcrypt7-dev (>= 1.1.44-0). * debian/rules: Run auto* after the patches have been applied.
To find the state of this project's repository at the time of any of these versions, check out the tags.
changelog 141.89 KiB
gnutls28 (3.7.1-1) unstable; urgency=medium
* New upstream version
Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. GNUTLS-SA-2021-03-10.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Wed, 10 Mar 2021 19:02:31 +0100
gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
* Fix autopkgtest skiplist.
-- Andreas Metzler <ametzler@debian.org> Sun, 07 Mar 2021 16:26:05 +0100
gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
* Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
+ Drop cherry-picked patches {48,49,50}_*.
+ Update copyright file.
-- Andreas Metzler <ametzler@debian.org> Sun, 07 Mar 2021 08:28:52 +0100
gnutls28 (3.7.0-7) unstable; urgency=medium
* Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
(Thanks to Tim Kosse for the pointer) Closes: #980119
-- Andreas Metzler <ametzler@debian.org> Fri, 12 Feb 2021 19:03:16 +0100
gnutls28 (3.7.0-6) unstable; urgency=medium
* Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
with merged version from upstream GIT master. Features a fix for an assert
on connection to servers which send a duplicate chain including the
self-signed CA. Closes: #980513
-- Andreas Metzler <ametzler@debian.org> Mon, 08 Feb 2021 18:04:21 +0100
gnutls28 (3.7.0-5) unstable; urgency=low
* Update from upstream GIT master, replace patches, add new ones.
+ 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added.
+ 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
--> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
+ 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
--> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
Closes: #977552
+ 45_opensslcompat_no_export_gl.diff
--> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch.
+ 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Thu, 31 Dec 2020 13:11:15 +0100
gnutls28 (3.7.0-4) experimental; urgency=medium
* Test build of fixes from
https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and
https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and
#977552.
-- Andreas Metzler <ametzler@debian.org> Tue, 29 Dec 2020 07:52:38 +0100
gnutls28 (3.7.0-3) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Mon, 07 Dec 2020 18:44:34 +0100
gnutls28 (3.7.0-2) experimental; urgency=low
* Fix guile-gnutls guile-x.x dependency.
* 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols.
-- Andreas Metzler <ametzler@debian.org> Sat, 05 Dec 2020 18:22:34 +0100
gnutls28 (3.7.0-1) experimental; urgency=low
* New upstream version.
+ Drop 50_autopkgtestfixes.diff.
+ Update symbol file, bump all requirements to 3.7.0. (New mac/cipher
added).
+ Requires nettle >= 3.6.
* [lintian] Use v4 watch file.
* Add a symbol file for libgnutls-openssl27.
* Use dh v13 compat, (Some fixes for dh_missing.)
-- Andreas Metzler <ametzler@debian.org> Thu, 03 Dec 2020 18:40:03 +0100
gnutls28 (3.6.15-4) unstable; urgency=medium
* autopkgtest: Require build-essential.
* autopkgtest: respect dpkg-buildflags for helper-binary build.
-- Andreas Metzler <ametzler@debian.org> Wed, 16 Sep 2020 18:45:09 +0200
gnutls28 (3.6.15-3) unstable; urgency=medium
* More autopkgtest hotfixes.
-- Andreas Metzler <ametzler@debian.org> Tue, 15 Sep 2020 17:56:30 +0200
gnutls28 (3.6.15-2) unstable; urgency=medium
* 50_autopkgtestfixes.diff: Fix testsuite issues when running against
installed gnutls-bin.
* In autopkgtest set top_builddir and builddir, ignore
tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Sep 2020 17:56:48 +0200
gnutls28 (3.6.15-1) unstable; urgency=low
* New upstream version.
+ Fixes NULL pointer dereference if a no_renegotiation alert is sent with
unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
Closes: #969547
+ Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
+ Fix build error due to outdated gettext in Debian by removing newer
gettext m4 macros from m4/.
-- Andreas Metzler <ametzler@debian.org> Sun, 06 Sep 2020 09:50:07 +0200
gnutls28 (3.6.14-2) unstable; urgency=medium
* Pull selected patches from upstream GIT:
+ 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
Fixes difference in generated docs on 32 and 64 bit archs.
+ 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
Fix memleak in gnutls_aead_cipher_init() with keys having invalid
length. (Broken since 3.6.3)
+ 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch Closes: #962467
-- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2020 11:27:34 +0200
gnutls28 (3.6.14-1) unstable; urgency=high
* Drop debugging code added in -4, fixes nocheck profile build error.
Closes: #962199
* Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
debian/upstream/signing-key.asc.
* New upstream version.
+ Fixes insecure session ticket key construction.
[GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
+ Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
* Drop guile-gnutls.lintian-overrides.
* 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
Hopefully Closes: #962218
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Jun 2020 14:11:30 +0200
gnutls28 (3.6.13-4) unstable; urgency=medium
* Output some network related debugging from debian/rules.
* Fix verification error with alternate chains. Closes: #961889
-- Andreas Metzler <ametzler@debian.org> Mon, 01 Jun 2020 10:34:25 +0200
gnutls28 (3.6.13-3) unstable; urgency=medium
* 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS
master: Handle zero length session tickets, fixing connection errors on
TLS1.2 sessions to some big hosting providers. (See LP 1876286)
-- Andreas Metzler <ametzler@debian.org> Thu, 28 May 2020 18:25:45 +0200
gnutls28 (3.6.13-2) unstable; urgency=high
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Fri, 03 Apr 2020 17:48:40 +0200
gnutls28 (3.6.13-1) experimental; urgency=low
* New upstream version.
+ libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
support), since 3.6.3. The DTLS client would not contribute any
randomness to the DTLS negotiation, breaking the security
guarantees of the DTLS protocol
GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556
* Fix guile lintian override for shared-lib-without-dependency-information.
-- Andreas Metzler <ametzler@debian.org> Thu, 02 Apr 2020 18:31:26 +0200
gnutls28 (3.6.12-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Fri, 14 Feb 2020 16:14:28 +0100
gnutls28 (3.6.12-1) experimental; urgency=low
[ Debian Janitor ]
* Drop unnecessary dh arguments: --parallel
[ Andreas Metzler ] * Fix bindtextdomain() call and dgettext() invocations to search for the
correct filename. (Thanks, Laurent Bigonville for report and diagnosis.)
Closes: #949151
* [lintian] Drop superfluous debian/source/include-binaries.
* New upstream version.
+ Update symbol file.
+ Drop workaround for #658110, install guile shared objects to multi-arch
paths.
-- Andreas Metzler <ametzler@debian.org> Sun, 02 Feb 2020 17:45:13 +0100
gnutls28 (3.6.11.1-2) unstable; urgency=low
* Use dh 12 compat level.
+ Install gtk-doc files from as-installed location instead of builddir to
avoid dh_missing warnings.
* List *.la files in debian/not-installed.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 14 Dec 2019 18:07:49 +0100
gnutls28 (3.6.11.1-1) experimental; urgency=low
* New upstream version.
Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
50_02-guile-Silence-auto-compilation-warning-for-guild.patch
* Update symbol file (VKO GOST key exchange supported was added).
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Dec 2019 07:49:26 +0100
gnutls28 (3.6.10-5) unstable; urgency=medium
* 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream
GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!)
Closes: #943905
-- Andreas Metzler <ametzler@debian.org> Sat, 16 Nov 2019 18:41:44 +0100
gnutls28 (3.6.10-4) unstable; urgency=medium
* Add support for noguile build profile. See #943905.
-- Andreas Metzler <ametzler@debian.org> Sat, 02 Nov 2019 06:30:43 +0100
gnutls28 (3.6.10-3) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Wed, 30 Oct 2019 19:23:36 +0100
gnutls28 (3.6.10-2) experimental; urgency=medium
* Switch b-d from texlive-generic-recommended to texlive-plain-generic.
Closes: #941526
-- Andreas Metzler <ametzler@debian.org> Wed, 02 Oct 2019 19:46:25 +0200
gnutls28 (3.6.10-1) experimental; urgency=low
* New upstream version.
+ Drop i386-fix-wrong-reloc.patch and
40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch.
+ Update symbol files.
+ Update copyright. Stop shipping a copy of the GNU Affero General Public
License version 3. (pkcs11-mock.* is now under a different license.)
-- Andreas Metzler <ametzler@debian.org> Sun, 29 Sep 2019 18:39:12 +0200
gnutls28 (3.6.9-7) experimental; urgency=low
* Fix copy-paste error (missing line) in libgnutls-dane0 description.
* Re-add guile-gnutls, test-build (including testsuite) was successful.
Closes: #905272
-- Andreas Metzler <ametzler@debian.org> Sun, 22 Sep 2019 17:29:57 +0200
gnutls28 (3.6.9-6) experimental; urgency=low
* Test-build guile bindings.
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Sep 2019 17:34:01 +0200
gnutls28 (3.6.9-5) unstable; urgency=medium
* 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
GIT master: Fix interop problems with gnutls 2.x. Closes: #933538
-- Andreas Metzler <ametzler@debian.org> Sat, 14 Sep 2019 13:38:41 +0200
gnutls28 (3.6.9-4) unstable; urgency=medium
* i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
assembly code. (Thanks, Steve Langasek for report and patch!)
Closes: #934193
-- Andreas Metzler <ametzler@debian.org> Thu, 08 Aug 2019 19:40:21 +0200
gnutls28 (3.6.9-3) unstable; urgency=medium
* autopkgtest: Skip system-override-sig-hash.sh.
-- Andreas Metzler <ametzler@debian.org> Sat, 03 Aug 2019 06:48:46 +0200
gnutls28 (3.6.9-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Fri, 02 Aug 2019 19:12:42 +0200
gnutls28 (3.6.9-1) experimental; urgency=low
* New upstream version.
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Sat, 27 Jul 2019 16:29:55 +0200
gnutls28 (3.6.8-2) unstable; urgency=low
* Use DH 11 compat again.
* 3.6.8 builds with gcc-9. Closes: #925701
* Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
Andres Klode) Closes: #930541
See also https://gitlab.com/gnutls/gnutls/merge_requests/986
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Jul 2019 14:10:29 +0200
gnutls28 (3.6.8-1) experimental; urgency=low
* New upstream version.
+ Rebuild gnutls.pdf, add b-d on texlive-generic-recommended,
texlive-latex-base.
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Thu, 30 May 2019 18:20:43 +0200
gnutls28 (3.6.7-4) unstable; urgency=medium
* Cherry-pick important bug-fixes from 3.6.8: + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
The gnutls_srp_set_server_credentials_function can be used with the 8192
parameters as well.
https://gitlab.com/gnutls/gnutls/issues/761
+ 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
Fix calculation of Streebog digests (incorrect carry operation in
512 bit addition).
+ 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
Closes: #929907
+ 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
crafting via IDNA conversion.
https://gitlab.com/gnutls/gnutls/issues/720
+ 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
flag.
https://gitlab.com/gnutls/gnutls/issues/754
-- Andreas Metzler <ametzler@debian.org> Wed, 12 Jun 2019 19:21:23 +0200
gnutls28 (3.6.7-3) unstable; urgency=medium
* Revert debhelper upgrade, use DH 10.
-- Andreas Metzler <ametzler@debian.org> Sun, 19 May 2019 10:48:52 +0200
gnutls28 (3.6.7-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Thu, 28 Mar 2019 15:09:02 +0100
gnutls28 (3.6.7-1) experimental; urgency=medium
* New upstream version.
+ Update AUTHOR list in copyright file.
+ Update symbol file.
+ Fixes issue preventing sending and receiving from different
threads when false start was enabled. Closes: #922879
+ gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477
+ Fixes a memory corruption (double free) vulnerability in the
certificate verification API.
https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
GNUTLS-SA-2019-03-27
+ Fixes an invalid pointer access via malformed TLS1.3 async messages;
https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
GNUTLS-SA-2019-03-27
-- Andreas Metzler <ametzler@debian.org> Thu, 28 Mar 2019 07:44:36 +0100
gnutls28 (3.6.6-3) unstable; urgency=low
* Add @ to autopkgtest's Depends.
* Use DH 11 compat.
-- Andreas Metzler <ametzler@debian.org> Sat, 09 Mar 2019 13:44:49 +0100
gnutls28 (3.6.6-2) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Jan 2019 17:57:52 +0100
gnutls28 (3.6.6-1) experimental; urgency=low
* New upstream version.
+ Fixes certtool.1 syntax. Closes: #920215
+ Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff. + Update symbol file for released version.
-- Andreas Metzler <ametzler@debian.org> Fri, 25 Jan 2019 19:18:53 +0100
gnutls28 (3.6.5+git20190105-1) experimental; urgency=low
* New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6.
+ Update symbol and copyright file.
* Delete autogen stamp-files on clean to enforce regeneration.
-- Andreas Metzler <ametzler@debian.org> Sun, 06 Jan 2019 13:19:00 +0100
gnutls28 (3.6.5-2) unstable; urgency=low
* Upload to unstable.
* autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1.
-- Andreas Metzler <ametzler@debian.org> Sun, 16 Dec 2018 13:56:19 +0100
gnutls28 (3.6.5-1) experimental; urgency=medium
* Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments.
* Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is
now in oldstable.
* New upstream version.
+ Requires nettle >= 3.4.1(rc).
+ List newly added symbols in symbol file. Bump generated dependencies to
>= 3.6.5 since multiple enums have been extended.
+ Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835
* [lintian] Drop dh_strip override, stable has automatic debug packages.
-- Andreas Metzler <ametzler@debian.org> Wed, 05 Dec 2018 19:11:28 +0100
gnutls28 (3.6.4-2) experimental; urgency=medium
* Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.
-- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2018 07:05:20 +0200
gnutls28 (3.6.4-1) experimental; urgency=medium
* New upstream version.
* Update symbol file.
* Drop --enable-tls13-support configure option.
-- Andreas Metzler <ametzler@debian.org> Thu, 27 Sep 2018 19:26:00 +0200
gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium
* 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback
detection for the draft-tls support, because it will be triggered once
TLS versions with the final numbering are deployed. (Thanks, Nikos!)
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2018 11:17:10 +0200
gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium
* Set Rules-Requires-Root: no.
* New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41.
+ Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Wed, 15 Aug 2018 13:18:59 +0200
gnutls28 (3.6.3-2) experimental; urgency=medium
* Update basic feature list in package descriptions, based on short
description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3
added.) Closes: #904681
* 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes cherrypicked by Nikos for Fedora rawhide.
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Jul 2018 13:14:33 +0200
gnutls28 (3.6.3-1) experimental; urgency=medium
* New upstream version.
* 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
-- Andreas Metzler <ametzler@debian.org> Mon, 16 Jul 2018 16:29:45 +0200
gnutls28 (3.6.2+git20180714-1) experimental; urgency=low
* New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94.
+ SSL 3.0 disabled by default at compile-time.
* Bump symbol dependency info.
-- Andreas Metzler <ametzler@debian.org> Sat, 14 Jul 2018 13:20:23 +0200
gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium
* New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e.
* Drop 40_add_missingm4.diff.
* Bump symbol dependency info.
* For testing build with --enable-tls13-support.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Jul 2018 14:48:54 +0200
gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium
* 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
-- Andreas Metzler <ametzler@debian.org> Sun, 01 Jul 2018 10:58:54 +0200
gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium
* New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762.
* Drop superfluous patches:
+ 40_increase_srp_test_timeout.diff
+ 50_mark_tests_xfail.diff
+ 52_fix_testcompat-main-openssl.diff
* Add new functions to symbol file.
* Many enums/flags extended, be conservative and bump sympol dependency
info.
* Bump libgnutlsxx28 shlibs.
* Bump (b-)d on nettle-dev and libp11-kit-dev.
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2018 19:44:43 +0200
gnutls28 (3.6.2-3) experimental; urgency=low
* 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix
FTBFS with softhsm 2.4.0.
* [lintian] Delete trailing empty lines in changelog.
* 52_fix_testcompat-main-openssl.diff: Allow running test successfully
and against binaries from installed gnutls-bin package.
* Add autopkgtest, running a subset (the shellscripts using gnutls-cli et
al) of the upstream testsuite.
-- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2018 17:42:17 +0200
gnutls28 (3.6.2-2) experimental; urgency=low
* 40_increase_srp_test_timeout.diff: Increase timeouts for srp test
The new srp-8192 test failed on slow archs (mips/mipsel).
* Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and
build-depends-on-1-revision.
* Point Vcs-* to salsa.
* Sort Build-Depends alphabetically.
-- Andreas Metzler <ametzler@debian.org> Sun, 18 Feb 2018 13:42:07 +0100
gnutls28 (3.6.2-1) experimental; urgency=low
* (Build-)depend on libidn2-dev instead of transitional package
libidn2-0-dev. Closes: #883187
* Point homepage field and watchfile to https URL.
* Use gpg --enarmor to move from debian/upstream-signing-key.pgp to
debian/upstream/signing-key.asc (and stop uscan from doing so on every
invocation).
* Refresh upstream key, adding signing subkey
A812CBFDFCDC4D0BE7A093129D5EAAF69013B842.
* New upstream version.
+ When verifying against a self signed certificate ignore issuer. That
is, ignore issuer when checking the issuer's parameters strength,
resolving issue #347 which caused self signed certificates to be
additionally marked as of insufficient security level.
Closes: #885127
+ Bump shlibs/symbol files for newly added symbols.
* [lintian] Clean up trailing whitespace in debian/changelog.
* Sync priorities with override file (libgnutls30/libgnutls-dane0 standard
-> optional).
* DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from
build-depends. Stop specifying --parallel --with autoreconf.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Feb 2018 10:56:47 +0100
gnutls28 (3.6.1-1) experimental; urgency=medium
* New upstream version.
+ Drop 35_modernize_gtkdoc.diff.
+ Fixes interoperability issue with openssl when safe renegotiation was
used. Closes: #873055
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Oct 2017 17:32:15 +0200
gnutls28 (3.6.0-2) experimental; urgency=medium
* 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
from gtk-doc git head (that is 1.26 +
c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
Closes: #876587
-- Andreas Metzler <ametzler@debian.org> Sun, 01 Oct 2017 18:04:16 +0200
gnutls28 (3.6.0-1) experimental; urgency=low
* New upstream version.
+ Multiple enums listing function flags have been extended, new
algorithms have been added. Bump dependency info on all symbols in
main GnuTLS library to >= 3.6.0, to make sure the versioning is
strict enough.
+ Drop (build-)dependency on zlib1g-dev.
+ Update copyright info.
+ Calls to gnutls_record_send() and gnutls_record_recv()
prior to handshake being complete are now refused. Closes: #849807
* Drop --without-lzo from ./configure, it has been a noop for a long time.
* Build in private directory, using "dh --builddirectory=b4deb".
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Aug 2017 17:26:25 +0200
gnutls28 (3.5.19-1) unstable; urgency=low
* New upstream version.
+ Drop 35_modernize_gtkdoc.diff.
-- Andreas Metzler <ametzler@debian.org> Mon, 16 Jul 2018 14:07:09 +0200
gnutls28 (3.5.18-1) unstable; urgency=medium
* New upstream version.
* Refresh upstream key, adding new signing subkey. Move to ascii armored
keyring.
-- Andreas Metzler <ametzler@debian.org> Fri, 16 Feb 2018 18:39:11 +0100
gnutls28 (3.5.17-1) unstable; urgency=low
* New upstream version.
+ When verifying against a self signed certificate ignore issuer. That
is, ignore issuer when checking the issuer's parameters strength,
resolving issue #347 which caused self signed certificates to be
additionally marked as of insufficient security level.
Closes: #885127
-- Andreas Metzler <ametzler@debian.org> Wed, 17 Jan 2018 19:13:49 +0100
gnutls28 (3.5.16-1) unstable; urgency=medium
* New upstream version.
+ Fixes interoperability issue with openssl when safe renegotiation was
used. Closes: #873055
* 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
from gtk-doc git head (that is 1.26 +
c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
Closes: #876587
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Oct 2017 13:57:48 +0200
gnutls28 (3.5.15-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Wed, 23 Aug 2017 18:56:34 +0200
gnutls28 (3.5.15-1) experimental; urgency=medium
* New upstream version. Drop unneeded patches.
(31_arm64ilp32-unaccelerated.patch
35_record-added-sanity-checking-in-the-record-layer-ver.patch
36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch)
-- Andreas Metzler <ametzler@debian.org> Mon, 21 Aug 2017 19:27:13 +0200
gnutls28 (3.5.14-3) unstable; urgency=low
* 35_record-added-sanity-checking-in-the-record-layer-ver.patch from
upstream gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an
already terminated or deinitialized session. Closes: #867303
* 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from
upstream gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting
to accessing past the input data.
* 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly
code on arm64ilp32 to fix FTBFS. Closes: #872454
* Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for
the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8.
* Standards-Version 4.0.1, update priorities (extra->optional).
-- Andreas Metzler <ametzler@debian.org> Sat, 19 Aug 2017 18:47:38 +0200
gnutls28 (3.5.14-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 08 Jul 2017 18:34:43 +0200
gnutls28 (3.5.14-1) experimental; urgency=low
[ Dan Nicholson ]
* Build with --disable-rpath. Closes: #865674
[ Andreas Metzler ]
* New upstream version.
* Build against external libunistring.
-- Andreas Metzler <ametzler@debian.org> Wed, 05 Jul 2017 19:31:06 +0200
gnutls28 (3.5.13-2) unstable; urgency=medium
* Upload to unstable, merge changelogs.
-- Andreas Metzler <ametzler@debian.org> Thu, 22 Jun 2017 18:18:19 +0200
gnutls28 (3.5.13-1) experimental; urgency=low
* New upstream version.
+ Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch.
+ Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer
dereference. #864560
-- Andreas Metzler <ametzler@debian.org> Fri, 09 Jun 2017 18:53:39 +0200
gnutls28 (3.5.12-2) experimental; urgency=medium
* 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct
typo preventing the run of openpgp test.
* Stop disabling heartbeat support. Closes: #861193
-- Andreas Metzler <ametzler@debian.org> Sun, 14 May 2017 11:34:32 +0200
gnutls28 (3.5.12-1) experimental; urgency=medium
* New upstream version.
* Bump dep info on gnutls_session_ext_register.
-- Andreas Metzler <ametzler@debian.org> Thu, 11 May 2017 19:14:52 +0200
gnutls28 (3.5.11-1) experimental; urgency=medium
* New upstream version.
* gnutls.pc: do not include libtool options into Libs.private.
Closes: #857943
* gnutls.pc does not refer to e.g. zlib in *both* Requires.private and
Libs.private. (LP: #1660915)
* OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
which includes TLS1.2 support. Closes: #857436
* Add b-d on ca-certificates, needed for trust-store check.
-- Andreas Metzler <ametzler@debian.org> Sat, 08 Apr 2017 14:51:31 +0200
gnutls28 (3.5.10-1) experimental; urgency=medium
* New upstream version.
+ gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888
+ Includes fixes for GNUTLS-SA-2017-3[ABC].
+ Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct
and gnutls_ocsp_resp_verify which now accept (more) flags.
-- Andreas Metzler <ametzler@debian.org> Thu, 09 Mar 2017 18:37:48 +0100
gnutls28 (3.5.9-1) experimental; urgency=medium
* New upstream version.
+ Drop debian/patches/35_0*.
+ Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map.
* Build with IDNA 2008 support, b-d on libidn2-0-dev instead of
libidn11-dev.
-- Andreas Metzler <ametzler@debian.org> Sun, 12 Feb 2017 19:37:32 +0100
gnutls28 (3.5.8-6) unstable; urgency=high
* 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
Closes: #864560
-- Andreas Metzler <ametzler@debian.org> Sun, 11 Jun 2017 10:44:33 +0200
gnutls28 (3.5.8-5) unstable; urgency=medium
* 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
* 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
Addressed large allocation in OpenPGP certificate parsing, that could lead
in out-of-memory condition. Issue found using oss-fuzz project, and was
fixed by Alex Gaynor.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
[GNUTLS-SA-2017-3C]
-- Andreas Metzler <ametzler@debian.org> Tue, 07 Mar 2017 19:07:31 +0100
gnutls28 (3.5.8-4) unstable; urgency=medium
* More upstream fixes from gnutls_3_5_x branch:
+ 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
overflow resulting to invalid memory write in OpenPGP certificate
parsing. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
[GNUTLS-SA-2017-3A]
+ 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
1 byte past the end of buffer in OpenPGP certificate parsing. Issue
found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+ 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
Addressed crashes in OpenPGP certificate parsing, related to private key
parser. No longer allow OpenPGP certificates (public keys) to contain
private key sub-packets. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
[GNUTLS-SA-2017-3B]
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Mar 2017 16:23:15 +0100
gnutls28 (3.5.8-3) unstable; urgency=high
* Another two bugfixes from upstream.
+ 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
Address test suite failure due to timezone differences.
Closes: #853732
+ 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
When returning success, but no elements
gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
elements with a pointer that was uninitialized.
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2017 12:58:45 +0100
gnutls28 (3.5.8-2) unstable; urgency=medium
* Pull two fixes from upstream GIT gnutls_3_5_x branch
35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Jan 2017 15:32:40 +0100
gnutls28 (3.5.8-1) unstable; urgency=medium
* New upstream release. * Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Mon, 09 Jan 2017 18:50:17 +0100
gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium
* New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
tests/key-tests/key-invalid.)
+ Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
+ libgnutls: Fix double free in certificate information printing. If the
PKIX extension proxy was set with a policy language set but no policy
specified, that could lead to a double free. GNUTLS-SA-2017-1
CVE-2017-5334
+ libgnutls: Addressed invalid memory accesses in OpenPGP certificate
parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
-- Andreas Metzler <ametzler@debian.org> Sun, 08 Jan 2017 15:54:37 +0100
gnutls28 (3.5.7-3) unstable; urgency=medium
* 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
by PKCS#8 decryption functions when an invalid key is provided. This
addresses regression on decrypting certain PKCS#8 keys.
Closes: #848905
-- Andreas Metzler <ametzler@debian.org> Tue, 20 Dec 2016 18:47:13 +0100
gnutls28 (3.5.7-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Fri, 09 Dec 2016 18:10:53 +0100
gnutls28 (3.5.7-1) experimental; urgency=low
* New upstream version.
* Drop unneeded patches.
40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
41_04_cleanups-in-_gnutls_buffer_to_datum.patch
41_05_x509-output-use-the-new-functions-for-DN-output.patch
41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
* Add missing dependency of libgnutls28-dev on libgnutls-dane0.
* Update symbol file. (Add new symbols, bump dependency on functions that
might return new error codes.)
* Build with --with-included-unistring, Debian's libunistring package is
too old (non dual-licensed).
-- Andreas Metzler <ametzler@debian.org> Thu, 08 Dec 2016 14:03:16 +0100
gnutls28 (3.5.6-7) unstable; urgency=low
* Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
for dns-root-data to libgnutls-dane0.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 19 Nov 2016 19:42:02 +0100
gnutls28 (3.5.6-6) experimental; urgency=medium
* Pull a patch set from upstream GIT which reverts the DN sorting change in 3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
Closes: #844539
41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
41_04_cleanups-in-_gnutls_buffer_to_datum.patch
41_05_x509-output-use-the-new-functions-for-DN-output.patch
41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
* Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Thu, 17 Nov 2016 19:15:20 +0100
gnutls28 (3.5.6-5) experimental; urgency=low
* Merge changes from unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 19:09:55 +0100
gnutls28 (3.5.6-4) unstable; urgency=medium
* Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from
upstream git master. The latter fixes a gnutls-cli-debug segfault.
Closes: #844061
-- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 18:40:05 +0100
gnutls28 (3.5.6-3) experimental; urgency=low
* Package libgnutls-dane, as libunbound is now built against nettle instead
of OpenSSL. Closes: #733295
-- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 14:02:00 +0100
gnutls28 (3.5.6-2) unstable; urgency=low
* Upload to unstable.
* Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are
longer than 32-bits. (Upstream GIT commit
fcdb461e935dbdc0892241a35be7499116f22a67).
-- Andreas Metzler <ametzler@debian.org> Thu, 10 Nov 2016 18:28:02 +0100
gnutls28 (3.5.6-1) experimental; urgency=low
* New upstream version.
+ Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff
41_Reverted-the-behavior-of-sending-a-status-request-ex.patch).
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Tue, 08 Nov 2016 19:31:31 +0100
gnutls28 (3.5.5-6) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Mon, 31 Oct 2016 19:00:47 +0100
gnutls28 (3.5.5-5) experimental; urgency=medium
* 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from
https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility
issue with GnuTLS 3.3 clients. Closes: #841723
* Bump symbol dependency info for multiple
gnutls_certificate_(set|get)_*_key* functions. If
%GNUTLS_CERTIFICATE_API_V2 is set these functions will return a
non-negative return code on success instead of 0 for success and negative
numbers for failure.
* Add b-d on openssl (for testsuite).
-- Andreas Metzler <ametzler@debian.org> Sat, 29 Oct 2016 18:03:49 +0200
gnutls28 (3.5.5-4) unstable; urgency=medium
* Upload to unstable.
* Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch.
-- Andreas Metzler <ametzler@debian.org> Tue, 25 Oct 2016 19:19:25 +0200
gnutls28 (3.5.5-3) experimental; urgency=medium
* 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced
in 3.5.5.
-- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2016 15:51:58 +0200
gnutls28 (3.5.5-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2016 13:49:51 +0200
gnutls28 (3.5.5-1) experimental; urgency=medium
* New upstream version.
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Tue, 11 Oct 2016 19:19:42 +0200
gnutls28 (3.5.4-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 11 Sep 2016 13:14:49 +0200
gnutls28 (3.5.4-1) experimental; urgency=medium
* New upstream version.
+ Drop superfluous patches:
35_gnutls-cli-print-Handshake-was-completed.patch
36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
37_openssl-format-fix-from-openconnect.patch
39_ocsptool-corrected-bug-in-session-establishment.patch
40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
+ Update symbol file.
* Add b-d on softhsm2 for pkcs11 tests.
-- Andreas Metzler <ametzler@debian.org> Sat, 10 Sep 2016 14:45:06 +0200
gnutls28 (3.5.3-5) experimental; urgency=medium
* Pull DTLS fixes from upstream GIT master.
45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
Closes: #835587
-- Andreas Metzler <ametzler@debian.org> Wed, 07 Sep 2016 19:56:58 +0200
gnutls28 (3.5.3-4) unstable; urgency=high
* 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of
ocsptool --ask ... Closes: #836371
* 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP certificate check doesn't actually verify the serial length and might
succeed when it shouldn't. CVE-2016-7444
-- Andreas Metzler <ametzler@debian.org> Sat, 03 Sep 2016 14:00:22 +0200
gnutls28 (3.5.3-3) unstable; urgency=medium
* 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake
was completed', fixing emacs' lisp/net/tls.el. Closes: #834516
* 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
gnutls-cli STARTTLS support was broken in 3.5.3.
* 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of
OpenSSL encrypted PEM files.
-- Andreas Metzler <ametzler@debian.org> Wed, 24 Aug 2016 19:27:04 +0200
gnutls28 (3.5.3-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Mon, 15 Aug 2016 13:06:28 +0200
gnutls28 (3.5.3-1) experimental; urgency=medium
* New upstream version.
+ Update libgnutls30.symbols.
+ Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to
apply it in the previous upload anyway.)
+ Add b-d on libcmocka-dev (marked with <!nocheck>).
-- Andreas Metzler <ametzler@debian.org> Wed, 10 Aug 2016 19:14:22 +0200
gnutls28 (3.5.2-3) experimental; urgency=medium
* Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch
from upstream GIT, which should allow gnutls continue to work with
CVE-2016-6489-patched nettle.
-- Andreas Metzler <ametzler@debian.org> Mon, 08 Aug 2016 19:41:41 +0200
gnutls28 (3.5.2-2) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Wed, 27 Jul 2016 19:05:04 +0200
gnutls28 (3.5.2-1) experimental; urgency=low
* New upstream version.
* Add libssl-dev b-d (marked with <!nocheck>), which can be used in
testsuite.
-- Andreas Metzler <ametzler@debian.org> Sun, 10 Jul 2016 06:51:39 +0200
gnutls28 (3.5.1-1) experimental; urgency=medium
* Merge from unstable:
+ Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
have been dropped with the soname bump from libgnutls-deb0-28 to
libgnutls30 in the first place. (Thanks, Andreas Beckmann)
Closes: #825645
+ 3.5.1 testsuite also requires netstat, add b-d, marked as optional via
the <!nocheck> profile.
* New upstream version.
+ Drop 40_openssl_compat-removed-unneeded-headers.patch.
+ Install README.md instead of README.
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Jun 2016 17:34:44 +0200
gnutls28 (3.5.0-1) experimental; urgency=medium
* New upstream release.
+ Drop unneeded patches:
40_src-added-systemkey-args-to-BUILT_SOURCES.patch
45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
45_03_configure-corrected-regression-which-prevented-the-b.patch
45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch
* Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT
to fix FTBFS in openssl wrapper.
* crywrap is not shipped with GnuTLS anymore.
* Update copyright info, ship copy of the GNU Affero General Public
License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of
the testsuite use this license.
* Update symbol file:
+ Add new functions.
+ Multiple core enums (including gnutls_init_flags_t) have been extended,
and most gnutls users will invoke at least one function affected by
this change. Bump symbol dependency info to >= 3.5.0 for all symbols,
because we would end up with this dependency anyway.
-- Andreas Metzler <ametzler@debian.org> Tue, 17 May 2016 19:17:13 +0200
gnutls28 (3.4.14-1) unstable; urgency=medium
* Also mark b-d on net-tools/freebsd-net-tools as optional via the
<!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and
patch). Closes: #826693
* New upstream bugfix release. This includes the following fix:
+ libgnutls: Address issue when utilizing the p11-kit trust store
for certificate verification (GNUTLS-SA-2016-2).
The issue is not relevant for the Debian binary packages, since we do not
build with --with-default-trust-store-pkcs11=.
-- Andreas Metzler <ametzler@debian.org> Sat, 09 Jul 2016 14:01:05 +0200
gnutls28 (3.4.13-1) unstable; urgency=high
* New upstream bugfix release.
+ Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was
introduced in 3.4.12.
+ Testsuite requires netstat, add b-d.
-- Andreas Metzler <ametzler@debian.org> Mon, 06 Jun 2016 20:05:42 +0200
gnutls28 (3.4.12-2) unstable; urgency=medium
* Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
have been dropped with the soname bump from libgnutls-deb0-28 to
libgnutls30 in the first place. (Thanks, Andreas Beckmann)
Closes: #825645
-- Andreas Metzler <ametzler@debian.org> Sat, 28 May 2016 16:13:39 +0200
gnutls28 (3.4.12-1) unstable; urgency=medium
* New upstream version.
+ Drop superfluous patches.
(45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
45_03_configure-corrected-regression-which-prevented-the-b.patch
45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
+ Update copyright info, ship copy of the GNU Affero General Public
License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files
of the testsuite use this license.
-- Andreas Metzler <ametzler@debian.org> Sat, 21 May 2016 08:15:15 +0200
gnutls28 (3.4.11-4) unstable; urgency=medium
* Drop guile-gnutls package, testsuite errors have stayed unfixed too long.
Closes: #821457, #805863
-- Andreas Metzler <ametzler@debian.org> Tue, 26 Apr 2016 18:45:45 +0200
gnutls28 (3.4.11-3) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 17 Apr 2016 12:54:35 +0200
gnutls28 (3.4.11-2) experimental; urgency=medium
* Pull post-release fixes from upstream gnutls_3_4_x branch.
(45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
45_03_configure-corrected-regression-which-prevented-the-b.patch
45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
-- Andreas Metzler <ametzler@debian.org> Sat, 16 Apr 2016 11:59:38 +0200
gnutls28 (3.4.11-1) experimental; urgency=medium
* New upstream version.
+ Drop superfluous patches.
(41_tests-mini-loss-time-ensure-client-timeouts.diff
42_mini-loss-time-improved-timeout-detection.patch
43_fix_cpucapoverride.diff)
* Due to changes in gtk-doc or its dependencies api-reference/index.sgml is
not installed/built anymore. Update gnutls-doc file list.
* Enable hardening=+bindnow.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Apr 2016 19:14:07 +0200
gnutls28 (3.4.10-4) unstable; urgency=medium
* 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
unavailable. Closes: #818341
-- Andreas Metzler <ametzler@debian.org> Thu, 17 Mar 2016 19:41:22 +0100
gnutls28 (3.4.10-3) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Mon, 14 Mar 2016 18:29:53 +0100
gnutls28 (3.4.10-2) experimental; urgency=medium
* Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
* Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
another try for Closes: #813598
-- Andreas Metzler <ametzler@debian.org> Mon, 07 Mar 2016 19:22:57 +0100
gnutls28 (3.4.10-1) experimental; urgency=medium
* Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
master to fix FTBFS with parallel builds. Closes: #816148
* New upstream version.
* Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
master branch to fix occasional testsuite error. Closes: #813598
-- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 08:45:52 +0100
gnutls28 (3.4.9-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 07 Feb 2016 15:18:46 +0100
gnutls28 (3.4.9-1) experimental; urgency=medium
* New upstream version.
* Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
36_Revert-tests-updated-to-account-for-cert-generation.patch.
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Feb 2016 15:57:24 +0100
gnutls28 (3.4.8-3) unstable; urgency=medium
* Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
36_Revert-tests-updated-to-account-for-cert-generation.patch
from upstream GIT. Closes: #813243
-- Andreas Metzler <ametzler@debian.org> Sun, 31 Jan 2016 17:28:05 +0100
gnutls28 (3.4.8-2) unstable; urgency=medium
* Merge master branch into experimental.
+ Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
+ libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
This is a kludge and technically wrong, but will prevent partial
upgrades from stable. See: #788735
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Thu, 21 Jan 2016 15:45:49 +0100
gnutls28 (3.4.8-1) experimental; urgency=medium
* Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
option was added to debhelper/unstable with version 9.20150628, bump
build-dependency accordingly.
* autoreconf requires automake 1.12.2, add build-dependency.
* New upstream version.
+ Update symbol file.
* Move Vcs-* from git/http to https.
-- Andreas Metzler <ametzler@debian.org> Fri, 08 Jan 2016 19:30:07 +0100
gnutls28 (3.4.7-1) experimental; urgency=medium
* New upstream version.
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Sun, 22 Nov 2015 15:29:19 +0100
gnutls28 (3.4.6-1) experimental; urgency=medium
* Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
later) to improve reproducibility of build.
* New upstream version.
+ Update symbol file.
* Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
(>= 1.17.14). Both are required for build-profile support added in
previous upload. (Thanks, lintian.)
-- Andreas Metzler <ametzler@debian.org> Tue, 20 Oct 2015 20:00:55 +0200
gnutls28 (3.4.5-1) experimental; urgency=medium
[ Helmut Grohne ]
* Turn Build-Depends: datefudge optional via <!nocheck> profile.
Closes: #797544
[ Andreas Metzler ]
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2015 13:48:12 +0200
gnutls28 (3.4.4.1-1) experimental; urgency=medium
* New upstream version.
+ GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
bump dependency info for functions taking it as argument or returning it.
+ Bump dependency info on private symbols.
+ Update debian/copyright.
+ Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
CVE-2015-6251
-- Andreas Metzler <ametzler@debian.org> Tue, 11 Aug 2015 20:12:46 +0200
gnutls28 (3.4.3-1) experimental; urgency=medium
* Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
* New upstream version.
+ Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
gnutls_pkcs11_token_info_t.
+ Add dependency info for new symbols, bump private symbol dependency.
-- Andreas Metzler <ametzler@debian.org> Sun, 12 Jul 2015 20:01:09 +0200
gnutls28 (3.4.2-2) experimental; urgency=medium
* Disable libidn support because CVE-2015-2059 is still not fixed. See
<https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
of crywrap.
-- Andreas Metzler <ametzler@debian.org> Sun, 05 Jul 2015 14:18:06 +0200
gnutls28 (3.4.2-1) experimental; urgency=medium
* New upstream version.
+ Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
+ Update libgnutls30.symbols. (Add new fuctions, bump private symbol
version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
-- Andreas Metzler <ametzler@debian.org> Sat, 20 Jun 2015 08:45:14 +0200
gnutls28 (3.4.1-1) experimental; urgency=medium
* New upstream version.
+ Bump (build)-depends on nettle and p11-kit.
+ Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
55_nettle3.patch.
+ Update 14_version_gettextcat.diff.
+ Soname bump, library package renamed from libgnutls-deb0-28 to
libgnutls30.
+ OpenSSL compat layer is not built by default anymore, pass
--enable-openssl-compatibility to ./configure.
+ Update symbol file.
+ libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
restricted to the corresponding protocols only, and the VERS-ALL
string is introduced to catch all possible protocols. Closes: #773145
+ Since the pkg-config file gnutls.pc now lists libidn in Requires.private
"pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
dependency on libidn11-dev to libgnutls28-dev.
* Fix typo in debian/rules
(s/-disable-silent-rules/--disable-silent-rules).
-- Andreas Metzler <ametzler@debian.org> Fri, 05 Jun 2015 11:39:19 +0200
gnutls28 (3.3.20-1) unstable; urgency=medium
* autoreconf requires automake 1.12.2, add build-dependency.
* New upstream version.
* Move Vcs-* from git/http to https.
-- Andreas Metzler <ametzler@debian.org> Fri, 08 Jan 2016 18:57:41 +0100
gnutls28 (3.3.19-1) unstable; urgency=medium
* New upstream version.
+ Refresh 20_debian_specific_soname.diff.
+ Update symbol file.
-- Andreas Metzler <ametzler@debian.org> Sun, 22 Nov 2015 17:48:27 +0100
gnutls28 (3.3.18-1) unstable; urgency=medium
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Wed, 30 Sep 2015 18:49:13 +0200
gnutls28 (3.3.17-1) unstable; urgency=medium
* New upstream version.
+ Drop superfluous patches.
(45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
47_safe-renegotiation-simulate-receiving-the-extension-.patch)
+ GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
bump dependency info for functions taking it as argument or returning it.
+ Bump dependency info on private symbols.
+ Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
CVE-2015-6251
-- Andreas Metzler <ametzler@debian.org> Mon, 10 Aug 2015 19:48:11 +0200
gnutls28 (3.3.16-2) unstable; urgency=medium
* Refresh 40_no_more_ssl3.diff.
* 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
47_safe-renegotiation-simulate-receiving-the-extension-.patch
Pull three patches from upstream GIT to fix issue with server side sending
the status request extension even when not requested.
<http://article.gmane.org/gmane.network.gnutls.general/3929>
-- Andreas Metzler <ametzler@debian.org> Sat, 01 Aug 2015 11:30:17 +0200
gnutls28 (3.3.16-1) unstable; urgency=medium
* Limit watchfile to 3.3.x versions.
* New upstream version.
+ Drop superfluous patches
(50_updated-sign-md5-rep-to-reduce-false-failures.patch,
55_nettle3.patch,
56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
+ Bump private symbol versioning.
-- Andreas Metzler <ametzler@debian.org> Sun, 12 Jul 2015 19:00:04 +0200
gnutls28 (3.3.15-7) unstable; urgency=medium
* libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
is a kludge and technically wrong, but will prevent partial upgrades from
stable. Closes: #788735
* Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
-- Andreas Metzler <ametzler@debian.org> Tue, 16 Jun 2015 19:06:09 +0200
gnutls28 (3.3.15-6) unstable; urgency=high
* Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
Closes: #788011
-- Andreas Metzler <ametzler@debian.org> Fri, 12 Jun 2015 19:10:33 +0200
gnutls28 (3.3.15-5) unstable; urgency=medium
* Upload to unstable.
* Downgrade nettle-dev b-d to 2.7, this upload should build correctly
against both 2.7 and 3.x.
-- Andreas Metzler <ametzler@debian.org> Tue, 02 Jun 2015 19:21:57 +0200
gnutls28 (3.3.15-4) experimental; urgency=medium
* 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
allows compilation against both nettle 2.7 and 3.x.
* Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
and libtasn1-6-dev, the =${binary:Version} dependency of the development
packages on the respective library packages should make this superfluous.
-- Andreas Metzler <ametzler@debian.org> Sat, 16 May 2015 12:45:19 +0200
gnutls28 (3.3.15-3) experimental; urgency=medium
* Add 55_nettle3.patch from
http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
against nettle3.
-- Andreas Metzler <ametzler@debian.org> Wed, 13 May 2015 19:20:07 +0200
gnutls28 (3.3.15-2) unstable; urgency=medium
* 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
fixing a testsuite error on kfreebsd-*.
-- Andreas Metzler <ametzler@debian.org> Wed, 06 May 2015 19:06:03 +0200
gnutls28 (3.3.15-1) unstable; urgency=medium
* New upstream stable release.
+ Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
-- Andreas Metzler <ametzler@debian.org> Mon, 04 May 2015 19:24:42 +0200
gnutls28 (3.3.14-3) experimental; urgency=medium
* 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
* (Build-)depend on nettle-dev >= 3.0.
-- Andreas Metzler <ametzler@debian.org> Fri, 01 May 2015 11:49:04 +0200
gnutls28 (3.3.14-2) unstable; urgency=medium
* Upload to unstable.
* Sync version of Depends and Build-Depends on libtasn1-6-dev.
-- Andreas Metzler <ametzler@debian.org> Mon, 27 Apr 2015 09:27:50 +0200
gnutls28 (3.3.14-1) experimental; urgency=medium
* New upstream version.
+ Bump libtasn b-d to >= 4.3.
-- Andreas Metzler <ametzler@debian.org> Tue, 31 Mar 2015 18:29:42 +0200
gnutls28 (3.3.13-1) experimental; urgency=medium
* New upstream version.
+ Includes fix for CVE-2015-0294, a certificate algorithm consistency
checking issue.
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Feb 2015 08:27:10 +0100
gnutls28 (3.3.12-1) experimental; urgency=medium
* New upstream version.
+ gnutls-cli-debug STARTTLS is working. Closes: #467022
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Jan 2015 12:42:06 +0100
gnutls28 (3.3.11-1) experimental; urgency=medium
* New upstream version.
+ Includes fix for OCSP response parsing issue. Closes: #772055
-- Andreas Metzler <ametzler@debian.org> Thu, 11 Dec 2014 19:07:23 +0100
gnutls28 (3.3.10-2) experimental; urgency=medium
* Remove SSL 3.0 from default priorities list.
Closes: #769904
-- Andreas Metzler <ametzler@debian.org> Wed, 19 Nov 2014 19:33:23 +0100
gnutls28 (3.3.10-1) experimental; urgency=medium
* debian/rules: fix pattern for removal (and re-generation) of autogen-ed
manpages.
* New upstream version.
+ Includes fix for a denial of service issue CVE-2014-8564 /
GNUTLS-SA-2014-5.
+ When gnutls_global_init() is called for a second time, it will check
whether the /dev/urandom fd kept is still open and matches the original
one. That behavior works around issues with servers that close all file
descriptors. This should take care of #760476.
-- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2014 19:29:30 +0100
gnutls28 (3.3.9-1) experimental; urgency=medium
* New upstream version.
+ Unfuzz 20_debian_specific_soname.diff.
+ Drop 31_fallback_to_RUSAGE_SELF.diff.
+ Bump private symbol dependency info.
+ Bump dependency version of gnutls_certificate_get_issuer() and
gnutls_x509_trust_list_get_issuer() because of newly added
GNUTLS_TL_GET_COPY flag.
-- Andreas Metzler <ametzler@debian.org> Mon, 13 Oct 2014 20:08:58 +0200
gnutls28 (3.3.8-7) unstable; urgency=medium
* 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
Pull two patches from upstream to a use-after-free flaw in
gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
Closes: #782776
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Apr 2015 19:11:01 +0200
gnutls28 (3.3.8-6) unstable; urgency=medium
* 39_check-whether-the-two-signatur.patch: Pull and unfuzz
6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
certificate import check whether the two signature algorithms match.
CVE-2015-0294. Closes: #779428
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Feb 2015 14:17:21 +0100
gnutls28 (3.3.8-5) unstable; urgency=medium
* Remove SSL 3.0 from default priorities list.
Closes: #769904
-- Andreas Metzler <ametzler@debian.org> Thu, 20 Nov 2014 19:25:20 +0100
gnutls28 (3.3.8-4) unstable; urgency=high
* Drop 31_fallback_to_RUSAGE_SELF.diff.
* 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually
from the application check the urandom fd for validity. Closes: #768841
and takes care of #760476.
* 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
session deinit. It is already being refreshed during the session lifetime.
* 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
format, perform additional sanity checks on input.
CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
* 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
uses a cert in binary der-format which is not representable in a quilt
patches and we want to limit debian.tar.xz to modify stuff in debian/ we
have some special handling in debian/rules.)
-- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2014 19:31:07 +0100
gnutls28 (3.3.8-3) unstable; urgency=high
[ Daniel Kahn Gillmor ]
* Add list of executables to gnutls-bin package description.
Closes: #763671
[ Andreas Metzler ]
* 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
Mavrogiannopoulos!) Closes: #760476
-- Andreas Metzler <ametzler@debian.org> Sat, 11 Oct 2014 16:16:00 +0200
gnutls28 (3.3.8-2) unstable; urgency=medium
* Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
3.3.8 requires libtasn1 >= 3.9.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2014 11:52:40 +0200
gnutls28 (3.3.8-1) experimental; urgency=medium
* New upstream version.
+ Refresh 20_debian_specific_soname.diff.
+ Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
with old experimental upload 0.21.2-1
+ Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
some functions in the gnutls_pkcs11_* family due to new members in enums
gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
symbol dependency info, and bump shlibs.
* Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
The GnuTLS library package automatically gets a dependency on libp11-kit0
(>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
enforce a version on libp11-kit-dev and we do not need to duplicate the
info.
* Add explicit build-dependency on libopts25-dev. Closes: #761618
-- Andreas Metzler <ametzler@debian.org> Sat, 20 Sep 2014 12:11:01 +0200
gnutls28 (3.3.7-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Aug 2014 08:01:51 +0200
gnutls28 (3.3.7-1) experimental; urgency=medium
* New upstream release.
+ Refresh 20_debian_specific_soname.diff.
+ Add newly added symbols to libgnutls-deb0-28.symbols, bump private
symbol dependency info, and bump shlibs.
+ New member in gnutls_pkcs11_obj_attr_t, bump version of
gnutls_pkcs11_obj_list_import_url*.
-- Andreas Metzler <ametzler@debian.org> Sun, 24 Aug 2014 13:35:44 +0200
gnutls28 (3.3.6-2) unstable; urgency=medium
* Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
lastest stable at freeze time.
* 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
at-build-time-default-compiler) by exporting @CPP@.
-- Andreas Metzler <ametzler@debian.org> Sun, 24 Aug 2014 09:32:36 +0200
gnutls28 (3.3.6-1) experimental; urgency=medium
* [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
* New upstream release.
+ Refresh 20_debian_specific_soname.diff.
+ Add newly added symbols to libgnutls-deb0-28.symbols and bump private
symbol dependency info.
-- Andreas Metzler <ametzler@debian.org> Thu, 24 Jul 2014 08:50:01 +0200
gnutls28 (3.3.5-1) experimental; urgency=medium
* New upstream version.
* Refresh patches/20_debian_specific_soname.diff.
* Drop 30_Updated-asm-sources.patch.
* Add new public symbols to symbol file, bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Jun 2014 13:53:06 +0200
gnutls28 (3.3.3-1) experimental; urgency=medium
* New upstream version, including a fix for GNUTLS-SA-2014-3
CVE-2014-3466.
* Refresh 20_debian_specific_soname.diff.
* 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
* New symbol gnutls_credentials_get, update symbol file and bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 31 May 2014 07:58:37 +0200
gnutls28 (3.3.2-2) experimental; urgency=high
* Fix crashes due to symbol clashes when a binary ends up being linked
against GnuTLS v2 and v3 by bumping library symbol-versioning (and
therefore also the soname) in a Debian specific way, to make sure there is
no conflict with future:
+ 20_debian_specific_soname.diff
- Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
- Add "-release deb0" to libtool link command.
+ Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
+ Adapt symbol file accordingly.
+ Change 14_version_gettextcat.diff, too.
Closes: #748742
* Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
These have been unnecessary since we started using dh compat v9, where
debugging symbols are installed to /usr/lib/debug/.build-id.
-- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2014 19:27:01 +0200
gnutls28 (3.3.2-1) experimental; urgency=medium
* Do not build-depend on guile-2.0 on m68k. Closes: #745461 * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
corresponding versioned build-dependency, to prevent building of
uninstallable packages.
* New upstream version. Drop 20_guile_no_override_allocation.diff and
21_Treat-othername-as-printable.diff.
-- Andreas Metzler <ametzler@debian.org> Thu, 08 May 2014 19:47:09 +0200
gnutls28 (3.3.1-1) experimental; urgency=medium
* New upstream version.
+ Drop 20_sparc_chainverify_buserror.diff.
+ Pull 20_guile_no_override_allocation.diff and
21_Treat-othername-as-printable.diff from upstream GIT.
+ Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
upstream since it was never exported in a public header and is not
used according to codesearch.d.o.
-- Andreas Metzler <ametzler@debian.org> Sat, 19 Apr 2014 19:25:11 +0200
gnutls28 (3.3.0-2) experimental; urgency=medium
* Drop last remains of -xssl from debian/.
* Add debian/libgnutls28.symbols.
* 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
increase the space available for certificates to fix sparc testsuite
error.
* Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
libgnutls28-dev.
-- Andreas Metzler <ametzler@debian.org> Thu, 17 Apr 2014 19:53:30 +0200
gnutls28 (3.3.0-1) experimental; urgency=medium
* New upstream version.
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Apr 2014 07:49:11 +0200
gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
* Also version the p11-kit dependency.
* New upstream version.
+ Set --enable-static, as only shared libs are built by default.
+ libgnutls-xssl is no more.
+ Bump shlibs.
* Upload to experimental.
-- Andreas Metzler <ametzler@debian.org> Sat, 29 Mar 2014 19:19:37 +0100
gnutls28 (3.2.16-1) unstable; urgency=medium
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Wed, 23 Jul 2014 12:36:32 +0200
gnutls28 (3.2.15-3) unstable; urgency=medium
* [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
* Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
series.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Jul 2014 13:55:48 +0200
gnutls28 (3.2.15-2) unstable; urgency=high
* Fix crashes due to symbol clashes when a binary ends up being linked
against GnuTLS v2 and v3 by bumping library symbol-versioning (and therefore also the soname) in a Debian specific way, to make sure there is
no conflict with future:
+ 20_debian_specific_soname.diff
- Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
- Add "-release deb0" to libtool link command.
+ Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
+ Change 14_version_gettextcat.diff, too.
Closes: #74874
* Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
These have been unnecessary since we started using dh compat v9, where
debugging symbols are installed to /usr/lib/debug/.build-id.
* debian/copyright: Add info about GPLv2 compatibility.
-- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2014 18:56:03 +0200
gnutls28 (3.2.15-1) unstable; urgency=high
* New upstream version.
+ Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
-- Andreas Metzler <ametzler@debian.org> Sat, 31 May 2014 08:37:00 +0200
gnutls28 (3.2.14-1) unstable; urgency=medium
* Do not build-depend on guile-2.0 on m68k. Closes: #745461
* New upstream version.
* Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
corresponding versioned build-dependency, to prevent building of
uninstallable packages.
-- Andreas Metzler <ametzler@debian.org> Wed, 07 May 2014 19:29:26 +0200
gnutls28 (3.2.13-2) unstable; urgency=medium
* Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
libgnutls28-dev.
-- Andreas Metzler <ametzler@debian.org> Wed, 16 Apr 2014 19:24:25 +0200
gnutls28 (3.2.13-1) unstable; urgency=medium
* Also version the p11-kit dependency.
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Thu, 10 Apr 2014 19:08:40 +0200
gnutls28 (3.2.12.1-2) unstable; urgency=medium
* Upload to unstable.
* Sync from Ubuntu (Colin Watson):
+ Add arm64 and ppc64el to the list of non-ia64 architectures on which
guile-gnutls is built.
-- Andreas Metzler <ametzler@debian.org> Wed, 12 Mar 2014 17:50:43 +0100
gnutls28 (3.2.12.1-1) experimental; urgency=medium
* New upstream version.
+ Drop superfluous patches:
20_bug-in-gnutls_pcert_list_import_x509_raw.patch
20_CVE-2014-0092.diff
-- Andreas Metzler <ametzler@debian.org> Wed, 05 Mar 2014 19:40:42 +0100
gnutls28 (3.2.11-2) unstable; urgency=high
* Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
* 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
validation issue. CVE-2014-0092
-- Andreas Metzler <ametzler@debian.org> Sat, 01 Mar 2014 08:48:21 +0100
gnutls28 (3.2.11-1) unstable; urgency=high
* New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
* Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Feb 2014 14:38:52 +0100
gnutls28 (3.2.10-2) unstable; urgency=high
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 02 Feb 2014 12:10:16 +0100
gnutls28 (3.2.10-1) experimental; urgency=high
* New upstream version.
* New symbols exported, bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 01 Feb 2014 09:22:36 +0100
gnutls28 (3.2.9-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Wed, 29 Jan 2014 19:05:05 +0100
gnutls28 (3.2.9-1) experimental; urgency=medium
* New upstream version.
+ %COMPAT implies %DUMBFW. (See #733039)
* Drop 40_guilenoparallel.diff, which did not have any effect after enabling
dh_autoreconf.
* Stop dh_clean from removing *.bak, upstream tarball actually contains
files named such in src/ subdirectory.
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Jan 2014 19:00:11 +0100
gnutls28 (3.2.8.1-3) unstable; urgency=medium
* Correct c'n'p error in Vcs-Git field.
* Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
-- Andreas Metzler <ametzler@debian.org> Sun, 19 Jan 2014 13:23:46 +0100
gnutls28 (3.2.8.1-2) unstable; urgency=low
* Upload to unstable, without libgnutls-openssl27.
-- Andreas Metzler <ametzler@debian.org> Fri, 27 Dec 2013 15:45:39 +0100
gnutls28 (3.2.8.1-1) experimental; urgency=low
* New upstream version.
+ Drop debian/patches/45_add_strerror-module.patch, which was pulled from
upstream.
+ Bump shlibs.
* Add debian/upstream-signing-key.pgp (listed in
debian/source/include-binaries) and update watchfile to check
upstream signature.
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Dec 2013 16:59:19 +0100
gnutls28 (3.2.7-4) experimental; urgency=low
* Upload to experimental, with libgnutls-openssl27.
* Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
-- Andreas Metzler <ametzler@debian.org> Sun, 08 Dec 2013 18:43:16 +0100
gnutls28 (3.2.7-3) unstable; urgency=low
* Point vcs* to git.
* Upload to unstable, without libgnutls-openssl27.
-- Andreas Metzler <ametzler@debian.org> Sun, 08 Dec 2013 18:15:43 +0100
gnutls28 (3.2.7-2) experimental; urgency=low
* Fix kfreebsd FTBFS.
+ 45_add_strerror-module.patch add gnulib strerror module.
+ Use dh_autoreconf.
-- Andreas Metzler <ametzler@debian.org> Fri, 29 Nov 2013 19:10:39 +0100
gnutls28 (3.2.7-1) experimental; urgency=low
* New upstream version.
+ Add b-d on bison.
+ Bump shlibs.
+ Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
+ Simplify debian/rules, stop removing autogened files.
-- Andreas Metzler <ametzler@debian.org> Wed, 27 Nov 2013 19:30:00 +0100
gnutls28 (3.2.6-2) experimental; urgency=low
* Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
for the hint.)
* 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
-- Andreas Metzler <ametzler@debian.org> Sun, 10 Nov 2013 13:54:49 +0100
gnutls28 (3.2.6-1) experimental; urgency=low
* New upstream version.
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Tue, 05 Nov 2013 19:25:51 +0100
gnutls28 (3.2.5-1) experimental; urgency=low
* New upstream version.
+ Bump shlibs.
* Ship examples/examples.h which is needed for building examples/*.c. Also
add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
Closes: #726971
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Oct 2013 14:40:05 +0200
gnutls28 (3.2.4-5) experimental; urgency=low
* Re-enable building of libgnutls-openssl27 binary package.
* Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
transition to gnutls28.
-- Andreas Metzler <ametzler@debian.org> Sun, 06 Oct 2013 19:10:06 +0200
gnutls28 (3.2.4-4) unstable; urgency=low
* 40_guilenoparallel.diff: Disable parallel build in
guile/modules/.
-- Andreas Metzler <ametzler@debian.org> Mon, 09 Sep 2013 19:48:04 +0200
gnutls28 (3.2.4-3) unstable; urgency=low
* Looks like "Architecture" in debian/control cannot be folded, unfold the respective entry for guile-gnutls.
-- Andreas Metzler <ametzler@debian.org> Sun, 08 Sep 2013 08:03:27 +0200
gnutls28 (3.2.4-2) unstable; urgency=low
* Manpages were missing on binary-only builds. Closes: #721725
* Build with
--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
ca-certificates not pulled in by build-dependencies anymore.
Closes: #721726
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Sep 2013 08:10:17 +0200
gnutls28 (3.2.4-1) experimental; urgency=low
* New upstream release.
+ Drop 40_Clean-up-after-test.patch.
* Fix path to png files in info files with sed instead of symlinking images.
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 31 Aug 2013 19:02:33 +0200
gnutls28 (3.2.3-3) experimental; urgency=low
* Switch to dh, to easily allow us to move gtk-doc-tools to
Build-Depends-Indep. Closes: #682596
-- Andreas Metzler <ametzler@debian.org> Sun, 25 Aug 2013 10:25:52 +0200
gnutls28 (3.2.3-2) experimental; urgency=low
* Build gnutls-guile against guile-2.0.
+ Drop --disable-largefile on armel armhf mipsel.
+ ia64 does not build guile-2.0, disable guile-support there.
-- Andreas Metzler <ametzler@debian.org> Sun, 04 Aug 2013 13:28:13 +0200
gnutls28 (3.2.3-1) unstable; urgency=low
* New upstream release.
* Drop superfluous patches. (35_gnutls-priority-string.diff
36_avoid-leaking-a-buffer-element.diff)
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Tue, 30 Jul 2013 19:45:28 +0200
gnutls28 (3.2.2-2) unstable; urgency=low
* Pull two patches from upstream:
+35_gnutls-priority-string.diff Fix priority string parsing broken in
3.2.2 Closes: #717314
+36_avoid-leaking-a-buffer-element.diff
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Jul 2013 18:08:42 +0200
gnutls28 (3.2.2-1) unstable; urgency=low
* Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
Closes: #678070
* New upstream version.
* Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Mon, 15 Jul 2013 11:41:50 +0200
gnutls28 (3.2.1-2) unstable; urgency=low
* Upload to unstable. * Do not link everything against nettle on mips(el), the issue being worked
around was fixed by the latest eglibc upload.
* Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
same.
-- Andreas Metzler <ametzler@debian.org> Sun, 23 Jun 2013 16:55:09 +0200
gnutls28 (3.2.1-1) experimental; urgency=low
* New upstream version.
+ Bump nettle build-dep to >= 2.7.
+ Bump shlibs.
+ Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
whether it still fails on kfreebsd-i386.
+ [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
false positive error in 32-bit systems.
+ [32_linkagainstgmp.diff] Link libgnutls against gmp.
-- Andreas Metzler <ametzler@debian.org> Sun, 09 Jun 2013 20:08:29 +0200
gnutls28 (3.1.12-2) unstable; urgency=low
* Upload to unstable.
* Fix vcs-field-not-canonical lintian error by using anonscm instead of
svn.debian.org.
-- Andreas Metzler <ametzler@debian.org> Sat, 08 Jun 2013 14:41:39 +0200
gnutls28 (3.1.12-1) experimental; urgency=low
* Use rm -f on clean, fixing an issue with building twice in row.
* New upstream version.
* On mips/mipsel link everything and the kitchen-sink against nettle to work
around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
-- Andreas Metzler <ametzler@debian.org> Sun, 02 Jun 2013 07:58:55 +0200
gnutls28 (3.1.11-1) experimental; urgency=low
* New upstream version.
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Fri, 10 May 2013 16:39:17 +0200
gnutls28 (3.1.10-1) experimental; urgency=low
* New upstream version.
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 23 Mar 2013 16:21:30 +0100
gnutls28 (3.1.9.1-1) experimental; urgency=low
* New upstream version.
* Bump shlibs.
* Force re-generation of autogen-ed manpages.
-- Andreas Metzler <ametzler@debian.org> Sun, 03 Mar 2013 17:06:05 +0100
gnutls28 (3.1.8-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sun, 10 Feb 2013 13:35:32 +0100
gnutls28 (3.1.7-1) experimental; urgency=low
* Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
the build-depency. (Thanks, Daniel Kahn Gillmor)
* New upstream version. + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
CVE-2013-0169 CVE-2013-1619.
+ New symbols added, bump shlibs.
+ Ship newly available libgnutls-xssl0 library in a separate package.
* Disable Heart Beat (RFC6520) support.
-- Andreas Metzler <ametzler@debian.org> Tue, 05 Feb 2013 14:58:31 +0100
gnutls28 (3.1.6-1) experimental; urgency=low
* Update watchfile, based on Bart Martens version for gnutls26 on
q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
3.x versions.
* New upstream version.
+ requires libtasn1 >= 3.1, bump build-depends.
+ requires a a newer version of autogen, bump build-depends.
+ update debian/copyright to reflect the fact that GnuTLS authors have
stopped assigning copyright to FSF.
-- Andreas Metzler <ametzler@debian.org> Sat, 05 Jan 2013 09:38:41 +0100
gnutls28 (3.1.5-1) experimental; urgency=low
* New upstream version.
+ Drop 40_danetestfail.diff
+ Unfuzz 20_test-select.diff
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Wed, 28 Nov 2012 19:23:10 +0100
gnutls28 (3.1.4-1) experimental; urgency=low
* New upstream release.
+ Drop 40_fixtypo.diff.
+ debian/copyright: update upstream author list.
+ New symbols added, bump shlibs.
* 40_danetestfail.diff - Do not try to run dane test without dane support.
-- Andreas Metzler <ametzler@debian.org> Sat, 10 Nov 2012 09:21:41 +0100
gnutls28 (3.1.3-1) experimental; urgency=low
* New upstream release.
* Explicitly set --disable-libdane --without-tpm.
* Bump shlibs.
* 40_fixtypo.diff pulled from upstream git.
* Update debian/copyright from AUTHORS.
-- Andreas Metzler <ametzler@debian.org> Sat, 13 Oct 2012 15:52:09 +0200
gnutls28 (3.1.2-1) experimental; urgency=low
* New upstream release.
+ Requires libtasn1-3 2.14, bump (b-)d.
+ New symbols added, bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2012 08:13:47 +0200
gnutls28 (3.1.1-1) experimental; urgency=low
* New upstream release.
+ Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
Closes: #686242
+ Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
42_dump-the-errno.diff 43_possiblefix.diff)
+ Bump shlibs.
* Sync version of libgnutls-dev dependency on nettle-dev with the
build-dependency.
-- Andreas Metzler <ametzler@debian.org> Tue, 04 Sep 2012 19:28:08 +0200
gnutls28 (3.1.0-5) experimental; urgency=low
* 43_possiblefix.diff might fix the test suite error.
-- Andreas Metzler <ametzler@debian.org> Sun, 02 Sep 2012 16:05:34 +0200
gnutls28 (3.1.0-4) experimental; urgency=low
* 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
testsuite error.
-- Andreas Metzler <ametzler@debian.org> Sun, 02 Sep 2012 13:28:55 +0200
gnutls28 (3.1.0-3) experimental; urgency=low
* [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
-- Andreas Metzler <ametzler@debian.org> Sat, 01 Sep 2012 10:02:54 +0200
gnutls28 (3.1.0-2) experimental; urgency=low
* Mention abbreviation "DTLS" in package description.
* [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
it spuriously fails on about half of the buildds.
-- Andreas Metzler <ametzler@debian.org> Sat, 01 Sep 2012 08:41:11 +0200
gnutls28 (3.1.0-1) experimental; urgency=low
* New upstream release.
+ Bump nettle build-dep to >= 2.5.
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sun, 26 Aug 2012 13:40:15 +0200
gnutls28 (3.0.22-2) unstable; urgency=low
* Upload to unstable. This is a leaf-package, experimental should get
3.1.0.
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2012 09:22:37 +0200
gnutls28 (3.0.22-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sun, 05 Aug 2012 08:29:14 +0200
gnutls28 (3.0.21-1) experimental; urgency=low
* New upstream version.
+ Drop 35_s390buildfix.diff.
* Bump shlibs (new functions added.)
-- Andreas Metzler <ametzler@debian.org> Tue, 03 Jul 2012 19:50:14 +0200
gnutls28 (3.0.20-3) unstable; urgency=low
* 35_s390buildfix.diff - Fixes test-suite error on s390x.
-- Andreas Metzler <ametzler@debian.org> Thu, 21 Jun 2012 19:52:47 +0200
gnutls28 (3.0.20-2) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 16 Jun 2012 16:20:01 +0200
gnutls28 (3.0.20-1) experimental; urgency=low
* New upstream version.
* Bump shlibs (new functions added.)
* Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
CLOCK_MONOTONIC now. #662018
-- Andreas Metzler <ametzler@debian.org> Wed, 06 Jun 2012 20:46:11 +0200
gnutls28 (3.0.19-2) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 22 Apr 2012 18:42:46 +0200
gnutls28 (3.0.19-1) experimental; urgency=low
* New upstream version.
+ libgnutls: When decoding a PKCS #11 URL the pin-source field
is assumed to be a file that stores the pin. (LP: #929108)
+ Drop 31_killchild.diff, included upstream.
-- Andreas Metzler <ametzler@debian.org> Sun, 22 Apr 2012 18:14:41 +0200
gnutls28 (3.0.18-2) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 14 Apr 2012 16:34:15 +0200
gnutls28 (3.0.18-1) experimental; urgency=low
* New upstream version.
+ Bump shlibs.
* patches/31_killchild.diff: Revert upstream change which caused tee-ing a
build to hang.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Apr 2012 09:11:39 +0200
gnutls28 (3.0.17-2) unstable; urgency=low
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Tue, 20 Mar 2012 19:19:31 +0100
gnutls28 (3.0.17-1) experimental; urgency=low
* New upstream version.
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Mar 2012 15:59:17 +0100
gnutls28 (3.0.15-2) experimental; urgency=low
* 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
support for CLOCK_MONOTONIC is missing there. (See #662018.)
-- Andreas Metzler <ametzler@debian.org> Sun, 11 Mar 2012 10:24:39 +0100
gnutls28 (3.0.15-1) experimental; urgency=low
* New upstream version.
+ Drop superfluous patches (30_microseconds-does-not-overflow.patch,
31_provide-accurate-value-to-select.patch)
+ Includes fix for CVE-2012-1573.
* 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
* Bump libgnutls-dev dependency on libp11-kit-dev.
-- Andreas Metzler <ametzler@debian.org> Sun, 04 Mar 2012 15:58:38 +0100
gnutls28 (3.0.14-1) experimental; urgency=low
* New upstream version.
+ Drop 30_force-kill-of-child.diff.
* Pull 30_microseconds-does-not-overflow.patch and
31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
error (tests/mini-loss) on kfreebsd-*.
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Feb 2012 15:24:39 +0100
gnutls28 (3.0.13-1) experimental; urgency=low
* New upstream version.
+ bump libp11-kit-dev build-dep. to >= 0.11.
+ drop 30_guilegnutlserrorcodes.diff.
* Drop debian/ocsptool.1 use, newly available upstream manpage instead.
* Use and link against Debian's packaged version of autogen/libopts.
+ B-d on autogen.
+ remove autogen-generated files (*.c, *.h) on clean. autogen requires
that the system headers are at least of the same version as the
one which was used to generate the files from their respective .def
sources.
* 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Mon, 20 Feb 2012 19:30:16 +0100
gnutls28 (3.0.12-2) unstable; urgency=low
* De-multiarch guile-gnutls. Closes: #658110
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2012 14:34:48 +0100
gnutls28 (3.0.12-1) unstable; urgency=low
* New upstream version.
* [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
testsuite error.
* Update debian/copyright.
* Bump shlibs. (OCSP support)
* Add trivial ocsptool manpage.
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Jan 2012 10:38:44 +0100
gnutls28 (3.0.11-1) unstable; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Jan 2012 12:55:33 +0100
gnutls28 (3.0.10-1) unstable; urgency=low
* Drop guile-gnutls.README.Debian - binary guile modules are no longer
directly installed in $libdir.
* New upstream version.
+ Drop patches/30_correctly-set-the-odd-bits.patch.
+ gnutls_random_art() added. Update copyright, bump shlibs.
+ src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
Closes: #652552
-- Andreas Metzler <ametzler@debian.org> Fri, 06 Jan 2012 08:52:19 +0100
gnutls28 (3.0.9-2) unstable; urgency=low
* [20_test-select.diff] Do not run gnulib test-select test anymore. The
test fails on kfreebsd-i386, the gnutls library does not use select().
* [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Dec 2011 11:41:19 +0100
gnutls28 (3.0.9-1) experimental; urgency=low
* New upstream version.
* Include guile-gnutls package.
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Wed, 14 Dec 2011 19:54:20 +0100
gnutls28 (3.0.8-2) unstable; urgency=low
* First upload to unstable.
+ Disable openssl-wrapper package, let it be provided by gnutls26 until
gnutls28 is in testing.
+ Disable gnutls-guile package, let it be provided by gnutls26 until
gnutls28 is in testing.
-- Andreas Metzler <ametzler@debian.org> Sat, 03 Dec 2011 10:30:04 +0100
gnutls28 (3.0.8-1) experimental; urgency=low
* Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
guile related FTBFS on these architectures.
See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
* New upstream version.
+ Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Nov 2011 17:05:25 +0100
gnutls28 (3.0.7-1) experimental; urgency=low
* New upstream version.
+ Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
* Drop 20_addGNU-stack.diff, included upstream.
* loadable Guile module no longer installed directly to $libdir but to
$libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify
DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
* gnutls-extra is removed upstream, there is no need anymore to manually
remove the bits and pieces in debian/rules.
-- Andreas Metzler <ametzler@debian.org> Thu, 10 Nov 2011 19:35:30 +0100
gnutls28 (3.0.4-2) experimental; urgency=low
* Drop libgnutls-dev.README.Debian, the information provided there stopped
being relevant in 2.7.12.
* Delete superfluous info from debian/README.source.
* Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
seem to be possible.
http://lists.debian.org/debian-devel/2011/10/msg00332.html
* Simplify dependencies:
+ libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
also provided by gnutls26' libgnutls-dev).
+ Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
-- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2011 17:41:27 +0200
gnutls28 (3.0.4-1) experimental; urgency=low
* New upstream version.
+ bump shlibs.
+ bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
* Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
* [20_addGNU-stack.diff] Add GNU-stack note to newly added
padlock-common.s.
* Stop shipping libgnutls-extra.so. It is an empty shell currently and will
be packaged for Debian again when it provides functionality.
* Update debian/copyright, accelerated assembly code is non-FSF copyright.
* Add crywrap.8 manpage.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2011 13:37:39 +0200
gnutls28 (3.0.3-1) experimental; urgency=low
* New upstream version. (Includes a fix for #640639)
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Tue, 20 Sep 2011 19:37:06 +0200
gnutls28 (3.0.2-1) experimental; urgency=low
* Update debian/copyright for crywrap.
* Since libgnutls*-dbg contains debugging symbols of helper applications
libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
Conflicts.
* New upstream version. It also includes the fixes for #638586 (Correct
parsing of XMPP subject alternative names) and #638595
(gnutls_certificate_set_x509_key() and
gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
release of the private key during the lifetime of the certificate
structure.)
* Configure with --enable-gtk-doc, the included API reference is incomplete
in the tarball.
* [lintian] Get rid of binary-control-field-duplicates-source field
warnings.
* [lintian] Add description header to 14_version_gettextcat.diff
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 03 Sep 2011 13:18:17 +0200
gnutls28 (3.0.1-1) experimental; urgency=low
* Update Vcs-Svn and Vcs-Browser for new source package name.
* New upstream version.
+ corrects formatting of gnutls-cli(1) manpage. Closes: #637551
* Bump build-dependency on libp11-kit-dev to (>= 0.4).
* Drop 20_executablestack.diff, included upstream.
* Includes crywrap(8), an application that proxies TLS session to a port
using a plaintext service.
* Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
* Bump shlibs. (New flags).
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Aug 2011 14:54:23 +0200
gnutls28 (3.0.0-2) experimental; urgency=low
* Add missing b-d on chrpath.
* Search for .xz instead of .bz2 in watchfile.
-- Andreas Metzler <ametzler@debian.org> Tue, 16 Aug 2011 13:57:22 +0200
gnutls28 (3.0.0-1) experimental; urgency=low
* Drop gcrypt related patches (16_unnecessarydep.diff
17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
20_gcrypt15compat.diff), update remaining one
(14_version_gettextcat.diff).
* Build against nettle and p11-kit.
+ Update DEB_CONFIGURE_EXTRA_FLAGS.
+ Update (Build-)Depends. (Add pkg-config, it is used for locating
p11-kit.)
* Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
libgnutls28.
* Drop libgnutls Breaks, they are superfluous after the soname change.
* Delete config.log on clean.
* [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
assembly files.
* Delete unneccessary rpath entries.
* Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a NEWS entry for this license change.
* Move gnutls-extra library to separate package.
-- Andreas Metzler <ametzler@debian.org> Sun, 14 Aug 2011 16:44:11 +0200
gnutls26 (2.12.7-4) unstable; urgency=low
* Upload to unstable.
* Point watch file to stable release directory.
* 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
Libs.private. Closes: #632891
* Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
-- Andreas Metzler <ametzler@debian.org> Sun, 07 Aug 2011 09:58:28 +0200
gnutls26 (2.12.7-3) experimental; urgency=low
[ Simon Josefsson ]
* Fix Debian BTS URL in --with-packager-bug-reports option.
[ Andreas Metzler ]
* [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
-- Andreas Metzler <ametzler@debian.org> Mon, 25 Jul 2011 19:59:36 +0200
gnutls26 (2.12.7-2) experimental; urgency=low
* Stop shipping libtool la files.
* Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
+ configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
*.install accordingly.
+ Bump cdbs Build-Depends to 0.4.93 (required for expanding
$(DEB_HOST_MULTIARCH)).
+ Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
+ runtime libraries and guile-wrapper are Multi-Arch: same with
Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are
Multi-Arch: foreign, -dev and -dbg remain unchanged.
+ Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg
package. It contains debugging symbols for both library and helper
binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
co-installable with itself.
-- Andreas Metzler <ametzler@debian.org> Sun, 26 Jun 2011 15:01:58 +0200
gnutls26 (2.12.7-1) experimental; urgency=low
* New upstream version.
* Update 17_ignoretestsuitteerrors.diff.
* A new version of pokerth has been uploaded to sid, update libgnutls26
Breaks accordingly.
-- Andreas Metzler <ametzler@debian.org> Sun, 19 Jun 2011 08:49:01 +0200
gnutls26 (2.12.6.1-1) experimental; urgency=low
* New upstream version.
* Bump shlibs, global_set_time_function() was added.
* Stop setting CFLAGS += -Wall, it is set by default again.
* [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
errors.
-- Andreas Metzler <ametzler@debian.org> Sun, 05 Jun 2011 13:18:50 +0200
gnutls26 (2.12.5-1) experimental; urgency=low
* New upstream version.
* Bump shlibs, gnutls_x509_crq_verify() was added.
-- Andreas Metzler <ametzler@debian.org> Sat, 14 May 2011 13:21:12 +0200
gnutls26 (2.12.4-1) experimental; urgency=low
* New upstream version.
* Bump shlibs. (gnutls_certificate_get_issuer() added).
-- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2011 15:19:18 +0200
gnutls26 (2.12.3-1) experimental; urgency=low
* New upstream version.
* Drop patches included upstream: [18_restoreHMAC-MD5.diff]
-- Andreas Metzler <ametzler@debian.org> Fri, 22 Apr 2011 18:26:11 +0200
gnutls26 (2.12.2-2) experimental; urgency=low
* [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
for compatibility. Closes: #623001
-- Andreas Metzler <ametzler@debian.org> Sun, 17 Apr 2011 15:44:30 +0200
gnutls26 (2.12.2-1) experimental; urgency=low
* New upstream version.
* [lintian] Drop article from short package descriptions.
-- Andreas Metzler <ametzler@debian.org> Fri, 08 Apr 2011 19:36:27 +0200
gnutls26 (2.12.1-1) experimental; urgency=low
* New upstream version.
+ certtool: Generated certificate request with stricter permissions.
Closes: #619746
* Drop superfluous patches:
17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
19_uninitializedvar.diff 20_access_freedmemory.diff
* Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
need a binNMU when gnutls 2.12.x uploaded to unstable.
-- Andreas Metzler <ametzler@debian.org> Sat, 02 Apr 2011 15:22:46 +0200
gnutls26 (2.12.0-1) experimental; urgency=low
* New upstream stable release.
+ Drop superceded patches 17_goldhotfix.patch
18_libgnutls-openssl_soname.diff.
* Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
19_uninitializedvar.diff 20_access_freedmemory.diff
-- Andreas Metzler <ametzler@debian.org> Sun, 27 Mar 2011 10:23:11 +0200
gnutls26 (2.11.7-2) experimental; urgency=low
* 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
versioning: 27:0:0).
* Split off libgnutls-openssl to a separate package, since the sonames are
not in sync anymore.
-- Andreas Metzler <ametzler@debian.org> Fri, 11 Mar 2011 17:48:47 +0100
gnutls26 (2.11.7-1) experimental; urgency=low
* New upstream version (rc for 2.12)
+ Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
+ Bump shlibs.
* debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
-- Andreas Metzler <ametzler@debian.org> Thu, 10 Mar 2011 12:12:01 +0100
gnutls26 (2.11.6-2) experimental; urgency=low
* 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
on big endian architectures.
-- Andreas Metzler <ametzler@debian.org> Wed, 23 Feb 2011 19:20:40 +0100
gnutls26 (2.11.6-1) experimental; urgency=low
* Development release.
* Continue building against libgcrypt, run configure with --with-libgcrypt.
* Refresh patches/15_fixgnutlspc.diff.
* Set --with-packager* options.
* Install newly available p11tool binary.
* Bump libgcrypt11-dev Build-Depends.
* C++ wrapper soname bump, change package name accordingly.
* Bump shlibs.
* Update debian/copyright.
* Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
seem to set it by default.
-- Andreas Metzler <ametzler@debian.org> Sat, 19 Feb 2011 15:29:43 +0100
gnutls26 (2.10.5-3) unstable; urgency=medium
* [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
-- Andreas Metzler <ametzler@debian.org> Mon, 25 Jul 2011 19:26:34 +0200
gnutls26 (2.10.5-2) unstable; urgency=low
* Stop shipping libtool la files.
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Jun 2011 18:13:38 +0200
gnutls26 (2.10.5-1) unstable; urgency=low
* New upstream bugfix release.
+ Drop 15_fixgnutlspc.diff, included upstream.
* Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
seem to set it by default.
-- Andreas Metzler <ametzler@debian.org> Mon, 28 Feb 2011 18:52:57 +0100
gnutls26 (2.10.4-2) unstable; urgency=low
* Use debhelper compatibility level 7.
* Merge in changes from 2.8.6-1:
+ Use dh_lintian.
+ Use dh_makeshlibs for the guile stuff, too. This gets us
a) ldconfig in postinst. Closes: #553109
and
b) a shlibs file.
However the shared objects /usr/lib/libguile-gnutls*so* are still not
designed to be used as libraries (linking) but are dlopened. guile-1.10
will address this issue by keeping this stuff in a private directory.
+ hotfix pkg-config files (proper fix to be included upstream).
+ Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
Closes: #405239
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 06 Feb 2011 16:44:09 +0100
gnutls26 (2.10.4-1) experimental; urgency=low
* New upstream release. V1 CAs are trusted by default.
-- Andreas Metzler <ametzler@debian.org> Mon, 06 Dec 2010 19:13:48 +0100
gnutls26 (2.10.3-1) experimental; urgency=low
* Drop workaround for 519006, binutils is fixed even in squeeze.
* New upstream bugfix release.
-- Andreas Metzler <ametzler@debian.org> Fri, 19 Nov 2010 19:19:26 +0100
gnutls26 (2.10.2-1) experimental; urgency=low
* New upstream version.
+ Fix asynchronous API handling. Closes: #588187
+ certtool does not crash on reading from /dev/null anymore.
Closes: #588029
* Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
-- Andreas Metzler <ametzler@debian.org> Thu, 30 Sep 2010 19:10:31 +0200
gnutls26 (2.10.1-1) experimental; urgency=low
* Update package descriptions. Closes: #588067
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sun, 25 Jul 2010 14:56:45 +0200
gnutls26 (2.10.0-2) experimental; urgency=low
* libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1),
libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
(2.31.2-1) not yet. Closes: #587755
-- Andreas Metzler <ametzler@debian.org> Sat, 03 Jul 2010 08:58:57 +0200
gnutls26 (2.10.0-1) experimental; urgency=low
* New upstream stable release.
* Point watchfile to stable releases.
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Jun 2010 14:48:40 +0200
gnutls26 (2.9.12-2) experimental; urgency=low
* Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
useless and almost empty package on these archs.)
* Drop ancient workaround for gcc bug on hppa.
http://bugs.debian.org/128036
-- Andreas Metzler <ametzler@debian.org> Sat, 19 Jun 2010 14:38:22 +0200
gnutls26 (2.9.12-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Thu, 17 Jun 2010 19:20:04 +0200
gnutls26 (2.9.11-1) experimental; urgency=low
* New upstream version.
* Drop 15_gnutlspriority.diff, superseded.
-- Andreas Metzler <ametzler@debian.org> Mon, 07 Jun 2010 19:36:33 +0200
gnutls26 (2.9.10-2) experimental; urgency=low
* [15_gnutlspriority.diff] Restore compatibility with programs using
gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
Closes: #579831
-- Andreas Metzler <ametzler@debian.org> Thu, 27 May 2010 18:40:53 +0200
gnutls26 (2.9.10-1) experimental; urgency=low
* New upstream version.
* New functions added, bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Thu, 22 Apr 2010 19:29:52 +0200
gnutls26 (2.9.9-1) experimental; urgency=low
* Package upstream development branch for experimental.
* Track development versions in watchfile.
* Package C++ wrapper again. Closes: #548637
-- Andreas Metzler <ametzler@debian.org> Sun, 20 Dec 2009 11:31:33 +0100
gnutls26 (2.8.6-1) unstable; urgency=low
* Use dh_lintian.
* Use dh_makeshlibs for the guile stuff, too. This gets us
a) ldconfig in postinst. Closes: #553109
and
b) a shlibs file.
However the shared objects /usr/lib/libguile-gnutls*so* are still not
designed to be used as libraries (linking) but are dlopened. guile-1.10
will address this issue by keeping this stuff in a private directory.
* hotfix pkg-config files (proper fix to be included upstream).
* Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
-- Andreas Metzler <ametzler@debian.org> Sat, 20 Mar 2010 15:53:35 +0100
gnutls26 (2.8.5-2) unstable; urgency=low
* Add a huge bunch of lintian overrides for the guile stuff to make dak
happy.
-- Andreas Metzler <ametzler@debian.org> Fri, 13 Nov 2009 19:53:04 +0100
gnutls26 (2.8.5-1) unstable; urgency=low
* Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
* Switch to '3.0 (quilt)' source format, allowing us to use upstreams
orig.tar.bz2 without repacking it to gz.
* New upstream version.
+ Drop patches/20_fixtimebomb.diff.
-- Andreas Metzler <ametzler@debian.org> Thu, 12 Nov 2009 19:57:08 +0100
gnutls26 (2.8.4-2) unstable; urgency=high
* [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
-- Andreas Metzler <ametzler@debian.org> Sun, 01 Nov 2009 13:21:27 +0100
gnutls26 (2.8.4-1) unstable; urgency=low
* New upstream version.
+ Drop debian/patches/15_openpgp.diff.
* Sync priorities with override file, libgnutls26 has been bumped from
important to standard.
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2009 10:33:52 +0200
gnutls26 (2.8.3-3) unstable; urgency=low
* Empty dependency_libs in la-files. (Squeeze release goal.)
-- Andreas Metzler <ametzler@debian.org> Sat, 05 Sep 2009 09:09:22 +0200
gnutls26 (2.8.3-2) unstable; urgency=low
* [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
openpgp connections.
-- Andreas Metzler <ametzler@debian.org> Sat, 22 Aug 2009 14:14:48 +0200
gnutls26 (2.8.3-1) unstable; urgency=high
* New upstream version.
+ Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
was built against. Closes: #540449
+ Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
* Drop 15_chainverify_expiredcert.diff, included upstream.
* Urgency high, since 541439 applies to testing, too.
-- Andreas Metzler <ametzler@debian.org> Fri, 14 Aug 2009 19:14:29 +0200
gnutls26 (2.8.1-2) unstable; urgency=low
[ Simon Josefsson ]
* Remove cruft in rules file.
* Remove patches/15_tasn1inpc.diff, not needed.
[ Andreas Metzler ]
* Finally add an entry to the NEWS.Debian file concerning the deprecation of
RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
* Upload to unstable.
* 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
Fix testsuite error caused by expired certificate.
-- Andreas Metzler <ametzler@debian.org> Thu, 06 Aug 2009 19:12:51 +0200
gnutls26 (2.8.1-1) experimental; urgency=low
* New upstream stable release.
-- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2009 09:15:28 +0200
gnutls26 (2.7.14-1) experimental; urgency=low
* [debian/control] set section setting of source package to libs instead of
devel.
* New upstream version.
+ Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
+ Bump shlibs, new symbols added.
-- Andreas Metzler <ametzler@debian.org> Tue, 26 May 2009 19:51:41 +0200
gnutls26 (2.7.12-1) experimental; urgency=low
* Fix typo in changelog. Closes: #526427
* New upstream release.
+ Does not ship the scripts libgnutls-extra-config and libgnutls-config
and the .m4 snippet to use it anymore. Please switch to pkg-config or
standard autoconf test. Drop manpages and
both patches/13_lessdeps_gnutls-config.diff and
patches/13_lessdeps_gnutls-config.diff from the debian diff.
+ Update remaining patches.
+ Bump shlibs, new symbols added.
* [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
GNUTLS_2_8.
* New upstream uses separate ./configure scripts for the different
libraries. Invoke the main ./configure script with
--cache-file=$(CURDIR)/config.cache to speed things up.
-- Andreas Metzler <ametzler@debian.org> Thu, 21 May 2009 11:18:35 +0200
gnutls26 (2.6.6-1) unstable; urgency=high
* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009-1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009-2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009-3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
behavior change, add a NEWS.Debian file to document it.
-- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200
gnutls26 (2.6.5-1) unstable; urgency=low
* Sync sections in debian/control with override file. libgnutls26-dbg is
section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required.
-- Andreas Metzler <ametzler@debian.org> Tue, 14 Apr 2009 14:23:19 +0200
gnutls26 (2.6.4-2) unstable; urgency=low
* Upload to unstable.
* Merge changelog entries from unstable and experimental.
-- Andreas Metzler <ametzler@debian.org> Mon, 16 Feb 2009 16:43:37 +0100
gnutls26 (2.6.4-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 14:32:57 +0100
gnutls26 (2.6.3-1) experimental; urgency=low
* New upstream version.
+ Corrects bug gnutls-cli which caused a rehandshake request
to be ignored. Closes: #396867
* Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Dec 2008 10:46:38 +0100
gnutls26 (2.6.2-2) experimental; urgency=low
* 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
correct certificate chains were not recognized as verified.
Closes: #507633
* [lintian] Add ${misc:Depends} to multiple dendency lines.
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 13:31:58 +0100
gnutls26 (2.6.2-1) experimental; urgency=low
* New upstream version.
+ Fixes certification verifaction error CVE-2008-4989. Closes: #505360
+ Drop 20_fix_501077.diff.
* ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
there.
* Add Simon Josefsson to uploaders.
-- Andreas Metzler <ametzler@debian.org> Thu, 13 Nov 2008 19:30:06 +0100
gnutls26 (2.6.0-1) experimental; urgency=low
* New upstream stable release.
* Add debian/patches/20_fix_501077.diff to fix an out of bound access in
gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Oct 2008 09:59:03 +0200
gnutls26 (2.5.9-1) experimental; urgency=low
* New upstream development version.
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Oct 2008 12:40:01 +0200
gnutls26 (2.4.2-6) unstable; urgency=medium
* New patches, syncing with 2.4.3 upstream oldstable release:
+ 24_intermedcertificate.patch If a non-root certificate ist trusted
gnutls certificateificate verification stops there instead of checking
up to the root of the certificate chain.
+ 22_whitespace.patch - Whitespace only changes, to make it possible to
apply upstream fixes without manual changes.
+ 25_bufferoverrun.patch. Fix buffer overrun bug in
gnutls_x509_crt_list_import.
http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100
gnutls26 (2.4.2-5) unstable; urgency=low
* Pull two patches from upstream stable branch to make gnutls behavior
match documentation:
+ patch 23_permit_v1_CA.diff:Accept v1 x509 CA
certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
+ 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output.
CVE-2009-2409
-- Andreas Metzler <ametzler@debian.org> Sat, 31 Jan 2009 16:26:52 +0100
gnutls26 (2.4.2-4) unstable; urgency=medium
* Add Simon Josefsson to uploaders.
* Another fix for the verification fix. Some correct certificate chains were
not recognized as verified. Closes: #507633
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 12:09:33 +0100
gnutls26 (2.4.2-3) unstable; urgency=low
* Fix a crash on trying to verify self-signed certificates introduced by the
patch for CVE-2008-4989. Closes: #505279
-- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2008 19:23:23 +0100
gnutls26 (2.4.2-2) unstable; urgency=medium
* [CVE-2008-4989.diff] Fix man in the middle attack for certificate
verification. CVE-2008-4989 GNUTLS-SA-2008-3
-- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2008 19:42:54 +0100
gnutls26 (2.4.2-1) unstable; urgency=low
* New upstream bugfix release.
* Up to date gnutls-cli manpage. Closes: #492775
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2008 10:35:16 +0200
gnutls26 (2.4.1-1) unstable; urgency=medium
* New upstream version, fixing a local denial of service vulnerability only
present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377
-- Andreas Metzler <ametzler@debian.org> Tue, 01 Jul 2008 19:35:51 +0200
gnutls26 (2.4.0-2) unstable; urgency=low
* Standards version 3.8.0. Rename README.source_and_patches to README.source.
* Upload to unstable.
* Point watchfile to stable releases again.
* Merge experimental and unstable changelog.
-- Andreas Metzler <ametzler@debian.org> Tue, 24 Jun 2008 19:13:25 +0200
gnutls26 (2.4.0-1) experimental; urgency=low
* New upstream stable release.
* New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Wed, 18 Jun 2008 19:40:38 +0200
gnutls26 (2.3.15-1) experimental; urgency=low
* New upstream version. (rc4)
Disables 'openpgp-certs' tests. Closes: #486269
-- Andreas Metzler <ametzler@debian.org> Mon, 16 Jun 2008 19:08:24 +0200
gnutls26 (2.3.14-1) experimental; urgency=low
* New upstream version. (rc3)
-- Andreas Metzler <ametzler@debian.org> Wed, 11 Jun 2008 19:16:18 +0200
gnutls26 (2.3.13-1) experimental; urgency=low
* New upstream version. 2nd rc for 2.4.0.
* Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
-- Andreas Metzler <ametzler@debian.org> Sun, 08 Jun 2008 18:00:51 +0200
gnutls26 (2.3.12-1) experimental; urgency=low
* New upstream version. Bump shlibs.
* Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
* Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
failure on sparc.
-- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2008 19:08:29 +0200
gnutls26 (2.3.11-1) experimental; urgency=low
* New upstream version.
+ Fixes three security vulnerabilities.
[GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
<http://www.gnu.org/software/gnutls/security.html>.
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
+ Fixes subjectAltName wildcard matching. Closes: #479174
+ certtool now writes keyfiles with 0600 permissions. Closes: #373169
-- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2008 08:25:36 +0200
gnutls26 (2.2.5-1) unstable; urgency=high
* New upstream version. Fixes three security vulnerabilities.
[GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
<http://www.gnu.org/software/gnutls/security.html>.
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
-- Andreas Metzler <ametzler@debian.org> Tue, 20 May 2008 19:19:55 +0200
gnutls26 (2.3.9-1) experimental; urgency=low
* New upstream development version.
- OpenPGP support merged into libgnutls and is now licensed under LGPL.
The included copy of OpenCDK has been stripped down and re-licensed
under the LGPL. Using the external OpenCDK is not supported anymore, the
external library will not be maintained anymore. Drop respective
(build-)depends.
- API extended, bump shlibs.
- certtool asks for password confirmation. Closes: #364287
- performance enhancements for gnutls_certificate_set_x509_trust_file.
Closes: #400448
- gnutls-cli: exits when hostname doesn't match certificate.
Use --insecure to avoid hostname comparison.
* For paranoia sake build with -D_REENTRANT even if upstream has stopped
doing so.
* [debian/copyright] : update, and stop including a GFDL copy.
* Point watchfile to development versions.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 May 2008 16:56:04 +0200
gnutls26 (2.2.3-1) unstable; urgency=low
* New upstream stable release.
- --priority is documented in gnutls-cli(1) manpage. Closes: #467051
-- Andreas Metzler <ametzler@debian.org> Mon, 12 May 2008 18:29:12 +0200
gnutls26 (2.2.3~rc-1) unstable; urgency=low
* New upstream version. Release candidate for 2.2.3.
+ Increase default handshake packet size limit to 48kb. Closes: #478191
* remove unsupported .l command from debian/libgnutls-config.1
* Use Programming/C as doc-base section.
-- Andreas Metzler <ametzler@debian.org> Thu, 01 May 2008 13:09:49 +0200
gnutls26 (2.2.2-1) unstable; urgency=low
* New upstream version.
Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
strings and return the proper size.
corrected string handling in parse_general_name.
Closes: #465197
* Point watchfile to ftp.gnutls.org.
* Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
-- Andreas Metzler <ametzler@debian.org> Fri, 22 Feb 2008 19:08:36 +0100
gnutls26 (2.2.1-3) unstable; urgency=low
* Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
gnutls guile wrapper on ia64.
-- Andreas Metzler <ametzler@debian.org> Mon, 04 Feb 2008 19:14:03 +0100
gnutls26 (2.2.1-2) unstable; urgency=low
* Add Vcs-Svn: and Vcs-Browser control fields.
* Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 03 Feb 2008 18:14:21 +0100
gnutls26 (2.2.1-1) experimental; urgency=low
* New upstream version.
* guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
there.
* libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
packages contain gnutls-bin debugging symbols. Closes: #459295.
-- Andreas Metzler <ametzler@debian.org> Sun, 20 Jan 2008 18:27:33 +0100
gnutls26 (2.2.0-1) experimental; urgency=low
* New upstream version.
License change! Main library stays LGPLv2.1+ but libgnutls-extra,
libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
updated.
* Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
versions were GPLv2+) and this license is not compatible with GPLv3+.
* Non packaged 2.1.8 introduced new symbol
gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
* Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
* Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
DSA2 support. Closes: #455513
* Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Dec 2007 16:41:54 +0100
gnutls26 (2.1.7-1) experimental; urgency=low
* New upstream version.
- Another soname bump. Packages renamed.
* Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
dak does not allow that yet.
* Add Build-Conflicts: libgnutls-dev to stop libtool from linking
libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
-- Andreas Metzler <ametzler@debian.org> Sat, 1 Dec 2007 10:40:17 +0100
gnutls25 (2.1.6-2) experimental; urgency=low
* Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
experimental buildds happy.
-- Andreas Metzler <ametzler@debian.org> Mon, 19 Nov 2007 18:58:48 +0100
gnutls25 (2.1.6-1) experimental; urgency=low
* New upstream version. API changes! Please consult
/usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
removed (mainly *_authz_*) and changed interfaces.
This is the first release canddate for 2.2. The deprecation of
gnutls_set_default_priority() is supposed to be undone before the final
stable release.
* Bump build-depends.
* Stop building and shipping the C++ library, since nobody is using it. I
will happly re-add it if requested.
* Add Homepage field to debian/control.
* Build and ship Guile bindings. Requested by Ludovic Courtès who also
provided the initial patch. (On a sidenote I think guile generally does
not do the right thing by throwing dlopened modules into /usr/lib/.)
* Update debian/copyright.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Nov 2007 16:42:01 +0100
gnutls13 (2.0.1-1) unstable; urgency=low
* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
(Closes: #441740)
-- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2007 11:29:22 +0200
gnutls13 (1.7.19-1) unstable; urgency=low
* New upstream version 1.7.19.
- Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
This takes of care of the mutt breakage. Closes: #439640
-- Andreas Metzler <ametzler@debian.org> Mon, 27 Aug 2007 19:36:23 +0200
gnutls13 (1.7.18-2) unstable; urgency=low
* Upload to unstable
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2007 09:27:18 +0200
gnutls13 (1.7.18-1) experimental; urgency=low
* New upstream version 1.7.18, release candidate for 2.0.
* Bump shlibs, since functions have been added.
* Image files renamed upstream with gnutls- prefix and symlinked to
/usr/share/info/ in Debian package. Closes: #423577
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2007 09:06:11 +0200
gnutls13 (1.7.16-1) experimental; urgency=low
* New upstream version 1.7.16.
-- Andreas Metzler <ametzler@debian.org> Sat, 11 Aug 2007 10:50:21 +0200
gnutls13 (1.7.14-1) experimental; urgency=low
* New upstream version
- fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2007 09:06:35 +0200
gnutls13 (1.7.12-1) experimental; urgency=low
* New upstream version 1.7.12
- Fixes memory errors in certificate parsing. Closes: #333050
* Bump shlibs, due to API extensions in 1.7.10.
* Rebuilding of docs simpified, strip debian/README.source_and_patches to
reflect that.
-- Andreas Metzler <ametzler@debian.org> Sat, 23 Jun 2007 11:14:26 +0200
gnutls13 (1.7.9-1) experimental; urgency=low
* Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
* New upstream version.
- Uses opencdk10 (0.6.x).
- Improved gnutls_set_default_priority() priorities, with matching correct
docs. (Closes: #422024)
- bumped shlibs.
* Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
twice in a row on the same sourcetree. (Closes: #424357) Document what is
needed to rebuild doc/gnutls.pdf in README.source_and_patches.
-- Andreas Metzler <ametzler@debian.org> Mon, 28 May 2007 08:36:42 +0200
gnutls13 (1.7.7-1) experimental; urgency=low
* New development upstream version 1.7.7.
- Point watchfile to development versions.
- Bump shlibs for added APIs.
- Includes German translation. (Closes: #392857)
-- Andreas Metzler <ametzler@debian.org> Sun, 15 Apr 2007 10:11:21 +0200
gnutls13 (1.6.3-1) unstable; urgency=low
* New upstream version, pulling selected fixes and features from 1.7.x.
* Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2007 09:26:14 +0200
gnutls13 (1.6.2-2) unstable; urgency=low
* Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
-- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2007 09:48:31 +0200
gnutls13 (1.6.2-1) unstable; urgency=low
* New upstream version
- Really Closes: #403887 libgnutls failes to parse OpenSSL generated
certificates, since it contains a regenerated pkix_asn1_tab.c.
- Ship German translation. Closes: #392857
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Apr 2007 10:57:02 +0200
gnutls13 (1.6.1-2) unstable; urgency=low
* [gnutls-bin.install] Ship psktool.
* Ship gettext translations in deb package, but as gnutls13.mo instead of
gnutls.mo.
* Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
changelog entries after branchoff. Point watchfile to stable upstream
versions again.
* Drop dependency of libgnutls13-dbg on libgnutlsxx13.
-- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:49:48 +0100
gnutls13 (1.6.1-1) experimental; urgency=low
[ James Westby ]
* New upstream release.
-- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:18:03 +0100
gnutls13 (1.6.0-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Nov 2006 13:21:56 +0100
gnutls13 (1.5.3-1) experimental; urgency=low
[ Andreas Metzler ]
* Fix debian/copyright.
- Do not use "copyright" as title of a paragraph listing licenses.
(Closes: #290194)
- Add a copy of the FDL 1.2 to debian/copyright.
* New upstream version 1.5.3.
* Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
* Drop code for re-libtoolizing and running auto* from debian/rules, it is
unused and would not work anymore. (We can later grab the from SVN and
update it to make work if we ever need it.)
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Oct 2006 12:56:46 +0200
gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
[ Andreas Metzler ]
* Add a watchfile.
* New upstream development version.
- Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
broken.
- Drop unneeded patches/16_libs.private_gnutls.diff
patches/16_libs.private_gnutls-extra.diff
- Point watchfile to development versions.
- Builds a C++ library.
* Switch to debhelper v5 mode to be able to ship debug symbols of
libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
* Branched off from 1.4.4-1.
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Sep 2006 09:54:38 +0200
gnutls13 (1.4.4-3) unstable; urgency=low
* Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
version, try to negotiate the highest version support by the GnuTLS
server, instead of the lowest.
-- Andreas Metzler <ametzler@debian.org> Sat, 11 Nov 2006 10:35:29 +0100
gnutls13 (1.4.4-2) unstable; urgency=low
[ Andreas Metzler ]
* Add a watchfile.
* Fix debian/copyright.
- Do not use "copyright" as title of a paragraph listing licenses.
(Closes: #290194)
- Add a copy of the FDL 1.2 to debian/copyright.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:57:49 +0200
gnutls13 (1.4.4-1) unstable; urgency=high
[ Andreas Metzler ]
* New upstream version 1.4.4
- Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
crash mutt. (closes: #386725)
GNUTLS-SA-2006-4 is CVE-2006-4790.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:09:47 +0200
gnutls13 (1.4.3-2) unstable; urgency=low
* the lesser of two weevils release.
[ Andreas Metzler ]
* Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
various programs, including mutt. (closes: #386680)
-- Andreas Metzler <ametzler@debian.org> Sat, 9 Sep 2006 19:29:52 +0200
gnutls13 (1.4.3-1) unstable; urgency=high
[ Andreas Metzler ]
* New upstream version 1.4.3.
- Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
rump session attack. GNUTLS-SA-2006-4
- Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
GNUTLS-SA-2006-3
- Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
-- Andreas Metzler <ametzler@debian.org> Fri, 8 Sep 2006 19:12:33 +0200
gnutls13 (1.4.2-1) unstable; urgency=medium
[ Andreas Metzler ]
* New upstream bugfix release.
- Fixes a crash in the certificate verification logic.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Aug 2006 10:44:16 +0200
gnutls13 (1.4.1-1) unstable; urgency=low
[ James Westby ]
* New upstream release.
* Remove the following patches as they are now included upstream:
- 10_certtoolmanpage.diff
- 15_fixcompilewarning.diff
- 30_man_hyphen_*.patch
* Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
gnutls-api so that devhelp can find it.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Jul 2006 11:11:08 +0200
gnutls13 (1.4.0-3) unstable; urgency=low
[ Andreas Metzler ]
* Strip "libgnutls-config --libs"' output to only list stuff required for
dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
README.Debian.
* Pull patches/16_libs.private_gnutls.diff and
debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
pkg-config usable for static linking.
-- Andreas Metzler <ametzler@debian.org> Sun, 2 Jul 2006 12:10:56 +0200
gnutls13 (1.4.0-2) unstable; urgency=low
[ Andreas Metzler ]
* Set maintainer to alioth mailinglist.
* Drop code for updating config.guess/config.sub from debian/rules, as cdbs
handles this. Build-Depend on autotools-dev.
* Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
* Use cdbs' simple-patchsys.mk.
- add debian/README.source_and_patches
- add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff
* Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
* Also ship css-, devhelp- and sgml files in gnutls-doc.
* patches/15_fixcompilewarning.diff correct order of funtion arguments.
[ James Westby ]
* This release allows the port to be specified as the name of the service
when using gnutls-cli (closes: #342891)
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Jun 2006 20:44:09 +0200
gnutls13 (1.4.0-1) experimental; urgency=low
* New maintainer team. Thanks, Matthias for all the work you did.
* Re-add gnutls-doc package, featuring api-reference as manual pages and
html, and reference manual in html and pdf format.
(closes: #368185,#368449)
* Fix reference to gnutls0.4-doc package in debian/copyright. Update
debian/copyright and include actual copyright statements.
(closes: #369071)
* Bump shlibs because of changes to extra.h
* Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
generate the necessary directories.
* Drop debian/NEWS.Debian as it only talks about the move of the (since
purged) gnutls-doc package to contrib a long time ago.
(Thanks Simon Josefsson, for these suggestions.)
* new upstream version. (closes: #368323)
* clean packaging against upstream tarball.
- Drop all patches, except for fixing error in certtool.1 and setting
gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
- Add --enable-ld-version-script
to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
patching ./configure.in.
(closes: #367358)
* Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Build against external libtasn1-3. (closes: #363294)
* Standards-Version: 3.7.2, no changes required.
* debian/control and override file are in sync with respect to Priority and
Section, everthing except libgnutls13-dbg already was. (closes: #366956)
* acknowledge my own NMU. (closes: #367065)
* libgnutls13-dbg is nonempty (closes: #367056)
-- Andreas Metzler <ametzler@debian.org> Sat, 20 May 2006 11:22:36 +0000
gnutls13 (1.3.5-1.1) unstable; urgency=low
* NMU
* Invoke ./configure with --with-included-libtasn1 to prevent accidental
linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
contained libtasn1.so.3 and force gnutls13 to use the internal version of
libtasn instead until libtasn1-3-dev is uploaded. Drop broken
Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294)
* Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
of --dbg-package=libgnutls12. (closes: #367056)
-- Andreas Metzler <ametzler@debian.org> Sat, 13 May 2006 07:45:32 +0000
gnutls13 (1.3.5-1) unstable; urgency=low
* New Upstream version.
- Security fix.
- Yet another ABI change.
* Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
* Let -dev package depend on liblzo-dev (closes:#347438)
* Fix certtool help output (closes:#338623)
-- Matthias Urlichs <smurf@debian.org> Sat, 18 Mar 2006 22:46:25 +0100
gnutls12 (1.2.9-2) unstable; urgency=low
* Install /usr/lib/pkgconfig/*.pc files.
* Depend on texinfo (>= 4.8, for the @euro{} sign).
-- Matthias Urlichs <smurf@debian.org> Tue, 15 Nov 2005 19:26:02 +0100
gnutls12 (1.2.9-1) unstable; urgency=low
* New Upstream version.
-- Matthias Urlichs <smurf@debian.org> Fri, 11 Nov 2005 18:51:28 +0100
gnutls12 (1.2.8-1) unstable; urgency=low
* New Upstream version.
- depends on libgcrypt11 1.2.2
* Bumped shlibs version, just to be on the safe side.
-- Matthias Urlichs <smurf@debian.org> Wed, 19 Oct 2005 12:05:14 +0200
gnutls12 (1.2.6-1) unstable; urgency=low
* New Upstream version.
* Remove Provides: on libgnutls11-dev.
Hopefully this will be temporary (pending discussion with Upstream).
-- Matthias Urlichs <smurf@debian.org> Thu, 11 Aug 2005 12:21:36 +0200
gnutls12 (1.2.5-3) unstable; urgency=high
* Updated libgnutls12.shlibs file.
Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
dependencies on this library
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 13:19:25 +0200
gnutls12 (1.2.5-2) unstable; urgency=medium
* Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
Added an explicit dependency as a stopgap fix.
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 08:27:22 +0200
gnutls12 (1.2.5-1) unstable; urgency=low
* Merged with the latest stable release.
* Renamed to gnutls12.
- Changed the library version strings to GNUTLS_1_2.
- Renamed the development package back to "libgnutls-dev".
-- Matthias Urlichs <smurf@debian.org> Tue, 5 Jul 2005 10:35:56 +0200
gnutls11 (1.0.19-1) experimental; urgency=low
* Merged with the latest stable release.
-- Matthias Urlichs <smurf@debian.org> Sun, 26 Dec 2004 13:28:45 +0100
gnutls11 (1.0.16-13) unstable; urgency=high
* Fixed an ASN.1 extraction error.
Found by Pelle Johansson <morth@morth.org>.
-- Matthias Urlichs <smurf@debian.org> Mon, 29 Nov 2004 10:16:21 +0100
gnutls11 (1.0.16-12) unstable; urgency=high
* Fixed a segfault in certtool. Closes: #278361.
-- Matthias Urlichs <smurf@debian.org> Thu, 11 Nov 2004 09:40:02 +0100
gnutls11 (1.0.16-11) unstable; urgency=medium
* Merged binary (non-UF8) string printing code from Upstream.
* Password code in certtool was somewhat broken.
-- Matthias Urlichs <smurf@debian.org> Sat, 6 Nov 2004 13:11:03 +0100
gnutls11 (1.0.16-10) unstable; urgency=high
* Fixed one instance of uninitialized memory usage.
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Oct 2004 06:07:53 +0200
gnutls11 (1.0.16-9) unstable; urgency=high
* Pulled from Upstream CVS:
- Fix two memory leaks.
- Fix NULL dereference.
-- Matthias Urlichs <smurf@debian.org> Fri, 8 Oct 2004 10:43:20 +0200
gnutls11 (1.0.16-8) unstable; urgency=high
* Pulled these changes from Upstream CVS:
- Added default limits in the verification of certificate chains,
to avoid denial of service attacks.
- Added gnutls_certificate_set_verify_limits() to override them.
- Added gnutls_certificate_verify_peers2().
-- Matthias Urlichs <smurf@debian.org> Sun, 12 Sep 2004 02:05:25 +0200
gnutls11 (1.0.16-7) unstable; urgency=low
* Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. Thanks to joeyh@debian.org for reporting this problem.
-- Matthias Urlichs <smurf@debian.org> Sat, 14 Aug 2004 11:22:51 +0200
gnutls11 (1.0.16-6) unstable; urgency=medium
* Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
- Closes: #264420
-- Matthias Urlichs <smurf@debian.org> Sun, 8 Aug 2004 22:21:01 +0200
gnutls11 (1.0.16-5) unstable; urgency=low
* Depend on current libtasn1-2 (>= 0.2.10).
- Closes: #264198.
* Fixed maintainer email to point to Debian address.
-- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:44:38 +0200
gnutls11 (1.0.16-4) unstable; urgency=low
* The OpenSSL compatibility library has been linked incorrectly
(-ltasn1 was missing).
* Need to build-depend on current opencdk8 and libtasn1-2 version.
-- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:29:32 +0200
gnutls11 (1.0.16-3) unstable; urgency=high
* Documentation no longer includes LaTeX-produced output
(the source contains latex2html-specific features, which is non-free).
* Urgency: High because of pending base freeze.
-- Matthias Urlichs <smurf@debian.org> Mon, 26 Jul 2004 11:18:20 +0200
gnutls11 (1.0.16-2) unstable; urgency=high
* Actually *enable* debug symbols :-/
* Urgency: High for speedy inclusion in d-i
-- Matthias Urlichs <smurf@debian.org> Fri, 23 Jul 2004 22:38:07 +0200
gnutls11 (1.0.16-1) experimental; urgency=low
* Update to latest Upstream version.
* now depends on libgcrypt11
* Include debugging package
* Use hevea, not latex2html.
-- Matthias Urlichs <smurf@debian.org> Wed, 21 Jul 2004 16:58:26 +0200
gnutls10 (1.0.4-4) unstable; urgency=low
* New maintainer.
* Run autotools at source package build time.
- Closes: #257237: FTBFS (i386/sid): aclocal failed
* Remove "package is still changed upstream" warning.
* Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
-- Matthias Urlichs <smurf@debian.org> Fri, 16 Jul 2004 02:09:36 +0200
gnutls10 (1.0.4-3) unstable; urgency=low
* control: Changed the build dependency and the dependency of
libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
could cause linking against two versions of libgcrypt.
-- Ivo Timmermans <ivo@debian.org> Sat, 24 Jan 2004 15:32:22 +0100
gnutls10 (1.0.4-2) unstable; urgency=low
* libgnutls-doc.doc-base: Removed HTML manual listing.
* control: Removed Jordi Mallach from the list of Uploaders. Thanks,
Jordi :)
-- Ivo Timmermans <ivo@debian.org> Wed, 14 Jan 2004 13:35:42 +0100
gnutls10 (1.0.4-1) unstable; urgency=low
* New upstream release (Closes: #227527)
* The new documentation in libgnutls-doc fixes several typo's and
style glitches:
Closes: #215772: inconsistent auth method list in manual
Closes: #215775: dangling footnote on page 14 of manual
Closes: #215777: bad sentence on page 18 of manual
Closes: #215780: incorrect info about ldaps/imaps in manual
* rules:
* Use --add-missing instead of --force in the call to automake.
* Don't build gnutls.ps, use the upstream version.
(Closes: #224846)
* gnutls-bin.manpages: Use glob to find manpages.
* patches/008_manpages.diff: Removed; included upstream.
-- Ivo Timmermans <ivo@debian.org> Tue, 13 Jan 2004 23:57:16 +0100
gnutls10 (1.0.0-1) unstable; urgency=low
* New upstream release.
* Major soversion changed to 10.
* control: Changed build dependencies of libtasn1-dev.
* libgnutls10.shlibs: Added libgnutls-openssl to the list.
-- Ivo Timmermans <ivo@debian.org> Mon, 29 Dec 2003 23:23:08 +0100
gnutls8 (0.9.99-1) experimental; urgency=low
* New upstream release.
* Included upstream GPG signature in .orig.tar.gz.
-- Ivo Timmermans <ivo@debian.org> Wed, 3 Dec 2003 22:33:52 +0100
gnutls8 (0.9.98-1) experimental; urgency=low
* New upstream release.
* debian/control: libgnutls8-dev depends on libopencdk8-dev.
* debian/libgnutls-doc.examples: Install src/*.[ch].
-- Ivo Timmermans <ivo@debian.org> Sun, 23 Nov 2003 15:44:38 +0100
gnutls8 (0.9.95-1) experimental; urgency=low
* New upstream version.
-- Ivo Timmermans <ivo@debian.org> Fri, 7 Nov 2003 19:50:22 +0100
gnutls8 (0.9.94-1) experimental; urgency=low
* New upstream version; package based on gnutls7 0.8.12-2.
* debian/control:
* Build-depend on libgcrypt7-dev (>= 1.1.44-0).
* debian/rules: Run auto* after the patches have been applied.
-- Ivo Timmermans <ivo@debian.org> Fri, 31 Oct 2003 18:47:09 +0100