1. 19 Jul, 2021 4 commits
  2. 15 Jul, 2021 2 commits
  3. 15 Apr, 2021 4 commits
  4. 14 Apr, 2021 3 commits
    • Apertis CI's avatar
      571ece0b
    • Andreas Metzler's avatar
      Import Debian changes 3.7.1-1 · 60452b47
      Andreas Metzler authored and Ariel D'Alessandro's avatar Ariel D'Alessandro committed
      gnutls28 (3.7.1-1) unstable; urgency=medium
      .
        * New upstream version
          Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
          extensions. GNUTLS-SA-2021-03-10.
        * Upload to unstable.
      .
      gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
      .
        * Fix autopkgtest skiplist.
      .
      gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
      .
        * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
          + Drop cherry-picked patches {48,49,50}_*.
          + Update copyright file.
      .
      gnutls28 (3.7.0-7) unstable; urgency=medium
      .
        * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
          50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
          50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
          master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
          (Thanks to Tim Kosse for the pointer) Closes: #980119
      .
      gnutls28 (3.7.0-6) unstable; urgency=medium
      .
        * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
          with merged version from upstream GIT master. Features a fix for an assert
          on connection to servers which send a duplicate chain including the
          self-signed CA. Closes: #980513
      .
      gnutls28 (3.7.0-5) unstable; urgency=low
      .
        * Update from upstream GIT master, replace patches, add new ones.
          + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added.
          + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
             --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
          + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
             --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
             Closes: #977552
          + 45_opensslcompat_no_export_gl.diff
             --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch.
          + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added.
        * Upload to unstable.
      .
      gnutls28 (3.7.0-4) experimental; urgency=medium
      .
        * Test build of fixes from
          https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and
          https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and
          #977552.
      .
      gnutls28 (3.7.0-3) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.7.0-2) experimental; urgency=low
      .
        * Fix guile-gnutls guile-x.x dependency.
        * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols.
      .
      gnutls28 (3.7.0-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop 50_autopkgtestfixes.diff.
          + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher
            added).
          + Requires nettle >= 3.6.
        * [lintian] Use v4 watch file.
        * Add a symbol file for libgnutls-openssl27.
        * Use dh v13 compat, (Some fixes for dh_missing.)
      .
      gnutls28 (3.6.15-4) unstable; urgency=medium
      .
        * autopkgtest: Require build-essential.
        * autopkgtest: respect dpkg-buildflags for helper-binary build.
      .
      gnutls28 (3.6.15-3) unstable; urgency=medium
      .
        * More autopkgtest hotfixes.
      .
      gnutls28 (3.6.15-2) unstable; urgency=medium
      .
        * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
          installed gnutls-bin.
        * In autopkgtest set top_builddir and builddir, ignore
          tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
      .
      gnutls28 (3.6.15-1) unstable; urgency=low
      .
        * New upstream version.
          + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
            unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
            Closes: #969547
          + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
            50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
            50_03-gnutls_cipher_init-fix-potential-memleak.patch
            50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
          + Fix build error due to outdated gettext in Debian by removing newer
            gettext m4 macros from m4/.
      .
      gnutls28 (3.6.14-2) unstable; urgency=medium
      .
        * Pull selected patches from upstream GIT:
          + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
            Fixes difference in generated docs on 32 and 64 bit archs.
          + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
            50_03-gnutls_cipher_init-fix-potential-memleak.patch
            Fix memleak in gnutls_aead_cipher_init() with keys having invalid
            length. (Broken since 3.6.3)
          + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
            Closes: #962467
      .
      gnutls28 (3.6.14-1) unstable; urgency=high
      .
        * Drop debugging code added in -4, fixes nocheck profile build error.
          Closes: #962199
        * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
          debian/upstream/signing-key.asc.
        * New upstream version.
          + Fixes insecure session ticket key construction.
            [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
          + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
            51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
            51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
            51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
        * Drop guile-gnutls.lintian-overrides.
        * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
          AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
          IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
          Hopefully Closes: #962218
      .
      gnutls28 (3.6.13-4) unstable; urgency=medium
      .
        * Output some network related debugging from debian/rules.
        * Fix verification error with alternate chains. Closes: #961889
      .
      gnutls28 (3.6.13-3) unstable; urgency=medium
      .
        * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS
          master: Handle zero length session tickets, fixing connection errors on
          TLS1.2 sessions to some big hosting providers. (See LP 1876286)
      .
      gnutls28 (3.6.13-2) unstable; urgency=high
      .
        * Upload to unstable.
      .
      gnutls28 (3.6.13-1) experimental; urgency=low
      .
        * New upstream version.
          + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
            support), since 3.6.3. The DTLS client would not contribute any
            randomness to the DTLS negotiation, breaking the security
            guarantees of the DTLS protocol
            GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556
        * Fix guile lintian override for shared-lib-without-dependency-information.
      .
      gnutls28 (3.6.12-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.6.12-1) experimental; urgency=low
      .
        [ Debian Janitor ]
        * Drop unnecessary dh arguments: --parallel
      .
        [ Andreas Metzler ]
        * Fix bindtextdomain() call and dgettext() invocations to search for the
          correct filename. (Thanks, Laurent Bigonville for report and diagnosis.)
          Closes: #949151
        * [lintian] Drop superfluous debian/source/include-binaries.
        * New upstream version.
          + Update symbol file.
          + Drop workaround for #658110, install guile shared objects to multi-arch
            paths.
      .
      gnutls28 (3.6.11.1-2) unstable; urgency=low
      .
        * Use dh 12 compat level.
          + Install gtk-doc files from as-installed location instead of builddir to
            avoid dh_missing warnings.
        * List *.la files in debian/not-installed.
        * Upload to unstable.
      .
      gnutls28 (3.6.11.1-1) experimental; urgency=low
      .
        * New upstream version.
          Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
          50_02-guile-Silence-auto-compilation-warning-for-guild.patch
        * Update symbol file (VKO GOST key exchange supported was added).
      .
      gnutls28 (3.6.10-5) unstable; urgency=medium
      .
        * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
          50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream
          GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!)
          Closes: #943905
      .
      gnutls28 (3.6.10-4) unstable; urgency=medium
      .
        * Add support for noguile build profile. See #943905.
      .
      gnutls28 (3.6.10-3) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.6.10-2) experimental; urgency=medium
      .
        * Switch b-d from texlive-generic-recommended to texlive-plain-generic.
          Closes: #941526
      .
      gnutls28 (3.6.10-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop i386-fix-wrong-reloc.patch and
            40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch.
          + Update symbol files.
          + Update copyright. Stop shipping a copy of the GNU Affero General Public
            License version 3. (pkcs11-mock.* is now under a different license.)
      .
      gnutls28 (3.6.9-7) experimental; urgency=low
      .
        * Fix copy-paste error (missing line) in libgnutls-dane0 description.
        * Re-add guile-gnutls, test-build (including testsuite) was successful.
          Closes: #905272
      .
      gnutls28 (3.6.9-6) experimental; urgency=low
      .
        * Test-build guile bindings.
      .
      gnutls28 (3.6.9-5) unstable; urgency=medium
      .
        * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
          GIT master: Fix interop problems with gnutls 2.x. Closes: #933538
      .
      gnutls28 (3.6.9-4) unstable; urgency=medium
      .
        * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
          assembly code. (Thanks, Steve Langasek for report and patch!)
          Closes: #934193
      .
      gnutls28 (3.6.9-3) unstable; urgency=medium
      .
        * autopkgtest: Skip system-override-sig-hash.sh.
      .
      gnutls28 (3.6.9-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.6.9-1) experimental; urgency=low
      .
        * New upstream version.
          + Update symbol file.
      .
      gnutls28 (3.6.8-2) unstable; urgency=low
      .
        * Use DH 11 compat again.
        * 3.6.8 builds with gcc-9. Closes: #925701
        * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
          Andres Klode) Closes: #930541
          See also https://gitlab.com/gnutls/gnutls/merge_requests/986
        * Upload to unstable.
      .
      gnutls28 (3.6.8-1) experimental; urgency=low
      .
        * New upstream version.
          + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended,
            texlive-latex-base.
          + Update symbol file.
      .
      gnutls28 (3.6.7-4) unstable; urgency=medium
      .
        * Cherry-pick important bug-fixes from 3.6.8:
          + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
            The gnutls_srp_set_server_credentials_function can be used with the 8192
            parameters as well.
            https://gitlab.com/gnutls/gnutls/issues/761
          + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
            Fix calculation of Streebog digests (incorrect carry operation in
            512 bit addition).
          + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
            Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
            Closes: #929907
          + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
            Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
            crafting via IDNA conversion.
            https://gitlab.com/gnutls/gnutls/issues/720
          + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
            Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
            gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
            flag.
            https://gitlab.com/gnutls/gnutls/issues/754
      .
      gnutls28 (3.6.7-3) unstable; urgency=medium
      .
        * Revert debhelper upgrade, use DH 10.
      .
      gnutls28 (3.6.7-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.6.7-1) experimental; urgency=medium
      .
        * New upstream version.
          + Update AUTHOR list in copyright file.
          + Update symbol file.
          + Fixes issue preventing sending and receiving from different
            threads when false start was enabled. Closes: #922879
          + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477
          + Fixes a memory corruption (double free) vulnerability in the
            certificate verification API.
            https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
            GNUTLS-SA-2019-03-27
          + Fixes an invalid pointer access via malformed TLS1.3 async messages;
            https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
            GNUTLS-SA-2019-03-27
      .
      gnutls28 (3.6.6-3) unstable; urgency=low
      .
        * Add @ to autopkgtest's Depends.
        * Use DH 11 compat.
      .
      gnutls28 (3.6.6-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.6.6-1) experimental; urgency=low
      .
        * New upstream version.
          + Fixes certtool.1 syntax. Closes: #920215
          + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff.
          + Update symbol file for released version.
      .
      gnutls28 (3.6.5+git20190105-1) experimental; urgency=low
      .
        * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6.
          + Update symbol and copyright file.
        * Delete autogen stamp-files on clean to enforce regeneration.
      .
      gnutls28 (3.6.5-2) unstable; urgency=low
      .
        * Upload to unstable.
        * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1.
      .
      gnutls28 (3.6.5-1) experimental; urgency=medium
      .
        * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments.
        * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is
          now in oldstable.
        * New upstream version.
          + Requires nettle >= 3.4.1(rc).
          + List newly added symbols in symbol file. Bump generated dependencies to
            >= 3.6.5 since multiple enums have been extended.
          + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835
        * [lintian] Drop dh_strip override, stable has automatic debug packages.
      .
      gnutls28 (3.6.4-2) experimental; urgency=medium
      .
        * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.
      .
      gnutls28 (3.6.4-1) experimental; urgency=medium
      .
        * New upstream version.
        * Update symbol file.
        * Drop --enable-tls13-support configure option.
      .
      gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium
      .
        * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback
          detection for the draft-tls support, because it will be triggered once
          TLS versions with the final numbering are deployed. (Thanks, Nikos!)
      .
      gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium
      .
        * Set Rules-Requires-Root: no.
        * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41.
          + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch
          + Update symbol file.
      .
      gnutls28 (3.6.3-2) experimental; urgency=medium
      .
        * Update basic feature list in package descriptions, based on short
          description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3
          added.) Closes: #904681
        * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes
          cherrypicked by Nikos for Fedora rawhide.
      .
      gnutls28 (3.6.3-1) experimental; urgency=medium
      .
        * New upstream version.
        * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
      .
      gnutls28 (3.6.2+git20180714-1) experimental; urgency=low
      .
        * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94.
          + SSL 3.0 disabled by default at compile-time.
        * Bump symbol dependency info.
      .
      gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium
      .
        * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e.
        * Drop 40_add_missingm4.diff.
        * Bump symbol dependency info.
        * For testing build with --enable-tls13-support.
      .
      gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium
      .
        * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
      .
      gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium
      .
        * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762.
        * Drop superfluous patches:
          + 40_increase_srp_test_timeout.diff
          + 50_mark_tests_xfail.diff
          + 52_fix_testcompat-main-openssl.diff
        * Add new functions to symbol file.
        * Many enums/flags extended, be conservative and bump sympol dependency
          info.
        * Bump libgnutlsxx28 shlibs.
        * Bump (b-)d on nettle-dev and libp11-kit-dev.
      .
      gnutls28 (3.6.2-3) experimental; urgency=low
      .
        * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix
          FTBFS with softhsm 2.4.0.
        * [lintian] Delete trailing empty lines in changelog.
        * 52_fix_testcompat-main-openssl.diff: Allow running test successfully
          and against binaries from installed gnutls-bin package.
        * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et
          al) of the upstream testsuite.
      .
      gnutls28 (3.6.2-2) experimental; urgency=low
      .
        * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test
          The new srp-8192 test failed on slow archs (mips/mipsel).
        * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and
          build-depends-on-1-revision.
        * Point Vcs-* to salsa.
        * Sort Build-Depends alphabetically.
      .
      gnutls28 (3.6.2-1) experimental; urgency=low
      .
        * (Build-)depend on libidn2-dev instead of transitional package
          libidn2-0-dev. Closes: #883187
        * Point homepage field and watchfile to https URL.
        * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to
          debian/upstream/signing-key.asc (and stop uscan from doing so on every
          invocation).
        * Refresh upstream key, adding signing subkey
          A812CBFDFCDC4D0BE7A093129D5EAAF69013B842.
        * New upstream version.
          + When verifying against a self signed certificate ignore issuer. That
            is, ignore issuer when checking the issuer's parameters strength,
            resolving issue #347 which caused self signed certificates to be
            additionally marked as of insufficient security level.
            Closes: #885127
          + Bump shlibs/symbol files for newly added symbols.
        * [lintian] Clean up trailing whitespace in debian/changelog.
        * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard
          -> optional).
        * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from
          build-depends. Stop specifying --parallel --with autoreconf.
      .
      gnutls28 (3.6.1-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop 35_modernize_gtkdoc.diff.
          + Fixes interoperability issue with openssl when safe renegotiation was
            used. Closes: #873055
          + Update symbol file.
      .
      gnutls28 (3.6.0-2) experimental; urgency=medium
      .
        * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
          support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
          from gtk-doc git head (that is 1.26 +
          c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
          Closes: #876587
      .
      gnutls28 (3.6.0-1) experimental; urgency=low
      .
        * New upstream version.
          + Multiple enums listing function flags have been extended, new
            algorithms have been added. Bump dependency info on all symbols in
            main GnuTLS library to >= 3.6.0, to make sure the versioning is
            strict enough.
          + Drop (build-)dependency on zlib1g-dev.
          + Update copyright info.
          + Calls to gnutls_record_send() and gnutls_record_recv()
            prior to handshake being complete are now refused. Closes: #849807
         * Drop --without-lzo from ./configure, it has been a noop for a long time.
         * Build in private directory, using "dh --builddirectory=b4deb".
      .
      gnutls28 (3.5.19-1) unstable; urgency=low
      .
        * New upstream version.
          + Drop 35_modernize_gtkdoc.diff.
      .
      gnutls28 (3.5.18-1) unstable; urgency=medium
      .
        * New upstream version.
        * Refresh upstream key, adding new signing subkey. Move to ascii armored
          keyring.
      .
      gnutls28 (3.5.17-1) unstable; urgency=low
      .
        * New upstream version.
          + When verifying against a self signed certificate ignore issuer. That
            is, ignore issuer when checking the issuer's parameters strength,
            resolving issue #347 which caused self signed certificates to be
            additionally marked as of insufficient security level.
            Closes: #885127
      .
      gnutls28 (3.5.16-1) unstable; urgency=medium
      .
        * New upstream version.
          + Fixes interoperability issue with openssl when safe renegotiation was
            used. Closes: #873055
        * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
          support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
          from gtk-doc git head (that is 1.26 +
          c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
          Closes: #876587
      .
      gnutls28 (3.5.15-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.15-1) experimental; urgency=medium
      .
        * New upstream version. Drop unneeded patches.
          (31_arm64ilp32-unaccelerated.patch
          35_record-added-sanity-checking-in-the-record-layer-ver.patch
          36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch)
      .
      gnutls28 (3.5.14-3) unstable; urgency=low
      .
        * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from
          upstream  gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an
          already terminated or deinitialized session. Closes: #867303
        * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from
          upstream  gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting
          to accessing past the input data.
        * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly
          code on arm64ilp32 to fix FTBFS. Closes: #872454
        * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for
          the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8.
        * Standards-Version 4.0.1, update priorities (extra->optional).
      .
      gnutls28 (3.5.14-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.14-1) experimental; urgency=low
      .
        [ Dan Nicholson ]
        * Build with --disable-rpath. Closes: #865674
      .
        [ Andreas Metzler ]
        * New upstream version.
        * Build against external libunistring.
      .
      gnutls28 (3.5.13-2) unstable; urgency=medium
      .
        * Upload to unstable, merge changelogs.
      .
      gnutls28 (3.5.13-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch.
          + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer
            dereference. #864560
      .
      gnutls28 (3.5.12-2) experimental; urgency=medium
      .
        * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct
          typo preventing the run of openpgp test.
        * Stop disabling heartbeat support. Closes: #861193
      .
      gnutls28 (3.5.12-1) experimental; urgency=medium
      .
        * New upstream version.
        * Bump dep info on gnutls_session_ext_register.
      .
      gnutls28 (3.5.11-1) experimental; urgency=medium
      .
        * New upstream version.
        * gnutls.pc: do not include libtool options into Libs.private.
          Closes: #857943
        * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and
          Libs.private. (LP: #1660915)
        * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
          which includes TLS1.2 support. Closes: #857436
        * Add b-d on ca-certificates, needed for trust-store check.
      .
      gnutls28 (3.5.10-1) experimental; urgency=medium
      .
        * New upstream version.
          + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888
          + Includes fixes for GNUTLS-SA-2017-3[ABC].
          + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct
            and gnutls_ocsp_resp_verify which now accept (more) flags.
      .
      gnutls28 (3.5.9-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop debian/patches/35_0*.
          + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map.
        * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of
          libidn11-dev.
      .
      gnutls28 (3.5.8-6) unstable; urgency=high
      .
        * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
          well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
          Closes: #864560
      .
      gnutls28 (3.5.8-5) unstable; urgency=medium
      .
        * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
          in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
        * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
          Addressed large allocation in OpenPGP certificate parsing, that could lead
          in out-of-memory condition. Issue found using oss-fuzz project, and was
          fixed by Alex Gaynor.
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
          [GNUTLS-SA-2017-3C]
      .
      gnutls28 (3.5.8-4) unstable; urgency=medium
      .
        * More upstream fixes from gnutls_3_5_x branch:
          + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
            overflow resulting to invalid memory write in OpenPGP certificate
            parsing.  Issue found using oss-fuzz project:
            https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
            [GNUTLS-SA-2017-3A]
          + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
            1 byte past the end of buffer in OpenPGP certificate parsing. Issue
            found using oss-fuzz project:
            https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
          + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
            Addressed crashes in OpenPGP certificate parsing, related to private key
            parser. No longer allow OpenPGP certificates (public keys) to contain
            private key sub-packets. Issue found using oss-fuzz project:
            https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
            https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
            [GNUTLS-SA-2017-3B]
      .
      gnutls28 (3.5.8-3) unstable; urgency=high
      .
        * Another two bugfixes from upstream.
         + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
           Address test suite failure due to timezone differences.
           Closes: #853732
         + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
           When returning success, but no elements
           gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
           elements with a pointer that was uninitialized.
      .
      gnutls28 (3.5.8-2) unstable; urgency=medium
      .
        * Pull two fixes from upstream GIT gnutls_3_5_x branch
          35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
          35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.
      .
      gnutls28 (3.5.8-1) unstable; urgency=medium
      .
        * New upstream release.
        * Upload to unstable.
      .
      gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium
      .
        * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
          upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
          tests/key-tests/key-invalid.)
          + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
            35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
          + libgnutls: Fix double free in certificate information printing. If the
            PKIX extension proxy was set with a policy language set but no policy
            specified, that could lead to a double free. GNUTLS-SA-2017-1
            CVE-2017-5334
          + libgnutls: Addressed invalid memory accesses in OpenPGP certificate
            parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
            CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
      .
      gnutls28 (3.5.7-3) unstable; urgency=medium
      .
        * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
          35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
          upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
          by PKCS#8 decryption functions when an invalid key is provided. This
          addresses regression on decrypting certain PKCS#8 keys.
          Closes: #848905
      .
      gnutls28 (3.5.7-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.7-1) experimental; urgency=low
      .
        * New upstream version.
        * Drop unneeded patches.
          40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
          40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
          41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
          41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
          41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
          41_04_cleanups-in-_gnutls_buffer_to_datum.patch
          41_05_x509-output-use-the-new-functions-for-DN-output.patch
          41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
          41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
        * Add missing dependency of libgnutls28-dev on libgnutls-dane0.
        * Update symbol file. (Add new symbols, bump dependency on functions that
          might return new error codes.)
        * Build with --with-included-unistring, Debian's libunistring package is
          too old (non dual-licensed).
      .
      gnutls28 (3.5.6-7) unstable; urgency=low
      .
        * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
          for dns-root-data to libgnutls-dane0.
        * Upload to unstable.
      .
      gnutls28 (3.5.6-6) experimental; urgency=medium
      .
        * Pull a patch set from upstream GIT which reverts the DN sorting change in
          3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
          Closes: #844539
          41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
          41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
          41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
          41_04_cleanups-in-_gnutls_buffer_to_datum.patch
          41_05_x509-output-use-the-new-functions-for-DN-output.patch
          41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
          41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
        * Update symbol file.
      .
      gnutls28 (3.5.6-5) experimental; urgency=low
      .
        * Merge changes from unstable.
      .
      gnutls28 (3.5.6-4) unstable; urgency=medium
      .
        * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
         40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from
         upstream git master. The latter fixes a gnutls-cli-debug segfault.
         Closes: #844061
      .
      gnutls28 (3.5.6-3) experimental; urgency=low
      .
        * Package libgnutls-dane, as libunbound is now built against nettle instead
          of OpenSSL. Closes: #733295
      .
      gnutls28 (3.5.6-2) unstable; urgency=low
      .
        * Upload to unstable.
        * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are
          longer than 32-bits. (Upstream GIT commit
          fcdb461e935dbdc0892241a35be7499116f22a67).
      .
      gnutls28 (3.5.6-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff
            41_Reverted-the-behavior-of-sending-a-status-request-ex.patch).
          + Update symbol file.
      .
      gnutls28 (3.5.5-6) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.5-5) experimental; urgency=medium
      .
        * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from
          https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility
          issue with GnuTLS 3.3 clients. Closes: #841723
        * Bump symbol dependency info for multiple
          gnutls_certificate_(set|get)_*_key* functions. If
          %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a
          non-negative return code on success instead of 0 for success and negative
          numbers for failure.
        * Add b-d on openssl (for testsuite).
      .
      gnutls28 (3.5.5-4) unstable; urgency=medium
      .
        * Upload to unstable.
        * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch.
      .
      gnutls28 (3.5.5-3) experimental; urgency=medium
      .
        * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced
          in 3.5.5.
      .
      gnutls28 (3.5.5-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.5-1) experimental; urgency=medium
      .
        * New upstream version.
          + Update symbol file.
      .
      gnutls28 (3.5.4-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.4-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop superfluous patches:
            35_gnutls-cli-print-Handshake-was-completed.patch
            36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
            37_openssl-format-fix-from-openconnect.patch
            39_ocsptool-corrected-bug-in-session-establishment.patch
            40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
            45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
            45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
            45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
            45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
          + Update symbol file.
        * Add b-d on softhsm2 for pkcs11 tests.
      .
      gnutls28 (3.5.3-5) experimental; urgency=medium
      .
        * Pull DTLS fixes from upstream GIT master.
          45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
          45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
          45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
          45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
          Closes: #835587
      .
      gnutls28 (3.5.3-4) unstable; urgency=high
      .
        * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of
          ocsptool --ask ... Closes: #836371
        * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP
          certificate check doesn't actually verify the serial length and might
          succeed when it shouldn't. CVE-2016-7444
      .
      gnutls28 (3.5.3-3) unstable; urgency=medium
      .
        * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake
          was completed', fixing emacs' lisp/net/tls.el. Closes: #834516
        * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
          gnutls-cli STARTTLS support was broken in 3.5.3.
        * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of
          OpenSSL encrypted PEM files.
      .
      gnutls28 (3.5.3-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.3-1) experimental; urgency=medium
      .
        * New upstream version.
          + Update libgnutls30.symbols.
          + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to
            apply it in the previous upload anyway.)
          + Add b-d on libcmocka-dev (marked with <!nocheck>).
      .
      gnutls28 (3.5.2-3) experimental; urgency=medium
      .
        * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch
          from upstream GIT, which should allow gnutls continue to work with
          CVE-2016-6489-patched nettle.
      .
      gnutls28 (3.5.2-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.5.2-1) experimental; urgency=low
      .
        * New upstream version.
        * Add libssl-dev b-d (marked with <!nocheck>), which can be used in
          testsuite.
      .
      gnutls28 (3.5.1-1) experimental; urgency=medium
      .
        * Merge from unstable:
          + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
            have been dropped with the soname bump from libgnutls-deb0-28 to
            libgnutls30 in the first place. (Thanks, Andreas Beckmann)
            Closes: #825645
          + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via
            the <!nocheck> profile.
        * New upstream version.
          + Drop 40_openssl_compat-removed-unneeded-headers.patch.
          + Install README.md instead of README.
          + Update symbol file.
      .
      gnutls28 (3.5.0-1) experimental; urgency=medium
      .
        * New upstream release.
          + Drop unneeded patches:
            40_src-added-systemkey-args-to-BUILT_SOURCES.patch
            45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
            45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
            45_03_configure-corrected-regression-which-prevented-the-b.patch
            45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch
         * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT
           to fix FTBFS in openssl wrapper.
         * crywrap is not shipped with GnuTLS anymore.
         * Update copyright info, ship copy of the GNU Affero General Public
           License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of
           the testsuite use this license.
         * Update symbol file:
           + Add new functions.
           + Multiple core enums (including gnutls_init_flags_t) have been extended,
             and most gnutls users will invoke at least one function affected by
             this change. Bump symbol dependency info to >= 3.5.0 for all symbols,
             because we would end up with this dependency anyway.
      .
      gnutls28 (3.4.14-1) unstable; urgency=medium
      .
        * Also mark b-d on net-tools/freebsd-net-tools as optional via the
          <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and
          patch). Closes: #826693
        * New upstream bugfix release. This includes the following fix:
          + libgnutls: Address issue when utilizing the p11-kit trust store
            for certificate verification (GNUTLS-SA-2016-2).
          The issue is not relevant for the Debian binary packages, since we do not
          build with --with-default-trust-store-pkcs11=.
      .
      gnutls28 (3.4.13-1) unstable; urgency=high
      .
        * New upstream bugfix release.
          + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was
            introduced in 3.4.12.
          + Testsuite requires netstat, add b-d.
      .
      gnutls28 (3.4.12-2) unstable; urgency=medium
      .
        * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
          have been dropped with the soname bump from libgnutls-deb0-28 to
          libgnutls30 in the first place. (Thanks, Andreas Beckmann)
          Closes: #825645
      .
      gnutls28 (3.4.12-1) unstable; urgency=medium
      .
        * New upstream version.
          + Drop superfluous patches.
            (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
            45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
            45_03_configure-corrected-regression-which-prevented-the-b.patch
            45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
          + Update copyright info, ship copy of the GNU Affero General Public
            License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files
            of the testsuite use this license.
      .
      gnutls28 (3.4.11-4) unstable; urgency=medium
      .
        * Drop guile-gnutls package, testsuite errors have stayed unfixed too long.
          Closes: #821457, #805863
      .
      gnutls28 (3.4.11-3) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.4.11-2) experimental; urgency=medium
      .
        * Pull post-release fixes from upstream gnutls_3_4_x branch.
          (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
          45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
          45_03_configure-corrected-regression-which-prevented-the-b.patch
          45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
      .
      gnutls28 (3.4.11-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop superfluous patches.
            (41_tests-mini-loss-time-ensure-client-timeouts.diff
            42_mini-loss-time-improved-timeout-detection.patch
            43_fix_cpucapoverride.diff)
        * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is
          not installed/built anymore. Update gnutls-doc file list.
        * Enable hardening=+bindnow.
      .
      gnutls28 (3.4.10-4) unstable; urgency=medium
      .
        * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
          GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
          unavailable. Closes: #818341
      .
      gnutls28 (3.4.10-3) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.4.10-2) experimental; urgency=medium
      .
        * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
        * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
          another try for Closes: #813598
      .
      gnutls28 (3.4.10-1) experimental; urgency=medium
      .
        * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
          master to fix FTBFS with parallel builds. Closes: #816148
        * New upstream version.
        * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
          master branch to fix occasional testsuite error. Closes: #813598
      .
      gnutls28 (3.4.9-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.4.9-1) experimental; urgency=medium
      .
        * New upstream version.
        * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
          36_Revert-tests-updated-to-account-for-cert-generation.patch.
      .
      gnutls28 (3.4.8-3) unstable; urgency=medium
      .
        * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
          36_Revert-tests-updated-to-account-for-cert-generation.patch
          from upstream GIT. Closes: #813243
      .
      gnutls28 (3.4.8-2) unstable; urgency=medium
      .
        * Merge master branch into experimental.
          + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
          + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
            This is a kludge and technically wrong, but will prevent partial
            upgrades from stable. See: #788735
        * Upload to unstable.
      .
      gnutls28 (3.4.8-1) experimental; urgency=medium
      .
        * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
          option was added to debhelper/unstable with version 9.20150628, bump
          build-dependency accordingly.
        * autoreconf requires automake 1.12.2, add build-dependency.
        * New upstream version.
          + Update symbol file.
        * Move Vcs-* from git/http to https.
      .
      gnutls28 (3.4.7-1) experimental; urgency=medium
      .
        * New upstream version.
          + Update symbol file.
      .
      gnutls28 (3.4.6-1) experimental; urgency=medium
      .
        * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
          later) to improve reproducibility of build.
        * New upstream version.
          + Update symbol file.
        * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
          (>= 1.17.14). Both are required for build-profile support added in
          previous upload. (Thanks, lintian.)
      .
      gnutls28 (3.4.5-1) experimental; urgency=medium
      .
        [ Helmut Grohne ]
        * Turn Build-Depends: datefudge optional via <!nocheck> profile.
          Closes: #797544
      .
        [ Andreas Metzler ]
        * New upstream version.
      .
      gnutls28 (3.4.4.1-1) experimental; urgency=medium
      .
        * New upstream version.
          + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
            bump dependency info for functions taking it as argument or returning it.
          + Bump dependency info on private symbols.
          + Update debian/copyright.
          + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
            CVE-2015-6251
      .
      gnutls28 (3.4.3-1) experimental; urgency=medium
      .
        * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
        * New upstream version.
          + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
            gnutls_pkcs11_token_info_t.
          + Add dependency info for new symbols, bump private symbol dependency.
      .
      gnutls28 (3.4.2-2) experimental; urgency=medium
      .
        * Disable libidn support because CVE-2015-2059 is still not fixed. See
          <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
          of crywrap.
      .
      gnutls28 (3.4.2-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
          + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
            version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
      .
      gnutls28 (3.4.1-1) experimental; urgency=medium
      .
        * New upstream version.
          + Bump (build)-depends on nettle and p11-kit.
          + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
            55_nettle3.patch.
          + Update 14_version_gettextcat.diff.
          + Soname bump, library package renamed from libgnutls-deb0-28 to
            libgnutls30.
          + OpenSSL compat layer is not built by default anymore, pass
            --enable-openssl-compatibility to ./configure.
          + Update symbol file.
          + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
            restricted to the corresponding protocols only, and the VERS-ALL
            string is introduced to catch all possible protocols. Closes: #773145
          + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
            "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
            dependency on libidn11-dev to libgnutls28-dev.
        * Fix typo in debian/rules
          (s/-disable-silent-rules/--disable-silent-rules).
      .
      gnutls28 (3.3.20-1) unstable; urgency=medium
      .
        * autoreconf requires automake 1.12.2, add build-dependency.
        * New upstream version.
        * Move Vcs-* from git/http to https.
      .
      gnutls28 (3.3.19-1) unstable; urgency=medium
      .
        * New upstream version.
         + Refresh 20_debian_specific_soname.diff.
         + Update symbol file.
      .
      gnutls28 (3.3.18-1) unstable; urgency=medium
      .
        * New upstream version.
      .
      gnutls28 (3.3.17-1) unstable; urgency=medium
      .
        * New upstream version.
         + Drop superfluous patches.
          (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
           46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
           47_safe-renegotiation-simulate-receiving-the-extension-.patch)
         + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
           bump dependency info for functions taking it as argument or returning it.
         + Bump dependency info on private symbols.
         + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
           CVE-2015-6251
      .
      gnutls28 (3.3.16-2) unstable; urgency=medium
      .
        * Refresh 40_no_more_ssl3.diff.
        * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
          46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
          47_safe-renegotiation-simulate-receiving-the-extension-.patch
          Pull three patches from upstream GIT to fix issue with server side sending
          the status request extension even when not requested.
          <http://article.gmane.org/gmane.network.gnutls.general/3929>
      .
      gnutls28 (3.3.16-1) unstable; urgency=medium
      .
        * Limit watchfile to 3.3.x versions.
        * New upstream version.
          + Drop superfluous patches
            (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
            55_nettle3.patch,
            56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
          + Bump private symbol versioning.
      .
      gnutls28 (3.3.15-7) unstable; urgency=medium
      .
        * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
          is a kludge and technically wrong, but will prevent partial upgrades from
          stable. Closes: #788735
        * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
      .
      gnutls28 (3.3.15-6) unstable; urgency=high
      .
        * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
          Closes: #788011
      .
      gnutls28 (3.3.15-5) unstable; urgency=medium
      .
        * Upload to unstable.
        * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
          against both 2.7 and 3.x.
      .
      gnutls28 (3.3.15-4) experimental; urgency=medium
      .
        * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
          allows compilation against both nettle 2.7 and 3.x.
        * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
          and libtasn1-6-dev, the =${binary:Version} dependency of the development
          packages on the respective library packages should make this superfluous.
      .
      gnutls28 (3.3.15-3) experimental; urgency=medium
      .
        * Add 55_nettle3.patch from
          http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
          against nettle3.
      .
      gnutls28 (3.3.15-2) unstable; urgency=medium
      .
        * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
          fixing a testsuite error on kfreebsd-*.
      .
      gnutls28 (3.3.15-1) unstable; urgency=medium
      .
        * New upstream stable release.
          + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
      .
      gnutls28 (3.3.14-3) experimental; urgency=medium
      .
        * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
        * (Build-)depend on nettle-dev >= 3.0.
      .
      gnutls28 (3.3.14-2) unstable; urgency=medium
      .
        * Upload to unstable.
        * Sync version of Depends and Build-Depends on libtasn1-6-dev.
      .
      gnutls28 (3.3.14-1) experimental; urgency=medium
      .
        * New upstream version.
          + Bump libtasn b-d to >= 4.3.
      .
      gnutls28 (3.3.13-1) experimental; urgency=medium
      .
        * New upstream version.
          + Includes fix for CVE-2015-0294, a certificate algorithm consistency
            checking issue.
      .
      gnutls28 (3.3.12-1) experimental; urgency=medium
      .
        * New upstream version.
          + gnutls-cli-debug STARTTLS is working. Closes: #467022
      .
      gnutls28 (3.3.11-1) experimental; urgency=medium
      .
        * New upstream version.
          + Includes fix for OCSP response parsing issue. Closes: #772055
      .
      gnutls28 (3.3.10-2) experimental; urgency=medium
      .
        * Remove SSL 3.0 from default priorities list.
          Closes: #769904
      .
      gnutls28 (3.3.10-1) experimental; urgency=medium
      .
        * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
          manpages.
        * New upstream version.
          + Includes fix for a denial of service issue CVE-2014-8564 /
            GNUTLS-SA-2014-5.
          + When gnutls_global_init() is called for a second time, it will check
            whether the /dev/urandom fd kept is still open and matches the original
            one. That behavior works around issues with servers that close all file
            descriptors. This should take care of #760476.
      .
      gnutls28 (3.3.9-1) experimental; urgency=medium
      .
        * New upstream version.
          + Unfuzz 20_debian_specific_soname.diff.
          + Drop 31_fallback_to_RUSAGE_SELF.diff.
          + Bump private symbol dependency info.
          + Bump dependency version of gnutls_certificate_get_issuer() and
            gnutls_x509_trust_list_get_issuer() because of newly added
            GNUTLS_TL_GET_COPY flag.
      .
      gnutls28 (3.3.8-7) unstable; urgency=medium
      .
        * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
          Pull two patches from upstream to a use-after-free flaw in
          gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
          Closes: #782776
      .
      gnutls28 (3.3.8-6) unstable; urgency=medium
      .
        * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
          6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
          certificate import check whether the two signature algorithms match.
          CVE-2015-0294. Closes: #779428
      .
      gnutls28 (3.3.8-5) unstable; urgency=medium
      .
        * Remove SSL 3.0 from default priorities list.
          Closes: #769904
      .
      gnutls28 (3.3.8-4) unstable; urgency=high
      .
        * Drop 31_fallback_to_RUSAGE_SELF.diff.
        * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
          from the application check the urandom fd for validity. Closes: #768841
          and takes care of #760476.
        * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
          session deinit. It is already being refreshed during the session lifetime.
        * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
          format, perform additional sanity checks on input.
          CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
        * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
          uses a cert in binary der-format which is not representable in a quilt
          patches and we want to limit debian.tar.xz to modify stuff in debian/ we
          have some special handling in debian/rules.)
      .
      gnutls28 (3.3.8-3) unstable; urgency=high
      .
        [ Daniel Kahn Gillmor ]
        * Add list of executables to gnutls-bin package description.
          Closes: #763671
      .
        [ Andreas Metzler ]
        * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
          try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
          Mavrogiannopoulos!) Closes: #760476
      .
      gnutls28 (3.3.8-2) unstable; urgency=medium
      .
        * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
          3.3.8 requires libtasn1 >= 3.9.
        * Upload to unstable.
      .
      gnutls28 (3.3.8-1) experimental; urgency=medium
      .
        * New upstream version.
          + Refresh 20_debian_specific_soname.diff.
          + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
            with old experimental upload 0.21.2-1
          + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
            some functions in the gnutls_pkcs11_* family due to new members in enums
            gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
            symbol dependency info, and bump shlibs.
        * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
          The GnuTLS library package automatically gets a dependency on libp11-kit0
          (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
          libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
          enforce a version on libp11-kit-dev and we do not need to duplicate the
          info.
        * Add explicit build-dependency on libopts25-dev. Closes: #761618
      .
      gnutls28 (3.3.7-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.3.7-1) experimental; urgency=medium
      .
        * New upstream release.
          + Refresh 20_debian_specific_soname.diff.
          + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
            symbol dependency info, and bump shlibs.
          + New member in gnutls_pkcs11_obj_attr_t, bump version of
            gnutls_pkcs11_obj_list_import_url*.
      .
      gnutls28 (3.3.6-2) unstable; urgency=medium
      .
        * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
          lastest stable at freeze time.
        * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
          at-build-time-default-compiler) by exporting @CPP@.
      .
      gnutls28 (3.3.6-1) experimental; urgency=medium
      .
        * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
          with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
        * New upstream release.
          + Refresh 20_debian_specific_soname.diff.
          + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
            symbol dependency info.
      .
      gnutls28 (3.3.5-1) experimental; urgency=medium
      .
        * New upstream version.
        * Refresh patches/20_debian_specific_soname.diff.
        * Drop 30_Updated-asm-sources.patch.
        * Add new public symbols to symbol file, bump shlibs.
      .
      gnutls28 (3.3.3-1) experimental; urgency=medium
      .
        * New upstream version, including a fix for GNUTLS-SA-2014-3
          CVE-2014-3466.
        * Refresh 20_debian_specific_soname.diff.
        * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
        * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
      .
      gnutls28 (3.3.2-2) experimental; urgency=high
      .
        * Fix crashes due to symbol clashes when a binary ends up being linked
          against GnuTLS v2 and v3 by bumping library symbol-versioning (and
          therefore also the soname) in a Debian specific way, to make sure there is
          no conflict with future:
          + 20_debian_specific_soname.diff
            - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
            - Add "-release deb0" to libtool link command.
          + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
          + Adapt symbol file accordingly.
          + Change 14_version_gettextcat.diff, too.
            Closes: #748742
         * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
           These have been unnecessary since we started using dh compat v9, where
           debugging symbols are installed to /usr/lib/debug/.build-id.
      .
      gnutls28 (3.3.2-1) experimental; urgency=medium
      .
        * Do not build-depend on guile-2.0 on m68k. Closes: #745461
        * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
          enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
          corresponding versioned build-dependency, to prevent building of
          uninstallable packages.
        * New upstream version. Drop 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff.
      .
      gnutls28 (3.3.1-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop 20_sparc_chainverify_buserror.diff.
          + Pull 20_guile_no_override_allocation.diff and
            21_Treat-othername-as-printable.diff from upstream GIT.
          + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
            upstream since it was never exported in a public header and is not
            used according to codesearch.d.o.
      .
      gnutls28 (3.3.0-2) experimental; urgency=medium
      .
        * Drop last remains of -xssl from debian/.
        * Add debian/libgnutls28.symbols.
        * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
          increase the space available for certificates to fix sparc testsuite
          error.
        * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
          libgnutls28-dev.
      .
      gnutls28 (3.3.0-1) experimental; urgency=medium
      .
        * New upstream version.
          + Bump shlibs.
      .
      gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
      .
        * Also version the p11-kit dependency.
        * New upstream version.
          + Set --enable-static, as only shared libs are built by default.
          + libgnutls-xssl is no more.
          + Bump shlibs.
        * Upload to experimental.
      .
      gnutls28 (3.2.16-1) unstable; urgency=medium
      .
        * New upstream version.
      .
      gnutls28 (3.2.15-3) unstable; urgency=medium
      .
        * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
          with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
        * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
          series.
      .
      gnutls28 (3.2.15-2) unstable; urgency=high
      .
        * Fix crashes due to symbol clashes when a binary ends up being linked
          against GnuTLS v2 and v3 by bumping library symbol-versioning (and
          therefore also the soname) in a Debian specific way, to make sure there is
          no conflict with future:
          + 20_debian_specific_soname.diff
            - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
            - Add "-release deb0" to libtool link command.
          + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
          + Change 14_version_gettextcat.diff, too.
          Closes: #74874
        * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
          These have been unnecessary since we started using dh compat v9, where
          debugging symbols are installed to /usr/lib/debug/.build-id.
        * debian/copyright: Add info about GPLv2 compatibility.
      .
      gnutls28 (3.2.15-1) unstable; urgency=high
      .
        * New upstream version.
          + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
      .
      gnutls28 (3.2.14-1) unstable; urgency=medium
      .
        * Do not build-depend on guile-2.0 on m68k. Closes: #745461
        * New upstream version.
        * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
          enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
          corresponding versioned build-dependency, to prevent building of
          uninstallable packages.
      .
      gnutls28 (3.2.13-2) unstable; urgency=medium
      .
        * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
          libgnutls28-dev.
      .
      gnutls28 (3.2.13-1) unstable; urgency=medium
      .
        * Also version the p11-kit dependency.
        * New upstream version.
      .
      gnutls28 (3.2.12.1-2) unstable; urgency=medium
      .
        * Upload to unstable.
        * Sync from Ubuntu (Colin Watson):
          + Add arm64 and ppc64el to the list of non-ia64 architectures on which
            guile-gnutls is built.
      .
      gnutls28 (3.2.12.1-1) experimental; urgency=medium
      .
        * New upstream version.
          + Drop superfluous patches:
            20_bug-in-gnutls_pcert_list_import_x509_raw.patch
            20_CVE-2014-0092.diff
      .
      gnutls28 (3.2.11-2) unstable; urgency=high
      .
        * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
        * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
          validation issue. CVE-2014-0092
      .
      gnutls28 (3.2.11-1) unstable; urgency=high
      .
        * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
        * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
      .
      gnutls28 (3.2.10-2) unstable; urgency=high
      .
        * Upload to unstable.
      .
      gnutls28 (3.2.10-1) experimental; urgency=high
      .
        * New upstream version.
        * New symbols exported, bump shlibs.
      .
      gnutls28 (3.2.9-2) unstable; urgency=medium
      .
        * Upload to unstable.
      .
      gnutls28 (3.2.9-1) experimental; urgency=medium
      .
        * New upstream version.
          + %COMPAT implies %DUMBFW. (See #733039)
        * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
          dh_autoreconf.
        * Stop dh_clean from removing *.bak, upstream tarball actually contains
          files named such in src/ subdirectory.
      .
      gnutls28 (3.2.8.1-3) unstable; urgency=medium
      .
        * Correct c'n'p error in Vcs-Git field.
        * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
      .
      gnutls28 (3.2.8.1-2) unstable; urgency=low
      .
        * Upload to unstable, without libgnutls-openssl27.
      .
      gnutls28 (3.2.8.1-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
            upstream.
          + Bump shlibs.
        * Add debian/upstream-signing-key.pgp (listed in
          debian/source/include-binaries) and update watchfile to check
          upstream signature.
      .
      gnutls28 (3.2.7-4) experimental; urgency=low
      .
        * Upload to experimental, with libgnutls-openssl27.
        * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
      .
      gnutls28 (3.2.7-3) unstable; urgency=low
      .
        * Point vcs* to git.
        * Upload to unstable, without libgnutls-openssl27.
      .
      gnutls28 (3.2.7-2) experimental; urgency=low
      .
        * Fix kfreebsd FTBFS.
          + 45_add_strerror-module.patch add gnulib strerror module.
          + Use dh_autoreconf.
      .
      gnutls28 (3.2.7-1) experimental; urgency=low
      .
        * New upstream version.
          + Add b-d on bison.
          + Bump shlibs.
          + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
          + Simplify debian/rules, stop removing autogened files.
      .
      gnutls28 (3.2.6-2) experimental; urgency=low
      .
        * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
          for the hint.)
        * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
      .
      gnutls28 (3.2.6-1) experimental; urgency=low
      .
        * New upstream version.
          + Bump shlibs.
      .
      gnutls28 (3.2.5-1) experimental; urgency=low
      .
        * New upstream version.
          + Bump shlibs.
        * Ship examples/examples.h which is needed for building examples/*.c. Also
          add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
          Closes: #726971
      .
      gnutls28 (3.2.4-5) experimental; urgency=low
      .
        * Re-enable building of libgnutls-openssl27 binary package.
        * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
          transition to gnutls28.
      .
      gnutls28 (3.2.4-4) unstable; urgency=low
      .
        * 40_guilenoparallel.diff: Disable parallel build in
          guile/modules/.
      .
      gnutls28 (3.2.4-3) unstable; urgency=low
      .
        * Looks like "Architecture" in debian/control cannot be folded, unfold the
          respective entry for guile-gnutls.
      .
      gnutls28 (3.2.4-2) unstable; urgency=low
      .
        * Manpages were missing on binary-only builds. Closes: #721725
        * Build with
          --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
          ca-certificates not pulled in by build-dependencies anymore.
          Closes: #721726
        * Upload to unstable.
      .
      gnutls28 (3.2.4-1) experimental; urgency=low
      .
        * New upstream release.
          + Drop 40_Clean-up-after-test.patch.
        * Fix path to png files in info files with sed instead of symlinking images.
        * Bump shlibs.
      .
      gnutls28 (3.2.3-3) experimental; urgency=low
      .
        * Switch to dh, to easily allow us to move gtk-doc-tools to
          Build-Depends-Indep. Closes: #682596
      .
      gnutls28 (3.2.3-2) experimental; urgency=low
      .
        * Build gnutls-guile against guile-2.0.
          + Drop --disable-largefile on armel armhf mipsel.
          + ia64 does not build guile-2.0, disable guile-support there.
      .
      gnutls28 (3.2.3-1) unstable; urgency=low
      .
        * New upstream release.
        * Drop superfluous patches. (35_gnutls-priority-string.diff
          36_avoid-leaking-a-buffer-element.diff)
        * Bump shlibs.
      .
      gnutls28 (3.2.2-2) unstable; urgency=low
      .
        * Pull two patches from upstream:
          +35_gnutls-priority-string.diff Fix priority string parsing broken in
           3.2.2 Closes: #717314
          +36_avoid-leaking-a-buffer-element.diff
      .
      gnutls28 (3.2.2-1) unstable; urgency=low
      .
        * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
          Closes: #678070
        * New upstream version.
        * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
        * Bump shlibs.
      .
      gnutls28 (3.2.1-2) unstable; urgency=low
      .
        * Upload to unstable.
        * Do not link everything against nettle on mips(el), the issue being worked
          around was fixed by the latest eglibc upload.
        * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
          same.
      .
      gnutls28 (3.2.1-1) experimental; urgency=low
      .
        * New upstream version.
          + Bump nettle build-dep to >= 2.7.
          + Bump shlibs.
          + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
            whether it still fails on kfreebsd-i386.
          + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
            false positive error in 32-bit systems.
          + [32_linkagainstgmp.diff] Link libgnutls against gmp.
      .
      gnutls28 (3.1.12-2) unstable; urgency=low
      .
        * Upload to unstable.
        * Fix vcs-field-not-canonical lintian error by using anonscm instead of
          svn.debian.org.
      .
      gnutls28 (3.1.12-1) experimental; urgency=low
      .
        * Use rm -f on clean, fixing an issue with building twice in row.
        * New upstream version.
        * On mips/mipsel link everything and the kitchen-sink against nettle to work
          around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
      .
      gnutls28 (3.1.11-1) experimental; urgency=low
      .
        * New upstream version.
          + Bump shlibs.
      .
      gnutls28 (3.1.10-1) experimental; urgency=low
      .
        * New upstream version.
        * Bump shlibs.
      .
      gnutls28 (3.1.9.1-1) experimental; urgency=low
      .
        * New upstream version.
        * Bump shlibs.
        * Force re-generation of autogen-ed manpages.
      .
      gnutls28 (3.1.8-1) experimental; urgency=low
      .
        * New upstream version.
      .
      gnutls28 (3.1.7-1) experimental; urgency=low
      .
        * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
          the build-depency. (Thanks, Daniel Kahn Gillmor)
        * New upstream version.
          + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
            CVE-2013-0169 CVE-2013-1619.
          + New symbols added, bump shlibs.
          + Ship newly available libgnutls-xssl0 library in a separate package.
        * Disable Heart Beat (RFC6520) support.
      .
      gnutls28 (3.1.6-1) experimental; urgency=low
      .
        * Update watchfile, based on Bart Martens version for gnutls26 on
          q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
          3.x versions.
        * New upstream version.
          + requires libtasn1 >= 3.1, bump build-depends.
          + requires a a newer version of autogen, bump build-depends.
          + update debian/copyright to reflect the fact that GnuTLS authors have
            stopped assigning copyright to FSF.
      .
      gnutls28 (3.1.5-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop 40_danetestfail.diff
          + Unfuzz 20_test-select.diff
          + Bump shlibs.
      .
      gnutls28 (3.1.4-1) experimental; urgency=low
      .
        * New upstream release.
          + Drop 40_fixtypo.diff.
          + debian/copyright: update upstream author list.
          + New symbols added, bump shlibs.
        * 40_danetestfail.diff - Do not try to run dane test without dane support.
      .
      gnutls28 (3.1.3-1) experimental; urgency=low
      .
        * New upstream release.
        * Explicitly set --disable-libdane --without-tpm.
        * Bump shlibs.
        * 40_fixtypo.diff pulled from upstream git.
        * Update debian/copyright from AUTHORS.
      .
      gnutls28 (3.1.2-1) experimental; urgency=low
      .
        * New upstream release.
          + Requires libtasn1-3 2.14, bump (b-)d.
          + New symbols added, bump shlibs.
      .
      gnutls28 (3.1.1-1) experimental; urgency=low
      .
        * New upstream release.
          + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
            Closes: #686242
          + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
            42_dump-the-errno.diff 43_possiblefix.diff)
          + Bump shlibs.
        * Sync version of libgnutls-dev dependency on nettle-dev with the
          build-dependency.
      .
      gnutls28 (3.1.0-5) experimental; urgency=low
      .
        * 43_possiblefix.diff might fix the test suite error.
      .
      gnutls28 (3.1.0-4) experimental; urgency=low
      .
        * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
          testsuite error.
      .
      gnutls28 (3.1.0-3) experimental; urgency=low
      .
        * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
      .
      gnutls28 (3.1.0-2) experimental; urgency=low
      .
        * Mention abbreviation "DTLS" in package description.
        * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
          it spuriously fails on about half of the buildds.
      .
      gnutls28 (3.1.0-1) experimental; urgency=low
      .
        * New upstream release.
          + Bump nettle build-dep to >= 2.5.
          + Bump shlibs.
      .
      gnutls28 (3.0.22-2) unstable; urgency=low
      .
        * Upload to unstable. This is a leaf-package, experimental should get
          3.1.0.
      .
      gnutls28 (3.0.22-1) experimental; urgency=low
      .
        * New upstream version.
      .
      gnutls28 (3.0.21-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop 35_s390buildfix.diff.
        * Bump shlibs (new functions added.)
      .
      gnutls28 (3.0.20-3) unstable; urgency=low
      .
        * 35_s390buildfix.diff - Fixes test-suite error on s390x.
      .
      gnutls28 (3.0.20-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.0.20-1) experimental; urgency=low
      .
        * New upstream version.
        * Bump shlibs (new functions added.)
        * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
          CLOCK_MONOTONIC now. #662018
      .
      gnutls28 (3.0.19-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.0.19-1) experimental; urgency=low
      .
        * New upstream version.
          + libgnutls: When decoding a PKCS #11 URL the pin-source field
            is assumed to be a file that stores the pin. (LP: #929108)
          + Drop 31_killchild.diff, included upstream.
      .
      gnutls28 (3.0.18-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.0.18-1) experimental; urgency=low
      .
        * New upstream version.
          + Bump shlibs.
        * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
          build to hang.
      .
      gnutls28 (3.0.17-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      gnutls28 (3.0.17-1) experimental; urgency=low
      .
        * New upstream version.
          + Bump shlibs.
      .
      gnutls28 (3.0.15-2) experimental; urgency=low
      .
        * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
          support for CLOCK_MONOTONIC is missing there. (See #662018.)
      .
      gnutls28 (3.0.15-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop superfluous patches (30_microseconds-does-not-overflow.patch,
            31_provide-accurate-value-to-select.patch)
          + Includes fix for CVE-2012-1573.
        * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
        * Bump libgnutls-dev dependency on libp11-kit-dev.
      .
      gnutls28 (3.0.14-1) experimental; urgency=low
      .
        * New upstream version.
          + Drop 30_force-kill-of-child.diff.
        * Pull 30_microseconds-does-not-overflow.patch and
          31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
          error (tests/mini-loss) on kfreebsd-*.
      .
      gnutls28 (3.0.13-1) experimental; urgency=low
      .
        * New upstream version.
          + bump libp11-kit-dev build-dep. to >= 0.11.
          + drop 30_guilegnutlserrorcodes.diff.
        * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
        * Use and link against Debian's packaged version of autogen/libopts.
          + B-d on autogen.
          + remove autogen-generated files (*.c, *.h) on clean. autogen requires
            that the system headers are at least of the same version as the
            one which was used to generate the files from their respective .def
            sources.
        * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
        * Bump shlibs.
      .
      gnutls28 (3.0.12-2) unstable; urgency=low
      .
        * De-multiarch guile-gnutls. Closes: #658110
      .
      gnutls28 (3.0.12-1) unstable; urgency=low
      .
        * New upstream version.
        * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
          testsuite error.
        * Update debian/copyright.
        * Bump shlibs. (OCSP support)
        * Add trivial ocsptool manpage.
      .
      gnutls28 (3.0.11-1) unstable; urgency=low
      .
        * New upstream version.
      .
      gnutls28 (3.0.10-1) unstable; urgency=low
      .
        * Drop guile-gnutls.README.Debian - binary guile modules are no longer
          directly installed in $libdir.
        * New upstream version.
          + Drop patches/30_correctly-set-the-odd-bits.patch.
          + gnutls_random_art() added. Update copyright, bump shlibs.
          + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
            Closes: #652552
      .
      gnutls28 (3.0.9-2) unstable; urgency=low
      .
        * [20_test-select.diff] Do not run gnulib test-select test anymore. The
          test fails on kfreebsd-i386, the gnutls library does not use select().
        * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
        * Upload to unstable.
      .
      gnutls28 (3.0.9-1) experimental; urgency=low
      .
        * New upstream version.
        * Include guile-gnutls package.
        * Bump shlibs.
      .
      gnutls28 (3.0.8-2) unstable; urgency=low
      .
        * First upload to unstable.
          + Disable openssl-wrapper package, let it be provided by gnutls26 until
            gnutls28 is in testing.
          + Disable gnutls-guile package, let it be provided by gnutls26 until
            gnutls28 is in testing.
      .
      gnutls28 (3.0.8-1) experimental; urgency=low
      .
        * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
          guile related FTBFS on these architectures.
          See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
        * New upstream version.
          + Bump shlibs.
      .
      gnutls28 (3.0.7-1) experimental; urgency=low
      .
        * New upstream version.
          + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
        * Drop 20_addGNU-stack.diff, included upstream.
        * loadable Guile module no longer installed directly to $libdir but to
          $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
          Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify
          DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
        * gnutls-extra is removed upstream, there is no need anymore to manually
          remove the bits and pieces in debian/rules.
      .
      gnutls28 (3.0.4-2) experimental; urgency=low
      .
        * Drop libgnutls-dev.README.Debian, the information provided there stopped
          being relevant in 2.7.12.
        * Delete superfluous info from debian/README.source.
        * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
          seem to be possible.
          http://lists.debian.org/debian-devel/2011/10/msg00332.html
        * Simplify dependencies:
          + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
            also provided by gnutls26' libgnutls-dev).
          + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
            gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
      .
      gnutls28 (3.0.4-1) experimental; urgency=low
      .
        * New upstream version.
          + bump shlibs.
          + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
        * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
        * [20_addGNU-stack.diff] Add GNU-stack note to newly added
          padlock-common.s.
        * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
          be packaged for Debian again when it provides functionality.
        * Update debian/copyright, accelerated assembly code is non-FSF copyright.
        * Add crywrap.8 manpage.
      .
      gnutls28 (3.0.3-1) experimental; urgency=low
      .
        * New upstream version. (Includes a fix for #640639)
        * Bump shlibs.
      .
      gnutls28 (3.0.2-1) experimental; urgency=low
      .
        * Update debian/copyright for crywrap.
        * Since libgnutls*-dbg contains debugging symbols of helper applications
          libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
          Conflicts.
        * New upstream version. It also includes the fixes for #638586 (Correct
          parsing of XMPP subject alternative names) and #638595
          (gnutls_certificate_set_x509_key() and
          gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
          release of the private key during the lifetime of the certificate
          structure.)
        * Configure with --enable-gtk-doc, the included API reference is incomplete
          in the tarball.
        * [lintian] Get rid of binary-control-field-duplicates-source field
          warnings.
        * [lintian] Add description header to 14_version_gettextcat.diff
        * Bump shlibs.
      .
      gnutls28 (3.0.1-1) experimental; urgency=low
      .
        * Update Vcs-Svn and Vcs-Browser for new source package name.
        * New upstream version.
          + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
        * Bump build-dependency on libp11-kit-dev to (>= 0.4).
        * Drop 20_executablestack.diff, included upstream.
        * Includes crywrap(8), an application that proxies TLS session to a port
          using a plaintext service.
        * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
        * Bump shlibs. (New flags).
      .
      gnutls28 (3.0.0-2) experimental; urgency=low
      .
        * Add missing b-d on chrpath.
        * Search for .xz instead of .bz2 in watchfile.
      .
      gnutls28 (3.0.0-1) experimental; urgency=low
      .
        * Drop gcrypt related patches (16_unnecessarydep.diff
          17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
          20_gcrypt15compat.diff), update remaining one
          (14_version_gettextcat.diff).
        * Build against nettle and p11-kit.
          + Update DEB_CONFIGURE_EXTRA_FLAGS.
          + Update (Build-)Depends. (Add pkg-config, it is used for locating
            p11-kit.)
        * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
          libgnutls28.
        * Drop libgnutls Breaks, they are superfluous after the soname change.
        * Delete config.log on clean.
        * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
          assembly files.
        * Delete unneccessary rpath entries.
        * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
          NEWS entry for this license change.
        * Move gnutls-extra library to separate package.
      .
      gnutls26 (2.12.7-4) unstable; urgency=low
      .
        * Upload to unstable.
        * Point watch file to stable release directory.
        * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
          Libs.private. Closes: #632891
        * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
      .
      gnutls26 (2.12.7-3) experimental; urgency=low
      .
        [ Simon Josefsson ]
        * Fix Debian BTS URL in --with-packager-bug-reports option.
      .
        [ Andreas Metzler ]
        * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
      .
      gnutls26 (2.12.7-2) experimental; urgency=low
      .
        * Stop shipping libtool la files.
        * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
          + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
            *.install accordingly.
          + Bump cdbs Build-Depends to 0.4.93 (required for expanding
            $(DEB_HOST_MULTIARCH)).
          + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
          + runtime libraries and guile-wrapper are Multi-Arch: same with
            Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are
            Multi-Arch: foreign, -dev and -dbg remain unchanged.
          + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
            package. It contains debugging symbols for both library and helper
            binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
            co-installable with itself.
      .
      gnutls26 (2.12.7-1) experimental; urgency=low
      .
        * New upstream version.
        * Update 17_ignoretestsuitteerrors.diff.
        * A new version of pokerth has been uploaded to sid, update libgnutls26
          Breaks accordingly.
      .
      gnutls26 (2.12.6.1-1) experimental; urgency=low
      .
        * New upstream version.
        * Bump shlibs, global_set_time_function() was added.
        * Stop setting CFLAGS += -Wall, it is set by default again.
        * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
          errors.
      .
      gnutls26 (2.12.5-1) experimental; urgency=low
      .
        * New upstream version.
        * Bump shlibs, gnutls_x509_crq_verify() was added.
      .
      gnutls26 (2.12.4-1) experimental; urgency=low
      .
        * New upstream version.
        * Bump shlibs. (gnutls_certificate_get_issuer() added).
      .
      gnutls26 (2.12.3-1) experimental; urgency=low
      .
        * New upstream version.
        * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
      .
      gnutls26 (2.12.2-2) experimental; urgency=low
      .
        * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
          for compatibility. Closes: #623001
      .
      gnutls26 (2.12.2-1) experimental; urgency=low
      .
        * New upstream version.
        * [lintian] Drop article from short package descriptions.
      .
      gnutls26 (2.12.1-1) experimental; urgency=low
      .
        * New upstream version.
          + certtool: Generated certificate request with stricter permissions.
            Closes: #619746
        * Drop superfluous patches:
          17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
          19_uninitializedvar.diff 20_access_freedmemory.diff
        * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
          need a binNMU when gnutls 2.12.x uploaded to unstable.
      .
      gnutls26 (2.12.0-1) experimental; urgency=low
      .
        * New upstream stable release.
          + Drop superceded patches 17_goldhotfix.patch
            18_libgnutls-openssl_soname.diff.
        * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
          17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
          19_uninitializedvar.diff 20_access_freedmemory.diff
      .
      gnutls26 (2.11.7-2) experimental; urgency=low
      .
        * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
          versioning: 27:0:0).
        * Split off libgnutls-openssl to a separate package, since the sonames are
          not in sync anymore.
      .
      gnutls26 (2.11.7-1) experimental; urgency=low
      .
        * New upstream version (rc for 2.12)
          + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
          + Bump shlibs.
        * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
      .
      gnutls26 (2.11.6-2) experimental; urgency=low
      .
        * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
          on big endian architectures.
      .
      gnutls26 (2.11.6-1) experimental; urgency=low
      .
        * Development release.
        * Continue building against libgcrypt, run configure with --with-libgcrypt.
        * Refresh patches/15_fixgnutlspc.diff.
        * Set --with-packager* options.
        * Install newly available p11tool binary.
        * Bump libgcrypt11-dev Build-Depends.
        * C++ wrapper soname bump, change package name accordingly.
        * Bump shlibs.
        * Update debian/copyright.
        * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
          seem to set it by default.
      .
      gnutls26 (2.10.5-3) unstable; urgency=medium
      .
        * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
      .
      gnutls26 (2.10.5-2) unstable; urgency=low
      .
        * Stop shipping libtool la files.
      .
      gnutls26 (2.10.5-1) unstable; urgency=low
      .
        * New upstream bugfix release.
          + Drop 15_fixgnutlspc.diff, included upstream.
        * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
          seem to set it by default.
      .
      gnutls26 (2.10.4-2) unstable; urgency=low
      .
        * Use debhelper compatibility level 7.
        * Merge in changes from 2.8.6-1:
          + Use dh_lintian.
          + Use dh_makeshlibs for the guile stuff, too. This gets us
            a) ldconfig in postinst. Closes: #553109
            and
            b) a shlibs file.
            However the shared objects /usr/lib/libguile-gnutls*so* are still not
            designed to be used as libraries (linking) but are dlopened. guile-1.10
            will address this issue by keeping this stuff in a private directory.
          + hotfix pkg-config files (proper fix to be included upstream).
          + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
            Closes: #405239
         * Upload to unstable.
      .
      gnutls26 (2.10.4-1) experimental; urgency=low
      .
        * New upstream release. V1 CAs are trusted by default.
      .
      gnutls26 (2.10.3-1) experimental; urgency=low
      .
        * Drop workaround for 519006, binutils is fixed even in squeeze.
        * New upstream bugfix release.
      .
      gnutls26 (2.10.2-1) experimental; urgency=low
      .
        * New upstream version.
          + Fix asynchronous API handling. Closes: #588187
          + certtool does not crash on reading from /dev/null anymore.
            Closes: #588029
        * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
      .
      gnutls26 (2.10.1-1) experimental; urgency=low
      .
        * Update package descriptions. Closes: #588067
        * New upstream version.
      .
      gnutls26 (2.10.0-2) experimental; urgency=low
      .
        * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1),
          libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
          support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
          (2.31.2-1) not yet. Closes: #587755
      .
      gnutls26 (2.10.0-1) experimental; urgency=low
      .
        * New upstream stable release.
        * Point watchfile to stable releases.
      .
      gnutls26 (2.9.12-2) experimental; urgency=low
      .
        * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
          without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
          useless and almost empty package on these archs.)
        * Drop ancient workaround for gcc bug on hppa.
          http://bugs.debian.org/128036
      .
      gnutls26 (2.9.12-1) experimental; urgency=low
      .
        * New upstream version.
      .
      gnutls26 (2.9.11-1) experimental; urgency=low
      .
        * New upstream version.
        * Drop 15_gnutlspriority.diff, superseded.
      .
      gnutls26 (2.9.10-2) experimental; urgency=low
      .
        * [15_gnutlspriority.diff] Restore compatibility with programs using
          gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
          Closes: #579831
      .
      gnutls26 (2.9.10-1) experimental; urgency=low
      .
        * New upstream version.
        * New functions added, bump shlibs.
      .
      gnutls26 (2.9.9-1) experimental; urgency=low
      .
        * Package upstream development branch for experimental.
        * Track development versions in watchfile.
        * Package C++ wrapper again. Closes: #548637
      .
      gnutls26 (2.8.6-1) unstable; urgency=low
      .
        * Use dh_lintian.
        * Use dh_makeshlibs for the guile stuff, too. This gets us
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        * hotfix pkg-config files (proper fix to be included upstream).
        * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
      .
      gnutls26 (2.8.5-2) unstable; urgency=low
      .
        * Add a huge bunch of lintian overrides for the guile stuff to make dak
          happy.
      .
      gnutls26 (2.8.5-1) unstable; urgency=low
      .
        * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
        * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
          orig.tar.bz2 without repacking it to gz.
        * New upstream version.
          + Drop patches/20_fixtimebomb.diff.
      .
      gnutls26 (2.8.4-2) unstable; urgency=high
      .
        * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
      .
      gnutls26 (2.8.4-1) unstable; urgency=low
      .
        * New upstream version.
          + Drop debian/patches/15_openpgp.diff.
        * Sync priorities with override file, libgnutls26 has been bumped from
          important to standard.
      .
      gnutls26 (2.8.3-3) unstable; urgency=low
      .
        * Empty dependency_libs in la-files. (Squeeze release goal.)
      .
      gnutls26 (2.8.3-2) unstable; urgency=low
      .
        * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
          openpgp connections.
      .
      gnutls26 (2.8.3-1) unstable; urgency=high
      .
        * New upstream version.
          + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
            was built against. Closes: #540449
          + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
            certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
            http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
        * Drop 15_chainverify_expiredcert.diff, included upstream.
        * Urgency high, since 541439 applies to testing, too.
      .
      gnutls26 (2.8.1-2) unstable; urgency=low
      .
        [ Simon Josefsson ]
        * Remove cruft in rules file.
        * Remove patches/15_tasn1inpc.diff, not needed.
      .
        [ Andreas Metzler ]
        * Finally add an entry to the NEWS.Debian file concerning the deprecation of
          RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
        * Upload to unstable.
        * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
          Fix testsuite error caused by expired certificate.
      .
      gnutls26 (2.8.1-1) experimental; urgency=low
      .
        * New upstream stable release.
      .
      gnutls26 (2.7.14-1) experimental; urgency=low
      .
        * [debian/control] set section setting of source package to libs instead of
          devel.
        * New upstream version.
          + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
          + Bump shlibs, new symbols added.
      .
      gnutls26 (2.7.12-1) experimental; urgency=low
      .
        * Fix typo in changelog. Closes: #526427
        * New upstream release.
          + Does not ship the scripts libgnutls-extra-config and libgnutls-config
            and the .m4 snippet to use it anymore. Please switch to pkg-config or
            standard autoconf test. Drop manpages and
            both patches/13_lessdeps_gnutls-config.diff and
            patches/13_lessdeps_gnutls-config.diff from the debian diff.
          + Update remaining patches.
          + Bump shlibs, new symbols added.
        * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
          already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
          GNUTLS_2_8.
        * New upstream uses separate ./configure scripts for the different
          libraries. Invoke the main ./configure script with
          --cache-file=$(CURDIR)/config.cache to speed things up.
      .
      gnutls26 (2.6.6-1) unstable; urgency=high
      .
        * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
          way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
        * New upstream security release.
          + libgnutls: Corrected double free on signature verification failure.
            GNUTLS-SA-2009-1 CVE-2009-1415
          + libgnutls: Fix DSA key generation. Noticed when investigating the
            previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
            2.6.x are corrupt.  See the advisory for more details.
            GNUTLS-SA-2009-2 CVE-2009-1416
          + libgnutls: Check expiration/activation time on untrusted certificates.
            Before the library did not check activation/expiration times on
            certificates, and was documented as not doing so.
            GNUTLS-SA-2009-3 CVE-2009-1417
         * The former two issues only apply to gnutls 2.6.x. The latter is a
           behavior change, add a NEWS.Debian file to document it.
      .
      gnutls26 (2.6.5-1) unstable; urgency=low
      .
        * Sync sections in debian/control with override file. libgnutls26-dbg is
          section debug, guile-gnutls is section lisp.
        * New upstream version. (Needed for Libtasn1-3 2.0)
        * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
        * Standards-Version: 3.8.1, no changes required.
      .
      gnutls26 (2.6.4-2) unstable; urgency=low
      .
        * Upload to unstable.
        * Merge changelog entries from unstable and experimental.
      .
      gnutls26 (2.6.4-1) experimental; urgency=low
      .
        * New upstream version.
      .
      gnutls26 (2.6.3-1) experimental; urgency=low
      .
        * New upstream version.
          + Corrects bug gnutls-cli which caused a rehandshake request
            to be ignored. Closes: #396867
        * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
      .
      gnutls26 (2.6.2-2) experimental; urgency=low
      .
        * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
          correct certificate chains were not recognized as verified.
          Closes: #507633
        * [lintian] Add ${misc:Depends} to multiple dendency lines.
      .
      gnutls26 (2.6.2-1) experimental; urgency=low
      .
        * New upstream version.
          + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
          + Drop 20_fix_501077.diff.
        * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
          there.
        * Add Simon Josefsson to uploaders.
      .
      gnutls26 (2.6.0-1) experimental; urgency=low
      .
        * New upstream stable release.
        * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
          gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
      .
      gnutls26 (2.5.9-1) experimental; urgency=low
      .
        * New upstream development version.
        * Bump shlibs.
      .
      gnutls26 (2.4.2-6) unstable; urgency=medium
      .
        * New patches, syncing with 2.4.3 upstream oldstable release:
          + 24_intermedcertificate.patch If a non-root certificate ist trusted
            gnutls certificateificate verification stops there instead of checking
            up to the root of the certificate chain.
          + 22_whitespace.patch - Whitespace only changes, to make it possible to
            apply upstream fixes without manual changes.
          + 25_bufferoverrun.patch. Fix buffer overrun bug in
            gnutls_x509_crt_list_import.
            http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
      .
      gnutls26 (2.4.2-5) unstable; urgency=low
      .
        * Pull two patches from upstream stable branch to make gnutls behavior
          match documentation:
         + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
           certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
           GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
         + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
           certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
           GNUTLS_CERT_INSECURE_ALGORITHM verification output.
           CVE-2009-2409
      .
      gnutls26 (2.4.2-4) unstable; urgency=medium
      .
        * Add Simon Josefsson to uploaders.
        * Another fix for the verification fix. Some correct certificate chains were
          not recognized as verified. Closes: #507633
      .
      gnutls26 (2.4.2-3) unstable; urgency=low
      .
        * Fix a crash on trying to verify self-signed certificates introduced by the
          patch for CVE-2008-4989. Closes: #505279
      .
      gnutls26 (2.4.2-2) unstable; urgency=medium
      .
        * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
          verification. CVE-2008-4989 GNUTLS-SA-2008-3
      .
      gnutls26 (2.4.2-1) unstable; urgency=low
      .
        * New upstream bugfix release.
        * Up to date gnutls-cli manpage. Closes: #492775
      .
      gnutls26 (2.4.1-1) unstable; urgency=medium
      .
        * New upstream version, fixing a local denial of service vulnerability only
          present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
      .
      gnutls26 (2.4.0-2) unstable; urgency=low
      .
        * Standards version 3.8.0. Rename README.source_and_patches to README.source.
        * Upload to unstable.
        * Point watchfile to stable releases again.
        * Merge experimental and unstable changelog.
      .
      gnutls26 (2.4.0-1) experimental; urgency=low
      .
        * New upstream stable release.
        * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
      .
      gnutls26 (2.3.15-1) experimental; urgency=low
      .
        * New upstream version. (rc4)
          Disables 'openpgp-certs' tests. Closes: #486269
      .
      gnutls26 (2.3.14-1) experimental; urgency=low
      .
        * New upstream version. (rc3)
      .
      gnutls26 (2.3.13-1) experimental; urgency=low
      .
        * New upstream version. 2nd rc for 2.4.0.
        * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
      .
      gnutls26 (2.3.12-1) experimental; urgency=low
      .
        * New upstream version. Bump shlibs.
        * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
        * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
          failure on sparc.
      .
      gnutls26 (2.3.11-1) experimental; urgency=low
      .
        * New upstream version.
          + Fixes three security vulnerabilities.
            [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
            <http://www.gnu.org/software/gnutls/security.html>.
            CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
          + Fixes subjectAltName wildcard matching. Closes: #479174
          + certtool now writes keyfiles with 0600 permissions. Closes: #373169
      .
      gnutls26 (2.2.5-1) unstable; urgency=high
      .
        * New upstream version.
          Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
      .
      gnutls26 (2.3.9-1) experimental; urgency=low
      .
        * New upstream development version.
          - OpenPGP support merged into libgnutls and is now licensed under LGPL.
            The included copy of OpenCDK has been stripped down and re-licensed
            under the LGPL. Using the external OpenCDK is not supported anymore, the
            external library will not be maintained anymore. Drop respective
            (build-)depends.
          - API extended, bump shlibs.
          - certtool asks for password confirmation. Closes: #364287
          - performance enhancements for gnutls_certificate_set_x509_trust_file.
            Closes: #400448
          - gnutls-cli: exits when hostname doesn't match certificate.
            Use --insecure to avoid hostname comparison.
        * For paranoia sake build with -D_REENTRANT even if upstream has stopped
          doing so.
        * [debian/copyright] : update, and stop including a GFDL copy.
        * Point watchfile to development versions.
      .
      gnutls26 (2.2.3-1) unstable; urgency=low
      .
        * New upstream stable release.
          - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
      .
      gnutls26 (2.2.3~rc-1) unstable; urgency=low
      .
        * New upstream version. Release candidate for 2.2.3.
          + Increase default handshake packet size limit to 48kb. Closes: #478191
        * remove unsupported .l command from debian/libgnutls-config.1
        * Use Programming/C as doc-base section.
      .
      gnutls26 (2.2.2-1) unstable; urgency=low
      .
        * New upstream version.
          Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
          and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
          strings and return the proper size.
          corrected string handling in parse_general_name.
          Closes: #465197
        * Point watchfile to ftp.gnutls.org.
        * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
      .
      gnutls26 (2.2.1-3) unstable; urgency=low
      .
        * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
          gnutls guile wrapper on ia64.
      .
      gnutls26 (2.2.1-2) unstable; urgency=low
      .
        * Add Vcs-Svn: and Vcs-Browser control fields.
        * Upload to unstable.
      .
      gnutls26 (2.2.1-1) experimental; urgency=low
      .
        * New upstream version.
        * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
          there.
        * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
          packages contain gnutls-bin debugging symbols. Closes: #459295.
      .
      gnutls26 (2.2.0-1) experimental; urgency=low
      .
        * New upstream version.
          License change! Main library stays LGPLv2.1+ but libgnutls-extra,
          libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
          updated.
        * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
          versions were GPLv2+) and this license is not compatible with GPLv3+.
        * Non packaged 2.1.8 introduced new symbol
          gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
        * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
        * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
          DSA2 support. Closes: #455513
        * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
      .
      gnutls26 (2.1.7-1) experimental; urgency=low
      .
        * New upstream version.
          - Another soname bump. Packages renamed.
        * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
          dak does not allow that yet.
        * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
          libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
      .
      gnutls25 (2.1.6-2) experimental; urgency=low
      .
        * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
          experimental buildds happy.
      .
      gnutls25 (2.1.6-1) experimental; urgency=low
      .
        * New upstream version. API changes! Please consult
          /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
          removed (mainly *_authz_*) and changed interfaces.
          This is the first release canddate for 2.2. The deprecation of
          gnutls_set_default_priority() is supposed to be undone before the final
          stable release.
        * Bump build-depends.
        * Stop building and shipping the C++ library, since nobody is using it. I
          will happly re-add it if requested.
        * Add Homepage field to debian/control.
        * Build and ship Guile bindings. Requested by Ludovic Courtès who also
          provided the initial patch. (On a sidenote I think guile generally does
          not do the right thing by throwing dlopened modules into /usr/lib/.)
        * Update debian/copyright.
      .
      gnutls13 (2.0.1-1) unstable; urgency=low
      .
        * New upstream version.
        * Remove doc/*.info* on clean to allow building thrice in a row.
          (Closes: #441740)
      .
      gnutls13 (1.7.19-1) unstable; urgency=low
      .
        * New upstream version 1.7.19.
          - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
            This takes of care of the mutt breakage. Closes: #439640
      .
      gnutls13 (1.7.18-2) unstable; urgency=low
      .
        * Upload to unstable
      .
      gnutls13 (1.7.18-1) experimental; urgency=low
      .
        * New upstream version 1.7.18, release candidate for 2.0.
        * Bump shlibs, since functions have been added.
        * Image files renamed upstream with gnutls- prefix and symlinked to
          /usr/share/info/ in Debian package. Closes: #423577
      .
      gnutls13 (1.7.16-1) experimental; urgency=low
      .
        * New upstream version 1.7.16.
      .
      gnutls13 (1.7.14-1) experimental; urgency=low
      .
        * New upstream version
          - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
      .
      gnutls13 (1.7.12-1) experimental; urgency=low
      .
        * New upstream version 1.7.12
          - Fixes memory errors in certificate parsing. Closes: #333050
        * Bump shlibs, due to API extensions in 1.7.10.
        * Rebuilding of docs simpified, strip debian/README.source_and_patches to
          reflect that.
      .
      gnutls13 (1.7.9-1) experimental; urgency=low
      .
        * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
        * New upstream version.
          - Uses opencdk10 (0.6.x).
          - Improved gnutls_set_default_priority() priorities, with matching correct
            docs. (Closes: #422024)
          - bumped shlibs.
        * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
          twice in a row on the same sourcetree. (Closes: #424357) Document what is
          needed to rebuild doc/gnutls.pdf in README.source_and_patches.
      .
      gnutls13 (1.7.7-1) experimental; urgency=low
      .
        * New development upstream version 1.7.7.
          - Point watchfile to development versions.
          - Bump shlibs for added APIs.
          - Includes German translation. (Closes: #392857)
      .
      gnutls13 (1.6.3-1) unstable; urgency=low
      .
        * New upstream version, pulling selected fixes and features from 1.7.x.
        * Bump shlibs.
      .
      gnutls13 (1.6.2-2) unstable; urgency=low
      .
        * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      .
      gnutls13 (1.6.2-1) unstable; urgency=low
      .
        * New upstream version
          - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
            certificates, since it contains a regenerated pkix_asn1_tab.c.
          - Ship German translation. Closes: #392857
      .
      gnutls13 (1.6.1-2) unstable; urgency=low
      .
        * [gnutls-bin.install] Ship psktool.
        * Ship gettext translations in deb package, but as gnutls13.mo instead of
          gnutls.mo.
        * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
          changelog entries after branchoff. Point watchfile to stable upstream
          versions again.
        * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
      .
      gnutls13 (1.6.1-1) experimental; urgency=low
      .
        [ James Westby ]
        * New upstream release.
      .
      gnutls13 (1.6.0-1) experimental; urgency=low
      .
        * New upstream version.
      .
      gnutls13 (1.5.3-1) experimental; urgency=low
      .
        [ Andreas Metzler ]
        * Fix debian/copyright.
          - Do not use "copyright" as title of a paragraph listing licenses.
            (Closes: #290194)
          - Add a copy of the FDL 1.2 to debian/copyright.
        * New upstream version 1.5.3.
        * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
        * Drop code for re-libtoolizing and running auto* from debian/rules, it is
          unused and would not work anymore. (We can later grab the from SVN and
          update it to make work if we ever need it.)
      .
      gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
      .
        [ Andreas Metzler ]
        * Add a watchfile.
        * New upstream development version.
          - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
          - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
            broken.
          - Drop unneeded patches/16_libs.private_gnutls.diff
            patches/16_libs.private_gnutls-extra.diff
          - Point watchfile to development versions.
          - Builds a C++ library.
        * Switch to debhelper v5 mode to be able to ship debug symbols of
          libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
        * Branched off from 1.4.4-1.
      .
      gnutls13 (1.4.4-3) unstable; urgency=low
      .
        * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
             When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
             version, try to negotiate the highest version support by the GnuTLS
             server, instead of the lowest.
      .
      gnutls13 (1.4.4-2) unstable; urgency=low
      .
        [ Andreas Metzler ]
        * Add a watchfile.
        * Fix debian/copyright.
          - Do not use "copyright" as title of a paragraph listing licenses.
            (Closes: #290194)
          - Add a copy of the FDL 1.2 to debian/copyright.
      .
      gnutls13 (1.4.4-1) unstable; urgency=high
      .
        [ Andreas Metzler ]
        * New upstream version 1.4.4
          - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
            crash mutt. (closes: #386725)
            GNUTLS-SA-2006-4 is CVE-2006-4790.
      .
      gnutls13 (1.4.3-2) unstable; urgency=low
      .
        * the lesser of two weevils release.
        [ Andreas Metzler ]
        * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
          various programs, including mutt. (closes: #386680)
      .
      gnutls13 (1.4.3-1) unstable; urgency=high
      .
        [ Andreas Metzler ]
        * New upstream version 1.4.3.
          - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
            rump session attack. GNUTLS-SA-2006-4
          - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
            GNUTLS-SA-2006-3
          - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
      .
      gnutls13 (1.4.2-1) unstable; urgency=medium
      .
        [ Andreas Metzler ]
        * New upstream bugfix release.
          - Fixes a crash in the certificate verification logic.
      .
      gnutls13 (1.4.1-1) unstable; urgency=low
      .
        [ James Westby ]
        * New upstream release.
        * Remove the following patches as they are now included upstream:
          - 10_certtoolmanpage.diff
          - 15_fixcompilewarning.diff
          - 30_man_hyphen_*.patch
        * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
          gnutls-api so that devhelp can find it.
      .
      gnutls13 (1.4.0-3) unstable; urgency=low
      .
        [ Andreas Metzler ]
        * Strip "libgnutls-config --libs"' output to only list stuff required for
          dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
          README.Debian.
        * Pull patches/16_libs.private_gnutls.diff and
          debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
          pkg-config usable for static linking.
      .
      gnutls13 (1.4.0-2) unstable; urgency=low
      .
        [ Andreas Metzler ]
        * Set maintainer to alioth mailinglist.
        * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
          handles this. Build-Depend on autotools-dev.
        * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
        * Use cdbs' simple-patchsys.mk.
          - add debian/README.source_and_patches
          - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
        * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
        * Also ship css-, devhelp- and sgml files in gnutls-doc.
        * patches/15_fixcompilewarning.diff correct order of funtion arguments.
      .
        [ James Westby ]
        * This release allows the port to be specified as the name of the service
          when using gnutls-cli (closes: #342891)
      .
      gnutls13 (1.4.0-1) experimental; urgency=low
      .
        * New maintainer team. Thanks, Matthias for all the work you did.
        * Re-add gnutls-doc package, featuring api-reference as manual pages and
          html, and reference manual in html and pdf format.
          (closes: #368185,#368449)
        * Fix reference to gnutls0.4-doc package in debian/copyright. Update
          debian/copyright and include actual copyright statements.
          (closes: #369071)
        * Bump shlibs because of changes to extra.h
        * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
          generate the necessary directories.
        * Drop debian/NEWS.Debian as it only talks about the move of the (since
          purged) gnutls-doc package to contrib a long time ago.
          (Thanks Simon Josefsson, for these suggestions.)
        * new upstream version. (closes: #368323)
        * clean packaging against upstream tarball.
          - Drop all patches, except for fixing error in certtool.1 and setting
            gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
          - Add  --enable-ld-version-script
            to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
            patching ./configure.in.
          (closes: #367358)
        * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
        * Build against external libtasn1-3. (closes: #363294)
        * Standards-Version: 3.7.2, no changes required.
        * debian/control and override file are in sync with respect to Priority and
          Section, everthing except libgnutls13-dbg already was. (closes: #366956)
        * acknowledge my own NMU. (closes: #367065)
        * libgnutls13-dbg is nonempty (closes: #367056)
      .
      gnutls13 (1.3.5-1.1) unstable; urgency=low
      .
        * NMU
        * Invoke ./configure with --with-included-libtasn1 to prevent accidental
          linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
          contained libtasn1.so.3 and force gnutls13 to use the internal version of
          libtasn instead until libtasn1-3-dev is uploaded. Drop broken
          Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
        * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
          of --dbg-package=libgnutls12. (closes: #367056)
      .
      gnutls13 (1.3.5-1) unstable; urgency=low
      .
        * New Upstream version.
          - Security fix.
          - Yet another ABI change.
        * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
        * Let -dev package depend on liblzo-dev (closes:#347438)
        * Fix certtool help output (closes:#338623)
      .
      gnutls12 (1.2.9-2) unstable; urgency=low
      .
        * Install /usr/lib/pkgconfig/*.pc files.
        * Depend on texinfo (>= 4.8, for the @euro{} sign).
      .
      gnutls12 (1.2.9-1) unstable; urgency=low
      .
        * New Upstream version.
      .
      gnutls12 (1.2.8-1) unstable; urgency=low
      .
        * New Upstream version.
          - depends on libgcrypt11 1.2.2
        * Bumped shlibs version, just to be on the safe side.
      .
      gnutls12 (1.2.6-1) unstable; urgency=low
      .
        * New Upstream version.
        * Remove Provides: on libgnutls11-dev.
          Hopefully this will be temporary (pending discussion with Upstream).
      .
      gnutls12 (1.2.5-3) unstable; urgency=high
      .
        * Updated libgnutls12.shlibs file.
          Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
          Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                        dependencies on this library
      .
      gnutls12 (1.2.5-2) unstable; urgency=medium
      .
        * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
          Added an explicit dependency as a stopgap fix.
      .
      gnutls12 (1.2.5-1) unstable; urgency=low
      .
        * Merged with the latest stable release.
        * Renamed to gnutls12.
          - Changed the library version strings to GNUTLS_1_2.
          - Renamed the development package back to "libgnutls-dev".
      .
      gnutls11 (1.0.19-1) experimental; urgency=low
      .
        * Merged with the latest stable release.
      .
      gnutls11 (1.0.16-13) unstable; urgency=high
      .
        * Fixed an ASN.1 extraction error.
          Found by Pelle Johansson <morth@morth.org>.
      .
      gnutls11 (1.0.16-12) unstable; urgency=high
      .
        * Fixed a segfault in certtool. Closes: #278361.
      .
      gnutls11 (1.0.16-11) unstable; urgency=medium
      .
        * Merged binary (non-UF8) string printing code from Upstream.
        * Password code in certtool was somewhat broken.
      .
      gnutls11 (1.0.16-10) unstable; urgency=high
      .
        * Fixed one instance of uninitialized memory usage.
      .
      gnutls11 (1.0.16-9) unstable; urgency=high
      .
        * Pulled from Upstream CVS:
          - Fix two memory leaks.
          - Fix NULL dereference.
      .
      gnutls11 (1.0.16-8) unstable; urgency=high
      .
        * Pulled these changes from Upstream CVS:
          - Added default limits in the verification of certificate chains,
            to avoid denial of service attacks.
          - Added gnutls_certificate_set_verify_limits() to override them.
          - Added gnutls_certificate_verify_peers2().
      .
      gnutls11 (1.0.16-7) unstable; urgency=low
      .
        * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
          Thanks to joeyh@debian.org for reporting this problem.
      .
      gnutls11 (1.0.16-6) unstable; urgency=medium
      .
        * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
          - Closes: #264420
      .
      gnutls11 (1.0.16-5) unstable; urgency=low
      .
        * Depend on current libtasn1-2 (>= 0.2.10).
          - Closes: #264198.
        * Fixed maintainer email to point to Debian address.
      .
      gnutls11 (1.0.16-4) unstable; urgency=low
      .
        * The OpenSSL compatibility library has been linked incorrectly
          (-ltasn1 was missing).
        * Need to build-depend on current opencdk8 and libtasn1-2 version.
      .
      gnutls11 (1.0.16-3) unstable; urgency=high
      .
        * Documentation no longer includes LaTeX-produced output
          (the source contains latex2html-specific features, which is non-free).
        * Urgency: High because of pending base freeze.
      .
      gnutls11 (1.0.16-2) unstable; urgency=high
      .
        * Actually *enable* debug symbols :-/
        * Urgency: High for speedy inclusion in d-i
      .
      gnutls11 (1.0.16-1) experimental; urgency=low
      .
        * Update to latest Upstream version.
        * now depends on libgcrypt11
        * Include debugging package
        * Use hevea, not latex2html.
      .
      gnutls10 (1.0.4-4) unstable; urgency=low
      .
        * New maintainer.
        * Run autotools at source package build time.
          - Closes: #257237: FTBFS (i386/sid): aclocal failed
        * Remove "package is still changed upstream" warning.
        * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
      .
      gnutls10 (1.0.4-3) unstable; urgency=low
      .
        * control: Changed the build dependency and the dependency of
          libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
          libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
          could cause linking against two versions of libgcrypt.
      .
      gnutls10 (1.0.4-2) unstable; urgency=low
      .
        * libgnutls-doc.doc-base: Removed HTML manual listing.
        * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
          Jordi :)
      .
      gnutls10 (1.0.4-1) unstable; urgency=low
      .
        * New upstream release  (Closes: #227527)
            * The new documentation in libgnutls-doc fixes several typo's and
              style glitches:
              Closes: #215772: inconsistent auth method list in manual
              Closes: #215775: dangling footnote on page 14 of manual
              Closes: #215777: bad sentence on page 18 of manual
              Closes: #215780: incorrect info about ldaps/imaps in manual
        * rules:
            * Use --add-missing instead of --force in the call to automake.
            * Don't build gnutls.ps, use the upstream version.
              (Closes: #224846)
        * gnutls-bin.manpages: Use glob to find manpages.
        * patches/008_manpages.diff: Removed; included upstream.
      .
      gnutls10 (1.0.0-1) unstable; urgency=low
      .
        * New upstream release.
        * Major soversion changed to 10.
        * control: Changed build dependencies of libtasn1-dev.
        * libgnutls10.shlibs: Added libgnutls-openssl to the list.
      .
      gnutls8 (0.9.99-1) experimental; urgency=low
      .
        * New upstream release.
        * Included upstream GPG signature in .orig.tar.gz.
      .
      gnutls8 (0.9.98-1) experimental; urgency=low
      .
        * New upstream release.
        * debian/control: libgnutls8-dev depends on libopencdk8-dev.
        * debian/libgnutls-doc.examples: Install src/*.[ch].
      .
      gnutls8 (0.9.95-1) experimental; urgency=low
      .
        * New upstream version.
      .
      gnutls8 (0.9.94-1) experimental; urgency=low
      .
        * New upstream version; package based on gnutls7 0.8.12-2.
        * debian/control:
            * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
        * debian/rules: Run auto* after the patches have been applied.
      60452b47
    • Ariel D'Alessandro's avatar
      Import Upstream version 3.7.1 · 724a8466
      Ariel D'Alessandro authored
      724a8466
  5. 21 Aug, 2020 2 commits
  6. 19 Aug, 2020 1 commit
    • Sebastien Bacher's avatar
      Import Ubuntu changes 3.4.10-4ubuntu1.8 · 7a7c3092
      Sebastien Bacher authored and Andrej Shadura's avatar Andrej Shadura committed
      gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium
      
        * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
          - add support for zero length  session tickets returned from the server,
            thanks Rod for the backport and testing! (lp: #1876286)
      7a7c3092
  7. 29 Jul, 2020 1 commit
  8. 07 May, 2020 3 commits
    • Ritesh Raj Sarraf's avatar
    • Ritesh Raj Sarraf's avatar
      Merge latest updates and security fixes from debian/xenial · 44a3316b
      Ritesh Raj Sarraf authored
      * debian/xenial:
        Import Debian changes 3.4.10-4ubuntu1.7
      44a3316b
    • Marc Deslauriers's avatar
      Import Debian changes 3.4.10-4ubuntu1.7 · 66a52c6e
      Marc Deslauriers authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
      gnutls28 (3.4.10-4ubuntu1.7) xenial-security; urgency=medium
      
        * SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a
          priority string (LP: #1860656)
          - debian/patches/allow_broken_priority_string.patch: introduce the
            %VERIFY_ALLOW_BROKEN priority string option.
          - debian/patches/allow_sha1_priority_string.patch: introduce the
            %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option.
      
      gnutls28 (3.4.10-4ubuntu1.6) xenial-security; urgency=medium
      
        * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing
          - debian/patches/insecuresha1-*.patch: backport upstream patches to
            allow marking SHA1 as insecure, but only for certificate signing.
          - debian/libgnutls30.symbols: added new symbol.
      
      gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium
      
        * SECURITY UPDATE: Lucky-13 issues
          - debian/patches/CVE-2018-1084x-1.patch: correctly account the length
            field in SHA384 HMAC in lib/algorithms/mac.c, lib/gnutls_cipher.c.
          - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of
            blocks that would have been on minimum pad in lib/gnutls_cipher.c.
          - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under
            SSL3.0 in lib/gnutls_cipher.c.
          - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
            ciphersuites were removed from defaults in lib/gnutls_priority.c,
            tests/priorities.c.
          - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in
            tests/pkcs12_encode.c.
          - CVE-2018-10844
          - CVE-2018-10845
          - CVE-2018-10846
      
      gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium
      
        * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
          OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
          which includes TLS1.2 support. (LP: #1709193)
      
      gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium
      
        * SECURITY UPDATE: null pointer dereference via status response TLS
          extension decoding
          - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
            properly deinitialized in lib/ext/status_request.c.
          - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
            from client extension in lib/ext/status_request.c.
          - debian/patches/CVE-2017-7507-3.patch: documented requirements for
            parameters in lib/ext/status_request.c.
          - CVE-2017-7507
        * SECURITY UPDATE: DoS and possible code execution via OpenPGP
          certificate decoding
          - debian/patches/CVE-2017-7869.patch: enforce packet limits in
            lib/opencdk/read-packet.c.
          - CVE-2017-7869
      
      gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium
      
        * SECURITY UPDATE: OCSP validation issue
          - debian/patches/CVE-2016-7444.patch: correctly verify the serial
            length in lib/x509/ocsp.c.
          - CVE-2016-7444
        * SECURITY UPDATE: denial of service via warning alerts
          - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
            messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
            lib/gnutls_state.c.
          - CVE-2016-8610
        * SECURITY UPDATE: double-free when reading proxy language
          - debian/patches/CVE-2017-5334.patch: fix double-free in
            lib/x509/x509_ext.c.
          - CVE-2017-5334
        * SECURITY UPDATE: out of memory error in stream reading functions
          - debian/patches/CVE-2017-5335.patch: add error checking to
            lib/opencdk/read-packet.c.
          - CVE-2017-5335
        * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
          - debian/patches/CVE-2017-5336.patch: check return code in
            lib/opencdk/pubkey.c.
          - CVE-2017-5336
        * SECURITY UPDATE: heap read overflow when reading streams
          - debian/patches/CVE-2017-5337.patch: add more precise checks to
            lib/opencdk/read-packet.c.
          - CVE-2017-5337
        * debian/patches/fix_expired_certs.patch: use datefudge to fix test with
          expired certs.
      
      gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium
      
        * SRU: LP: #1592693.
        * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools
          in xenial.
      
      gnutls28 (3.4.10-4ubuntu1) xenial; urgency=medium
      
        * Merge with Debian; remaining changes:
          - Make gnutls28 default.
          - debian/patches/disable_global_init_override_test.patch: disable failing
            test.
      
      gnutls28 (3.4.10-4) unstable; urgency=medium
      
        * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
          GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
          unavailable. Closes: #818341
      
      gnutls28 (3.4.10-3) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.4.10-2) experimental; urgency=medium
      
        * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
        * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
          another try for Closes: #813598
      
      gnutls28 (3.4.10-1) experimental; urgency=medium
      
        * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
          master to fix FTBFS with parallel builds. Closes: #816148
        * New upstream version.
        * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
          master branch to fix occasional testsuite error. Closes: #813598
      
      gnutls28 (3.4.9-2ubuntu1) xenial; urgency=medium
      
        * Merge with Debian; remaining changes:
          - Make gnutls28 default.
          - debian/patches/disable_global_init_override_test.patch: disable failing
            test.
      
      gnutls28 (3.4.9-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.4.9-1) experimental; urgency=medium
      
        * New upstream version.
        * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
          36_Revert-tests-updated-to-account-for-cert-generation.patch.
      
      gnutls28 (3.4.8-3) unstable; urgency=medium
      
        * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
          36_Revert-tests-updated-to-account-for-cert-generation.patch
          from upstream GIT. Closes: #813243
      
      gnutls28 (3.4.8-2) unstable; urgency=medium
      
        * Merge master branch into experimental.
          + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
          + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
            This is a kludge and technically wrong, but will prevent partial
            upgrades from stable. See: #788735
        * Upload to unstable.
      
      gnutls28 (3.4.8-1) experimental; urgency=medium
      
        * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
          option was added to debhelper/unstable with version 9.20150628, bump
          build-dependency accordingly.
        * autoreconf requires automake 1.12.2, add build-dependency.
        * New upstream version.
          + Update symbol file.
        * Move Vcs-* from git/http to https.
      
      gnutls28 (3.4.7-1) experimental; urgency=medium
      
        * New upstream version.
          + Update symbol file.
      
      gnutls28 (3.4.6-1) experimental; urgency=medium
      
        * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
          later) to improve reproducibility of build.
        * New upstream version.
          + Update symbol file.
        * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
          (>= 1.17.14). Both are required for build-profile support added in
          previous upload. (Thanks, lintian.)
      
      gnutls28 (3.4.5-1) experimental; urgency=medium
      
        [ Helmut Grohne ]
        * Turn Build-Depends: datefudge optional via <!nocheck> profile.
          Closes: #797544
      
        [ Andreas Metzler ]
        * New upstream version.
      
      gnutls28 (3.4.4.1-1) experimental; urgency=medium
      
        * New upstream version.
          + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
            bump dependency info for functions taking it as argument or returning it.
          + Bump dependency info on private symbols.
          + Update debian/copyright.
          + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
            CVE-2015-6251
      
      gnutls28 (3.4.3-1) experimental; urgency=medium
      
        * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
        * New upstream version.
          + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
            gnutls_pkcs11_token_info_t.
          + Add dependency info for new symbols, bump private symbol dependency.
      
      gnutls28 (3.4.2-2) experimental; urgency=medium
      
        * Disable libidn support because CVE-2015-2059 is still not fixed. See
          <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
          of crywrap.
      
      gnutls28 (3.4.2-1) experimental; urgency=medium
      
        * New upstream version.
          + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
          + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
            version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
      
      gnutls28 (3.4.1-1) experimental; urgency=medium
      
        * New upstream version.
          + Bump (build)-depends on nettle and p11-kit.
          + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
            55_nettle3.patch.
          + Update 14_version_gettextcat.diff.
          + Soname bump, library package renamed from libgnutls-deb0-28 to
            libgnutls30.
          + OpenSSL compat layer is not built by default anymore, pass
            --enable-openssl-compatibility to ./configure.
          + Update symbol file.
          + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
            restricted to the corresponding protocols only, and the VERS-ALL
            string is introduced to catch all possible protocols. Closes: #773145
          + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
            "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
            dependency on libidn11-dev to libgnutls28-dev.
        * Fix typo in debian/rules
          (s/-disable-silent-rules/--disable-silent-rules).
      
      gnutls28 (3.3.20-1ubuntu1) xenial; urgency=medium
      
        * Merge from Debian unstable. Remaining changes:
          - Make gnutls28 default.
        * debian/patches/disable_global_init_override_test.patch: disable failing
          test.
      
      gnutls28 (3.3.20-1) unstable; urgency=medium
      
        * autoreconf requires automake 1.12.2, add build-dependency.
        * New upstream version.
        * Move Vcs-* from git/http to https.
      
      gnutls28 (3.3.19-1) unstable; urgency=medium
      
        * New upstream version.
         + Refresh 20_debian_specific_soname.diff.
         + Update symbol file.
      
      gnutls28 (3.3.18-1ubuntu1) xenial; urgency=medium
      
        * Merge from Debian unstable. Remaining changes:
          - Make gnutls28 default.
      
      gnutls28 (3.3.18-1) unstable; urgency=medium
      
        * New upstream version.
      
      gnutls28 (3.3.17-1) unstable; urgency=medium
      
        * New upstream version.
         + Drop superfluous patches.
          (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
           46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
           47_safe-renegotiation-simulate-receiving-the-extension-.patch)
         + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
           bump dependency info for functions taking it as argument or returning it.
         + Bump dependency info on private symbols.
         + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
           CVE-2015-6251
      
      gnutls28 (3.3.16-2) unstable; urgency=medium
      
        * Refresh 40_no_more_ssl3.diff.
        * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
          46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
          47_safe-renegotiation-simulate-receiving-the-extension-.patch
          Pull three patches from upstream GIT to fix issue with server side sending
          the status request extension even when not requested.
          <http://article.gmane.org/gmane.network.gnutls.general/3929>
      
      gnutls28 (3.3.16-1) unstable; urgency=medium
      
        * Limit watchfile to 3.3.x versions.
        * New upstream version.
          + Drop superfluous patches
            (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
            55_nettle3.patch,
            56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
          + Bump private symbol versioning.
      
      gnutls28 (3.3.15-7) unstable; urgency=medium
      
        * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
          is a kludge and technically wrong, but will prevent partial upgrades from
          stable. Closes: #788735
        * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
      
      gnutls28 (3.3.15-6) unstable; urgency=high
      
        * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
          Closes: #788011
      
      gnutls28 (3.3.15-5ubuntu2) wily; urgency=medium
      
        * SECURITY UPDATE: Double free in certificate DN decoding
          - debian/patches/CVE-2015-6251.patch: Reset the output value on error
            in lib/x509/common.c.
          - CVE-2015-6251
      
      gnutls28 (3.3.15-5ubuntu1) wily; urgency=medium
      
        * Merge from Debian unstable. Remaining changes:
          - Make gnutls28 default.
      
      gnutls28 (3.3.15-5) unstable; urgency=medium
      
        * Upload to unstable.
        * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
          against both 2.7 and 3.x.
      
      gnutls28 (3.3.15-4) experimental; urgency=medium
      
        * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
          allows compilation against both nettle 2.7 and 3.x.
        * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
          and libtasn1-6-dev, the =${binary:Version} dependency of the development
          packages on the respective library packages should make this superfluous.
      
      gnutls28 (3.3.15-3) experimental; urgency=medium
      
        * Add 55_nettle3.patch from
          http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
          against nettle3.
      
      gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium
      
        * Merge from Debian unstable. Remaining changes:
          - Make gnutls28 default.
        * Dropped patches included in new version:
          - debian/patches/CVE-2015-0294.patch
          - debian/patches/CVE-2014-8564.patch
      
      gnutls28 (3.3.15-2) unstable; urgency=medium
      
        * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
          fixing a testsuite error on kfreebsd-*.
      
      gnutls28 (3.3.15-1) unstable; urgency=medium
      
        * New upstream stable release.
          + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
      
      gnutls28 (3.3.14-3) experimental; urgency=medium
      
        * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
        * (Build-)depend on nettle-dev >= 3.0.
      
      gnutls28 (3.3.14-2) unstable; urgency=medium
      
        * Upload to unstable.
        * Sync version of Depends and Build-Depends on libtasn1-6-dev.
      
      gnutls28 (3.3.14-1) experimental; urgency=medium
      
        * New upstream version.
          + Bump libtasn b-d to >= 4.3.
      
      gnutls28 (3.3.13-1) experimental; urgency=medium
      
        * New upstream version.
          + Includes fix for CVE-2015-0294, a certificate algorithm consistency
            checking issue.
      
      gnutls28 (3.3.12-1) experimental; urgency=medium
      
        * New upstream version.
          + gnutls-cli-debug STARTTLS is working. Closes: #467022
      
      gnutls28 (3.3.11-1) experimental; urgency=medium
      
        * New upstream version.
          + Includes fix for OCSP response parsing issue. Closes: #772055
      
      gnutls28 (3.3.10-2) experimental; urgency=medium
      
        * Remove SSL 3.0 from default priorities list.
          Closes: #769904
      
      gnutls28 (3.3.10-1) experimental; urgency=medium
      
        * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
          manpages.
        * New upstream version.
          + Includes fix for a denial of service issue CVE-2014-8564 /
            GNUTLS-SA-2014-5.
          + When gnutls_global_init() is called for a second time, it will check
            whether the /dev/urandom fd kept is still open and matches the original
            one. That behavior works around issues with servers that close all file
            descriptors. This should take care of #760476.
      
      gnutls28 (3.3.9-1) experimental; urgency=medium
      
        * New upstream version.
          + Unfuzz 20_debian_specific_soname.diff.
          + Drop 31_fallback_to_RUSAGE_SELF.diff.
          + Bump private symbol dependency info.
          + Bump dependency version of gnutls_certificate_get_issuer() and
            gnutls_x509_trust_list_get_issuer() because of newly added
            GNUTLS_TL_GET_COPY flag.
      
      gnutls28 (3.3.8-7) unstable; urgency=medium
      
        * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
          Pull two patches from upstream to a use-after-free flaw in
          gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
          Closes: #782776
      
      gnutls28 (3.3.8-6) unstable; urgency=medium
      
        * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
          6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
          certificate import check whether the two signature algorithms match.
          CVE-2015-0294. Closes: #779428
      
      gnutls28 (3.3.8-5) unstable; urgency=medium
      
        * Remove SSL 3.0 from default priorities list.
          Closes: #769904
      
      gnutls28 (3.3.8-4) unstable; urgency=high
      
        * Drop 31_fallback_to_RUSAGE_SELF.diff.
        * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
          from the application check the urandom fd for validity. Closes: #768841
          and takes care of #760476.
        * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
          session deinit. It is already being refreshed during the session lifetime.
        * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
          format, perform additional sanity checks on input.
          CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
        * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
          uses a cert in binary der-format which is not representable in a quilt
          patches and we want to limit debian.tar.xz to modify stuff in debian/ we
          have some special handling in debian/rules.)
      
      gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium
      
        * SECURITY UPDATE: certificate algorithm consistency issue
          - debian/patches/CVE-2015-0294.patch: make sure the two signature
            algorithms match on cert import in lib/x509/x509.c.
          - CVE-2015-0294
      
      gnutls28 (3.3.8-3ubuntu2) vivid; urgency=medium
      
        * SECURITY UPDATE: denial of service and possible code execution via
          elliptic curves parameter printing
          - debian/patches/CVE-2014-8564.patch: add more sanity checks in
            lib/gnutls_ecc.c.
          - CVE-2014-8564
      
      gnutls28 (3.3.8-3ubuntu1) vivid; urgency=low
      
        * Merge from Debian unstable.  Remaining changes:
          - Make gnutls28 default.
      
      gnutls28 (3.3.8-3) unstable; urgency=high
      
        [ Daniel Kahn Gillmor ]
        * Add list of executables to gnutls-bin package description.
          Closes: #763671
      
        [ Andreas Metzler ]
        * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
          try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
          Mavrogiannopoulos!) Closes: #760476
      
      gnutls28 (3.3.8-2) unstable; urgency=medium
      
        * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
          3.3.8 requires libtasn1 >= 3.9.
        * Upload to unstable.
      
      gnutls28 (3.3.8-1) experimental; urgency=medium
      
        * New upstream version.
          + Refresh 20_debian_specific_soname.diff.
          + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
            with old experimental upload 0.21.2-1
          + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
            some functions in the gnutls_pkcs11_* family due to new members in enums
            gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
            symbol dependency info, and bump shlibs.
        * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
          The GnuTLS library package automatically gets a dependency on libp11-kit0
          (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
          libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
          enforce a version on libp11-kit-dev and we do not need to duplicate the
          info.
        * Add explicit build-dependency on libopts25-dev. Closes: #761618
      
      gnutls28 (3.3.7-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.3.7-1) experimental; urgency=medium
      
        * New upstream release.
          + Refresh 20_debian_specific_soname.diff.
          + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
            symbol dependency info, and bump shlibs.
          + New member in gnutls_pkcs11_obj_attr_t, bump version of
            gnutls_pkcs11_obj_list_import_url*.
      
      gnutls28 (3.3.6-2) unstable; urgency=medium
      
        * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
          lastest stable at freeze time.
        * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
          at-build-time-default-compiler) by exporting @CPP@.
      
      gnutls28 (3.3.6-1) experimental; urgency=medium
      
        * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
          with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
        * New upstream release.
          + Refresh 20_debian_specific_soname.diff.
          + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
            symbol dependency info.
      
      gnutls28 (3.3.5-1) experimental; urgency=medium
      
        * New upstream version.
        * Refresh patches/20_debian_specific_soname.diff.
        * Drop 30_Updated-asm-sources.patch.
        * Add new public symbols to symbol file, bump shlibs.
      
      gnutls28 (3.3.3-1) experimental; urgency=medium
      
        * New upstream version, including a fix for GNUTLS-SA-2014-3
          CVE-2014-3466.
        * Refresh 20_debian_specific_soname.diff.
        * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
        * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
      
      gnutls28 (3.3.2-2) experimental; urgency=high
      
        * Fix crashes due to symbol clashes when a binary ends up being linked
          against GnuTLS v2 and v3 by bumping library symbol-versioning (and
          therefore also the soname) in a Debian specific way, to make sure there is
          no conflict with future:
          + 20_debian_specific_soname.diff
            - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
            - Add "-release deb0" to libtool link command.
          + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
          + Adapt symbol file accordingly.
          + Change 14_version_gettextcat.diff, too.
            Closes: #748742
         * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
           These have been unnecessary since we started using dh compat v9, where
           debugging symbols are installed to /usr/lib/debug/.build-id.
      
      gnutls28 (3.3.2-1) experimental; urgency=medium
      
        * Do not build-depend on guile-2.0 on m68k. Closes: #745461
        * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
          enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
          corresponding versioned build-dependency, to prevent building of
          uninstallable packages.
        * New upstream version. Drop 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff.
      
      gnutls28 (3.3.1-1) experimental; urgency=medium
      
        * New upstream version.
          + Drop 20_sparc_chainverify_buserror.diff.
          + Pull 20_guile_no_override_allocation.diff and
            21_Treat-othername-as-printable.diff from upstream GIT.
          + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
            upstream since it was never exported in a public header and is not
            used according to codesearch.d.o.
      
      gnutls28 (3.3.0-2) experimental; urgency=medium
      
        * Drop last remains of -xssl from debian/.
        * Add debian/libgnutls28.symbols.
        * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
          increase the space available for certificates to fix sparc testsuite
          error.
        * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
          libgnutls28-dev.
      
      gnutls28 (3.3.0-1) experimental; urgency=medium
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
      
        * Also version the p11-kit dependency.
        * New upstream version.
          + Set --enable-static, as only shared libs are built by default.
          + libgnutls-xssl is no more.
          + Bump shlibs.
        * Upload to experimental.
      
      gnutls28 (3.2.16-1ubuntu2) utopic; urgency=medium
      
        * No-change rebuild to get debug symbols on all architectures.
      
      gnutls28 (3.2.16-1ubuntu1) utopic; urgency=medium
      
        * Make gnutls28 default.
      
      gnutls28 (3.2.16-1) unstable; urgency=medium
      
        * New upstream version.
      
      gnutls28 (3.2.15-3) unstable; urgency=medium
      
        * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
          with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
        * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
          series.
      
      gnutls28 (3.2.15-2) unstable; urgency=high
      
        * Fix crashes due to symbol clashes when a binary ends up being linked
          against GnuTLS v2 and v3 by bumping library symbol-versioning (and
          therefore also the soname) in a Debian specific way, to make sure there is
          no conflict with future:
          + 20_debian_specific_soname.diff
            - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
            - Add "-release deb0" to libtool link command.
          + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
          + Change 14_version_gettextcat.diff, too.
          Closes: #74874
        * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
          These have been unnecessary since we started using dh compat v9, where
          debugging symbols are installed to /usr/lib/debug/.build-id.
        * debian/copyright: Add info about GPLv2 compatibility.
      
      gnutls28 (3.2.15-1) unstable; urgency=high
      
        * New upstream version.
          + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
      
      gnutls28 (3.2.14-1) unstable; urgency=medium
      
        * Do not build-depend on guile-2.0 on m68k. Closes: #745461
        * New upstream version.
        * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
          enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
          corresponding versioned build-dependency, to prevent building of
          uninstallable packages.
      
      gnutls28 (3.2.13-2) unstable; urgency=medium
      
        * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
          libgnutls28-dev.
      
      gnutls28 (3.2.13-1) unstable; urgency=medium
      
        * Also version the p11-kit dependency.
        * New upstream version.
      
      gnutls28 (3.2.12.1-2) unstable; urgency=medium
      
        * Upload to unstable.
        * Sync from Ubuntu (Colin Watson):
          + Add arm64 and ppc64el to the list of non-ia64 architectures on which
            guile-gnutls is built.
      
      gnutls28 (3.2.12.1-1) experimental; urgency=medium
      
        * New upstream version.
          + Drop superfluous patches: 
            20_bug-in-gnutls_pcert_list_import_x509_raw.patch
            20_CVE-2014-0092.diff
      
      gnutls28 (3.2.11-2) unstable; urgency=high
      
        * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
        * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
          validation issue. CVE-2014-0092
      
      gnutls28 (3.2.11-1) unstable; urgency=high
      
        * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
        * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
      
      gnutls28 (3.2.10-2) unstable; urgency=high
      
        * Upload to unstable.
      
      gnutls28 (3.2.10-1) experimental; urgency=high
      
        * New upstream version.
        * New symbols exported, bump shlibs.
      
      gnutls28 (3.2.9-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.2.9-1) experimental; urgency=medium
      
        * New upstream version.
          + %COMPAT implies %DUMBFW. (See #733039)
        * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
          dh_autoreconf.
        * Stop dh_clean from removing *.bak, upstream tarball actually contains
          files named such in src/ subdirectory.
      
      gnutls28 (3.2.8.1-3) unstable; urgency=medium
      
        * Correct c'n'p error in Vcs-Git field.
        * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
      
      gnutls28 (3.2.8.1-2) unstable; urgency=low
      
        * Upload to unstable, without libgnutls-openssl27.
      
      gnutls28 (3.2.8.1-1) experimental; urgency=low
      
        * New upstream version.
          + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
            upstream.
          + Bump shlibs.
        * Add debian/upstream-signing-key.pgp (listed in
          debian/source/include-binaries) and update watchfile to check
          upstream signature.
      
      gnutls28 (3.2.7-4) experimental; urgency=low
      
        * Upload to experimental, with libgnutls-openssl27.
        * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
      
      gnutls28 (3.2.7-3) unstable; urgency=low
      
        * Point vcs* to git.
        * Upload to unstable, without libgnutls-openssl27.
      
      gnutls28 (3.2.7-2) experimental; urgency=low
      
        * Fix kfreebsd FTBFS.
          + 45_add_strerror-module.patch add gnulib strerror module.
          + Use dh_autoreconf.
      
      gnutls28 (3.2.7-1) experimental; urgency=low
      
        * New upstream version.
          + Add b-d on bison.
          + Bump shlibs.
          + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
          + Simplify debian/rules, stop removing autogened files.
      
      gnutls28 (3.2.6-2) experimental; urgency=low
      
        * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
          for the hint.)
        * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
      
      gnutls28 (3.2.6-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.2.5-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
        * Ship examples/examples.h which is needed for building examples/*.c. Also
          add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
          Closes: #726971
      
      gnutls28 (3.2.4-5) experimental; urgency=low
      
        * Re-enable building of libgnutls-openssl27 binary package.
        * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
          transition to gnutls28.
      
      gnutls28 (3.2.4-4) unstable; urgency=low
      
        * 40_guilenoparallel.diff: Disable parallel build in
          guile/modules/.
      
      gnutls28 (3.2.4-3) unstable; urgency=low
      
        * Looks like "Architecture" in debian/control cannot be folded, unfold the
          respective entry for guile-gnutls.
      
      gnutls28 (3.2.4-2) unstable; urgency=low
      
        * Manpages were missing on binary-only builds. Closes: #721725
        * Build with
          --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
          ca-certificates not pulled in by build-dependencies anymore.
          Closes: #721726
        * Upload to unstable.
      
      gnutls28 (3.2.4-1) experimental; urgency=low
      
        * New upstream release.
          + Drop 40_Clean-up-after-test.patch.
        * Fix path to png files in info files with sed instead of symlinking images.
        * Bump shlibs.
      
      gnutls28 (3.2.3-3) experimental; urgency=low
      
        * Switch to dh, to easily allow us to move gtk-doc-tools to
          Build-Depends-Indep. Closes: #682596
      
      gnutls28 (3.2.3-2) experimental; urgency=low
      
        * Build gnutls-guile against guile-2.0.
          + Drop --disable-largefile on armel armhf mipsel.
          + ia64 does not build guile-2.0, disable guile-support there.
      
      gnutls28 (3.2.3-1) unstable; urgency=low
      
        * New upstream release.
        * Drop superfluous patches. (35_gnutls-priority-string.diff
          36_avoid-leaking-a-buffer-element.diff)
        * Bump shlibs.
      
      gnutls28 (3.2.2-2) unstable; urgency=low
      
        * Pull two patches from upstream:
          +35_gnutls-priority-string.diff Fix priority string parsing broken in
           3.2.2 Closes: #717314
          +36_avoid-leaking-a-buffer-element.diff 
      
      gnutls28 (3.2.2-1) unstable; urgency=low
      
        * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
          Closes: #678070
        * New upstream version.
        * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
        * Bump shlibs.
      
      gnutls28 (3.2.1-2) unstable; urgency=low
      
        * Upload to unstable.
        * Do not link everything against nettle on mips(el), the issue being worked
          around was fixed by the latest eglibc upload.
        * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
          same.
      
      gnutls28 (3.2.1-1) experimental; urgency=low
      
        * New upstream version.
          + Bump nettle build-dep to >= 2.7.
          + Bump shlibs.
          + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
            whether it still fails on kfreebsd-i386.
          + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
            false positive error in 32-bit systems.
          + [32_linkagainstgmp.diff] Link libgnutls against gmp.
      
      gnutls28 (3.1.12-2) unstable; urgency=low
      
        * Upload to unstable.
        * Fix vcs-field-not-canonical lintian error by using anonscm instead of
          svn.debian.org.
      
      gnutls28 (3.1.12-1) experimental; urgency=low
      
        * Use rm -f on clean, fixing an issue with building twice in row.
        * New upstream version.
        * On mips/mipsel link everything and the kitchen-sink against nettle to work
          around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
      
      gnutls28 (3.1.11-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.1.10-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs.
      
      gnutls28 (3.1.9.1-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs.
        * Force re-generation of autogen-ed manpages.
      
      gnutls28 (3.1.8-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls28 (3.1.7-1) experimental; urgency=low
      
        * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
          the build-depency. (Thanks, Daniel Kahn Gillmor)
        * New upstream version.
          + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
            CVE-2013-0169 CVE-2013-1619.
          + New symbols added, bump shlibs.
          + Ship newly available libgnutls-xssl0 library in a separate package.
        * Disable Heart Beat (RFC6520) support.
      
      gnutls28 (3.1.6-1) experimental; urgency=low
      
        * Update watchfile, based on Bart Martens version for gnutls26 on 
          q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
          3.x versions.
        * New upstream version.
          + requires libtasn1 >= 3.1, bump build-depends.
          + requires a a newer version of autogen, bump build-depends.
          + update debian/copyright to reflect the fact that GnuTLS authors have
            stopped assigning copyright to FSF. 
      
      gnutls28 (3.1.5-1) experimental; urgency=low
      
        * New upstream version.
          + Drop 40_danetestfail.diff
          + Unfuzz 20_test-select.diff
          + Bump shlibs.
      
      gnutls28 (3.1.4-1) experimental; urgency=low
      
        * New upstream release.
          + Drop 40_fixtypo.diff.
          + debian/copyright: update upstream author list.
          + New symbols added, bump shlibs.
        * 40_danetestfail.diff - Do not try to run dane test without dane support.
      
      gnutls28 (3.1.3-1) experimental; urgency=low
      
        * New upstream release.
        * Explicitly set --disable-libdane --without-tpm.
        * Bump shlibs.
        * 40_fixtypo.diff pulled from upstream git.
        * Update debian/copyright from AUTHORS.
      
      gnutls28 (3.1.2-1) experimental; urgency=low
      
        * New upstream release.
          + Requires libtasn1-3 2.14, bump (b-)d.
          + New symbols added, bump shlibs.
      
      gnutls28 (3.1.1-1) experimental; urgency=low
      
        * New upstream release.
          + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
            Closes: #686242
          + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
            42_dump-the-errno.diff 43_possiblefix.diff)
          + Bump shlibs.
        * Sync version of libgnutls-dev dependency on nettle-dev with the
          build-dependency.
      
      gnutls28 (3.1.0-5) experimental; urgency=low
      
        * 43_possiblefix.diff might fix the test suite error.
      
      gnutls28 (3.1.0-4) experimental; urgency=low
      
        * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
          testsuite error.
      
      gnutls28 (3.1.0-3) experimental; urgency=low
      
        * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
      
      gnutls28 (3.1.0-2) experimental; urgency=low
      
        * Mention abbreviation "DTLS" in package description.
        * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
          it spuriously fails on about half of the buildds.
      
      gnutls28 (3.1.0-1) experimental; urgency=low
      
        * New upstream release.
          + Bump nettle build-dep to >= 2.5.
          + Bump shlibs.
      
      gnutls28 (3.0.22-2) unstable; urgency=low
      
        * Upload to unstable. This is a leaf-package, experimental should get
          3.1.0.
      
      gnutls28 (3.0.22-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls28 (3.0.21-1) experimental; urgency=low
      
        * New upstream version.
          + Drop 35_s390buildfix.diff.
        * Bump shlibs (new functions added.)
      
      gnutls28 (3.0.20-3) unstable; urgency=low
      
        * 35_s390buildfix.diff - Fixes test-suite error on s390x.
      
      gnutls28 (3.0.20-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.20-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs (new functions added.)
        * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
          CLOCK_MONOTONIC now. #662018
      
      gnutls28 (3.0.19-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.19-1) experimental; urgency=low
      
        * New upstream version.
          + libgnutls: When decoding a PKCS #11 URL the pin-source field
            is assumed to be a file that stores the pin. (LP: #929108)
          + Drop 31_killchild.diff, included upstream.
      
      gnutls28 (3.0.18-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.18-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
        * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
          build to hang.
      
      gnutls28 (3.0.17-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.17-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.0.15-2) experimental; urgency=low
      
        * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
          support for CLOCK_MONOTONIC is missing there. (See #662018.)
      
      gnutls28 (3.0.15-1) experimental; urgency=low
      
        * New upstream version.
          + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
            31_provide-accurate-value-to-select.patch)
          + Includes fix for CVE-2012-1573.
        * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
        * Bump libgnutls-dev dependency on libp11-kit-dev.
      
      gnutls28 (3.0.14-1) experimental; urgency=low
      
        * New upstream version.
          + Drop 30_force-kill-of-child.diff.
        * Pull 30_microseconds-does-not-overflow.patch and
          31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
          error (tests/mini-loss) on kfreebsd-*.
      
      gnutls28 (3.0.13-1) experimental; urgency=low
      
        * New upstream version.
          + bump libp11-kit-dev build-dep. to >= 0.11.
          + drop 30_guilegnutlserrorcodes.diff.
        * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
        * Use and link against Debian's packaged version of autogen/libopts.
          + B-d on autogen.
          + remove autogen-generated files (*.c, *.h) on clean. autogen requires
            that the system headers are at least of the same version as the
            one which was used to generate the files from their respective .def
            sources.
        * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
        * Bump shlibs.
      
      gnutls28 (3.0.12-2) unstable; urgency=low
      
        * De-multiarch guile-gnutls. Closes: #658110
      
      gnutls28 (3.0.12-1) unstable; urgency=low
      
        * New upstream version.
        * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
          testsuite error.
        * Update debian/copyright.
        * Bump shlibs. (OCSP support)
        * Add trivial ocsptool manpage.
      
      gnutls28 (3.0.11-1) unstable; urgency=low
      
        * New upstream version.
      
      gnutls28 (3.0.10-1) unstable; urgency=low
      
        * Drop guile-gnutls.README.Debian - binary guile modules are no longer
          directly installed in $libdir.
        * New upstream version.
          + Drop patches/30_correctly-set-the-odd-bits.patch.
          + gnutls_random_art() added. Update copyright, bump shlibs.
          + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
            Closes: #652552
      
      gnutls28 (3.0.9-2) unstable; urgency=low
      
        * [20_test-select.diff] Do not run gnulib test-select test anymore. The
          test fails on kfreebsd-i386, the gnutls library does not use select().
        * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
        * Upload to unstable.
      
      gnutls28 (3.0.9-1) experimental; urgency=low
      
        * New upstream version.
        * Include guile-gnutls package.
        * Bump shlibs.
      
      gnutls28 (3.0.8-2) unstable; urgency=low
      
        * First upload to unstable.
          + Disable openssl-wrapper package, let it be provided by gnutls26 until
            gnutls28 is in testing.
          + Disable gnutls-guile package, let it be provided by gnutls26 until
            gnutls28 is in testing.
      
      gnutls28 (3.0.8-1) experimental; urgency=low
      
        * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
          guile related FTBFS on these architectures.
          See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.0.7-1) experimental; urgency=low
      
        * New upstream version.
          + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
        * Drop 20_addGNU-stack.diff, included upstream.
        * loadable Guile module no longer installed directly to $libdir but to
          $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
          Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
          DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
        * gnutls-extra is removed upstream, there is no need anymore to manually
          remove the bits and pieces in debian/rules.
      
      gnutls28 (3.0.4-2) experimental; urgency=low
      
        * Drop libgnutls-dev.README.Debian, the information provided there stopped
          being relevant in 2.7.12.
        * Delete superfluous info from debian/README.source.
        * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
          seem to be possible.
          http://lists.debian.org/debian-devel/2011/10/msg00332.html
        * Simplify dependencies:
          + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
            also provided by gnutls26' libgnutls-dev).
          + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
            gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
      
      gnutls28 (3.0.4-1) experimental; urgency=low
      
        * New upstream version.
          + bump shlibs.
          + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
        * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
        * [20_addGNU-stack.diff] Add GNU-stack note to newly added
          padlock-common.s.
        * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
          be packaged for Debian again when it provides functionality.
        * Update debian/copyright, accelerated assembly code is non-FSF copyright.
        * Add crywrap.8 manpage.
      
      gnutls28 (3.0.3-1) experimental; urgency=low
      
        * New upstream version. (Includes a fix for #640639)
        * Bump shlibs.
      
      gnutls28 (3.0.2-1) experimental; urgency=low
      
        * Update debian/copyright for crywrap.
        * Since libgnutls*-dbg contains debugging symbols of helper applications
          libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
          Conflicts.
        * New upstream version. It also includes the fixes for #638586 (Correct
          parsing of XMPP subject alternative names) and #638595
          (gnutls_certificate_set_x509_key() and
          gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
          release of the private key during the lifetime of the certificate
          structure.)
        * Configure with --enable-gtk-doc, the included API reference is incomplete
          in the tarball.
        * [lintian] Get rid of binary-control-field-duplicates-source field
          warnings.
        * [lintian] Add description header to 14_version_gettextcat.diff
        * Bump shlibs.
      
      gnutls28 (3.0.1-1) experimental; urgency=low
      
        * Update Vcs-Svn and Vcs-Browser for new source package name.
        * New upstream version.
          + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
        * Bump build-dependency on libp11-kit-dev to (>= 0.4).
        * Drop 20_executablestack.diff, included upstream.
        * Includes crywrap(8), an application that proxies TLS session to a port
          using a plaintext service. 
        * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
        * Bump shlibs. (New flags).
      
      gnutls28 (3.0.0-2) experimental; urgency=low
      
        * Add missing b-d on chrpath.
        * Search for .xz instead of .bz2 in watchfile.
      
      gnutls28 (3.0.0-1) experimental; urgency=low
      
        * Drop gcrypt related patches (16_unnecessarydep.diff
          17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
          20_gcrypt15compat.diff), update remaining one
          (14_version_gettextcat.diff).
        * Build against nettle and p11-kit.
          + Update DEB_CONFIGURE_EXTRA_FLAGS.
          + Update (Build-)Depends. (Add pkg-config, it is used for locating
            p11-kit.)
        * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
          libgnutls28.
        * Drop libgnutls Breaks, they are superfluous after the soname change.
        * Delete config.log on clean.
        * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
          assembly files.
        * Delete unneccessary rpath entries.
        * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
          NEWS entry for this license change.
        * Move gnutls-extra library to separate package.
      
      gnutls26 (2.12.7-4) unstable; urgency=low
      
        * Upload to unstable.
        * Point watch file to stable release directory.
        * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
          Libs.private. Closes: #632891
        * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
      
      gnutls26 (2.12.7-3) experimental; urgency=low
      
        [ Simon Josefsson ]
        * Fix Debian BTS URL in --with-packager-bug-reports option.
      
        [ Andreas Metzler ]
        * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
      
      gnutls26 (2.12.7-2) experimental; urgency=low
      
        * Stop shipping libtool la files.
        * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
          + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
            *.install accordingly.
          + Bump cdbs Build-Depends to 0.4.93 (required for expanding
            $(DEB_HOST_MULTIARCH)).
          + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
          + runtime libraries and guile-wrapper are Multi-Arch: same with 
            Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
            Multi-Arch: foreign, -dev and -dbg remain unchanged.
          + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
            package. It contains debugging symbols for both library and helper
            binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
            co-installable with itself.
      
      gnutls26 (2.12.7-1) experimental; urgency=low
      
        * New upstream version.
        * Update 17_ignoretestsuitteerrors.diff.
        * A new version of pokerth has been uploaded to sid, update libgnutls26
          Breaks accordingly.
      
      gnutls26 (2.12.6.1-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs, global_set_time_function() was added.
        * Stop setting CFLAGS += -Wall, it is set by default again.
        * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
          errors.
      
      gnutls26 (2.12.5-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs, gnutls_x509_crq_verify() was added.
      
      gnutls26 (2.12.4-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs. (gnutls_certificate_get_issuer() added).
      
      gnutls26 (2.12.3-1) experimental; urgency=low
      
        * New upstream version.
        * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
      
      gnutls26 (2.12.2-2) experimental; urgency=low
      
        * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
          for compatibility. Closes: #623001
      
      gnutls26 (2.12.2-1) experimental; urgency=low
      
        * New upstream version.
        * [lintian] Drop article from short package descriptions.
      
      gnutls26 (2.12.1-1) experimental; urgency=low
      
        * New upstream version.
          + certtool: Generated certificate request with stricter permissions.
            Closes: #619746
        * Drop superfluous patches:
          17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
          19_uninitializedvar.diff 20_access_freedmemory.diff
        * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
          need a binNMU when gnutls 2.12.x uploaded to unstable.
      
      gnutls26 (2.12.0-1) experimental; urgency=low
      
        * New upstream stable release.
          + Drop superceded patches 17_goldhotfix.patch
            18_libgnutls-openssl_soname.diff.
        * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
          17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
          19_uninitializedvar.diff 20_access_freedmemory.diff
      
      gnutls26 (2.11.7-2) experimental; urgency=low
      
        * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
          versioning: 27:0:0).
        * Split off libgnutls-openssl to a separate package, since the sonames are
          not in sync anymore.
      
      gnutls26 (2.11.7-1) experimental; urgency=low
      
        * New upstream version (rc for 2.12)
          + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
          + Bump shlibs.
        * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
      
      gnutls26 (2.11.6-2) experimental; urgency=low
      
        * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
          on big endian architectures.
      
      gnutls26 (2.11.6-1) experimental; urgency=low
      
        * Development release.
        * Continue building against libgcrypt, run configure with --with-libgcrypt.
        * Refresh patches/15_fixgnutlspc.diff.
        * Set --with-packager* options.
        * Install newly available p11tool binary.
        * Bump libgcrypt11-dev Build-Depends.
        * C++ wrapper soname bump, change package name accordingly.
        * Bump shlibs.
        * Update debian/copyright.
        * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
          seem to set it by default.
      
      gnutls26 (2.10.5-3) unstable; urgency=medium
      
        * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
      
      gnutls26 (2.10.5-2) unstable; urgency=low
      
        * Stop shipping libtool la files.
      
      gnutls26 (2.10.5-1) unstable; urgency=low
      
        * New upstream bugfix release.
          + Drop 15_fixgnutlspc.diff, included upstream.
        * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
          seem to set it by default.
      
      gnutls26 (2.10.4-2) unstable; urgency=low
      
        * Use debhelper compatibility level 7.
        * Merge in changes from 2.8.6-1:
          + Use dh_lintian.
          + Use dh_makeshlibs for the guile stuff, too. This gets us 
            a) ldconfig in postinst. Closes: #553109
            and
            b) a shlibs file.
            However the shared objects /usr/lib/libguile-gnutls*so* are still not
            designed to be used as libraries (linking) but are dlopened. guile-1.10
            will address this issue by keeping this stuff in a private directory.
          + hotfix pkg-config files (proper fix to be included upstream).
          + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
            Closes: #405239
         * Upload to unstable.
      
      gnutls26 (2.10.4-1) experimental; urgency=low
      
        * New upstream release. V1 CAs are trusted by default.
      
      gnutls26 (2.10.3-1) experimental; urgency=low
      
        * Drop workaround for 519006, binutils is fixed even in squeeze.
        * New upstream bugfix release.
      
      gnutls26 (2.10.2-1) experimental; urgency=low
      
        * New upstream version.
          + Fix asynchronous API handling. Closes: #588187
          + certtool does not crash on reading from /dev/null anymore.
            Closes: #588029
        * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
      
      gnutls26 (2.10.1-1) experimental; urgency=low
      
        * Update package descriptions. Closes: #588067
        * New upstream version.
      
      gnutls26 (2.10.0-2) experimental; urgency=low
      
        * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
          libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
          support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
          (2.31.2-1) not yet. Closes: #587755
      
      gnutls26 (2.10.0-1) experimental; urgency=low
      
        * New upstream stable release.
        * Point watchfile to stable releases.
      
      gnutls26 (2.9.12-2) experimental; urgency=low
      
        * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
          without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
          useless and almost empty package on these archs.)
        * Drop ancient workaround for gcc bug on hppa.
          http://bugs.debian.org/128036
      
      gnutls26 (2.9.12-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls26 (2.9.11-1) experimental; urgency=low
      
        * New upstream version.
        * Drop 15_gnutlspriority.diff, superseded.
      
      gnutls26 (2.9.10-2) experimental; urgency=low
      
        * [15_gnutlspriority.diff] Restore compatibility with programs using 
          gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
          Closes: #579831
      
      gnutls26 (2.9.10-1) experimental; urgency=low
      
        * New upstream version.
        * New functions added, bump shlibs.
      
      gnutls26 (2.9.9-1) experimental; urgency=low
      
        * Package upstream development branch for experimental.
        * Track development versions in watchfile.
        * Package C++ wrapper again. Closes: #548637
      
      gnutls26 (2.8.6-1) unstable; urgency=low
      
        * Use dh_lintian.
        * Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        * hotfix pkg-config files (proper fix to be included upstream).
        * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
      
      gnutls26 (2.8.5-2) unstable; urgency=low
      
        * Add a huge bunch of lintian overrides for the guile stuff to make dak
          happy.
      
      gnutls26 (2.8.5-1) unstable; urgency=low
      
        * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
        * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
          orig.tar.bz2 without repacking it to gz.
        * New upstream version.
          + Drop patches/20_fixtimebomb.diff.
      
      gnutls26 (2.8.4-2) unstable; urgency=high
      
        * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
      
      gnutls26 (2.8.4-1) unstable; urgency=low
      
        * New upstream version.
          + Drop debian/patches/15_openpgp.diff.
        * Sync priorities with override file, libgnutls26 has been bumped from
          important to standard.
      
      gnutls26 (2.8.3-3) unstable; urgency=low
      
        * Empty dependency_libs in la-files. (Squeeze release goal.)
      
      gnutls26 (2.8.3-2) unstable; urgency=low
      
        * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
          openpgp connections.
      
      gnutls26 (2.8.3-1) unstable; urgency=high
      
        * New upstream version.
          + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
            was built against. Closes: #540449
          + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
            certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
            http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
        * Drop 15_chainverify_expiredcert.diff, included upstream.
        * Urgency high, since 541439 applies to testing, too.
      
      gnutls26 (2.8.1-2) unstable; urgency=low
      
        [ Simon Josefsson ]
        * Remove cruft in rules file.
        * Remove patches/15_tasn1inpc.diff, not needed.
      
        [ Andreas Metzler ]
        * Finally add an entry to the NEWS.Debian file concerning the deprecation of
          RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
        * Upload to unstable.
        * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
          Fix testsuite error caused by expired certificate.
      
      gnutls26 (2.8.1-1) experimental; urgency=low
      
        * New upstream stable release.
      
      gnutls26 (2.7.14-1) experimental; urgency=low
      
        * [debian/control] set section setting of source package to libs instead of
          devel.
        * New upstream version.
          + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
          + Bump shlibs, new symbols added.
      
      gnutls26 (2.7.12-1) experimental; urgency=low
      
        * Fix typo in changelog. Closes: #526427
        * New upstream release.
          + Does not ship the scripts libgnutls-extra-config and libgnutls-config
            and the .m4 snippet to use it anymore. Please switch to pkg-config or
            standard autoconf test. Drop manpages and
            both patches/13_lessdeps_gnutls-config.diff and
            patches/13_lessdeps_gnutls-config.diff from the debian diff.
          + Update remaining patches.
          + Bump shlibs, new symbols added.
        * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
          already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
          GNUTLS_2_8.
        * New upstream uses separate ./configure scripts for the different
          libraries. Invoke the main ./configure script with
          --cache-file=$(CURDIR)/config.cache to speed things up.
      
      gnutls26 (2.6.6-1) unstable; urgency=high
      
        * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
          way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
        * New upstream security release.
          + libgnutls: Corrected double free on signature verification failure.
            GNUTLS-SA-2009-1 CVE-2009-1415
          + libgnutls: Fix DSA key generation. Noticed when investigating the
            previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
            2.6.x are corrupt.  See the advisory for more details.
            GNUTLS-SA-2009-2 CVE-2009-1416
          + libgnutls: Check expiration/activation time on untrusted certificates.
            Before the library did not check activation/expiration times on
            certificates, and was documented as not doing so.
            GNUTLS-SA-2009-3 CVE-2009-1417
         * The former two issues only apply to gnutls 2.6.x. The latter is a
           behavior change, add a NEWS.Debian file to document it.
      
      gnutls26 (2.6.5-1) unstable; urgency=low
      
        * Sync sections in debian/control with override file. libgnutls26-dbg is
          section debug, guile-gnutls is section lisp.
        * New upstream version. (Needed for Libtasn1-3 2.0)
        * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
        * Standards-Version: 3.8.1, no changes required.
      
      gnutls26 (2.6.4-2) unstable; urgency=low
      
        * Upload to unstable.
        * Merge changelog entries from unstable and experimental.
      
      gnutls26 (2.6.4-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls26 (2.6.3-1) experimental; urgency=low
      
        * New upstream version.
          + Corrects bug gnutls-cli which caused a rehandshake request
            to be ignored. Closes: #396867
        * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
      
      gnutls26 (2.6.2-2) experimental; urgency=low
      
        * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
          correct certificate chains were not recognized as verified.
          Closes: #507633
        * [lintian] Add ${misc:Depends} to multiple dendency lines.
      
      gnutls26 (2.6.2-1) experimental; urgency=low
      
        * New upstream version.
          + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
          + Drop 20_fix_501077.diff.
        * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
          there.
        * Add Simon Josefsson to uploaders.
      
      gnutls26 (2.6.0-1) experimental; urgency=low
      
        * New upstream stable release.
        * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
          gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
      
      gnutls26 (2.5.9-1) experimental; urgency=low
      
        * New upstream development version.
        * Bump shlibs.
      
      gnutls26 (2.4.2-6) unstable; urgency=medium
      
        * New patches, syncing with 2.4.3 upstream oldstable release:
          + 24_intermedcertificate.patch If a non-root certificate ist trusted
            gnutls certificateificate verification stops there instead of checking
            up to the root of the certificate chain.
          + 22_whitespace.patch - Whitespace only changes, to make it possible to
            apply upstream fixes without manual changes. 
          + 25_bufferoverrun.patch. Fix buffer overrun bug in
            gnutls_x509_crt_list_import.
            http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
      
      gnutls26 (2.4.2-5) unstable; urgency=low
      
        * Pull two patches from upstream stable branch to make gnutls behavior
          match documentation:
         + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
           certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
           GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
         + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
           certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
           GNUTLS_CERT_INSECURE_ALGORITHM verification output.
           CVE-2009-2409
      
      gnutls26 (2.4.2-4) unstable; urgency=medium
      
        * Add Simon Josefsson to uploaders.
        * Another fix for the verification fix. Some correct certificate chains were
          not recognized as verified. Closes: #507633
      
      gnutls26 (2.4.2-3) unstable; urgency=low
      
        * Fix a crash on trying to verify self-signed certificates introduced by the
          patch for CVE-2008-4989. Closes: #505279
      
      gnutls26 (2.4.2-2) unstable; urgency=medium
      
        * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
          verification. CVE-2008-4989 GNUTLS-SA-2008-3
      
      gnutls26 (2.4.2-1) unstable; urgency=low
      
        * New upstream bugfix release.
        * Up to date gnutls-cli manpage. Closes: #492775
      
      gnutls26 (2.4.1-1) unstable; urgency=medium
      
        * New upstream version, fixing a local denial of service vulnerability only
          present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
      
      gnutls26 (2.4.0-2) unstable; urgency=low
      
        * Standards version 3.8.0. Rename README.source_and_patches to README.source.
        * Upload to unstable.
        * Point watchfile to stable releases again.
        * Merge experimental and unstable changelog.
      
      gnutls26 (2.4.0-1) experimental; urgency=low
      
        * New upstream stable release.
        * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
      
      gnutls26 (2.3.15-1) experimental; urgency=low
      
        * New upstream version. (rc4)
          Disables 'openpgp-certs' tests. Closes: #486269
      
      gnutls26 (2.3.14-1) experimental; urgency=low
      
        * New upstream version. (rc3)
      
      gnutls26 (2.3.13-1) experimental; urgency=low
      
        * New upstream version. 2nd rc for 2.4.0.
        * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
      
      gnutls26 (2.3.12-1) experimental; urgency=low
      
        * New upstream version. Bump shlibs.
        * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
        * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
          failure on sparc.
      
      gnutls26 (2.3.11-1) experimental; urgency=low
      
        * New upstream version.
          + Fixes three security vulnerabilities.
            [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
            <http://www.gnu.org/software/gnutls/security.html>.
            CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
          + Fixes subjectAltName wildcard matching. Closes: #479174
          + certtool now writes keyfiles with 0600 permissions. Closes: #373169
      
      gnutls26 (2.2.5-1) unstable; urgency=high
      
        * New upstream version.
          Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
      
      gnutls26 (2.3.9-1) experimental; urgency=low
      
        * New upstream development version.
          - OpenPGP support merged into libgnutls and is now licensed under LGPL.
            The included copy of OpenCDK has been stripped down and re-licensed
            under the LGPL. Using the external OpenCDK is not supported anymore, the
            external library will not be maintained anymore. Drop respective
            (build-)depends.
          - API extended, bump shlibs.
          - certtool asks for password confirmation. Closes: #364287
          - performance enhancements for gnutls_certificate_set_x509_trust_file.
            Closes: #400448
          - gnutls-cli: exits when hostname doesn't match certificate.
            Use --insecure to avoid hostname comparison.
        * For paranoia sake build with -D_REENTRANT even if upstream has stopped
          doing so.
        * [debian/copyright] : update, and stop including a GFDL copy.
        * Point watchfile to development versions.
      
      gnutls26 (2.2.3-1) unstable; urgency=low
      
        * New upstream stable release.
          - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
      
      gnutls26 (2.2.3~rc-1) unstable; urgency=low
      
        * New upstream version. Release candidate for 2.2.3.
          + Increase default handshake packet size limit to 48kb. Closes: #478191
        * remove unsupported .l command from debian/libgnutls-config.1
        * Use Programming/C as doc-base section.
      
      gnutls26 (2.2.2-1) unstable; urgency=low
      
        * New upstream version.
          Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
          and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
          strings and return the proper size.
          corrected string handling in parse_general_name.
          Closes: #465197
        * Point watchfile to ftp.gnutls.org.
        * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
      
      gnutls26 (2.2.1-3) unstable; urgency=low
      
        * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
          gnutls guile wrapper on ia64.
      
      gnutls26 (2.2.1-2) unstable; urgency=low
      
        * Add Vcs-Svn: and Vcs-Browser control fields.
        * Upload to unstable.
      
      gnutls26 (2.2.1-1) experimental; urgency=low
      
        * New upstream version.
        * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
          there.
        * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
          packages contain gnutls-bin debugging symbols. Closes: #459295.
      
      gnutls26 (2.2.0-1) experimental; urgency=low
      
        * New upstream version.
          License change! Main library stays LGPLv2.1+ but libgnutls-extra,
          libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
          updated.
        * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
          versions were GPLv2+) and this license is not compatible with GPLv3+.
        * Non packaged 2.1.8 introduced new symbol
          gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
        * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
        * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
          DSA2 support. Closes: #455513
        * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
      
      gnutls26 (2.1.7-1) experimental; urgency=low
      
        * New upstream version.
          - Another soname bump. Packages renamed.
        * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
          dak does not allow that yet.
        * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
          libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
      
      gnutls25 (2.1.6-2) experimental; urgency=low
      
        * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
          experimental buildds happy.
      
      gnutls25 (2.1.6-1) experimental; urgency=low
      
        * New upstream version. API changes! Please consult
          /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
          removed (mainly *_authz_*) and changed interfaces.
          This is the first release canddate for 2.2. The deprecation of
          gnutls_set_default_priority() is supposed to be undone before the final
          stable release.
        * Bump build-depends.
        * Stop building and shipping the C++ library, since nobody is using it. I
          will happly re-add it if requested.
        * Add Homepage field to debian/control.
        * Build and ship Guile bindings. Requested by Ludovic Courtès who also
          provided the initial patch. (On a sidenote I think guile generally does
          not do the right thing by throwing dlopened modules into /usr/lib/.)
        * Update debian/copyright.
      
      gnutls13 (2.0.1-1) unstable; urgency=low
      
        * New upstream version.
        * Remove doc/*.info* on clean to allow building thrice in a row.
          (Closes: #441740)
      
      gnutls13 (1.7.19-1) unstable; urgency=low
      
        * New upstream version 1.7.19.
          - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
            This takes of care of the mutt breakage. Closes: #439640
      
      gnutls13 (1.7.18-2) unstable; urgency=low
      
        * Upload to unstable
      
      gnutls13 (1.7.18-1) experimental; urgency=low
      
        * New upstream version 1.7.18, release candidate for 2.0.
        * Bump shlibs, since functions have been added.
        * Image files renamed upstream with gnutls- prefix and symlinked to
          /usr/share/info/ in Debian package. Closes: #423577
      
      gnutls13 (1.7.16-1) experimental; urgency=low
      
        * New upstream version 1.7.16.
      
      gnutls13 (1.7.14-1) experimental; urgency=low
      
        * New upstream version
          - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
      
      gnutls13 (1.7.12-1) experimental; urgency=low
      
        * New upstream version 1.7.12
          - Fixes memory errors in certificate parsing. Closes: #333050
        * Bump shlibs, due to API extensions in 1.7.10.
        * Rebuilding of docs simpified, strip debian/README.source_and_patches to
          reflect that.
      
      gnutls13 (1.7.9-1) experimental; urgency=low
      
        * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
        * New upstream version.
          - Uses opencdk10 (0.6.x).
          - Improved gnutls_set_default_priority() priorities, with matching correct
            docs. (Closes: #422024)
          - bumped shlibs.
        * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
          twice in a row on the same sourcetree. (Closes: #424357) Document what is
          needed to rebuild doc/gnutls.pdf in README.source_and_patches.
      
      gnutls13 (1.7.7-1) experimental; urgency=low
      
        * New development upstream version 1.7.7.
          - Point watchfile to development versions.
          - Bump shlibs for added APIs.
          - Includes German translation. (Closes: #392857)
      
      gnutls13 (1.6.3-1) unstable; urgency=low
      
        * New upstream version, pulling selected fixes and features from 1.7.x.
        * Bump shlibs.
      
      gnutls13 (1.6.2-2) unstable; urgency=low
      
        * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      
      gnutls13 (1.6.2-1) unstable; urgency=low
      
        * New upstream version
          - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
            certificates, since it contains a regenerated pkix_asn1_tab.c.
          - Ship German translation. Closes: #392857
      
      gnutls13 (1.6.1-2) unstable; urgency=low
      
        * [gnutls-bin.install] Ship psktool.
        * Ship gettext translations in deb package, but as gnutls13.mo instead of
          gnutls.mo.
        * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
          changelog entries after branchoff. Point watchfile to stable upstream
          versions again.
        * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
      
      gnutls13 (1.6.1-1) experimental; urgency=low
      
        [ James Westby ]
        * New upstream release.
      
      gnutls13 (1.6.0-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls13 (1.5.3-1) experimental; urgency=low
      
        [ Andreas Metzler ]
        * Fix debian/copyright.
          - Do not use "copyright" as title of a paragraph listing licenses.
            (Closes: #290194)
          - Add a copy of the FDL 1.2 to debian/copyright.
        * New upstream version 1.5.3.
        * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
        * Drop code for re-libtoolizing and running auto* from debian/rules, it is
          unused and would not work anymore. (We can later grab the from SVN and
          update it to make work if we ever need it.)
      
      gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
      
        [ Andreas Metzler ]
        * Add a watchfile.
        * New upstream development version.
          - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
          - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
            broken.
          - Drop unneeded patches/16_libs.private_gnutls.diff
            patches/16_libs.private_gnutls-extra.diff
          - Point watchfile to development versions.
          - Builds a C++ library.
        * Switch to debhelper v5 mode to be able to ship debug symbols of
          libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
        * Branched off from 1.4.4-1.
      
      gnutls13 (1.4.4-3) unstable; urgency=low
      
        * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
             When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
             version, try to negotiate the highest version support by the GnuTLS
             server, instead of the lowest.
      
      gnutls13 (1.4.4-2) unstable; urgency=low
      
        [ Andreas Metzler ]
        * Add a watchfile.
        * Fix debian/copyright.
          - Do not use "copyright" as title of a paragraph listing licenses.
            (Closes: #290194)
          - Add a copy of the FDL 1.2 to debian/copyright.
      
      gnutls13 (1.4.4-1) unstable; urgency=high
      
        [ Andreas Metzler ]
        * New upstream version 1.4.4
          - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
            crash mutt. (closes: #386725)
            GNUTLS-SA-2006-4 is CVE-2006-4790.
      
      gnutls13 (1.4.3-2) unstable; urgency=low
      
        * the lesser of two weevils release.
        [ Andreas Metzler ]
        * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
          various programs, including mutt. (closes: #386680)
      
      gnutls13 (1.4.3-1) unstable; urgency=high
      
        [ Andreas Metzler ]
        * New upstream version 1.4.3.
          - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
            rump session attack. GNUTLS-SA-2006-4
          - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
            GNUTLS-SA-2006-3
          - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
      
      gnutls13 (1.4.2-1) unstable; urgency=medium
      
        [ Andreas Metzler ]
        * New upstream bugfix release.
          - Fixes a crash in the certificate verification logic.
      
      gnutls13 (1.4.1-1) unstable; urgency=low
      
        [ James Westby ]
        * New upstream release.
        * Remove the following patches as they are now included upstream:
          - 10_certtoolmanpage.diff
          - 15_fixcompilewarning.diff
          - 30_man_hyphen_*.patch
        * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
          gnutls-api so that devhelp can find it.
      
      gnutls13 (1.4.0-3) unstable; urgency=low
      
        [ Andreas Metzler ]
        * Strip "libgnutls-config --libs"' output to only list stuff required for
          dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
          README.Debian.
        * Pull patches/16_libs.private_gnutls.diff and
          debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
          pkg-config usable for static linking.
      
      gnutls13 (1.4.0-2) unstable; urgency=low
      
        [ Andreas Metzler ]
        * Set maintainer to alioth mailinglist.
        * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
          handles this. Build-Depend on autotools-dev.
        * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
        * Use cdbs' simple-patchsys.mk.
          - add debian/README.source_and_patches
          - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
        * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
        * Also ship css-, devhelp- and sgml files in gnutls-doc.
        * patches/15_fixcompilewarning.diff correct order of funtion arguments.
      
        [ James Westby ]
        * This release allows the port to be specified as the name of the service
          when using gnutls-cli (closes: #342891)
      
      gnutls13 (1.4.0-1) experimental; urgency=low
      
        * New maintainer team. Thanks, Matthias for all the work you did.
        * Re-add gnutls-doc package, featuring api-reference as manual pages and
          html, and reference manual in html and pdf format.
          (closes: #368185,#368449)
        * Fix reference to gnutls0.4-doc package in debian/copyright. Update
          debian/copyright and include actual copyright statements.
          (closes: #369071)
        * Bump shlibs because of changes to extra.h
        * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
          generate the necessary directories.
        * Drop debian/NEWS.Debian as it only talks about the move of the (since
          purged) gnutls-doc package to contrib a long time ago.
          (Thanks Simon Josefsson, for these suggestions.)
        * new upstream version. (closes: #368323)
        * clean packaging against upstream tarball.
          - Drop all patches, except for fixing error in certtool.1 and setting
            gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
          - Add  --enable-ld-version-script
            to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
            patching ./configure.in.
          (closes: #367358)
        * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
        * Build against external libtasn1-3. (closes: #363294)
        * Standards-Version: 3.7.2, no changes required.
        * debian/control and override file are in sync with respect to Priority and
          Section, everthing except libgnutls13-dbg already was. (closes: #366956)
        * acknowledge my own NMU. (closes: #367065)
        * libgnutls13-dbg is nonempty (closes: #367056)
      
      gnutls13 (1.3.5-1.1) unstable; urgency=low
      
        * NMU
        * Invoke ./configure with --with-included-libtasn1 to prevent accidental
          linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
          contained libtasn1.so.3 and force gnutls13 to use the internal version of
          libtasn instead until libtasn1-3-dev is uploaded. Drop broken
          Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
        * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
          of --dbg-package=libgnutls12. (closes: #367056)
      
      gnutls13 (1.3.5-1) unstable; urgency=low
      
        * New Upstream version.
          - Security fix.
          - Yet another ABI change.
        * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
        * Let -dev package depend on liblzo-dev (closes:#347438)
        * Fix certtool help output (closes:#338623)
      
      gnutls12 (1.2.9-2) unstable; urgency=low
      
        * Install /usr/lib/pkgconfig/*.pc files.
        * Depend on texinfo (>= 4.8, for the @euro{} sign).
      
      gnutls12 (1.2.9-1) unstable; urgency=low
      
        * New Upstream version.
      
      gnutls12 (1.2.8-1) unstable; urgency=low
      
        * New Upstream version.
          - depends on libgcrypt11 1.2.2
        * Bumped shlibs version, just to be on the safe side.
      
      gnutls12 (1.2.6-1) unstable; urgency=low
      
        * New Upstream version.
        * Remove Provides: on libgnutls11-dev.
          Hopefully this will be temporary (pending discussion with Upstream).
      
      gnutls12 (1.2.5-3) unstable; urgency=high
      
        * Updated libgnutls12.shlibs file.
          Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
          Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                        dependencies on this library
      
      gnutls12 (1.2.5-2) unstable; urgency=medium
      
        * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
          Added an explicit dependency as a stopgap fix.
      
      gnutls12 (1.2.5-1) unstable; urgency=low
      
        * Merged with the latest stable release.
        * Renamed to gnutls12.
          - Changed the library version strings to GNUTLS_1_2.
          - Renamed the development package back to "libgnutls-dev".
      
      gnutls11 (1.0.19-1) experimental; urgency=low
      
        * Merged with the latest stable release.
      
      gnutls11 (1.0.16-13) unstable; urgency=high
      
        * Fixed an ASN.1 extraction error.
          Found by Pelle Johansson <morth@morth.org>.
      
      gnutls11 (1.0.16-12) unstable; urgency=high
      
        * Fixed a segfault in certtool. Closes: #278361.
      
      gnutls11 (1.0.16-11) unstable; urgency=medium
      
        * Merged binary (non-UF8) string printing code from Upstream.
        * Password code in certtool was somewhat broken.
      
      gnutls11 (1.0.16-10) unstable; urgency=high
      
        * Fixed one instance of uninitialized memory usage.
      
      gnutls11 (1.0.16-9) unstable; urgency=high
      
        * Pulled from Upstream CVS:
          - Fix two memory leaks.
          - Fix NULL dereference.
      
      gnutls11 (1.0.16-8) unstable; urgency=high
      
        * Pulled these changes from Upstream CVS:
          - Added default limits in the verification of certificate chains,
            to avoid denial of service attacks.
          - Added gnutls_certificate_set_verify_limits() to override them.
          - Added gnutls_certificate_verify_peers2().
      
      gnutls11 (1.0.16-7) unstable; urgency=low
      
        * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
          Thanks to joeyh@debian.org for reporting this problem.
      
      gnutls11 (1.0.16-6) unstable; urgency=medium
      
        * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
          - Closes: #264420
      
      gnutls11 (1.0.16-5) unstable; urgency=low
      
        * Depend on current libtasn1-2 (>= 0.2.10).
          - Closes: #264198.
        * Fixed maintainer email to point to Debian address.
      
      gnutls11 (1.0.16-4) unstable; urgency=low
      
        * The OpenSSL compatibility library has been linked incorrectly
          (-ltasn1 was missing).
        * Need to build-depend on current opencdk8 and libtasn1-2 version.
      
      gnutls11 (1.0.16-3) unstable; urgency=high
      
        * Documentation no longer includes LaTeX-produced output
          (the source contains latex2html-specific features, which is non-free).
        * Urgency: High because of pending base freeze.
      
      gnutls11 (1.0.16-2) unstable; urgency=high
      
        * Actually *enable* debug symbols :-/
        * Urgency: High for speedy inclusion in d-i
      
      gnutls11 (1.0.16-1) experimental; urgency=low
      
        * Update to latest Upstream version.
        * now depends on libgcrypt11
        * Include debugging package
        * Use hevea, not latex2html.
      
      gnutls10 (1.0.4-4) unstable; urgency=low
      
        * New maintainer.
        * Run autotools at source package build time.
          - Closes: #257237: FTBFS (i386/sid): aclocal failed
        * Remove "package is still changed upstream" warning.
        * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
      
      gnutls10 (1.0.4-3) unstable; urgency=low
      
        * control: Changed the build dependency and the dependency of
          libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
          libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
          could cause linking against two versions of libgcrypt.
      
      gnutls10 (1.0.4-2) unstable; urgency=low
      
        * libgnutls-doc.doc-base: Removed HTML manual listing.
        * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
          Jordi :)
      
      gnutls10 (1.0.4-1) unstable; urgency=low
      
        * New upstream release  (Closes: #227527)
            * The new documentation in libgnutls-doc fixes several typo's and
              style glitches:  
              Closes: #215772: inconsistent auth method list in manual
              Closes: #215775: dangling footnote on page 14 of manual
              Closes: #215777: bad sentence on page 18 of manual
              Closes: #215780: incorrect info about ldaps/imaps in manual
        * rules:
            * Use --add-missing instead of --force in the call to automake.
            * Don't build gnutls.ps, use the upstream version.
              (Closes: #224846)
        * gnutls-bin.manpages: Use glob to find manpages.
        * patches/008_manpages.diff: Removed; included upstream.
      
      gnutls10 (1.0.0-1) unstable; urgency=low
      
        * New upstream release.
        * Major soversion changed to 10.
        * control: Changed build dependencies of libtasn1-dev.
        * libgnutls10.shlibs: Added libgnutls-openssl to the list.
      
      gnutls8 (0.9.99-1) experimental; urgency=low
      
        * New upstream release.
        * Included upstream GPG signature in .orig.tar.gz.
      
      gnutls8 (0.9.98-1) experimental; urgency=low
      
        * New upstream release.
        * debian/control: libgnutls8-dev depends on libopencdk8-dev.
        * debian/libgnutls-doc.examples: Install src/*.[ch].
      
      gnutls8 (0.9.95-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls8 (0.9.94-1) experimental; urgency=low
      
        * New upstream version; package based on gnutls7 0.8.12-2.
        * debian/control:
            * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
        * debian/rules: Run auto* after the patches have been applied.
      66a52c6e
  9. 30 Mar, 2020 1 commit
  10. 31 May, 2019 2 commits
  11. 17 Mar, 2016 1 commit
    • Andreas Metzler's avatar
      Import Debian changes 3.4.10-4 · ff2cf297
      Andreas Metzler authored
      gnutls28 (3.4.10-4) unstable; urgency=medium
      
        * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
          GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
          unavailable. Closes: #818341
      
      gnutls28 (3.4.10-3) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.4.10-2) experimental; urgency=medium
      
        * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
        * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
          another try for Closes: #813598
      
      gnutls28 (3.4.10-1) experimental; urgency=medium
      
        * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
          master to fix FTBFS with parallel builds. Closes: #816148
        * New upstream version.
        * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
          master branch to fix occasional testsuite error. Closes: #813598
      
      gnutls28 (3.4.9-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.4.9-1) experimental; urgency=medium
      
        * New upstream version.
        * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
          36_Revert-tests-updated-to-account-for-cert-generation.patch.
      
      gnutls28 (3.4.8-3) unstable; urgency=medium
      
        * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
          36_Revert-tests-updated-to-account-for-cert-generation.patch
          from upstream GIT. Closes: #813243
      
      gnutls28 (3.4.8-2) unstable; urgency=medium
      
        * Merge master branch into experimental.
          + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
          + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
            This is a kludge and technically wrong, but will prevent partial
            upgrades from stable. See: #788735
        * Upload to unstable.
      
      gnutls28 (3.4.8-1) experimental; urgency=medium
      
        * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
          option was added to debhelper/unstable with version 9.20150628, bump
          build-dependency accordingly.
        * autoreconf requires automake 1.12.2, add build-dependency.
        * New upstream version.
          + Update symbol file.
        * Move Vcs-* from git/http to https.
      
      gnutls28 (3.4.7-1) experimental; urgency=medium
      
        * New upstream version.
          + Update symbol file.
      
      gnutls28 (3.4.6-1) experimental; urgency=medium
      
        * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
          later) to improve reproducibility of build.
        * New upstream version.
          + Update symbol file.
        * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
          (>= 1.17.14). Both are required for build-profile support added in
          previous upload. (Thanks, lintian.)
      
      gnutls28 (3.4.5-1) experimental; urgency=medium
      
        [ Helmut Grohne ]
        * Turn Build-Depends: datefudge optional via <!nocheck> profile.
          Closes: #797544
      
        [ Andreas Metzler ]
        * New upstream version.
      
      gnutls28 (3.4.4.1-1) experimental; urgency=medium
      
        * New upstream version.
          + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
            bump dependency info for functions taking it as argument or returning it.
          + Bump dependency info on private symbols.
          + Update debian/copyright.
          + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
            CVE-2015-6251
      
      gnutls28 (3.4.3-1) experimental; urgency=medium
      
        * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
        * New upstream version.
          + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
            gnutls_pkcs11_token_info_t.
          + Add dependency info for new symbols, bump private symbol dependency.
      
      gnutls28 (3.4.2-2) experimental; urgency=medium
      
        * Disable libidn support because CVE-2015-2059 is still not fixed. See
          <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
          of crywrap.
      
      gnutls28 (3.4.2-1) experimental; urgency=medium
      
        * New upstream version.
          + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
          + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
            version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
      
      gnutls28 (3.4.1-1) experimental; urgency=medium
      
        * New upstream version.
          + Bump (build)-depends on nettle and p11-kit.
          + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
            55_nettle3.patch.
          + Update 14_version_gettextcat.diff.
          + Soname bump, library package renamed from libgnutls-deb0-28 to
            libgnutls30.
          + OpenSSL compat layer is not built by default anymore, pass
            --enable-openssl-compatibility to ./configure.
          + Update symbol file.
          + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
            restricted to the corresponding protocols only, and the VERS-ALL
            string is introduced to catch all possible protocols. Closes: #773145
          + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
            "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
            dependency on libidn11-dev to libgnutls28-dev.
        * Fix typo in debian/rules
          (s/-disable-silent-rules/--disable-silent-rules).
      
      gnutls28 (3.3.20-1) unstable; urgency=medium
      
        * autoreconf requires automake 1.12.2, add build-dependency.
        * New upstream version.
        * Move Vcs-* from git/http to https.
      
      gnutls28 (3.3.19-1) unstable; urgency=medium
      
        * New upstream version.
         + Refresh 20_debian_specific_soname.diff.
         + Update symbol file.
      
      gnutls28 (3.3.18-1) unstable; urgency=medium
      
        * New upstream version.
      
      gnutls28 (3.3.17-1) unstable; urgency=medium
      
        * New upstream version.
         + Drop superfluous patches.
          (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
           46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
           47_safe-renegotiation-simulate-receiving-the-extension-.patch)
         + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
           bump dependency info for functions taking it as argument or returning it.
         + Bump dependency info on private symbols.
         + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
           CVE-2015-6251
      
      gnutls28 (3.3.16-2) unstable; urgency=medium
      
        * Refresh 40_no_more_ssl3.diff.
        * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
          46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
          47_safe-renegotiation-simulate-receiving-the-extension-.patch
          Pull three patches from upstream GIT to fix issue with server side sending
          the status request extension even when not requested.
          <http://article.gmane.org/gmane.network.gnutls.general/3929>
      
      gnutls28 (3.3.16-1) unstable; urgency=medium
      
        * Limit watchfile to 3.3.x versions.
        * New upstream version.
          + Drop superfluous patches
            (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
            55_nettle3.patch,
            56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
          + Bump private symbol versioning.
      
      gnutls28 (3.3.15-7) unstable; urgency=medium
      
        * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
          is a kludge and technically wrong, but will prevent partial upgrades from
          stable. Closes: #788735
        * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
      
      gnutls28 (3.3.15-6) unstable; urgency=high
      
        * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
          Closes: #788011
      
      gnutls28 (3.3.15-5) unstable; urgency=medium
      
        * Upload to unstable.
        * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
          against both 2.7 and 3.x.
      
      gnutls28 (3.3.15-4) experimental; urgency=medium
      
        * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
          allows compilation against both nettle 2.7 and 3.x.
        * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
          and libtasn1-6-dev, the =${binary:Version} dependency of the development
          packages on the respective library packages should make this superfluous.
      
      gnutls28 (3.3.15-3) experimental; urgency=medium
      
        * Add 55_nettle3.patch from
          http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
          against nettle3.
      
      gnutls28 (3.3.15-2) unstable; urgency=medium
      
        * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
          fixing a testsuite error on kfreebsd-*.
      
      gnutls28 (3.3.15-1) unstable; urgency=medium
      
        * New upstream stable release.
          + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
      
      gnutls28 (3.3.14-3) experimental; urgency=medium
      
        * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
        * (Build-)depend on nettle-dev >= 3.0.
      
      gnutls28 (3.3.14-2) unstable; urgency=medium
      
        * Upload to unstable.
        * Sync version of Depends and Build-Depends on libtasn1-6-dev.
      
      gnutls28 (3.3.14-1) experimental; urgency=medium
      
        * New upstream version.
          + Bump libtasn b-d to >= 4.3.
      
      gnutls28 (3.3.13-1) experimental; urgency=medium
      
        * New upstream version.
          + Includes fix for CVE-2015-0294, a certificate algorithm consistency
            checking issue.
      
      gnutls28 (3.3.12-1) experimental; urgency=medium
      
        * New upstream version.
          + gnutls-cli-debug STARTTLS is working. Closes: #467022
      
      gnutls28 (3.3.11-1) experimental; urgency=medium
      
        * New upstream version.
          + Includes fix for OCSP response parsing issue. Closes: #772055
      
      gnutls28 (3.3.10-2) experimental; urgency=medium
      
        * Remove SSL 3.0 from default priorities list.
          Closes: #769904
      
      gnutls28 (3.3.10-1) experimental; urgency=medium
      
        * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
          manpages.
        * New upstream version.
          + Includes fix for a denial of service issue CVE-2014-8564 /
            GNUTLS-SA-2014-5.
          + When gnutls_global_init() is called for a second time, it will check
            whether the /dev/urandom fd kept is still open and matches the original
            one. That behavior works around issues with servers that close all file
            descriptors. This should take care of #760476.
      
      gnutls28 (3.3.9-1) experimental; urgency=medium
      
        * New upstream version.
          + Unfuzz 20_debian_specific_soname.diff.
          + Drop 31_fallback_to_RUSAGE_SELF.diff.
          + Bump private symbol dependency info.
          + Bump dependency version of gnutls_certificate_get_issuer() and
            gnutls_x509_trust_list_get_issuer() because of newly added
            GNUTLS_TL_GET_COPY flag.
      
      gnutls28 (3.3.8-7) unstable; urgency=medium
      
        * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
          Pull two patches from upstream to a use-after-free flaw in
          gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
          Closes: #782776
      
      gnutls28 (3.3.8-6) unstable; urgency=medium
      
        * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
          6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
          certificate import check whether the two signature algorithms match.
          CVE-2015-0294. Closes: #779428
      
      gnutls28 (3.3.8-5) unstable; urgency=medium
      
        * Remove SSL 3.0 from default priorities list.
          Closes: #769904
      
      gnutls28 (3.3.8-4) unstable; urgency=high
      
        * Drop 31_fallback_to_RUSAGE_SELF.diff.
        * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
          from the application check the urandom fd for validity. Closes: #768841
          and takes care of #760476.
        * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
          session deinit. It is already being refreshed during the session lifetime.
        * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
          format, perform additional sanity checks on input.
          CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
        * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
          uses a cert in binary der-format which is not representable in a quilt
          patches and we want to limit debian.tar.xz to modify stuff in debian/ we
          have some special handling in debian/rules.)
      
      gnutls28 (3.3.8-3) unstable; urgency=high
      
        [ Daniel Kahn Gillmor ]
        * Add list of executables to gnutls-bin package description.
          Closes: #763671
      
        [ Andreas Metzler ]
        * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
          try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
          Mavrogiannopoulos!) Closes: #760476
      
      gnutls28 (3.3.8-2) unstable; urgency=medium
      
        * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
          3.3.8 requires libtasn1 >= 3.9.
        * Upload to unstable.
      
      gnutls28 (3.3.8-1) experimental; urgency=medium
      
        * New upstream version.
          + Refresh 20_debian_specific_soname.diff.
          + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
            with old experimental upload 0.21.2-1
          + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
            some functions in the gnutls_pkcs11_* family due to new members in enums
            gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
            symbol dependency info, and bump shlibs.
        * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
          The GnuTLS library package automatically gets a dependency on libp11-kit0
          (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
          libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
          enforce a version on libp11-kit-dev and we do not need to duplicate the
          info.
        * Add explicit build-dependency on libopts25-dev. Closes: #761618
      
      gnutls28 (3.3.7-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.3.7-1) experimental; urgency=medium
      
        * New upstream release.
          + Refresh 20_debian_specific_soname.diff.
          + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
            symbol dependency info, and bump shlibs.
          + New member in gnutls_pkcs11_obj_attr_t, bump version of
            gnutls_pkcs11_obj_list_import_url*.
      
      gnutls28 (3.3.6-2) unstable; urgency=medium
      
        * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
          lastest stable at freeze time.
        * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
          at-build-time-default-compiler) by exporting @CPP@.
      
      gnutls28 (3.3.6-1) experimental; urgency=medium
      
        * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
          with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
        * New upstream release.
          + Refresh 20_debian_specific_soname.diff.
          + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
            symbol dependency info.
      
      gnutls28 (3.3.5-1) experimental; urgency=medium
      
        * New upstream version.
        * Refresh patches/20_debian_specific_soname.diff.
        * Drop 30_Updated-asm-sources.patch.
        * Add new public symbols to symbol file, bump shlibs.
      
      gnutls28 (3.3.3-1) experimental; urgency=medium
      
        * New upstream version, including a fix for GNUTLS-SA-2014-3
          CVE-2014-3466.
        * Refresh 20_debian_specific_soname.diff.
        * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
        * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
      
      gnutls28 (3.3.2-2) experimental; urgency=high
      
        * Fix crashes due to symbol clashes when a binary ends up being linked
          against GnuTLS v2 and v3 by bumping library symbol-versioning (and
          therefore also the soname) in a Debian specific way, to make sure there is
          no conflict with future:
          + 20_debian_specific_soname.diff
            - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
            - Add "-release deb0" to libtool link command.
          + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
          + Adapt symbol file accordingly.
          + Change 14_version_gettextcat.diff, too.
            Closes: #748742
         * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
           These have been unnecessary since we started using dh compat v9, where
           debugging symbols are installed to /usr/lib/debug/.build-id.
      
      gnutls28 (3.3.2-1) experimental; urgency=medium
      
        * Do not build-depend on guile-2.0 on m68k. Closes: #745461
        * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
          enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
          corresponding versioned build-dependency, to prevent building of
          uninstallable packages.
        * New upstream version. Drop 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff.
      
      gnutls28 (3.3.1-1) experimental; urgency=medium
      
        * New upstream version.
          + Drop 20_sparc_chainverify_buserror.diff.
          + Pull 20_guile_no_override_allocation.diff and
            21_Treat-othername-as-printable.diff from upstream GIT.
          + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
            upstream since it was never exported in a public header and is not
            used according to codesearch.d.o.
      
      gnutls28 (3.3.0-2) experimental; urgency=medium
      
        * Drop last remains of -xssl from debian/.
        * Add debian/libgnutls28.symbols.
        * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
          increase the space available for certificates to fix sparc testsuite
          error.
        * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
          libgnutls28-dev.
      
      gnutls28 (3.3.0-1) experimental; urgency=medium
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
      
        * Also version the p11-kit dependency.
        * New upstream version.
          + Set --enable-static, as only shared libs are built by default.
          + libgnutls-xssl is no more.
          + Bump shlibs.
        * Upload to experimental.
      
      gnutls28 (3.2.16-1) unstable; urgency=medium
      
        * New upstream version.
      
      gnutls28 (3.2.15-3) unstable; urgency=medium
      
        * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
          with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
        * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
          series.
      
      gnutls28 (3.2.15-2) unstable; urgency=high
      
        * Fix crashes due to symbol clashes when a binary ends up being linked
          against GnuTLS v2 and v3 by bumping library symbol-versioning (and
          therefore also the soname) in a Debian specific way, to make sure there is
          no conflict with future:
          + 20_debian_specific_soname.diff
            - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
            - Add "-release deb0" to libtool link command.
          + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
          + Change 14_version_gettextcat.diff, too.
          Closes: #74874
        * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
          These have been unnecessary since we started using dh compat v9, where
          debugging symbols are installed to /usr/lib/debug/.build-id.
        * debian/copyright: Add info about GPLv2 compatibility.
      
      gnutls28 (3.2.15-1) unstable; urgency=high
      
        * New upstream version.
          + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
      
      gnutls28 (3.2.14-1) unstable; urgency=medium
      
        * Do not build-depend on guile-2.0 on m68k. Closes: #745461
        * New upstream version.
        * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
          enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
          corresponding versioned build-dependency, to prevent building of
          uninstallable packages.
      
      gnutls28 (3.2.13-2) unstable; urgency=medium
      
        * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
          libgnutls28-dev.
      
      gnutls28 (3.2.13-1) unstable; urgency=medium
      
        * Also version the p11-kit dependency.
        * New upstream version.
      
      gnutls28 (3.2.12.1-2) unstable; urgency=medium
      
        * Upload to unstable.
        * Sync from Ubuntu (Colin Watson):
          + Add arm64 and ppc64el to the list of non-ia64 architectures on which
            guile-gnutls is built.
      
      gnutls28 (3.2.12.1-1) experimental; urgency=medium
      
        * New upstream version.
          + Drop superfluous patches: 
            20_bug-in-gnutls_pcert_list_import_x509_raw.patch
            20_CVE-2014-0092.diff
      
      gnutls28 (3.2.11-2) unstable; urgency=high
      
        * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
        * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
          validation issue. CVE-2014-0092
      
      gnutls28 (3.2.11-1) unstable; urgency=high
      
        * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
        * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
      
      gnutls28 (3.2.10-2) unstable; urgency=high
      
        * Upload to unstable.
      
      gnutls28 (3.2.10-1) experimental; urgency=high
      
        * New upstream version.
        * New symbols exported, bump shlibs.
      
      gnutls28 (3.2.9-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      gnutls28 (3.2.9-1) experimental; urgency=medium
      
        * New upstream version.
          + %COMPAT implies %DUMBFW. (See #733039)
        * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
          dh_autoreconf.
        * Stop dh_clean from removing *.bak, upstream tarball actually contains
          files named such in src/ subdirectory.
      
      gnutls28 (3.2.8.1-3) unstable; urgency=medium
      
        * Correct c'n'p error in Vcs-Git field.
        * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
      
      gnutls28 (3.2.8.1-2) unstable; urgency=low
      
        * Upload to unstable, without libgnutls-openssl27.
      
      gnutls28 (3.2.8.1-1) experimental; urgency=low
      
        * New upstream version.
          + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
            upstream.
          + Bump shlibs.
        * Add debian/upstream-signing-key.pgp (listed in
          debian/source/include-binaries) and update watchfile to check
          upstream signature.
      
      gnutls28 (3.2.7-4) experimental; urgency=low
      
        * Upload to experimental, with libgnutls-openssl27.
        * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
      
      gnutls28 (3.2.7-3) unstable; urgency=low
      
        * Point vcs* to git.
        * Upload to unstable, without libgnutls-openssl27.
      
      gnutls28 (3.2.7-2) experimental; urgency=low
      
        * Fix kfreebsd FTBFS.
          + 45_add_strerror-module.patch add gnulib strerror module.
          + Use dh_autoreconf.
      
      gnutls28 (3.2.7-1) experimental; urgency=low
      
        * New upstream version.
          + Add b-d on bison.
          + Bump shlibs.
          + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
          + Simplify debian/rules, stop removing autogened files.
      
      gnutls28 (3.2.6-2) experimental; urgency=low
      
        * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
          for the hint.)
        * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
      
      gnutls28 (3.2.6-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.2.5-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
        * Ship examples/examples.h which is needed for building examples/*.c. Also
          add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
          Closes: #726971
      
      gnutls28 (3.2.4-5) experimental; urgency=low
      
        * Re-enable building of libgnutls-openssl27 binary package.
        * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
          transition to gnutls28.
      
      gnutls28 (3.2.4-4) unstable; urgency=low
      
        * 40_guilenoparallel.diff: Disable parallel build in
          guile/modules/.
      
      gnutls28 (3.2.4-3) unstable; urgency=low
      
        * Looks like "Architecture" in debian/control cannot be folded, unfold the
          respective entry for guile-gnutls.
      
      gnutls28 (3.2.4-2) unstable; urgency=low
      
        * Manpages were missing on binary-only builds. Closes: #721725
        * Build with
          --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
          ca-certificates not pulled in by build-dependencies anymore.
          Closes: #721726
        * Upload to unstable.
      
      gnutls28 (3.2.4-1) experimental; urgency=low
      
        * New upstream release.
          + Drop 40_Clean-up-after-test.patch.
        * Fix path to png files in info files with sed instead of symlinking images.
        * Bump shlibs.
      
      gnutls28 (3.2.3-3) experimental; urgency=low
      
        * Switch to dh, to easily allow us to move gtk-doc-tools to
          Build-Depends-Indep. Closes: #682596
      
      gnutls28 (3.2.3-2) experimental; urgency=low
      
        * Build gnutls-guile against guile-2.0.
          + Drop --disable-largefile on armel armhf mipsel.
          + ia64 does not build guile-2.0, disable guile-support there.
      
      gnutls28 (3.2.3-1) unstable; urgency=low
      
        * New upstream release.
        * Drop superfluous patches. (35_gnutls-priority-string.diff
          36_avoid-leaking-a-buffer-element.diff)
        * Bump shlibs.
      
      gnutls28 (3.2.2-2) unstable; urgency=low
      
        * Pull two patches from upstream:
          +35_gnutls-priority-string.diff Fix priority string parsing broken in
           3.2.2 Closes: #717314
          +36_avoid-leaking-a-buffer-element.diff 
      
      gnutls28 (3.2.2-1) unstable; urgency=low
      
        * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
          Closes: #678070
        * New upstream version.
        * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
        * Bump shlibs.
      
      gnutls28 (3.2.1-2) unstable; urgency=low
      
        * Upload to unstable.
        * Do not link everything against nettle on mips(el), the issue being worked
          around was fixed by the latest eglibc upload.
        * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
          same.
      
      gnutls28 (3.2.1-1) experimental; urgency=low
      
        * New upstream version.
          + Bump nettle build-dep to >= 2.7.
          + Bump shlibs.
          + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
            whether it still fails on kfreebsd-i386.
          + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
            false positive error in 32-bit systems.
          + [32_linkagainstgmp.diff] Link libgnutls against gmp.
      
      gnutls28 (3.1.12-2) unstable; urgency=low
      
        * Upload to unstable.
        * Fix vcs-field-not-canonical lintian error by using anonscm instead of
          svn.debian.org.
      
      gnutls28 (3.1.12-1) experimental; urgency=low
      
        * Use rm -f on clean, fixing an issue with building twice in row.
        * New upstream version.
        * On mips/mipsel link everything and the kitchen-sink against nettle to work
          around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
      
      gnutls28 (3.1.11-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.1.10-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs.
      
      gnutls28 (3.1.9.1-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs.
        * Force re-generation of autogen-ed manpages.
      
      gnutls28 (3.1.8-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls28 (3.1.7-1) experimental; urgency=low
      
        * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
          the build-depency. (Thanks, Daniel Kahn Gillmor)
        * New upstream version.
          + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
            CVE-2013-0169 CVE-2013-1619.
          + New symbols added, bump shlibs.
          + Ship newly available libgnutls-xssl0 library in a separate package.
        * Disable Heart Beat (RFC6520) support.
      
      gnutls28 (3.1.6-1) experimental; urgency=low
      
        * Update watchfile, based on Bart Martens version for gnutls26 on 
          q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
          3.x versions.
        * New upstream version.
          + requires libtasn1 >= 3.1, bump build-depends.
          + requires a a newer version of autogen, bump build-depends.
          + update debian/copyright to reflect the fact that GnuTLS authors have
            stopped assigning copyright to FSF. 
      
      gnutls28 (3.1.5-1) experimental; urgency=low
      
        * New upstream version.
          + Drop 40_danetestfail.diff
          + Unfuzz 20_test-select.diff
          + Bump shlibs.
      
      gnutls28 (3.1.4-1) experimental; urgency=low
      
        * New upstream release.
          + Drop 40_fixtypo.diff.
          + debian/copyright: update upstream author list.
          + New symbols added, bump shlibs.
        * 40_danetestfail.diff - Do not try to run dane test without dane support.
      
      gnutls28 (3.1.3-1) experimental; urgency=low
      
        * New upstream release.
        * Explicitly set --disable-libdane --without-tpm.
        * Bump shlibs.
        * 40_fixtypo.diff pulled from upstream git.
        * Update debian/copyright from AUTHORS.
      
      gnutls28 (3.1.2-1) experimental; urgency=low
      
        * New upstream release.
          + Requires libtasn1-3 2.14, bump (b-)d.
          + New symbols added, bump shlibs.
      
      gnutls28 (3.1.1-1) experimental; urgency=low
      
        * New upstream release.
          + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
            Closes: #686242
          + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
            42_dump-the-errno.diff 43_possiblefix.diff)
          + Bump shlibs.
        * Sync version of libgnutls-dev dependency on nettle-dev with the
          build-dependency.
      
      gnutls28 (3.1.0-5) experimental; urgency=low
      
        * 43_possiblefix.diff might fix the test suite error.
      
      gnutls28 (3.1.0-4) experimental; urgency=low
      
        * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
          testsuite error.
      
      gnutls28 (3.1.0-3) experimental; urgency=low
      
        * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
      
      gnutls28 (3.1.0-2) experimental; urgency=low
      
        * Mention abbreviation "DTLS" in package description.
        * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
          it spuriously fails on about half of the buildds.
      
      gnutls28 (3.1.0-1) experimental; urgency=low
      
        * New upstream release.
          + Bump nettle build-dep to >= 2.5.
          + Bump shlibs.
      
      gnutls28 (3.0.22-2) unstable; urgency=low
      
        * Upload to unstable. This is a leaf-package, experimental should get
          3.1.0.
      
      gnutls28 (3.0.22-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls28 (3.0.21-1) experimental; urgency=low
      
        * New upstream version.
          + Drop 35_s390buildfix.diff.
        * Bump shlibs (new functions added.)
      
      gnutls28 (3.0.20-3) unstable; urgency=low
      
        * 35_s390buildfix.diff - Fixes test-suite error on s390x.
      
      gnutls28 (3.0.20-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.20-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs (new functions added.)
        * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
          CLOCK_MONOTONIC now. #662018
      
      gnutls28 (3.0.19-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.19-1) experimental; urgency=low
      
        * New upstream version.
          + libgnutls: When decoding a PKCS #11 URL the pin-source field
            is assumed to be a file that stores the pin. (LP: #929108)
          + Drop 31_killchild.diff, included upstream.
      
      gnutls28 (3.0.18-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.18-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
        * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
          build to hang.
      
      gnutls28 (3.0.17-2) unstable; urgency=low
      
        * Upload to unstable.
      
      gnutls28 (3.0.17-1) experimental; urgency=low
      
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.0.15-2) experimental; urgency=low
      
        * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
          support for CLOCK_MONOTONIC is missing there. (See #662018.)
      
      gnutls28 (3.0.15-1) experimental; urgency=low
      
        * New upstream version.
          + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
            31_provide-accurate-value-to-select.patch)
          + Includes fix for CVE-2012-1573.
        * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
        * Bump libgnutls-dev dependency on libp11-kit-dev.
      
      gnutls28 (3.0.14-1) experimental; urgency=low
      
        * New upstream version.
          + Drop 30_force-kill-of-child.diff.
        * Pull 30_microseconds-does-not-overflow.patch and
          31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
          error (tests/mini-loss) on kfreebsd-*.
      
      gnutls28 (3.0.13-1) experimental; urgency=low
      
        * New upstream version.
          + bump libp11-kit-dev build-dep. to >= 0.11.
          + drop 30_guilegnutlserrorcodes.diff.
        * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
        * Use and link against Debian's packaged version of autogen/libopts.
          + B-d on autogen.
          + remove autogen-generated files (*.c, *.h) on clean. autogen requires
            that the system headers are at least of the same version as the
            one which was used to generate the files from their respective .def
            sources.
        * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
        * Bump shlibs.
      
      gnutls28 (3.0.12-2) unstable; urgency=low
      
        * De-multiarch guile-gnutls. Closes: #658110
      
      gnutls28 (3.0.12-1) unstable; urgency=low
      
        * New upstream version.
        * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
          testsuite error.
        * Update debian/copyright.
        * Bump shlibs. (OCSP support)
        * Add trivial ocsptool manpage.
      
      gnutls28 (3.0.11-1) unstable; urgency=low
      
        * New upstream version.
      
      gnutls28 (3.0.10-1) unstable; urgency=low
      
        * Drop guile-gnutls.README.Debian - binary guile modules are no longer
          directly installed in $libdir.
        * New upstream version.
          + Drop patches/30_correctly-set-the-odd-bits.patch.
          + gnutls_random_art() added. Update copyright, bump shlibs.
          + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
            Closes: #652552
      
      gnutls28 (3.0.9-2) unstable; urgency=low
      
        * [20_test-select.diff] Do not run gnulib test-select test anymore. The
          test fails on kfreebsd-i386, the gnutls library does not use select().
        * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
        * Upload to unstable.
      
      gnutls28 (3.0.9-1) experimental; urgency=low
      
        * New upstream version.
        * Include guile-gnutls package.
        * Bump shlibs.
      
      gnutls28 (3.0.8-2) unstable; urgency=low
      
        * First upload to unstable.
          + Disable openssl-wrapper package, let it be provided by gnutls26 until
            gnutls28 is in testing.
          + Disable gnutls-guile package, let it be provided by gnutls26 until
            gnutls28 is in testing.
      
      gnutls28 (3.0.8-1) experimental; urgency=low
      
        * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
          guile related FTBFS on these architectures.
          See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
        * New upstream version.
          + Bump shlibs.
      
      gnutls28 (3.0.7-1) experimental; urgency=low
      
        * New upstream version.
          + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
        * Drop 20_addGNU-stack.diff, included upstream.
        * loadable Guile module no longer installed directly to $libdir but to
          $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
          Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
          DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
        * gnutls-extra is removed upstream, there is no need anymore to manually
          remove the bits and pieces in debian/rules.
      
      gnutls28 (3.0.4-2) experimental; urgency=low
      
        * Drop libgnutls-dev.README.Debian, the information provided there stopped
          being relevant in 2.7.12.
        * Delete superfluous info from debian/README.source.
        * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
          seem to be possible.
          http://lists.debian.org/debian-devel/2011/10/msg00332.html
        * Simplify dependencies:
          + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
            also provided by gnutls26' libgnutls-dev).
          + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
            gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
      
      gnutls28 (3.0.4-1) experimental; urgency=low
      
        * New upstream version.
          + bump shlibs.
          + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
        * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
        * [20_addGNU-stack.diff] Add GNU-stack note to newly added
          padlock-common.s.
        * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
          be packaged for Debian again when it provides functionality.
        * Update debian/copyright, accelerated assembly code is non-FSF copyright.
        * Add crywrap.8 manpage.
      
      gnutls28 (3.0.3-1) experimental; urgency=low
      
        * New upstream version. (Includes a fix for #640639)
        * Bump shlibs.
      
      gnutls28 (3.0.2-1) experimental; urgency=low
      
        * Update debian/copyright for crywrap.
        * Since libgnutls*-dbg contains debugging symbols of helper applications
          libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
          Conflicts.
        * New upstream version. It also includes the fixes for #638586 (Correct
          parsing of XMPP subject alternative names) and #638595
          (gnutls_certificate_set_x509_key() and
          gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
          release of the private key during the lifetime of the certificate
          structure.)
        * Configure with --enable-gtk-doc, the included API reference is incomplete
          in the tarball.
        * [lintian] Get rid of binary-control-field-duplicates-source field
          warnings.
        * [lintian] Add description header to 14_version_gettextcat.diff
        * Bump shlibs.
      
      gnutls28 (3.0.1-1) experimental; urgency=low
      
        * Update Vcs-Svn and Vcs-Browser for new source package name.
        * New upstream version.
          + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
        * Bump build-dependency on libp11-kit-dev to (>= 0.4).
        * Drop 20_executablestack.diff, included upstream.
        * Includes crywrap(8), an application that proxies TLS session to a port
          using a plaintext service. 
        * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
        * Bump shlibs. (New flags).
      
      gnutls28 (3.0.0-2) experimental; urgency=low
      
        * Add missing b-d on chrpath.
        * Search for .xz instead of .bz2 in watchfile.
      
      gnutls28 (3.0.0-1) experimental; urgency=low
      
        * Drop gcrypt related patches (16_unnecessarydep.diff
          17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
          20_gcrypt15compat.diff), update remaining one
          (14_version_gettextcat.diff).
        * Build against nettle and p11-kit.
          + Update DEB_CONFIGURE_EXTRA_FLAGS.
          + Update (Build-)Depends. (Add pkg-config, it is used for locating
            p11-kit.)
        * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
          libgnutls28.
        * Drop libgnutls Breaks, they are superfluous after the soname change.
        * Delete config.log on clean.
        * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
          assembly files.
        * Delete unneccessary rpath entries.
        * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
          NEWS entry for this license change.
        * Move gnutls-extra library to separate package.
      
      gnutls26 (2.12.7-4) unstable; urgency=low
      
        * Upload to unstable.
        * Point watch file to stable release directory.
        * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
          Libs.private. Closes: #632891
        * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
      
      gnutls26 (2.12.7-3) experimental; urgency=low
      
        [ Simon Josefsson ]
        * Fix Debian BTS URL in --with-packager-bug-reports option.
      
        [ Andreas Metzler ]
        * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
      
      gnutls26 (2.12.7-2) experimental; urgency=low
      
        * Stop shipping libtool la files.
        * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
          + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
            *.install accordingly.
          + Bump cdbs Build-Depends to 0.4.93 (required for expanding
            $(DEB_HOST_MULTIARCH)).
          + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
          + runtime libraries and guile-wrapper are Multi-Arch: same with 
            Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
            Multi-Arch: foreign, -dev and -dbg remain unchanged.
          + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
            package. It contains debugging symbols for both library and helper
            binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
            co-installable with itself.
      
      gnutls26 (2.12.7-1) experimental; urgency=low
      
        * New upstream version.
        * Update 17_ignoretestsuitteerrors.diff.
        * A new version of pokerth has been uploaded to sid, update libgnutls26
          Breaks accordingly.
      
      gnutls26 (2.12.6.1-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs, global_set_time_function() was added.
        * Stop setting CFLAGS += -Wall, it is set by default again.
        * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
          errors.
      
      gnutls26 (2.12.5-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs, gnutls_x509_crq_verify() was added.
      
      gnutls26 (2.12.4-1) experimental; urgency=low
      
        * New upstream version.
        * Bump shlibs. (gnutls_certificate_get_issuer() added).
      
      gnutls26 (2.12.3-1) experimental; urgency=low
      
        * New upstream version.
        * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
      
      gnutls26 (2.12.2-2) experimental; urgency=low
      
        * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
          for compatibility. Closes: #623001
      
      gnutls26 (2.12.2-1) experimental; urgency=low
      
        * New upstream version.
        * [lintian] Drop article from short package descriptions.
      
      gnutls26 (2.12.1-1) experimental; urgency=low
      
        * New upstream version.
          + certtool: Generated certificate request with stricter permissions.
            Closes: #619746
        * Drop superfluous patches:
          17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
          19_uninitializedvar.diff 20_access_freedmemory.diff
        * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
          need a binNMU when gnutls 2.12.x uploaded to unstable.
      
      gnutls26 (2.12.0-1) experimental; urgency=low
      
        * New upstream stable release.
          + Drop superceded patches 17_goldhotfix.patch
            18_libgnutls-openssl_soname.diff.
        * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
          17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
          19_uninitializedvar.diff 20_access_freedmemory.diff
      
      gnutls26 (2.11.7-2) experimental; urgency=low
      
        * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
          versioning: 27:0:0).
        * Split off libgnutls-openssl to a separate package, since the sonames are
          not in sync anymore.
      
      gnutls26 (2.11.7-1) experimental; urgency=low
      
        * New upstream version (rc for 2.12)
          + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
          + Bump shlibs.
        * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
      
      gnutls26 (2.11.6-2) experimental; urgency=low
      
        * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
          on big endian architectures.
      
      gnutls26 (2.11.6-1) experimental; urgency=low
      
        * Development release.
        * Continue building against libgcrypt, run configure with --with-libgcrypt.
        * Refresh patches/15_fixgnutlspc.diff.
        * Set --with-packager* options.
        * Install newly available p11tool binary.
        * Bump libgcrypt11-dev Build-Depends.
        * C++ wrapper soname bump, change package name accordingly.
        * Bump shlibs.
        * Update debian/copyright.
        * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
          seem to set it by default.
      
      gnutls26 (2.10.5-3) unstable; urgency=medium
      
        * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
      
      gnutls26 (2.10.5-2) unstable; urgency=low
      
        * Stop shipping libtool la files.
      
      gnutls26 (2.10.5-1) unstable; urgency=low
      
        * New upstream bugfix release.
          + Drop 15_fixgnutlspc.diff, included upstream.
        * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
          seem to set it by default.
      
      gnutls26 (2.10.4-2) unstable; urgency=low
      
        * Use debhelper compatibility level 7.
        * Merge in changes from 2.8.6-1:
          + Use dh_lintian.
          + Use dh_makeshlibs for the guile stuff, too. This gets us 
            a) ldconfig in postinst. Closes: #553109
            and
            b) a shlibs file.
            However the shared objects /usr/lib/libguile-gnutls*so* are still not
            designed to be used as libraries (linking) but are dlopened. guile-1.10
            will address this issue by keeping this stuff in a private directory.
          + hotfix pkg-config files (proper fix to be included upstream).
          + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
            Closes: #405239
         * Upload to unstable.
      
      gnutls26 (2.10.4-1) experimental; urgency=low
      
        * New upstream release. V1 CAs are trusted by default.
      
      gnutls26 (2.10.3-1) experimental; urgency=low
      
        * Drop workaround for 519006, binutils is fixed even in squeeze.
        * New upstream bugfix release.
      
      gnutls26 (2.10.2-1) experimental; urgency=low
      
        * New upstream version.
          + Fix asynchronous API handling. Closes: #588187
          + certtool does not crash on reading from /dev/null anymore.
            Closes: #588029
        * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
      
      gnutls26 (2.10.1-1) experimental; urgency=low
      
        * Update package descriptions. Closes: #588067
        * New upstream version.
      
      gnutls26 (2.10.0-2) experimental; urgency=low
      
        * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
          libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
          support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
          (2.31.2-1) not yet. Closes: #587755
      
      gnutls26 (2.10.0-1) experimental; urgency=low
      
        * New upstream stable release.
        * Point watchfile to stable releases.
      
      gnutls26 (2.9.12-2) experimental; urgency=low
      
        * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
          without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
          useless and almost empty package on these archs.)
        * Drop ancient workaround for gcc bug on hppa.
          http://bugs.debian.org/128036
      
      gnutls26 (2.9.12-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls26 (2.9.11-1) experimental; urgency=low
      
        * New upstream version.
        * Drop 15_gnutlspriority.diff, superseded.
      
      gnutls26 (2.9.10-2) experimental; urgency=low
      
        * [15_gnutlspriority.diff] Restore compatibility with programs using 
          gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
          Closes: #579831
      
      gnutls26 (2.9.10-1) experimental; urgency=low
      
        * New upstream version.
        * New functions added, bump shlibs.
      
      gnutls26 (2.9.9-1) experimental; urgency=low
      
        * Package upstream development branch for experimental.
        * Track development versions in watchfile.
        * Package C++ wrapper again. Closes: #548637
      
      gnutls26 (2.8.6-1) unstable; urgency=low
      
        * Use dh_lintian.
        * Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        * hotfix pkg-config files (proper fix to be included upstream).
        * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
      
      gnutls26 (2.8.5-2) unstable; urgency=low
      
        * Add a huge bunch of lintian overrides for the guile stuff to make dak
          happy.
      
      gnutls26 (2.8.5-1) unstable; urgency=low
      
        * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
        * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
          orig.tar.bz2 without repacking it to gz.
        * New upstream version.
          + Drop patches/20_fixtimebomb.diff.
      
      gnutls26 (2.8.4-2) unstable; urgency=high
      
        * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
      
      gnutls26 (2.8.4-1) unstable; urgency=low
      
        * New upstream version.
          + Drop debian/patches/15_openpgp.diff.
        * Sync priorities with override file, libgnutls26 has been bumped from
          important to standard.
      
      gnutls26 (2.8.3-3) unstable; urgency=low
      
        * Empty dependency_libs in la-files. (Squeeze release goal.)
      
      gnutls26 (2.8.3-2) unstable; urgency=low
      
        * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
          openpgp connections.
      
      gnutls26 (2.8.3-1) unstable; urgency=high
      
        * New upstream version.
          + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
            was built against. Closes: #540449
          + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
            certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
            http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
        * Drop 15_chainverify_expiredcert.diff, included upstream.
        * Urgency high, since 541439 applies to testing, too.
      
      gnutls26 (2.8.1-2) unstable; urgency=low
      
        [ Simon Josefsson ]
        * Remove cruft in rules file.
        * Remove patches/15_tasn1inpc.diff, not needed.
      
        [ Andreas Metzler ]
        * Finally add an entry to the NEWS.Debian file concerning the deprecation of
          RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
        * Upload to unstable.
        * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
          Fix testsuite error caused by expired certificate.
      
      gnutls26 (2.8.1-1) experimental; urgency=low
      
        * New upstream stable release.
      
      gnutls26 (2.7.14-1) experimental; urgency=low
      
        * [debian/control] set section setting of source package to libs instead of
          devel.
        * New upstream version.
          + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
          + Bump shlibs, new symbols added.
      
      gnutls26 (2.7.12-1) experimental; urgency=low
      
        * Fix typo in changelog. Closes: #526427
        * New upstream release.
          + Does not ship the scripts libgnutls-extra-config and libgnutls-config
            and the .m4 snippet to use it anymore. Please switch to pkg-config or
            standard autoconf test. Drop manpages and
            both patches/13_lessdeps_gnutls-config.diff and
            patches/13_lessdeps_gnutls-config.diff from the debian diff.
          + Update remaining patches.
          + Bump shlibs, new symbols added.
        * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
          already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
          GNUTLS_2_8.
        * New upstream uses separate ./configure scripts for the different
          libraries. Invoke the main ./configure script with
          --cache-file=$(CURDIR)/config.cache to speed things up.
      
      gnutls26 (2.6.6-1) unstable; urgency=high
      
        * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
          way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
        * New upstream security release.
          + libgnutls: Corrected double free on signature verification failure.
            GNUTLS-SA-2009-1 CVE-2009-1415
          + libgnutls: Fix DSA key generation. Noticed when investigating the
            previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
            2.6.x are corrupt.  See the advisory for more details.
            GNUTLS-SA-2009-2 CVE-2009-1416
          + libgnutls: Check expiration/activation time on untrusted certificates.
            Before the library did not check activation/expiration times on
            certificates, and was documented as not doing so.
            GNUTLS-SA-2009-3 CVE-2009-1417
         * The former two issues only apply to gnutls 2.6.x. The latter is a
           behavior change, add a NEWS.Debian file to document it.
      
      gnutls26 (2.6.5-1) unstable; urgency=low
      
        * Sync sections in debian/control with override file. libgnutls26-dbg is
          section debug, guile-gnutls is section lisp.
        * New upstream version. (Needed for Libtasn1-3 2.0)
        * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
        * Standards-Version: 3.8.1, no changes required.
      
      gnutls26 (2.6.4-2) unstable; urgency=low
      
        * Upload to unstable.
        * Merge changelog entries from unstable and experimental.
      
      gnutls26 (2.6.4-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls26 (2.6.3-1) experimental; urgency=low
      
        * New upstream version.
          + Corrects bug gnutls-cli which caused a rehandshake request
            to be ignored. Closes: #396867
        * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
      
      gnutls26 (2.6.2-2) experimental; urgency=low
      
        * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
          correct certificate chains were not recognized as verified.
          Closes: #507633
        * [lintian] Add ${misc:Depends} to multiple dendency lines.
      
      gnutls26 (2.6.2-1) experimental; urgency=low
      
        * New upstream version.
          + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
          + Drop 20_fix_501077.diff.
        * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
          there.
        * Add Simon Josefsson to uploaders.
      
      gnutls26 (2.6.0-1) experimental; urgency=low
      
        * New upstream stable release.
        * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
          gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
      
      gnutls26 (2.5.9-1) experimental; urgency=low
      
        * New upstream development version.
        * Bump shlibs.
      
      gnutls26 (2.4.2-6) unstable; urgency=medium
      
        * New patches, syncing with 2.4.3 upstream oldstable release:
          + 24_intermedcertificate.patch If a non-root certificate ist trusted
            gnutls certificateificate verification stops there instead of checking
            up to the root of the certificate chain.
          + 22_whitespace.patch - Whitespace only changes, to make it possible to
            apply upstream fixes without manual changes. 
          + 25_bufferoverrun.patch. Fix buffer overrun bug in
            gnutls_x509_crt_list_import.
            http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
      
      gnutls26 (2.4.2-5) unstable; urgency=low
      
        * Pull two patches from upstream stable branch to make gnutls behavior
          match documentation:
         + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
           certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
           GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
         + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
           certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
           GNUTLS_CERT_INSECURE_ALGORITHM verification output.
           CVE-2009-2409
      
      gnutls26 (2.4.2-4) unstable; urgency=medium
      
        * Add Simon Josefsson to uploaders.
        * Another fix for the verification fix. Some correct certificate chains were
          not recognized as verified. Closes: #507633
      
      gnutls26 (2.4.2-3) unstable; urgency=low
      
        * Fix a crash on trying to verify self-signed certificates introduced by the
          patch for CVE-2008-4989. Closes: #505279
      
      gnutls26 (2.4.2-2) unstable; urgency=medium
      
        * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
          verification. CVE-2008-4989 GNUTLS-SA-2008-3
      
      gnutls26 (2.4.2-1) unstable; urgency=low
      
        * New upstream bugfix release.
        * Up to date gnutls-cli manpage. Closes: #492775
      
      gnutls26 (2.4.1-1) unstable; urgency=medium
      
        * New upstream version, fixing a local denial of service vulnerability only
          present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
      
      gnutls26 (2.4.0-2) unstable; urgency=low
      
        * Standards version 3.8.0. Rename README.source_and_patches to README.source.
        * Upload to unstable.
        * Point watchfile to stable releases again.
        * Merge experimental and unstable changelog.
      
      gnutls26 (2.4.0-1) experimental; urgency=low
      
        * New upstream stable release.
        * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
      
      gnutls26 (2.3.15-1) experimental; urgency=low
      
        * New upstream version. (rc4)
          Disables 'openpgp-certs' tests. Closes: #486269
      
      gnutls26 (2.3.14-1) experimental; urgency=low
      
        * New upstream version. (rc3)
      
      gnutls26 (2.3.13-1) experimental; urgency=low
      
        * New upstream version. 2nd rc for 2.4.0.
        * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
      
      gnutls26 (2.3.12-1) experimental; urgency=low
      
        * New upstream version. Bump shlibs.
        * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
        * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
          failure on sparc.
      
      gnutls26 (2.3.11-1) experimental; urgency=low
      
        * New upstream version.
          + Fixes three security vulnerabilities.
            [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
            <http://www.gnu.org/software/gnutls/security.html>.
            CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
          + Fixes subjectAltName wildcard matching. Closes: #479174
          + certtool now writes keyfiles with 0600 permissions. Closes: #373169
      
      gnutls26 (2.2.5-1) unstable; urgency=high
      
        * New upstream version.
          Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
      
      gnutls26 (2.3.9-1) experimental; urgency=low
      
        * New upstream development version.
          - OpenPGP support merged into libgnutls and is now licensed under LGPL.
            The included copy of OpenCDK has been stripped down and re-licensed
            under the LGPL. Using the external OpenCDK is not supported anymore, the
            external library will not be maintained anymore. Drop respective
            (build-)depends.
          - API extended, bump shlibs.
          - certtool asks for password confirmation. Closes: #364287
          - performance enhancements for gnutls_certificate_set_x509_trust_file.
            Closes: #400448
          - gnutls-cli: exits when hostname doesn't match certificate.
            Use --insecure to avoid hostname comparison.
        * For paranoia sake build with -D_REENTRANT even if upstream has stopped
          doing so.
        * [debian/copyright] : update, and stop including a GFDL copy.
        * Point watchfile to development versions.
      
      gnutls26 (2.2.3-1) unstable; urgency=low
      
        * New upstream stable release.
          - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
      
      gnutls26 (2.2.3~rc-1) unstable; urgency=low
      
        * New upstream version. Release candidate for 2.2.3.
          + Increase default handshake packet size limit to 48kb. Closes: #478191
        * remove unsupported .l command from debian/libgnutls-config.1
        * Use Programming/C as doc-base section.
      
      gnutls26 (2.2.2-1) unstable; urgency=low
      
        * New upstream version.
          Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
          and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
          strings and return the proper size.
          corrected string handling in parse_general_name.
          Closes: #465197
        * Point watchfile to ftp.gnutls.org.
        * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
      
      gnutls26 (2.2.1-3) unstable; urgency=low
      
        * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
          gnutls guile wrapper on ia64.
      
      gnutls26 (2.2.1-2) unstable; urgency=low
      
        * Add Vcs-Svn: and Vcs-Browser control fields.
        * Upload to unstable.
      
      gnutls26 (2.2.1-1) experimental; urgency=low
      
        * New upstream version.
        * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
          there.
        * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
          packages contain gnutls-bin debugging symbols. Closes: #459295.
      
      gnutls26 (2.2.0-1) experimental; urgency=low
      
        * New upstream version.
          License change! Main library stays LGPLv2.1+ but libgnutls-extra,
          libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
          updated.
        * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
          versions were GPLv2+) and this license is not compatible with GPLv3+.
        * Non packaged 2.1.8 introduced new symbol
          gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
        * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
        * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
          DSA2 support. Closes: #455513
        * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
      
      gnutls26 (2.1.7-1) experimental; urgency=low
      
        * New upstream version.
          - Another soname bump. Packages renamed.
        * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
          dak does not allow that yet.
        * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
          libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
      
      gnutls25 (2.1.6-2) experimental; urgency=low
      
        * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
          experimental buildds happy.
      
      gnutls25 (2.1.6-1) experimental; urgency=low
      
        * New upstream version. API changes! Please consult
          /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
          removed (mainly *_authz_*) and changed interfaces.
          This is the first release canddate for 2.2. The deprecation of
          gnutls_set_default_priority() is supposed to be undone before the final
          stable release.
        * Bump build-depends.
        * Stop building and shipping the C++ library, since nobody is using it. I
          will happly re-add it if requested.
        * Add Homepage field to debian/control.
        * Build and ship Guile bindings. Requested by Ludovic Courtès who also
          provided the initial patch. (On a sidenote I think guile generally does
          not do the right thing by throwing dlopened modules into /usr/lib/.)
        * Update debian/copyright.
      
      gnutls13 (2.0.1-1) unstable; urgency=low
      
        * New upstream version.
        * Remove doc/*.info* on clean to allow building thrice in a row.
          (Closes: #441740)
      
      gnutls13 (1.7.19-1) unstable; urgency=low
      
        * New upstream version 1.7.19.
          - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
            This takes of care of the mutt breakage. Closes: #439640
      
      gnutls13 (1.7.18-2) unstable; urgency=low
      
        * Upload to unstable
      
      gnutls13 (1.7.18-1) experimental; urgency=low
      
        * New upstream version 1.7.18, release candidate for 2.0.
        * Bump shlibs, since functions have been added.
        * Image files renamed upstream with gnutls- prefix and symlinked to
          /usr/share/info/ in Debian package. Closes: #423577
      
      gnutls13 (1.7.16-1) experimental; urgency=low
      
        * New upstream version 1.7.16.
      
      gnutls13 (1.7.14-1) experimental; urgency=low
      
        * New upstream version
          - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
      
      gnutls13 (1.7.12-1) experimental; urgency=low
      
        * New upstream version 1.7.12
          - Fixes memory errors in certificate parsing. Closes: #333050
        * Bump shlibs, due to API extensions in 1.7.10.
        * Rebuilding of docs simpified, strip debian/README.source_and_patches to
          reflect that.
      
      gnutls13 (1.7.9-1) experimental; urgency=low
      
        * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
        * New upstream version.
          - Uses opencdk10 (0.6.x).
          - Improved gnutls_set_default_priority() priorities, with matching correct
            docs. (Closes: #422024)
          - bumped shlibs.
        * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
          twice in a row on the same sourcetree. (Closes: #424357) Document what is
          needed to rebuild doc/gnutls.pdf in README.source_and_patches.
      
      gnutls13 (1.7.7-1) experimental; urgency=low
      
        * New development upstream version 1.7.7.
          - Point watchfile to development versions.
          - Bump shlibs for added APIs.
          - Includes German translation. (Closes: #392857)
      
      gnutls13 (1.6.3-1) unstable; urgency=low
      
        * New upstream version, pulling selected fixes and features from 1.7.x.
        * Bump shlibs.
      
      gnutls13 (1.6.2-2) unstable; urgency=low
      
        * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      
      gnutls13 (1.6.2-1) unstable; urgency=low
      
        * New upstream version
          - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
            certificates, since it contains a regenerated pkix_asn1_tab.c.
          - Ship German translation. Closes: #392857
      
      gnutls13 (1.6.1-2) unstable; urgency=low
      
        * [gnutls-bin.install] Ship psktool.
        * Ship gettext translations in deb package, but as gnutls13.mo instead of
          gnutls.mo.
        * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
          changelog entries after branchoff. Point watchfile to stable upstream
          versions again.
        * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
      
      gnutls13 (1.6.1-1) experimental; urgency=low
      
        [ James Westby ]
        * New upstream release.
      
      gnutls13 (1.6.0-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls13 (1.5.3-1) experimental; urgency=low
      
        [ Andreas Metzler ]
        * Fix debian/copyright.
          - Do not use "copyright" as title of a paragraph listing licenses.
            (Closes: #290194)
          - Add a copy of the FDL 1.2 to debian/copyright.
        * New upstream version 1.5.3.
        * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
        * Drop code for re-libtoolizing and running auto* from debian/rules, it is
          unused and would not work anymore. (We can later grab the from SVN and
          update it to make work if we ever need it.)
      
      gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
      
        [ Andreas Metzler ]
        * Add a watchfile.
        * New upstream development version.
          - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
          - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
            broken.
          - Drop unneeded patches/16_libs.private_gnutls.diff
            patches/16_libs.private_gnutls-extra.diff
          - Point watchfile to development versions.
          - Builds a C++ library.
        * Switch to debhelper v5 mode to be able to ship debug symbols of
          libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
        * Branched off from 1.4.4-1.
      
      gnutls13 (1.4.4-3) unstable; urgency=low
      
        * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
             When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
             version, try to negotiate the highest version support by the GnuTLS
             server, instead of the lowest.
      
      gnutls13 (1.4.4-2) unstable; urgency=low
      
        [ Andreas Metzler ]
        * Add a watchfile.
        * Fix debian/copyright.
          - Do not use "copyright" as title of a paragraph listing licenses.
            (Closes: #290194)
          - Add a copy of the FDL 1.2 to debian/copyright.
      
      gnutls13 (1.4.4-1) unstable; urgency=high
      
        [ Andreas Metzler ]
        * New upstream version 1.4.4
          - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
            crash mutt. (closes: #386725)
            GNUTLS-SA-2006-4 is CVE-2006-4790.
      
      gnutls13 (1.4.3-2) unstable; urgency=low
      
        * the lesser of two weevils release.
        [ Andreas Metzler ]
        * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
          various programs, including mutt. (closes: #386680)
      
      gnutls13 (1.4.3-1) unstable; urgency=high
      
        [ Andreas Metzler ]
        * New upstream version 1.4.3.
          - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
            rump session attack. GNUTLS-SA-2006-4
          - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
            GNUTLS-SA-2006-3
          - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
      
      gnutls13 (1.4.2-1) unstable; urgency=medium
      
        [ Andreas Metzler ]
        * New upstream bugfix release.
          - Fixes a crash in the certificate verification logic.
      
      gnutls13 (1.4.1-1) unstable; urgency=low
      
        [ James Westby ]
        * New upstream release.
        * Remove the following patches as they are now included upstream:
          - 10_certtoolmanpage.diff
          - 15_fixcompilewarning.diff
          - 30_man_hyphen_*.patch
        * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
          gnutls-api so that devhelp can find it.
      
      gnutls13 (1.4.0-3) unstable; urgency=low
      
        [ Andreas Metzler ]
        * Strip "libgnutls-config --libs"' output to only list stuff required for
          dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
          README.Debian.
        * Pull patches/16_libs.private_gnutls.diff and
          debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
          pkg-config usable for static linking.
      
      gnutls13 (1.4.0-2) unstable; urgency=low
      
        [ Andreas Metzler ]
        * Set maintainer to alioth mailinglist.
        * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
          handles this. Build-Depend on autotools-dev.
        * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
        * Use cdbs' simple-patchsys.mk.
          - add debian/README.source_and_patches
          - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
        * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
        * Also ship css-, devhelp- and sgml files in gnutls-doc.
        * patches/15_fixcompilewarning.diff correct order of funtion arguments.
      
        [ James Westby ]
        * This release allows the port to be specified as the name of the service
          when using gnutls-cli (closes: #342891)
      
      gnutls13 (1.4.0-1) experimental; urgency=low
      
        * New maintainer team. Thanks, Matthias for all the work you did.
        * Re-add gnutls-doc package, featuring api-reference as manual pages and
          html, and reference manual in html and pdf format.
          (closes: #368185,#368449)
        * Fix reference to gnutls0.4-doc package in debian/copyright. Update
          debian/copyright and include actual copyright statements.
          (closes: #369071)
        * Bump shlibs because of changes to extra.h
        * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
          generate the necessary directories.
        * Drop debian/NEWS.Debian as it only talks about the move of the (since
          purged) gnutls-doc package to contrib a long time ago.
          (Thanks Simon Josefsson, for these suggestions.)
        * new upstream version. (closes: #368323)
        * clean packaging against upstream tarball.
          - Drop all patches, except for fixing error in certtool.1 and setting
            gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
          - Add  --enable-ld-version-script
            to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
            patching ./configure.in.
          (closes: #367358)
        * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
        * Build against external libtasn1-3. (closes: #363294)
        * Standards-Version: 3.7.2, no changes required.
        * debian/control and override file are in sync with respect to Priority and
          Section, everthing except libgnutls13-dbg already was. (closes: #366956)
        * acknowledge my own NMU. (closes: #367065)
        * libgnutls13-dbg is nonempty (closes: #367056)
      
      gnutls13 (1.3.5-1.1) unstable; urgency=low
      
        * NMU
        * Invoke ./configure with --with-included-libtasn1 to prevent accidental
          linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
          contained libtasn1.so.3 and force gnutls13 to use the internal version of
          libtasn instead until libtasn1-3-dev is uploaded. Drop broken
          Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
        * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
          of --dbg-package=libgnutls12. (closes: #367056)
      
      gnutls13 (1.3.5-1) unstable; urgency=low
      
        * New Upstream version.
          - Security fix.
          - Yet another ABI change.
        * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
        * Let -dev package depend on liblzo-dev (closes:#347438)
        * Fix certtool help output (closes:#338623)
      
      gnutls12 (1.2.9-2) unstable; urgency=low
      
        * Install /usr/lib/pkgconfig/*.pc files.
        * Depend on texinfo (>= 4.8, for the @euro{} sign).
      
      gnutls12 (1.2.9-1) unstable; urgency=low
      
        * New Upstream version.
      
      gnutls12 (1.2.8-1) unstable; urgency=low
      
        * New Upstream version.
          - depends on libgcrypt11 1.2.2
        * Bumped shlibs version, just to be on the safe side.
      
      gnutls12 (1.2.6-1) unstable; urgency=low
      
        * New Upstream version.
        * Remove Provides: on libgnutls11-dev.
          Hopefully this will be temporary (pending discussion with Upstream).
      
      gnutls12 (1.2.5-3) unstable; urgency=high
      
        * Updated libgnutls12.shlibs file.
          Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
          Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                        dependencies on this library
      
      gnutls12 (1.2.5-2) unstable; urgency=medium
      
        * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
          Added an explicit dependency as a stopgap fix.
      
      gnutls12 (1.2.5-1) unstable; urgency=low
      
        * Merged with the latest stable release.
        * Renamed to gnutls12.
          - Changed the library version strings to GNUTLS_1_2.
          - Renamed the development package back to "libgnutls-dev".
      
      gnutls11 (1.0.19-1) experimental; urgency=low
      
        * Merged with the latest stable release.
      
      gnutls11 (1.0.16-13) unstable; urgency=high
      
        * Fixed an ASN.1 extraction error.
          Found by Pelle Johansson <morth@morth.org>.
      
      gnutls11 (1.0.16-12) unstable; urgency=high
      
        * Fixed a segfault in certtool. Closes: #278361.
      
      gnutls11 (1.0.16-11) unstable; urgency=medium
      
        * Merged binary (non-UF8) string printing code from Upstream.
        * Password code in certtool was somewhat broken.
      
      gnutls11 (1.0.16-10) unstable; urgency=high
      
        * Fixed one instance of uninitialized memory usage.
      
      gnutls11 (1.0.16-9) unstable; urgency=high
      
        * Pulled from Upstream CVS:
          - Fix two memory leaks.
          - Fix NULL dereference.
      
      gnutls11 (1.0.16-8) unstable; urgency=high
      
        * Pulled these changes from Upstream CVS:
          - Added default limits in the verification of certificate chains,
            to avoid denial of service attacks.
          - Added gnutls_certificate_set_verify_limits() to override them.
          - Added gnutls_certificate_verify_peers2().
      
      gnutls11 (1.0.16-7) unstable; urgency=low
      
        * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
          Thanks to joeyh@debian.org for reporting this problem.
      
      gnutls11 (1.0.16-6) unstable; urgency=medium
      
        * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
          - Closes: #264420
      
      gnutls11 (1.0.16-5) unstable; urgency=low
      
        * Depend on current libtasn1-2 (>= 0.2.10).
          - Closes: #264198.
        * Fixed maintainer email to point to Debian address.
      
      gnutls11 (1.0.16-4) unstable; urgency=low
      
        * The OpenSSL compatibility library has been linked incorrectly
          (-ltasn1 was missing).
        * Need to build-depend on current opencdk8 and libtasn1-2 version.
      
      gnutls11 (1.0.16-3) unstable; urgency=high
      
        * Documentation no longer includes LaTeX-produced output
          (the source contains latex2html-specific features, which is non-free).
        * Urgency: High because of pending base freeze.
      
      gnutls11 (1.0.16-2) unstable; urgency=high
      
        * Actually *enable* debug symbols :-/
        * Urgency: High for speedy inclusion in d-i
      
      gnutls11 (1.0.16-1) experimental; urgency=low
      
        * Update to latest Upstream version.
        * now depends on libgcrypt11
        * Include debugging package
        * Use hevea, not latex2html.
      
      gnutls10 (1.0.4-4) unstable; urgency=low
      
        * New maintainer.
        * Run autotools at source package build time.
          - Closes: #257237: FTBFS (i386/sid): aclocal failed
        * Remove "package is still changed upstream" warning.
        * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
      
      gnutls10 (1.0.4-3) unstable; urgency=low
      
        * control: Changed the build dependency and the dependency of
          libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
          libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
          could cause linking against two versions of libgcrypt.
      
      gnutls10 (1.0.4-2) unstable; urgency=low
      
        * libgnutls-doc.doc-base: Removed HTML manual listing.
        * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
          Jordi :)
      
      gnutls10 (1.0.4-1) unstable; urgency=low
      
        * New upstream release  (Closes: #227527)
            * The new documentation in libgnutls-doc fixes several typo's and
              style glitches:  
              Closes: #215772: inconsistent auth method list in manual
              Closes: #215775: dangling footnote on page 14 of manual
              Closes: #215777: bad sentence on page 18 of manual
              Closes: #215780: incorrect info about ldaps/imaps in manual
        * rules:
            * Use --add-missing instead of --force in the call to automake.
            * Don't build gnutls.ps, use the upstream version.
              (Closes: #224846)
        * gnutls-bin.manpages: Use glob to find manpages.
        * patches/008_manpages.diff: Removed; included upstream.
      
      gnutls10 (1.0.0-1) unstable; urgency=low
      
        * New upstream release.
        * Major soversion changed to 10.
        * control: Changed build dependencies of libtasn1-dev.
        * libgnutls10.shlibs: Added libgnutls-openssl to the list.
      
      gnutls8 (0.9.99-1) experimental; urgency=low
      
        * New upstream release.
        * Included upstream GPG signature in .orig.tar.gz.
      
      gnutls8 (0.9.98-1) experimental; urgency=low
      
        * New upstream release.
        * debian/control: libgnutls8-dev depends on libopencdk8-dev.
        * debian/libgnutls-doc.examples: Install src/*.[ch].
      
      gnutls8 (0.9.95-1) experimental; urgency=low
      
        * New upstream version.
      
      gnutls8 (0.9.94-1) experimental; urgency=low
      
        * New upstream version; package based on gnutls7 0.8.12-2.
        * debian/control:
            * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
        * debian/rules: Run auto* after the patches have been applied.
      ff2cf297