Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • pkg/gnutls28
  • not_a_robot/gnutls28
  • detlev/gnutls28
3 results
Show changes
Commits on Source (58)
  • Andreas Metzler's avatar
    Import Debian changes 3.4.10-4 · ff2cf297
    Andreas Metzler authored
    gnutls28 (3.4.10-4) unstable; urgency=medium
    
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    
    gnutls28 (3.4.10-3) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.10-2) experimental; urgency=medium
    
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    
    gnutls28 (3.4.10-1) experimental; urgency=medium
    
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    
    gnutls28 (3.4.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.9-1) experimental; urgency=medium
    
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    
    gnutls28 (3.4.8-3) unstable; urgency=medium
    
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    
    gnutls28 (3.4.8-2) unstable; urgency=medium
    
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    
    gnutls28 (3.4.8-1) experimental; urgency=medium
    
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.4.7-1) experimental; urgency=medium
    
      * New upstream version.
        + Update symbol file.
    
    gnutls28 (3.4.6-1) experimental; urgency=medium
    
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    
    gnutls28 (3.4.5-1) experimental; urgency=medium
    
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    
      [ Andreas Metzler ]
      * New upstream version.
    
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    
    gnutls28 (3.4.3-1) experimental; urgency=medium
    
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    
    gnutls28 (3.4.2-2) experimental; urgency=medium
    
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    
    gnutls28 (3.4.2-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    
    gnutls28 (3.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    
    gnutls28 (3.3.20-1) unstable; urgency=medium
    
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.3.19-1) unstable; urgency=medium
    
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    
    gnutls28 (3.3.18-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.3.17-1) unstable; urgency=medium
    
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    
    gnutls28 (3.3.16-2) unstable; urgency=medium
    
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    
    gnutls28 (3.3.16-1) unstable; urgency=medium
    
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    
    gnutls28 (3.3.15-7) unstable; urgency=medium
    
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    
    gnutls28 (3.3.15-6) unstable; urgency=high
    
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    
    gnutls28 (3.3.15-5) unstable; urgency=medium
    
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    
    gnutls28 (3.3.15-4) experimental; urgency=medium
    
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    
    gnutls28 (3.3.15-3) experimental; urgency=medium
    
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    
    gnutls28 (3.3.15-2) unstable; urgency=medium
    
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    
    gnutls28 (3.3.15-1) unstable; urgency=medium
    
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    
    gnutls28 (3.3.14-3) experimental; urgency=medium
    
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    
    gnutls28 (3.3.14-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    
    gnutls28 (3.3.14-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    
    gnutls28 (3.3.13-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    
    gnutls28 (3.3.12-1) experimental; urgency=medium
    
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    
    gnutls28 (3.3.11-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    
    gnutls28 (3.3.10-2) experimental; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.10-1) experimental; urgency=medium
    
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    
    gnutls28 (3.3.9-1) experimental; urgency=medium
    
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    
    gnutls28 (3.3.8-7) unstable; urgency=medium
    
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    
    gnutls28 (3.3.8-6) unstable; urgency=medium
    
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    
    gnutls28 (3.3.8-5) unstable; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.8-4) unstable; urgency=high
    
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    
    gnutls28 (3.3.8-3) unstable; urgency=high
    
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    
    gnutls28 (3.3.8-2) unstable; urgency=medium
    
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    
    gnutls28 (3.3.8-1) experimental; urgency=medium
    
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    
    gnutls28 (3.3.7-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.3.7-1) experimental; urgency=medium
    
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    
    gnutls28 (3.3.6-2) unstable; urgency=medium
    
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    
    gnutls28 (3.3.6-1) experimental; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    
    gnutls28 (3.3.5-1) experimental; urgency=medium
    
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    
    gnutls28 (3.3.3-1) experimental; urgency=medium
    
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    
    gnutls28 (3.3.2-2) experimental; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    
    gnutls28 (3.3.2-1) experimental; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    
    gnutls28 (3.3.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    
    gnutls28 (3.3.0-2) experimental; urgency=medium
    
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.3.0-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    
    gnutls28 (3.2.16-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.2.15-3) unstable; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    
    gnutls28 (3.2.15-2) unstable; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    
    gnutls28 (3.2.15-1) unstable; urgency=high
    
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    
    gnutls28 (3.2.14-1) unstable; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    
    gnutls28 (3.2.13-2) unstable; urgency=medium
    
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.2.13-1) unstable; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
    
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop superfluous patches: 
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    
    gnutls28 (3.2.11-2) unstable; urgency=high
    
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    
    gnutls28 (3.2.11-1) unstable; urgency=high
    
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    
    gnutls28 (3.2.10-2) unstable; urgency=high
    
      * Upload to unstable.
    
    gnutls28 (3.2.10-1) experimental; urgency=high
    
      * New upstream version.
      * New symbols exported, bump shlibs.
    
    gnutls28 (3.2.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.2.9-1) experimental; urgency=medium
    
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    
    gnutls28 (3.2.7-4) experimental; urgency=low
    
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    
    gnutls28 (3.2.7-3) unstable; urgency=low
    
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.7-2) experimental; urgency=low
    
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    
    gnutls28 (3.2.7-1) experimental; urgency=low
    
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    
    gnutls28 (3.2.6-2) experimental; urgency=low
    
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    
    gnutls28 (3.2.6-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.2.5-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    
    gnutls28 (3.2.4-5) experimental; urgency=low
    
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    
    gnutls28 (3.2.4-4) unstable; urgency=low
    
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    
    gnutls28 (3.2.4-3) unstable; urgency=low
    
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    
    gnutls28 (3.2.4-2) unstable; urgency=low
    
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    
    gnutls28 (3.2.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    
    gnutls28 (3.2.3-3) experimental; urgency=low
    
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    
    gnutls28 (3.2.3-2) experimental; urgency=low
    
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    
    gnutls28 (3.2.3-1) unstable; urgency=low
    
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    
    gnutls28 (3.2.2-2) unstable; urgency=low
    
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff 
    
    gnutls28 (3.2.2-1) unstable; urgency=low
    
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    
    gnutls28 (3.2.1-2) unstable; urgency=low
    
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    
    gnutls28 (3.2.1-1) experimental; urgency=low
    
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    
    gnutls28 (3.1.12-2) unstable; urgency=low
    
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    
    gnutls28 (3.1.12-1) experimental; urgency=low
    
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    
    gnutls28 (3.1.11-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.1.10-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
    
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    
    gnutls28 (3.1.8-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.1.7-1) experimental; urgency=low
    
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    
    gnutls28 (3.1.6-1) experimental; urgency=low
    
      * Update watchfile, based on Bart Martens version for gnutls26 on 
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF. 
    
    gnutls28 (3.1.5-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    
    gnutls28 (3.1.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    
    gnutls28 (3.1.3-1) experimental; urgency=low
    
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    
    gnutls28 (3.1.2-1) experimental; urgency=low
    
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    
    gnutls28 (3.1.1-1) experimental; urgency=low
    
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    
    gnutls28 (3.1.0-5) experimental; urgency=low
    
      * 43_possiblefix.diff might fix the test suite error.
    
    gnutls28 (3.1.0-4) experimental; urgency=low
    
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    
    gnutls28 (3.1.0-3) experimental; urgency=low
    
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    
    gnutls28 (3.1.0-2) experimental; urgency=low
    
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    
    gnutls28 (3.1.0-1) experimental; urgency=low
    
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    
    gnutls28 (3.0.22-2) unstable; urgency=low
    
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    
    gnutls28 (3.0.22-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.21-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    
    gnutls28 (3.0.20-3) unstable; urgency=low
    
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    
    gnutls28 (3.0.20-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.20-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    
    gnutls28 (3.0.19-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.19-1) experimental; urgency=low
    
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    
    gnutls28 (3.0.18-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.18-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    
    gnutls28 (3.0.17-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.17-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.15-2) experimental; urgency=low
    
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    
    gnutls28 (3.0.15-1) experimental; urgency=low
    
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    
    gnutls28 (3.0.14-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    
    gnutls28 (3.0.13-1) experimental; urgency=low
    
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    
    gnutls28 (3.0.12-2) unstable; urgency=low
    
      * De-multiarch guile-gnutls. Closes: #658110
    
    gnutls28 (3.0.12-1) unstable; urgency=low
    
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    
    gnutls28 (3.0.11-1) unstable; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.10-1) unstable; urgency=low
    
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    
    gnutls28 (3.0.9-2) unstable; urgency=low
    
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    
    gnutls28 (3.0.9-1) experimental; urgency=low
    
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    
    gnutls28 (3.0.8-2) unstable; urgency=low
    
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    
    gnutls28 (3.0.8-1) experimental; urgency=low
    
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.7-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    
    gnutls28 (3.0.4-2) experimental; urgency=low
    
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    
    gnutls28 (3.0.4-1) experimental; urgency=low
    
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    
    gnutls28 (3.0.3-1) experimental; urgency=low
    
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    
    gnutls28 (3.0.2-1) experimental; urgency=low
    
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    
    gnutls28 (3.0.1-1) experimental; urgency=low
    
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service. 
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    
    gnutls28 (3.0.0-2) experimental; urgency=low
    
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    
    gnutls28 (3.0.0-1) experimental; urgency=low
    
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    
    gnutls26 (2.12.7-4) unstable; urgency=low
    
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    
    gnutls26 (2.12.7-3) experimental; urgency=low
    
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.12.7-2) experimental; urgency=low
    
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with 
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    
    gnutls26 (2.12.7-1) experimental; urgency=low
    
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    
    gnutls26 (2.12.5-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    
    gnutls26 (2.12.4-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    
    gnutls26 (2.12.3-1) experimental; urgency=low
    
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    
    gnutls26 (2.12.2-2) experimental; urgency=low
    
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    
    gnutls26 (2.12.2-1) experimental; urgency=low
    
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    
    gnutls26 (2.12.1-1) experimental; urgency=low
    
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    
    gnutls26 (2.12.0-1) experimental; urgency=low
    
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    
    gnutls26 (2.11.7-2) experimental; urgency=low
    
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    
    gnutls26 (2.11.7-1) experimental; urgency=low
    
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    
    gnutls26 (2.11.6-2) experimental; urgency=low
    
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    
    gnutls26 (2.11.6-1) experimental; urgency=low
    
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.5-3) unstable; urgency=medium
    
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.10.5-2) unstable; urgency=low
    
      * Stop shipping libtool la files.
    
    gnutls26 (2.10.5-1) unstable; urgency=low
    
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.4-2) unstable; urgency=low
    
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    
    gnutls26 (2.10.4-1) experimental; urgency=low
    
      * New upstream release. V1 CAs are trusted by default.
    
    gnutls26 (2.10.3-1) experimental; urgency=low
    
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    
    gnutls26 (2.10.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    
    gnutls26 (2.10.1-1) experimental; urgency=low
    
      * Update package descriptions. Closes: #588067
      * New upstream version.
    
    gnutls26 (2.10.0-2) experimental; urgency=low
    
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    
    gnutls26 (2.10.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Point watchfile to stable releases.
    
    gnutls26 (2.9.12-2) experimental; urgency=low
    
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    
    gnutls26 (2.9.12-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.9.11-1) experimental; urgency=low
    
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    
    gnutls26 (2.9.10-2) experimental; urgency=low
    
      * [15_gnutlspriority.diff] Restore compatibility with programs using 
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    
    gnutls26 (2.9.10-1) experimental; urgency=low
    
      * New upstream version.
      * New functions added, bump shlibs.
    
    gnutls26 (2.9.9-1) experimental; urgency=low
    
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    
    gnutls26 (2.8.6-1) unstable; urgency=low
    
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us 
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    
    gnutls26 (2.8.5-2) unstable; urgency=low
    
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    
    gnutls26 (2.8.5-1) unstable; urgency=low
    
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    
    gnutls26 (2.8.4-2) unstable; urgency=high
    
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    
    gnutls26 (2.8.4-1) unstable; urgency=low
    
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    
    gnutls26 (2.8.3-3) unstable; urgency=low
    
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    
    gnutls26 (2.8.3-2) unstable; urgency=low
    
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    
    gnutls26 (2.8.3-1) unstable; urgency=high
    
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    
    gnutls26 (2.8.1-2) unstable; urgency=low
    
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    
    gnutls26 (2.8.1-1) experimental; urgency=low
    
      * New upstream stable release.
    
    gnutls26 (2.7.14-1) experimental; urgency=low
    
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    
    gnutls26 (2.7.12-1) experimental; urgency=low
    
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    
    gnutls26 (2.6.6-1) unstable; urgency=high
    
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    
    gnutls26 (2.6.5-1) unstable; urgency=low
    
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    
    gnutls26 (2.6.4-2) unstable; urgency=low
    
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    
    gnutls26 (2.6.4-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.6.3-1) experimental; urgency=low
    
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    
    gnutls26 (2.6.2-2) experimental; urgency=low
    
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    
    gnutls26 (2.6.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    
    gnutls26 (2.6.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    
    gnutls26 (2.5.9-1) experimental; urgency=low
    
      * New upstream development version.
      * Bump shlibs.
    
    gnutls26 (2.4.2-6) unstable; urgency=medium
    
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes. 
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    
    gnutls26 (2.4.2-5) unstable; urgency=low
    
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    
    gnutls26 (2.4.2-4) unstable; urgency=medium
    
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    
    gnutls26 (2.4.2-3) unstable; urgency=low
    
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    
    gnutls26 (2.4.2-2) unstable; urgency=medium
    
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    
    gnutls26 (2.4.2-1) unstable; urgency=low
    
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    
    gnutls26 (2.4.1-1) unstable; urgency=medium
    
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    
    gnutls26 (2.4.0-2) unstable; urgency=low
    
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    
    gnutls26 (2.4.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    
    gnutls26 (2.3.15-1) experimental; urgency=low
    
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    
    gnutls26 (2.3.14-1) experimental; urgency=low
    
      * New upstream version. (rc3)
    
    gnutls26 (2.3.13-1) experimental; urgency=low
    
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    
    gnutls26 (2.3.12-1) experimental; urgency=low
    
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    
    gnutls26 (2.3.11-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    
    gnutls26 (2.2.5-1) unstable; urgency=high
    
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    
    gnutls26 (2.3.9-1) experimental; urgency=low
    
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    
    gnutls26 (2.2.3-1) unstable; urgency=low
    
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    
    gnutls26 (2.2.2-1) unstable; urgency=low
    
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    
    gnutls26 (2.2.1-3) unstable; urgency=low
    
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    
    gnutls26 (2.2.1-2) unstable; urgency=low
    
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    
    gnutls26 (2.2.1-1) experimental; urgency=low
    
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    
    gnutls26 (2.2.0-1) experimental; urgency=low
    
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    
    gnutls26 (2.1.7-1) experimental; urgency=low
    
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    
    gnutls25 (2.1.6-2) experimental; urgency=low
    
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    
    gnutls25 (2.1.6-1) experimental; urgency=low
    
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    
    gnutls13 (2.0.1-1) unstable; urgency=low
    
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    
    gnutls13 (1.7.19-1) unstable; urgency=low
    
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    
    gnutls13 (1.7.18-2) unstable; urgency=low
    
      * Upload to unstable
    
    gnutls13 (1.7.18-1) experimental; urgency=low
    
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    
    gnutls13 (1.7.16-1) experimental; urgency=low
    
      * New upstream version 1.7.16.
    
    gnutls13 (1.7.14-1) experimental; urgency=low
    
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    
    gnutls13 (1.7.12-1) experimental; urgency=low
    
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    
    gnutls13 (1.7.9-1) experimental; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    
    gnutls13 (1.7.7-1) experimental; urgency=low
    
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    
    gnutls13 (1.6.3-1) unstable; urgency=low
    
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    
    gnutls13 (1.6.2-2) unstable; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    
    gnutls13 (1.6.2-1) unstable; urgency=low
    
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    
    gnutls13 (1.6.1-2) unstable; urgency=low
    
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    
    gnutls13 (1.6.1-1) experimental; urgency=low
    
      [ James Westby ]
      * New upstream release.
    
    gnutls13 (1.6.0-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls13 (1.5.3-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    
    gnutls13 (1.4.4-3) unstable; urgency=low
    
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    
    gnutls13 (1.4.4-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    
    gnutls13 (1.4.4-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    
    gnutls13 (1.4.3-2) unstable; urgency=low
    
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    
    gnutls13 (1.4.3-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    
    gnutls13 (1.4.2-1) unstable; urgency=medium
    
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    
    gnutls13 (1.4.1-1) unstable; urgency=low
    
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    
    gnutls13 (1.4.0-3) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    
    gnutls13 (1.4.0-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    
    gnutls13 (1.4.0-1) experimental; urgency=low
    
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    
    gnutls13 (1.3.5-1) unstable; urgency=low
    
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    
    gnutls12 (1.2.9-2) unstable; urgency=low
    
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    
    gnutls12 (1.2.9-1) unstable; urgency=low
    
      * New Upstream version.
    
    gnutls12 (1.2.8-1) unstable; urgency=low
    
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    
    gnutls12 (1.2.6-1) unstable; urgency=low
    
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    
    gnutls12 (1.2.5-3) unstable; urgency=high
    
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    
    gnutls12 (1.2.5-2) unstable; urgency=medium
    
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    
    gnutls12 (1.2.5-1) unstable; urgency=low
    
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    
    gnutls11 (1.0.19-1) experimental; urgency=low
    
      * Merged with the latest stable release.
    
    gnutls11 (1.0.16-13) unstable; urgency=high
    
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    
    gnutls11 (1.0.16-12) unstable; urgency=high
    
      * Fixed a segfault in certtool. Closes: #278361.
    
    gnutls11 (1.0.16-11) unstable; urgency=medium
    
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    
    gnutls11 (1.0.16-10) unstable; urgency=high
    
      * Fixed one instance of uninitialized memory usage.
    
    gnutls11 (1.0.16-9) unstable; urgency=high
    
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    
    gnutls11 (1.0.16-8) unstable; urgency=high
    
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    
    gnutls11 (1.0.16-7) unstable; urgency=low
    
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    
    gnutls11 (1.0.16-6) unstable; urgency=medium
    
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    
    gnutls11 (1.0.16-5) unstable; urgency=low
    
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    
    gnutls11 (1.0.16-4) unstable; urgency=low
    
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    
    gnutls11 (1.0.16-3) unstable; urgency=high
    
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    
    gnutls11 (1.0.16-2) unstable; urgency=high
    
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    
    gnutls11 (1.0.16-1) experimental; urgency=low
    
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    
    gnutls10 (1.0.4-4) unstable; urgency=low
    
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    
    gnutls10 (1.0.4-3) unstable; urgency=low
    
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    
    gnutls10 (1.0.4-2) unstable; urgency=low
    
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    
    gnutls10 (1.0.4-1) unstable; urgency=low
    
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:  
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    
    gnutls10 (1.0.0-1) unstable; urgency=low
    
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    
    gnutls8 (0.9.99-1) experimental; urgency=low
    
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    
    gnutls8 (0.9.98-1) experimental; urgency=low
    
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    
    gnutls8 (0.9.95-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls8 (0.9.94-1) experimental; urgency=low
    
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    ff2cf297
  • Apertis package maintainers's avatar
    e1d89f40
  • Sjoerd Simons's avatar
    da30a6e7
  • Ritesh Raj Sarraf's avatar
  • Marc Deslauriers's avatar
    Import Debian changes 3.4.10-4ubuntu1.7 · 66a52c6e
    Marc Deslauriers authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
    gnutls28 (3.4.10-4ubuntu1.7) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a
        priority string (LP: #1860656)
        - debian/patches/allow_broken_priority_string.patch: introduce the
          %VERIFY_ALLOW_BROKEN priority string option.
        - debian/patches/allow_sha1_priority_string.patch: introduce the
          %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option.
    
    gnutls28 (3.4.10-4ubuntu1.6) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing
        - debian/patches/insecuresha1-*.patch: backport upstream patches to
          allow marking SHA1 as insecure, but only for certificate signing.
        - debian/libgnutls30.symbols: added new symbol.
    
    gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Lucky-13 issues
        - debian/patches/CVE-2018-1084x-1.patch: correctly account the length
          field in SHA384 HMAC in lib/algorithms/mac.c, lib/gnutls_cipher.c.
        - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of
          blocks that would have been on minimum pad in lib/gnutls_cipher.c.
        - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under
          SSL3.0 in lib/gnutls_cipher.c.
        - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
          ciphersuites were removed from defaults in lib/gnutls_priority.c,
          tests/priorities.c.
        - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in
          tests/pkcs12_encode.c.
        - CVE-2018-10844
        - CVE-2018-10845
        - CVE-2018-10846
    
    gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium
    
      * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
        OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
        which includes TLS1.2 support. (LP: #1709193)
    
    gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium
    
      * SECURITY UPDATE: null pointer dereference via status response TLS
        extension decoding
        - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
          properly deinitialized in lib/ext/status_request.c.
        - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
          from client extension in lib/ext/status_request.c.
        - debian/patches/CVE-2017-7507-3.patch: documented requirements for
          parameters in lib/ext/status_request.c.
        - CVE-2017-7507
      * SECURITY UPDATE: DoS and possible code execution via OpenPGP
        certificate decoding
        - debian/patches/CVE-2017-7869.patch: enforce packet limits in
          lib/opencdk/read-packet.c.
        - CVE-2017-7869
    
    gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium
    
      * SECURITY UPDATE: OCSP validation issue
        - debian/patches/CVE-2016-7444.patch: correctly verify the serial
          length in lib/x509/ocsp.c.
        - CVE-2016-7444
      * SECURITY UPDATE: denial of service via warning alerts
        - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
          messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
          lib/gnutls_state.c.
        - CVE-2016-8610
      * SECURITY UPDATE: double-free when reading proxy language
        - debian/patches/CVE-2017-5334.patch: fix double-free in
          lib/x509/x509_ext.c.
        - CVE-2017-5334
      * SECURITY UPDATE: out of memory error in stream reading functions
        - debian/patches/CVE-2017-5335.patch: add error checking to
          lib/opencdk/read-packet.c.
        - CVE-2017-5335
      * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
        - debian/patches/CVE-2017-5336.patch: check return code in
          lib/opencdk/pubkey.c.
        - CVE-2017-5336
      * SECURITY UPDATE: heap read overflow when reading streams
        - debian/patches/CVE-2017-5337.patch: add more precise checks to
          lib/opencdk/read-packet.c.
        - CVE-2017-5337
      * debian/patches/fix_expired_certs.patch: use datefudge to fix test with
        expired certs.
    
    gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium
    
      * SRU: LP: #1592693.
      * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools
        in xenial.
    
    gnutls28 (3.4.10-4ubuntu1) xenial; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Make gnutls28 default.
        - debian/patches/disable_global_init_override_test.patch: disable failing
          test.
    
    gnutls28 (3.4.10-4) unstable; urgency=medium
    
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    
    gnutls28 (3.4.10-3) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.10-2) experimental; urgency=medium
    
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    
    gnutls28 (3.4.10-1) experimental; urgency=medium
    
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    
    gnutls28 (3.4.9-2ubuntu1) xenial; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Make gnutls28 default.
        - debian/patches/disable_global_init_override_test.patch: disable failing
          test.
    
    gnutls28 (3.4.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.9-1) experimental; urgency=medium
    
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    
    gnutls28 (3.4.8-3) unstable; urgency=medium
    
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    
    gnutls28 (3.4.8-2) unstable; urgency=medium
    
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    
    gnutls28 (3.4.8-1) experimental; urgency=medium
    
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.4.7-1) experimental; urgency=medium
    
      * New upstream version.
        + Update symbol file.
    
    gnutls28 (3.4.6-1) experimental; urgency=medium
    
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    
    gnutls28 (3.4.5-1) experimental; urgency=medium
    
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    
      [ Andreas Metzler ]
      * New upstream version.
    
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    
    gnutls28 (3.4.3-1) experimental; urgency=medium
    
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    
    gnutls28 (3.4.2-2) experimental; urgency=medium
    
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    
    gnutls28 (3.4.2-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    
    gnutls28 (3.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    
    gnutls28 (3.3.20-1ubuntu1) xenial; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
      * debian/patches/disable_global_init_override_test.patch: disable failing
        test.
    
    gnutls28 (3.3.20-1) unstable; urgency=medium
    
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.3.19-1) unstable; urgency=medium
    
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    
    gnutls28 (3.3.18-1ubuntu1) xenial; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
    
    gnutls28 (3.3.18-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.3.17-1) unstable; urgency=medium
    
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    
    gnutls28 (3.3.16-2) unstable; urgency=medium
    
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    
    gnutls28 (3.3.16-1) unstable; urgency=medium
    
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    
    gnutls28 (3.3.15-7) unstable; urgency=medium
    
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    
    gnutls28 (3.3.15-6) unstable; urgency=high
    
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    
    gnutls28 (3.3.15-5ubuntu2) wily; urgency=medium
    
      * SECURITY UPDATE: Double free in certificate DN decoding
        - debian/patches/CVE-2015-6251.patch: Reset the output value on error
          in lib/x509/common.c.
        - CVE-2015-6251
    
    gnutls28 (3.3.15-5ubuntu1) wily; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
    
    gnutls28 (3.3.15-5) unstable; urgency=medium
    
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    
    gnutls28 (3.3.15-4) experimental; urgency=medium
    
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    
    gnutls28 (3.3.15-3) experimental; urgency=medium
    
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    
    gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
      * Dropped patches included in new version:
        - debian/patches/CVE-2015-0294.patch
        - debian/patches/CVE-2014-8564.patch
    
    gnutls28 (3.3.15-2) unstable; urgency=medium
    
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    
    gnutls28 (3.3.15-1) unstable; urgency=medium
    
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    
    gnutls28 (3.3.14-3) experimental; urgency=medium
    
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    
    gnutls28 (3.3.14-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    
    gnutls28 (3.3.14-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    
    gnutls28 (3.3.13-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    
    gnutls28 (3.3.12-1) experimental; urgency=medium
    
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    
    gnutls28 (3.3.11-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    
    gnutls28 (3.3.10-2) experimental; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.10-1) experimental; urgency=medium
    
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    
    gnutls28 (3.3.9-1) experimental; urgency=medium
    
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    
    gnutls28 (3.3.8-7) unstable; urgency=medium
    
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    
    gnutls28 (3.3.8-6) unstable; urgency=medium
    
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    
    gnutls28 (3.3.8-5) unstable; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.8-4) unstable; urgency=high
    
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    
    gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium
    
      * SECURITY UPDATE: certificate algorithm consistency issue
        - debian/patches/CVE-2015-0294.patch: make sure the two signature
          algorithms match on cert import in lib/x509/x509.c.
        - CVE-2015-0294
    
    gnutls28 (3.3.8-3ubuntu2) vivid; urgency=medium
    
      * SECURITY UPDATE: denial of service and possible code execution via
        elliptic curves parameter printing
        - debian/patches/CVE-2014-8564.patch: add more sanity checks in
          lib/gnutls_ecc.c.
        - CVE-2014-8564
    
    gnutls28 (3.3.8-3ubuntu1) vivid; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Make gnutls28 default.
    
    gnutls28 (3.3.8-3) unstable; urgency=high
    
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    
    gnutls28 (3.3.8-2) unstable; urgency=medium
    
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    
    gnutls28 (3.3.8-1) experimental; urgency=medium
    
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    
    gnutls28 (3.3.7-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.3.7-1) experimental; urgency=medium
    
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    
    gnutls28 (3.3.6-2) unstable; urgency=medium
    
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    
    gnutls28 (3.3.6-1) experimental; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    
    gnutls28 (3.3.5-1) experimental; urgency=medium
    
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    
    gnutls28 (3.3.3-1) experimental; urgency=medium
    
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    
    gnutls28 (3.3.2-2) experimental; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    
    gnutls28 (3.3.2-1) experimental; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    
    gnutls28 (3.3.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    
    gnutls28 (3.3.0-2) experimental; urgency=medium
    
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.3.0-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    
    gnutls28 (3.2.16-1ubuntu2) utopic; urgency=medium
    
      * No-change rebuild to get debug symbols on all architectures.
    
    gnutls28 (3.2.16-1ubuntu1) utopic; urgency=medium
    
      * Make gnutls28 default.
    
    gnutls28 (3.2.16-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.2.15-3) unstable; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    
    gnutls28 (3.2.15-2) unstable; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    
    gnutls28 (3.2.15-1) unstable; urgency=high
    
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    
    gnutls28 (3.2.14-1) unstable; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    
    gnutls28 (3.2.13-2) unstable; urgency=medium
    
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.2.13-1) unstable; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
    
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop superfluous patches: 
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    
    gnutls28 (3.2.11-2) unstable; urgency=high
    
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    
    gnutls28 (3.2.11-1) unstable; urgency=high
    
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    
    gnutls28 (3.2.10-2) unstable; urgency=high
    
      * Upload to unstable.
    
    gnutls28 (3.2.10-1) experimental; urgency=high
    
      * New upstream version.
      * New symbols exported, bump shlibs.
    
    gnutls28 (3.2.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.2.9-1) experimental; urgency=medium
    
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    
    gnutls28 (3.2.7-4) experimental; urgency=low
    
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    
    gnutls28 (3.2.7-3) unstable; urgency=low
    
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.7-2) experimental; urgency=low
    
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    
    gnutls28 (3.2.7-1) experimental; urgency=low
    
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    
    gnutls28 (3.2.6-2) experimental; urgency=low
    
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    
    gnutls28 (3.2.6-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.2.5-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    
    gnutls28 (3.2.4-5) experimental; urgency=low
    
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    
    gnutls28 (3.2.4-4) unstable; urgency=low
    
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    
    gnutls28 (3.2.4-3) unstable; urgency=low
    
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    
    gnutls28 (3.2.4-2) unstable; urgency=low
    
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    
    gnutls28 (3.2.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    
    gnutls28 (3.2.3-3) experimental; urgency=low
    
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    
    gnutls28 (3.2.3-2) experimental; urgency=low
    
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    
    gnutls28 (3.2.3-1) unstable; urgency=low
    
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    
    gnutls28 (3.2.2-2) unstable; urgency=low
    
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff 
    
    gnutls28 (3.2.2-1) unstable; urgency=low
    
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    
    gnutls28 (3.2.1-2) unstable; urgency=low
    
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    
    gnutls28 (3.2.1-1) experimental; urgency=low
    
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    
    gnutls28 (3.1.12-2) unstable; urgency=low
    
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    
    gnutls28 (3.1.12-1) experimental; urgency=low
    
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    
    gnutls28 (3.1.11-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.1.10-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
    
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    
    gnutls28 (3.1.8-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.1.7-1) experimental; urgency=low
    
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    
    gnutls28 (3.1.6-1) experimental; urgency=low
    
      * Update watchfile, based on Bart Martens version for gnutls26 on 
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF. 
    
    gnutls28 (3.1.5-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    
    gnutls28 (3.1.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    
    gnutls28 (3.1.3-1) experimental; urgency=low
    
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    
    gnutls28 (3.1.2-1) experimental; urgency=low
    
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    
    gnutls28 (3.1.1-1) experimental; urgency=low
    
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    
    gnutls28 (3.1.0-5) experimental; urgency=low
    
      * 43_possiblefix.diff might fix the test suite error.
    
    gnutls28 (3.1.0-4) experimental; urgency=low
    
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    
    gnutls28 (3.1.0-3) experimental; urgency=low
    
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    
    gnutls28 (3.1.0-2) experimental; urgency=low
    
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    
    gnutls28 (3.1.0-1) experimental; urgency=low
    
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    
    gnutls28 (3.0.22-2) unstable; urgency=low
    
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    
    gnutls28 (3.0.22-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.21-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    
    gnutls28 (3.0.20-3) unstable; urgency=low
    
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    
    gnutls28 (3.0.20-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.20-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    
    gnutls28 (3.0.19-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.19-1) experimental; urgency=low
    
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    
    gnutls28 (3.0.18-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.18-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    
    gnutls28 (3.0.17-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.17-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.15-2) experimental; urgency=low
    
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    
    gnutls28 (3.0.15-1) experimental; urgency=low
    
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    
    gnutls28 (3.0.14-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    
    gnutls28 (3.0.13-1) experimental; urgency=low
    
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    
    gnutls28 (3.0.12-2) unstable; urgency=low
    
      * De-multiarch guile-gnutls. Closes: #658110
    
    gnutls28 (3.0.12-1) unstable; urgency=low
    
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    
    gnutls28 (3.0.11-1) unstable; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.10-1) unstable; urgency=low
    
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    
    gnutls28 (3.0.9-2) unstable; urgency=low
    
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    
    gnutls28 (3.0.9-1) experimental; urgency=low
    
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    
    gnutls28 (3.0.8-2) unstable; urgency=low
    
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    
    gnutls28 (3.0.8-1) experimental; urgency=low
    
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.7-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    
    gnutls28 (3.0.4-2) experimental; urgency=low
    
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    
    gnutls28 (3.0.4-1) experimental; urgency=low
    
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    
    gnutls28 (3.0.3-1) experimental; urgency=low
    
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    
    gnutls28 (3.0.2-1) experimental; urgency=low
    
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    
    gnutls28 (3.0.1-1) experimental; urgency=low
    
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service. 
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    
    gnutls28 (3.0.0-2) experimental; urgency=low
    
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    
    gnutls28 (3.0.0-1) experimental; urgency=low
    
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    
    gnutls26 (2.12.7-4) unstable; urgency=low
    
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    
    gnutls26 (2.12.7-3) experimental; urgency=low
    
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.12.7-2) experimental; urgency=low
    
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with 
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    
    gnutls26 (2.12.7-1) experimental; urgency=low
    
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    
    gnutls26 (2.12.5-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    
    gnutls26 (2.12.4-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    
    gnutls26 (2.12.3-1) experimental; urgency=low
    
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    
    gnutls26 (2.12.2-2) experimental; urgency=low
    
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    
    gnutls26 (2.12.2-1) experimental; urgency=low
    
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    
    gnutls26 (2.12.1-1) experimental; urgency=low
    
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    
    gnutls26 (2.12.0-1) experimental; urgency=low
    
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    
    gnutls26 (2.11.7-2) experimental; urgency=low
    
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    
    gnutls26 (2.11.7-1) experimental; urgency=low
    
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    
    gnutls26 (2.11.6-2) experimental; urgency=low
    
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    
    gnutls26 (2.11.6-1) experimental; urgency=low
    
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.5-3) unstable; urgency=medium
    
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.10.5-2) unstable; urgency=low
    
      * Stop shipping libtool la files.
    
    gnutls26 (2.10.5-1) unstable; urgency=low
    
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.4-2) unstable; urgency=low
    
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    
    gnutls26 (2.10.4-1) experimental; urgency=low
    
      * New upstream release. V1 CAs are trusted by default.
    
    gnutls26 (2.10.3-1) experimental; urgency=low
    
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    
    gnutls26 (2.10.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    
    gnutls26 (2.10.1-1) experimental; urgency=low
    
      * Update package descriptions. Closes: #588067
      * New upstream version.
    
    gnutls26 (2.10.0-2) experimental; urgency=low
    
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    
    gnutls26 (2.10.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Point watchfile to stable releases.
    
    gnutls26 (2.9.12-2) experimental; urgency=low
    
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    
    gnutls26 (2.9.12-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.9.11-1) experimental; urgency=low
    
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    
    gnutls26 (2.9.10-2) experimental; urgency=low
    
      * [15_gnutlspriority.diff] Restore compatibility with programs using 
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    
    gnutls26 (2.9.10-1) experimental; urgency=low
    
      * New upstream version.
      * New functions added, bump shlibs.
    
    gnutls26 (2.9.9-1) experimental; urgency=low
    
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    
    gnutls26 (2.8.6-1) unstable; urgency=low
    
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us 
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    
    gnutls26 (2.8.5-2) unstable; urgency=low
    
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    
    gnutls26 (2.8.5-1) unstable; urgency=low
    
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    
    gnutls26 (2.8.4-2) unstable; urgency=high
    
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    
    gnutls26 (2.8.4-1) unstable; urgency=low
    
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    
    gnutls26 (2.8.3-3) unstable; urgency=low
    
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    
    gnutls26 (2.8.3-2) unstable; urgency=low
    
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    
    gnutls26 (2.8.3-1) unstable; urgency=high
    
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    
    gnutls26 (2.8.1-2) unstable; urgency=low
    
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    
    gnutls26 (2.8.1-1) experimental; urgency=low
    
      * New upstream stable release.
    
    gnutls26 (2.7.14-1) experimental; urgency=low
    
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    
    gnutls26 (2.7.12-1) experimental; urgency=low
    
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    
    gnutls26 (2.6.6-1) unstable; urgency=high
    
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    
    gnutls26 (2.6.5-1) unstable; urgency=low
    
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    
    gnutls26 (2.6.4-2) unstable; urgency=low
    
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    
    gnutls26 (2.6.4-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.6.3-1) experimental; urgency=low
    
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    
    gnutls26 (2.6.2-2) experimental; urgency=low
    
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    
    gnutls26 (2.6.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    
    gnutls26 (2.6.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    
    gnutls26 (2.5.9-1) experimental; urgency=low
    
      * New upstream development version.
      * Bump shlibs.
    
    gnutls26 (2.4.2-6) unstable; urgency=medium
    
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes. 
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    
    gnutls26 (2.4.2-5) unstable; urgency=low
    
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    
    gnutls26 (2.4.2-4) unstable; urgency=medium
    
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    
    gnutls26 (2.4.2-3) unstable; urgency=low
    
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    
    gnutls26 (2.4.2-2) unstable; urgency=medium
    
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    
    gnutls26 (2.4.2-1) unstable; urgency=low
    
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    
    gnutls26 (2.4.1-1) unstable; urgency=medium
    
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    
    gnutls26 (2.4.0-2) unstable; urgency=low
    
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    
    gnutls26 (2.4.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    
    gnutls26 (2.3.15-1) experimental; urgency=low
    
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    
    gnutls26 (2.3.14-1) experimental; urgency=low
    
      * New upstream version. (rc3)
    
    gnutls26 (2.3.13-1) experimental; urgency=low
    
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    
    gnutls26 (2.3.12-1) experimental; urgency=low
    
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    
    gnutls26 (2.3.11-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    
    gnutls26 (2.2.5-1) unstable; urgency=high
    
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    
    gnutls26 (2.3.9-1) experimental; urgency=low
    
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    
    gnutls26 (2.2.3-1) unstable; urgency=low
    
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    
    gnutls26 (2.2.2-1) unstable; urgency=low
    
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    
    gnutls26 (2.2.1-3) unstable; urgency=low
    
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    
    gnutls26 (2.2.1-2) unstable; urgency=low
    
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    
    gnutls26 (2.2.1-1) experimental; urgency=low
    
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    
    gnutls26 (2.2.0-1) experimental; urgency=low
    
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    
    gnutls26 (2.1.7-1) experimental; urgency=low
    
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    
    gnutls25 (2.1.6-2) experimental; urgency=low
    
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    
    gnutls25 (2.1.6-1) experimental; urgency=low
    
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    
    gnutls13 (2.0.1-1) unstable; urgency=low
    
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    
    gnutls13 (1.7.19-1) unstable; urgency=low
    
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    
    gnutls13 (1.7.18-2) unstable; urgency=low
    
      * Upload to unstable
    
    gnutls13 (1.7.18-1) experimental; urgency=low
    
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    
    gnutls13 (1.7.16-1) experimental; urgency=low
    
      * New upstream version 1.7.16.
    
    gnutls13 (1.7.14-1) experimental; urgency=low
    
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    
    gnutls13 (1.7.12-1) experimental; urgency=low
    
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    
    gnutls13 (1.7.9-1) experimental; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    
    gnutls13 (1.7.7-1) experimental; urgency=low
    
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    
    gnutls13 (1.6.3-1) unstable; urgency=low
    
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    
    gnutls13 (1.6.2-2) unstable; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    
    gnutls13 (1.6.2-1) unstable; urgency=low
    
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    
    gnutls13 (1.6.1-2) unstable; urgency=low
    
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    
    gnutls13 (1.6.1-1) experimental; urgency=low
    
      [ James Westby ]
      * New upstream release.
    
    gnutls13 (1.6.0-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls13 (1.5.3-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    
    gnutls13 (1.4.4-3) unstable; urgency=low
    
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    
    gnutls13 (1.4.4-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    
    gnutls13 (1.4.4-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    
    gnutls13 (1.4.3-2) unstable; urgency=low
    
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    
    gnutls13 (1.4.3-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    
    gnutls13 (1.4.2-1) unstable; urgency=medium
    
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    
    gnutls13 (1.4.1-1) unstable; urgency=low
    
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    
    gnutls13 (1.4.0-3) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    
    gnutls13 (1.4.0-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    
    gnutls13 (1.4.0-1) experimental; urgency=low
    
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    
    gnutls13 (1.3.5-1) unstable; urgency=low
    
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    
    gnutls12 (1.2.9-2) unstable; urgency=low
    
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    
    gnutls12 (1.2.9-1) unstable; urgency=low
    
      * New Upstream version.
    
    gnutls12 (1.2.8-1) unstable; urgency=low
    
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    
    gnutls12 (1.2.6-1) unstable; urgency=low
    
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    
    gnutls12 (1.2.5-3) unstable; urgency=high
    
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    
    gnutls12 (1.2.5-2) unstable; urgency=medium
    
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    
    gnutls12 (1.2.5-1) unstable; urgency=low
    
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    
    gnutls11 (1.0.19-1) experimental; urgency=low
    
      * Merged with the latest stable release.
    
    gnutls11 (1.0.16-13) unstable; urgency=high
    
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    
    gnutls11 (1.0.16-12) unstable; urgency=high
    
      * Fixed a segfault in certtool. Closes: #278361.
    
    gnutls11 (1.0.16-11) unstable; urgency=medium
    
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    
    gnutls11 (1.0.16-10) unstable; urgency=high
    
      * Fixed one instance of uninitialized memory usage.
    
    gnutls11 (1.0.16-9) unstable; urgency=high
    
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    
    gnutls11 (1.0.16-8) unstable; urgency=high
    
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    
    gnutls11 (1.0.16-7) unstable; urgency=low
    
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    
    gnutls11 (1.0.16-6) unstable; urgency=medium
    
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    
    gnutls11 (1.0.16-5) unstable; urgency=low
    
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    
    gnutls11 (1.0.16-4) unstable; urgency=low
    
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    
    gnutls11 (1.0.16-3) unstable; urgency=high
    
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    
    gnutls11 (1.0.16-2) unstable; urgency=high
    
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    
    gnutls11 (1.0.16-1) experimental; urgency=low
    
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    
    gnutls10 (1.0.4-4) unstable; urgency=low
    
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    
    gnutls10 (1.0.4-3) unstable; urgency=low
    
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    
    gnutls10 (1.0.4-2) unstable; urgency=low
    
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    
    gnutls10 (1.0.4-1) unstable; urgency=low
    
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:  
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    
    gnutls10 (1.0.0-1) unstable; urgency=low
    
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    
    gnutls8 (0.9.99-1) experimental; urgency=low
    
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    
    gnutls8 (0.9.98-1) experimental; urgency=low
    
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    
    gnutls8 (0.9.95-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls8 (0.9.94-1) experimental; urgency=low
    
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    66a52c6e
  • Ritesh Raj Sarraf's avatar
    Merge latest updates and security fixes from debian/xenial · 44a3316b
    Ritesh Raj Sarraf authored
    * debian/xenial:
      Import Debian changes 3.4.10-4ubuntu1.7
    Unverified
    44a3316b
  • Ritesh Raj Sarraf's avatar
  • Emanuele Aina's avatar
    e6fd63a4
  • Sebastien Bacher's avatar
    Import Ubuntu changes 3.4.10-4ubuntu1.8 · 7a7c3092
    Sebastien Bacher authored and Andrej Shadura's avatar Andrej Shadura committed
    gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium
    
      * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
        - add support for zero length  session tickets returned from the server,
          thanks Rod for the backport and testing! (lp: #1876286)
    Unverified
    7a7c3092
  • Andrej Shadura's avatar
  • Andrej Shadura's avatar
    Update the changelog · 4e36a7bf
    Andrej Shadura authored
    Unverified
    4e36a7bf
  • Andreas Metzler's avatar
    Import Debian changes 3.7.1-1 · 60452b47
    Andreas Metzler authored and Ariel D'Alessandro's avatar Ariel D'Alessandro committed
    gnutls28 (3.7.1-1) unstable; urgency=medium
    .
      * New upstream version
        Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
        extensions. GNUTLS-SA-2021-03-10.
      * Upload to unstable.
    .
    gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
    .
      * Fix autopkgtest skiplist.
    .
    gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
    .
      * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
        + Drop cherry-picked patches {48,49,50}_*.
        + Update copyright file.
    .
    gnutls28 (3.7.0-7) unstable; urgency=medium
    .
      * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
        50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
        50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
        master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
        (Thanks to Tim Kosse for the pointer) Closes: #980119
    .
    gnutls28 (3.7.0-6) unstable; urgency=medium
    .
      * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
        with merged version from upstream GIT master. Features a fix for an assert
        on connection to servers which send a duplicate chain including the
        self-signed CA. Closes: #980513
    .
    gnutls28 (3.7.0-5) unstable; urgency=low
    .
      * Update from upstream GIT master, replace patches, add new ones.
        + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added.
        + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
           --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
        + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
           --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
           Closes: #977552
        + 45_opensslcompat_no_export_gl.diff
           --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch.
        + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added.
      * Upload to unstable.
    .
    gnutls28 (3.7.0-4) experimental; urgency=medium
    .
      * Test build of fixes from
        https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and
        https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and
        #977552.
    .
    gnutls28 (3.7.0-3) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.7.0-2) experimental; urgency=low
    .
      * Fix guile-gnutls guile-x.x dependency.
      * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols.
    .
    gnutls28 (3.7.0-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 50_autopkgtestfixes.diff.
        + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher
          added).
        + Requires nettle >= 3.6.
      * [lintian] Use v4 watch file.
      * Add a symbol file for libgnutls-openssl27.
      * Use dh v13 compat, (Some fixes for dh_missing.)
    .
    gnutls28 (3.6.15-4) unstable; urgency=medium
    .
      * autopkgtest: Require build-essential.
      * autopkgtest: respect dpkg-buildflags for helper-binary build.
    .
    gnutls28 (3.6.15-3) unstable; urgency=medium
    .
      * More autopkgtest hotfixes.
    .
    gnutls28 (3.6.15-2) unstable; urgency=medium
    .
      * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
        installed gnutls-bin.
      * In autopkgtest set top_builddir and builddir, ignore
        tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
    .
    gnutls28 (3.6.15-1) unstable; urgency=low
    .
      * New upstream version.
        + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
          unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
          Closes: #969547
        + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
          50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
          50_03-gnutls_cipher_init-fix-potential-memleak.patch
          50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
        + Fix build error due to outdated gettext in Debian by removing newer
          gettext m4 macros from m4/.
    .
    gnutls28 (3.6.14-2) unstable; urgency=medium
    .
      * Pull selected patches from upstream GIT:
        + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
          Fixes difference in generated docs on 32 and 64 bit archs.
        + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
          50_03-gnutls_cipher_init-fix-potential-memleak.patch
          Fix memleak in gnutls_aead_cipher_init() with keys having invalid
          length. (Broken since 3.6.3)
        + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
          Closes: #962467
    .
    gnutls28 (3.6.14-1) unstable; urgency=high
    .
      * Drop debugging code added in -4, fixes nocheck profile build error.
        Closes: #962199
      * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
        debian/upstream/signing-key.asc.
      * New upstream version.
        + Fixes insecure session ticket key construction.
          [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
        + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
          51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
          51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
          51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
      * Drop guile-gnutls.lintian-overrides.
      * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
        AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
        IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
        Hopefully Closes: #962218
    .
    gnutls28 (3.6.13-4) unstable; urgency=medium
    .
      * Output some network related debugging from debian/rules.
      * Fix verification error with alternate chains. Closes: #961889
    .
    gnutls28 (3.6.13-3) unstable; urgency=medium
    .
      * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS
        master: Handle zero length session tickets, fixing connection errors on
        TLS1.2 sessions to some big hosting providers. (See LP 1876286)
    .
    gnutls28 (3.6.13-2) unstable; urgency=high
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.13-1) experimental; urgency=low
    .
      * New upstream version.
        + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
          support), since 3.6.3. The DTLS client would not contribute any
          randomness to the DTLS negotiation, breaking the security
          guarantees of the DTLS protocol
          GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556
      * Fix guile lintian override for shared-lib-without-dependency-information.
    .
    gnutls28 (3.6.12-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.12-1) experimental; urgency=low
    .
      [ Debian Janitor ]
      * Drop unnecessary dh arguments: --parallel
    .
      [ Andreas Metzler ]
      * Fix bindtextdomain() call and dgettext() invocations to search for the
        correct filename. (Thanks, Laurent Bigonville for report and diagnosis.)
        Closes: #949151
      * [lintian] Drop superfluous debian/source/include-binaries.
      * New upstream version.
        + Update symbol file.
        + Drop workaround for #658110, install guile shared objects to multi-arch
          paths.
    .
    gnutls28 (3.6.11.1-2) unstable; urgency=low
    .
      * Use dh 12 compat level.
        + Install gtk-doc files from as-installed location instead of builddir to
          avoid dh_missing warnings.
      * List *.la files in debian/not-installed.
      * Upload to unstable.
    .
    gnutls28 (3.6.11.1-1) experimental; urgency=low
    .
      * New upstream version.
        Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
        50_02-guile-Silence-auto-compilation-warning-for-guild.patch
      * Update symbol file (VKO GOST key exchange supported was added).
    .
    gnutls28 (3.6.10-5) unstable; urgency=medium
    .
      * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
        50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream
        GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!)
        Closes: #943905
    .
    gnutls28 (3.6.10-4) unstable; urgency=medium
    .
      * Add support for noguile build profile. See #943905.
    .
    gnutls28 (3.6.10-3) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.10-2) experimental; urgency=medium
    .
      * Switch b-d from texlive-generic-recommended to texlive-plain-generic.
        Closes: #941526
    .
    gnutls28 (3.6.10-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop i386-fix-wrong-reloc.patch and
          40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch.
        + Update symbol files.
        + Update copyright. Stop shipping a copy of the GNU Affero General Public
          License version 3. (pkcs11-mock.* is now under a different license.)
    .
    gnutls28 (3.6.9-7) experimental; urgency=low
    .
      * Fix copy-paste error (missing line) in libgnutls-dane0 description.
      * Re-add guile-gnutls, test-build (including testsuite) was successful.
        Closes: #905272
    .
    gnutls28 (3.6.9-6) experimental; urgency=low
    .
      * Test-build guile bindings.
    .
    gnutls28 (3.6.9-5) unstable; urgency=medium
    .
      * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
        GIT master: Fix interop problems with gnutls 2.x. Closes: #933538
    .
    gnutls28 (3.6.9-4) unstable; urgency=medium
    .
      * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
        assembly code. (Thanks, Steve Langasek for report and patch!)
        Closes: #934193
    .
    gnutls28 (3.6.9-3) unstable; urgency=medium
    .
      * autopkgtest: Skip system-override-sig-hash.sh.
    .
    gnutls28 (3.6.9-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.9-1) experimental; urgency=low
    .
      * New upstream version.
        + Update symbol file.
    .
    gnutls28 (3.6.8-2) unstable; urgency=low
    .
      * Use DH 11 compat again.
      * 3.6.8 builds with gcc-9. Closes: #925701
      * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
        Andres Klode) Closes: #930541
        See also https://gitlab.com/gnutls/gnutls/merge_requests/986
      * Upload to unstable.
    .
    gnutls28 (3.6.8-1) experimental; urgency=low
    .
      * New upstream version.
        + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended,
          texlive-latex-base.
        + Update symbol file.
    .
    gnutls28 (3.6.7-4) unstable; urgency=medium
    .
      * Cherry-pick important bug-fixes from 3.6.8:
        + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
          The gnutls_srp_set_server_credentials_function can be used with the 8192
          parameters as well.
          https://gitlab.com/gnutls/gnutls/issues/761
        + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
          Fix calculation of Streebog digests (incorrect carry operation in
          512 bit addition).
        + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
          Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
          Closes: #929907
        + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
          Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
          crafting via IDNA conversion.
          https://gitlab.com/gnutls/gnutls/issues/720
        + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
          Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
          gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
          flag.
          https://gitlab.com/gnutls/gnutls/issues/754
    .
    gnutls28 (3.6.7-3) unstable; urgency=medium
    .
      * Revert debhelper upgrade, use DH 10.
    .
    gnutls28 (3.6.7-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.7-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update AUTHOR list in copyright file.
        + Update symbol file.
        + Fixes issue preventing sending and receiving from different
          threads when false start was enabled. Closes: #922879
        + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477
        + Fixes a memory corruption (double free) vulnerability in the
          certificate verification API.
          https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
          GNUTLS-SA-2019-03-27
        + Fixes an invalid pointer access via malformed TLS1.3 async messages;
          https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
          GNUTLS-SA-2019-03-27
    .
    gnutls28 (3.6.6-3) unstable; urgency=low
    .
      * Add @ to autopkgtest's Depends.
      * Use DH 11 compat.
    .
    gnutls28 (3.6.6-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.6-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes certtool.1 syntax. Closes: #920215
        + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff.
        + Update symbol file for released version.
    .
    gnutls28 (3.6.5+git20190105-1) experimental; urgency=low
    .
      * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6.
        + Update symbol and copyright file.
      * Delete autogen stamp-files on clean to enforce regeneration.
    .
    gnutls28 (3.6.5-2) unstable; urgency=low
    .
      * Upload to unstable.
      * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1.
    .
    gnutls28 (3.6.5-1) experimental; urgency=medium
    .
      * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments.
      * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is
        now in oldstable.
      * New upstream version.
        + Requires nettle >= 3.4.1(rc).
        + List newly added symbols in symbol file. Bump generated dependencies to
          >= 3.6.5 since multiple enums have been extended.
        + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835
      * [lintian] Drop dh_strip override, stable has automatic debug packages.
    .
    gnutls28 (3.6.4-2) experimental; urgency=medium
    .
      * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.
    .
    gnutls28 (3.6.4-1) experimental; urgency=medium
    .
      * New upstream version.
      * Update symbol file.
      * Drop --enable-tls13-support configure option.
    .
    gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium
    .
      * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback
        detection for the draft-tls support, because it will be triggered once
        TLS versions with the final numbering are deployed. (Thanks, Nikos!)
    .
    gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium
    .
      * Set Rules-Requires-Root: no.
      * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41.
        + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch
        + Update symbol file.
    .
    gnutls28 (3.6.3-2) experimental; urgency=medium
    .
      * Update basic feature list in package descriptions, based on short
        description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3
        added.) Closes: #904681
      * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes
        cherrypicked by Nikos for Fedora rawhide.
    .
    gnutls28 (3.6.3-1) experimental; urgency=medium
    .
      * New upstream version.
      * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
    .
    gnutls28 (3.6.2+git20180714-1) experimental; urgency=low
    .
      * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94.
        + SSL 3.0 disabled by default at compile-time.
      * Bump symbol dependency info.
    .
    gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium
    .
      * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e.
      * Drop 40_add_missingm4.diff.
      * Bump symbol dependency info.
      * For testing build with --enable-tls13-support.
    .
    gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium
    .
      * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
    .
    gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium
    .
      * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762.
      * Drop superfluous patches:
        + 40_increase_srp_test_timeout.diff
        + 50_mark_tests_xfail.diff
        + 52_fix_testcompat-main-openssl.diff
      * Add new functions to symbol file.
      * Many enums/flags extended, be conservative and bump sympol dependency
        info.
      * Bump libgnutlsxx28 shlibs.
      * Bump (b-)d on nettle-dev and libp11-kit-dev.
    .
    gnutls28 (3.6.2-3) experimental; urgency=low
    .
      * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix
        FTBFS with softhsm 2.4.0.
      * [lintian] Delete trailing empty lines in changelog.
      * 52_fix_testcompat-main-openssl.diff: Allow running test successfully
        and against binaries from installed gnutls-bin package.
      * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et
        al) of the upstream testsuite.
    .
    gnutls28 (3.6.2-2) experimental; urgency=low
    .
      * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test
        The new srp-8192 test failed on slow archs (mips/mipsel).
      * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and
        build-depends-on-1-revision.
      * Point Vcs-* to salsa.
      * Sort Build-Depends alphabetically.
    .
    gnutls28 (3.6.2-1) experimental; urgency=low
    .
      * (Build-)depend on libidn2-dev instead of transitional package
        libidn2-0-dev. Closes: #883187
      * Point homepage field and watchfile to https URL.
      * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to
        debian/upstream/signing-key.asc (and stop uscan from doing so on every
        invocation).
      * Refresh upstream key, adding signing subkey
        A812CBFDFCDC4D0BE7A093129D5EAAF69013B842.
      * New upstream version.
        + When verifying against a self signed certificate ignore issuer. That
          is, ignore issuer when checking the issuer's parameters strength,
          resolving issue #347 which caused self signed certificates to be
          additionally marked as of insufficient security level.
          Closes: #885127
        + Bump shlibs/symbol files for newly added symbols.
      * [lintian] Clean up trailing whitespace in debian/changelog.
      * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard
        -> optional).
      * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from
        build-depends. Stop specifying --parallel --with autoreconf.
    .
    gnutls28 (3.6.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop 35_modernize_gtkdoc.diff.
        + Fixes interoperability issue with openssl when safe renegotiation was
          used. Closes: #873055
        + Update symbol file.
    .
    gnutls28 (3.6.0-2) experimental; urgency=medium
    .
      * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
        support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
        from gtk-doc git head (that is 1.26 +
        c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
        Closes: #876587
    .
    gnutls28 (3.6.0-1) experimental; urgency=low
    .
      * New upstream version.
        + Multiple enums listing function flags have been extended, new
          algorithms have been added. Bump dependency info on all symbols in
          main GnuTLS library to >= 3.6.0, to make sure the versioning is
          strict enough.
        + Drop (build-)dependency on zlib1g-dev.
        + Update copyright info.
        + Calls to gnutls_record_send() and gnutls_record_recv()
          prior to handshake being complete are now refused. Closes: #849807
       * Drop --without-lzo from ./configure, it has been a noop for a long time.
       * Build in private directory, using "dh --builddirectory=b4deb".
    .
    gnutls28 (3.5.19-1) unstable; urgency=low
    .
      * New upstream version.
        + Drop 35_modernize_gtkdoc.diff.
    .
    gnutls28 (3.5.18-1) unstable; urgency=medium
    .
      * New upstream version.
      * Refresh upstream key, adding new signing subkey. Move to ascii armored
        keyring.
    .
    gnutls28 (3.5.17-1) unstable; urgency=low
    .
      * New upstream version.
        + When verifying against a self signed certificate ignore issuer. That
          is, ignore issuer when checking the issuer's parameters strength,
          resolving issue #347 which caused self signed certificates to be
          additionally marked as of insufficient security level.
          Closes: #885127
    .
    gnutls28 (3.5.16-1) unstable; urgency=medium
    .
      * New upstream version.
        + Fixes interoperability issue with openssl when safe renegotiation was
          used. Closes: #873055
      * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
        support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
        from gtk-doc git head (that is 1.26 +
        c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
        Closes: #876587
    .
    gnutls28 (3.5.15-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.15-1) experimental; urgency=medium
    .
      * New upstream version. Drop unneeded patches.
        (31_arm64ilp32-unaccelerated.patch
        35_record-added-sanity-checking-in-the-record-layer-ver.patch
        36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch)
    .
    gnutls28 (3.5.14-3) unstable; urgency=low
    .
      * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from
        upstream  gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an
        already terminated or deinitialized session. Closes: #867303
      * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from
        upstream  gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting
        to accessing past the input data.
      * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly
        code on arm64ilp32 to fix FTBFS. Closes: #872454
      * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for
        the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8.
      * Standards-Version 4.0.1, update priorities (extra->optional).
    .
    gnutls28 (3.5.14-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.14-1) experimental; urgency=low
    .
      [ Dan Nicholson ]
      * Build with --disable-rpath. Closes: #865674
    .
      [ Andreas Metzler ]
      * New upstream version.
      * Build against external libunistring.
    .
    gnutls28 (3.5.13-2) unstable; urgency=medium
    .
      * Upload to unstable, merge changelogs.
    .
    gnutls28 (3.5.13-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch.
        + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer
          dereference. #864560
    .
    gnutls28 (3.5.12-2) experimental; urgency=medium
    .
      * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct
        typo preventing the run of openpgp test.
      * Stop disabling heartbeat support. Closes: #861193
    .
    gnutls28 (3.5.12-1) experimental; urgency=medium
    .
      * New upstream version.
      * Bump dep info on gnutls_session_ext_register.
    .
    gnutls28 (3.5.11-1) experimental; urgency=medium
    .
      * New upstream version.
      * gnutls.pc: do not include libtool options into Libs.private.
        Closes: #857943
      * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and
        Libs.private. (LP: #1660915)
      * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
        which includes TLS1.2 support. Closes: #857436
      * Add b-d on ca-certificates, needed for trust-store check.
    .
    gnutls28 (3.5.10-1) experimental; urgency=medium
    .
      * New upstream version.
        + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888
        + Includes fixes for GNUTLS-SA-2017-3[ABC].
        + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct
          and gnutls_ocsp_resp_verify which now accept (more) flags.
    .
    gnutls28 (3.5.9-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop debian/patches/35_0*.
        + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map.
      * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of
        libidn11-dev.
    .
    gnutls28 (3.5.8-6) unstable; urgency=high
    .
      * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
        well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
        Closes: #864560
    .
    gnutls28 (3.5.8-5) unstable; urgency=medium
    .
      * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
        in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
      * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
        Addressed large allocation in OpenPGP certificate parsing, that could lead
        in out-of-memory condition. Issue found using oss-fuzz project, and was
        fixed by Alex Gaynor.
        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
        [GNUTLS-SA-2017-3C]
    .
    gnutls28 (3.5.8-4) unstable; urgency=medium
    .
      * More upstream fixes from gnutls_3_5_x branch:
        + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
          overflow resulting to invalid memory write in OpenPGP certificate
          parsing.  Issue found using oss-fuzz project:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
          [GNUTLS-SA-2017-3A]
        + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
          1 byte past the end of buffer in OpenPGP certificate parsing. Issue
          found using oss-fuzz project:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
        + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
          Addressed crashes in OpenPGP certificate parsing, related to private key
          parser. No longer allow OpenPGP certificates (public keys) to contain
          private key sub-packets. Issue found using oss-fuzz project:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
          [GNUTLS-SA-2017-3B]
    .
    gnutls28 (3.5.8-3) unstable; urgency=high
    .
      * Another two bugfixes from upstream.
       + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
         Address test suite failure due to timezone differences.
         Closes: #853732
       + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
         When returning success, but no elements
         gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
         elements with a pointer that was uninitialized.
    .
    gnutls28 (3.5.8-2) unstable; urgency=medium
    .
      * Pull two fixes from upstream GIT gnutls_3_5_x branch
        35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
        35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.
    .
    gnutls28 (3.5.8-1) unstable; urgency=medium
    .
      * New upstream release.
      * Upload to unstable.
    .
    gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium
    .
      * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
        upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
        tests/key-tests/key-invalid.)
        + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
          35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
        + libgnutls: Fix double free in certificate information printing. If the
          PKIX extension proxy was set with a policy language set but no policy
          specified, that could lead to a double free. GNUTLS-SA-2017-1
          CVE-2017-5334
        + libgnutls: Addressed invalid memory accesses in OpenPGP certificate
          parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
          CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
    .
    gnutls28 (3.5.7-3) unstable; urgency=medium
    .
      * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
        35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
        upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
        by PKCS#8 decryption functions when an invalid key is provided. This
        addresses regression on decrypting certain PKCS#8 keys.
        Closes: #848905
    .
    gnutls28 (3.5.7-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.7-1) experimental; urgency=low
    .
      * New upstream version.
      * Drop unneeded patches.
        40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
        40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
        41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
        41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
        41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
        41_04_cleanups-in-_gnutls_buffer_to_datum.patch
        41_05_x509-output-use-the-new-functions-for-DN-output.patch
        41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
        41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
      * Add missing dependency of libgnutls28-dev on libgnutls-dane0.
      * Update symbol file. (Add new symbols, bump dependency on functions that
        might return new error codes.)
      * Build with --with-included-unistring, Debian's libunistring package is
        too old (non dual-licensed).
    .
    gnutls28 (3.5.6-7) unstable; urgency=low
    .
      * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
        for dns-root-data to libgnutls-dane0.
      * Upload to unstable.
    .
    gnutls28 (3.5.6-6) experimental; urgency=medium
    .
      * Pull a patch set from upstream GIT which reverts the DN sorting change in
        3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
        Closes: #844539
        41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
        41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
        41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
        41_04_cleanups-in-_gnutls_buffer_to_datum.patch
        41_05_x509-output-use-the-new-functions-for-DN-output.patch
        41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
        41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
      * Update symbol file.
    .
    gnutls28 (3.5.6-5) experimental; urgency=low
    .
      * Merge changes from unstable.
    .
    gnutls28 (3.5.6-4) unstable; urgency=medium
    .
      * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
       40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from
       upstream git master. The latter fixes a gnutls-cli-debug segfault.
       Closes: #844061
    .
    gnutls28 (3.5.6-3) experimental; urgency=low
    .
      * Package libgnutls-dane, as libunbound is now built against nettle instead
        of OpenSSL. Closes: #733295
    .
    gnutls28 (3.5.6-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are
        longer than 32-bits. (Upstream GIT commit
        fcdb461e935dbdc0892241a35be7499116f22a67).
    .
    gnutls28 (3.5.6-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff
          41_Reverted-the-behavior-of-sending-a-status-request-ex.patch).
        + Update symbol file.
    .
    gnutls28 (3.5.5-6) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.5-5) experimental; urgency=medium
    .
      * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from
        https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility
        issue with GnuTLS 3.3 clients. Closes: #841723
      * Bump symbol dependency info for multiple
        gnutls_certificate_(set|get)_*_key* functions. If
        %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a
        non-negative return code on success instead of 0 for success and negative
        numbers for failure.
      * Add b-d on openssl (for testsuite).
    .
    gnutls28 (3.5.5-4) unstable; urgency=medium
    .
      * Upload to unstable.
      * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch.
    .
    gnutls28 (3.5.5-3) experimental; urgency=medium
    .
      * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced
        in 3.5.5.
    .
    gnutls28 (3.5.5-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.5-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update symbol file.
    .
    gnutls28 (3.5.4-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.4-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches:
          35_gnutls-cli-print-Handshake-was-completed.patch
          36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
          37_openssl-format-fix-from-openconnect.patch
          39_ocsptool-corrected-bug-in-session-establishment.patch
          40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
          45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
          45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
          45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
          45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
        + Update symbol file.
      * Add b-d on softhsm2 for pkcs11 tests.
    .
    gnutls28 (3.5.3-5) experimental; urgency=medium
    .
      * Pull DTLS fixes from upstream GIT master.
        45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
        45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
        45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
        45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
        Closes: #835587
    .
    gnutls28 (3.5.3-4) unstable; urgency=high
    .
      * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of
        ocsptool --ask ... Closes: #836371
      * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP
        certificate check doesn't actually verify the serial length and might
        succeed when it shouldn't. CVE-2016-7444
    .
    gnutls28 (3.5.3-3) unstable; urgency=medium
    .
      * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake
        was completed', fixing emacs' lisp/net/tls.el. Closes: #834516
      * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
        gnutls-cli STARTTLS support was broken in 3.5.3.
      * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of
        OpenSSL encrypted PEM files.
    .
    gnutls28 (3.5.3-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.3-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update libgnutls30.symbols.
        + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to
          apply it in the previous upload anyway.)
        + Add b-d on libcmocka-dev (marked with <!nocheck>).
    .
    gnutls28 (3.5.2-3) experimental; urgency=medium
    .
      * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch
        from upstream GIT, which should allow gnutls continue to work with
        CVE-2016-6489-patched nettle.
    .
    gnutls28 (3.5.2-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.2-1) experimental; urgency=low
    .
      * New upstream version.
      * Add libssl-dev b-d (marked with <!nocheck>), which can be used in
        testsuite.
    .
    gnutls28 (3.5.1-1) experimental; urgency=medium
    .
      * Merge from unstable:
        + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
          have been dropped with the soname bump from libgnutls-deb0-28 to
          libgnutls30 in the first place. (Thanks, Andreas Beckmann)
          Closes: #825645
        + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via
          the <!nocheck> profile.
      * New upstream version.
        + Drop 40_openssl_compat-removed-unneeded-headers.patch.
        + Install README.md instead of README.
        + Update symbol file.
    .
    gnutls28 (3.5.0-1) experimental; urgency=medium
    .
      * New upstream release.
        + Drop unneeded patches:
          40_src-added-systemkey-args-to-BUILT_SOURCES.patch
          45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
          45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
          45_03_configure-corrected-regression-which-prevented-the-b.patch
          45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch
       * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT
         to fix FTBFS in openssl wrapper.
       * crywrap is not shipped with GnuTLS anymore.
       * Update copyright info, ship copy of the GNU Affero General Public
         License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of
         the testsuite use this license.
       * Update symbol file:
         + Add new functions.
         + Multiple core enums (including gnutls_init_flags_t) have been extended,
           and most gnutls users will invoke at least one function affected by
           this change. Bump symbol dependency info to >= 3.5.0 for all symbols,
           because we would end up with this dependency anyway.
    .
    gnutls28 (3.4.14-1) unstable; urgency=medium
    .
      * Also mark b-d on net-tools/freebsd-net-tools as optional via the
        <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and
        patch). Closes: #826693
      * New upstream bugfix release. This includes the following fix:
        + libgnutls: Address issue when utilizing the p11-kit trust store
          for certificate verification (GNUTLS-SA-2016-2).
        The issue is not relevant for the Debian binary packages, since we do not
        build with --with-default-trust-store-pkcs11=.
    .
    gnutls28 (3.4.13-1) unstable; urgency=high
    .
      * New upstream bugfix release.
        + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was
          introduced in 3.4.12.
        + Testsuite requires netstat, add b-d.
    .
    gnutls28 (3.4.12-2) unstable; urgency=medium
    .
      * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
        have been dropped with the soname bump from libgnutls-deb0-28 to
        libgnutls30 in the first place. (Thanks, Andreas Beckmann)
        Closes: #825645
    .
    gnutls28 (3.4.12-1) unstable; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches.
          (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
          45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
          45_03_configure-corrected-regression-which-prevented-the-b.patch
          45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
        + Update copyright info, ship copy of the GNU Affero General Public
          License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files
          of the testsuite use this license.
    .
    gnutls28 (3.4.11-4) unstable; urgency=medium
    .
      * Drop guile-gnutls package, testsuite errors have stayed unfixed too long.
        Closes: #821457, #805863
    .
    gnutls28 (3.4.11-3) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.4.11-2) experimental; urgency=medium
    .
      * Pull post-release fixes from upstream gnutls_3_4_x branch.
        (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
        45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
        45_03_configure-corrected-regression-which-prevented-the-b.patch
        45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
    .
    gnutls28 (3.4.11-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches.
          (41_tests-mini-loss-time-ensure-client-timeouts.diff
          42_mini-loss-time-improved-timeout-detection.patch
          43_fix_cpucapoverride.diff)
      * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is
        not installed/built anymore. Update gnutls-doc file list.
      * Enable hardening=+bindnow.
    .
    gnutls28 (3.4.10-4) unstable; urgency=medium
    .
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    .
    gnutls28 (3.4.10-3) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.4.10-2) experimental; urgency=medium
    .
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    .
    gnutls28 (3.4.10-1) experimental; urgency=medium
    .
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    .
    gnutls28 (3.4.9-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.4.9-1) experimental; urgency=medium
    .
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    .
    gnutls28 (3.4.8-3) unstable; urgency=medium
    .
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    .
    gnutls28 (3.4.8-2) unstable; urgency=medium
    .
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    .
    gnutls28 (3.4.8-1) experimental; urgency=medium
    .
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    .
    gnutls28 (3.4.7-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update symbol file.
    .
    gnutls28 (3.4.6-1) experimental; urgency=medium
    .
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    .
    gnutls28 (3.4.5-1) experimental; urgency=medium
    .
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    .
      [ Andreas Metzler ]
      * New upstream version.
    .
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    .
    gnutls28 (3.4.3-1) experimental; urgency=medium
    .
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    .
    gnutls28 (3.4.2-2) experimental; urgency=medium
    .
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    .
    gnutls28 (3.4.2-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    .
    gnutls28 (3.4.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    .
    gnutls28 (3.3.20-1) unstable; urgency=medium
    .
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    .
    gnutls28 (3.3.19-1) unstable; urgency=medium
    .
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    .
    gnutls28 (3.3.18-1) unstable; urgency=medium
    .
      * New upstream version.
    .
    gnutls28 (3.3.17-1) unstable; urgency=medium
    .
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    .
    gnutls28 (3.3.16-2) unstable; urgency=medium
    .
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    .
    gnutls28 (3.3.16-1) unstable; urgency=medium
    .
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    .
    gnutls28 (3.3.15-7) unstable; urgency=medium
    .
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    .
    gnutls28 (3.3.15-6) unstable; urgency=high
    .
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    .
    gnutls28 (3.3.15-5) unstable; urgency=medium
    .
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    .
    gnutls28 (3.3.15-4) experimental; urgency=medium
    .
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    .
    gnutls28 (3.3.15-3) experimental; urgency=medium
    .
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    .
    gnutls28 (3.3.15-2) unstable; urgency=medium
    .
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    .
    gnutls28 (3.3.15-1) unstable; urgency=medium
    .
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    .
    gnutls28 (3.3.14-3) experimental; urgency=medium
    .
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    .
    gnutls28 (3.3.14-2) unstable; urgency=medium
    .
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    .
    gnutls28 (3.3.14-1) experimental; urgency=medium
    .
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    .
    gnutls28 (3.3.13-1) experimental; urgency=medium
    .
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    .
    gnutls28 (3.3.12-1) experimental; urgency=medium
    .
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    .
    gnutls28 (3.3.11-1) experimental; urgency=medium
    .
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    .
    gnutls28 (3.3.10-2) experimental; urgency=medium
    .
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    .
    gnutls28 (3.3.10-1) experimental; urgency=medium
    .
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    .
    gnutls28 (3.3.9-1) experimental; urgency=medium
    .
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    .
    gnutls28 (3.3.8-7) unstable; urgency=medium
    .
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    .
    gnutls28 (3.3.8-6) unstable; urgency=medium
    .
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    .
    gnutls28 (3.3.8-5) unstable; urgency=medium
    .
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    .
    gnutls28 (3.3.8-4) unstable; urgency=high
    .
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    .
    gnutls28 (3.3.8-3) unstable; urgency=high
    .
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    .
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    .
    gnutls28 (3.3.8-2) unstable; urgency=medium
    .
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    .
    gnutls28 (3.3.8-1) experimental; urgency=medium
    .
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    .
    gnutls28 (3.3.7-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.3.7-1) experimental; urgency=medium
    .
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    .
    gnutls28 (3.3.6-2) unstable; urgency=medium
    .
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    .
    gnutls28 (3.3.6-1) experimental; urgency=medium
    .
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    .
    gnutls28 (3.3.5-1) experimental; urgency=medium
    .
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    .
    gnutls28 (3.3.3-1) experimental; urgency=medium
    .
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    .
    gnutls28 (3.3.2-2) experimental; urgency=high
    .
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    .
    gnutls28 (3.3.2-1) experimental; urgency=medium
    .
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    .
    gnutls28 (3.3.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    .
    gnutls28 (3.3.0-2) experimental; urgency=medium
    .
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    .
    gnutls28 (3.3.0-1) experimental; urgency=medium
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    .
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    .
    gnutls28 (3.2.16-1) unstable; urgency=medium
    .
      * New upstream version.
    .
    gnutls28 (3.2.15-3) unstable; urgency=medium
    .
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    .
    gnutls28 (3.2.15-2) unstable; urgency=high
    .
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    .
    gnutls28 (3.2.15-1) unstable; urgency=high
    .
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    .
    gnutls28 (3.2.14-1) unstable; urgency=medium
    .
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    .
    gnutls28 (3.2.13-2) unstable; urgency=medium
    .
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    .
    gnutls28 (3.2.13-1) unstable; urgency=medium
    .
      * Also version the p11-kit dependency.
      * New upstream version.
    .
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    .
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    .
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches:
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    .
    gnutls28 (3.2.11-2) unstable; urgency=high
    .
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    .
    gnutls28 (3.2.11-1) unstable; urgency=high
    .
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    .
    gnutls28 (3.2.10-2) unstable; urgency=high
    .
      * Upload to unstable.
    .
    gnutls28 (3.2.10-1) experimental; urgency=high
    .
      * New upstream version.
      * New symbols exported, bump shlibs.
    .
    gnutls28 (3.2.9-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.2.9-1) experimental; urgency=medium
    .
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    .
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    .
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    .
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    .
      * Upload to unstable, without libgnutls-openssl27.
    .
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    .
    gnutls28 (3.2.7-4) experimental; urgency=low
    .
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    .
    gnutls28 (3.2.7-3) unstable; urgency=low
    .
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    .
    gnutls28 (3.2.7-2) experimental; urgency=low
    .
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    .
    gnutls28 (3.2.7-1) experimental; urgency=low
    .
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    .
    gnutls28 (3.2.6-2) experimental; urgency=low
    .
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    .
    gnutls28 (3.2.6-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.2.5-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    .
    gnutls28 (3.2.4-5) experimental; urgency=low
    .
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    .
    gnutls28 (3.2.4-4) unstable; urgency=low
    .
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    .
    gnutls28 (3.2.4-3) unstable; urgency=low
    .
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    .
    gnutls28 (3.2.4-2) unstable; urgency=low
    .
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    .
    gnutls28 (3.2.4-1) experimental; urgency=low
    .
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    .
    gnutls28 (3.2.3-3) experimental; urgency=low
    .
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    .
    gnutls28 (3.2.3-2) experimental; urgency=low
    .
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    .
    gnutls28 (3.2.3-1) unstable; urgency=low
    .
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    .
    gnutls28 (3.2.2-2) unstable; urgency=low
    .
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff
    .
    gnutls28 (3.2.2-1) unstable; urgency=low
    .
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    .
    gnutls28 (3.2.1-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    .
    gnutls28 (3.2.1-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    .
    gnutls28 (3.1.12-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    .
    gnutls28 (3.1.12-1) experimental; urgency=low
    .
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    .
    gnutls28 (3.1.11-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.1.10-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs.
    .
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    .
    gnutls28 (3.1.8-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls28 (3.1.7-1) experimental; urgency=low
    .
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    .
    gnutls28 (3.1.6-1) experimental; urgency=low
    .
      * Update watchfile, based on Bart Martens version for gnutls26 on
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF.
    .
    gnutls28 (3.1.5-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    .
    gnutls28 (3.1.4-1) experimental; urgency=low
    .
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    .
    gnutls28 (3.1.3-1) experimental; urgency=low
    .
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    .
    gnutls28 (3.1.2-1) experimental; urgency=low
    .
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    .
    gnutls28 (3.1.1-1) experimental; urgency=low
    .
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    .
    gnutls28 (3.1.0-5) experimental; urgency=low
    .
      * 43_possiblefix.diff might fix the test suite error.
    .
    gnutls28 (3.1.0-4) experimental; urgency=low
    .
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    .
    gnutls28 (3.1.0-3) experimental; urgency=low
    .
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    .
    gnutls28 (3.1.0-2) experimental; urgency=low
    .
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    .
    gnutls28 (3.1.0-1) experimental; urgency=low
    .
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    .
    gnutls28 (3.0.22-2) unstable; urgency=low
    .
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    .
    gnutls28 (3.0.22-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls28 (3.0.21-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    .
    gnutls28 (3.0.20-3) unstable; urgency=low
    .
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    .
    gnutls28 (3.0.20-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.20-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    .
    gnutls28 (3.0.19-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.19-1) experimental; urgency=low
    .
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    .
    gnutls28 (3.0.18-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.18-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    .
    gnutls28 (3.0.17-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.17-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.0.15-2) experimental; urgency=low
    .
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    .
    gnutls28 (3.0.15-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch,
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    .
    gnutls28 (3.0.14-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    .
    gnutls28 (3.0.13-1) experimental; urgency=low
    .
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    .
    gnutls28 (3.0.12-2) unstable; urgency=low
    .
      * De-multiarch guile-gnutls. Closes: #658110
    .
    gnutls28 (3.0.12-1) unstable; urgency=low
    .
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    .
    gnutls28 (3.0.11-1) unstable; urgency=low
    .
      * New upstream version.
    .
    gnutls28 (3.0.10-1) unstable; urgency=low
    .
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    .
    gnutls28 (3.0.9-2) unstable; urgency=low
    .
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    .
    gnutls28 (3.0.9-1) experimental; urgency=low
    .
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    .
    gnutls28 (3.0.8-2) unstable; urgency=low
    .
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    .
    gnutls28 (3.0.8-1) experimental; urgency=low
    .
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.0.7-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    .
    gnutls28 (3.0.4-2) experimental; urgency=low
    .
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    .
    gnutls28 (3.0.4-1) experimental; urgency=low
    .
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    .
    gnutls28 (3.0.3-1) experimental; urgency=low
    .
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    .
    gnutls28 (3.0.2-1) experimental; urgency=low
    .
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    .
    gnutls28 (3.0.1-1) experimental; urgency=low
    .
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service.
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    .
    gnutls28 (3.0.0-2) experimental; urgency=low
    .
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    .
    gnutls28 (3.0.0-1) experimental; urgency=low
    .
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    .
    gnutls26 (2.12.7-4) unstable; urgency=low
    .
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    .
    gnutls26 (2.12.7-3) experimental; urgency=low
    .
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    .
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    .
    gnutls26 (2.12.7-2) experimental; urgency=low
    .
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    .
    gnutls26 (2.12.7-1) experimental; urgency=low
    .
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    .
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    .
    gnutls26 (2.12.5-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    .
    gnutls26 (2.12.4-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    .
    gnutls26 (2.12.3-1) experimental; urgency=low
    .
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    .
    gnutls26 (2.12.2-2) experimental; urgency=low
    .
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    .
    gnutls26 (2.12.2-1) experimental; urgency=low
    .
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    .
    gnutls26 (2.12.1-1) experimental; urgency=low
    .
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    .
    gnutls26 (2.12.0-1) experimental; urgency=low
    .
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    .
    gnutls26 (2.11.7-2) experimental; urgency=low
    .
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    .
    gnutls26 (2.11.7-1) experimental; urgency=low
    .
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    .
    gnutls26 (2.11.6-2) experimental; urgency=low
    .
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    .
    gnutls26 (2.11.6-1) experimental; urgency=low
    .
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    .
    gnutls26 (2.10.5-3) unstable; urgency=medium
    .
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    .
    gnutls26 (2.10.5-2) unstable; urgency=low
    .
      * Stop shipping libtool la files.
    .
    gnutls26 (2.10.5-1) unstable; urgency=low
    .
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    .
    gnutls26 (2.10.4-2) unstable; urgency=low
    .
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    .
    gnutls26 (2.10.4-1) experimental; urgency=low
    .
      * New upstream release. V1 CAs are trusted by default.
    .
    gnutls26 (2.10.3-1) experimental; urgency=low
    .
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    .
    gnutls26 (2.10.2-1) experimental; urgency=low
    .
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    .
    gnutls26 (2.10.1-1) experimental; urgency=low
    .
      * Update package descriptions. Closes: #588067
      * New upstream version.
    .
    gnutls26 (2.10.0-2) experimental; urgency=low
    .
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1),
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    .
    gnutls26 (2.10.0-1) experimental; urgency=low
    .
      * New upstream stable release.
      * Point watchfile to stable releases.
    .
    gnutls26 (2.9.12-2) experimental; urgency=low
    .
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    .
    gnutls26 (2.9.12-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls26 (2.9.11-1) experimental; urgency=low
    .
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    .
    gnutls26 (2.9.10-2) experimental; urgency=low
    .
      * [15_gnutlspriority.diff] Restore compatibility with programs using
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    .
    gnutls26 (2.9.10-1) experimental; urgency=low
    .
      * New upstream version.
      * New functions added, bump shlibs.
    .
    gnutls26 (2.9.9-1) experimental; urgency=low
    .
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    .
    gnutls26 (2.8.6-1) unstable; urgency=low
    .
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    .
    gnutls26 (2.8.5-2) unstable; urgency=low
    .
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    .
    gnutls26 (2.8.5-1) unstable; urgency=low
    .
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    .
    gnutls26 (2.8.4-2) unstable; urgency=high
    .
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    .
    gnutls26 (2.8.4-1) unstable; urgency=low
    .
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    .
    gnutls26 (2.8.3-3) unstable; urgency=low
    .
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    .
    gnutls26 (2.8.3-2) unstable; urgency=low
    .
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    .
    gnutls26 (2.8.3-1) unstable; urgency=high
    .
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    .
    gnutls26 (2.8.1-2) unstable; urgency=low
    .
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    .
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    .
    gnutls26 (2.8.1-1) experimental; urgency=low
    .
      * New upstream stable release.
    .
    gnutls26 (2.7.14-1) experimental; urgency=low
    .
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    .
    gnutls26 (2.7.12-1) experimental; urgency=low
    .
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    .
    gnutls26 (2.6.6-1) unstable; urgency=high
    .
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    .
    gnutls26 (2.6.5-1) unstable; urgency=low
    .
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    .
    gnutls26 (2.6.4-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    .
    gnutls26 (2.6.4-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls26 (2.6.3-1) experimental; urgency=low
    .
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    .
    gnutls26 (2.6.2-2) experimental; urgency=low
    .
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    .
    gnutls26 (2.6.2-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    .
    gnutls26 (2.6.0-1) experimental; urgency=low
    .
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    .
    gnutls26 (2.5.9-1) experimental; urgency=low
    .
      * New upstream development version.
      * Bump shlibs.
    .
    gnutls26 (2.4.2-6) unstable; urgency=medium
    .
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes.
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    .
    gnutls26 (2.4.2-5) unstable; urgency=low
    .
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    .
    gnutls26 (2.4.2-4) unstable; urgency=medium
    .
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    .
    gnutls26 (2.4.2-3) unstable; urgency=low
    .
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    .
    gnutls26 (2.4.2-2) unstable; urgency=medium
    .
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    .
    gnutls26 (2.4.2-1) unstable; urgency=low
    .
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    .
    gnutls26 (2.4.1-1) unstable; urgency=medium
    .
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    .
    gnutls26 (2.4.0-2) unstable; urgency=low
    .
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    .
    gnutls26 (2.4.0-1) experimental; urgency=low
    .
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    .
    gnutls26 (2.3.15-1) experimental; urgency=low
    .
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    .
    gnutls26 (2.3.14-1) experimental; urgency=low
    .
      * New upstream version. (rc3)
    .
    gnutls26 (2.3.13-1) experimental; urgency=low
    .
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    .
    gnutls26 (2.3.12-1) experimental; urgency=low
    .
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    .
    gnutls26 (2.3.11-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    .
    gnutls26 (2.2.5-1) unstable; urgency=high
    .
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    .
    gnutls26 (2.3.9-1) experimental; urgency=low
    .
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    .
    gnutls26 (2.2.3-1) unstable; urgency=low
    .
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    .
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    .
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    .
    gnutls26 (2.2.2-1) unstable; urgency=low
    .
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    .
    gnutls26 (2.2.1-3) unstable; urgency=low
    .
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    .
    gnutls26 (2.2.1-2) unstable; urgency=low
    .
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    .
    gnutls26 (2.2.1-1) experimental; urgency=low
    .
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    .
    gnutls26 (2.2.0-1) experimental; urgency=low
    .
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    .
    gnutls26 (2.1.7-1) experimental; urgency=low
    .
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    .
    gnutls25 (2.1.6-2) experimental; urgency=low
    .
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    .
    gnutls25 (2.1.6-1) experimental; urgency=low
    .
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    .
    gnutls13 (2.0.1-1) unstable; urgency=low
    .
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    .
    gnutls13 (1.7.19-1) unstable; urgency=low
    .
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    .
    gnutls13 (1.7.18-2) unstable; urgency=low
    .
      * Upload to unstable
    .
    gnutls13 (1.7.18-1) experimental; urgency=low
    .
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    .
    gnutls13 (1.7.16-1) experimental; urgency=low
    .
      * New upstream version 1.7.16.
    .
    gnutls13 (1.7.14-1) experimental; urgency=low
    .
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    .
    gnutls13 (1.7.12-1) experimental; urgency=low
    .
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    .
    gnutls13 (1.7.9-1) experimental; urgency=low
    .
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    .
    gnutls13 (1.7.7-1) experimental; urgency=low
    .
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    .
    gnutls13 (1.6.3-1) unstable; urgency=low
    .
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    .
    gnutls13 (1.6.2-2) unstable; urgency=low
    .
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    .
    gnutls13 (1.6.2-1) unstable; urgency=low
    .
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    .
    gnutls13 (1.6.1-2) unstable; urgency=low
    .
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    .
    gnutls13 (1.6.1-1) experimental; urgency=low
    .
      [ James Westby ]
      * New upstream release.
    .
    gnutls13 (1.6.0-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls13 (1.5.3-1) experimental; urgency=low
    .
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    .
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    .
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    .
    gnutls13 (1.4.4-3) unstable; urgency=low
    .
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    .
    gnutls13 (1.4.4-2) unstable; urgency=low
    .
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    .
    gnutls13 (1.4.4-1) unstable; urgency=high
    .
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    .
    gnutls13 (1.4.3-2) unstable; urgency=low
    .
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    .
    gnutls13 (1.4.3-1) unstable; urgency=high
    .
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    .
    gnutls13 (1.4.2-1) unstable; urgency=medium
    .
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    .
    gnutls13 (1.4.1-1) unstable; urgency=low
    .
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    .
    gnutls13 (1.4.0-3) unstable; urgency=low
    .
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    .
    gnutls13 (1.4.0-2) unstable; urgency=low
    .
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    .
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    .
    gnutls13 (1.4.0-1) experimental; urgency=low
    .
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    .
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    .
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    .
    gnutls13 (1.3.5-1) unstable; urgency=low
    .
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    .
    gnutls12 (1.2.9-2) unstable; urgency=low
    .
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    .
    gnutls12 (1.2.9-1) unstable; urgency=low
    .
      * New Upstream version.
    .
    gnutls12 (1.2.8-1) unstable; urgency=low
    .
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    .
    gnutls12 (1.2.6-1) unstable; urgency=low
    .
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    .
    gnutls12 (1.2.5-3) unstable; urgency=high
    .
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    .
    gnutls12 (1.2.5-2) unstable; urgency=medium
    .
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    .
    gnutls12 (1.2.5-1) unstable; urgency=low
    .
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    .
    gnutls11 (1.0.19-1) experimental; urgency=low
    .
      * Merged with the latest stable release.
    .
    gnutls11 (1.0.16-13) unstable; urgency=high
    .
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    .
    gnutls11 (1.0.16-12) unstable; urgency=high
    .
      * Fixed a segfault in certtool. Closes: #278361.
    .
    gnutls11 (1.0.16-11) unstable; urgency=medium
    .
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    .
    gnutls11 (1.0.16-10) unstable; urgency=high
    .
      * Fixed one instance of uninitialized memory usage.
    .
    gnutls11 (1.0.16-9) unstable; urgency=high
    .
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    .
    gnutls11 (1.0.16-8) unstable; urgency=high
    .
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    .
    gnutls11 (1.0.16-7) unstable; urgency=low
    .
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    .
    gnutls11 (1.0.16-6) unstable; urgency=medium
    .
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    .
    gnutls11 (1.0.16-5) unstable; urgency=low
    .
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    .
    gnutls11 (1.0.16-4) unstable; urgency=low
    .
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    .
    gnutls11 (1.0.16-3) unstable; urgency=high
    .
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    .
    gnutls11 (1.0.16-2) unstable; urgency=high
    .
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    .
    gnutls11 (1.0.16-1) experimental; urgency=low
    .
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    .
    gnutls10 (1.0.4-4) unstable; urgency=low
    .
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    .
    gnutls10 (1.0.4-3) unstable; urgency=low
    .
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    .
    gnutls10 (1.0.4-2) unstable; urgency=low
    .
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    .
    gnutls10 (1.0.4-1) unstable; urgency=low
    .
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    .
    gnutls10 (1.0.0-1) unstable; urgency=low
    .
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    .
    gnutls8 (0.9.99-1) experimental; urgency=low
    .
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    .
    gnutls8 (0.9.98-1) experimental; urgency=low
    .
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    .
    gnutls8 (0.9.95-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls8 (0.9.94-1) experimental; urgency=low
    .
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    60452b47
  • Apertis CI's avatar
    571ece0b
  • Apertis CI's avatar
  • Apertis CI's avatar
  • Ariel D'Alessandro's avatar
  • Apertis CI's avatar
  • Ariel D'Alessandro's avatar
    d/apertis: Update copyright information · 65d6e205
    Ariel D'Alessandro authored
    Because of a recent change in the CI scan pipeline [0],
    `ci-license-scan` script is now handling the whitelist in a different
    way, generating copyright information for all files, even those
    whitelisted.
    
    A few directories (wildcard entries) might be reported with a different
    license now, so manual tweaking is required in these cases.
    
    [0] infrastructure/apertis-docker-images@a51aa6de
    
    
    
    Signed-off-by: default avatarAriel D'Alessandro <ariel.dalessandro@collabora.com>
    65d6e205
  • Ariel D'Alessandro's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.1-5 · bc81debd
    Andreas Metzler authored
    bc81debd
  • Apertis CI robot's avatar
    Merge updates from debian/bullseye · f91d5565
    Apertis CI robot authored
    f91d5565
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.1-5+deb11u1 · ce890b29
    Andreas Metzler authored
    ce890b29
  • Apertis CI robot's avatar
    Merge updates from debian/bullseye · 8d4f46ed
    Apertis CI robot authored
    8d4f46ed
  • Apertis CI robot's avatar
    8933c1fc
  • Apertis CI robot's avatar
  • Salvatore Bonaccorso's avatar
    23e0a2c9
  • Ritesh Raj Sarraf's avatar
    807cc5d4
  • Ritesh Raj Sarraf's avatar
    Add test file patch to whitelist · f53a532b
    Ritesh Raj Sarraf authored
    
    Because this patch is licensed GPL-3+, it only generates a testcase
    
    Signed-off-by: default avatarRitesh Raj Sarraf <ritesh.sarraf@collabora.com>
    Unverified
    f53a532b
  • Ritesh Raj Sarraf's avatar
    Release gnutls28 version 3.7.1-5+deb11u2+apertis0 · cb37328a
    Ritesh Raj Sarraf authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
    Unverified
    cb37328a
  • Ritesh Raj Sarraf's avatar
  • Walter Lozano's avatar
    Enable long copyright · 7171f193
    Walter Lozano authored
    
    In order to avoid using wildcards on copyright report enable full
    copyright. This allows to create a more accurate license configuration
    and overcomes difficulties when trying to match copyrights with binaries
    on image generation.
    
    Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
    7171f193
  • Walter Lozano's avatar
    Adjust license configuration after long copyright · a05bef49
    Walter Lozano authored
    
    After enabling full copyright remove unneded entries which may lead to hide
    license issues.
    
    Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
    a05bef49
  • Walter Lozano's avatar
  • Walter Lozano's avatar
  • Apertis CI's avatar
    Import Upstream version 3.7.9 · 6fa315bb
    Apertis CI authored
    6fa315bb
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-1 · 991901c8
    Andreas Metzler authored
    991901c8
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 7cca426c
    Apertis CI robot authored
    7cca426c
  • Apertis CI robot's avatar
    f820cb12
  • Walter Lozano's avatar
    Update license scan configuration · 06c2ec12
    Walter Lozano authored
    
    Update the license scan configuration after the update of the package.
    
    Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
    06c2ec12
  • Walter Lozano's avatar
    13c265af
  • Walter Lozano's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2 · 461fbb10
    Andreas Metzler authored
    461fbb10
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 3ca1c6f4
    Apertis CI robot authored
    3ca1c6f4
  • Apertis CI robot's avatar
    4c774c01
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2+deb12u1 · 0d6cba40
    Andreas Metzler authored
    0d6cba40
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 70d19d31
    Apertis CI robot authored
    70d19d31
  • Apertis CI robot's avatar
    73a66aa7
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2+deb12u2 · 70d844b5
    Andreas Metzler authored
    70d844b5
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 56d34551
    Apertis CI robot authored
    56d34551
  • Apertis CI robot's avatar
    0ef6635f
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2+deb12u3 · 6190fa4e
    Andreas Metzler authored
    6190fa4e
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · d6e55900
    Apertis CI robot authored
    d6e55900
  • Apertis CI robot's avatar
    7a2a17f4
  • Apertis CI robot's avatar
Andreas Metzler <ametzler@debian.org> <ametzler@bebt.de>
Andreas Metzler <ametzler@debian.org> <ametzler@downhill.at.eu.org>
Andreas Metzler <ametzler@debian.org> <gitlab@bebt.de>
Daiki Ueno <ueno@gnu.org> <dueno@redhat.com>
Daiki Ueno <ueno@gnu.org> <ueno@redhat.com>
Daiki Ueno <ueno@gnu.org> <ueno@unixuser.org>
David Woodhouse <dwmw2@infradead.org> <david.woodhouse@intel.com>
František Krenželok <krenzelok.frantisek@gmail.com>
Giuseppe Scrivano <gscrivano@gnu.org> <giuseppe@southpole.se>
Ludovic Courtès <ludo@gnu.org>
Ludovic Courtès <ludo@gnu.org> <ludo@chbouib.org>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nikos@esat.kuleuven.be>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nikos@thingfish.esat.kuleuven.be>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@crystal.(none)>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@redhat.com>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@turtle.(none)>
Simon Josefsson <jas@josefsson.org> <jas@mocca.josefsson.org>
Simon Josefsson <jas@josefsson.org> <simon@josefsson.org>
Stefan Berger <stefanb@linux.ibm.com> <stefanb@linux.vnet.ibm.com>
Stef Walter <stefw@redhat.com> <stefw@collabora.co.uk>
Tim Rühsen <tim.ruehsen@gmx.de> Tim Ruehsen <tim.ruehsen@gmx.de>
Tom Vrancken <dev@tomvrancken.nl> <email@tomvrancken.nl>
Dmitry Baryshkov <dbaryshkov@gmail.com>
......@@ -8,30 +8,33 @@ Tim Rühsen <tim.ruehsen at gmx.de>
Ludovic Courtès <ludo at gnu.org>
Timo Schulz <twoaday at gnutls.org>
Jonathan Bastien-Filiatrault <joe at x2a.org>
Alon Bar-Lev <alon.barlev at gmail.com>
Andreas Metzler <ametzler at debian.org>
Alon Bar-Lev <alon.barlev at gmail.com>
Alexander Sosedkin <asosedkin at redhat.com>
Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Tom Vrancken <dev at tomvrancken.nl>
Zoltan Fridrich <zfridric at redhat.com>
Martin Storsjo <martin at martin.st>
Tim Kosse <tim.kosse at filezilla-project.org>
Simo Sorce <simo at redhat.com>
Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Fabian Keil <fk at fabiankeil.de>
Fabio Fiorina <fiorinaf at gnutls.org>
Stef Walter <stefw at redhat.com>
Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
Armin Burgmeier <armin at arbur.net>
František Krenželok <krenzelok.frantisek at gmail.com>
Andrew McDonald <admcd at gnutls.org>
Alex Gaynor <alex.gaynor at gmail.com>
Fiona Klute <fiona.klute at gmx.de>
Alex Gaynor <alex.gaynor at gmail.com>
Ander Juaristi <a at juaristi.eus>
Martin Ukrop <mukrop at redhat.com>
Jaak Ristioja <jaak.ristioja at cyber.ee>
Attila Molnar <attilamolnar at hush.com>
Hugo Beauzée-Luyssen <hugo at beauzee.fr>
Stefan Berger <stefanb at linux.ibm.com>
Steve Lhomme <robux4 at ycbcr.xyz>
Jakub Jelen <jjelen at redhat.com>
Martin Sucha <anty.sk+git at gmail.com>
Steve Lhomme <robux4 at ycbcr.xyz>
Ander Juaristi <a at juaristi.eus>
David Woodhouse <dwmw2 at infradead.org>
Jan Vcelak <jan.vcelak at nic.cz>
Kevin Cernekee <cernekee at gmail.com>
......@@ -41,69 +44,80 @@ Michael Catanzaro <mcatanzaro at gnome.org>
Daniel Lenski <dlenski at gmail.com>
JonasZhou <JonasZhou at zhaoxin.com>
Stefan Sørensen <stefan.sorensen at spectralink.com>
Tobias Heider <tobias.heider at canonical.com>
Adam Sampson <ats at offog.org>
Alfredo Pironti <alfredo at pironti.eu>
Brad Hards <bradh at frogmouth.net>
Dimitri John Ledkov <xnox at ubuntu.com>
Hubert Kario <hkario at redhat.com>
Michael Weiser <michael.weiser at gmx.de>
Patrick Pelletier <code at funwithsoftware.org>
Rolf Eike Beer <eike at sf-mail.de>
Ruslan N. Marchenko <me at ruff.mobi>
Sjoerd Simons <sjoerd.simons at collabora.co.uk>
Stefan Bühler <stbuehler at web.de>
Thomas Klute <thomas2.klute at uni-dortmund.de>
Wolfgang Meyer zu Bergsten <w.bergsten at sirrix.com>
Andreas Metzler <gitlab at bebt.de>
Christian Grothoff <christian at grothoff.org>
Daniel P. Berrange <berrange at redhat.com>
Evgeny Grin <k2k at narod.ru>
Gustavo Zacarias <gustavo at zacarias.com.ar>
James Bottomley <James.Bottomley at HansenPartnership.com>
Jiří Klimeš <jklimes at redhat.com>
Karsten Ohme <k_o_ at users.sourceforge.net>
Kurt Roeckx <kurt at roeckx.be>
Peter Wu <peter at lekensteyn.nl>
Stanislav Zidek <szidek at redhat.com>
Stephan Mueller <smueller at chronox.de>
Thierry Quemerais <tquemerais at awox.com>
Tom Carroll <incentivedesign at gmail.com>
Vitezslav Cizek <vcizek at suse.com>
Alessandro Ghedini <alessandro at ghedini.me>
Alex Monk <krenair at gmail.com>
Benjamin Herrenschmidt <benh at kernel.crashing.org>
Bernhard M. Wiedemann <bwiedemann at suse.de>
Craig Gallek <cgallek at gmail.com>
David Caldwell <david at porkrind.org>
Diego Elio Pettenò <flameeyes at flameeyes.eu>
Elta Koepp <alexi_2019 at protonmail.com>
Fabrice Fontaine <fontaine.fabrice at gmail.com>
Giuseppe Scrivano <gscrivano at gnu.org>
Hubert Kario <hkario at redhat.com>
Ilya Tumaykin <itumaykin at gmail.com>
Karl Tarbe <karl.tarbe at cyber.ee>
Ke Zhao <kzhao at redhat.com>
Leonardo Bras <leobras.c at gmail.com>
Mark Brand <mabrand at mabrand.nl>
Matthias-Christian Ott <ott at mirix.org>
Maya Rashish <coypu at sdf.org>
Michael Catanzaro <mcatanzaro at igalia.com>
Michał Górny <mgorny at gentoo.org>
Miroslav Lichvar <mlichvar at redhat.com>
Pedro Monreal <pmgdeb at gmail.com>
Pedro Monreal <pmonrealgonzalez at suse.de>
Petr Písař <petr.pisar at atlas.cz>
Pierre Ossman <ossman at cendio.se>
Roman Bogorodskiy <bogorodskiy at gmail.com>
Sam James <sam at gentoo.org>
Simon South <simon at simonsouth.net>
Steffen Jaeckel <jaeckel-floss at eyet-services.de>
Stephan Mueller <smueller at chronox.de>
Steve Dispensa <dispensa at phonefactor.com>
nia <nia at NetBSD.org>
raspa0 <raspa0 at protonmail.com>
Airtower <fiona.klute at gmx.de>
Alban Crequy <alban.crequy at collabora.co.uk>
Albrecht Dreß <albrecht.dress at arcor.de>
Aleksei Nikiforov <darktemplar at basealt.ru>
Alexander Kanavin <alex.kanavin at gmail.com>
Alexander Sosedkin <asosedkin at redhat.com>
Alexandre Bique <bique.alexandre at gmail.com>
Anderson Sasaki <ansasaki at redhat.com>
Andreas Schneider <asn at samba.org>
Andreas Schwab <schwab at suse.de>
Asad Mehmood <asad78611 at googlemail.com>
Avinash Sonawane <rootkea at gmail.com>
Bas van Schaik <gitlab.com at s.traiectum.net>
Bjoern Jacke <bjacke at samba.org>
Björn Jacke <bjacke at samba.org>
Bjørn Christensen <bhc at insight.dk>
Brad Smith <brad at comstyle.com>
Brian Wickman <bwickman97 at outlook.com>
Carolin Latze <latze at angry-red-pla.net>
Chen Hongzhi <hongzhi.chen at me.com>
Chris Barry <chris at barry.im>
......@@ -112,17 +126,21 @@ Dan Fandrich <dan at coneharvesters.com>
Daniel Schaefer <git at danielschaefer.me>
David Walker <david.walker at vcatechnology.com>
David Weber <dave at veryflatcat.com>
Dimitris Apostolou <dimitris.apostolou at icloud.com>
Dmitriy Tsvettsikh <dmitrycvet at gmail.com>
Dosenpfand <m at sad.bz>
Doug Nazar <nazard at nazar.ca>
Edward Stangler <estangler at bradmark.com>
Elias Pipping <pipping at exherbo.org>
Elta Koepp <elta_koepp at gmail.com>
Evgeny Grin <k2k at narod.ru>
Frank Morgner <morgner at informatik.hu-berlin.de>
Gregor Jasny <gjasny at googlemail.com>
Günther Deschner <gd at samba.org>
Hani Benhabiles <kroosec at gmail.com>
Hannes Reinecke <hare at suse.de>
Hans Leidekker <hans at codeweavers.com>
Ilya V. Matveychikov <i.matveychikov at securitycode.ru>
Jan Palus <jpalus at fastmail.com>
Jared Wong <jaredlwong at gmail.com>
Jason Spafford <nullprogrammer at gmail.com>
Jay Foad <jay.foad at gmail.com>
......@@ -130,7 +148,6 @@ Jeffrey Walton <noloader at gmail.com>
Jens Lechtenboerger <jens.lechtenboerger at fsfe.org>
Jussi Kukkonen <jussi.kukkonen at intel.com>
Kenneth J. Miller <ken at miller.ec>
KrenzelokFrantisek <krenzelok.frantisek at gmail.com>
Lei Maohui <leimaohui at cn.fujitsu.com>
Lili Quan <13132239506 at 163.com>
Lucas Fisher <lucas.fisher at gmail.com>
......@@ -144,11 +161,13 @@ Marcus Meissner <meissner at suse.de>
Marga Manterola <marga at google.com>
Marius Bakke <mbakke at fastmail.com>
Marti Raudsepp <marti at juffo.org>
Marvin Scholz <epirat07 at gmail.com>
Matt Turner <mattst88 at gmail.com>
Matt Whitlock <matt at whitlock.name>
Micah Anderson <micah at riseup.net>
Miroslav Lichvar <mlichvar at redhat.com>
Michael Catanzaro <mcatanzaro at redhat.com>
Nick Alcock <nick.alcock at oracle.com>
Nick Child <nick.child at ibm.com>
Nicolas Dufresne <nicolas.dufresne at collabora.com>
Nils Maier <maierman at web.de>
Norbert Pocs <npocs at redhat.com>
......@@ -162,6 +181,7 @@ Raj Raman <rajramanca at gmail.com>
Remi Olivier <remi_8 at hotmail.com>
Rical Jasan <ricaljasan at pacific.net>
Ricardo M. Correia <rcorreia at wizy.org>
Richard Costa <richard.costa at suse.com>
Rickard Bellgrim <rickard at opendnssec.org>
Robert Scheck <robert at fedoraproject.org>
Roberto Newmon <robertonewmon at fake-box.com>
......@@ -169,11 +189,11 @@ Ross Nicholson <phunkyfish at gmail.com>
Rowan Thorpe <rowan at rowanthorpe.com>
SUMIT AGGARWAL <aggarwal.s at samsung.com>
Sadie Powell <sadie at witchery.services>
Sahana Prasad <sahana.prasad07 at gmail.com>
Saurav Babu <saurav.babu at samsung.com>
Sebastian Dröge <sebastian at centricular.com>
Seppo Yli-Olli <seppo.yliolli at gmail.com>
Simon Arlott <sa.me.uk>
Stanislav Zidek <szidek at redhat.com>
Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Thomas Klausner <wiz at NetBSD.org>
Tobias Polzer <tobias.polzer at fau.de>
Tomas Hoger <thoger at redhat.com>
......@@ -191,17 +211,19 @@ The translators list is autogenerated from po file history
Anders Jonsson
Benno Schulenberg
Cristian Othón Martínez Vera
Felipe Castro
Francisco Javier Serrador
Jakub Bogusz
Jorma Karvonen
Mario Blättermann
Milo Casagrande
Mingye Wang (Arthur2e5)
Petr Pisar
Rafael Fontenelle
Roland Illig
Remus-Gabriel Chelu
Sharuzzaman Ahmat Raslan
Stéphane Aulery
Temuri Doghonadze
Trần Ngọc Quân
Yuri Chornoivan
Мирослав Николић
......@@ -157,8 +157,25 @@ As such, some questions to answer before adding a new API:
13.0 is made available? Would it harm the addition of a new protocol?
The make rule 'abi-check' verifies that the ABI remained compatible since
the last tagged release. It relies on the git tree and abi-compliance-checker.
The make rule 'abi-check' verifies that the ABI remained compatible
since the last tagged release, which is maintained in a separate
[abi-dump](https://gitlab.com/gnutls/abi-dump) repository. This
repository shall be updated upon each release if any changes are
introduced in the ABI.
To add new API during development cycle, follow the steps below:
0. If there is no section in [lib/libgnutls.map](lib/libgnutls.map),
corresponding to the next release, add it, deriving from the
previous interface
1. Add new symbols in that section
2. Run `make abi-check-latest`; this will report differences as
errors. Edit the last section of
[devel/libgnutls.abignore](devel/libgnutls.abignore) to suppress
them.
When a new version is released and the abi-dump repository is updated,
the section will be cleared.
The above do not apply to the C++ library; this library's ABI should not
be considered stable.
......@@ -403,6 +420,12 @@ or adding new command line options to tools you need to run 'make
files-update', review the output (when feasible) and commit it separately,
e.g., with a message: "auto-generated files update".
The 'files-update' rule also regenerates the ABI dump files (.abi), used by
the 'abi-check' rule to ensure library ABI compatibility. To make it easier
to track actual changes to be made in those files, a git external diff
driver is provided as `devel/git-abidiff-gnutls`. See the comment in the
file for the instruction.
# Guile bindings:
......
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu Feb 9 09:39:41 2023 +0100
Release 3.7.9
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Tue Jan 3 09:06:01 2023 +0100
Update year of copyright notices in doc/gnutls.texi
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Hubert Kario <hkario@redhat.com>
Date: Wed Feb 8 14:43:45 2023 +0100
document the CVE fix
Signed-off-by: Hubert Kario <hkario@redhat.com>
Author: Hubert Kario <hkario@redhat.com>
Date: Wed Feb 8 14:32:09 2023 +0100
rsa: remove dead code
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
Signed-off-by: Hubert Kario <hkario@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Aug 9 16:05:53 2022 +0200
auth/rsa: side-step potential side-channel
Remove branching that depends on secret data.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Signed-off-by: Hubert Kario <hkario@redhat.com>
Tested-by: Hubert Kario <hkario@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Sep 21 14:56:49 2022 +0200
Release 3.7.8
Not bumping LT_CURRENT / LT_AGE since abi-check reports no changes.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Sep 21 14:26:55 2022 +0200
NEWS: add an entry for allowlisting-relaxing functions restriction
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Sep 19 07:40:01 2022 +0900
accelerated: avoid symbol export mismatch with _gnutls_x86_cpuid_s
If the LD doesn't have support for version scripts,
_gnutls_x86_cpuid_s is exported through libtool's
--export-symbols-regex and that causes link error with clang:
libtool: link: nmedit -s .libs/libgnutls-symbols.expsym .libs/libgnutls.30.dylib
/Library/Developer/CommandLineTools/usr/bin/nmedit: error: symbols names listed in: .libs/libgnutls-symbols.expsym not in: /opt/local/var/macports/build/_Users_marius_Development_MacPorts_ports_devel_gnutls/gnutls-devel/work/gnutls-3.7.5/lib/.libs/libgnutls.30.dylib
__gnutls_x86_cpuid_s
make[4]: *** [libgnutls.la] Error 1
This patch renames _gnutls_x86_cpuid_s to GNUTLS_x86_cpuid_s to avoid
the issue.
Problem investigated and fix suggested by Clemens Lang in:
https://gitlab.com/gnutls/gnutls/-/issues/1370#note_967832583
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Sep 18 17:38:46 2022 +0900
compress-cert: support compression of client certificates
Previously the compress_certificate extension was sent by the server
as part of ServerHello, which violates RFC 8879. This patch instead
send it as an extension of CertificateRequest.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri Sep 9 13:32:16 2022 +0200
Report system config file location via gnutls-cli
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Aug 20 11:06:07 2022 +0900
src: request tls-exporter only when unique master secrets are used
This is to comply with RFC9266 4.2.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Aug 29 06:41:46 2022 +0900
gnutls_session_channel_binding: perform check on "tls-exporter"
According to RFC9622 4.2, the "tls-exporter" channel binding is only
usable when the handshake is bound to a unique master secret. This
adds a check whether either TLS 1.3 or extended master secret
extension is negotiated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Aug 20 10:58:23 2022 +0900
doc: mention GNUTLS_CB_TLS_EXPORTER
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Doug Nazar <nazard@nazar.ca>
Date: Tue Aug 16 01:47:49 2022 -0400
cipher: Ensure correct alignment
Unsigned math is required to calculate the current alignment.
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Author: Tobias Heider <tobias.heider@canonical.com>
Date: Tue Aug 23 13:47:38 2022 +0200
Unload custom allocators in gnutls_crypto_deinit()
Closes #1398
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Aug 15 09:39:18 2022 +0900
accelerated: clear AVX bits if it cannot be queried through XSAVE
The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
Architectures Software Developer’s Manual".
GnuTLS previously only followed that algorithm when registering the
crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
that the extension bits are propagated to _gnutls_x86_cpuid_s.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Aug 18 09:01:20 2022 +0900
srptool: resurrect default value for -i
The default option value for -i (--index) was dropped during the
cligen conversion. This adds it back for compatibility with the
existing command line usage.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Aug 18 09:00:44 2022 +0900
cligen: update git submodule
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Aug 16 10:34:05 2022 +0200
tests: add fips-rsa-sizes
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Feb 16 14:36:48 2022 +0100
update documentation on allowlisting API
(in a separate commit so that it's easier to compare)
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Feb 16 14:28:18 2022 +0100
plumb allowlisting API through the config, restrict usage to early times
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Martin Storsjo <martin@martin.st>
Date: Mon Aug 15 23:50:16 2022 +0300
windows: Avoid -Wint-conversion errors
Clang 15 made "incompatible pointer to integer conversion" an error
instead of a plain warning. This fixes errors like these:
system/keys-win.c:257:13: error: incompatible pointer to integer conversion initializing 'HCRYPTHASH' (aka 'unsigned long') with an expression of type 'void *' [-Wint-conversion]
HCRYPTHASH hHash = NULL;
^ ~~~~
Signed-off-by: Martin Storsjo <martin@martin.st>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Feb 15 16:26:52 2022 +0100
lib/priority: extract parts of cfg_apply into cfg_*_set_array*
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Feb 14 18:00:25 2022 +0100
lib/priority: move sigalgs filtering to set_ciphersuite_list
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Aug 3 16:39:47 2022 +0900
nettle: mark RSA SigVer operation approved for known modulus sizes
SP800-131A rev2 suggests certain RSA modulus sizes under 2048
bits (1024, 1280, 1536, and 1792) may continue to be used for
signature verification but not for signature generation. This loosen
the current service indicator report to approve them.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Aug 9 12:55:04 2022 +0900
nettle: check RSA modulus size in bits rather than bytes
Previously we checked RSA modulus size clamped to byte unit instead of
bits. This makes the check stricter by explicitly calculating the
modulus size in bits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Aug 9 12:08:24 2022 +0200
fips: disable GNUTLS_CIPHER_3DES_CBC self-test
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Aug 8 13:54:13 2022 +0900
.gitlab-ci.yml: mark all CI jobs interruptible
This allows previous pipelines to be cancelled if a new job is
submitted subsequently:
https://docs.gitlab.com/ee/ci/yaml/#interruptible
Suggested-by: Zoltán Fridrich <zfridric@redhat.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Stanislav Zidek <szidek@redhat.com>
Date: Mon Aug 8 23:07:21 2022 +0200
Moved TLS interoperability tests to submodule.
Signed-off-by: Stanislav Zidek <szidek@redhat.com>
Author: Andreas Metzler <ametzler@debian.org>
Date: Sun Jul 31 10:28:15 2022 +0200
Avoid &> redirection bashism in testsuite
Broken by 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Stanislav Zidek <szidek@redhat.com>
Date: Thu Feb 11 13:57:27 2021 +0100
interoperability testing with openssl
GitLab CI extended to run 2way interoperability tests with openssl on
Fedora. Also prepared for adding further interoperability tests once
they are in better shape.
Signed-off-by: Stanislav Zidek <szidek@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Aug 4 16:37:51 2022 +0900
_gnutls_decrypt_pbes1_des_md5_data: use public crypto API
This is a follow-up of e7f9267342bc2231149a640163c82b63c86f1dfd. In
the decryption code path with PBES1, algorithm checks for FIPS was not
applied, because it used internal functions that bypass those checks.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Simon Josefsson <jas@josefsson.org>
Date: Sat Jul 30 21:06:42 2022 +0200
Update doc for GNUTLS_CB_TLS_EXPORTER towards RFC9266.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Fri Jul 29 10:38:42 2022 +0200
KTLS: hotfix
session->internals.pull_func is set to system_read during gnutls_init()
so check for user set pull/push function added in commit mentioned
bellow will never pass.
source: 2d3cba6bb21acb40141180298f3924c73c7de8f8
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu Jul 28 12:49:59 2022 +0200
Release 3.7.7
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jul 26 11:39:57 2022 +0900
socket: only set pull/push functions when --save-*-trace is used
This allows gnutls-cli to use KTLS for the transport, unless either
--save-client-trace or --save-server-trace is used.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jul 26 11:38:41 2022 +0900
handshake: do not enable KTLS if custom pull/push functions are set
If gnutls_transport_set_pull_function or
gnutls_transport_set_push_function is used, we can't assume the
underlying transport handle is an FD.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri Jul 22 12:00:11 2022 +0200
Fix double free during gnutls_pkcs7_verify
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jul 27 20:23:26 2022 +0900
guile: revert gnutls/build/tests.scm to use use-modules
This partially reverts e727eb7901a3f1754de970c8529925ae3d591b90. For
some reason, the usage of #:use-module causes some behavioral
difference that affects reauth.scm test.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Mon Jul 25 16:07:54 2022 +0200
Fix memory leak in gnutls_pkcs7_import
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jul 14 15:19:23 2022 +0900
crypto-api: add block cipher API with automatic padding
This adds a couple of functions gnutls_cipher_encrypt3 and
gnutls_cipher_decrypt3, which add or remove padding as necessary if
the length of the plaintext is not a multiple of the block size.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jul 22 11:54:29 2022 +0900
tests: temporarily disable checking against unresolvable hosts
*.dane.verisignlabs.com and fedoraproject.org are no longer
resolvable.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jul 20 15:00:10 2022 +0900
src: add __attribute__((malloc)) to safe_open_rw
This silences -Wsuggest-attribute=malloc warning with GCC 12. While
we could use ATTRIBUTE_DEALLOC(fclose, 1), it is currently not
possible to use it until Gnulib is updated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jul 20 14:54:48 2022 +0900
src: add NULL check on return value of realloc used in tests
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jun 30 21:24:23 2022 +0900
tests: resume-with-previous-stek: initialize session data
Spotted by gcc-analyzer 12.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jun 30 21:23:31 2022 +0900
tests: add __attribute__((__noreturn__)) to _fail and fail_ignore
To suppress warnings with gcc-analyzer 12.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jun 30 21:13:53 2022 +0900
crypto-selftests: fix decryption check condition in test_cipher_aead
Spotted by gcc-analyzer 12.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jun 30 20:57:30 2022 +0900
x509, tpm2: use asn1_node instead of deprecated ASN1_TYPE
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Sun Jul 10 23:41:26 2022 +0200
guile: Allow session record ports to have a 'close' procedure.
This addition makes it easy to close the backing file descriptor or port
of a session when its record port is closed.
* guile/src/core.c (SCM_GNUTLS_SESSION_RECORD_PORT_SESSION): Add SCM_CAR.
(SCM_GNUTLS_SESSION_RECORD_PORT_CLOSE_PROCEDURE)
(SCM_GNUTLS_SET_SESSION_RECORD_PORT_CLOSE)
(SCM_GNUTLS_SESSION_RECORD_PORT_P)
(SCM_VALIDATE_SESSION_RECORD_PORT): New macros.
(make_session_record_port): Change "stream" argument to a pair.
(close_session_record_port): New function.
(scm_gnutls_session_record_port): Add optional 'close' parameter and
honor it.
(scm_gnutls_set_session_record_port_close_x): New function.
(scm_init_gnutls_session_record_port_type): Add call to
'scm_set_port_close' and 'scm_set_port_needs_close_on_gc'.
* guile/tests/session-record-port.scm: Test it.
* NEWS: Update.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Sun Jul 10 17:03:03 2022 +0200
guile: Remove support for the 1.8.x series.
The last Guile 1.8.x release dates back to 2010.
* configure.ac: Remove 1.8 from 'GUILE_PKG'.
* doc/gnutls-guile.texi (Guile Preparations): Remove mention of Guile 1.8.
* guile/src/core.c (mark_session_record_port)
(free_session_record_port): Remove.
(scm_init_gnutls_session_record_port_type): Remove corresponding
'scm_set_port_mark' and 'scm_set_port_free' calls.
* guile/modules/gnutls.in: Remove top-level 'cond-expand' forms for
Guile 1.8.
* guile/modules/gnutls/build/tests.scm: Likewise.
* NEWS: Update.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Sun Jul 10 17:02:17 2022 +0200
maint: Update guile.m4.
* m4/guile.m4: Update from Guile 3.0.7.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Brad Smith <brad@comstyle.com>
Date: Fri Jul 15 22:44:03 2022 -0400
accelerated: aarch64: add OpenBSD/aarch64 support
Signed-off-by: Brad Smith <brad@comstyle.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jun 27 11:14:50 2022 +0900
cipher: limit plaintext length supplied to AES-GCM
According to SP800-38D 5.2.1.1, input data length of AES-GCM
encryption function must be less than or equal to 2^39-256 bits.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Sun Jul 10 18:54:54 2022 +0200
guile: Session record port treats premature termination as EOF.
* guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Treat
GNUTLS_E_PREMATURE_TERMINATION as EOF.
(read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise.
* guile/tests/premature-termination.scm: New file.
* guile/Makefile.am (TESTS): Add it.
* NEWS: Update.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Richard Costa <richard.costa@suse.com>
Date: Sat Jul 9 00:50:21 2022 +0000
Add self-test code inside a FIPS context
Self-test code exercise lots of different FIPS-related code with
side-effects. So, in order to prevent it from losing information when
executing inside another context, we create an appropriated one.
If the self-test fails, then the library is placed in error state, so it
doesn't matter for other contexts.
Signed-off-by: Richard Maciel Costa <richard.costa@suse.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Tue May 10 15:20:45 2022 +0200
Increase the limit of TLS PSK usernames from 128 to 65535 characters
Co-authored-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 1 08:04:57 2022 +0200
fips: make service indicator logging louder
Previously, the only way to monitor the FIPS context transtion was to
increase logging level to debug (2), which produces unrelated output.
This changes the minimum logging level to audit (1) for when the
transition happens.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jun 27 09:29:13 2022 +0900
nettle: restrict output size of HKDF-Expand to 255 * HashLen
RFC 5869 2.3 requires that requested output length of HKDF-Expand to
be equal to or less than 255 times hash output size.
Inspired by the report by Guido Vranken in:
https://lists.gnupg.org/pipermail/gcrypt-devel/2022-June/005328.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Jun 28 17:22:36 2022 +0200
tests/fips-test: minor extension
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jun 28 13:46:44 2022 +0900
.gitlab-ci.yml: add fedora-ktls pipeline
This is to ensure that the same testsuite succeeds even if we compile
the library with --enable-ktls and KTLS is enabled with a run-time
configuration.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jun 28 10:53:55 2022 +0900
ktls: _gnutls_ktls_enable: fix GNUTLS_KTLS_SEND calculation
Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the
same socket is used for both sending and receiving, GNUTLS_KTLS_SEND
was unconditionally set. This fixes the conditions and also adds more
logging.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jun 28 10:23:33 2022 +0900
handshake: do not reset KTLS enablement in gnutls_handshake
As gnutls_handshake can be repeatedly called upon non-blocking setup,
we shouldn't try to call setsockopt for KTLS upon every call.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jun 28 09:37:22 2022 +0900
tests: enable KTLS config while running gnutls_ktls test
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Gregor Jasny <gjasny@googlemail.com>
Date: Tue Jun 21 11:18:16 2022 +0200
README.md: explicitly install libtasn1-bin
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Tue Jun 14 16:16:11 2022 +0200
KTLS: disable by default enable by config
KTLS will be disabled by default when build with `--enable-ktls` to
enable it, use config file option `ktls = true` in [global] section.
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jun 3 15:43:00 2022 +0900
fips: provide function to manually run FIPS self-tests
FIPS140-3 IG 10.3.E Periodic Self-Testing says:
At security levels 1 and 2, acceptable means for initiating the
periodic self-tests include a provided service, resetting, rebooting
or power cycling.
Neither resetting, rebooting, nor power-cycling is suitable because
those involve operations outside of the module. Therefore this patch
adds a new API to manually run the substance of FIPS140 self-tests.
Suggeested by Richard Costa and Stephan Mueller in:
https://gitlab.com/gnutls/gnutls/-/issues/1364
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed May 18 15:38:21 2022 +0200
tests/suite/tls-fuzzer: remove most of the -n limiters...
... since tlsfuzzer now sets reasonable (~<10s/script) limits
for most of the scripts by default
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed May 18 13:41:18 2022 +0200
tests/suite/tls-fuzzer: pin current error messages with -X
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun May 29 10:54:48 2022 +0900
build: Revert "Disable test scripts on windows"
This reverts commit d2b99e3b3429e9b9a6fbff46598fd4c6a0910f65.
It turned out that the test failures under mingw were caused by a
regression in wine 7.5, possibly:
https://bugs.winehq.org/show_bug.cgi?id=52743
Now that the latest wine package based on wine 7.9 has no issues with
running those test scripts, this enables them again in the build
process.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri May 27 09:17:55 2022 +0200
Release 3.7.6
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Asad Mehmood <asad78611@googlemail.com>
Date: Mon May 23 14:35:46 2022 +0000
libdane: fix typo in Makefile.am
Signed-off-by: Asad Mehmood <asad78611@googlemail.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri May 13 14:37:05 2022 +0200
Add release steps for windows builds
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed May 18 11:43:26 2022 +0200
Fix out-of-bounds memcpy in gnutls_realloc_zero()
Co-authored-by: Tobias Heider <tobias.heider@canonical.com>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu May 19 10:27:51 2022 +0200
Disable test scripts on windows
This is a temporary solution to avoid failures
of test scripts when ran on windows
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu May 12 10:38:23 2022 +0200
Release 3.7.5
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 10 09:52:26 2022 +0200
cligen: update git submodule
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri Apr 29 12:28:50 2022 +0200
Improve certificate sanity checks
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Tim Kosse <tim.kosse@filezilla-project.org>
Date: Mon Mar 28 17:49:22 2022 +0200
Fix psk_ke_modes_recv_params() wrongly setting HSK_PSK_KE_MODE_INVALID
If the preferred side (as per session->internals.priorities->server_precedence)
only supports one algorithm and if it is not the first in the other side's list
of algorithms, then psk_ke_modes_recv_params did wrongly set
session->internals.hsk_flags to HSK_PSK_KE_MODE_INVALID.
Fixes #1303
This issue was originally discovered while analyzing
https://forum.filezilla-project.org/viewtopic.php?t=54333
Signed-off-by: Tim Kosse <tim.kosse@filezilla-project.org>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat May 7 10:07:01 2022 +0200
tests/cmocka-common.h: include <stdarg.h> before <cmocka.h>
As documented in <https://api.cmocka.org/group__cmocka.html#details>,
<stdarg.h> must be included before <cmocka.h>.
Suggested by Brad Smith in:
https://gitlab.com/gnutls/gnutls/-/issues/1360
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 29 12:01:53 2022 +0200
configure.ac: check if compiler supports -Wa,-march=all
Clang from LLVM 13.0.0 caused a segumentation fault if an unknown
architecture is supplied through -march. While this has been fixed in
13.0.1, until it is widely deployed this adds a configure check as a
safeguard:
https://github.com/llvm/llvm-project/commit/d31f8cc6884ba3cc3e088fd57c4c533868e8a8b2
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Jan 15 11:27:20 2022 +0100
gnutls_aead_cipher_set_key: new function
This adds gnutls_aead_cipher_set_key, which enables to reuse the same
handle but reset the context and key, without releasing the memory.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 17 11:48:39 2022 +0100
crypto-api: support AES-SIV with scatter-gather API
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 17 11:17:46 2022 +0100
crypto-api: refactor iov_store_st operations
This replaces copy_from_iov to more generic append_from_iov.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 17 10:36:44 2022 +0100
crypto-api: split scatter-gather AEAD implementation to helper funcs
These _encryptv, _encryptv2, and _decryptv2 functions take orthogonal
code paths depending on whether the underlying AEAD implementation
supports message based API. This patch split the implementation to
dedicated helper functions.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 17 10:07:02 2022 +0100
crypto-api: add integer overflow checks around copying IOV
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu May 5 12:10:46 2022 +0200
Extend fipshmac to take a path to libgnutls.so
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 4 15:27:16 2022 +0200
.github/workflows/macos.yml: display tests/cert-tests/*.log
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 4 15:23:49 2022 +0200
lib/fips.c: suppress -Wdiscarded-qualifiers warning
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 4 15:22:16 2022 +0200
.gitignore: ignore tests/tls13/compress-cert*
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 4 15:19:17 2022 +0200
tests/cert-tests/pkcs12.sh: use portable sed invocations
The BSD sed doesn't recognize '\|' as the alternative operator, and
the last '}' must be preceded with a newline.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Sep 21 08:07:25 2021 +0200
tls: add flag to disable session ticket in TLS 1.2
The existing GNUTLS_NO_TICKETS flag affects all versions of TLS, where
PFS is assured in TLS 1.3, while it is not in TLS 1.2. This adds a
new flag GNUTLS_NO_TICKETS_TLS12 to allow applications to disable
session tickets only in TLS 1.2.
As the only means of resumption in TLS 1.3 is using session tickets,
we could repurpose the GNUTLS_NO_TICKETS flag make it no-op in TLS
1.3. However it would break backward compatibility, so we defer it to
the next major release.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Nov 28 11:31:30 2021 +0100
session_ticket: avoid invalid free on error path
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Sep 21 11:08:06 2021 +0200
_gnutls_version_max: return NULL if priorities are not populated
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon May 2 07:41:12 2022 +0200
m4: update from autoconf-archive
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Apr 17 10:56:35 2022 +0200
.github/workflows/macos.yml: pull in gtk-doc
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu Apr 28 12:17:16 2022 +0200
gnutls-cli, gnutls-serv: print supported channel binding
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Sep 4 07:16:18 2021 +0200
.gitlab-ci.yml: replace valgrind checks with ASan
Running the full test suite under valgrind wastes a lot of time and
may cause intermittent failures due to timeout. We have them mainly
for VALGRIND_MAKE_MEM_UNDEFINED client request, though the ASan tests
now cover the equivalent after
f23c3a6cba43706a6ebb3f9b0018cd658dcc0a72.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu Apr 14 11:29:26 2022 +0200
Use packit to automate fedora upstream release
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun Apr 24 17:03:18 2022 +0900
Preserve mbuffer type when linearized
Signed-off-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Author: Brian Wickman <bwickman97@outlook.com>
Date: Thu Apr 21 05:52:36 2022 +0000
Fix for #1132
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Apr 11 14:00:16 2022 +0200
.gitignore: ignore files generated by asn1Parser
These files are no longer maintained in the repository, after commit
16061937.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 8 10:23:51 2022 +0200
cligen: update git submodule
This also reverts commit fd0e28a3 and changes how the cligen python
files are included in the distribution.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Tue Apr 12 16:34:52 2022 +0200
Small fips-test refactoring
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Mon Apr 11 16:04:38 2022 +0200
Add zeroization of some critical security parameters
to comply with FIPS-140-3 requirements
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Andreas Metzler <ametzler@debian.org>
Date: Sun Apr 10 13:22:22 2022 +0200
Document C++ soname bump in NEWS.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Andreas Metzler <ametzler@debian.org>
Date: Wed Mar 30 18:26:36 2022 +0200
Add missing gtk-doc for GNUTLS_COMP_BROTLI/ZSTD.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Andreas Metzler <ametzler@debian.org>
Date: Wed Mar 30 18:18:12 2022 +0200
Add missing copyright header
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Tue Apr 5 16:28:41 2022 +0200
Add missing FIPS service indicator transitions
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed Apr 6 15:33:32 2022 +0200
Remove 3DES from FIPS approved algorithms.
According to the section 2 of SP800-131A Rev.2, 3DES algorithm
will be disallowed for encryption after December 31, 2023:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri Apr 1 12:34:12 2022 +0200
Mark HKDF and AES-GCM as approved when used in TLS
Co-authored-by: Pedro Monreal <pmgdeb@gmail.com>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Mar 31 15:50:51 2022 +0200
bootstrap.conf: use install-sh to copy cligen files
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Mar 19 10:01:09 2022 +0100
lib/{gnutls,pkix}_asn1_tab.c: remove autogenerated files
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Mar 19 10:00:08 2022 +0100
devel/README-ci.freebsd.md: stop mentioning autogen
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Mar 19 09:59:58 2022 +0100
.github/workflows/macos.yml: stop installing autogen
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Mar 19 09:53:54 2022 +0100
configure.ac: always assume GTK_DOC_CHECK macro
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Mar 31 14:28:32 2022 +0200
fips: simplify library integrity checking
This removes code duplication by grouping the path and hmac fields in
hmac_file structure.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu Mar 31 10:13:06 2022 +0200
Increase length limit of PKCS#12 passwords
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Fri Mar 25 11:31:05 2022 +0100
ktls config documentation
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date: Thu Mar 31 08:57:07 2022 +1100
Fix off-by one exit condition in pkcs#11 priv keys lookup
In function find_privkeys(), the list-> array is allocated to be of size
lists->key_ids_size. "current" is the index where the next found key will
be written (starts at 0).
The current exit condition is thus incorrect:
if (current > list->key_ids_size)
break;
This will allow "current" to be equal to list->key_ids_size which will
potentially cause an overflow if more keys are returned by the loop than
was originally found when calculating that size.
This is very unlikely, but incorrect nonetheless.
Fix this by using the more classic construct of testing for the array bound
in the loop exit condition, as suggested by Daiki Ueno.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date: Mon Mar 21 13:45:11 2022 +1100
Fix matching of last key of a pkcs#11 token
Retrieving the cert for the last key of a token fails due to an
off-by-one bug in find_privkeys():
In the loop that iterates the keys, "current" contains the index
of the "next" key slot, which is also the active "count" of populated
slots in the output struct find_pkey_list_st.
The current statement:
list->key_ids_size = current - 1;
Means we return a "key_ids_size" of the current count minus one, ie 0
for 1 key etc... However, this isn't what the callers expect, for example:
find_multi_objs_cb() does:
ret = find_privkeys(sinfo, tinfo, &plist);
if (ret < 0) {
gnutls_assert();
return ret;
}
if (plist.key_ids_size == 0) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
So a slot with a single key will fail when trying to find a certificate
Subsequent uses of "plist" in that function also show that it's expected
to contain the real slot count:
for (i = 0; i < plist.key_ids_size; i++) {
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed Mar 23 16:55:51 2022 +0100
Consolidate FIPS .hmac files
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Fri Mar 18 11:37:10 2022 +0100
system config disable KTLS
Added option for system config `ktls = false` to disable ktls
system-wide
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Pedro Monreal <pmgdeb@gmail.com>
Date: Tue Mar 22 13:01:53 2022 +0100
lib/crypto-selftests.c: Add a selftest for PBKDF2 that complies with FIPS 140-3.
Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
Author: Tobias Heider <tobias.heider@canonical.com>
Date: Mon Mar 14 16:17:28 2022 +0100
Use custom allocators for GMP to make sure temporary secrets
from cryptographic operations in nettle are deleted safely.
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Mar 18 08:10:12 2022 +0100
devel/release-steps.md: expand steps to generate tarball [ci-skip]
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Mar 18 07:54:06 2022 +0100
NEWS: mention couple more changes in 3.7.4 release [ci-skip]
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Sam James <sam@gentoo.org>
Date: Fri Mar 18 05:51:29 2022 +0000
configure.ac: fix zstd detection
Fixes typo in zstd detection.
None of the used autoconf macros will define `has_zstd_h` so
configure will (AFAICT) always fail to find zstd, even if it succeeded
via pkg-config moments before.
Drop it and rely solely on pkg-config as that's the only search
we're actually doing.
Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1343
Signed-off-by: Sam James <sam@gentoo.org>
Author: Sam James <sam@gentoo.org>
Date: Fri Mar 18 05:40:28 2022 +0000
configure.ac: fix brotli/zstd configure argument name
The old `./configure` arguments for brotli and zstd respectively
were inconsistent with the `./configure --help` output.
Old: --without-libbrotli --without-libzstd (also --with-*)
New: --without-brotli --without-zstd (also --with-*)
Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1342
Signed-off-by: Sam James <sam@gentoo.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Mar 16 11:19:29 2022 +0100
cligen: update git submodule
To avoid emitting empty "list" substruct in header files, as well as
assuming the Python pwd module is always available.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed Mar 16 15:42:40 2022 +0100
Release 3.7.4
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Tue Mar 8 18:01:37 2022 +0100
Make gnutls compliant to RFC5280
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 14 16:03:07 2022 +0100
cli, serv: allow multiple --compress-cert options
This eliminates the need of parsing the comma separated list manually.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Tobias Heider <tobias.heider@canonical.com>
Date: Sun Mar 13 23:58:42 2022 +0100
Handle all cases of calloc returning NULL.
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Fri Mar 11 18:22:18 2022 +0100
Fix global-ini-handler
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Feb 10 15:58:08 2022 +0100
Make option specification type-safe
This switches the CLI code and documentation generation to the
external cligen module, which provides more type-safe specification.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Tobias Heider <tobias.heider@canonical.com>
Date: Wed Mar 9 01:18:20 2022 +0100
fips: use GNUTLS_FIPS140_STRICT instead of magic number.
Signed-off-by: Tobias Heider <tobias.heider@canonical.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Mar 9 08:07:58 2022 +0100
locks: define lock functions as a macro
When threads are not supported, glthread_* functions are defined as
no-op and thus dereferencing lock variables in inline functions will
cause compilation error. This change fixes it by redefining our lock
functions as a macro so it will also be compiled out.
Reported by Fabrice Fontaine in:
https://gitlab.com/gnutls/gnutls/-/issues/1330
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Mar 9 07:25:01 2022 +0100
.gitlab-ci.yml: prolong timeout for slow CI jobs
Suggested by Marvin Scholz in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1543#note_859825412
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Feb 23 19:48:52 2022 +0100
tpm2: dynamically load tss2 libraries as needed
libtss2-esys links to OpenSSL or mbed TLS for cryptography, which may
cause packaging issues. This instead dlopen's tss2 libraries as
needed so non-TPM applications continue working without loading
multiple crypto libraries.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed Jan 12 14:57:42 2022 +0100
Add compress_certificate extension (RFC8879)
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Craig Gallek <cgallek@gmail.com>
Date: Sun Feb 27 10:39:07 2022 -0500
x509: fix return error code for failed decryption without key
Decrypting an encrypted private key previously returned
GNUTLS_E_DECRYPTION_FAILED when no password was supplied. This changed when
decryption via pin callbacks was added in d31b89de.
That change should have included a check for callback existence in order to
preserve the error path of the no-password case.
This adds the check and a test for the previous behavior.
Resolves bug #1321
Signed-off-by: Craig Gallek <cgallek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Feb 24 09:55:01 2022 +0100
gnutls_record_send_file: make it work with non-blocking I/O
When either read() or gnutls_record_send() returns EAGAIN, just return
to the caller so it can call this function again, instead of retrying
internally.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Marvin Scholz <epirat07@gmail.com>
Date: Wed Feb 23 19:03:51 2022 +0100
configure.ac: add missing Libs.private for macOS
On macOS the CoreFoundation and Security frameworks are used by
GnuTLS, however those were missing in the Libs.private in the .pc
resulting in link failures with static builds when relying on the
output of pkg-config --static.
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Wed Feb 16 11:25:11 2022 +0100
non-KTLS sendfile test
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Wed Feb 16 11:23:36 2022 +0100
non-KTLS sendfile
Added: sendfile API functionality for non KTLS enabled builds.
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Feb 22 17:09:46 2022 +0100
algorithms: ensure _list() exclude non-existing algorithms
This aligns the behavior of _list() function for sign/pk to the one
for cipher/mac: the former previously returned all the algorithms
defined, while the latter returns only algorithms compiled in.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Feb 22 17:25:26 2022 +0100
Revert "algorithms: compile out GOST algorithm IDs if they are disabled"
This reverts commit aa94bcbdaa55899f4f4ae13dc3e9a8c559354676.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Wed Feb 16 11:22:47 2022 +0100
auto-generated files update
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Tue Nov 16 12:05:53 2021 +0100
ktls: sendfile
added API function: gnutls_record_send_file().
added: _gnutls_ktls_send_file() function which increases the performance
by offloading the file encryption to kernel, thus the data never goes
to userspace.
updated tests/gnutls_ktls to cover new API
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Feb 21 16:36:32 2022 +0100
algorithms: compile out GOST algorithm IDs if they are disabled
When compiled with --disable-gost, gnutls-cli --list still prints GOST
algorithms for public key systems and signatures. This change adds
compile time checks to suppress them.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Feb 21 18:19:25 2022 +0100
lib/algorithms: add UB warnings on late allowlisting API invocations
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Feb 14 13:48:37 2022 +0100
lib/priority: defer setting system-wide priority string
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Feb 14 12:44:57 2022 +0100
lib/priority: split up update_system_wide_priority_string
This is done in preparation for deferring priority string evaluation.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Feb 21 16:28:49 2022 +0100
priority: compile out GOST algorithms IDs if they are disabled
When compiled with --disable-gost, gnutls-cli --priority NORMAL --list
still prints GOST algorithms for ciphers, MACs, and signatures. This
change adds compile time checks to suppress them.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Fri Feb 18 11:05:15 2022 +0100
bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS
Fedora 36 LEGACY crypto-policy uses allowlisting format
and is long enough to blow past the 64 priority string
elements mark, causing, effectively, priority string truncation.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Dimitris Apostolou <dimitris.apostolou@icloud.com>
Date: Thu Feb 17 17:35:59 2022 +0200
Fix typos
Signed-off-by: Dimitris Apostolou <dimitris.apostolou@icloud.com>
Author: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu Feb 17 11:46:29 2022 +0100
Disable some tests in fips mode
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Feb 10 17:35:13 2022 +0100
_gnutls_pkcs_raw_{decrypt,encrypt}_data: use public crypto API
These functions previously used the internal crypto
API (_gnutls_cipher_*) which does not have algorithm checks for FIPS.
This change switches the code to use the public crypto
API (gnutls_cipher_*) to trigger proper state transitions under FIPS
mode.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Feb 10 16:43:08 2022 +0100
pkcs12: mark MAC generation and verification as FIPS non-approved
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Feb 15 17:38:20 2022 +0100
gnutls_transport_is_ktls_enabled: fix return value of stub
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jan 12 10:37:53 2022 +0100
gnutls_ciphersuite_get: new function to get unique ciphersuite name
The existing method to obtain the name of the currently negotiated TLS
ciphersuite is as follows:
- call gnutls_cipher_get, gnutls_mac_get, gnutls_kx_get
- call gnutls_cipher_suite_get_name with the value from the above functions
This process is cumbersome and only works with TLS 1.2 or earlier;
moreover the returned names are GnuTLS specific.
This change adds a new function gnutls_ciphersuite_get to eliminate
those limitations. It returns the "canonical" name of the
ciphersuite, which is mostly identical to the ones registered in IANA,
with an exception for compatibility.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Dec 20 09:28:10 2021 +0100
tls-fuzzer: prolong timeout for FFDHE tests
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Nov 26 20:03:15 2021 +0100
.gitlab-ci.yml: prolong timeout for fedora-nettle-minigmp/test
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Nov 26 09:37:58 2021 +0100
.gitlab-ci.yml: fix nettle installation path
.fedora-nettle/build clones the nettle into "nettle-git" and
temporarily change the working directory while buidling it. After
moving back to the original working directory, the installation path
should be prefixed with "${PWD}/nettle-git/".
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Feb 1 15:19:52 2022 +0100
certtool --generate-privkey: update warnings on RSA key sizes
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jan 27 18:17:43 2022 +0100
rsa_generate_fips186_4_keypair: accept a few more modulus sizes
While _rsa_generate_fips186_4_keypair was modified to accept modulus
sizes other than 2048 and 3076, rsa_generate_fips186_4_keypair, which
calls that function, was not updated to accept such modulus sizes.
Spotted by Alexander Sosedkin.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 7 11:24:36 2022 +0100
.gitlab-ci.yml: update Fedora images to Fedora 35
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Seppo Yli-Olli <seppo.yliolli@gmail.com>
Date: Mon Jan 31 18:32:28 2022 +0200
Bump libgnutlsxx soname due to ABI break
db_check_entry and db_check_entry now have const parameters
Signed-off-by: Seppo Yli-Olli <seppo.yliolli@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 28 07:49:42 2022 +0100
configure.ac: make --with-tpm and --with-tpm2 independent
These features are not mutually exclusive, so it doesn't make sense to
disable the TPM 1.2 support with TPM 2.0 support.
Reported by Jan Palus in:
https://gitlab.com/gnutls/gnutls/-/issues/1313
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 28 12:50:56 2022 +0100
gen-getopt.py: avoid struct member name clash with C keywords
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 28 07:55:25 2022 +0100
tests: tcp_connect: avoid resource leak on error path
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 28 08:48:47 2022 +0100
README.md: fix versions in build status and add 3.6.x
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Jan Palus <jpalus@fastmail.com>
Date: Fri Jan 28 11:07:02 2022 +0100
ktls: fix _gnutls_ktls_send_control_msg return value
always returned 0 on success while contract mandates to return number of
bytes sent
Fixes #1314
Signed-off-by: Jan Palus <jpalus@fastmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 28 06:35:45 2022 +0100
release-steps: fix markup
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Thu Jan 27 13:54:21 2022 +0100
KTLS: hotfix
fixed: keys will be set only when both sockets were enabled for ktls
fixed: session->internals.ktls_enabled left uninitialized for non
ktls-enabled build
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Jan 26 16:25:01 2022 +0100
lib/accelerated: use unlikely on buffer length checks more consistently
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Jan 26 16:15:36 2022 +0100
lib/accelerated: rearranged several size checks to avoid overflow
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Jan 25 12:32:59 2022 +0100
tests/scripts/common: fix skipping over x86-specific tests
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Jan 25 13:37:55 2022 +0100
tests/slow/test-hash-large: output GNUTLS_CPUID_OVERRIDE hints
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Jan 25 13:46:46 2022 +0100
tests/slow/cipher-api-test: add happy paths, specific error checks etc
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue Jan 25 13:36:19 2022 +0100
lib/accelerated: report GNUTLS_E_SHORT_MEMORY_BUFFER in many places
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Jan 24 17:37:24 2022 +0100
.gitlab-ci.yml: enable hardware acceleration in UB+ASAN jobs
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Jan 24 17:34:35 2022 +0100
tests/slow/cipher-api-test: actually test for short buffer...
... avoiding the case when different failures mask the intended one
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Jan 24 17:33:48 2022 +0100
lib/accelerated/x86/aes-gcm-x86-pclmul-avx: add short buffer checks
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Andreas Metzler <ametzler@debian.org>
Date: Sun Jan 23 13:40:17 2022 +0100
testsuite: Fix endless loop on /bin/sh without $RANDOM
Closes #1315
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Andreas Metzler <ametzler@debian.org>
Date: Sun Jan 23 07:52:21 2022 +0100
testsuite: Fix missed instances of &> redirection
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Andreas Metzler <ametzler@debian.org>
Date: Fri Jan 21 18:25:52 2022 +0100
Avoid &> redirection bashism in testsuite
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 17 16:48:10 2022 +0100
Release 3.7.3
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jan 18 06:43:07 2022 +0100
tests: privkey-keygen: fix memory leak
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Oct 30 08:56:07 2021 +0200
x509: fix thread-safety in gnutls_x509_trust_list_verify_crt2
This function previously used gnutls_x509_trust_list_get_issuer
without GNUTLS_TL_GET_COPY flag, which is required when the function
is called from multi-threaded application and PKCS #11 trust store is
in use.
Reported and the change suggested by Remi Gacogne in:
https://gitlab.com/gnutls/gnutls/-/issues/1277
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Jan 16 07:57:02 2022 +0100
cli: add --list-config option
With this option gnutls-cli prints the build-time configuration of the
library, retrieved through gnutls_get_library_config.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jan 11 07:36:27 2022 +0100
fips: add build option to embed FIPS module info in library config
This adds a couple of configure options, --with-fips140-module-name
and --with-fips140-module-version, which packagers can use to embed
FIPS module information in the library.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jan 11 07:34:59 2022 +0100
global: add API to retrieve library configuration at run time
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Jan 16 12:17:39 2022 +0100
configure.ac: emit feature summary as C macro
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Jan 16 16:19:53 2022 +0100
tests: suppress GCC -fanalyzer warnings
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Jan 16 16:00:10 2022 +0100
.gitignore: ignore more files
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Jan 16 15:59:01 2022 +0100
src: avoid overriding noinst_PROGRAMS
In src, we now have two helper programs: systemkey and dumpcfg.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jan 13 14:30:02 2022 +0100
build: hide maintainer tool invocation behind AM_V_GEN
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Thu Jan 13 14:35:07 2022 +0100
tests: use more aliases in tests for better alias testing coverage
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 7 10:02:32 2022 +0100
.gitlab-ci.yml: run static analyzers on Python files
This runs a couple of code analysis on the Python scripts added to
remove AutoGen dependency.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 7 09:58:11 2022 +0100
.gitlab-ci.yml: bump cache key for python3 detection
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jan 5 08:09:36 2022 +0100
README.md: mention Python as requirement instead of AutoGen
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jan 5 07:39:10 2022 +0100
src: remove AutoGen .def files
As neither the tools nor documentation depends on AutoGen, we don't
need to include the AutoGen definition files.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jan 5 07:24:03 2022 +0100
doc: generate man-pages from JSON
This replaces man-pages generation previously provided by the autogen
-Tagman.tpl command with a Python script (gen-cmd-man.py).
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jan 4 09:06:21 2022 +0100
doc: generate texinfo files from JSON
This replaces texinfo generation previously provided by the autogen
-Tagtexi.tpl command with a Python script (gen-cmd-texi.py).
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 3 11:02:43 2022 +0100
src: remove included copy of libopts
As no tools link with libopts anymore, we don't need to include it in
the distribution.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jan 3 10:30:34 2022 +0100
src: replace autoopts/libopts with minimal config parser
This replaces configuration file parsing code previously provided by
<autoopts/options.h>, with a minimal compatible implementation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Dec 31 18:13:58 2021 +0100
src: generate option handling code from JSON
This replaces AutoGen based command-line parser with a Python
script (gen-getopt.py), which takes JSON description as the input.
The included JSON files were converted one-off using the parse-autogen
program: https://gitlab.com/dueno/parse-autogen.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jan 4 15:18:26 2022 +0100
python: add library for handling JSON-based option description
This adds the jsonopts Python module used by the command-line parser
generator and documentation generators in the following commits. This
also bumps the required Python interpreter version to 3.6.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Jan 13 09:36:52 2022 +0100
pkcs12: use the correct MAC algorithm for GOST key generation
According to the latest TC-26 requirements, the MAC algorithm used for
PBKDF2 should always be HMAC_GOSTR3411_2012_512.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jan 12 08:15:24 2022 +0100
tests: simple: check if the digest algorithm is compiled in
When the library is built with --disable-gost, gnutls_digest_get_id
returns GNUTLS_DIG_UNKNOWN for GOST algorithms.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Jan 11 14:07:56 2022 +0100
x509: fix potential wrong usage of memcpy
Spotted by GCC analyzer:
common.c:552:17: warning: use of NULL 'out.data' where non-null expected [CWE-476] [-Wanalyzer-null-argument]
552 | memcpy(output_data, out.data, (size_t) out.size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Jan 9 08:34:52 2022 +0100
cert-auth: suppress false-positive warnings with GCC analyzer
When compiled with gcc -fanalyzer, it reports:
cert.c: In function '_gnutls_pcert_to_auth_info':
cert.c:85:17: error: dereference of NULL 'info' [CWE-476] [-Werror=analyzer-null-dereference]
85 | if (info->raw_certificate_list != NULL) {
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jan 7 17:48:22 2022 +0100
gnutls_pkcs12_generate_mac: use SHA256 by default
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Dec 20 16:16:23 2021 +0100
.gitlab-ci.yml: reduce PKCS#12 iteration count while testing
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Dec 21 15:02:45 2021 +0100
tests: check algorithms for generating PKCS#12 file
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Dec 26 17:40:42 2021 +0100
cipher-api-test: mention why it is written using fork
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Nov 23 15:23:34 2021 +0100
fips: plumb service indicator to symmetric key crypto operations
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Aug 31 13:29:45 2021 +0200
fips: plumb service indicator to public key crypto operations
This installs service indicator state transitions in certain public
key operations in gnutls_crypto_pk_st, namely:
* fallible operations
- encrypt
- sign
- generate_keys
- derive
* infallible operations
- decrypt, decrypt2
- verify
other operations, such as generate_params, are not considered as
crypto operation. Note that fallible operations above mean that those
return value could indicate error, while infallible operations do not
have distinction between errors and failures: decrypt/verify failures
are treated as a successful completion of the operation.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Dec 21 15:17:55 2021 +0100
_gnutls_pkcs_generate_key: use HMAC-SHA256 for PBKDF2
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Dec 20 16:34:30 2021 +0100
pkcs12: determine iteration count for MAC at build time
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Dec 20 16:13:06 2021 +0100
pkcs7: determine iteration count for PBKDF2 at build time
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Dec 20 15:56:24 2021 +0100
certtool: --to-p12: use modern algorithms by default
Currently certtool uses PKCS12-3DES-SHA1 for encrypting keys in
PKCS#12, while it is suggested to migrate to more modern algorithms,
namely AES-128-CBC with PBKDF2 and SHA-256:
https://bugzilla.redhat.com/show_bug.cgi?id=1759982
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jul 23 10:31:08 2021 +0200
fips: add functions to inspect thread-local FIPS operation state
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Andreas Metzler <ametzler@debian.org>
Date: Thu Jan 6 07:17:01 2022 +0100
Drop unquoted angle brackets in gtk-doc comment.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Andreas Metzler <ametzler@debian.org>
Date: Thu Jan 6 07:15:31 2022 +0100
Fix gtk-doc build, use http URI in sgml master.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Sat Jan 1 21:12:51 2022 +0200
p11tool: add --mark-always-authenticate option
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Sun Jan 2 19:31:33 2022 +0200
doc: updated copyrights for 2022
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Nov 18 19:02:03 2021 +0100
accelerated: fix CPU feature detection for Intel CPUs
This fixes read_cpuid_vals to correctly read the CPUID quadruple, as
well as to set the bit the ustream CRYPTOGAMS uses to identify Intel
CPUs.
Suggested by Rafael Gieschke in:
https://gitlab.com/gnutls/gnutls/-/issues/1282
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Dec 22 17:00:03 2021 +0100
padlock: reset _gnutls_x86_cpuid_s only after padlock check succeeds
Otherwise it clears _gnutls_x86_cpuid_s which may already hold valid
CPUID detected for Intel and AMD CPUs.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Dec 22 09:12:25 2021 +0100
wrap_nettle_hash_fast: avoid calling _update with zero-length input
As Nettle's hash update functions internally call memcpy, providing
zero-length input may cause undefined behavior.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Dec 22 08:22:04 2021 +0100
gnutls_{hash,hmac}_copy: mention the functions do not always work
It is known that some built-in accelerated implementation, such as
AF_ALG, does not support copying hash/hmac contexts. This expands the
documentation to suggest checking the return value of those functions.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Dec 20 17:47:36 2021 +0100
tests: extend system-override-curves-allowlist with key generation
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Dec 20 16:50:59 2021 +0100
tests: tweak system-override-curves-allowlist insignificantly
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Fri Dec 17 18:49:27 2021 +0100
README: document tpm2-tss-engine test dependency
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Thu Dec 16 12:46:38 2021 +0100
use sha384_digest in lib/accelerated/aarch64/sha-aarch64.c sha384
Mirrors https://gitlab.com/gnutls/gnutls/-/merge_requests/1466
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Thu Dec 2 16:35:31 2021 +0100
ktls: flags
ktls enum flags API
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Fri Oct 15 15:00:17 2021 +0200
KTLS: API
ktls is enabled by default, we can check if inicialization was
succesfull with gnutls_transport_is_ktls_enabled
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Dec 9 11:22:14 2021 +0100
.gitignore: ignore tests/x509cert-ct
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Dec 9 11:03:50 2021 +0100
X509 CT: defer filling in the length field
This eliminates the need of precalculating the payload size, to make
it easier to adapt to new format.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Fri Dec 10 13:47:21 2021 +0100
tests: fix out of tree builds with ASAN
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Thu Nov 11 14:05:40 2021 +0100
tests: add protocol-set-allowlist
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Thu Nov 11 14:04:54 2021 +0100
tests: add tcp_connect to utils
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Dec 9 10:48:58 2021 +0100
X509 CT: use size_t for array index instead of unsigned
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Ander Juaristi <a@juaristi.eus>
Date: Fri Nov 26 18:20:44 2021 +0100
Update symbols
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Author: Ander Juaristi <a@juaristi.eus>
Date: Wed Nov 17 19:28:50 2021 +0100
devel: Suppress new API functions
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Author: Ander Juaristi <a@juaristi.eus>
Date: Sat Nov 28 19:04:35 2020 +0100
x509 CT: Add tests
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Author: Ander Juaristi <a@juaristi.eus>
Date: Mon Nov 15 20:03:12 2021 +0100
x509 CT: implement new public API
This commit implements import and export functions for the X.509
Certificate Transparency Signed Certificate Timestamp (SCT) extension
(RFC 6962).
A new constant GNUTLS_X509EXT_OID_CT_SCT is introduced
with the value "1.3.6.1.4.1.11129.2.4.2".
The following new public API functions are introduced:
- gnutls_x509_ext_ct_scts_init
- gnutls_x509_ext_ct_scts_deinit
- gnutls_x509_ext_ct_import_scts
- gnutls_x509_ext_ct_export_scts
- gnutls_x509_ct_sct_get_version
- gnutls_x509_ct_sct_get
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Nov 30 14:33:33 2021 +0100
devel/libgnutls.abignore: ignore drbg_aes_* functions
These functions are only defined when compiled with
--enable-fips140-mode.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 6 12:41:40 2021 +0200
priority: support allowlisting in configuration file
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Nov 27 16:48:51 2021 +0100
CONTRIBUTING.md: clarify how to introduce new API
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Nov 27 16:39:41 2021 +0100
release-steps: "make abi-dump-latest" at release time
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Nov 27 16:36:17 2021 +0100
build: stop running abi-dump-latest at "make files-update"
The procedure of registering ABI updates has changed in
bd3c78b9d10937adb1855b85bca1864972a1c986.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Nov 24 18:44:13 2021 +0100
build: update to use the latest valgrind-tests module from Gnulib
This adjust the existing valgrind invocations in the test suite with:
https://www.gnu.org/software/gnulib/manual/html_node/Valgrind-options.html
- make --suppressions option to per directory, using AM_VALGRINDFLAGS
- use LOG_VALGRIND for LOG_COMPILER
- quote '$(LOG_VALGRIND)' in TESTS_ENVIRONMENT
- move gl_VALGRIND_TESTS_DEFAULT_NO call before gl_INIT
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Evgeny Grin <k2k@narod.ru>
Date: Fri Nov 26 14:08:22 2021 +0300
sockets: fixed compiler warning on Windows x32
Signed-off-by: Evgeny Grin <k2k@narod.ru>
Author: Evgeny Grin <k2k@narod.ru>
Date: Fri Nov 26 13:50:52 2021 +0300
sockets: fixed building for Windows with compilers without VLA support
Signed-off-by: Evgeny Grin <k2k@narod.ru>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 5 16:27:55 2021 +0200
priority: refactor config file parsing
This adds the following refactoring:
- avoid side-effects during parsing the config file, by separating
application phase; the parsed configuration can be applied globally
with cfg_apply, after validation
- make _gnutls_*_mark_{disabled,insecure} take an ID instead of the
name
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Nov 16 18:46:41 2021 +0100
locks: deprecate gnutls_global_set_mutex
As the library now uses static mutexes, rwlocks, and onces, it doesn't
make much sense to only replace dynamic mutex usage.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Nov 14 14:57:15 2021 +0100
locks: use once execution for on-demand initialization of globals
This makes sure that the global variables are initialized only once.
Most of those variables are initialized at ELF constructor, though a
couple of occasions they are initialized on-demand: the global keylog
file pointer and TPM2 TCTI context. To properly protect the
initialization this patch uses gl_once provided by Gnulib.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Nov 14 16:39:29 2021 +0100
locks: rework rwlock primitives
Remove GNUTLS_STATIC_RWLOCK_*LOCK macros and respect return values of
rwlock primitives.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Nov 16 18:20:24 2021 +0100
pkcs11: switch to using static mutex
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Nov 16 18:00:12 2021 +0100
verify-tofu: switch to using static mutex for locking
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Nov 14 14:04:59 2021 +0100
locks: replace custom mutex wrappers with "glthread/lock.h"
As Gnulib provides portability wrappers of mutex implementations, we
don't need to provide similar wrappers by ourselves.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri Mar 22 14:52:10 2019 +0100
Port openconnect TPM2 code
This introduces transparent loading of TPM2 keys which are in PEM
form by gnutls_privkey_import_x509_raw() and higher level functions
which wrap it.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Co-authored-by: David Woodhouse <dwmw2@infradead.org>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Nov 8 19:07:28 2021 +0100
tests: set $abs_top_builddir in more places
`$abs_top_builddir` has been used all across tests' subdirectories
(through tests/scripts/common.sh)
but has only been defined for tests/suite/ ones.
Defining it in other Makefiles where `top_builddir` is being passed.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Oct 30 17:17:47 2021 +0200
priority: rework config reloading logic and locking
The previous reloading logic relied on the existence of [priority]
section (in the initial loading) as an indicator whether the file is
loaded. This didn't work well in the following cases:
- when the section didn't exist initially and then is added later
- when the section existed initially and then is removed later
To handle these cases, this change adds a new flag
system_priority_file_loaded which can be used together with the mtime
check.
This also adds an rwlock to protect global configuration.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Nov 1 16:46:50 2021 +0100
Revert "priority: fix potential race in reloading system-wide config"
This reverts commit 890c6937a3cfb4a0704bc815324221ec4cb89840.
Considering the entire logic around reloading the config file, the fix
was suboptimal.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Oct 28 18:55:26 2021 +0200
priority: fix potential race in reloading system-wide config
_gnutls_update_system_priorities is called from gnutls_priority_set*
functions every time when the SYSTEM keyword is used and updates a
global variable system_wide_priority_strings if the configuration
changes. Although the critical path is protected with mtime check, it
should also hold a lock to avoid occasional race condition in
multi-thread programs. This also clears
system_wide_priority_strings_init upon unloading and before reloading
the config file (thanks to Alexander Sosedkin).
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Thu Oct 21 12:46:56 2021 +0200
.gitlab-ci.yml: add caching to cppcheck
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Oct 26 07:50:16 2021 +0200
devel: update release procedure taking into account of abi-dump
As the *.abi files have been moved into a separate repository, we need
an extra step to update the repository for new release.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Oct 20 17:49:56 2021 +0200
NEWS: add a notice of insecure-hash filtering ciphersuites on PRF
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Oct 20 14:37:07 2021 +0200
tests: add system-override-hash-influences-prf
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Oct 20 14:36:44 2021 +0200
priority: filter out ciphersuites with prf blocked by insecure-hash
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed Oct 20 14:34:58 2021 +0200
priority: refactor ciphersuite filtering
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Fri May 14 15:56:06 2021 +0200
ktls: basic implementation of SW mode
ktls enables us to offload encryption/decryption to the kernel
prerequisites:
- configured with `--enable-ktls`
- tls module `modprobe tls` check with 'lsmod | grep tls'
- per connection:
gnutls_transport_set_int{2} must be set
When prerequisities are met then ktls is used by default.
If GnuTLS encounters a error during KTLS initialization, it will
not use ktls and fallback to userspace.
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Oct 18 16:27:46 2021 +0200
devel: make use of abidw --drop-private-types
This will produce more compact abixml output.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Oct 18 11:49:46 2021 +0200
devel: move .abi files into a separate repository
Changes to the .abi files are a bit too noisy to track in the main
repository. This moves the files out of this repository and embed it
as a git submodule.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Steve Lhomme <robux4@ycbcr.xyz>
Date: Thu Sep 23 09:03:50 2021 +0200
fix mingw64 detection
__MINGW64__ is only defined for 64 bits builds of mingw64 [1].
The intended test what to only use the CertEnumCRLsInStoreFunc via LoadLibrary
for some ancient mingw32 build and never for mingw64.
__MINGW64_VERSION_MAJOR is a proper define to identify mingw64 against mingw32.
[1] https://sourceforge.net/p/predef/wiki/Compilers/
Co-authored-by: Johannes Kauffmann <johanneskauffmann@hotmail.com>
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Sep 17 11:03:25 2021 +0200
wrap_nettle_hash_exists: add missing hash algorithms
This adds SHAKE-128, SHAKE-256, and RIPEMD-160 to the supported
algorithms by nettle. While SHAKEs are not a hash algorithm but an
XOF, it would be consistent to report they are implemented.
The simple test is expanded to exercise the code
path (gnutls_digest_get_id → wrap_nettle_hash_exists).
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Sep 18 07:18:59 2021 +0200
fuzz: explicitly supply LDFLAGS to clang++ command line
This prevented fuzzer programs being linked in Ubuntu 20.03, used in
oss-fuzz.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri Sep 17 16:37:24 2021 -0400
lib/x509: Avoid memcpy when string is empty
This fixes an ASAN warning in fuzz/gnutls_private_key_parser_fuzzer
when run against the malformed private key
fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed Aug 11 17:31:40 2021 -0400
NEWS: added news about certtool handling x448 and x25519
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed Aug 11 15:59:21 2021 -0400
tests: add test for generating x25519 and x448 certificates
These certs should work just fine for the purposes of cryptographic
e-mail (S/MIME).
These usage flags are also used in the end-entity certificates found
in https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 14 17:14:41 2021 -0400
tests: update details about sample X25519 certificate
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 20:14:53 2021 -0400
certtool: add x448 and x25519 for --key-type
This is a simple extension of the certtool command-line interface.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 22:25:41 2021 -0400
certtool: when making X25519 or X448 certs, always use "key agreement"
This is related to #1227 -- but in this case, it's enforcing a
requirement of RFC 8410 §5.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 21:53:47 2021 -0400
x509: handle X25519 and X448 in read_pubkey
_gnutls_x509_read_ecdh_pubkey is basically a clone of
_gnutls_x509_read_eddsa_pubkey. Another form of implementation
would be to collapse these two static functions into a common
function for all "CFRG" curves.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 21:30:53 2021 -0400
nettle: handle X25519 and X448 in pk_fixup
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 20:23:41 2021 -0400
x509: enable importing secret keys for X448 and X25519.
_decode_pkcs8_modern_ecdh_key is virtually the same as
_decode_pkcs8_eddsa_key. Another implementation would be
to collapse these two functions into one, since their structure
is identical.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 19:53:28 2021 -0400
Enable X25519 and X448 everywhere that EdDSA is supported.
These are just trivial extension points where the codepath is the same
for the ECDH scheme as it is for the EdDSA scheme.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 20:14:07 2021 -0400
x509: handle X448 and X25519 in write_pubkey
This uses the same structure as _gnutls_x509_write_eddsa_pubkey.
Another way to write this would be to combine those two functions,
despite X448 and X25519 not being EdDSA at all.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 20:12:15 2021 -0400
pubkey: handle X25519 and X448 in gnutls_pubkey_import_pkcs11
I am not confident in the strings I chose to match on in
ASN1_ETYPE_PRINTABLE_STRING, in that I do not know what registry
I should look this up in.
The *parse_ecc_ecdh_params and *import_ecc_ecdh functions are tweaked
analogs to the eddsa versions of those functions.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 19:48:10 2021 -0400
nettle: extend pk_verify_priv_params to handle X25519 and X448
This is basically a copy of the EdDSA case in the switch statement.
Another way to implement it would be to augment the EdDSA case (and
the functions it uses) to have that case also handle ECDH use of the
CFRG curves.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 19:36:14 2021 -0400
lib/pk: treat modern ECDH octet streams the same way as eddsa streams.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 7 19:34:59 2021 -0400
lib/algorithms: add modern ecdh functions comparable to curve_is_eddsa
This is useful for the so-called CFRG curves used in ECDH, x25519 and x448.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu May 6 14:10:46 2021 -0400
algorithms: Explicitly name ECDH_X448_OID and ECDH_X25519_OID
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Sep 10 17:08:52 2021 +0200
.gitlab-ci.yml: new ASan job with -DAGGRESSIVE_REALLOC
This would exercise the same logic currently covered with
fedora-valgrind-aggressive in each MR.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Sep 9 18:36:46 2021 +0200
fuzz: allow multiple definitions of gnutls_rnd in oss-fuzz
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Sep 9 09:46:04 2021 +0200
build: remove tautological if conditions
Spotted by LGTM.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Sep 9 09:38:21 2021 +0200
ext/{client,server}_cert_type: use proper types for integers
Spotted by LGTM.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Sep 6 15:51:41 2021 +0200
tests: use PYTHONPATH instead of creating symlinks in srcdir
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Sep 7 17:56:02 2021 +0200
tls-fuzzer: update submodules to the latest
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed Sep 1 15:48:27 2021 +0200
fix SSSE3 SHA384 to work more than once
The output function called sha512_digest() instead of sha384_digest(),
which caused the hash context to be reinitialized for SHA512 instead of
SHA384 and all following digests using the hash handle were wrong.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Sep 4 10:38:23 2021 +0200
testcompat-openssl-tls13-cli.sh: disable early data testing
This test is causing intermittent failure quite often in the CI.
Let's temporarily disable it until the cause is properly investigated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Sep 5 18:48:09 2021 +0200
testcompat-openssl-tls13-cli.sh: use different tmpdirs for sub-tests
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Sep 5 17:28:43 2021 +0200
tests: rework port locking
This makes the locking logic per port, not per entire make process.
It also makes use of absolute paths for locking directory, so that
tlsfuzzer tests can use it.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Aug 30 19:26:49 2021 +0200
tests/tls13/post-handshake-with-cert: avoid a race condition
A server tries to close connection and kill the client after reauth.
Client, in turn, attempts to send data in some cases.
This patch makes the server wait for the client to terminate first.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Aug 30 19:38:03 2021 +0200
tests: remove unused `terminate` from 2 tests
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Fri Aug 27 17:10:37 2021 +0200
tests: add a safeguard to terminate()
Add a safeguard to `terminate()` so that we don't kill whole pgroups.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Fri Aug 27 17:02:51 2021 +0200
tests: don't kill whole pgroups
`terminate()` executed from the child process results in a `kill(0, SIGTERM)`,
bringing the whole pgroup down. `exit(1)` should be called instead.
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Nick Child <nick.child@ibm.com>
Date: Wed Aug 25 15:13:07 2021 -0400
INSTALL.md: Update documentation on building static library [skip ci]
As of commit a88eb79d88c53531c49d7cedfce2207f36ac8a9d, building a
static archive (libgnutls.a) is off by default. This commit updates the
documentation for building a static library in INSTALL.md .
Signed-off-by: Nick Child <nick.child@ibm.com>
Author: Simon South <simon@simonsouth.net>
Date: Sun Aug 22 08:41:36 2021 +0200
guile: Add 'GNUTLS_DIG_SHA256' enum value.
* guile/modules/gnutls/build/enums.scm (%digest-enum): Add 'sha256'.
* guile/modules/gnutls.in: Export 'digest/sha256'.
* guile/tests/x509-certificates.scm: Test 'digest/sha256' with
'x509-certificate-fingerprint'.
(%sha256-fingerprint): New constant.
Signed-off-by: Simon South <simon@simonsouth.net>
Author: Simon South <simon@simonsouth.net>
Date: Sun Aug 22 08:40:14 2021 +0200
guile: Add binding for 'gnutls_x509_crt_get_fingerprint'.
* guile/src/core.c (MAX_HASH_SIZE): New constant.
(scm_gnutls_x509_certificate_fingerprint): New function.
* guile/modules/gnutls.in: Export 'x509-certificate-fingerprint'.
* guile/tests/x509-certificates.scm: Test 'x509-certificate-fingerprint'.
(%sha1-fingerprint): New constant.
(u8vector->hex-string): New procedure.
Signed-off-by: Simon South <simon@simonsouth.net>
Author: Craig Gallek <cgallek@gmail.com>
Date: Wed Aug 11 12:54:37 2021 -0400
x509: pin/password callback support for openssl encrypted private keys
This attempts to use the registered pin callback when the password for
an encrypted openssl private key is not supplied. This matches the
functionality for PKCS8 sealed keys above and is similar to what openssl
does in this situation.
Signed-off-by: Craig Gallek <cgallek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat Aug 7 09:16:50 2021 +0200
mem: instrument with ASan memory poisoning as well as valgrind
This makes it possible to catch undefined memory access in the more
lightweight CI runs.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Aug 2 18:32:28 2021 +0200
pk: add flags to force RSA-PSS salt length to match digest length
This adds a couple of flags to RSA-PSS signing and verification, to
enforce that the salt length matches the digest length. That is not
only recommended in RFC 4055, but also mandated in RFC 8446 in the TLS
1.3 context.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jul 21 10:34:23 2021 +0200
fips: allow more RSA modulus sizes
Previously, we restricted RSA modulus size to be either 2048 or 3072
bits in FIPS mode, following FIPS 186-4. On the other hand, FIPS
140-2 IG A.14 and FIPS 140-3 IG C.F updates it to allow arbitrary
modulus sizes equal to or larger than 2048 bits under certain
conditions.
This change reflects the guidance, though it only allows known sizes
due to the complexity of calculating the approximate security strength
using the formula in FIPS 140-2 IG 7.5.
Suggested-by: Stephan Mueller
Reviewed-by: Stephan Mueller
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Aug 3 14:17:41 2021 +0200
tests: tls13/key_share: rewrite as single process
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Aug 4 06:45:30 2021 +0200
.gitlab-ci.yml: cppcheck: disable style checks
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Aug 3 11:44:52 2021 +0200
devel: suppress cppcheck 2.5 false-positives
This fixes errors and warnings as well as some style issues spotted by
cppcheck 2.5. Others are recorded in the suppressions file.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Fiona Klute <fiona.klute@gmx.de>
Date: Tue Jul 13 23:53:12 2021 +0200
gnutls_ocsp_resp_verify: Check key purpose if signer not on trust list
According to [1] the id-kp-OCSPSigning key purpose is only needed for
delegated signers, not signers explicitly set as trusted. The previous
code would reject a signature directly from a CA on the trust list
(without delegation) because the CA certificate didn't contain the
id-kp-OCSPSigning key purpose.
The tests included in this commit check:
1. Is a signature directly from a CA on the trust list accepted?
2. Is a signature from a delegated signer issued by a CA on the trust
list accepted?
3. Is a signature from a certificate without id-kp-OCSPSigning issued
by a CA on the trust list rejected?
Note that the CA in these tests is also the one that issued the
certificate the OCSP response is for, but the code (current and
previous) doesn't enforce this.
[1] https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Jun 28 07:04:55 2021 +0200
tests: set SH_LOG_COMPILER so sh tests run under $(SHELL)
This omits the need of setting executable bits on shell script tests.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jun 25 08:39:12 2021 +0200
key_share: treat X25519 and X448 as same PK type when advertising
Previously, if both X25519 and X448 groups were enabled in the
priority string, the client sent both algorithms in a key_share
extension, while it was only capable of handling one algorithm from
the same (Edwards curve) category. This adds an extra check so the
client should send either X25519 or X448.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Tue Jun 22 14:12:09 2021 -0500
Fix gnutls_certificate_set_trust_list() return value documentation
This function is documented to return an error code, but in fact it has
no return value and never fails. Fix this.
Signed-off-by: Michael Catanzaro <mcatanzaro@redhat.com>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Sat Apr 24 22:02:14 2021 +0200
guile: Writes to record ports handle EAGAIN/EINTR transparently.
Reported at <https://issues.guix.gnu.org/47867>
by Florian Pelz <pelzflorian@pelzflorian.de>.
This is a followup to a229bb36c9592b151f6feb277238c41ab39f40a9.
* guile/src/core.c (write_to_session_record_port) [USING_GUILE_BEFORE_2_2]:
Keep looping upon GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED.
(write_to_session_record_port) [!USING_GUILE_BEFORE_2_2]: Loop on
GNUTLS_E_INTERRUPTED and return -1 on GNUTLS_E_AGAIN if C_SESSION is
backed by a file descriptor.
* NEWS: Update.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Jun 11 06:58:43 2021 +0200
priority: reflect system wide config when constructing sigalgs
Otherwise the client would advertise signature algorithms which it
cannot use and cause handshake to fail.
Reported by Philip Schaten in:
https://lists.gnupg.org/pipermail/gnutls-help/2021-June/004711.html
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Jun 9 14:29:11 2021 +0200
p11tool: mention how CKA_IDs of certs are calculated upon --write
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat May 29 07:18:17 2021 +0200
Release 3.7.2
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat May 29 07:09:07 2021 +0200
release-steps: remove unnecessary steps
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat May 29 06:56:57 2021 +0200
AUTHORS: take into account of Co-authored-by:
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat May 29 06:52:42 2021 +0200
.mailmap: update
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue May 18 16:32:55 2021 -0400
certtool: order DN components by scale.
DN components are expected to be ordered by scale, with the wire format
representing larger-scale components (like country or organization) before
smaller-scale components (like state or organizationalUnit).
The bulk of the changes here of course are changes to the target
certificates in the test suite.
Note that a change was necessary in tests/cert-tests/crq.sh because it
tests the "interactive" mode of certtool. If any user is scripting
certtool in this way, this change will cause a backwards-incompatible
break. However, I think this is OK -- the supported scripted/batch
mode for certtool should use a template file, and I don't think it's
important to maintain a strict api on the interactive mode.
The main change here is to order the DN from least-specific-to-most,
in particular:
country, state, locality, org, orgunit, cn, uid
But I've also made an additional arbitrary choice, which is that DC
(domain component) comes *after* uid. This was already the case in
certificate generation, but in *request* generation, it was the other
way around. I've changed request generation to match this ordering
from certificate generation.
Closes: #1243
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 27 10:00:22 2021 +0200
build: fix interface version dependencies in libgnutls.map
Previously, the predecessor of GNUTLS_3_7_0 was mistakenly set to
GNUTLS_3_4 instead of GNUTLS_3_6_14. This fix shouldn't have any
impact on ABI, given the dynamic loader doesn't take into account of
ordering of versions. See also the first paragraph on:
https://www.akkadia.org/drepper/dsohowto.pdf#page=38
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 27 09:34:50 2021 +0200
build: require libkcapi 1.3.0 or later if --enable-afalg
The libkcapi 1.3.0 brings a couple of changes needed for GnuTLS:
* fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged
* fix: ensure that sendmsg is always used as fallback when vmsplice cannot be used
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri May 28 17:05:56 2021 +0200
tlsfuzzer: update git submodules
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri May 28 08:51:27 2021 +0200
nettle: update git submodule to 3.7.2 release
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri May 28 08:50:19 2021 +0200
gnulib: update git submodule
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 27 08:10:30 2021 +0200
devel: update libtasn1 submodule
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Leonardo Bras <leobras.c@gmail.com>
Date: Fri May 21 03:40:03 2021 -0300
guile: Fix implicit conversion warning
When building, the following warning may be printing:
CC guile_gnutls_v_2_la-utils.lo
core.c: In function 'scm_gnutls_set_server_session_certificate_request_x':
core.c:545:13: warning: implicit conversion from 'gnutls_certificate_request_t' to 'gnutls_certificate_status_t' [-Wenum-conversion]
545 | c_request = scm_to_gnutls_certificate_request (request, 2, FUNC_NAME);
| ^
core.c:547:53: warning: implicit conversion from 'gnutls_certificate_status_t' to 'gnutls_certificate_request_t' [-Wenum-conversion]
547 | gnutls_certificate_server_set_request (c_session, c_request);
|
Fix this warning by changing c_request type to gnutls_certificate_request_t.
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Author: Leonardo Bras <leobras.c@gmail.com>
Date: Fri May 21 03:11:29 2021 -0300
ASN1 : Remove warnings related to old libtasn1 namings
While compiling gnutls, some warnings related to deprecated names can be
printed, such as:
./../x509/x509_int.h:392:13: warning: 'ASN1_TYPE' macro is deprecated, use 'asn1_node' instead.
392 | int _gnutls_x509_write_key_int_le(ASN1_TYPE node, const char *value,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To avoid that, rename types as show in devel/libtasn1/NEWS (release 3.1):
ASN1_DATA_NODE -> asn1_data_node_st
ASN1_ARRAY_TYPE -> asn1_static_node (was asn1_static_node_t)
ASN1_TYPE -> asn1_node
ASN1_TYPE_EMPTY -> NULL
static_struct_asn -> asn1_static_node_st
node_asn_struct -> asn1_node_st
node_asn -> asn1_node_st
Signed-off-by: Leonardo Bras <leobras.c@gmail.com>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon May 17 13:33:28 2021 -0400
git: Do not ignore certtool templates.
This effectively reverts part of
dc85966364994006f9337e4749d1487e4b8e16a1 in order to ensure that
tests/cert-tests/templates/*.tmpl are not ignored by git.
Closes: #1242
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon May 17 13:20:26 2021 -0400
tests/cert-tests: test a policy without any policyQualifiers.
Ensure that a policy without policyQualifiers gets created with an
omitted sequence of qualifiers, rather than an empty sequence of
qualifiers.
We use NIST's test policy OID for this test.
This tests the fix for #1238.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri May 14 17:57:54 2021 -0400
x509: Omit empty sequences of policyQualifiers.
When a certificate has a policy attached but no policyQualifiers,
`certtool` should omit the policyQualifiers sequence entirely, rather
than emitting an empty sequence.
Closes: #1238
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri May 14 15:59:37 2021 +0200
cert auth: filter out unsupported cert types from TLS 1.2 CR
When the server is advertising signature algorithms in TLS 1.2
CertificateRequest, it shouldn't send certificate_types not backed by
any of those algorithms.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon May 17 07:58:43 2021 +0200
pre_shared_key: limit 0-RTT to resumption connections
While RFC 8446 allows 0-RTT data in a non-resumption connection
established with external PSK, it requires a mechanism to associate
encryption parameters with PSK. Until we provide a new API for that,
let's limit the 0-RTT use to resumption connections only.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed May 12 20:49:20 2021 -0400
x509: Write keyUsage extension with minimal BIT STRING
Avoid embedding trailing cleared bits in the BIT STRING for the
keyUsage extension.
The overwhelming majority of this changeset is correcting the
artifacts in the test suite, most of which had keyUsage with a
non-minimal encoding. The only functional code change is in
lib/x509/x509_ext.c.
Closes: #1236
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri May 14 08:48:24 2021 +0200
.gitlab-ci.yml: add bootstrap stage
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri May 14 08:26:37 2021 +0200
serv: stop setting AI_ADDRCONFIG on getaddrinfo
AI_ADDRCONFIG is only useful when the NODE argument is given in the
getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas
Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 13 15:03:10 2021 +0200
configure.ac: specify -ladvapi32 in mingw builds
This library needs to be linked for CryptAcquireContextW, used in
lib/system/keys-win.c. Suggested by Tim Kosse in:
https://gitlab.com/gnutls/gnutls/-/issues/1232
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 09:50:22 2021 +0200
tests: don't install crypt32.dll and ncrypt.dll replacement
Reported by Tim Kosse in:
https://gitlab.com/gnutls/gnutls/-/issues/1232
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 18:44:28 2021 +0200
gnutls_early_{cipher,prf_hash}_get: new functions
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 11:50:00 2021 +0200
tests: rework tls13-early-data to check key scheduling
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 18:25:55 2021 +0200
tests: tls13-early-data: use TLS_CHACHA20_POLY1305_SHA256
When resuming in TLS 1.3, the negotiated PRF hash must match the one
used in the initial handshake.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 18:09:01 2021 +0200
tests: remove shell-script wrapper for tls13/prf-early
The wrapper (tls13/prf-early.sh) was merely for running
tls13/prf-early under datefudge. The same thing can now be done with
virt_time_init_at.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 17:56:37 2021 +0200
tests: virt-time: add virt_time_init_at
This allows the tests to set the current time to arbitrary point,
instead of the current time; useful for the tests checking the traces
such as tls13/prf-early.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 08:35:02 2021 +0200
gnutls_init: add flag to omit EndOfEarlyData messages
The message is prohibited in QUIC:
https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.3
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 08:26:46 2021 +0200
gnutls_init: redefine GNUTLS_ENABLE_EARLY_DATA flag for client
The flag was only for the server, but it turned out to be useful for
client to explicitly indicate early data, when 0-RTT is handled
out-of-band as in QUIC.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 29 08:23:15 2021 +0200
state: call secret_func on early write key change as well
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 13 08:38:20 2021 +0200
.gitlab-ci.yml: doc-dist.Fedora: invoke "texconfig rehash"
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 13 08:01:27 2021 +0200
systemkey: remove unused --inder and --infile options
While those options have no effect, the command previously tried to
open a file for reading and leaked file descriptor.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 12 16:55:37 2021 +0200
keylog: suppress -Wanalyzer-file-leak warnings
This workarounds the following warnings with gcc analyzer:
kx.c:156:69: error: leak of FILE '<unknown>' [CWE-775] [-Werror=analyzer-file-leak]
156 | _gnutls_bin2hex(session->security_parameters.
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
157 | client_random, GNUTLS_RANDOM_SIZE,
| ~~~~~~~~~~~~~
This should be harmless because the keylog file pointer is closed in
the ELF destructor.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 12 14:46:56 2021 +0200
.gitlab-ci.yml: update build images to Fedora 34 and Alpine 3.13
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed May 12 14:44:37 2021 +0200
devel: regenerate abidw dump files
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 15:29:03 2021 +0200
.gitlab-ci.yml: bump cache version
This should fix the nettle_streebog512_update detection.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 14:25:38 2021 +0200
srptool: add missing fclose on error path
Spotted by gcc analyzer:
srptool.c:113:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak]
113 | return -1;
| ^
also:
srptool.c:560:32: warning: leak of FILE 'fp' [CWE-775] [-Wanalyzer-file-leak]
560 | return -1;
| ^
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu May 13 08:40:59 2021 +0200
tests: _check_wait_status: use only async-thread-safe function
As this function shall be called in a signal handler, it shouldn't use
'exit' as it's not async-thread-safe.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 14:23:45 2021 +0200
gnutls-serv: use only async-signal-safe functions in signal handler
Spotted by gcc analyzer:
serv.c:1138:9: warning: call to 'exit' from within signal handler [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
1138 | exit(1);
| ^~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 14:13:45 2021 +0200
certtool: tighten allocation check
Spotted by gcc analyzer:
certtool-cfg.c:856:24: warning: use of possibly-NULL 'copy' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
856 | while (strcmp(pass, copy) != 0
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 14:08:33 2021 +0200
psktool: tighten allocation check
Spotted by gcc analyzer:
psk.c:275:21: warning: use of possibly-NULL '_username.data' where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
275 | if (strncmp(p, (const char *) _username.data,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 13:16:51 2021 +0200
.gitignore: ignore more files
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 11:08:59 2021 +0200
_tls13_{derive,expand}_secret2: fix array parameter mismatch
This suppresses the warning with -Warray-parameter
secrets.c:85:40: warning: argument 6 of type 'const uint8_t[64]' {aka 'const unsigned char[64]'} with mismatched bound [-Warray-parameter=]
85 | const uint8_t secret[MAX_HASH_SIZE],
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
In file included from secrets.c:28:
secrets.h:43:41: note: previously declared as 'const uint8_t[32]' {aka 'const unsigned char[32]'}
43 | const uint8_t secret[MAX_CIPHER_KEY_SIZE],
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue May 11 11:04:54 2021 +0200
_gnutls_retrieve_pin: remove array declarator in function argument
This was originally to eliminate the warnings with -Warray-parameter:
pin.c:70:27: warning: argument 5 of type 'char[256]' with mismatched bound [-Warray-parameter=]
70 | char pin[GNUTLS_PKCS11_MAX_PIN_LEN], unsigned pin_size)
| ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from pin.c:23:
./pin.h:9:48: note: previously declared as 'char *'
9 | unsigned pin_flags, char *pin, unsigned pin_size);
| ~~~~~~^~~
though it turned out to be unnecessary because the function merely
delegate the call to the user-supplied callbacks.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed May 5 18:05:29 2021 -0400
spelling: The possessive pronoun "its" has no apostrophe.
"it's" is for contractions like "it is" or "it has". "its" is a
possessive pronoun, like "his" or "hers" or "theirs", none of which
have an apostrophe in them either.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue May 4 15:08:08 2021 -0400
certtool: Align warning about --provable with actual code
If I try to generate an ed25519 key, it is *not* an ECDSA key. But I
see this warning:
0 dkg@host:~$ certtool --generate-privkey --provable --key-type ed25519
Generating a 256 bit EdDSA (Ed25519) private key ...
The --provable parameter cannot be used with ECDSA keys.
1 dkg@host:~$
Looking at the code and documentation, it's clear that --provable only
works for RSA and DSA. This fix aligns the warning message with the
underlying mechanism.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon May 3 16:35:43 2021 +0200
x509/verify: treat SHA-1 signed CA in the trusted set differently
Suppose there is a certificate chain ending with an intermediate CA:
EE → ICA1 → ICA2. If the system trust store contains a root CA
generated with the same key as ICA2 but signed with a prohibited
algorithm, such as SHA-1, the library previously reported a
verification failure, though the situation is not uncommon during a
transition period of root CA.
This changes the library behavior such that the check on signature
algorithm will be skipped when examining the trusted root CA.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon May 3 17:27:56 2021 +0200
global: rename GNUTLS_NO_EXPLICIT_INIT to GNUTLS_NO_IMPLICIT_INIT
The old envvar still has effect but has been marked as deprecated.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon May 3 14:19:22 2021 +0200
certtool: fix parsing of --verify-profile option
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Ruslan N. Marchenko <me@ruff.mobi>
Date: Sun May 2 23:29:39 2021 +0200
Add tests for call gnutls_session_channel_binding
Add test unit which executes positive and negative test scenarios
using standard gnutls testing framework.
Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>
Author: Ruslan N. Marchenko <me@ruff.mobi>
Date: Sat May 1 23:05:54 2021 +0200
Add tls-server-end-point tls channel binding implementation.
Add server-end-point tls channel binding into gnutls_session_channel_binding
method. The implementation extracts session's certificate, its signature
algorithm, and calculates digest of the extracted certificate using
the function based on extracted algorithm, as per RFC5929.
Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>
Author: Ruslan N. Marchenko <me@ruff.mobi>
Date: Sat May 1 10:16:37 2021 +0200
Restructure gnutls_session_channel_binding and add tls-exporter
The restructure removes explicit pre-check for supported binding
type(s) and instead relies now on catch-all return which returns
UNIMPLEMENTED_FEATURE if no type was handled. In addition to that
it returns UNIMPLEMENTED_FEATURE for tls-unique request on TLSv1.3
session, since that is not supposed to work hence requires explicit
error. Finally new binding type tls-exporter implementation is
added.
Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>
Author: Ruslan N. Marchenko <me@ruff.mobi>
Date: Sat May 1 10:22:14 2021 +0200
Introduce new tls channel binding types into gnutls_channel_binding_t
This commit adds two new tls channel binding types into enum
gnutls_channel_binding_t:
* tls-server-end-point
* tls-exporter
Signed-off-by: Ruslan N. Marchenko <me@ruff.mobi>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Apr 28 11:04:20 2021 +0200
certtool: don't copy CRL distribution point from CA cert
Suggested by Thomas Karlsson in:
https://gitlab.com/gnutls/gnutls/-/issues/1126
While this changes the default behavior, CDP can always be set through
the template or interactive input.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Apr 25 17:04:46 2021 +0200
gnutls_x509_crt_get_dn: clarify null-termination of the output
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Apr 25 10:48:09 2021 +0200
build: do not install .hmac files
It turned out that distro package building process might perform
post-processing (e.g., strip) of the shared libraries after install,
and that may cause inconsistency with the installed .hmac files.
Let's not try too hard on this but defer the final hmac calculation to
distributions. It is still useful to keep our own fipshmac as it
makes it easier to run FIPS tests.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Apr 25 06:51:20 2021 +0200
tests: fix test script file name in distribution
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Apr 25 06:50:03 2021 +0200
.gitignore: ignore ctags, etags, and GNU global files
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 15:36:37 2021 +0200
handshake: fix timing of sending early data
Previously, the client was sending early data after receiving a Server
Hello message, which not only negates the benefit of 0-RTT, but also
was a logic error as it can only be decrypted by the server when the
initial handshake and the resuming handshake agree on the same
ciphersuites. This fixes that behavior in the following ways:
- extend the session data format to include the selected ciphersuites,
even in TLS 1.3
- setup the epoch for early data, right before the client sending
early data (also right after the server deciding to accept early
data).
- extend the test case to use different ciphersuites in the initial
and resuming handshakes
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Fri Apr 23 09:44:20 2021 +0200
guile: Tests show their PID upon uncaught exceptions.
* guile/modules/gnutls/build/tests.scm (run-test): Display the PID when
throwing an exception.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Fri Feb 5 12:28:35 2021 +0100
guile: Avoid the deprecated 'scm_t_uint8' type.
* guile/src/core.c: Use 'uint8_t' instead of 'scm_t_uint8', which is
deprecated in Guile 3.0.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Tue Dec 22 10:30:43 2020 +0100
guile: Avoid potentially missed reference.
There's one case where 'register_weak_reference' is called several times
on the same object, in 'set-certificate-credentials-x509-keys!', where
PRIVKEY could have been GC'd before CRED.
* guile/src/core.c (register_weak_reference): Add TO to the weak
references of FROM instead of overriding them.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 10:28:03 2021 +0200
afalg: use pkg-config to detect libkcapi
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 10:03:47 2021 +0200
afalg: support AES-XTS algorithms
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 09:56:40 2021 +0200
afalg: cleanup header inclusion
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Ludovic Courtès <ludo@gnu.org>
Date: Mon Dec 21 18:22:14 2020 +0100
guile: Remove leftover comment about allocation routines.
This is a followup to 872409857351f28b1e3c21526bfa6606c918b176.
* guile/src/core.c (scm_init_gnutls): Remove leftover comment.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 09:50:16 2021 +0200
afalg: remove unnecessary initialization
That would make it easier to spot any uninitialized memory access with
valgrind.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 09:45:51 2021 +0200
afalg: assert IV size returned from the kernel is in the range
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 23 09:42:03 2021 +0200
NEWS: mention AF_ALG support
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Apr 14 17:27:43 2021 +0200
crypto-selftests: tolerate errors of gnutls_{hash,hmac}_copy
Some hardware accelerated implementations, such as afalg, cannot
support the copy operation. This patch turns it a soft-error, as the
code below is already checking if the copy is non-NULL, before
performing any operation on it.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Thu Apr 22 16:42:01 2021 +0200
handshake: don't regenerate legacy_session_id in second CH after HRR
According to RFC 8446 4.1.2, the client must send the same Client
Hello after Hello Retry Request, except for the certain extensions,
and thus legacy_session_id must be preserved.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Apr 14 16:50:28 2021 +0200
_gnutls_cipher_init: fallback if setiv is not implemented for AEAD
The _gnutls_cipher_init function currently assumes that all the cipher
implementations have .setiv method. This is not the case for
AEAD-only implementations such as afalg.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Stephan Mueller <smueller@chronox.de>
Date: Sat Oct 14 20:46:09 2017 +0200
Add AF_ALG acceleration
The patch set adds the backend implementation to use the Linux kernel
crypto API via the AF_ALG interface. The GnuTLS AF_ALG extension uses
libkcapi [1] as the backend library which implements the actual kernel
communication.
[1] http://www.chronox.de/libkcapi.html
The symmetric cipher support, the hashing and the MAC support are
validated to work correctly using NIST CAVS test vectors.
The AEAD cipher support was tested by connecting to a remote host using
gnutls-cli (the following log strips out unrelated information):
Processed 143 CA certificate(s).
...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
...
- Description: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA512)-(AES-256-GCM)
- Session ID: 9E:5E:FC:09:2A:4E:2A:3D:22:44:68:42:C3:F6:2D:AB:F9:67:08:CE:6D:EE:E4:A2:EF:80:43:FE:3B:D9:1E:FE
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP384R1
- Curve size: 384 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA512
- Cipher: AES-256-GCM
- MAC: AEAD
- Options: extended master secret, safe renegotiation,
- Handshake was completed
- Simple Client Mode:
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Hedgehog5040 <krenzelok.frantisek@gmail.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Fri Apr 16 13:56:40 2021 +0200
priority: add option to disable TLS 1.3 middlebox compatibility mode
This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3
compatibility mode at run-time.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Tue Mar 30 13:39:46 2021 +0200
_gnutls_calloc: remove unused function
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 29 14:09:51 2021 +0200
keys-win: free certificate context in gnutls_system_key_iter_deinit
Suggested by Bjørn Christensen in:
https://gitlab.com/gnutls/gnutls/-/issues/1197
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 29 11:06:37 2021 +0200
build: avoid integer overflow in additions
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Feb 21 08:43:26 2021 +0100
build: avoid potential integer overflow in array allocation
This relies on _gnutls_reallocarray for all occasions of array
allocations, so that they can benefit from the built-in overflow
checks.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 29 13:08:23 2021 +0200
pkcs11x: find_ext_cb: fix error propagation
Use explicit error value, as rv is not set in this code path.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Feb 21 08:42:23 2021 +0100
mem: add _gnutls_reallocarray and _gnutls_reallocarray_fast
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sun Feb 21 08:34:13 2021 +0100
bootstrap: pull in 'xalloc-oversized' module from Gnulib
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Andreas Metzler <ametzler@debian.org>
Date: Sat Mar 20 13:52:25 2021 +0100
build: doc: install missing image file gnutls-crypto-layers.png
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 15 11:03:44 2021 +0100
examples: avoid memory leak in ex-verify
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 15 11:03:22 2021 +0100
examples: avoid memory leak in tlsproxy
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 15 10:56:46 2021 +0100
src: avoid file descriptor leak in socket_open2
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 15 10:48:49 2021 +0100
gnutls-cli-debug: avoid resource leak in saving DHE params
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 15 10:47:50 2021 +0100
srptool: avoid FILE pointer leak on error
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 15 09:55:20 2021 +0100
gnulib: update git submodule
This brings in the fix for parse-datetime test failures on NetBSD:
https://lists.gnu.org/archive/html/bug-gnulib/2021-03/msg00069.html
https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=35f8ff2e1162bf3ee60d99b6812f2ae10f3f2898
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Mar 10 16:12:23 2021 +0100
str: suppress -Wunused-function if AGGRESSIVE_REALLOC is defined
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Mar 10 16:11:29 2021 +0100
_gnutls_buffer_resize: account for unused area if AGGRESSIVE_REALLOC
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Author: Daiki Ueno <ueno@gnu.org>
Date: Wed Mar 10 05:06:13 2021 +0100
 
......@@ -59,6 +4260,34 @@ Date: Tue Mar 9 13:07:26 2021 +0100
Signed-off-by: Daiki Ueno <ueno@gnu.org>
 
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Mar 8 14:56:32 2021 +0100
lib/nettle: get rid of _rnd_system_entropy_check
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon Mar 8 11:54:16 2021 +0100
lib/global: don't call now-noop _gnutls_rnd_check
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Alexander Sosedkin <asosedkin@redhat.com>
Date: Thu Mar 4 10:54:44 2021 +0100
sysrng-linux: re-open /dev/urandom every time
Prompted by the following comment of Daiki Ueno:
> I also wonder why we keep the fd open for such a long time in the first
> place. Both OpenSSL and NSS have a similar fallback to /dev/urandom
> if getrandom is not available, but opens the device in one-shot,
> when reseeding is needed (and that's pretty rare).
https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_521749519
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Author: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Date: Fri Mar 5 12:31:45 2021 +0100
 
......@@ -2348,7 +6577,7 @@ Date: Fri Jun 5 16:26:33 2020 +0200
Signed-off-by: Daiki Ueno <ueno@gnu.org>
 
Author: KrenzelokFrantisek <krenzelok.frantisek@gmail.com>
Author: František Krenželok <krenzelok.frantisek@gmail.com>
Date: Thu Jun 4 16:59:33 2020 +0200
 
tests: updated tlsfuzzer tests to latest version
......@@ -2487,6 +6716,17 @@ Date: Sun May 31 12:39:14 2020 +0200
Signed-off-by: Daiki Ueno <ueno@gnu.org>
 
Author: Daiki Ueno <ueno@gnu.org>
Date: Mon Mar 16 17:16:08 2020 +0100
devel: provide external git diff driver for *.abi files [ci skip]
This adds an external diff driver for *.abi files, that shows only
interesting changes in those files. This would be useful when adding
a new API.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Author: Daiki Ueno <ueno@gnu.org>
Date: Sat May 30 11:06:57 2020 +0200
 
......@@ -8336,7 +12576,7 @@ Date: Sun Apr 14 16:53:52 2019 +0200
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
 
Author: Andreas Metzler <gitlab@bebt.de>
Author: Andreas Metzler <ametzler@debian.org>
Date: Sun Apr 14 15:25:31 2019 +0000
 
Fix link error with gcc-9
......@@ -5,7 +5,7 @@
# It is necessary if you want to build targets usually of interest
# only to the maintainer.
# Copyright (C) 2001, 2003, 2006-2020 Free Software Foundation, Inc.
# Copyright (C) 2001, 2003, 2006-2021 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......
......@@ -31,9 +31,10 @@ by running './configure --help'.
sudo make install
```
The commands above build and install the static archive (libgnutls.a),
the shared object (libgnutls.so), and additional binaries such as certtool
and gnutls-cli.
The commands above build and install the shared object (libgnutls.so),
and additional binaries such as certtool and gnutls-cli. To build the
static archive (libgnutls.a), add --enable-static to the `./configure`
command.
The library depends on libnettle and gmplib.
* gmplib: for big number arithmetic, https://gmplib.org/
......
......@@ -57,18 +57,20 @@ if ENABLE_DOC
SUBDIRS += doc
endif
ACLOCAL_AMFLAGS = -I m4 -I src/libopts/m4 -I src/gl/m4 -I lib/unistring/m4 --install
ACLOCAL_AMFLAGS = -I m4 -I src/gl/m4 -I lib/unistring/m4 --install
EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \
ChangeLog THANKS INSTALL.md RELEASES.md
ChangeLog THANKS INSTALL.md RELEASES.md .mailmap
DISTCLEANFILES = AUTHORS
AUTHORS:
@echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS
@git shortlog -sen| cut -f 2 | sed 's/@/ at /g' >> AUTHORS
@echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS
@sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS
AUTHORS: Makefile.am .mailmap
$(AM_V_GEN) { \
echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n"; \
git shortlog -sen --no-merges --group author --group trailer:co-authored-by | cut -f 2 | sed 's/@/ at /g'; \
echo -e "\n\nThe translators list is autogenerated from po file history\n"; \
sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u; \
} > $@-t && mv $@-t $@
pic-check:
@echo "Checking for position dependent code"
......@@ -77,18 +79,18 @@ pic-check:
false; \
fi
ABIDW_COMMON = --no-show-locs --no-corpus-path
ABIDW_COMMON = --drop-private-types --no-show-locs --no-corpus-path
ABIGNORE_FILE = "$(top_srcdir)/devel/libgnutls.abignore"
SYMBOLS_LAST_FILE = "$(top_srcdir)/devel/symbols.last"
LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/libgnutls-latest-$$(uname -m).abi"
LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/libdane-latest-$$(uname -m).abi"
LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/abi-dump/libgnutls-latest-$$(uname -m).abi"
LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/abi-dump/libdane-latest-$$(uname -m).abi"
abi-dump-versioned: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "**************************************************************************"
@echo "Generating versioned ABI files of current gnutls and gnutls-dane libraries"
@echo "**************************************************************************"
@abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/libgnutls-$(VERSION)-$$(uname -m).abi"
@abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/libdane-$(VERSION)-$$(uname -m).abi"
@abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/abi-dump/libgnutls-$(VERSION)-$$(uname -m).abi"
@abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/abi-dump/libdane-$(VERSION)-$$(uname -m).abi"
abi-dump-latest: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "****************************************************************"
......@@ -121,7 +123,7 @@ abi-check-latest: lib/libgnutls.la libdane/libgnutls-dane.la
ABICHECK_COMMON = --no-added-syms
abi-check: lib/libgnutls.la libdane/libgnutls-dane.la
@for file in $$(echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \
@for file in $$(echo $(srcdir)/devel/abi-dump/libgnutls-*-$$(uname -m).abi);do \
echo "Comparing libgnutls with $$file"; \
abidiff $${file} lib/.libs/libgnutls.so $(ABICHECK_COMMON) --suppressions $(ABIGNORE_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/" --hd2 $(builddir)/lib/includes/gnutls/; \
if test $$? != 0;then \
......@@ -131,7 +133,7 @@ abi-check: lib/libgnutls.la libdane/libgnutls-dane.la
exit 1; \
fi; \
done
@for file in $$(echo $(srcdir)/devel/libdane-*-$$(uname -m).abi);do \
@for file in $$(echo $(srcdir)/devel/abi-dump/libdane-*-$$(uname -m).abi);do \
echo "Comparing libgnutls-dane with $$file"; \
abidiff $${file} libdane/.libs/libgnutls-dane.so $(ABICHECK_COMMON) --hd2 "$(srcdir)/libdane/includes/gnutls/" --hd2 $(builddir)/lib/includes/gnutls/; \
if test $$? != 0;then \
......@@ -178,14 +180,7 @@ distclean-local: code-coverage-dist-clean
local-code-coverage-output: code-coverage-capture
cat GnuTLS-$(VERSION)-coverage/index.html|grep headerCovTableEntry|grep '%'|head -1|sed 's/^.*>\([0-9]\+\.[0-9]\+\s*%\)<.*$$/ coverage lines: \1/' || true
libopts-check:
@echo "*****************************************************************"
@echo "Checking whether included libopts matches the system's. If the"
@echo "check fails upgrade the included libopts."
@echo "*****************************************************************"
test "`autoopts-config libsrc|awk -F '-' '{print $$NF}'|sed 's/.tar.gz//'`" = "`cat $(srcdir)/src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`"
files-update: libopts-check abi-dump-latest
files-update:
$(MAKE) -C doc/ compare-makefile || mv doc/tmp-compare-makefile $(srcdir)/doc/Makefile.am
$(MAKE) -C doc/manpages compare-makefile || mv doc/manpages/tmp-compare-makefile $(srcdir)/doc/manpages/Makefile.am
$(MAKE) -C . symbol-check || mv symbols.last.tmp $(SYMBOLS_LAST_FILE)
......@@ -193,7 +188,7 @@ files-update: libopts-check abi-dump-latest
@echo "updated auto-generated files; please use git diff to verify the correctness of the changes"
@echo "******************************************************************************************"
dist-hook: libopts-check
dist-hook:
$(PKG_CONFIG) --atleast-version=2.2.0 guile-2.2
if test -d "$(top_srcdir)/devel";then \
$(MAKE) -C $(top_srcdir) symbol-check && \
......@@ -206,4 +201,7 @@ dist-hook: libopts-check
mv ChangeLog $(distdir)
touch -c $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update libopts-check AUTHORS
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update AUTHORS
include $(top_srcdir)/cligen/cligen.mk
noinst_PYTHON = $(cligen_sources)
# Makefile.in generated by automake 1.16.2 from Makefile.am.
# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -35,7 +35,10 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# aminclude_static.am generated automatically by Autoconf
# from AX_AM_MACROS_STATIC on Wed Mar 10 12:51:43 CET 2021
# from AX_AM_MACROS_STATIC on Thu Feb 9 15:04:43 CET 2023
# Copyright (C) 2021-2022 Daiki Ueno
# SPDX-License-Identifier: LGPL-2.1-or-later
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
......@@ -124,10 +127,10 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
$(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \
$(top_srcdir)/src/gl/m4/atoll.m4 \
$(top_srcdir)/src/gl/m4/bison.m4 \
$(top_srcdir)/src/gl/m4/calloc.m4 \
$(top_srcdir)/src/gl/m4/clock_time.m4 \
$(top_srcdir)/src/gl/m4/codeset.m4 \
$(top_srcdir)/src/gl/m4/ctype.m4 \
$(top_srcdir)/src/gl/m4/double-slash-root.m4 \
$(top_srcdir)/src/gl/m4/ctype_h.m4 \
$(top_srcdir)/src/gl/m4/environ.m4 \
$(top_srcdir)/src/gl/m4/error.m4 \
$(top_srcdir)/src/gl/m4/fdopen.m4 \
......@@ -156,7 +159,6 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
$(top_srcdir)/src/gl/m4/locale-zh.m4 \
$(top_srcdir)/src/gl/m4/locale_h.m4 \
$(top_srcdir)/src/gl/m4/localename.m4 \
$(top_srcdir)/src/gl/m4/lock.m4 \
$(top_srcdir)/src/gl/m4/lstat.m4 \
$(top_srcdir)/src/gl/m4/mktime.m4 \
$(top_srcdir)/src/gl/m4/nanosleep.m4 \
......@@ -166,11 +168,12 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
$(top_srcdir)/src/gl/m4/pipe.m4 \
$(top_srcdir)/src/gl/m4/pthread-thread.m4 \
$(top_srcdir)/src/gl/m4/pthread_h.m4 \
$(top_srcdir)/src/gl/m4/pthread_rwlock_rdlock.m4 \
$(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \
$(top_srcdir)/src/gl/m4/putenv.m4 \
$(top_srcdir)/src/gl/m4/raise.m4 \
$(top_srcdir)/src/gl/m4/reallocarray.m4 \
$(top_srcdir)/src/gl/m4/sched_h.m4 \
$(top_srcdir)/src/gl/m4/sched_yield.m4 \
$(top_srcdir)/src/gl/m4/select.m4 \
$(top_srcdir)/src/gl/m4/semaphore.m4 \
$(top_srcdir)/src/gl/m4/servent.m4 \
......@@ -194,14 +197,11 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
$(top_srcdir)/src/gl/m4/timespec.m4 \
$(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \
$(top_srcdir)/src/gl/m4/tzset.m4 \
$(top_srcdir)/src/gl/m4/ungetc.m4 \
$(top_srcdir)/src/gl/m4/usleep.m4 \
$(top_srcdir)/src/gl/m4/visibility.m4 \
$(top_srcdir)/src/gl/m4/xalloc.m4 \
$(top_srcdir)/src/gl/m4/yield.m4 \
$(top_srcdir)/src/libopts/m4/libopts.m4 \
$(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \
$(top_srcdir)/m4/00gnulib.m4 $(top_srcdir)/m4/__inline.m4 \
$(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \
$(top_srcdir)/m4/__inline.m4 \
$(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \
$(top_srcdir)/m4/arpa_inet_h.m4 \
$(top_srcdir)/m4/ax_ac_append_to_file.m4 \
......@@ -213,17 +213,19 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
$(top_srcdir)/m4/ax_file_escapes.m4 \
$(top_srcdir)/m4/builtin-expect.m4 \
$(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \
$(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \
$(top_srcdir)/m4/errno_h.m4 $(top_srcdir)/m4/explicit_bzero.m4 \
$(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \
$(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \
$(top_srcdir)/m4/explicit_bzero.m4 \
$(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \
$(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \
$(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \
$(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \
$(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \
$(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \
$(top_srcdir)/m4/func.m4 $(top_srcdir)/m4/getdelim.m4 \
$(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \
$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gettimeofday.m4 \
$(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \
$(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \
$(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \
$(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \
$(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/gettimeofday.m4 \
$(top_srcdir)/m4/gnulib-common.m4 \
$(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \
$(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \
......@@ -236,41 +238,43 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
$(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lseek.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/malloc.m4 $(top_srcdir)/m4/malloca.m4 \
$(top_srcdir)/m4/manywarnings.m4 $(top_srcdir)/m4/memchr.m4 \
$(top_srcdir)/m4/memmem.m4 $(top_srcdir)/m4/minmax.m4 \
$(top_srcdir)/m4/mmap-anon.m4 $(top_srcdir)/m4/mode_t.m4 \
$(top_srcdir)/m4/msvc-inval.m4 \
$(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \
$(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \
$(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \
$(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \
$(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \
$(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \
$(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \
$(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \
$(top_srcdir)/m4/open-cloexec.m4 \
$(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \
$(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pid_t.m4 \
$(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \
$(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \
$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \
$(top_srcdir)/m4/progtest.m4 \
$(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \
$(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \
$(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \
$(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \
$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \
$(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \
$(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/std-gnu11.m4 \
$(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \
$(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \
$(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \
$(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/stpcpy.m4 \
$(top_srcdir)/m4/strcase.m4 $(top_srcdir)/m4/strdup.m4 \
$(top_srcdir)/m4/string_h.m4 $(top_srcdir)/m4/strings_h.m4 \
$(top_srcdir)/m4/strndup.m4 $(top_srcdir)/m4/strnlen.m4 \
$(top_srcdir)/m4/strtok_r.m4 $(top_srcdir)/m4/strverscmp.m4 \
$(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \
$(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \
$(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \
$(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \
$(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \
$(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \
$(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \
$(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \
$(top_srcdir)/m4/strverscmp.m4 \
$(top_srcdir)/m4/sys_socket_h.m4 \
$(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \
$(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \
$(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \
$(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/unistd_h.m4 \
$(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \
$(top_srcdir)/m4/unistd_h.m4 \
$(top_srcdir)/m4/valgrind-tests.m4 \
$(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \
$(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \
......@@ -281,7 +285,7 @@ am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(am__DIST_COMMON)
$(am__configure_deps) $(noinst_PYTHON) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
......@@ -316,6 +320,8 @@ am__can_run_installinfo = \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__py_compile = PYTHON=$(PYTHON) $(SHELL) $(py_compile)
py_compile = $(top_srcdir)/build-aux/py-compile
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
......@@ -342,14 +348,11 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = gl lib extra libdane po src/gl src tests fuzz guile \
doc/manpages doc
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/aminclude_static.am \
$(top_srcdir)/build-aux/ar-lib \
$(top_srcdir)/build-aux/ar-lib $(top_srcdir)/build-aux/compile \
$(top_srcdir)/build-aux/config.guess \
$(top_srcdir)/build-aux/config.rpath \
$(top_srcdir)/build-aux/config.sub \
......@@ -357,12 +360,15 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/build-aux/ldd.sh.in \
$(top_srcdir)/build-aux/ltmain.sh \
$(top_srcdir)/build-aux/missing \
$(top_srcdir)/build-aux/py-compile \
$(top_srcdir)/cligen/cligen.mk \
$(top_srcdir)/doc/doxygen/Doxyfile.in \
$(top_srcdir)/lib/includes/gnutls/gnutls.h.in ABOUT-NLS \
AUTHORS ChangeLog NEWS THANKS build-aux/ar-lib \
build-aux/config.guess build-aux/config.rpath \
build-aux/config.sub build-aux/install-sh build-aux/ltmain.sh \
build-aux/missing
AUTHORS ChangeLog INSTALL.md NEWS README.md THANKS \
build-aux/ar-lib build-aux/compile build-aux/config.guess \
build-aux/config.rpath build-aux/config.sub \
build-aux/install-sh build-aux/ltmain.sh build-aux/missing \
build-aux/py-compile
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
......@@ -401,20 +407,24 @@ am__relativize = \
GZIP_ENV = --best
DIST_ARCHIVES = $(distdir).tar.xz
DIST_TARGETS = dist-xz
# Exists only to be overridden by the user if desired.
AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
ALLOCA_H = @ALLOCA_H@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AM_VALGRINDFLAGS = @AM_VALGRINDFLAGS@
APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@
AR = @AR@
ARFLAGS = @ARFLAGS@
ASN1PARSER = @ASN1PARSER@
AUTOCONF = @AUTOCONF@
AUTOGEN = @AUTOGEN@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
......@@ -442,6 +452,8 @@ CONFIG_INCLUDE = @CONFIG_INCLUDE@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@
CSCOPE = @CSCOPE@
CTAGS = @CTAGS@
CXX = @CXX@
CXXCPP = @CXXCPP@
CXXDEPMODE = @CXXDEPMODE@
......@@ -450,6 +462,7 @@ CXX_LT_AGE = @CXX_LT_AGE@
CXX_LT_CURRENT = @CXX_LT_CURRENT@
CXX_LT_REVISION = @CXX_LT_REVISION@
CYGPATH_W = @CYGPATH_W@
DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
......@@ -469,375 +482,715 @@ ENOLINK_VALUE = @ENOLINK_VALUE@
EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@
EOVERFLOW_VALUE = @EOVERFLOW_VALUE@
ERRNO_H = @ERRNO_H@
ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FILECMD = @FILECMD@
FIPS140_LIBS = @FIPS140_LIBS@
FLOAT_H = @FLOAT_H@
GCOV = @GCOV@
GENHTML = @GENHTML@
GETADDRINFO_LIB = @GETADDRINFO_LIB@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@
GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@
GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@
GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@
GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@
GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@
GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@
GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@
GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@
GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@
GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@
GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@
GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@
GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@
GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@
GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@
GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@
GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@
GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@
GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@
GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@
GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@
GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@
GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@
GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@
GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@
GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@
GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@
GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@
GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@
GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@
GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@
GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@
GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@
GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@
GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@
GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@
GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@
GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@
GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@
GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@
GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@
GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@
GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@
GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@
GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@
GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@
GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@
GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@
GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@
GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@
GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@
GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@
GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@
GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@
GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@
GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@
GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@
GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@
GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@
GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@
GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@
GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@
GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@
GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@
GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@
GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@
GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@
GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@
GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@
GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@
GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@
GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@
GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@
GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@
GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@
GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@
GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@
GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@
GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@
GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@
GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@
GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@
GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@
GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@
GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@
GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@
GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@
GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@
GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@
GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@
GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@
GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@
GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@
GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@
GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@
GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@
GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@
GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@
GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@
GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@
GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@
GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@
GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@
GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@
GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@
GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@
GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@
GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@
GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@
GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@
GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@
GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@
GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@
GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@
GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@
GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@
GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@
GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@
GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@
GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@
GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@
GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@
GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@
GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@
GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@
GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@
GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@
GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@
GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@
GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@
GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@
GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@
GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@
GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@
GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@
GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@
GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@
GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@
GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@
GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@
GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@
GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@
GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@
GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@
GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@
GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@
GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@
GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@
GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@
GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@
GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@
GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@
GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@
GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@
GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@
GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@
GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@
GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@
GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@
GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@
GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@
GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@
GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@
GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@
GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@
GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@
GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@
GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@
GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@
GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@
GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@
GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@
GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@
GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@
GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@
GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@
GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@
GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@
GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@
GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@
GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@
GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@
GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@
GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@
GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@
GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@
GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@
GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@
GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@
GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@
GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@
GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@
GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@
GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@
GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@
GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@
GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@
GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@
GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@
GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@
GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@
GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@
GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@
GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@
GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@
GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@
GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@
GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@
GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@
GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@
GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@
GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@
GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@
GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@
GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@
GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@
GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@
GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@
GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@
GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@
GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@
GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@
GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@
GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@
GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@
GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@
GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@
GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@
GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@
GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@
GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@
GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@
GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@
GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@
GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@
GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@
GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@
GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@
GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@
GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@
GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@
GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@
GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@
GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@
GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@
GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@
GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@
GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@
GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@
GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@
GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@
GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@
GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@
GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@
GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@
GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@
GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@
GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@
GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@
GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@
GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@
GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@
GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@
GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@
GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@
GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@
GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@
GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@
GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@
GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@
GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@
GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@
GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@
GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@
GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@
GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@
GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@
GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@
GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@
GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@
GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@
GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@
GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@
GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@
GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@
GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@
GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@
GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@
GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@
GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@
GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@
GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@
GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@
GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@
GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@
GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@
GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@
GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@
GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@
GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@
GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@
GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@
GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@
GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@
GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@
GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@
GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@
GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@
GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@
GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@
GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@
GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@
GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@
GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@
GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@
GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@
GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@
GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@
GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@
GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@
GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@
GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@
GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@
GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@
GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@
GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@
GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@
GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@
GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@
GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@
GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@
GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@
GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@
GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@
GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@
GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@
GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@
GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@
GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@
GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@
GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@
GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@
GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@
GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@
GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@
GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@
GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@
GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@
GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@
GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@
GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@
GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@
GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@
GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@
GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@
GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@
GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@
GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@
GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@
GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@
GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@
GL_GNULIB_BIND = @GL_GNULIB_BIND@
GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@
GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@
GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@
GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@
GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@
GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@
GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@
GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@
GL_GNULIB_CREAT = @GL_GNULIB_CREAT@
GL_GNULIB_CTIME = @GL_GNULIB_CTIME@
GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@
GL_GNULIB_DUP = @GL_GNULIB_DUP@
GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@
GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@
GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@
GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@
GL_GNULIB_EXECL = @GL_GNULIB_EXECL@
GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@
GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@
GL_GNULIB_EXECV = @GL_GNULIB_EXECV@
GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@
GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@
GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@
GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@
GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@
GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@
GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@
GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@
GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@
GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@
GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@
GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@
GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@
GL_GNULIB_FFS = @GL_GNULIB_FFS@
GL_GNULIB_FFSL = @GL_GNULIB_FFSL@
GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@
GL_GNULIB_FGETC = @GL_GNULIB_FGETC@
GL_GNULIB_FGETS = @GL_GNULIB_FGETS@
GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@
GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@
GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@
GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@
GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@
GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@
GL_GNULIB_FREAD = @GL_GNULIB_FREAD@
GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@
GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@
GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@
GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@
GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@
GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@
GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@
GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@
GL_GNULIB_FTELL = @GL_GNULIB_FTELL@
GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@
GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@
GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@
GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@
GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@
GL_GNULIB_GETC = @GL_GNULIB_GETC@
GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@
GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@
GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@
GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@
GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@
GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@
GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@
GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@
GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@
GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@
GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@
GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@
GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@
GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@
GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@
GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@
GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@
GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@
GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@
GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@
GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@
GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@
GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@
GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@
GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@
GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@
GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@
GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@
GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@
GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@
GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@
GL_GNULIB_LINK = @GL_GNULIB_LINK@
GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@
GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@
GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@
GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@
GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@
GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@
GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@
GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@
GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@
GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@
GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@
GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@
GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@
GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@
GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@
GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@
GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@
GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@
GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@
GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@
GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@
GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@
GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@
GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@
GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@
GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@
GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@
GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@
GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@
GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@
GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@
GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@
GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@
GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@
GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@
GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@
GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@
GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@
GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@
GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@
GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@
GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@
GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@
GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@
GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@
GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@
GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@
GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@
GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@
GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@
GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@
GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@
GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@
GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@
GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@
GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@
GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@
GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@
GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@
GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@
GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@
GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@
GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@
GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@
GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@
GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@
GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@
GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@
GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@
GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@
GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@
GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@
GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@
GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@
GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@
GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@
GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@
GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@
GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@
GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@
GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@
GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@
GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@
GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@
GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@
GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@
GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@
GL_GNULIB_OPEN = @GL_GNULIB_OPEN@
GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@
GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@
GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@
GL_GNULIB_PERROR = @GL_GNULIB_PERROR@
GL_GNULIB_PIPE = @GL_GNULIB_PIPE@
GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@
GL_GNULIB_POPEN = @GL_GNULIB_POPEN@
GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@
GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@
GL_GNULIB_PREAD = @GL_GNULIB_PREAD@
GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@
GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@
GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@
GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@
GL_GNULIB_PUTC = @GL_GNULIB_PUTC@
GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@
GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@
GL_GNULIB_PUTS = @GL_GNULIB_PUTS@
GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@
GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@
GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@
GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@
GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@
GL_GNULIB_READ = @GL_GNULIB_READ@
GL_GNULIB_READLINK = @GL_GNULIB_READLINK@
GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@
GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@
GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@
GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@
GL_GNULIB_RECV = @GL_GNULIB_RECV@
GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@
GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@
GL_GNULIB_RENAME = @GL_GNULIB_RENAME@
GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@
GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@
GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@
GL_GNULIB_SCANF = @GL_GNULIB_SCANF@
GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@
GL_GNULIB_SEND = @GL_GNULIB_SEND@
GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@
GL_GNULIB_SETENV = @GL_GNULIB_SETENV@
GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@
GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@
GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@
GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@
GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@
GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@
GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@
GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@
GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@
GL_GNULIB_STAT = @GL_GNULIB_STAT@
GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@
GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@
GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@
GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@
GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@
GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@
GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@
GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@
GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@
GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@
GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@
GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@
GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@
GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@
GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@
GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@
GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@
GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@
GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@
GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@
GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@
GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@
GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@
GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@
GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@
GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@
GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@
GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@
GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@
GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@
GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@
GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@
GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@
GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@
GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@
GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@
GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@
GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@
GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@
GL_GNULIB_TZSET = @GL_GNULIB_TZSET@
GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@
GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@
GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@
GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@
GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@
GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@
GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@
GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@
GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@
GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@
GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@
GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@
GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@
GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@
GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@
GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@
GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@
GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@
GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@
GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@
GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@
GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@
GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@
GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@
GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@
GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@
GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@
GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@
GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@
GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@
GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@
GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@
GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@
GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@
GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@
GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@
GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@
GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@
GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@
GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@
GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@
GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@
GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@
GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@
GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@
GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@
GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@
GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@
GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@
GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@
GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@
GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@
GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@
GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@
GL_GNULIB_WRITE = @GL_GNULIB_WRITE@
GL_GNULIB__EXIT = @GL_GNULIB__EXIT@
GMP_CFLAGS = @GMP_CFLAGS@
GMP_LIBS = @GMP_LIBS@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GNULIB_ACCEPT = @GNULIB_ACCEPT@
GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@
GNULIB_ACCESS = @GNULIB_ACCESS@
GNULIB_ALIGNED_ALLOC = @GNULIB_ALIGNED_ALLOC@
GNULIB_ATOLL = @GNULIB_ATOLL@
GNULIB_BIND = @GNULIB_BIND@
GNULIB_BTOWC = @GNULIB_BTOWC@
GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@
GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@
GNULIB_CHDIR = @GNULIB_CHDIR@
GNULIB_CHOWN = @GNULIB_CHOWN@
GNULIB_CLOSE = @GNULIB_CLOSE@
GNULIB_CONNECT = @GNULIB_CONNECT@
GNULIB_COPY_FILE_RANGE = @GNULIB_COPY_FILE_RANGE@
GNULIB_CREAT = @GNULIB_CREAT@
GNULIB_CTIME = @GNULIB_CTIME@
GNULIB_DPRINTF = @GNULIB_DPRINTF@
GNULIB_DUP = @GNULIB_DUP@
GNULIB_DUP2 = @GNULIB_DUP2@
GNULIB_DUP3 = @GNULIB_DUP3@
GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@
GNULIB_ENVIRON = @GNULIB_ENVIRON@
GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@
GNULIB_EXECL = @GNULIB_EXECL@
GNULIB_EXECLE = @GNULIB_EXECLE@
GNULIB_EXECLP = @GNULIB_EXECLP@
GNULIB_EXECV = @GNULIB_EXECV@
GNULIB_EXECVE = @GNULIB_EXECVE@
GNULIB_EXECVP = @GNULIB_EXECVP@
GNULIB_EXECVPE = @GNULIB_EXECVPE@
GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@
GNULIB_FACCESSAT = @GNULIB_FACCESSAT@
GNULIB_FCHDIR = @GNULIB_FCHDIR@
GNULIB_FCHMODAT = @GNULIB_FCHMODAT@
GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@
GNULIB_FCLOSE = @GNULIB_FCLOSE@
GNULIB_FCNTL = @GNULIB_FCNTL@
GNULIB_FDATASYNC = @GNULIB_FDATASYNC@
GNULIB_FDOPEN = @GNULIB_FDOPEN@
GNULIB_FFLUSH = @GNULIB_FFLUSH@
GNULIB_FFS = @GNULIB_FFS@
GNULIB_FFSL = @GNULIB_FFSL@
GNULIB_FFSLL = @GNULIB_FFSLL@
GNULIB_FGETC = @GNULIB_FGETC@
GNULIB_FGETS = @GNULIB_FGETS@
GNULIB_FOPEN = @GNULIB_FOPEN@
GNULIB_FPRINTF = @GNULIB_FPRINTF@
GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@
GNULIB_FPURGE = @GNULIB_FPURGE@
GNULIB_FPUTC = @GNULIB_FPUTC@
GNULIB_FPUTS = @GNULIB_FPUTS@
GNULIB_FREAD = @GNULIB_FREAD@
GNULIB_FREE_POSIX = @GNULIB_FREE_POSIX@
GNULIB_FREOPEN = @GNULIB_FREOPEN@
GNULIB_FSCANF = @GNULIB_FSCANF@
GNULIB_FSEEK = @GNULIB_FSEEK@
GNULIB_FSEEKO = @GNULIB_FSEEKO@
GNULIB_FSTAT = @GNULIB_FSTAT@
GNULIB_FSTATAT = @GNULIB_FSTATAT@
GNULIB_FSYNC = @GNULIB_FSYNC@
GNULIB_FTELL = @GNULIB_FTELL@
GNULIB_FTELLO = @GNULIB_FTELLO@
GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@
GNULIB_FUTIMENS = @GNULIB_FUTIMENS@
GNULIB_FWRITE = @GNULIB_FWRITE@
GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@
GNULIB_GETC = @GNULIB_GETC@
GNULIB_GETCHAR = @GNULIB_GETCHAR@
GNULIB_GETCWD = @GNULIB_GETCWD@
GNULIB_GETDELIM = @GNULIB_GETDELIM@
GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@
GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@
GNULIB_GETENTROPY = @GNULIB_GETENTROPY@
GNULIB_GETGROUPS = @GNULIB_GETGROUPS@
GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@
GNULIB_GETLINE = @GNULIB_GETLINE@
GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@
GNULIB_GETLOGIN = @GNULIB_GETLOGIN@
GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@
GNULIB_GETOPT_POSIX = @GNULIB_GETOPT_POSIX@
GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@
GNULIB_GETPASS = @GNULIB_GETPASS@
GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@
GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@
GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@
GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@
GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@
GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@
GNULIB_GETUMASK = @GNULIB_GETUMASK@
GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@
GNULIB_GRANTPT = @GNULIB_GRANTPT@
GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@
GNULIB_IMAXABS = @GNULIB_IMAXABS@
GNULIB_IMAXDIV = @GNULIB_IMAXDIV@
GNULIB_INET_NTOP = @GNULIB_INET_NTOP@
GNULIB_INET_PTON = @GNULIB_INET_PTON@
GNULIB_IOCTL = @GNULIB_IOCTL@
GNULIB_ISATTY = @GNULIB_ISATTY@
GNULIB_ISBLANK = @GNULIB_ISBLANK@
GNULIB_LCHMOD = @GNULIB_LCHMOD@
GNULIB_LCHOWN = @GNULIB_LCHOWN@
GNULIB_LINK = @GNULIB_LINK@
GNULIB_LINKAT = @GNULIB_LINKAT@
GNULIB_LISTEN = @GNULIB_LISTEN@
GNULIB_LOCALECONV = @GNULIB_LOCALECONV@
GNULIB_LOCALENAME = @GNULIB_LOCALENAME@
GNULIB_LOCALTIME = @GNULIB_LOCALTIME@
GNULIB_LSEEK = @GNULIB_LSEEK@
GNULIB_LSTAT = @GNULIB_LSTAT@
GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@
GNULIB_MBRLEN = @GNULIB_MBRLEN@
GNULIB_MBRTOWC = @GNULIB_MBRTOWC@
GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@
GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@
GNULIB_MBSCHR = @GNULIB_MBSCHR@
GNULIB_MBSCSPN = @GNULIB_MBSCSPN@
GNULIB_MBSINIT = @GNULIB_MBSINIT@
GNULIB_MBSLEN = @GNULIB_MBSLEN@
GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@
GNULIB_MBSNLEN = @GNULIB_MBSNLEN@
GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@
GNULIB_MBSPBRK = @GNULIB_MBSPBRK@
GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@
GNULIB_MBSRCHR = @GNULIB_MBSRCHR@
GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@
GNULIB_MBSSEP = @GNULIB_MBSSEP@
GNULIB_MBSSPN = @GNULIB_MBSSPN@
GNULIB_MBSSTR = @GNULIB_MBSSTR@
GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@
GNULIB_MBTOWC = @GNULIB_MBTOWC@
GNULIB_MDA_ACCESS = @GNULIB_MDA_ACCESS@
GNULIB_MDA_CHDIR = @GNULIB_MDA_CHDIR@
GNULIB_MDA_CHMOD = @GNULIB_MDA_CHMOD@
GNULIB_MDA_CLOSE = @GNULIB_MDA_CLOSE@
GNULIB_MDA_CREAT = @GNULIB_MDA_CREAT@
GNULIB_MDA_DUP = @GNULIB_MDA_DUP@
GNULIB_MDA_DUP2 = @GNULIB_MDA_DUP2@
GNULIB_MDA_ECVT = @GNULIB_MDA_ECVT@
GNULIB_MDA_EXECL = @GNULIB_MDA_EXECL@
GNULIB_MDA_EXECLE = @GNULIB_MDA_EXECLE@
GNULIB_MDA_EXECLP = @GNULIB_MDA_EXECLP@
GNULIB_MDA_EXECV = @GNULIB_MDA_EXECV@
GNULIB_MDA_EXECVE = @GNULIB_MDA_EXECVE@
GNULIB_MDA_EXECVP = @GNULIB_MDA_EXECVP@
GNULIB_MDA_EXECVPE = @GNULIB_MDA_EXECVPE@
GNULIB_MDA_FCLOSEALL = @GNULIB_MDA_FCLOSEALL@
GNULIB_MDA_FCVT = @GNULIB_MDA_FCVT@
GNULIB_MDA_FDOPEN = @GNULIB_MDA_FDOPEN@
GNULIB_MDA_FILENO = @GNULIB_MDA_FILENO@
GNULIB_MDA_GCVT = @GNULIB_MDA_GCVT@
GNULIB_MDA_GETCWD = @GNULIB_MDA_GETCWD@
GNULIB_MDA_GETPID = @GNULIB_MDA_GETPID@
GNULIB_MDA_GETW = @GNULIB_MDA_GETW@
GNULIB_MDA_ISATTY = @GNULIB_MDA_ISATTY@
GNULIB_MDA_LSEEK = @GNULIB_MDA_LSEEK@
GNULIB_MDA_MEMCCPY = @GNULIB_MDA_MEMCCPY@
GNULIB_MDA_MKDIR = @GNULIB_MDA_MKDIR@
GNULIB_MDA_MKTEMP = @GNULIB_MDA_MKTEMP@
GNULIB_MDA_OPEN = @GNULIB_MDA_OPEN@
GNULIB_MDA_PUTENV = @GNULIB_MDA_PUTENV@
GNULIB_MDA_PUTW = @GNULIB_MDA_PUTW@
GNULIB_MDA_READ = @GNULIB_MDA_READ@
GNULIB_MDA_RMDIR = @GNULIB_MDA_RMDIR@
GNULIB_MDA_STRDUP = @GNULIB_MDA_STRDUP@
GNULIB_MDA_SWAB = @GNULIB_MDA_SWAB@
GNULIB_MDA_TEMPNAM = @GNULIB_MDA_TEMPNAM@
GNULIB_MDA_TZSET = @GNULIB_MDA_TZSET@
GNULIB_MDA_UMASK = @GNULIB_MDA_UMASK@
GNULIB_MDA_UNLINK = @GNULIB_MDA_UNLINK@
GNULIB_MDA_WCSDUP = @GNULIB_MDA_WCSDUP@
GNULIB_MDA_WRITE = @GNULIB_MDA_WRITE@
GNULIB_MEMCHR = @GNULIB_MEMCHR@
GNULIB_MEMMEM = @GNULIB_MEMMEM@
GNULIB_MEMPCPY = @GNULIB_MEMPCPY@
GNULIB_MEMRCHR = @GNULIB_MEMRCHR@
GNULIB_MKDIR = @GNULIB_MKDIR@
GNULIB_MKDIRAT = @GNULIB_MKDIRAT@
GNULIB_MKDTEMP = @GNULIB_MKDTEMP@
GNULIB_MKFIFO = @GNULIB_MKFIFO@
GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@
GNULIB_MKNOD = @GNULIB_MKNOD@
GNULIB_MKNODAT = @GNULIB_MKNODAT@
GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@
GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@
GNULIB_MKSTEMP = @GNULIB_MKSTEMP@
GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@
GNULIB_MKTIME = @GNULIB_MKTIME@
GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@
GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@
GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@
GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@
GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@
GNULIB_OPEN = @GNULIB_OPEN@
GNULIB_OPENAT = @GNULIB_OPENAT@
GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@
GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@
GNULIB_PCLOSE = @GNULIB_PCLOSE@
GNULIB_PERROR = @GNULIB_PERROR@
GNULIB_PIPE = @GNULIB_PIPE@
GNULIB_PIPE2 = @GNULIB_PIPE2@
GNULIB_POPEN = @GNULIB_POPEN@
GNULIB_POSIX_MEMALIGN = @GNULIB_POSIX_MEMALIGN@
GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@
GNULIB_PREAD = @GNULIB_PREAD@
GNULIB_PRINTF = @GNULIB_PRINTF@
GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@
GNULIB_PSELECT = @GNULIB_PSELECT@
GNULIB_PTHREAD_COND = @GNULIB_PTHREAD_COND@
GNULIB_PTHREAD_MUTEX = @GNULIB_PTHREAD_MUTEX@
GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GNULIB_PTHREAD_MUTEX_TIMEDLOCK@
GNULIB_PTHREAD_ONCE = @GNULIB_PTHREAD_ONCE@
GNULIB_PTHREAD_RWLOCK = @GNULIB_PTHREAD_RWLOCK@
GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@
GNULIB_PTHREAD_SPIN = @GNULIB_PTHREAD_SPIN@
GNULIB_PTHREAD_THREAD = @GNULIB_PTHREAD_THREAD@
GNULIB_PTHREAD_TSS = @GNULIB_PTHREAD_TSS@
GNULIB_PTSNAME = @GNULIB_PTSNAME@
GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@
GNULIB_PUTC = @GNULIB_PUTC@
GNULIB_PUTCHAR = @GNULIB_PUTCHAR@
GNULIB_PUTENV = @GNULIB_PUTENV@
GNULIB_PUTS = @GNULIB_PUTS@
GNULIB_PWRITE = @GNULIB_PWRITE@
GNULIB_QSORT_R = @GNULIB_QSORT_R@
GNULIB_RAISE = @GNULIB_RAISE@
GNULIB_RANDOM = @GNULIB_RANDOM@
GNULIB_RANDOM_R = @GNULIB_RANDOM_R@
GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@
GNULIB_READ = @GNULIB_READ@
GNULIB_READLINK = @GNULIB_READLINK@
GNULIB_READLINKAT = @GNULIB_READLINKAT@
GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@
GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@
GNULIB_REALPATH = @GNULIB_REALPATH@
GNULIB_RECV = @GNULIB_RECV@
GNULIB_RECVFROM = @GNULIB_RECVFROM@
GNULIB_REMOVE = @GNULIB_REMOVE@
GNULIB_RENAME = @GNULIB_RENAME@
GNULIB_RENAMEAT = @GNULIB_RENAMEAT@
GNULIB_RMDIR = @GNULIB_RMDIR@
GNULIB_RPMATCH = @GNULIB_RPMATCH@
GNULIB_SCANF = @GNULIB_SCANF@
GNULIB_SCHED_YIELD = @GNULIB_SCHED_YIELD@
GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@
GNULIB_SELECT = @GNULIB_SELECT@
GNULIB_SEND = @GNULIB_SEND@
GNULIB_SENDTO = @GNULIB_SENDTO@
GNULIB_SETENV = @GNULIB_SETENV@
GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@
GNULIB_SETLOCALE = @GNULIB_SETLOCALE@
GNULIB_SETLOCALE_NULL = @GNULIB_SETLOCALE_NULL@
GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@
GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@
GNULIB_SIGABBREV_NP = @GNULIB_SIGABBREV_NP@
GNULIB_SIGACTION = @GNULIB_SIGACTION@
GNULIB_SIGDESCR_NP = @GNULIB_SIGDESCR_NP@
GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@
GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@
GNULIB_SLEEP = @GNULIB_SLEEP@
GNULIB_SNPRINTF = @GNULIB_SNPRINTF@
GNULIB_SOCKET = @GNULIB_SOCKET@
GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@
GNULIB_STAT = @GNULIB_STAT@
GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@
GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@
GNULIB_STPCPY = @GNULIB_STPCPY@
GNULIB_STPNCPY = @GNULIB_STPNCPY@
GNULIB_STRCASESTR = @GNULIB_STRCASESTR@
GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@
GNULIB_STRDUP = @GNULIB_STRDUP@
GNULIB_STRERROR = @GNULIB_STRERROR@
GNULIB_STRERRORNAME_NP = @GNULIB_STRERRORNAME_NP@
GNULIB_STRERROR_R = @GNULIB_STRERROR_R@
GNULIB_STRFTIME = @GNULIB_STRFTIME@
GNULIB_STRNCAT = @GNULIB_STRNCAT@
GNULIB_STRNDUP = @GNULIB_STRNDUP@
GNULIB_STRNLEN = @GNULIB_STRNLEN@
GNULIB_STRPBRK = @GNULIB_STRPBRK@
GNULIB_STRPTIME = @GNULIB_STRPTIME@
GNULIB_STRSEP = @GNULIB_STRSEP@
GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@
GNULIB_STRSTR = @GNULIB_STRSTR@
GNULIB_STRTOD = @GNULIB_STRTOD@
GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@
GNULIB_STRTOK_R = @GNULIB_STRTOK_R@
GNULIB_STRTOLD = @GNULIB_STRTOLD@
GNULIB_STRTOLL = @GNULIB_STRTOLL@
GNULIB_STRTOULL = @GNULIB_STRTOULL@
GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@
GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@
GNULIB_SYMLINK = @GNULIB_SYMLINK@
GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@
GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@
GNULIB_TIMEGM = @GNULIB_TIMEGM@
GNULIB_TIME_R = @GNULIB_TIME_R@
GNULIB_TIME_RZ = @GNULIB_TIME_RZ@
GNULIB_TMPFILE = @GNULIB_TMPFILE@
GNULIB_TRUNCATE = @GNULIB_TRUNCATE@
GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@
GNULIB_TZSET = @GNULIB_TZSET@
GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@
GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@
GNULIB_UNLINK = @GNULIB_UNLINK@
GNULIB_UNLINKAT = @GNULIB_UNLINKAT@
GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@
GNULIB_UNSETENV = @GNULIB_UNSETENV@
GNULIB_USLEEP = @GNULIB_USLEEP@
GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@
GNULIB_VASPRINTF = @GNULIB_VASPRINTF@
GNULIB_VDPRINTF = @GNULIB_VDPRINTF@
GNULIB_VFPRINTF = @GNULIB_VFPRINTF@
GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@
GNULIB_VFSCANF = @GNULIB_VFSCANF@
GNULIB_VPRINTF = @GNULIB_VPRINTF@
GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@
GNULIB_VSCANF = @GNULIB_VSCANF@
GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@
GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@
GNULIB_WCPCPY = @GNULIB_WCPCPY@
GNULIB_WCPNCPY = @GNULIB_WCPNCPY@
GNULIB_WCRTOMB = @GNULIB_WCRTOMB@
GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@
GNULIB_WCSCAT = @GNULIB_WCSCAT@
GNULIB_WCSCHR = @GNULIB_WCSCHR@
GNULIB_WCSCMP = @GNULIB_WCSCMP@
GNULIB_WCSCOLL = @GNULIB_WCSCOLL@
GNULIB_WCSCPY = @GNULIB_WCSCPY@
GNULIB_WCSCSPN = @GNULIB_WCSCSPN@
GNULIB_WCSDUP = @GNULIB_WCSDUP@
GNULIB_WCSFTIME = @GNULIB_WCSFTIME@
GNULIB_WCSLEN = @GNULIB_WCSLEN@
GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@
GNULIB_WCSNCAT = @GNULIB_WCSNCAT@
GNULIB_WCSNCMP = @GNULIB_WCSNCMP@
GNULIB_WCSNCPY = @GNULIB_WCSNCPY@
GNULIB_WCSNLEN = @GNULIB_WCSNLEN@
GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@
GNULIB_WCSPBRK = @GNULIB_WCSPBRK@
GNULIB_WCSRCHR = @GNULIB_WCSRCHR@
GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@
GNULIB_WCSSPN = @GNULIB_WCSSPN@
GNULIB_WCSSTR = @GNULIB_WCSSTR@
GNULIB_WCSTOK = @GNULIB_WCSTOK@
GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@
GNULIB_WCSXFRM = @GNULIB_WCSXFRM@
GNULIB_WCTOB = @GNULIB_WCTOB@
GNULIB_WCTOMB = @GNULIB_WCTOMB@
GNULIB_WCWIDTH = @GNULIB_WCWIDTH@
GNULIB_WMEMCHR = @GNULIB_WMEMCHR@
GNULIB_WMEMCMP = @GNULIB_WMEMCMP@
GNULIB_WMEMCPY = @GNULIB_WMEMCPY@
GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@
GNULIB_WMEMPCPY = @GNULIB_WMEMPCPY@
GNULIB_WMEMSET = @GNULIB_WMEMSET@
GNULIB_WRITE = @GNULIB_WRITE@
GNULIB__EXIT = @GNULIB__EXIT@
GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@
GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
GPERF = @GPERF@
GREP = @GREP@
GTKDOC_CHECK = @GTKDOC_CHECK@
GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@
......@@ -973,6 +1326,7 @@ HAVE_LIBEV = @HAVE_LIBEV@
HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
HAVE_LIBRT = @HAVE_LIBRT@
HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@
HAVE_LIBZ = @HAVE_LIBZ@
HAVE_LINK = @HAVE_LINK@
HAVE_LINKAT = @HAVE_LINKAT@
HAVE_LSTAT = @HAVE_LSTAT@
......@@ -1115,8 +1469,10 @@ HAVE_STRPBRK = @HAVE_STRPBRK@
HAVE_STRPTIME = @HAVE_STRPTIME@
HAVE_STRSEP = @HAVE_STRSEP@
HAVE_STRTOD = @HAVE_STRTOD@
HAVE_STRTOL = @HAVE_STRTOL@
HAVE_STRTOLD = @HAVE_STRTOLD@
HAVE_STRTOLL = @HAVE_STRTOLL@
HAVE_STRTOUL = @HAVE_STRTOUL@
HAVE_STRTOULL = @HAVE_STRTOULL@
HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@
HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@
......@@ -1140,6 +1496,7 @@ HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@
HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@
HAVE_TIMEGM = @HAVE_TIMEGM@
HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@
HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@
HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@
HAVE_UNISTD_H = @HAVE_UNISTD_H@
......@@ -1214,6 +1571,10 @@ LDDPOSTPROC = @LDDPOSTPROC@
LDDPROG = @LDDPROG@
LDFLAGS = @LDFLAGS@
LIBATOMIC_LIBS = @LIBATOMIC_LIBS@
LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@
LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@
LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@
LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@
LIBCRYPTO = @LIBCRYPTO@
LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@
LIBDL = @LIBDL@
......@@ -1227,11 +1588,10 @@ LIBICONV = @LIBICONV@
LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@
LIBIDN2_LIBS = @LIBIDN2_LIBS@
LIBINTL = @LIBINTL@
LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@
LIBKCAPI_LIBS = @LIBKCAPI_LIBS@
LIBMULTITHREAD = @LIBMULTITHREAD@
LIBOBJS = @LIBOBJS@
LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@
LIBOPTS_DIR = @LIBOPTS_DIR@
LIBOPTS_LDADD = @LIBOPTS_LDADD@
LIBPMULTITHREAD = @LIBPMULTITHREAD@
LIBPTHREAD = @LIBPTHREAD@
LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
......@@ -1252,6 +1612,11 @@ LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@
LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@
LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@
LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@
LIBZ = @LIBZ@
LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@
LIBZSTD_LIBS = @LIBZSTD_LIBS@
LIBZ_PC = @LIBZ_PC@
LIBZ_PREFIX = @LIBZ_PREFIX@
LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@
LIB_NANOSLEEP = @LIB_NANOSLEEP@
LIB_PTHREAD = @LIB_PTHREAD@
......@@ -1264,11 +1629,13 @@ LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@
LIMITS_H = @LIMITS_H@
LIPO = @LIPO@
LN_S = @LN_S@
LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@
LOCALE_FR = @LOCALE_FR@
LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@
LOCALE_JA = @LOCALE_JA@
LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@
LOCALE_ZH_CN = @LOCALE_ZH_CN@
LOG_VALGRIND = @LOG_VALGRIND@
LTALLOCA = @LTALLOCA@
LTLIBCRYPTO = @LTLIBCRYPTO@
LTLIBDL = @LTLIBDL@
......@@ -1281,6 +1648,7 @@ LTLIBPTHREAD = @LTLIBPTHREAD@
LTLIBRT = @LTLIBRT@
LTLIBSECCOMP = @LTLIBSECCOMP@
LTLIBTHREAD = @LTLIBTHREAD@
LTLIBZ = @LTLIBZ@
LT_AGE = @LT_AGE@
LT_CURRENT = @LT_CURRENT@
LT_DANE_AGE = @LT_DANE_AGE@
......@@ -1385,11 +1753,11 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@
PATCH_VERSION = @PATCH_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PMCCABE = @PMCCABE@
POSIX_SHELL = @POSIX_SHELL@
POSUB = @POSUB@
PRAGMA_COLUMNS = @PRAGMA_COLUMNS@
PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@
......@@ -1429,6 +1797,7 @@ REPLACE_FCLOSE = @REPLACE_FCLOSE@
REPLACE_FCNTL = @REPLACE_FCNTL@
REPLACE_FDOPEN = @REPLACE_FDOPEN@
REPLACE_FFLUSH = @REPLACE_FFLUSH@
REPLACE_FFSLL = @REPLACE_FFSLL@
REPLACE_FOPEN = @REPLACE_FOPEN@
REPLACE_FPRINTF = @REPLACE_FPRINTF@
REPLACE_FPURGE = @REPLACE_FPURGE@
......@@ -1482,7 +1851,9 @@ REPLACE_MEMCHR = @REPLACE_MEMCHR@
REPLACE_MEMMEM = @REPLACE_MEMMEM@
REPLACE_MKDIR = @REPLACE_MKDIR@
REPLACE_MKFIFO = @REPLACE_MKFIFO@
REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@
REPLACE_MKNOD = @REPLACE_MKNOD@
REPLACE_MKNODAT = @REPLACE_MKNODAT@
REPLACE_MKSTEMP = @REPLACE_MKSTEMP@
REPLACE_MKTIME = @REPLACE_MKTIME@
REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@
......@@ -1562,6 +1933,7 @@ REPLACE_READ = @REPLACE_READ@
REPLACE_READLINK = @REPLACE_READLINK@
REPLACE_READLINKAT = @REPLACE_READLINKAT@
REPLACE_REALLOC = @REPLACE_REALLOC@
REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@
REPLACE_REALPATH = @REPLACE_REALPATH@
REPLACE_REMOVE = @REPLACE_REMOVE@
REPLACE_RENAME = @REPLACE_RENAME@
......@@ -1594,7 +1966,11 @@ REPLACE_STRSTR = @REPLACE_STRSTR@
REPLACE_STRTOD = @REPLACE_STRTOD@
REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@
REPLACE_STRTOK_R = @REPLACE_STRTOK_R@
REPLACE_STRTOL = @REPLACE_STRTOL@
REPLACE_STRTOLD = @REPLACE_STRTOLD@
REPLACE_STRTOLL = @REPLACE_STRTOLL@
REPLACE_STRTOUL = @REPLACE_STRTOUL@
REPLACE_STRTOULL = @REPLACE_STRTOULL@
REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@
REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@
REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@
......@@ -1636,13 +2012,15 @@ STDALIGN_H = @STDALIGN_H@
STDBOOL_H = @STDBOOL_H@
STDDEF_H = @STDDEF_H@
STDINT_H = @STDINT_H@
STDNORETURN_H = @STDNORETURN_H@
STRIP = @STRIP@
SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@
SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@
TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@
TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@
TROUSERS_LIB = @TROUSERS_LIB@
TSS2_CFLAGS = @TSS2_CFLAGS@
TSS2_LIBS = @TSS2_LIBS@
TSS_CFLAGS = @TSS_CFLAGS@
TSS_LIBS = @TSS_LIBS@
UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@
......@@ -1656,6 +2034,8 @@ UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@
UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
USE_NLS = @USE_NLS@
VALGRIND = @VALGRIND@
VALGRINDFLAGS = @VALGRINDFLAGS@
VALGRIND_PROGRAM = @VALGRIND_PROGRAM@
VERSION = @VERSION@
WARN_CFLAGS = @WARN_CFLAGS@
WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
......@@ -1686,7 +2066,6 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
autogen = @autogen@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
......@@ -1741,6 +2120,7 @@ program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
......@@ -1766,18 +2146,18 @@ DISTCHECK_CONFIGURE_FLAGS = \
SUBDIRS = gl lib extra $(am__append_1) po $(am__append_2) \
$(am__append_3) $(am__append_4) $(am__append_5) \
$(am__append_6) $(am__append_7)
ACLOCAL_AMFLAGS = -I m4 -I src/libopts/m4 -I src/gl/m4 -I lib/unistring/m4 --install
ACLOCAL_AMFLAGS = -I m4 -I src/gl/m4 -I lib/unistring/m4 --install
EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \
ChangeLog THANKS INSTALL.md RELEASES.md
ChangeLog THANKS INSTALL.md RELEASES.md .mailmap
DISTCLEANFILES = AUTHORS
ABIDW_COMMON = --no-show-locs --no-corpus-path
ABIDW_COMMON = --drop-private-types --no-show-locs --no-corpus-path
ABIGNORE_FILE = "$(top_srcdir)/devel/libgnutls.abignore"
SYMBOLS_LAST_FILE = "$(top_srcdir)/devel/symbols.last"
LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/libgnutls-latest-$$(uname -m).abi"
LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/libdane-latest-$$(uname -m).abi"
LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/abi-dump/libgnutls-latest-$$(uname -m).abi"
LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/abi-dump/libdane-latest-$$(uname -m).abi"
ABICHECK_COMMON = --no-added-syms
@CODE_COVERAGE_ENABLED_TRUE@GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
@CODE_COVERAGE_ENABLED_TRUE@GITIGNOREFILES := $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V))
@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY))
@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE);
......@@ -1793,14 +2173,22 @@ ABICHECK_COMMON = --no-added-syms
# sanitizes the test-name: replaces with underscores: dashes and dots
@CODE_COVERAGE_ENABLED_TRUE@code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1)))
@CODE_COVERAGE_ENABLED_TRUE@AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
@CODE_COVERAGE_ENABLED_TRUE@AM_DISTCHECK_CONFIGURE_FLAGS := $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
cligen_sources = \
cligen/cli-codegen.py cligen/cli-docgen.py \
cligen/cligen/__init__.py cligen/cligen/code.py \
cligen/cligen/package.py cligen/cligen/types.py \
cligen/cligen/doc/__init__.py cligen/cligen/doc/man.py \
cligen/cligen/doc/texi.py
noinst_PYTHON = $(cligen_sources)
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
.SUFFIXES:
am--refresh: Makefile
@:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/aminclude_static.am $(am__configure_deps)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/aminclude_static.am $(top_srcdir)/cligen/cligen.mk $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
......@@ -1822,7 +2210,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
esac;
$(top_srcdir)/aminclude_static.am $(am__empty):
$(top_srcdir)/aminclude_static.am $(top_srcdir)/cligen/cligen.mk $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
......@@ -1968,7 +2356,6 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
......@@ -2117,7 +2504,7 @@ distcheck: dist
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
......@@ -2296,11 +2683,13 @@ uninstall-am:
.PRECIOUS: Makefile
AUTHORS:
@echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS
@git shortlog -sen| cut -f 2 | sed 's/@/ at /g' >> AUTHORS
@echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS
@sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS
AUTHORS: Makefile.am .mailmap
$(AM_V_GEN) { \
echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n"; \
git shortlog -sen --no-merges --group author --group trailer:co-authored-by | cut -f 2 | sed 's/@/ at /g'; \
echo -e "\n\nThe translators list is autogenerated from po file history\n"; \
sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u; \
} > $@-t && mv $@-t $@
pic-check:
@echo "Checking for position dependent code"
......@@ -2313,8 +2702,8 @@ abi-dump-versioned: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "**************************************************************************"
@echo "Generating versioned ABI files of current gnutls and gnutls-dane libraries"
@echo "**************************************************************************"
@abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/libgnutls-$(VERSION)-$$(uname -m).abi"
@abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/libdane-$(VERSION)-$$(uname -m).abi"
@abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/abi-dump/libgnutls-$(VERSION)-$$(uname -m).abi"
@abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/abi-dump/libdane-$(VERSION)-$$(uname -m).abi"
abi-dump-latest: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "****************************************************************"
......@@ -2345,7 +2734,7 @@ abi-check-latest: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "Current release matches ABI dump"
@echo "********************************"
abi-check: lib/libgnutls.la libdane/libgnutls-dane.la
@for file in $$(echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \
@for file in $$(echo $(srcdir)/devel/abi-dump/libgnutls-*-$$(uname -m).abi);do \
echo "Comparing libgnutls with $$file"; \
abidiff $${file} lib/.libs/libgnutls.so $(ABICHECK_COMMON) --suppressions $(ABIGNORE_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/" --hd2 $(builddir)/lib/includes/gnutls/; \
if test $$? != 0;then \
......@@ -2355,7 +2744,7 @@ abi-check: lib/libgnutls.la libdane/libgnutls-dane.la
exit 1; \
fi; \
done
@for file in $$(echo $(srcdir)/devel/libdane-*-$$(uname -m).abi);do \
@for file in $$(echo $(srcdir)/devel/abi-dump/libdane-*-$$(uname -m).abi);do \
echo "Comparing libgnutls-dane with $$file"; \
abidiff $${file} libdane/.libs/libgnutls-dane.so $(ABICHECK_COMMON) --hd2 "$(srcdir)/libdane/includes/gnutls/" --hd2 $(builddir)/lib/includes/gnutls/; \
if test $$? != 0;then \
......@@ -2501,14 +2890,7 @@ distclean-local: code-coverage-dist-clean
local-code-coverage-output: code-coverage-capture
cat GnuTLS-$(VERSION)-coverage/index.html|grep headerCovTableEntry|grep '%'|head -1|sed 's/^.*>\([0-9]\+\.[0-9]\+\s*%\)<.*$$/ coverage lines: \1/' || true
libopts-check:
@echo "*****************************************************************"
@echo "Checking whether included libopts matches the system's. If the"
@echo "check fails upgrade the included libopts."
@echo "*****************************************************************"
test "`autoopts-config libsrc|awk -F '-' '{print $$NF}'|sed 's/.tar.gz//'`" = "`cat $(srcdir)/src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`"
files-update: libopts-check abi-dump-latest
files-update:
$(MAKE) -C doc/ compare-makefile || mv doc/tmp-compare-makefile $(srcdir)/doc/Makefile.am
$(MAKE) -C doc/manpages compare-makefile || mv doc/manpages/tmp-compare-makefile $(srcdir)/doc/manpages/Makefile.am
$(MAKE) -C . symbol-check || mv symbols.last.tmp $(SYMBOLS_LAST_FILE)
......@@ -2516,7 +2898,7 @@ files-update: libopts-check abi-dump-latest
@echo "updated auto-generated files; please use git diff to verify the correctness of the changes"
@echo "******************************************************************************************"
dist-hook: libopts-check
dist-hook:
$(PKG_CONFIG) --atleast-version=2.2.0 guile-2.2
if test -d "$(top_srcdir)/devel";then \
$(MAKE) -C $(top_srcdir) symbol-check && \
......@@ -2529,7 +2911,7 @@ dist-hook: libopts-check
mv ChangeLog $(distdir)
touch -c $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update libopts-check AUTHORS
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update AUTHORS
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
......
......@@ -5,6 +5,302 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
See the end for copying conditions.
* Version 3.7.9 (released 2023-02-09)
** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
** API and ABI modifications:
No changes since last version.
* Version 3.7.8 (released 2022-09-27)
** libgnutls: In FIPS140 mode, RSA signature verification is an approved
operation if the key has modulus with known sizes (1024, 1280,
1536, and 1792 bits), in addition to any modulus sizes larger than
2048 bits, according to SP800-131A rev2.
** libgnutls: gnutls_session_channel_binding performs additional checks when
GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
"tls-exporter" channel binding is only usable when the handshake is
bound to a unique master secret (i.e., either TLS 1.3 or extended
master secret extension is negotiated). Otherwise the function now
returns error.
** libgnutls: usage of the following functions, which are designed to
loosen restrictions imposed by allowlisting mode of configuration,
has been additionally restricted. Invoking them is now only allowed
if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled
** API and ABI modifications:
No changes since last version.
* Version 3.7.7 (released 2022-07-28)
** libgnutls: Fixed double free during verification of pkcs7 signatures.
Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium]
[CVE-2022-2509]
** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
equal to 255 times hash digest size, to comply with RFC 5869 2.3.
** libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters (#1323).
** libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
** libgnutls: New block cipher functions have been added to transparently
handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
add/remove padding if the length of the original plaintext is not a multiple
of the block size.
** libgnutls: New function for manual FIPS self-testing.
** API and ABI modifications:
gnutls_fips140_run_self_tests: New function
gnutls_cipher_encrypt3: New function
gnutls_cipher_decrypt3: New function
gnutls_cipher_padding_flags_t: New enum
** guile: Guile 1.8 is no longer supported
** guile: Session record port treats premature termination as EOF
Previously, a ‘gnutls-error’ exception with the
‘error/premature-termination’ value would be thrown while reading from a
session record port when the underlying session was terminated
prematurely. This was inconvenient since users of the port may not be
prepared to handle such an exception.
Reading from the session record port now returns the end-of-file object
instead of throwing an exception, just like it would for a proper
session termination.
** guile: Session record ports can have a ‘close’ procedure.
The ‘session-record-port’ procedure now takes an optional second
parameter, and a new ‘set-session-record-port-close!’ procedure is
provided to specify a ‘close’ procedure for a session record port.
This ‘close’ procedure lets users specify cleanup operations for when
the port is closed, such as closing the file descriptor or port that
backs the underlying session.
* Version 3.7.6 (released 2022-05-27)
** libgnutls: Fixed invalid write when gnutls_realloc_zero()
is called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc (!1592, #1367, #1368, #1369).
** API and ABI modifications:
No changes since last version.
* Version 3.7.5 (released 2022-05-15)
** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority
modifier have been added to disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy (#477). On the other hand, since session
tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now
only disables session tickets in TLS 1.2. Future backward incompatibility:
in the next major release of GnuTLS, we plan to remove those flag and
modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2.
** gnutls-cli, gnutls-serv: Channel binding for printing information
has been changed from tls-unique to tls-exporter as tls-unique is
not supported in TLS 1.3.
** libgnutls: Certificate sanity checks has been enhanced to make
gnutls more RFC 5280 compliant (!1583).
Following changes were included:
- critical extensions are parsed when loading x509
certificate to prohibit any random octet strings.
Requires strict-x509 configure option to be enabled
- garbage bits in Key Usage extension are prohibited
- empty DirectoryStrings in Distinguished name structures
of Issuer and Subject name are prohibited
** libgnutls: Removed 3DES from FIPS approved algorithms (#1353).
According to the section 2 of SP800-131A Rev.2, 3DES algorithm
will be disallowed for encryption after December 31, 2023:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312).
The existing AEAD API that works in a scatter-gather fashion
(gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
For further optimization, new function (gnutls_aead_cipher_set_key) has been
added to set key on the existing AEAD handle without re-allocation.
** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode
when used in TLS (#1311).
** The configure arguments for Brotli and Zstandard (zstd) support
have changed to reflect the previous help text: they are now
--with-brotli/--with-zstd respectively (#1342).
** Detecting the Zstandard (zstd) library in configure has been
fixed (#1343).
** API and ABI modifications:
GNUTLS_NO_TICKETS_TLS12: New flag
gnutls_aead_cipher_set_key: New function
* Version 3.7.4 (released 2022-03-17)
** libgnutls: Added support for certificate compression as defined in RFC8879
(#1301). New API functions (gnutls_compress_certificate_get_selected_method
and gnutls_compress_certificate_set_methods) allow client and server to set
their preferences.
** certtool: Added option --compress-cert that allows user to specify
compression methods for certificate compression.
** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure
option to enforce stricter certificate sanity checks that are compliant with
RFC5280.
** libgnutls: Removed IA5String type from DirectoryString within issuer
and subject name to make DirectoryString RFC5280 compliant.
** libgnutls: Added function (gnutls_record_send_file) to send file content from
open file descriptor (!1486). The implementation is optimized if KTLS (kernel
TLS) is enabled.
** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name of
current ciphersuite from TLS session (#1291).
** libgnutls: The run-time dependency on tpm2-tss is now re-implemented using
dlopen, so GnuTLS does not indirectly link to other crypto libraries until
TPM2 functionality is utilized (!1544).
** API and ABI modifications:
GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
gnutls_compress_certificate_get_selected_method: Added
gnutls_compress_certificate_set_methods: Added
gnutls_ciphersuite_get: New function
gnutls_record_send_file: New function
libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1
* Version 3.7.3 (released 2022-01-17)
** libgnutls: The allowlisting configuration mode has been added to the system-wide
settings. In this mode, all the algorithms are initially marked as insecure
or disabled, while the applications can re-enable them either through the
[overrides] section of the configuration file or the new API (#1172).
** The build infrastructure no longer depends on GNU AutoGen for generating
command-line option handling, template file parsing in certtool, and
documentation generation (#773, #774). This change also removes run-time or
bundled dependency on the libopts library, and requires Python 3.6 or later
to regenerate the distribution tarball.
Note that this brings in known backward incompatibility in command-line
tools, such as long options are now case sensitive, while previously they
were treated in a case insensitive manner: for example --RSA is no longer a
valid option of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and
used as a gnutls_privkey_t (#594). The code was originally written for the
OpenConnect VPN project by David Woodhouse. To generate such blobs, use the
tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
** libgnutls: The library now transparently enables Linux KTLS
(kernel TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls back
to the user space implementation.
** certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
** certtool: The certtool command can now generate, manipulate, and evaluate
x25519 and x448 public keys, private keys, and certificates.
** libgnutls: Disabling a hashing algorithm through "insecure-hash"
configuration directive now also disables TLS ciphersuites that use it as a
PRF algorithm.
** libgnutls: PKCS#12 files are now created with modern algorithms by default
(!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and
HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
default PBKDF2 iteration count has been increased to 600000.
** libgnutls: PKCS#12 keys derived using GOST algorithm now uses
HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to
conform with the latest TC-26 requirements (#1225).
** libgnutls: The library now provides a means to report the status of approved
cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this
complements the existing mechanism to prohibit the use of unapproved
algorithms by making the library unusable state.
** gnutls-cli: The gnutls-cli command now provides a --list-config option to
print the library configuration (!1508).
** libgnutls: Fixed possible race condition in
gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared
among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low]
** API and ABI modifications:
GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t
GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags
gnutls_ecc_curve_set_enabled: Added.
gnutls_sign_set_secure: Added.
gnutls_sign_set_secure_for_certs: Added.
gnutls_digest_set_secure: Added.
gnutls_protocol_set_enabled: Added.
gnutls_fips140_context_init: New function
gnutls_fips140_context_deinit: New function
gnutls_fips140_push_context: New function
gnutls_fips140_pop_context: New function
gnutls_fips140_get_operation_state: New function
gnutls_fips140_operation_state_t: New enum
gnutls_transport_is_ktls_enabled: New function
gnutls_get_library_configuration: New function
* Version 3.7.2 (released 2021-05-29)
** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
to disable TLS 1.3 middlebox compatibility mode
** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
This can be enabled with --enable-afalg configure option, when libkcapi
package is installed (#308).
** libgnutls: Fixed timing of early data exchange. Previously, the client was
sending early data after receiving Server Hello, which not only negates the
benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
same ciphersuite is selected in initial and resumption handshake) (#1146).
** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
copied from the signing CA by default (#1126).
** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
deprecated and will be removed in the future releases.
** certtool: When producing certificates and certificate requests, subject DN
components that are provided individually will now be ordered by
assumed scale (e.g. Country before State, Organization before
OrganizationalUnit). This change also affects the order in which
certtool prompts interactively. Please rely on the template
mechanism for automated use of certtool! (#1243)
** API and ABI modifications:
gnutls_early_cipher_get: Added
gnutls_early_prf_hash_get: Added
** guile: Writes to a session record port no longer throw an exception upon
GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
* Version 3.7.1 (released 2021-03-10)
** libgnutls: Fixed potential use-after-free in sending "key_share"
......
......@@ -2,8 +2,9 @@
|Branch|CI system|Status|Test suite coverage|Fuzzer coverage|
|:----:|:-------:|-----:|:------:|:-------------:|
|Master/3.6.x|Gitlab|[![build status](https://gitlab.com/gnutls/gnutls/badges/master/pipeline.svg)](https://gitlab.com/gnutls/gnutls/commits/master)|[![coverage report](https://gitlab.com/gnutls/gnutls/badges/master/coverage.svg)](https://gnutls.gitlab.io/coverage/master)|[![Fuzzer coverage report](https://gnutls.gitlab.io/coverage/master-fuzz/badge.svg)](https://gnutls.gitlab.io/coverage/master-fuzz)|
|Master/3.6.x|Github Actions|[![build status](https://github.com/gnutls/gnutls/workflows/MacOS%20CI/badge.svg)](https://github.com/gnutls/gnutls/actions)|N/A|N/A|
|Master/3.7.x|Gitlab|[![build status](https://gitlab.com/gnutls/gnutls/badges/master/pipeline.svg)](https://gitlab.com/gnutls/gnutls/commits/master)|[![coverage report](https://gitlab.com/gnutls/gnutls/badges/master/coverage.svg)](https://gnutls.gitlab.io/coverage/master)|[![Fuzzer coverage report](https://gnutls.gitlab.io/coverage/master-fuzz/badge.svg)](https://gnutls.gitlab.io/coverage/master-fuzz)|
|Master/3.7.x|Github Actions|[![build status](https://github.com/gnutls/gnutls/workflows/MacOS%20CI/badge.svg)](https://github.com/gnutls/gnutls/actions)|N/A|N/A|
|3.6.x|Gitlab|[![build status](https://gitlab.com/gnutls/gnutls/badges/gnutls_3_6_x/pipeline.svg)](https://gitlab.com/gnutls/gnutls/commits/gnutls_3_6_x)|N/A|N/A|
# GnuTLS -- Information for developers
......@@ -21,7 +22,7 @@ We require several tools to check out and build the software, including:
* [Make](https://www.gnu.org/software/make/)
* [Automake](https://www.gnu.org/software/automake/) (use 1.11.3 or later)
* [Autoconf](https://www.gnu.org/software/autoconf/)
* [Autogen](https://www.gnu.org/software/autogen/) (use 5.16 or later)
* [Python](https://www.python.org/) (use 3.6 or later)
* [Libtool](https://www.gnu.org/software/libtool/)
* [Gettext](https://www.gnu.org/software/gettext/)
* [Texinfo](https://www.gnu.org/software/texinfo/)
......@@ -42,10 +43,13 @@ We require several tools to check out and build the software, including:
* [bison](https://www.gnu.org/software/bison) (for datetime parser in certtool)
* [libunbound](https://unbound.net/) (for DANE support)
* [libabigail](https://pagure.io/libabigail/) (for abi comparison in make dist)
* [tpm2-tss](https://github.com/tpm2-software/tpm2-tss) (for TPM 2.0 support; optional)
* [tcsd](https://trousers.sourceforge.net/) (for TPM support; optional)
* [swtpm](https://github.com/stefanberger/swtpm) (for TPM test; optional)
* [ncat](https://nmap.org/download.html) (for TPM test; optional)
* [tpm-tools](https://trousers.sourceforge.net/) (for TPM test; optional)
* [tpm2-tools](https://github.com/tpm2-software/tpm2-tools/) (for TPM 2.0 test; optional)
* [tpm2-tss-engine](https://github.com/tpm2-software/tpm2-tss-engine/) (for TPM 2.0 test; optional)
* [ncat](https://nmap.org/download.html) (for TPM test; optional)
* [expect](https://core.tcl.tk/expect/index) (for TPM test; optional)
The required software is typically distributed with your operating
......@@ -55,9 +59,9 @@ some hints:
Debian/Ubuntu:
```
apt-get install -y dash git-core autoconf libtool gettext autopoint
apt-get install -y automake autogen nettle-dev libp11-kit-dev libtspi-dev libunistring-dev
apt-get install -y guile-2.2-dev libtasn1-6-dev libidn2-0-dev gawk gperf
apt-get install -y libunbound-dev dns-root-data bison gtk-doc-tools
apt-get install -y automake python3 nettle-dev libp11-kit-dev libtspi-dev libunistring-dev
apt-get install -y guile-2.2-dev libtasn1-bin libtasn1-6-dev libidn2-0-dev gawk gperf
apt-get install -y libtss2-dev libunbound-dev dns-root-data bison gtk-doc-tools
apt-get install -y texinfo texlive texlive-generic-recommended texlive-extra-utils
```
......@@ -66,14 +70,14 @@ Available backport repos, APT-Pinning or source code compilating can be used to
Fedora/RHEL:
```
yum install -y dash git autoconf libtool gettext-devel automake autogen patch
yum install -y nettle-devel p11-kit-devel autogen-libopts-devel libunistring-devel
yum install -y trousers-devel guile22-devel libtasn1-devel libidn2-devel gawk gperf
yum install -y dash git autoconf libtool gettext-devel automake patch
yum install -y nettle-devel p11-kit-devel libunistring-devel
yum install -y tpm2-tss-devel trousers-devel guile22-devel libtasn1-devel libidn2-devel gawk gperf
yum install -y libtasn1-tools unbound-devel bison gtk-doc texinfo texlive
```
Sometimes, you may need to install more recent versions of Automake,
Nettle, P11-kit and Autogen, which you will need to build from sources.
Nettle, and P11-kit, which you will need to build from sources.
Dependencies that are used during make check or make dist are listed below.
Moreover, for basic interoperability testing you may want to install openssl
......@@ -156,7 +160,7 @@ yum install -y wine mingw32-nettle mingw32-libtasn1 mingw32-gcc
and build as:
```
mingw32-configure --enable-local-libopts --disable-non-suiteb-curves --disable-doc --without-p11-kit
mingw32-configure --disable-non-suiteb-curves --disable-doc --without-p11-kit
mingw32-make
mingw32-make check
```
......
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -14,13 +14,13 @@
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
[m4_warning([this file was generated for autoconf 2.69.
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
[m4_warning([this file was generated for autoconf 2.71.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# Copyright (C) 2002-2020 Free Software Foundation, Inc.
# Copyright (C) 2002-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.16.2], [],
m4_if([$1], [1.16.5], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
......@@ -51,12 +51,12 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.16.2])dnl
[AM_AUTOMAKE_VERSION([1.16.5])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# Copyright (C) 2011-2020 Free Software Foundation, Inc.
# Copyright (C) 2011-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -118,7 +118,7 @@ AC_SUBST([AR])dnl
# Figure out how to run the assembler. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -138,7 +138,7 @@ _AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -190,7 +190,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
# Copyright (C) 1997-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -221,7 +221,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -412,7 +412,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -480,7 +480,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -508,6 +508,10 @@ m4_defn([AC_PROG_CC])
# release and drop the old call support.
AC_DEFUN([AM_INIT_AUTOMAKE],
[AC_PREREQ([2.65])dnl
m4_ifdef([_$0_ALREADY_INIT],
[m4_fatal([$0 expanded multiple times
]m4_defn([_$0_ALREADY_INIT]))],
[m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
dnl Autoconf wants to disallow AM_ names. We explicitly allow
dnl the ones we care about.
m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
......@@ -544,7 +548,7 @@ m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
[_AM_SET_OPTIONS([$1])dnl
dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
m4_if(
m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]),
m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]),
[ok:ok],,
[m4_fatal([AC_INIT should be called with package and version arguments])])dnl
AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
......@@ -596,6 +600,20 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
[m4_define([AC_PROG_OBJCXX],
m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
])
# Variables for tags utilities; see am/tags.am
if test -z "$CTAGS"; then
CTAGS=ctags
fi
AC_SUBST([CTAGS])
if test -z "$ETAGS"; then
ETAGS=etags
fi
AC_SUBST([ETAGS])
if test -z "$CSCOPE"; then
CSCOPE=cscope
fi
AC_SUBST([CSCOPE])
AC_REQUIRE([AM_SILENT_RULES])dnl
dnl The testsuite driver may need to know about EXEEXT, so add the
dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This
......@@ -677,7 +695,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -698,7 +716,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2020 Free Software Foundation, Inc.
# Copyright (C) 2003-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -720,7 +738,7 @@ AC_SUBST([am__leading_dot])])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -755,7 +773,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -798,7 +816,7 @@ AC_SUBST([am__quote])])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
# Copyright (C) 1997-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -819,12 +837,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
if test x"${MISSING+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
*)
MISSING="\${SHELL} $am_aux_dir/missing" ;;
esac
MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
......@@ -837,7 +850,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -866,7 +879,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -913,7 +926,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -992,34 +1005,141 @@ AC_DEFUN([AM_PATH_PYTHON],
])
if test "$PYTHON" = :; then
dnl Run any user-specified action, or abort.
dnl Run any user-specified action, or abort.
m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])])
else
dnl Query Python for its version number. Getting [:3] seems to be
dnl the best way to do this; it's what "site.py" does in the standard
dnl library.
dnl Query Python for its version number. Although site.py simply uses
dnl sys.version[:3], printing that failed with Python 3.10, since the
dnl trailing zero was eliminated. So now we output just the major
dnl and minor version numbers, as numbers. Apparently the tertiary
dnl version is not of interest.
dnl
AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version],
[am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`])
[am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[[:2]])"`])
AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
dnl Use the values of $prefix and $exec_prefix for the corresponding
dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made
dnl distinct variables so they can be overridden if need be. However,
dnl general consensus is that you shouldn't need this ability.
AC_SUBST([PYTHON_PREFIX], ['${prefix}'])
AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}'])
dnl At times (like when building shared libraries) you may want
dnl At times, e.g., when building shared libraries, you may want
dnl to know which OS platform Python thinks this is.
dnl
AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform],
[am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`])
AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
# Just factor out some code duplication.
dnl emacs-page
dnl If --with-python-sys-prefix is given, use the values of sys.prefix
dnl and sys.exec_prefix for the corresponding values of PYTHON_PREFIX
dnl and PYTHON_EXEC_PREFIX. Otherwise, use the GNU ${prefix} and
dnl ${exec_prefix} variables.
dnl
dnl The two are made distinct variables so they can be overridden if
dnl need be, although general consensus is that you shouldn't need
dnl this separation.
dnl
dnl Also allow directly setting the prefixes via configure options,
dnl overriding any default.
dnl
if test "x$prefix" = xNONE; then
am__usable_prefix=$ac_default_prefix
else
am__usable_prefix=$prefix
fi
# Allow user to request using sys.* values from Python,
# instead of the GNU $prefix values.
AC_ARG_WITH([python-sys-prefix],
[AS_HELP_STRING([--with-python-sys-prefix],
[use Python's sys.prefix and sys.exec_prefix values])],
[am_use_python_sys=:],
[am_use_python_sys=false])
# Allow user to override whatever the default Python prefix is.
AC_ARG_WITH([python_prefix],
[AS_HELP_STRING([--with-python_prefix],
[override the default PYTHON_PREFIX])],
[am_python_prefix_subst=$withval
am_cv_python_prefix=$withval
AC_MSG_CHECKING([for explicit $am_display_PYTHON prefix])
AC_MSG_RESULT([$am_cv_python_prefix])],
[
if $am_use_python_sys; then
# using python sys.prefix value, not GNU
AC_CACHE_CHECK([for python default $am_display_PYTHON prefix],
[am_cv_python_prefix],
[am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`])
dnl If sys.prefix is a subdir of $prefix, replace the literal value of
dnl $prefix with a variable reference so it can be overridden.
case $am_cv_python_prefix in
$am__usable_prefix*)
am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
;;
*)
am_python_prefix_subst=$am_cv_python_prefix
;;
esac
else # using GNU prefix value, not python sys.prefix
am_python_prefix_subst='${prefix}'
am_python_prefix=$am_python_prefix_subst
AC_MSG_CHECKING([for GNU default $am_display_PYTHON prefix])
AC_MSG_RESULT([$am_python_prefix])
fi])
# Substituting python_prefix_subst value.
AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
# emacs-page Now do it all over again for Python exec_prefix, but with yet
# another conditional: fall back to regular prefix if that was specified.
AC_ARG_WITH([python_exec_prefix],
[AS_HELP_STRING([--with-python_exec_prefix],
[override the default PYTHON_EXEC_PREFIX])],
[am_python_exec_prefix_subst=$withval
am_cv_python_exec_prefix=$withval
AC_MSG_CHECKING([for explicit $am_display_PYTHON exec_prefix])
AC_MSG_RESULT([$am_cv_python_exec_prefix])],
[
# no explicit --with-python_exec_prefix, but if
# --with-python_prefix was given, use its value for python_exec_prefix too.
AS_IF([test -n "$with_python_prefix"],
[am_python_exec_prefix_subst=$with_python_prefix
am_cv_python_exec_prefix=$with_python_prefix
AC_MSG_CHECKING([for python_prefix-given $am_display_PYTHON exec_prefix])
AC_MSG_RESULT([$am_cv_python_exec_prefix])],
[
# Set am__usable_exec_prefix whether using GNU or Python values,
# since we use that variable for pyexecdir.
if test "x$exec_prefix" = xNONE; then
am__usable_exec_prefix=$am__usable_prefix
else
am__usable_exec_prefix=$exec_prefix
fi
#
if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
AC_CACHE_CHECK([for python default $am_display_PYTHON exec_prefix],
[am_cv_python_exec_prefix],
[am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`])
dnl If sys.exec_prefix is a subdir of $exec_prefix, replace the
dnl literal value of $exec_prefix with a variable reference so it can
dnl be overridden.
case $am_cv_python_exec_prefix in
$am__usable_exec_prefix*)
am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
;;
*)
am_python_exec_prefix_subst=$am_cv_python_exec_prefix
;;
esac
else # using GNU $exec_prefix, not python sys.exec_prefix
am_python_exec_prefix_subst='${exec_prefix}'
am_python_exec_prefix=$am_python_exec_prefix_subst
AC_MSG_CHECKING([for GNU default $am_display_PYTHON exec_prefix])
AC_MSG_RESULT([$am_python_exec_prefix])
fi])])
# Substituting python_exec_prefix_subst.
AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
# Factor out some code duplication into this shell variable.
am_python_setup_sysconfig="\
import sys
# Prefer sysconfig over distutils.sysconfig, for better compatibility
......@@ -1039,96 +1159,95 @@ try:
except ImportError:
pass"
dnl Set up 4 directories:
dnl emacs-page Set up 4 directories:
dnl pythondir -- where to install python scripts. This is the
dnl site-packages directory, not the python standard library
dnl directory like in previous automake betas. This behavior
dnl is more consistent with lispdir.m4 for example.
dnl 1. pythondir: where to install python scripts. This is the
dnl site-packages directory, not the python standard library
dnl directory like in previous automake betas. This behavior
dnl is more consistent with lispdir.m4 for example.
dnl Query distutils for this directory.
AC_CACHE_CHECK([for $am_display_PYTHON script directory],
[am_cv_python_pythondir],
[if test "x$prefix" = xNONE
then
am_py_prefix=$ac_default_prefix
else
am_py_prefix=$prefix
fi
am_cv_python_pythondir=`$PYTHON -c "
dnl
AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)],
[am_cv_python_pythondir],
[if test "x$am_cv_python_prefix" = x; then
am_py_prefix=$am__usable_prefix
else
am_py_prefix=$am_cv_python_prefix
fi
am_cv_python_pythondir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
else:
from distutils import sysconfig
sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
from distutils import sysconfig
sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
sys.stdout.write(sitedir)"`
case $am_cv_python_pythondir in
$am_py_prefix*)
am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
;;
*)
case $am_py_prefix in
/usr|/System*) ;;
*)
am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
;;
esac
;;
#
case $am_cv_python_pythondir in
$am_py_prefix*)
am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
;;
*)
case $am_py_prefix in
/usr|/System*) ;;
*) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
;;
esac
])
;;
esac
])
AC_SUBST([pythondir], [$am_cv_python_pythondir])
dnl pkgpythondir -- $PACKAGE directory under pythondir. Was
dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
dnl more consistent with the rest of automake.
dnl 2. pkgpythondir: $PACKAGE directory under pythondir. Was
dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
dnl more consistent with the rest of automake.
dnl
AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
dnl pyexecdir -- directory for installing python extension modules
dnl (shared libraries)
dnl 3. pyexecdir: directory for installing python extension modules
dnl (shared libraries).
dnl Query distutils for this directory.
AC_CACHE_CHECK([for $am_display_PYTHON extension module directory],
[am_cv_python_pyexecdir],
[if test "x$exec_prefix" = xNONE
then
am_py_exec_prefix=$am_py_prefix
else
am_py_exec_prefix=$exec_prefix
fi
am_cv_python_pyexecdir=`$PYTHON -c "
dnl
AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)],
[am_cv_python_pyexecdir],
[if test "x$am_cv_python_exec_prefix" = x; then
am_py_exec_prefix=$am__usable_exec_prefix
else
am_py_exec_prefix=$am_cv_python_exec_prefix
fi
am_cv_python_pyexecdir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_exec_prefix'})
else:
from distutils import sysconfig
sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
from distutils import sysconfig
sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
sys.stdout.write(sitedir)"`
case $am_cv_python_pyexecdir in
$am_py_exec_prefix*)
am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
;;
*)
case $am_py_exec_prefix in
/usr|/System*) ;;
*)
am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
;;
esac
;;
#
case $am_cv_python_pyexecdir in
$am_py_exec_prefix*)
am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
;;
*)
case $am_py_exec_prefix in
/usr|/System*) ;;
*) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
;;
esac
])
;;
esac
])
AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE)
dnl 4. pkgpyexecdir: $(pyexecdir)/$(PACKAGE)
dnl
AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
dnl Run any user-specified action.
$2
fi
])
......@@ -1151,7 +1270,7 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
sys.exit(sys.hexversion < minverhex)"
AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -1170,7 +1289,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -1251,7 +1370,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2020 Free Software Foundation, Inc.
# Copyright (C) 2009-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -1311,7 +1430,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -1339,7 +1458,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
# Copyright (C) 2006-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -1358,7 +1477,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2020 Free Software Foundation, Inc.
# Copyright (C) 2004-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
......@@ -1494,10 +1613,10 @@ m4_include([lib/unistring/m4/inline.m4])
m4_include([lib/unistring/m4/libunistring-base.m4])
m4_include([src/gl/m4/atoll.m4])
m4_include([src/gl/m4/bison.m4])
m4_include([src/gl/m4/calloc.m4])
m4_include([src/gl/m4/clock_time.m4])
m4_include([src/gl/m4/codeset.m4])
m4_include([src/gl/m4/ctype.m4])
m4_include([src/gl/m4/double-slash-root.m4])
m4_include([src/gl/m4/ctype_h.m4])
m4_include([src/gl/m4/environ.m4])
m4_include([src/gl/m4/error.m4])
m4_include([src/gl/m4/fdopen.m4])
......@@ -1526,7 +1645,6 @@ m4_include([src/gl/m4/locale-tr.m4])
m4_include([src/gl/m4/locale-zh.m4])
m4_include([src/gl/m4/locale_h.m4])
m4_include([src/gl/m4/localename.m4])
m4_include([src/gl/m4/lock.m4])
m4_include([src/gl/m4/lstat.m4])
m4_include([src/gl/m4/mktime.m4])
m4_include([src/gl/m4/nanosleep.m4])
......@@ -1536,11 +1654,12 @@ m4_include([src/gl/m4/perror.m4])
m4_include([src/gl/m4/pipe.m4])
m4_include([src/gl/m4/pthread-thread.m4])
m4_include([src/gl/m4/pthread_h.m4])
m4_include([src/gl/m4/pthread_rwlock_rdlock.m4])
m4_include([src/gl/m4/pthread_sigmask.m4])
m4_include([src/gl/m4/putenv.m4])
m4_include([src/gl/m4/raise.m4])
m4_include([src/gl/m4/reallocarray.m4])
m4_include([src/gl/m4/sched_h.m4])
m4_include([src/gl/m4/sched_yield.m4])
m4_include([src/gl/m4/select.m4])
m4_include([src/gl/m4/semaphore.m4])
m4_include([src/gl/m4/servent.m4])
......@@ -1564,13 +1683,10 @@ m4_include([src/gl/m4/timegm.m4])
m4_include([src/gl/m4/timespec.m4])
m4_include([src/gl/m4/tm_gmtoff.m4])
m4_include([src/gl/m4/tzset.m4])
m4_include([src/gl/m4/ungetc.m4])
m4_include([src/gl/m4/usleep.m4])
m4_include([src/gl/m4/visibility.m4])
m4_include([src/gl/m4/xalloc.m4])
m4_include([src/gl/m4/yield.m4])
m4_include([src/libopts/m4/libopts.m4])
m4_include([src/libopts/m4/stdnoreturn.m4])
m4_include([m4/00gnulib.m4])
m4_include([m4/__inline.m4])
m4_include([m4/absolute-header.m4])
......@@ -1586,6 +1702,7 @@ m4_include([m4/ax_file_escapes.m4])
m4_include([m4/builtin-expect.m4])
m4_include([m4/byteswap.m4])
m4_include([m4/close.m4])
m4_include([m4/double-slash-root.m4])
m4_include([m4/dup2.m4])
m4_include([m4/eealloc.m4])
m4_include([m4/errno_h.m4])
......@@ -1598,6 +1715,7 @@ m4_include([m4/fcntl.m4])
m4_include([m4/fcntl_h.m4])
m4_include([m4/float_h.m4])
m4_include([m4/fopen.m4])
m4_include([m4/free.m4])
m4_include([m4/fseeko.m4])
m4_include([m4/fstat.m4])
m4_include([m4/ftell.m4])
......@@ -1631,6 +1749,7 @@ m4_include([m4/lib-link.m4])
m4_include([m4/lib-prefix.m4])
m4_include([m4/libtool.m4])
m4_include([m4/limits-h.m4])
m4_include([m4/lock.m4])
m4_include([m4/lseek.m4])
m4_include([m4/ltoptions.m4])
m4_include([m4/ltsugar.m4])
......@@ -1655,11 +1774,11 @@ m4_include([m4/open-cloexec.m4])
m4_include([m4/open-slash.m4])
m4_include([m4/open.m4])
m4_include([m4/pathmax.m4])
m4_include([m4/pid_t.m4])
m4_include([m4/pkg.m4])
m4_include([m4/po.m4])
m4_include([m4/printf.m4])
m4_include([m4/progtest.m4])
m4_include([m4/pthread_rwlock_rdlock.m4])
m4_include([m4/read-file.m4])
m4_include([m4/realloc.m4])
m4_include([m4/secure_getenv.m4])
......@@ -1671,7 +1790,6 @@ m4_include([m4/sockpfaf.m4])
m4_include([m4/ssize_t.m4])
m4_include([m4/stat-time.m4])
m4_include([m4/stat.m4])
m4_include([m4/std-gnu11.m4])
m4_include([m4/stdalign.m4])
m4_include([m4/stdbool.m4])
m4_include([m4/stddef_h.m4])
......@@ -1696,6 +1814,7 @@ m4_include([m4/sys_uio_h.m4])
m4_include([m4/threadlib.m4])
m4_include([m4/time_h.m4])
m4_include([m4/time_r.m4])
m4_include([m4/ungetc.m4])
m4_include([m4/unistd_h.m4])
m4_include([m4/valgrind-tests.m4])
m4_include([m4/vasnprintf.m4])
......
# aminclude_static.am generated automatically by Autoconf
# from AX_AM_MACROS_STATIC on Wed Mar 10 12:51:43 CET 2021
# from AX_AM_MACROS_STATIC on Thu Feb 9 15:04:43 CET 2023
# Code coverage
......@@ -60,7 +60,7 @@ CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=$(if $(CODE_COVERAGE_BRANCH_COVERAGE),--
CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
CODE_COVERAGE_IGNORE_PATTERN ?=
GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
GITIGNOREFILES := $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V))
code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY))
code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE);
......@@ -97,7 +97,7 @@ code-coverage-clean:
code-coverage-dist-clean:
AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
AM_DISTCHECK_CONFIGURE_FLAGS := $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
else # ifneq ($(abs_builddir), $(abs_top_builddir))
check-code-coverage:
......
......@@ -4,7 +4,7 @@
me=ar-lib
scriptversion=2019-07-04.01; # UTC
# Copyright (C) 2010-2020 Free Software Foundation, Inc.
# Copyright (C) 2010-2021 Free Software Foundation, Inc.
# Written by Peter Rosin <peda@lysator.liu.se>.
#
# This program is free software; you can redistribute it and/or modify
......
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1999-2021 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2020 Free Software Foundation, Inc.
# Copyright 1992-2021 Free Software Foundation, Inc.
timestamp='2020-12-22'
timestamp='2021-05-24'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
......@@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2020 Free Software Foundation, Inc.
Copyright 1992-2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
......@@ -136,7 +136,7 @@ UNAME_RELEASE=$( (uname -r) 2>/dev/null) || UNAME_RELEASE=unknown
UNAME_SYSTEM=$( (uname -s) 2>/dev/null) || UNAME_SYSTEM=unknown
UNAME_VERSION=$( (uname -v) 2>/dev/null) || UNAME_VERSION=unknown
case "$UNAME_SYSTEM" in
case $UNAME_SYSTEM in
Linux|GNU|GNU/*)
LIBC=unknown
......@@ -176,7 +176,7 @@ esac
# Note: order is significant - the case branches are not exclusive.
case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
......@@ -188,12 +188,11 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
#
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \
"/sbin/$sysctl" 2>/dev/null || \
"/usr/sbin/$sysctl" 2>/dev/null || \
/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
/usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
echo unknown))
case "$UNAME_MACHINE_ARCH" in
case $UNAME_MACHINE_ARCH in
aarch64eb) machine=aarch64_be-unknown ;;
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
......@@ -209,7 +208,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
esac
# The Operating System including object format, if it has switched
# to ELF recently (or will in the future) and ABI.
case "$UNAME_MACHINE_ARCH" in
case $UNAME_MACHINE_ARCH in
earm*)
os=netbsdelf
;;
......@@ -230,7 +229,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
;;
esac
# Determine ABI tags.
case "$UNAME_MACHINE_ARCH" in
case $UNAME_MACHINE_ARCH in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=$(echo "$UNAME_MACHINE_ARCH" | sed -e "$expr")
......@@ -241,7 +240,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
case "$UNAME_VERSION" in
case $UNAME_VERSION in
Debian*)
release='-gnu'
;;
......@@ -262,6 +261,10 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
UNAME_MACHINE_ARCH=$(arch | sed 's/OpenBSD.//')
echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
exit ;;
*:SecBSD:*:*)
UNAME_MACHINE_ARCH=$(arch | sed 's/SecBSD.//')
echo "$UNAME_MACHINE_ARCH"-unknown-secbsd"$UNAME_RELEASE"
exit ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=$(arch | sed 's/^.*BSD\.//')
echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
......@@ -297,6 +300,8 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
echo mips-dec-osf1
exit ;;
alpha:OSF1:*:*)
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
trap '' 0
case $UNAME_RELEASE in
*4.0)
UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $3}')
......@@ -310,7 +315,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=$(/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1)
case "$ALPHA_CPU_TYPE" in
case $ALPHA_CPU_TYPE in
"EV4 (21064)")
UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
......@@ -348,10 +353,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo "$UNAME_MACHINE"-dec-osf"$(echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)"
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
exit $exitcode ;;
exit ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
exit ;;
......@@ -432,7 +434,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
echo sparc-sun-solaris3"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
exit ;;
sun4*:SunOS:*:*)
case "$(/usr/bin/arch -k)" in
case $(/usr/bin/arch -k) in
Series*|S4*)
UNAME_RELEASE=$(uname -v)
;;
......@@ -446,7 +448,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
sun*:*:4.2BSD:*)
UNAME_RELEASE=$( (sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null)
test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
case "$(/bin/arch)" in
case $(/bin/arch) in
sun3)
echo m68k-sun-sunos"$UNAME_RELEASE"
;;
......@@ -662,18 +664,18 @@ EOF
exit ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
case "$UNAME_MACHINE" in
case $UNAME_MACHINE in
9000/31?) HP_ARCH=m68000 ;;
9000/[34]??) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
if test -x /usr/bin/getconf; then
sc_cpu_version=$(/usr/bin/getconf SC_CPU_VERSION 2>/dev/null)
sc_kernel_bits=$(/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null)
case "$sc_cpu_version" in
case $sc_cpu_version in
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "$sc_kernel_bits" in
case $sc_kernel_bits in
32) HP_ARCH=hppa2.0n ;;
64) HP_ARCH=hppa2.0w ;;
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
......@@ -874,7 +876,7 @@ EOF
exit ;;
*:FreeBSD:*:*)
UNAME_PROCESSOR=$(/usr/bin/uname -p)
case "$UNAME_PROCESSOR" in
case $UNAME_PROCESSOR in
amd64)
UNAME_PROCESSOR=x86_64 ;;
i386)
......@@ -898,7 +900,7 @@ EOF
echo "$UNAME_MACHINE"-pc-pw32
exit ;;
*:Interix*:*)
case "$UNAME_MACHINE" in
case $UNAME_MACHINE in
x86)
echo i586-pc-interix"$UNAME_RELEASE"
exit ;;
......@@ -950,7 +952,7 @@ EOF
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
arc:Linux:*:* | arceb:Linux:*:* | arc64:Linux:*:*)
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
arm*:Linux:*:*)
......@@ -1087,7 +1089,7 @@ EOF
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-"$LIBC"
exit ;;
riscv32:Linux:*:* | riscv64:Linux:*:*)
riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
......@@ -1435,10 +1437,9 @@ EOF
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
# shellcheck disable=SC2154
if test "$cputype" = 386; then
if test "${cputype-}" = 386; then
UNAME_MACHINE=i386
else
elif test "x${cputype-}" != x; then
UNAME_MACHINE="$cputype"
fi
echo "$UNAME_MACHINE"-unknown-plan9
......@@ -1469,7 +1470,7 @@ EOF
exit ;;
*:*VMS:*:*)
UNAME_MACHINE=$( (uname -p) 2>/dev/null)
case "$UNAME_MACHINE" in
case $UNAME_MACHINE in
A*) echo alpha-dec-vms ; exit ;;
I*) echo ia64-dec-vms ; exit ;;
V*) echo vax-dec-vms ; exit ;;
......@@ -1483,8 +1484,8 @@ EOF
i*86:rdos:*:*)
echo "$UNAME_MACHINE"-pc-rdos
exit ;;
i*86:AROS:*:*)
echo "$UNAME_MACHINE"-pc-aros
*:AROS:*:*)
echo "$UNAME_MACHINE"-unknown-aros
exit ;;
x86_64:VMkernel:*:*)
echo "$UNAME_MACHINE"-unknown-esx
......@@ -1636,7 +1637,7 @@ test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
echo "$0: unable to guess system type" >&2
case "$UNAME_MACHINE:$UNAME_SYSTEM" in
case $UNAME_MACHINE:$UNAME_SYSTEM in
mips:Linux | mips64:Linux)
# If we got here on MIPS GNU/Linux, output extra information.
cat >&2 <<EOF
......
......@@ -2,7 +2,7 @@
# Output a system dependent set of variables, describing how to set the
# run time search path of shared libraries in an executable.
#
# Copyright 1996-2020 Free Software Foundation, Inc.
# Copyright 1996-2021 Free Software Foundation, Inc.
# Taken from GNU libtool, 2001
# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
#
......@@ -371,7 +371,7 @@ else
hardcode_direct=yes
hardcode_minus_L=yes
;;
freebsd* | dragonfly*)
freebsd* | dragonfly* | midnightbsd*)
hardcode_libdir_flag_spec='-R$libdir'
hardcode_direct=yes
;;
......@@ -547,7 +547,7 @@ case "$host_os" in
freebsd[23].*)
library_names_spec='$libname$shrext$versuffix'
;;
freebsd* | dragonfly*)
freebsd* | dragonfly* | midnightbsd*)
library_names_spec='$libname$shrext'
;;
gnu*)
......
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2020 Free Software Foundation, Inc.
# Copyright 1992-2021 Free Software Foundation, Inc.
timestamp='2020-12-22'
timestamp='2021-04-30'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
......@@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2020 Free Software Foundation, Inc.
Copyright 1992-2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
......@@ -1165,7 +1165,7 @@ case $cpu-$vendor in
| alphapca5[67] | alpha64pca5[67] \
| am33_2.0 \
| amdgcn \
| arc | arceb \
| arc | arceb | arc64 \
| arm | arm[lb]e | arme[lb] | armv* \
| avr | avr32 \
| asmjs \
......@@ -1204,9 +1204,13 @@ case $cpu-$vendor in
| mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa32r3 | mipsisa32r3el \
| mipsisa32r5 | mipsisa32r5el \
| mipsisa32r6 | mipsisa32r6el \
| mipsisa64 | mipsisa64el \
| mipsisa64r2 | mipsisa64r2el \
| mipsisa64r3 | mipsisa64r3el \
| mipsisa64r5 | mipsisa64r5el \
| mipsisa64r6 | mipsisa64r6el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
......@@ -1230,7 +1234,7 @@ case $cpu-$vendor in
| powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
| pru \
| pyramid \
| riscv | riscv32 | riscv64 \
| riscv | riscv32 | riscv32be | riscv64 | riscv64be \
| rl78 | romp | rs6000 | rx \
| s390 | s390x \
| score \
......@@ -1683,11 +1687,14 @@ fi
# Now, validate our (potentially fixed-up) OS.
case $os in
# Sometimes we do "kernel-abi", so those need to count as OSes.
# Sometimes we do "kernel-libc", so those need to count as OSes.
musl* | newlib* | uclibc*)
;;
# Likewise for "kernel-libc"
eabi | eabihf | gnueabi | gnueabihf)
# Likewise for "kernel-abi"
eabi* | gnueabi*)
;;
# VxWorks passes extra cpu info in the 4th filed.
simlinux | simwindows | spe)
;;
# Now accept the basic system types.
# The portable systems comes first.
......@@ -1704,12 +1711,12 @@ case $os in
| nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
| clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
| mirbsd* | netbsd* | dicos* | openedition* | ose* \
| bitrig* | openbsd* | solidbsd* | libertybsd* | os108* \
| bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
| ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
| bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
| ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
| udi* | lites* | ieee* | go32* | aux* | hcos* \
| chorusrdb* | cegcc* | glidix* \
| chorusrdb* | cegcc* | glidix* | serenity* \
| cygwin* | msys* | pe* | moss* | proelf* | rtems* \
| midipix* | mingw32* | mingw64* | mint* \
| uxpv* | beos* | mpeix* | udk* | moxiebox* \
......@@ -1751,6 +1758,8 @@ case $kernel-$os in
;;
kfreebsd*-gnu* | kopensolaris*-gnu*)
;;
vxworks-simlinux | vxworks-simwindows | vxworks-spe)
;;
nto-qnx*)
;;
os2-emx)
......
......@@ -2,9 +2,9 @@
# gendocs.sh -- generate a GNU manual in many formats. This script is
# mentioned in maintain.texi. See the help message below for usage details.
scriptversion=2020-01-01.00
scriptversion=2021-01-01.00
# Copyright 2003-2020 Free Software Foundation, Inc.
# Copyright 2003-2021 Free Software Foundation, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......@@ -73,7 +73,7 @@ texarg="-t @finalout"
version="gendocs.sh $scriptversion
Copyright 2020 Free Software Foundation, Inc.
Copyright 2021 Free Software Foundation, Inc.
There is NO warranty. You may redistribute this software
under the terms of the GNU General Public License.
For more information about these matters, see the files named COPYING."
......
#!/bin/sh
# Determine the dynamically linked dependencies of a program.
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
# Copyright (C) 2006-2021 Free Software Foundation, Inc.
# Written by Bruno Haible <bruno@clisp.org>, 2006.
#
# This program is free software: you can redistribute it and/or modify
......
#! /bin/sh
#! /usr/bin/env sh
## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
## by inline-source v2014-01-03.01
## by inline-source v2019-02-19.15
# libtool (GNU libtool) 2.4.6
# libtool (GNU libtool) 2.4.7
# Provide generalized library-building support services.
# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
# Copyright (C) 1996-2015 Free Software Foundation, Inc.
# Copyright (C) 1996-2019, 2021-2022 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
......@@ -31,8 +31,8 @@
PROGRAM=libtool
PACKAGE=libtool
VERSION=2.4.6
package_revision=2.4.6
VERSION=2.4.7
package_revision=2.4.7
## ------ ##
......@@ -64,34 +64,25 @@ package_revision=2.4.6
# libraries, which are installed to $pkgauxdir.
# Set a version string for this script.
scriptversion=2015-01-20.17; # UTC
scriptversion=2019-02-19.15; # UTC
# General shell script boiler plate, and helper functions.
# Written by Gary V. Vaughan, 2004
# Copyright (C) 2004-2015 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
# As a special exception to the GNU General Public License, if you distribute
# this file as part of a program or library that is built using GNU Libtool,
# you may include this file under the same distribution terms that you use
# for the rest of that program.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# This is free software. There is NO warranty; not even for
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Copyright (C) 2004-2019, 2021 Bootstrap Authors
#
# This file is dual licensed under the terms of the MIT license
# <https://opensource.org/license/MIT>, and GPL version 2 or later
# <http://www.gnu.org/licenses/gpl-2.0.html>. You must apply one of
# these licenses when using or redistributing this software or any of
# the files within it. See the URLs above, or the file `LICENSE`
# included in the Bootstrap distribution for the full license texts.
# Please report bugs or propose patches to gary@gnu.org.
# Please report bugs or propose patches to:
# <https://github.com/gnulib-modules/bootstrap/issues>
## ------ ##
......@@ -139,9 +130,12 @@ do
_G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
fi"
done
# CDPATH.
(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# These NLS vars are set unconditionally (bootstrap issue #24). Unset those
# in case the environment reset is needed later and the $save_* variant is not
# defined (see the code above).
LC_ALL=C
LANGUAGE=C
export LANGUAGE LC_ALL
# Make sure IFS has a sensible default
sp=' '
......@@ -159,6 +153,26 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
# func_unset VAR
# --------------
# Portably unset VAR.
# In some shells, an 'unset VAR' statement leaves a non-zero return
# status if VAR is already unset, which might be problematic if the
# statement is used at the end of a function (thus poisoning its return
# value) or when 'set -e' is active (causing even a spurious abort of
# the script in this case).
func_unset ()
{
{ eval $1=; (eval unset $1) >/dev/null 2>&1 && eval unset $1 || : ; }
}
# Make sure CDPATH doesn't cause `cd` commands to output the target dir.
func_unset CDPATH
# Make sure ${,E,F}GREP behave sanely.
func_unset GREP_OPTIONS
## ------------------------- ##
## Locate command utilities. ##
......@@ -259,7 +273,7 @@ test -z "$SED" && {
rm -f conftest.in conftest.tmp conftest.nl conftest.out
}
func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
func_path_progs "sed gsed" func_check_prog_sed "$PATH:/usr/xpg4/bin"
rm -f conftest.sed
SED=$func_path_progs_result
}
......@@ -295,7 +309,7 @@ test -z "$GREP" && {
rm -f conftest.in conftest.tmp conftest.nl conftest.out
}
func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
func_path_progs "grep ggrep" func_check_prog_grep "$PATH:/usr/xpg4/bin"
GREP=$func_path_progs_result
}
......@@ -360,6 +374,35 @@ sed_double_backslash="\
s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
s/\n//g"
# require_check_ifs_backslash
# ---------------------------
# Check if we can use backslash as IFS='\' separator, and set
# $check_ifs_backshlash_broken to ':' or 'false'.
require_check_ifs_backslash=func_require_check_ifs_backslash
func_require_check_ifs_backslash ()
{
_G_save_IFS=$IFS
IFS='\'
_G_check_ifs_backshlash='a\\b'
for _G_i in $_G_check_ifs_backshlash
do
case $_G_i in
a)
check_ifs_backshlash_broken=false
;;
'')
break
;;
*)
check_ifs_backshlash_broken=:
break
;;
esac
done
IFS=$_G_save_IFS
require_check_ifs_backslash=:
}
## ----------------- ##
## Global variables. ##
......@@ -580,16 +623,16 @@ if test yes = "$_G_HAVE_PLUSEQ_OP"; then
{
$debug_cmd
func_quote_for_eval "$2"
eval "$1+=\\ \$func_quote_for_eval_result"
func_quote_arg pretty "$2"
eval "$1+=\\ \$func_quote_arg_result"
}'
else
func_append_quoted ()
{
$debug_cmd
func_quote_for_eval "$2"
eval "$1=\$$1\\ \$func_quote_for_eval_result"
func_quote_arg pretty "$2"
eval "$1=\$$1\\ \$func_quote_arg_result"
}
fi
......@@ -1091,85 +1134,203 @@ func_relative_path ()
}
# func_quote_for_eval ARG...
# --------------------------
# Aesthetically quote ARGs to be evaled later.
# This function returns two values:
# i) func_quote_for_eval_result
# double-quoted, suitable for a subsequent eval
# ii) func_quote_for_eval_unquoted_result
# has all characters that are still active within double
# quotes backslashified.
func_quote_for_eval ()
# func_quote_portable EVAL ARG
# ----------------------------
# Internal function to portably implement func_quote_arg. Note that we still
# keep attention to performance here so we as much as possible try to avoid
# calling sed binary (so far O(N) complexity as long as func_append is O(1)).
func_quote_portable ()
{
$debug_cmd
func_quote_for_eval_unquoted_result=
func_quote_for_eval_result=
while test 0 -lt $#; do
case $1 in
*[\\\`\"\$]*)
_G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
*)
_G_unquoted_arg=$1 ;;
esac
if test -n "$func_quote_for_eval_unquoted_result"; then
func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
else
func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
$require_check_ifs_backslash
func_quote_portable_result=$2
# one-time-loop (easy break)
while true
do
if $1; then
func_quote_portable_result=`$ECHO "$2" | $SED \
-e "$sed_double_quote_subst" -e "$sed_double_backslash"`
break
fi
case $_G_unquoted_arg in
# Double-quote args containing shell metacharacters to delay
# word splitting, command substitution and variable expansion
# for a subsequent eval.
# Many Bourne shells cannot handle close brackets correctly
# in scan sets, so we specify it separately.
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
_G_quoted_arg=\"$_G_unquoted_arg\"
# Quote for eval.
case $func_quote_portable_result in
*[\\\`\"\$]*)
# Fallback to sed for $func_check_bs_ifs_broken=:, or when the string
# contains the shell wildcard characters.
case $check_ifs_backshlash_broken$func_quote_portable_result in
:*|*[\[\*\?]*)
func_quote_portable_result=`$ECHO "$func_quote_portable_result" \
| $SED "$sed_quote_subst"`
break
;;
esac
func_quote_portable_old_IFS=$IFS
for _G_char in '\' '`' '"' '$'
do
# STATE($1) PREV($2) SEPARATOR($3)
set start "" ""
func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy
IFS=$_G_char
for _G_part in $func_quote_portable_result
do
case $1 in
quote)
func_append func_quote_portable_result "$3$2"
set quote "$_G_part" "\\$_G_char"
;;
start)
set first "" ""
func_quote_portable_result=
;;
first)
set quote "$_G_part" ""
;;
esac
done
done
IFS=$func_quote_portable_old_IFS
;;
*)
_G_quoted_arg=$_G_unquoted_arg
;;
*) ;;
esac
if test -n "$func_quote_for_eval_result"; then
func_append func_quote_for_eval_result " $_G_quoted_arg"
else
func_append func_quote_for_eval_result "$_G_quoted_arg"
fi
shift
break
done
func_quote_portable_unquoted_result=$func_quote_portable_result
case $func_quote_portable_result in
# double-quote args containing shell metacharacters to delay
# word splitting, command substitution and variable expansion
# for a subsequent eval.
# many bourne shells cannot handle close brackets correctly
# in scan sets, so we specify it separately.
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
func_quote_portable_result=\"$func_quote_portable_result\"
;;
esac
}
# func_quote_for_expand ARG
# -------------------------
# Aesthetically quote ARG to be evaled later; same as above,
# but do not quote variable references.
func_quote_for_expand ()
{
$debug_cmd
# func_quotefast_eval ARG
# -----------------------
# Quote one ARG (internal). This is equivalent to 'func_quote_arg eval ARG',
# but optimized for speed. Result is stored in $func_quotefast_eval.
if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then
printf -v _GL_test_printf_tilde %q '~'
if test '\~' = "$_GL_test_printf_tilde"; then
func_quotefast_eval ()
{
printf -v func_quotefast_eval_result %q "$1"
}
else
# Broken older Bash implementations. Make those faster too if possible.
func_quotefast_eval ()
{
case $1 in
'~'*)
func_quote_portable false "$1"
func_quotefast_eval_result=$func_quote_portable_result
;;
*)
printf -v func_quotefast_eval_result %q "$1"
;;
esac
}
fi
else
func_quotefast_eval ()
{
func_quote_portable false "$1"
func_quotefast_eval_result=$func_quote_portable_result
}
fi
case $1 in
*[\\\`\"]*)
_G_arg=`$ECHO "$1" | $SED \
-e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
*)
_G_arg=$1 ;;
# func_quote_arg MODEs ARG
# ------------------------
# Quote one ARG to be evaled later. MODEs argument may contain zero or more
# specifiers listed below separated by ',' character. This function returns two
# values:
# i) func_quote_arg_result
# double-quoted (when needed), suitable for a subsequent eval
# ii) func_quote_arg_unquoted_result
# has all characters that are still active within double
# quotes backslashified. Available only if 'unquoted' is specified.
#
# Available modes:
# ----------------
# 'eval' (default)
# - escape shell special characters
# 'expand'
# - the same as 'eval'; but do not quote variable references
# 'pretty'
# - request aesthetic output, i.e. '"a b"' instead of 'a\ b'. This might
# be used later in func_quote to get output like: 'echo "a b"' instead
# of 'echo a\ b'. This is slower than default on some shells.
# 'unquoted'
# - produce also $func_quote_arg_unquoted_result which does not contain
# wrapping double-quotes.
#
# Examples for 'func_quote_arg pretty,unquoted string':
#
# string | *_result | *_unquoted_result
# ------------+-----------------------+-------------------
# " | \" | \"
# a b | "a b" | a b
# "a b" | "\"a b\"" | \"a b\"
# * | "*" | *
# z="${x-$y}" | "z=\"\${x-\$y}\"" | z=\"\${x-\$y}\"
#
# Examples for 'func_quote_arg pretty,unquoted,expand string':
#
# string | *_result | *_unquoted_result
# --------------+---------------------+--------------------
# z="${x-$y}" | "z=\"${x-$y}\"" | z=\"${x-$y}\"
func_quote_arg ()
{
_G_quote_expand=false
case ,$1, in
*,expand,*)
_G_quote_expand=:
;;
esac
case $_G_arg in
# Double-quote args containing shell metacharacters to delay
# word splitting and command substitution for a subsequent eval.
# Many Bourne shells cannot handle close brackets correctly
# in scan sets, so we specify it separately.
*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
_G_arg=\"$_G_arg\"
case ,$1, in
*,pretty,*|*,expand,*|*,unquoted,*)
func_quote_portable $_G_quote_expand "$2"
func_quote_arg_result=$func_quote_portable_result
func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result
;;
*)
# Faster quote-for-eval for some shells.
func_quotefast_eval "$2"
func_quote_arg_result=$func_quotefast_eval_result
;;
esac
}
func_quote_for_expand_result=$_G_arg
# func_quote MODEs ARGs...
# ------------------------
# Quote all ARGs to be evaled later and join them into single command. See
# func_quote_arg's description for more info.
func_quote ()
{
$debug_cmd
_G_func_quote_mode=$1 ; shift
func_quote_result=
while test 0 -lt $#; do
func_quote_arg "$_G_func_quote_mode" "$1"
if test -n "$func_quote_result"; then
func_append func_quote_result " $func_quote_arg_result"
else
func_append func_quote_result "$func_quote_arg_result"
fi
shift
done
}
......@@ -1215,8 +1376,8 @@ func_show_eval ()
_G_cmd=$1
_G_fail_exp=${2-':'}
func_quote_for_expand "$_G_cmd"
eval "func_notquiet $func_quote_for_expand_result"
func_quote_arg pretty,expand "$_G_cmd"
eval "func_notquiet $func_quote_arg_result"
$opt_dry_run || {
eval "$_G_cmd"
......@@ -1241,8 +1402,8 @@ func_show_eval_locale ()
_G_fail_exp=${2-':'}
$opt_quiet || {
func_quote_for_expand "$_G_cmd"
eval "func_echo $func_quote_for_expand_result"
func_quote_arg expand,pretty "$_G_cmd"
eval "func_echo $func_quote_arg_result"
}
$opt_dry_run || {
......@@ -1369,30 +1530,26 @@ func_lt_ver ()
# End:
#! /bin/sh
# Set a version string for this script.
scriptversion=2014-01-07.03; # UTC
# A portable, pluggable option parser for Bourne shell.
# Written by Gary V. Vaughan, 2010
# Copyright (C) 2010-2015 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# This is free software. There is NO warranty; not even for
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Copyright (C) 2010-2019, 2021 Bootstrap Authors
#
# This file is dual licensed under the terms of the MIT license
# <https://opensource.org/license/MIT>, and GPL version 2 or later
# <http://www.gnu.org/licenses/gpl-2.0.html>. You must apply one of
# these licenses when using or redistributing this software or any of
# the files within it. See the URLs above, or the file `LICENSE`
# included in the Bootstrap distribution for the full license texts.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Please report bugs or propose patches to:
# <https://github.com/gnulib-modules/bootstrap/issues>
# Please report bugs or propose patches to gary@gnu.org.
# Set a version string for this script.
scriptversion=2019-02-19.15; # UTC
## ------ ##
......@@ -1415,7 +1572,7 @@ scriptversion=2014-01-07.03; # UTC
#
# In order for the '--version' option to work, you will need to have a
# suitably formatted comment like the one at the top of this file
# starting with '# Written by ' and ending with '# warranty; '.
# starting with '# Written by ' and ending with '# Copyright'.
#
# For '-h' and '--help' to work, you will also need a one line
# description of your script's purpose in a comment directly above the
......@@ -1427,7 +1584,7 @@ scriptversion=2014-01-07.03; # UTC
# to display verbose messages only when your user has specified
# '--verbose'.
#
# After sourcing this file, you can plug processing for additional
# After sourcing this file, you can plug in processing for additional
# options by amending the variables from the 'Configuration' section
# below, and following the instructions in the 'Option parsing'
# section further down.
......@@ -1476,8 +1633,8 @@ fatal_help="Try '\$progname --help' for more information."
## ------------------------- ##
# This section contains functions for adding, removing, and running hooks
# to the main code. A hook is just a named list of of function, that can
# be run in order later on.
# in the main code. A hook is just a list of function names that can be
# run in order later on.
# func_hookable FUNC_NAME
# -----------------------
......@@ -1510,7 +1667,8 @@ func_add_hook ()
# func_remove_hook FUNC_NAME HOOK_FUNC
# ------------------------------------
# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
# Remove HOOK_FUNC from the list of hook functions to be called by
# FUNC_NAME.
func_remove_hook ()
{
$debug_cmd
......@@ -1519,10 +1677,28 @@ func_remove_hook ()
}
# func_propagate_result FUNC_NAME_A FUNC_NAME_B
# ---------------------------------------------
# If the *_result variable of FUNC_NAME_A _is set_, assign its value to
# *_result variable of FUNC_NAME_B.
func_propagate_result ()
{
$debug_cmd
func_propagate_result_result=:
if eval "test \"\${${1}_result+set}\" = set"
then
eval "${2}_result=\$${1}_result"
else
func_propagate_result_result=false
fi
}
# func_run_hooks FUNC_NAME [ARG]...
# ---------------------------------
# Run all hook functions registered to FUNC_NAME.
# It is assumed that the list of hook functions contains nothing more
# It's assumed that the list of hook functions contains nothing more
# than a whitespace-delimited list of legal shell function names, and
# no effort is wasted trying to catch shell meta-characters or preserve
# whitespace.
......@@ -1532,22 +1708,19 @@ func_run_hooks ()
case " $hookable_fns " in
*" $1 "*) ;;
*) func_fatal_error "'$1' does not support hook funcions.n" ;;
*) func_fatal_error "'$1' does not support hook functions." ;;
esac
eval _G_hook_fns=\$$1_hooks; shift
for _G_hook in $_G_hook_fns; do
eval $_G_hook '"$@"'
# store returned options list back into positional
# parameters for next 'cmd' execution.
eval _G_hook_result=\$${_G_hook}_result
eval set dummy "$_G_hook_result"; shift
func_unset "${_G_hook}_result"
eval $_G_hook '${1+"$@"}'
func_propagate_result $_G_hook func_run_hooks
if $func_propagate_result_result; then
eval set dummy "$func_run_hooks_result"; shift
fi
done
func_quote_for_eval ${1+"$@"}
func_run_hooks_result=$func_quote_for_eval_result
}
......@@ -1557,10 +1730,18 @@ func_run_hooks ()
## --------------- ##
# In order to add your own option parsing hooks, you must accept the
# full positional parameter list in your hook function, remove any
# options that you action, and then pass back the remaining unprocessed
# options in '<hooked_function_name>_result', escaped suitably for
# 'eval'. Like this:
# full positional parameter list from your hook function. You may remove
# or edit any options that you action, and then pass back the remaining
# unprocessed options in '<hooked_function_name>_result', escaped
# suitably for 'eval'.
#
# The '<hooked_function_name>_result' variable is automatically unset
# before your hook gets called; for best performance, only set the
# *_result variable when necessary (i.e. don't call the 'func_quote'
# function unnecessarily because it can be an expensive operation on some
# machines).
#
# Like this:
#
# my_options_prep ()
# {
......@@ -1570,9 +1751,8 @@ func_run_hooks ()
# usage_message=$usage_message'
# -s, --silent don'\''t print informational messages
# '
#
# func_quote_for_eval ${1+"$@"}
# my_options_prep_result=$func_quote_for_eval_result
# # No change in '$@' (ignored completely by this hook). Leave
# # my_options_prep_result variable intact.
# }
# func_add_hook func_options_prep my_options_prep
#
......@@ -1581,25 +1761,36 @@ func_run_hooks ()
# {
# $debug_cmd
#
# # Note that for efficiency, we parse as many options as we can
# args_changed=false
#
# # Note that, for efficiency, we parse as many options as we can
# # recognise in a loop before passing the remainder back to the
# # caller on the first unrecognised argument we encounter.
# while test $# -gt 0; do
# opt=$1; shift
# case $opt in
# --silent|-s) opt_silent=: ;;
# --silent|-s) opt_silent=:
# args_changed=:
# ;;
# # Separate non-argument short options:
# -s*) func_split_short_opt "$_G_opt"
# set dummy "$func_split_short_opt_name" \
# "-$func_split_short_opt_arg" ${1+"$@"}
# shift
# args_changed=:
# ;;
# *) set dummy "$_G_opt" "$*"; shift; break ;;
# *) # Make sure the first unrecognised option "$_G_opt"
# # is added back to "$@" in case we need it later,
# # if $args_changed was set to 'true'.
# set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
# esac
# done
#
# func_quote_for_eval ${1+"$@"}
# my_silent_option_result=$func_quote_for_eval_result
# # Only call 'func_quote' here if we processed at least one argument.
# if $args_changed; then
# func_quote eval ${1+"$@"}
# my_silent_option_result=$func_quote_result
# fi
# }
# func_add_hook func_parse_options my_silent_option
#
......@@ -1610,17 +1801,26 @@ func_run_hooks ()
#
# $opt_silent && $opt_verbose && func_fatal_help "\
# '--silent' and '--verbose' options are mutually exclusive."
#
# func_quote_for_eval ${1+"$@"}
# my_option_validation_result=$func_quote_for_eval_result
# }
# func_add_hook func_validate_options my_option_validation
#
# You'll alse need to manually amend $usage_message to reflect the extra
# You'll also need to manually amend $usage_message to reflect the extra
# options you parse. It's preferable to append if you can, so that
# multiple option parsing hooks can be added safely.
# func_options_finish [ARG]...
# ----------------------------
# Finishing the option parse loop (call 'func_options' hooks ATM).
func_options_finish ()
{
$debug_cmd
func_run_hooks func_options ${1+"$@"}
func_propagate_result func_run_hooks func_options_finish
}
# func_options [ARG]...
# ---------------------
# All the functions called inside func_options are hookable. See the
......@@ -1630,17 +1830,27 @@ func_options ()
{
$debug_cmd
func_options_prep ${1+"$@"}
eval func_parse_options \
${func_options_prep_result+"$func_options_prep_result"}
eval func_validate_options \
${func_parse_options_result+"$func_parse_options_result"}
_G_options_quoted=false
eval func_run_hooks func_options \
${func_validate_options_result+"$func_validate_options_result"}
for my_func in options_prep parse_options validate_options options_finish
do
func_unset func_${my_func}_result
func_unset func_run_hooks_result
eval func_$my_func '${1+"$@"}'
func_propagate_result func_$my_func func_options
if $func_propagate_result_result; then
eval set dummy "$func_options_result"; shift
_G_options_quoted=:
fi
done
# save modified positional parameters for caller
func_options_result=$func_run_hooks_result
$_G_options_quoted || {
# As we (func_options) are top-level options-parser function and
# nobody quoted "$@" for us yet, we need to do it explicitly for
# caller.
func_quote eval ${1+"$@"}
func_options_result=$func_quote_result
}
}
......@@ -1649,9 +1859,8 @@ func_options ()
# All initialisations required before starting the option parse loop.
# Note that when calling hook functions, we pass through the list of
# positional parameters. If a hook function modifies that list, and
# needs to propogate that back to rest of this script, then the complete
# modified list must be put in 'func_run_hooks_result' before
# returning.
# needs to propagate that back to rest of this script, then the complete
# modified list must be put in 'func_run_hooks_result' before returning.
func_hookable func_options_prep
func_options_prep ()
{
......@@ -1662,9 +1871,7 @@ func_options_prep ()
opt_warning_types=
func_run_hooks func_options_prep ${1+"$@"}
# save modified positional parameters for caller
func_options_prep_result=$func_run_hooks_result
func_propagate_result func_run_hooks func_options_prep
}
......@@ -1676,25 +1883,32 @@ func_parse_options ()
{
$debug_cmd
func_parse_options_result=
_G_parse_options_requote=false
# this just eases exit handling
while test $# -gt 0; do
# Defer to hook functions for initial option parsing, so they
# get priority in the event of reusing an option name.
func_run_hooks func_parse_options ${1+"$@"}
# Adjust func_parse_options positional parameters to match
eval set dummy "$func_run_hooks_result"; shift
func_propagate_result func_run_hooks func_parse_options
if $func_propagate_result_result; then
eval set dummy "$func_parse_options_result"; shift
# Even though we may have changed "$@", we passed the "$@" array
# down into the hook and it quoted it for us (because we are in
# this if-branch). No need to quote it again.
_G_parse_options_requote=false
fi
# Break out of the loop if we already parsed every option.
test $# -gt 0 || break
# We expect that one of the options parsed in this function matches
# and thus we remove _G_opt from "$@" and need to re-quote.
_G_match_parse_options=:
_G_opt=$1
shift
case $_G_opt in
--debug|-x) debug_cmd='set -x'
func_echo "enabling shell trace mode"
func_echo "enabling shell trace mode" >&2
$debug_cmd
;;
......@@ -1704,7 +1918,10 @@ func_parse_options ()
;;
--warnings|--warning|-W)
test $# = 0 && func_missing_arg $_G_opt && break
if test $# = 0 && func_missing_arg $_G_opt; then
_G_parse_options_requote=:
break
fi
case " $warning_categories $1" in
*" $1 "*)
# trailing space prevents matching last $1 above
......@@ -1757,15 +1974,24 @@ func_parse_options ()
shift
;;
--) break ;;
--) _G_parse_options_requote=: ; break ;;
-*) func_fatal_help "unrecognised option: '$_G_opt'" ;;
*) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
*) set dummy "$_G_opt" ${1+"$@"}; shift
_G_match_parse_options=false
break
;;
esac
if $_G_match_parse_options; then
_G_parse_options_requote=:
fi
done
# save modified positional parameters for caller
func_quote_for_eval ${1+"$@"}
func_parse_options_result=$func_quote_for_eval_result
if $_G_parse_options_requote; then
# save modified positional parameters for caller
func_quote eval ${1+"$@"}
func_parse_options_result=$func_quote_result
fi
}
......@@ -1782,12 +2008,10 @@ func_validate_options ()
test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
func_run_hooks func_validate_options ${1+"$@"}
func_propagate_result func_run_hooks func_validate_options
# Bail if the options were screwed!
$exit_cmd $EXIT_FAILURE
# save modified positional parameters for caller
func_validate_options_result=$func_run_hooks_result
}
......@@ -1843,8 +2067,8 @@ func_missing_arg ()
# func_split_equals STRING
# ------------------------
# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
# splitting STRING at the '=' sign.
# Set func_split_equals_lhs and func_split_equals_rhs shell variables
# after splitting STRING at the '=' sign.
test -z "$_G_HAVE_XSI_OPS" \
&& (eval 'x=a/b/c;
test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
......@@ -1859,8 +2083,9 @@ then
func_split_equals_lhs=${1%%=*}
func_split_equals_rhs=${1#*=}
test "x$func_split_equals_lhs" = "x$1" \
&& func_split_equals_rhs=
if test "x$func_split_equals_lhs" = "x$1"; then
func_split_equals_rhs=
fi
}'
else
# ...otherwise fall back to using expr, which is often a shell builtin.
......@@ -1870,7 +2095,7 @@ else
func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
func_split_equals_rhs=
test "x$func_split_equals_lhs" = "x$1" \
test "x$func_split_equals_lhs=" = "x$1" \
|| func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
}
fi #func_split_equals
......@@ -1896,7 +2121,7 @@ else
{
$debug_cmd
func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
func_split_short_opt_name=`expr "x$1" : 'x\(-.\)'`
func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
}
fi #func_split_short_opt
......@@ -1938,31 +2163,44 @@ func_usage_message ()
# func_version
# ------------
# Echo version message to standard output and exit.
# The version message is extracted from the calling file's header
# comments, with leading '# ' stripped:
# 1. First display the progname and version
# 2. Followed by the header comment line matching /^# Written by /
# 3. Then a blank line followed by the first following line matching
# /^# Copyright /
# 4. Immediately followed by any lines between the previous matches,
# except lines preceding the intervening completely blank line.
# For example, see the header comments of this file.
func_version ()
{
$debug_cmd
printf '%s\n' "$progname $scriptversion"
$SED -n '
/(C)/!b go
:more
/\./!{
N
s|\n# | |
b more
}
:go
/^# Written by /,/# warranty; / {
s|^# ||
s|^# *$||
s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
p
/^# Written by /!b
s|^# ||; p; n
:fwd2blnk
/./ {
n
b fwd2blnk
}
/^# Written by / {
s|^# ||
p
p; n
:holdwrnt
s|^# ||
s|^# *$||
/^Copyright /!{
/./H
n
b holdwrnt
}
/^warranty; /q' < "$progpath"
s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
G
s|\(\n\)\n*|\1|g
p; q' < "$progpath"
exit $?
}
......@@ -1972,12 +2210,12 @@ func_version ()
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
# time-stamp-pattern: "30/scriptversion=%:y-%02m-%02d.%02H; # UTC"
# time-stamp-time-zone: "UTC"
# End:
# Set a version string.
scriptversion='(GNU libtool) 2.4.6'
scriptversion='(GNU libtool) 2.4.7'
# func_echo ARG...
......@@ -2068,7 +2306,7 @@ include the following information:
compiler: $LTCC
compiler flags: $LTCFLAGS
linker: $LD (gnu? $with_gnu_ld)
version: $progname (GNU libtool) 2.4.6
version: $progname (GNU libtool) 2.4.7
automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
......@@ -2270,6 +2508,8 @@ libtool_options_prep ()
nonopt=
preserve_args=
_G_rc_lt_options_prep=:
# Shorthand for --mode=foo, only valid as the first argument
case $1 in
clean|clea|cle|cl)
......@@ -2293,11 +2533,16 @@ libtool_options_prep ()
uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
shift; set dummy --mode uninstall ${1+"$@"}; shift
;;
*)
_G_rc_lt_options_prep=false
;;
esac
# Pass back the list of options.
func_quote_for_eval ${1+"$@"}
libtool_options_prep_result=$func_quote_for_eval_result
if $_G_rc_lt_options_prep; then
# Pass back the list of options.
func_quote eval ${1+"$@"}
libtool_options_prep_result=$func_quote_result
fi
}
func_add_hook func_options_prep libtool_options_prep
......@@ -2309,9 +2554,12 @@ libtool_parse_options ()
{
$debug_cmd
_G_rc_lt_parse_options=false
# Perform our own loop to consume as many options as possible in
# each iteration.
while test $# -gt 0; do
_G_match_lt_parse_options=:
_G_opt=$1
shift
case $_G_opt in
......@@ -2386,15 +2634,20 @@ libtool_parse_options ()
func_append preserve_args " $_G_opt"
;;
# An option not handled by this hook function:
*) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
# An option not handled by this hook function:
*) set dummy "$_G_opt" ${1+"$@"} ; shift
_G_match_lt_parse_options=false
break
;;
esac
$_G_match_lt_parse_options && _G_rc_lt_parse_options=:
done
# save modified positional parameters for caller
func_quote_for_eval ${1+"$@"}
libtool_parse_options_result=$func_quote_for_eval_result
if $_G_rc_lt_parse_options; then
# save modified positional parameters for caller
func_quote eval ${1+"$@"}
libtool_parse_options_result=$func_quote_result
fi
}
func_add_hook func_parse_options libtool_parse_options
......@@ -2415,17 +2668,10 @@ libtool_validate_options ()
# preserve --debug
test : = "$debug_cmd" || func_append preserve_args " --debug"
case $host in
# Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
# see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
*cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
# don't eliminate duplications in $postdeps and $predeps
opt_duplicate_compiler_generated_deps=:
;;
*)
opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
;;
esac
# Keeping compiler generated duplicates in $postdeps and $predeps is not
# harmful, and is necessary in a majority of systems that use it to satisfy
# symbol dependencies.
opt_duplicate_compiler_generated_deps=:
$opt_help || {
# Sanity checks first:
......@@ -2451,8 +2697,8 @@ libtool_validate_options ()
}
# Pass back the unparsed argument list
func_quote_for_eval ${1+"$@"}
libtool_validate_options_result=$func_quote_for_eval_result
func_quote eval ${1+"$@"}
libtool_validate_options_result=$func_quote_result
}
func_add_hook func_validate_options libtool_validate_options
......@@ -3418,8 +3664,8 @@ func_mode_compile ()
esac
done
func_quote_for_eval "$libobj"
test "X$libobj" != "X$func_quote_for_eval_result" \
func_quote_arg pretty "$libobj"
test "X$libobj" != "X$func_quote_arg_result" \
&& $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
&& func_warning "libobj name '$libobj' may not contain shell special characters."
func_dirname_and_basename "$obj" "/" ""
......@@ -3492,8 +3738,8 @@ compiler."
func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
srcfile=$func_to_tool_file_result
func_quote_for_eval "$srcfile"
qsrcfile=$func_quote_for_eval_result
func_quote_arg pretty "$srcfile"
qsrcfile=$func_quote_arg_result
# Only build a PIC object if we are building libtool libraries.
if test yes = "$build_libtool_libs"; then
......@@ -3648,7 +3894,8 @@ This mode accepts the following additional options:
-prefer-non-pic try to build non-PIC objects only
-shared do not build a '.o' file suitable for static linking
-static only build a '.o' file suitable for static linking
-Wc,FLAG pass FLAG directly to the compiler
-Wc,FLAG
-Xcompiler FLAG pass FLAG directly to the compiler
COMPILE-COMMAND is a command to be used in creating a 'standard' object file
from the given SOURCEFILE.
......@@ -3754,6 +4001,8 @@ The following components of LINK-COMMAND are treated specially:
-weak LIBNAME declare that the target provides the LIBNAME interface
-Wc,FLAG
-Xcompiler FLAG pass linker-specific FLAG directly to the compiler
-Wa,FLAG
-Xassembler FLAG pass linker-specific FLAG directly to the assembler
-Wl,FLAG
-Xlinker FLAG pass linker-specific FLAG directly to the linker
-XCClinker FLAG pass link-specific FLAG to the compiler driver (CC)
......@@ -4096,8 +4345,8 @@ func_mode_install ()
case $nonopt in *shtool*) :;; *) false;; esac
then
# Aesthetically quote it.
func_quote_for_eval "$nonopt"
install_prog="$func_quote_for_eval_result "
func_quote_arg pretty "$nonopt"
install_prog="$func_quote_arg_result "
arg=$1
shift
else
......@@ -4107,8 +4356,8 @@ func_mode_install ()
# The real first argument should be the name of the installation program.
# Aesthetically quote it.
func_quote_for_eval "$arg"
func_append install_prog "$func_quote_for_eval_result"
func_quote_arg pretty "$arg"
func_append install_prog "$func_quote_arg_result"
install_shared_prog=$install_prog
case " $install_prog " in
*[\\\ /]cp\ *) install_cp=: ;;
......@@ -4165,12 +4414,12 @@ func_mode_install ()
esac
# Aesthetically quote the argument.
func_quote_for_eval "$arg"
func_append install_prog " $func_quote_for_eval_result"
func_quote_arg pretty "$arg"
func_append install_prog " $func_quote_arg_result"
if test -n "$arg2"; then
func_quote_for_eval "$arg2"
func_quote_arg pretty "$arg2"
fi
func_append install_shared_prog " $func_quote_for_eval_result"
func_append install_shared_prog " $func_quote_arg_result"
done
test -z "$install_prog" && \
......@@ -4181,8 +4430,8 @@ func_mode_install ()
if test -n "$install_override_mode" && $no_mode; then
if $install_cp; then :; else
func_quote_for_eval "$install_override_mode"
func_append install_shared_prog " -m $func_quote_for_eval_result"
func_quote_arg pretty "$install_override_mode"
func_append install_shared_prog " -m $func_quote_arg_result"
fi
fi
......@@ -4478,8 +4727,8 @@ func_mode_install ()
relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
$opt_quiet || {
func_quote_for_expand "$relink_command"
eval "func_echo $func_quote_for_expand_result"
func_quote_arg expand,pretty "$relink_command"
eval "func_echo $func_quote_arg_result"
}
if eval "$relink_command"; then :
else
......@@ -5258,7 +5507,8 @@ else
if test \"\$libtool_execute_magic\" != \"$magic\"; then
file=\"\$0\""
qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
func_quote_arg pretty "$ECHO"
qECHO=$func_quote_arg_result
$ECHO "\
# A function that is used when there is no print builtin or printf.
......@@ -5268,7 +5518,7 @@ func_fallback_echo ()
\$1
_LTECHO_EOF'
}
ECHO=\"$qECHO\"
ECHO=$qECHO
fi
# Very basic option parsing. These options are (a) specific to
......@@ -6611,9 +6861,9 @@ func_mode_link ()
while test "$#" -gt 0; do
arg=$1
shift
func_quote_for_eval "$arg"
qarg=$func_quote_for_eval_unquoted_result
func_append libtool_args " $func_quote_for_eval_result"
func_quote_arg pretty,unquoted "$arg"
qarg=$func_quote_arg_unquoted_result
func_append libtool_args " $func_quote_arg_result"
# If the previous option needs an argument, assign it.
if test -n "$prev"; then
......@@ -6849,6 +7099,13 @@ func_mode_link ()
prev=
continue
;;
xassembler)
func_append compiler_flags " -Xassembler $qarg"
prev=
func_append compile_command " -Xassembler $qarg"
func_append finalize_command " -Xassembler $qarg"
continue
;;
xcclinker)
func_append linker_flags " $qarg"
func_append compiler_flags " $qarg"
......@@ -7019,7 +7276,7 @@ func_mode_link ()
# These systems don't actually have a C library (as such)
test X-lc = "X$arg" && continue
;;
*-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
*-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*)
# Do not include libc due to us having libc/libc_r.
test X-lc = "X$arg" && continue
;;
......@@ -7039,7 +7296,7 @@ func_mode_link ()
esac
elif test X-lc_r = "X$arg"; then
case $host in
*-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
*-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*)
# Do not include libc_r directly, use -pthread flag.
continue
;;
......@@ -7069,8 +7326,20 @@ func_mode_link ()
prev=xcompiler
continue
;;
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
# Solaris ld rejects as of 11.4. Refer to Oracle bug 22985199.
-pthread)
case $host in
*solaris2*) ;;
*)
case "$new_inherited_linker_flags " in
*" $arg "*) ;;
* ) func_append new_inherited_linker_flags " $arg" ;;
esac
;;
esac
continue
;;
-mt|-mthreads|-kthread|-Kthread|-pthreads|--thread-safe \
|-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
func_append compiler_flags " $arg"
func_append compile_command " $arg"
......@@ -7211,9 +7480,9 @@ func_mode_link ()
save_ifs=$IFS; IFS=,
for flag in $args; do
IFS=$save_ifs
func_quote_for_eval "$flag"
func_append arg " $func_quote_for_eval_result"
func_append compiler_flags " $func_quote_for_eval_result"
func_quote_arg pretty "$flag"
func_append arg " $func_quote_arg_result"
func_append compiler_flags " $func_quote_arg_result"
done
IFS=$save_ifs
func_stripname ' ' '' "$arg"
......@@ -7227,16 +7496,21 @@ func_mode_link ()
save_ifs=$IFS; IFS=,
for flag in $args; do
IFS=$save_ifs
func_quote_for_eval "$flag"
func_append arg " $wl$func_quote_for_eval_result"
func_append compiler_flags " $wl$func_quote_for_eval_result"
func_append linker_flags " $func_quote_for_eval_result"
func_quote_arg pretty "$flag"
func_append arg " $wl$func_quote_arg_result"
func_append compiler_flags " $wl$func_quote_arg_result"
func_append linker_flags " $func_quote_arg_result"
done
IFS=$save_ifs
func_stripname ' ' '' "$arg"
arg=$func_stripname_result
;;
-Xassembler)
prev=xassembler
continue
;;
-Xcompiler)
prev=xcompiler
continue
......@@ -7254,8 +7528,8 @@ func_mode_link ()
# -msg_* for osf cc
-msg_*)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_quote_arg pretty "$arg"
arg=$func_quote_arg_result
;;
# Flags to be passed through unchanged, with rationale:
......@@ -7274,12 +7548,15 @@ func_mode_link ()
# -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
# -specs=* GCC specs files
# -stdlib=* select c++ std lib with clang
# -fsanitize=* Clang/GCC memory and address sanitizer
# -fuse-ld=* Linker select flags for GCC
# -Wa,* Pass flags directly to the assembler
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-specs=*)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
-specs=*|-fsanitize=*|-fuse-ld=*|-Wa,*)
func_quote_arg pretty "$arg"
arg=$func_quote_arg_result
func_append compile_command " $arg"
func_append finalize_command " $arg"
func_append compiler_flags " $arg"
......@@ -7300,15 +7577,15 @@ func_mode_link ()
continue
else
# Otherwise treat like 'Some other compiler flag' below
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_quote_arg pretty "$arg"
arg=$func_quote_arg_result
fi
;;
# Some other compiler flag.
-* | +*)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_quote_arg pretty "$arg"
arg=$func_quote_arg_result
;;
*.$objext)
......@@ -7428,8 +7705,8 @@ func_mode_link ()
*)
# Unknown arguments in both finalize_command and compile_command need
# to be aesthetically quoted because they are evaled later.
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_quote_arg pretty "$arg"
arg=$func_quote_arg_result
;;
esac # arg
......@@ -8634,7 +8911,7 @@ func_mode_link ()
test CXX = "$tagname" && {
case $host_os in
linux*)
case `$CC -V 2>&1 | sed 5q` in
case `$CC -V 2>&1 | $SED 5q` in
*Sun\ C*) # Sun C++ 5.9
func_suncc_cstd_abi
......@@ -8807,7 +9084,7 @@ func_mode_link ()
#
case $version_type in
# correct linux to gnu/linux during the next big refactor
darwin|freebsd-elf|linux|osf|windows|none)
darwin|freebsd-elf|linux|midnightbsd-elf|osf|windows|none)
func_arith $number_major + $number_minor
current=$func_arith_result
age=$number_minor
......@@ -8898,7 +9175,7 @@ func_mode_link ()
versuffix=.$current.$revision
;;
freebsd-elf)
freebsd-elf | midnightbsd-elf)
func_arith $current - $age
major=.$func_arith_result
versuffix=$major.$age.$revision
......@@ -9124,7 +9401,7 @@ func_mode_link ()
*-*-netbsd*)
# Don't link with libc until the a.out ld.so is fixed.
;;
*-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
*-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*)
# Do not include libc due to us having libc/libc_r.
;;
*-*-sco3.2v5* | *-*-sco5v6*)
......@@ -9935,8 +10212,8 @@ EOF
for cmd in $concat_cmds; do
IFS=$save_ifs
$opt_quiet || {
func_quote_for_expand "$cmd"
eval "func_echo $func_quote_for_expand_result"
func_quote_arg expand,pretty "$cmd"
eval "func_echo $func_quote_arg_result"
}
$opt_dry_run || eval "$cmd" || {
lt_exit=$?
......@@ -10029,8 +10306,8 @@ EOF
eval cmd=\"$cmd\"
IFS=$save_ifs
$opt_quiet || {
func_quote_for_expand "$cmd"
eval "func_echo $func_quote_for_expand_result"
func_quote_arg expand,pretty "$cmd"
eval "func_echo $func_quote_arg_result"
}
$opt_dry_run || eval "$cmd" || {
lt_exit=$?
......@@ -10504,12 +10781,13 @@ EOF
elif eval var_value=\$$var; test -z "$var_value"; then
relink_command="$var=; export $var; $relink_command"
else
func_quote_for_eval "$var_value"
relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
func_quote_arg pretty "$var_value"
relink_command="$var=$func_quote_arg_result; export $var; $relink_command"
fi
done
relink_command="(cd `pwd`; $relink_command)"
relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
func_quote eval cd "`pwd`"
func_quote_arg pretty,unquoted "($func_quote_result; $relink_command)"
relink_command=$func_quote_arg_unquoted_result
fi
# Only actually do things if not in dry run mode.
......@@ -10749,13 +11027,15 @@ EOF
elif eval var_value=\$$var; test -z "$var_value"; then
relink_command="$var=; export $var; $relink_command"
else
func_quote_for_eval "$var_value"
relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
func_quote_arg pretty,unquoted "$var_value"
relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command"
fi
done
# Quote the link command for shipping.
relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
func_quote eval cd "`pwd`"
relink_command="($func_quote_result; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
func_quote_arg pretty,unquoted "$relink_command"
relink_command=$func_quote_arg_unquoted_result
if test yes = "$hardcode_automatic"; then
relink_command=
fi
......