Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • pkg/gnutls28
  • not_a_robot/gnutls28
  • detlev/gnutls28
3 results
Show changes
Commits on Source (58)
  • Andreas Metzler's avatar
    Import Debian changes 3.4.10-4 · ff2cf297
    Andreas Metzler authored
    gnutls28 (3.4.10-4) unstable; urgency=medium
    
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    
    gnutls28 (3.4.10-3) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.10-2) experimental; urgency=medium
    
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    
    gnutls28 (3.4.10-1) experimental; urgency=medium
    
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    
    gnutls28 (3.4.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.9-1) experimental; urgency=medium
    
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    
    gnutls28 (3.4.8-3) unstable; urgency=medium
    
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    
    gnutls28 (3.4.8-2) unstable; urgency=medium
    
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    
    gnutls28 (3.4.8-1) experimental; urgency=medium
    
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.4.7-1) experimental; urgency=medium
    
      * New upstream version.
        + Update symbol file.
    
    gnutls28 (3.4.6-1) experimental; urgency=medium
    
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    
    gnutls28 (3.4.5-1) experimental; urgency=medium
    
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    
      [ Andreas Metzler ]
      * New upstream version.
    
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    
    gnutls28 (3.4.3-1) experimental; urgency=medium
    
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    
    gnutls28 (3.4.2-2) experimental; urgency=medium
    
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    
    gnutls28 (3.4.2-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    
    gnutls28 (3.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    
    gnutls28 (3.3.20-1) unstable; urgency=medium
    
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.3.19-1) unstable; urgency=medium
    
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    
    gnutls28 (3.3.18-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.3.17-1) unstable; urgency=medium
    
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    
    gnutls28 (3.3.16-2) unstable; urgency=medium
    
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    
    gnutls28 (3.3.16-1) unstable; urgency=medium
    
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    
    gnutls28 (3.3.15-7) unstable; urgency=medium
    
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    
    gnutls28 (3.3.15-6) unstable; urgency=high
    
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    
    gnutls28 (3.3.15-5) unstable; urgency=medium
    
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    
    gnutls28 (3.3.15-4) experimental; urgency=medium
    
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    
    gnutls28 (3.3.15-3) experimental; urgency=medium
    
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    
    gnutls28 (3.3.15-2) unstable; urgency=medium
    
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    
    gnutls28 (3.3.15-1) unstable; urgency=medium
    
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    
    gnutls28 (3.3.14-3) experimental; urgency=medium
    
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    
    gnutls28 (3.3.14-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    
    gnutls28 (3.3.14-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    
    gnutls28 (3.3.13-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    
    gnutls28 (3.3.12-1) experimental; urgency=medium
    
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    
    gnutls28 (3.3.11-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    
    gnutls28 (3.3.10-2) experimental; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.10-1) experimental; urgency=medium
    
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    
    gnutls28 (3.3.9-1) experimental; urgency=medium
    
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    
    gnutls28 (3.3.8-7) unstable; urgency=medium
    
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    
    gnutls28 (3.3.8-6) unstable; urgency=medium
    
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    
    gnutls28 (3.3.8-5) unstable; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.8-4) unstable; urgency=high
    
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    
    gnutls28 (3.3.8-3) unstable; urgency=high
    
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    
    gnutls28 (3.3.8-2) unstable; urgency=medium
    
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    
    gnutls28 (3.3.8-1) experimental; urgency=medium
    
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    
    gnutls28 (3.3.7-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.3.7-1) experimental; urgency=medium
    
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    
    gnutls28 (3.3.6-2) unstable; urgency=medium
    
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    
    gnutls28 (3.3.6-1) experimental; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    
    gnutls28 (3.3.5-1) experimental; urgency=medium
    
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    
    gnutls28 (3.3.3-1) experimental; urgency=medium
    
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    
    gnutls28 (3.3.2-2) experimental; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    
    gnutls28 (3.3.2-1) experimental; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    
    gnutls28 (3.3.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    
    gnutls28 (3.3.0-2) experimental; urgency=medium
    
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.3.0-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    
    gnutls28 (3.2.16-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.2.15-3) unstable; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    
    gnutls28 (3.2.15-2) unstable; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    
    gnutls28 (3.2.15-1) unstable; urgency=high
    
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    
    gnutls28 (3.2.14-1) unstable; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    
    gnutls28 (3.2.13-2) unstable; urgency=medium
    
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.2.13-1) unstable; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
    
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop superfluous patches: 
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    
    gnutls28 (3.2.11-2) unstable; urgency=high
    
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    
    gnutls28 (3.2.11-1) unstable; urgency=high
    
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    
    gnutls28 (3.2.10-2) unstable; urgency=high
    
      * Upload to unstable.
    
    gnutls28 (3.2.10-1) experimental; urgency=high
    
      * New upstream version.
      * New symbols exported, bump shlibs.
    
    gnutls28 (3.2.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.2.9-1) experimental; urgency=medium
    
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    
    gnutls28 (3.2.7-4) experimental; urgency=low
    
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    
    gnutls28 (3.2.7-3) unstable; urgency=low
    
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.7-2) experimental; urgency=low
    
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    
    gnutls28 (3.2.7-1) experimental; urgency=low
    
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    
    gnutls28 (3.2.6-2) experimental; urgency=low
    
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    
    gnutls28 (3.2.6-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.2.5-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    
    gnutls28 (3.2.4-5) experimental; urgency=low
    
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    
    gnutls28 (3.2.4-4) unstable; urgency=low
    
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    
    gnutls28 (3.2.4-3) unstable; urgency=low
    
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    
    gnutls28 (3.2.4-2) unstable; urgency=low
    
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    
    gnutls28 (3.2.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    
    gnutls28 (3.2.3-3) experimental; urgency=low
    
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    
    gnutls28 (3.2.3-2) experimental; urgency=low
    
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    
    gnutls28 (3.2.3-1) unstable; urgency=low
    
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    
    gnutls28 (3.2.2-2) unstable; urgency=low
    
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff 
    
    gnutls28 (3.2.2-1) unstable; urgency=low
    
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    
    gnutls28 (3.2.1-2) unstable; urgency=low
    
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    
    gnutls28 (3.2.1-1) experimental; urgency=low
    
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    
    gnutls28 (3.1.12-2) unstable; urgency=low
    
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    
    gnutls28 (3.1.12-1) experimental; urgency=low
    
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    
    gnutls28 (3.1.11-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.1.10-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
    
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    
    gnutls28 (3.1.8-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.1.7-1) experimental; urgency=low
    
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    
    gnutls28 (3.1.6-1) experimental; urgency=low
    
      * Update watchfile, based on Bart Martens version for gnutls26 on 
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF. 
    
    gnutls28 (3.1.5-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    
    gnutls28 (3.1.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    
    gnutls28 (3.1.3-1) experimental; urgency=low
    
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    
    gnutls28 (3.1.2-1) experimental; urgency=low
    
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    
    gnutls28 (3.1.1-1) experimental; urgency=low
    
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    
    gnutls28 (3.1.0-5) experimental; urgency=low
    
      * 43_possiblefix.diff might fix the test suite error.
    
    gnutls28 (3.1.0-4) experimental; urgency=low
    
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    
    gnutls28 (3.1.0-3) experimental; urgency=low
    
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    
    gnutls28 (3.1.0-2) experimental; urgency=low
    
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    
    gnutls28 (3.1.0-1) experimental; urgency=low
    
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    
    gnutls28 (3.0.22-2) unstable; urgency=low
    
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    
    gnutls28 (3.0.22-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.21-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    
    gnutls28 (3.0.20-3) unstable; urgency=low
    
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    
    gnutls28 (3.0.20-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.20-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    
    gnutls28 (3.0.19-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.19-1) experimental; urgency=low
    
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    
    gnutls28 (3.0.18-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.18-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    
    gnutls28 (3.0.17-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.17-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.15-2) experimental; urgency=low
    
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    
    gnutls28 (3.0.15-1) experimental; urgency=low
    
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    
    gnutls28 (3.0.14-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    
    gnutls28 (3.0.13-1) experimental; urgency=low
    
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    
    gnutls28 (3.0.12-2) unstable; urgency=low
    
      * De-multiarch guile-gnutls. Closes: #658110
    
    gnutls28 (3.0.12-1) unstable; urgency=low
    
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    
    gnutls28 (3.0.11-1) unstable; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.10-1) unstable; urgency=low
    
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    
    gnutls28 (3.0.9-2) unstable; urgency=low
    
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    
    gnutls28 (3.0.9-1) experimental; urgency=low
    
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    
    gnutls28 (3.0.8-2) unstable; urgency=low
    
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    
    gnutls28 (3.0.8-1) experimental; urgency=low
    
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.7-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    
    gnutls28 (3.0.4-2) experimental; urgency=low
    
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    
    gnutls28 (3.0.4-1) experimental; urgency=low
    
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    
    gnutls28 (3.0.3-1) experimental; urgency=low
    
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    
    gnutls28 (3.0.2-1) experimental; urgency=low
    
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    
    gnutls28 (3.0.1-1) experimental; urgency=low
    
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service. 
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    
    gnutls28 (3.0.0-2) experimental; urgency=low
    
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    
    gnutls28 (3.0.0-1) experimental; urgency=low
    
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    
    gnutls26 (2.12.7-4) unstable; urgency=low
    
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    
    gnutls26 (2.12.7-3) experimental; urgency=low
    
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.12.7-2) experimental; urgency=low
    
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with 
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    
    gnutls26 (2.12.7-1) experimental; urgency=low
    
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    
    gnutls26 (2.12.5-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    
    gnutls26 (2.12.4-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    
    gnutls26 (2.12.3-1) experimental; urgency=low
    
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    
    gnutls26 (2.12.2-2) experimental; urgency=low
    
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    
    gnutls26 (2.12.2-1) experimental; urgency=low
    
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    
    gnutls26 (2.12.1-1) experimental; urgency=low
    
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    
    gnutls26 (2.12.0-1) experimental; urgency=low
    
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    
    gnutls26 (2.11.7-2) experimental; urgency=low
    
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    
    gnutls26 (2.11.7-1) experimental; urgency=low
    
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    
    gnutls26 (2.11.6-2) experimental; urgency=low
    
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    
    gnutls26 (2.11.6-1) experimental; urgency=low
    
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.5-3) unstable; urgency=medium
    
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.10.5-2) unstable; urgency=low
    
      * Stop shipping libtool la files.
    
    gnutls26 (2.10.5-1) unstable; urgency=low
    
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.4-2) unstable; urgency=low
    
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    
    gnutls26 (2.10.4-1) experimental; urgency=low
    
      * New upstream release. V1 CAs are trusted by default.
    
    gnutls26 (2.10.3-1) experimental; urgency=low
    
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    
    gnutls26 (2.10.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    
    gnutls26 (2.10.1-1) experimental; urgency=low
    
      * Update package descriptions. Closes: #588067
      * New upstream version.
    
    gnutls26 (2.10.0-2) experimental; urgency=low
    
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    
    gnutls26 (2.10.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Point watchfile to stable releases.
    
    gnutls26 (2.9.12-2) experimental; urgency=low
    
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    
    gnutls26 (2.9.12-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.9.11-1) experimental; urgency=low
    
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    
    gnutls26 (2.9.10-2) experimental; urgency=low
    
      * [15_gnutlspriority.diff] Restore compatibility with programs using 
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    
    gnutls26 (2.9.10-1) experimental; urgency=low
    
      * New upstream version.
      * New functions added, bump shlibs.
    
    gnutls26 (2.9.9-1) experimental; urgency=low
    
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    
    gnutls26 (2.8.6-1) unstable; urgency=low
    
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us 
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    
    gnutls26 (2.8.5-2) unstable; urgency=low
    
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    
    gnutls26 (2.8.5-1) unstable; urgency=low
    
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    
    gnutls26 (2.8.4-2) unstable; urgency=high
    
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    
    gnutls26 (2.8.4-1) unstable; urgency=low
    
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    
    gnutls26 (2.8.3-3) unstable; urgency=low
    
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    
    gnutls26 (2.8.3-2) unstable; urgency=low
    
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    
    gnutls26 (2.8.3-1) unstable; urgency=high
    
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    
    gnutls26 (2.8.1-2) unstable; urgency=low
    
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    
    gnutls26 (2.8.1-1) experimental; urgency=low
    
      * New upstream stable release.
    
    gnutls26 (2.7.14-1) experimental; urgency=low
    
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    
    gnutls26 (2.7.12-1) experimental; urgency=low
    
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    
    gnutls26 (2.6.6-1) unstable; urgency=high
    
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    
    gnutls26 (2.6.5-1) unstable; urgency=low
    
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    
    gnutls26 (2.6.4-2) unstable; urgency=low
    
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    
    gnutls26 (2.6.4-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.6.3-1) experimental; urgency=low
    
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    
    gnutls26 (2.6.2-2) experimental; urgency=low
    
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    
    gnutls26 (2.6.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    
    gnutls26 (2.6.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    
    gnutls26 (2.5.9-1) experimental; urgency=low
    
      * New upstream development version.
      * Bump shlibs.
    
    gnutls26 (2.4.2-6) unstable; urgency=medium
    
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes. 
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    
    gnutls26 (2.4.2-5) unstable; urgency=low
    
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    
    gnutls26 (2.4.2-4) unstable; urgency=medium
    
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    
    gnutls26 (2.4.2-3) unstable; urgency=low
    
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    
    gnutls26 (2.4.2-2) unstable; urgency=medium
    
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    
    gnutls26 (2.4.2-1) unstable; urgency=low
    
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    
    gnutls26 (2.4.1-1) unstable; urgency=medium
    
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    
    gnutls26 (2.4.0-2) unstable; urgency=low
    
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    
    gnutls26 (2.4.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    
    gnutls26 (2.3.15-1) experimental; urgency=low
    
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    
    gnutls26 (2.3.14-1) experimental; urgency=low
    
      * New upstream version. (rc3)
    
    gnutls26 (2.3.13-1) experimental; urgency=low
    
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    
    gnutls26 (2.3.12-1) experimental; urgency=low
    
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    
    gnutls26 (2.3.11-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    
    gnutls26 (2.2.5-1) unstable; urgency=high
    
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    
    gnutls26 (2.3.9-1) experimental; urgency=low
    
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    
    gnutls26 (2.2.3-1) unstable; urgency=low
    
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    
    gnutls26 (2.2.2-1) unstable; urgency=low
    
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    
    gnutls26 (2.2.1-3) unstable; urgency=low
    
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    
    gnutls26 (2.2.1-2) unstable; urgency=low
    
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    
    gnutls26 (2.2.1-1) experimental; urgency=low
    
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    
    gnutls26 (2.2.0-1) experimental; urgency=low
    
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    
    gnutls26 (2.1.7-1) experimental; urgency=low
    
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    
    gnutls25 (2.1.6-2) experimental; urgency=low
    
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    
    gnutls25 (2.1.6-1) experimental; urgency=low
    
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    
    gnutls13 (2.0.1-1) unstable; urgency=low
    
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    
    gnutls13 (1.7.19-1) unstable; urgency=low
    
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    
    gnutls13 (1.7.18-2) unstable; urgency=low
    
      * Upload to unstable
    
    gnutls13 (1.7.18-1) experimental; urgency=low
    
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    
    gnutls13 (1.7.16-1) experimental; urgency=low
    
      * New upstream version 1.7.16.
    
    gnutls13 (1.7.14-1) experimental; urgency=low
    
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    
    gnutls13 (1.7.12-1) experimental; urgency=low
    
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    
    gnutls13 (1.7.9-1) experimental; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    
    gnutls13 (1.7.7-1) experimental; urgency=low
    
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    
    gnutls13 (1.6.3-1) unstable; urgency=low
    
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    
    gnutls13 (1.6.2-2) unstable; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    
    gnutls13 (1.6.2-1) unstable; urgency=low
    
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    
    gnutls13 (1.6.1-2) unstable; urgency=low
    
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    
    gnutls13 (1.6.1-1) experimental; urgency=low
    
      [ James Westby ]
      * New upstream release.
    
    gnutls13 (1.6.0-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls13 (1.5.3-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    
    gnutls13 (1.4.4-3) unstable; urgency=low
    
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    
    gnutls13 (1.4.4-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    
    gnutls13 (1.4.4-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    
    gnutls13 (1.4.3-2) unstable; urgency=low
    
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    
    gnutls13 (1.4.3-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    
    gnutls13 (1.4.2-1) unstable; urgency=medium
    
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    
    gnutls13 (1.4.1-1) unstable; urgency=low
    
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    
    gnutls13 (1.4.0-3) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    
    gnutls13 (1.4.0-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    
    gnutls13 (1.4.0-1) experimental; urgency=low
    
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    
    gnutls13 (1.3.5-1) unstable; urgency=low
    
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    
    gnutls12 (1.2.9-2) unstable; urgency=low
    
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    
    gnutls12 (1.2.9-1) unstable; urgency=low
    
      * New Upstream version.
    
    gnutls12 (1.2.8-1) unstable; urgency=low
    
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    
    gnutls12 (1.2.6-1) unstable; urgency=low
    
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    
    gnutls12 (1.2.5-3) unstable; urgency=high
    
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    
    gnutls12 (1.2.5-2) unstable; urgency=medium
    
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    
    gnutls12 (1.2.5-1) unstable; urgency=low
    
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    
    gnutls11 (1.0.19-1) experimental; urgency=low
    
      * Merged with the latest stable release.
    
    gnutls11 (1.0.16-13) unstable; urgency=high
    
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    
    gnutls11 (1.0.16-12) unstable; urgency=high
    
      * Fixed a segfault in certtool. Closes: #278361.
    
    gnutls11 (1.0.16-11) unstable; urgency=medium
    
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    
    gnutls11 (1.0.16-10) unstable; urgency=high
    
      * Fixed one instance of uninitialized memory usage.
    
    gnutls11 (1.0.16-9) unstable; urgency=high
    
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    
    gnutls11 (1.0.16-8) unstable; urgency=high
    
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    
    gnutls11 (1.0.16-7) unstable; urgency=low
    
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    
    gnutls11 (1.0.16-6) unstable; urgency=medium
    
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    
    gnutls11 (1.0.16-5) unstable; urgency=low
    
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    
    gnutls11 (1.0.16-4) unstable; urgency=low
    
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    
    gnutls11 (1.0.16-3) unstable; urgency=high
    
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    
    gnutls11 (1.0.16-2) unstable; urgency=high
    
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    
    gnutls11 (1.0.16-1) experimental; urgency=low
    
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    
    gnutls10 (1.0.4-4) unstable; urgency=low
    
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    
    gnutls10 (1.0.4-3) unstable; urgency=low
    
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    
    gnutls10 (1.0.4-2) unstable; urgency=low
    
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    
    gnutls10 (1.0.4-1) unstable; urgency=low
    
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:  
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    
    gnutls10 (1.0.0-1) unstable; urgency=low
    
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    
    gnutls8 (0.9.99-1) experimental; urgency=low
    
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    
    gnutls8 (0.9.98-1) experimental; urgency=low
    
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    
    gnutls8 (0.9.95-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls8 (0.9.94-1) experimental; urgency=low
    
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    ff2cf297
  • Apertis package maintainers's avatar
    e1d89f40
  • Sjoerd Simons's avatar
    da30a6e7
  • Ritesh Raj Sarraf's avatar
    1976be16
  • Marc Deslauriers's avatar
    Import Debian changes 3.4.10-4ubuntu1.7 · 66a52c6e
    Marc Deslauriers authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
    gnutls28 (3.4.10-4ubuntu1.7) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Allow re-enabling SHA1 for certificate signing with a
        priority string (LP: #1860656)
        - debian/patches/allow_broken_priority_string.patch: introduce the
          %VERIFY_ALLOW_BROKEN priority string option.
        - debian/patches/allow_sha1_priority_string.patch: introduce the
          %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string option.
    
    gnutls28 (3.4.10-4ubuntu1.6) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Mark SHA1 as insecure for certificate signing
        - debian/patches/insecuresha1-*.patch: backport upstream patches to
          allow marking SHA1 as insecure, but only for certificate signing.
        - debian/libgnutls30.symbols: added new symbol.
    
    gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Lucky-13 issues
        - debian/patches/CVE-2018-1084x-1.patch: correctly account the length
          field in SHA384 HMAC in lib/algorithms/mac.c, lib/gnutls_cipher.c.
        - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of
          blocks that would have been on minimum pad in lib/gnutls_cipher.c.
        - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under
          SSL3.0 in lib/gnutls_cipher.c.
        - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
          ciphersuites were removed from defaults in lib/gnutls_priority.c,
          tests/priorities.c.
        - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in
          tests/pkcs12_encode.c.
        - CVE-2018-10844
        - CVE-2018-10845
        - CVE-2018-10846
    
    gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium
    
      * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
        OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
        which includes TLS1.2 support. (LP: #1709193)
    
    gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium
    
      * SECURITY UPDATE: null pointer dereference via status response TLS
        extension decoding
        - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
          properly deinitialized in lib/ext/status_request.c.
        - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
          from client extension in lib/ext/status_request.c.
        - debian/patches/CVE-2017-7507-3.patch: documented requirements for
          parameters in lib/ext/status_request.c.
        - CVE-2017-7507
      * SECURITY UPDATE: DoS and possible code execution via OpenPGP
        certificate decoding
        - debian/patches/CVE-2017-7869.patch: enforce packet limits in
          lib/opencdk/read-packet.c.
        - CVE-2017-7869
    
    gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium
    
      * SECURITY UPDATE: OCSP validation issue
        - debian/patches/CVE-2016-7444.patch: correctly verify the serial
          length in lib/x509/ocsp.c.
        - CVE-2016-7444
      * SECURITY UPDATE: denial of service via warning alerts
        - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
          messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
          lib/gnutls_state.c.
        - CVE-2016-8610
      * SECURITY UPDATE: double-free when reading proxy language
        - debian/patches/CVE-2017-5334.patch: fix double-free in
          lib/x509/x509_ext.c.
        - CVE-2017-5334
      * SECURITY UPDATE: out of memory error in stream reading functions
        - debian/patches/CVE-2017-5335.patch: add error checking to
          lib/opencdk/read-packet.c.
        - CVE-2017-5335
      * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
        - debian/patches/CVE-2017-5336.patch: check return code in
          lib/opencdk/pubkey.c.
        - CVE-2017-5336
      * SECURITY UPDATE: heap read overflow when reading streams
        - debian/patches/CVE-2017-5337.patch: add more precise checks to
          lib/opencdk/read-packet.c.
        - CVE-2017-5337
      * debian/patches/fix_expired_certs.patch: use datefudge to fix test with
        expired certs.
    
    gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium
    
      * SRU: LP: #1592693.
      * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools
        in xenial.
    
    gnutls28 (3.4.10-4ubuntu1) xenial; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Make gnutls28 default.
        - debian/patches/disable_global_init_override_test.patch: disable failing
          test.
    
    gnutls28 (3.4.10-4) unstable; urgency=medium
    
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    
    gnutls28 (3.4.10-3) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.10-2) experimental; urgency=medium
    
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    
    gnutls28 (3.4.10-1) experimental; urgency=medium
    
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    
    gnutls28 (3.4.9-2ubuntu1) xenial; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Make gnutls28 default.
        - debian/patches/disable_global_init_override_test.patch: disable failing
          test.
    
    gnutls28 (3.4.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.4.9-1) experimental; urgency=medium
    
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    
    gnutls28 (3.4.8-3) unstable; urgency=medium
    
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    
    gnutls28 (3.4.8-2) unstable; urgency=medium
    
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    
    gnutls28 (3.4.8-1) experimental; urgency=medium
    
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.4.7-1) experimental; urgency=medium
    
      * New upstream version.
        + Update symbol file.
    
    gnutls28 (3.4.6-1) experimental; urgency=medium
    
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    
    gnutls28 (3.4.5-1) experimental; urgency=medium
    
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    
      [ Andreas Metzler ]
      * New upstream version.
    
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    
    gnutls28 (3.4.3-1) experimental; urgency=medium
    
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    
    gnutls28 (3.4.2-2) experimental; urgency=medium
    
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    
    gnutls28 (3.4.2-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    
    gnutls28 (3.4.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    
    gnutls28 (3.3.20-1ubuntu1) xenial; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
      * debian/patches/disable_global_init_override_test.patch: disable failing
        test.
    
    gnutls28 (3.3.20-1) unstable; urgency=medium
    
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    
    gnutls28 (3.3.19-1) unstable; urgency=medium
    
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    
    gnutls28 (3.3.18-1ubuntu1) xenial; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
    
    gnutls28 (3.3.18-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.3.17-1) unstable; urgency=medium
    
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    
    gnutls28 (3.3.16-2) unstable; urgency=medium
    
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    
    gnutls28 (3.3.16-1) unstable; urgency=medium
    
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    
    gnutls28 (3.3.15-7) unstable; urgency=medium
    
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    
    gnutls28 (3.3.15-6) unstable; urgency=high
    
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    
    gnutls28 (3.3.15-5ubuntu2) wily; urgency=medium
    
      * SECURITY UPDATE: Double free in certificate DN decoding
        - debian/patches/CVE-2015-6251.patch: Reset the output value on error
          in lib/x509/common.c.
        - CVE-2015-6251
    
    gnutls28 (3.3.15-5ubuntu1) wily; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
    
    gnutls28 (3.3.15-5) unstable; urgency=medium
    
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    
    gnutls28 (3.3.15-4) experimental; urgency=medium
    
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    
    gnutls28 (3.3.15-3) experimental; urgency=medium
    
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    
    gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium
    
      * Merge from Debian unstable. Remaining changes:
        - Make gnutls28 default.
      * Dropped patches included in new version:
        - debian/patches/CVE-2015-0294.patch
        - debian/patches/CVE-2014-8564.patch
    
    gnutls28 (3.3.15-2) unstable; urgency=medium
    
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    
    gnutls28 (3.3.15-1) unstable; urgency=medium
    
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    
    gnutls28 (3.3.14-3) experimental; urgency=medium
    
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    
    gnutls28 (3.3.14-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    
    gnutls28 (3.3.14-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    
    gnutls28 (3.3.13-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    
    gnutls28 (3.3.12-1) experimental; urgency=medium
    
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    
    gnutls28 (3.3.11-1) experimental; urgency=medium
    
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    
    gnutls28 (3.3.10-2) experimental; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.10-1) experimental; urgency=medium
    
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    
    gnutls28 (3.3.9-1) experimental; urgency=medium
    
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    
    gnutls28 (3.3.8-7) unstable; urgency=medium
    
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    
    gnutls28 (3.3.8-6) unstable; urgency=medium
    
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    
    gnutls28 (3.3.8-5) unstable; urgency=medium
    
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    
    gnutls28 (3.3.8-4) unstable; urgency=high
    
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    
    gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium
    
      * SECURITY UPDATE: certificate algorithm consistency issue
        - debian/patches/CVE-2015-0294.patch: make sure the two signature
          algorithms match on cert import in lib/x509/x509.c.
        - CVE-2015-0294
    
    gnutls28 (3.3.8-3ubuntu2) vivid; urgency=medium
    
      * SECURITY UPDATE: denial of service and possible code execution via
        elliptic curves parameter printing
        - debian/patches/CVE-2014-8564.patch: add more sanity checks in
          lib/gnutls_ecc.c.
        - CVE-2014-8564
    
    gnutls28 (3.3.8-3ubuntu1) vivid; urgency=low
    
      * Merge from Debian unstable.  Remaining changes:
        - Make gnutls28 default.
    
    gnutls28 (3.3.8-3) unstable; urgency=high
    
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    
    gnutls28 (3.3.8-2) unstable; urgency=medium
    
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    
    gnutls28 (3.3.8-1) experimental; urgency=medium
    
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    
    gnutls28 (3.3.7-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.3.7-1) experimental; urgency=medium
    
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    
    gnutls28 (3.3.6-2) unstable; urgency=medium
    
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    
    gnutls28 (3.3.6-1) experimental; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    
    gnutls28 (3.3.5-1) experimental; urgency=medium
    
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    
    gnutls28 (3.3.3-1) experimental; urgency=medium
    
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    
    gnutls28 (3.3.2-2) experimental; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    
    gnutls28 (3.3.2-1) experimental; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    
    gnutls28 (3.3.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    
    gnutls28 (3.3.0-2) experimental; urgency=medium
    
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.3.0-1) experimental; urgency=medium
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    
    gnutls28 (3.2.16-1ubuntu2) utopic; urgency=medium
    
      * No-change rebuild to get debug symbols on all architectures.
    
    gnutls28 (3.2.16-1ubuntu1) utopic; urgency=medium
    
      * Make gnutls28 default.
    
    gnutls28 (3.2.16-1) unstable; urgency=medium
    
      * New upstream version.
    
    gnutls28 (3.2.15-3) unstable; urgency=medium
    
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    
    gnutls28 (3.2.15-2) unstable; urgency=high
    
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    
    gnutls28 (3.2.15-1) unstable; urgency=high
    
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    
    gnutls28 (3.2.14-1) unstable; urgency=medium
    
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    
    gnutls28 (3.2.13-2) unstable; urgency=medium
    
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    
    gnutls28 (3.2.13-1) unstable; urgency=medium
    
      * Also version the p11-kit dependency.
      * New upstream version.
    
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    
      * New upstream version.
        + Drop superfluous patches: 
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    
    gnutls28 (3.2.11-2) unstable; urgency=high
    
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    
    gnutls28 (3.2.11-1) unstable; urgency=high
    
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    
    gnutls28 (3.2.10-2) unstable; urgency=high
    
      * Upload to unstable.
    
    gnutls28 (3.2.10-1) experimental; urgency=high
    
      * New upstream version.
      * New symbols exported, bump shlibs.
    
    gnutls28 (3.2.9-2) unstable; urgency=medium
    
      * Upload to unstable.
    
    gnutls28 (3.2.9-1) experimental; urgency=medium
    
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    
    gnutls28 (3.2.7-4) experimental; urgency=low
    
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    
    gnutls28 (3.2.7-3) unstable; urgency=low
    
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    
    gnutls28 (3.2.7-2) experimental; urgency=low
    
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    
    gnutls28 (3.2.7-1) experimental; urgency=low
    
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    
    gnutls28 (3.2.6-2) experimental; urgency=low
    
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    
    gnutls28 (3.2.6-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.2.5-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    
    gnutls28 (3.2.4-5) experimental; urgency=low
    
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    
    gnutls28 (3.2.4-4) unstable; urgency=low
    
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    
    gnutls28 (3.2.4-3) unstable; urgency=low
    
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    
    gnutls28 (3.2.4-2) unstable; urgency=low
    
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    
    gnutls28 (3.2.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    
    gnutls28 (3.2.3-3) experimental; urgency=low
    
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    
    gnutls28 (3.2.3-2) experimental; urgency=low
    
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    
    gnutls28 (3.2.3-1) unstable; urgency=low
    
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    
    gnutls28 (3.2.2-2) unstable; urgency=low
    
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff 
    
    gnutls28 (3.2.2-1) unstable; urgency=low
    
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    
    gnutls28 (3.2.1-2) unstable; urgency=low
    
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    
    gnutls28 (3.2.1-1) experimental; urgency=low
    
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    
    gnutls28 (3.1.12-2) unstable; urgency=low
    
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    
    gnutls28 (3.1.12-1) experimental; urgency=low
    
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    
    gnutls28 (3.1.11-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.1.10-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
    
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    
    gnutls28 (3.1.8-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.1.7-1) experimental; urgency=low
    
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    
    gnutls28 (3.1.6-1) experimental; urgency=low
    
      * Update watchfile, based on Bart Martens version for gnutls26 on 
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF. 
    
    gnutls28 (3.1.5-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    
    gnutls28 (3.1.4-1) experimental; urgency=low
    
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    
    gnutls28 (3.1.3-1) experimental; urgency=low
    
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    
    gnutls28 (3.1.2-1) experimental; urgency=low
    
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    
    gnutls28 (3.1.1-1) experimental; urgency=low
    
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    
    gnutls28 (3.1.0-5) experimental; urgency=low
    
      * 43_possiblefix.diff might fix the test suite error.
    
    gnutls28 (3.1.0-4) experimental; urgency=low
    
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    
    gnutls28 (3.1.0-3) experimental; urgency=low
    
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    
    gnutls28 (3.1.0-2) experimental; urgency=low
    
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    
    gnutls28 (3.1.0-1) experimental; urgency=low
    
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    
    gnutls28 (3.0.22-2) unstable; urgency=low
    
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    
    gnutls28 (3.0.22-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.21-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    
    gnutls28 (3.0.20-3) unstable; urgency=low
    
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    
    gnutls28 (3.0.20-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.20-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    
    gnutls28 (3.0.19-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.19-1) experimental; urgency=low
    
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    
    gnutls28 (3.0.18-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.18-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    
    gnutls28 (3.0.17-2) unstable; urgency=low
    
      * Upload to unstable.
    
    gnutls28 (3.0.17-1) experimental; urgency=low
    
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.15-2) experimental; urgency=low
    
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    
    gnutls28 (3.0.15-1) experimental; urgency=low
    
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    
    gnutls28 (3.0.14-1) experimental; urgency=low
    
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    
    gnutls28 (3.0.13-1) experimental; urgency=low
    
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    
    gnutls28 (3.0.12-2) unstable; urgency=low
    
      * De-multiarch guile-gnutls. Closes: #658110
    
    gnutls28 (3.0.12-1) unstable; urgency=low
    
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    
    gnutls28 (3.0.11-1) unstable; urgency=low
    
      * New upstream version.
    
    gnutls28 (3.0.10-1) unstable; urgency=low
    
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    
    gnutls28 (3.0.9-2) unstable; urgency=low
    
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    
    gnutls28 (3.0.9-1) experimental; urgency=low
    
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    
    gnutls28 (3.0.8-2) unstable; urgency=low
    
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    
    gnutls28 (3.0.8-1) experimental; urgency=low
    
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    
    gnutls28 (3.0.7-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    
    gnutls28 (3.0.4-2) experimental; urgency=low
    
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    
    gnutls28 (3.0.4-1) experimental; urgency=low
    
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    
    gnutls28 (3.0.3-1) experimental; urgency=low
    
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    
    gnutls28 (3.0.2-1) experimental; urgency=low
    
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    
    gnutls28 (3.0.1-1) experimental; urgency=low
    
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service. 
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    
    gnutls28 (3.0.0-2) experimental; urgency=low
    
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    
    gnutls28 (3.0.0-1) experimental; urgency=low
    
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    
    gnutls26 (2.12.7-4) unstable; urgency=low
    
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    
    gnutls26 (2.12.7-3) experimental; urgency=low
    
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.12.7-2) experimental; urgency=low
    
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with 
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    
    gnutls26 (2.12.7-1) experimental; urgency=low
    
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    
    gnutls26 (2.12.5-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    
    gnutls26 (2.12.4-1) experimental; urgency=low
    
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    
    gnutls26 (2.12.3-1) experimental; urgency=low
    
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    
    gnutls26 (2.12.2-2) experimental; urgency=low
    
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    
    gnutls26 (2.12.2-1) experimental; urgency=low
    
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    
    gnutls26 (2.12.1-1) experimental; urgency=low
    
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    
    gnutls26 (2.12.0-1) experimental; urgency=low
    
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    
    gnutls26 (2.11.7-2) experimental; urgency=low
    
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    
    gnutls26 (2.11.7-1) experimental; urgency=low
    
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    
    gnutls26 (2.11.6-2) experimental; urgency=low
    
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    
    gnutls26 (2.11.6-1) experimental; urgency=low
    
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.5-3) unstable; urgency=medium
    
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    
    gnutls26 (2.10.5-2) unstable; urgency=low
    
      * Stop shipping libtool la files.
    
    gnutls26 (2.10.5-1) unstable; urgency=low
    
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    
    gnutls26 (2.10.4-2) unstable; urgency=low
    
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us 
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    
    gnutls26 (2.10.4-1) experimental; urgency=low
    
      * New upstream release. V1 CAs are trusted by default.
    
    gnutls26 (2.10.3-1) experimental; urgency=low
    
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    
    gnutls26 (2.10.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    
    gnutls26 (2.10.1-1) experimental; urgency=low
    
      * Update package descriptions. Closes: #588067
      * New upstream version.
    
    gnutls26 (2.10.0-2) experimental; urgency=low
    
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    
    gnutls26 (2.10.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Point watchfile to stable releases.
    
    gnutls26 (2.9.12-2) experimental; urgency=low
    
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    
    gnutls26 (2.9.12-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.9.11-1) experimental; urgency=low
    
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    
    gnutls26 (2.9.10-2) experimental; urgency=low
    
      * [15_gnutlspriority.diff] Restore compatibility with programs using 
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    
    gnutls26 (2.9.10-1) experimental; urgency=low
    
      * New upstream version.
      * New functions added, bump shlibs.
    
    gnutls26 (2.9.9-1) experimental; urgency=low
    
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    
    gnutls26 (2.8.6-1) unstable; urgency=low
    
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us 
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    
    gnutls26 (2.8.5-2) unstable; urgency=low
    
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    
    gnutls26 (2.8.5-1) unstable; urgency=low
    
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    
    gnutls26 (2.8.4-2) unstable; urgency=high
    
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    
    gnutls26 (2.8.4-1) unstable; urgency=low
    
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    
    gnutls26 (2.8.3-3) unstable; urgency=low
    
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    
    gnutls26 (2.8.3-2) unstable; urgency=low
    
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    
    gnutls26 (2.8.3-1) unstable; urgency=high
    
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    
    gnutls26 (2.8.1-2) unstable; urgency=low
    
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    
    gnutls26 (2.8.1-1) experimental; urgency=low
    
      * New upstream stable release.
    
    gnutls26 (2.7.14-1) experimental; urgency=low
    
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    
    gnutls26 (2.7.12-1) experimental; urgency=low
    
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    
    gnutls26 (2.6.6-1) unstable; urgency=high
    
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    
    gnutls26 (2.6.5-1) unstable; urgency=low
    
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    
    gnutls26 (2.6.4-2) unstable; urgency=low
    
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    
    gnutls26 (2.6.4-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls26 (2.6.3-1) experimental; urgency=low
    
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    
    gnutls26 (2.6.2-2) experimental; urgency=low
    
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    
    gnutls26 (2.6.2-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    
    gnutls26 (2.6.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    
    gnutls26 (2.5.9-1) experimental; urgency=low
    
      * New upstream development version.
      * Bump shlibs.
    
    gnutls26 (2.4.2-6) unstable; urgency=medium
    
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes. 
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    
    gnutls26 (2.4.2-5) unstable; urgency=low
    
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    
    gnutls26 (2.4.2-4) unstable; urgency=medium
    
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    
    gnutls26 (2.4.2-3) unstable; urgency=low
    
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    
    gnutls26 (2.4.2-2) unstable; urgency=medium
    
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    
    gnutls26 (2.4.2-1) unstable; urgency=low
    
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    
    gnutls26 (2.4.1-1) unstable; urgency=medium
    
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    
    gnutls26 (2.4.0-2) unstable; urgency=low
    
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    
    gnutls26 (2.4.0-1) experimental; urgency=low
    
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    
    gnutls26 (2.3.15-1) experimental; urgency=low
    
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    
    gnutls26 (2.3.14-1) experimental; urgency=low
    
      * New upstream version. (rc3)
    
    gnutls26 (2.3.13-1) experimental; urgency=low
    
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    
    gnutls26 (2.3.12-1) experimental; urgency=low
    
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    
    gnutls26 (2.3.11-1) experimental; urgency=low
    
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    
    gnutls26 (2.2.5-1) unstable; urgency=high
    
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    
    gnutls26 (2.3.9-1) experimental; urgency=low
    
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    
    gnutls26 (2.2.3-1) unstable; urgency=low
    
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    
    gnutls26 (2.2.2-1) unstable; urgency=low
    
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    
    gnutls26 (2.2.1-3) unstable; urgency=low
    
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    
    gnutls26 (2.2.1-2) unstable; urgency=low
    
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    
    gnutls26 (2.2.1-1) experimental; urgency=low
    
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    
    gnutls26 (2.2.0-1) experimental; urgency=low
    
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    
    gnutls26 (2.1.7-1) experimental; urgency=low
    
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    
    gnutls25 (2.1.6-2) experimental; urgency=low
    
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    
    gnutls25 (2.1.6-1) experimental; urgency=low
    
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    
    gnutls13 (2.0.1-1) unstable; urgency=low
    
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    
    gnutls13 (1.7.19-1) unstable; urgency=low
    
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    
    gnutls13 (1.7.18-2) unstable; urgency=low
    
      * Upload to unstable
    
    gnutls13 (1.7.18-1) experimental; urgency=low
    
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    
    gnutls13 (1.7.16-1) experimental; urgency=low
    
      * New upstream version 1.7.16.
    
    gnutls13 (1.7.14-1) experimental; urgency=low
    
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    
    gnutls13 (1.7.12-1) experimental; urgency=low
    
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    
    gnutls13 (1.7.9-1) experimental; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    
    gnutls13 (1.7.7-1) experimental; urgency=low
    
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    
    gnutls13 (1.6.3-1) unstable; urgency=low
    
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    
    gnutls13 (1.6.2-2) unstable; urgency=low
    
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    
    gnutls13 (1.6.2-1) unstable; urgency=low
    
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    
    gnutls13 (1.6.1-2) unstable; urgency=low
    
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    
    gnutls13 (1.6.1-1) experimental; urgency=low
    
      [ James Westby ]
      * New upstream release.
    
    gnutls13 (1.6.0-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls13 (1.5.3-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    
    gnutls13 (1.4.4-3) unstable; urgency=low
    
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    
    gnutls13 (1.4.4-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    
    gnutls13 (1.4.4-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    
    gnutls13 (1.4.3-2) unstable; urgency=low
    
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    
    gnutls13 (1.4.3-1) unstable; urgency=high
    
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    
    gnutls13 (1.4.2-1) unstable; urgency=medium
    
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    
    gnutls13 (1.4.1-1) unstable; urgency=low
    
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    
    gnutls13 (1.4.0-3) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    
    gnutls13 (1.4.0-2) unstable; urgency=low
    
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    
    gnutls13 (1.4.0-1) experimental; urgency=low
    
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    
    gnutls13 (1.3.5-1) unstable; urgency=low
    
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    
    gnutls12 (1.2.9-2) unstable; urgency=low
    
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    
    gnutls12 (1.2.9-1) unstable; urgency=low
    
      * New Upstream version.
    
    gnutls12 (1.2.8-1) unstable; urgency=low
    
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    
    gnutls12 (1.2.6-1) unstable; urgency=low
    
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    
    gnutls12 (1.2.5-3) unstable; urgency=high
    
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    
    gnutls12 (1.2.5-2) unstable; urgency=medium
    
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    
    gnutls12 (1.2.5-1) unstable; urgency=low
    
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    
    gnutls11 (1.0.19-1) experimental; urgency=low
    
      * Merged with the latest stable release.
    
    gnutls11 (1.0.16-13) unstable; urgency=high
    
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    
    gnutls11 (1.0.16-12) unstable; urgency=high
    
      * Fixed a segfault in certtool. Closes: #278361.
    
    gnutls11 (1.0.16-11) unstable; urgency=medium
    
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    
    gnutls11 (1.0.16-10) unstable; urgency=high
    
      * Fixed one instance of uninitialized memory usage.
    
    gnutls11 (1.0.16-9) unstable; urgency=high
    
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    
    gnutls11 (1.0.16-8) unstable; urgency=high
    
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    
    gnutls11 (1.0.16-7) unstable; urgency=low
    
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    
    gnutls11 (1.0.16-6) unstable; urgency=medium
    
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    
    gnutls11 (1.0.16-5) unstable; urgency=low
    
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    
    gnutls11 (1.0.16-4) unstable; urgency=low
    
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    
    gnutls11 (1.0.16-3) unstable; urgency=high
    
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    
    gnutls11 (1.0.16-2) unstable; urgency=high
    
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    
    gnutls11 (1.0.16-1) experimental; urgency=low
    
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    
    gnutls10 (1.0.4-4) unstable; urgency=low
    
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    
    gnutls10 (1.0.4-3) unstable; urgency=low
    
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    
    gnutls10 (1.0.4-2) unstable; urgency=low
    
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    
    gnutls10 (1.0.4-1) unstable; urgency=low
    
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:  
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    
    gnutls10 (1.0.0-1) unstable; urgency=low
    
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    
    gnutls8 (0.9.99-1) experimental; urgency=low
    
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    
    gnutls8 (0.9.98-1) experimental; urgency=low
    
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    
    gnutls8 (0.9.95-1) experimental; urgency=low
    
      * New upstream version.
    
    gnutls8 (0.9.94-1) experimental; urgency=low
    
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    66a52c6e
  • Ritesh Raj Sarraf's avatar
    Merge latest updates and security fixes from debian/xenial · 44a3316b
    Ritesh Raj Sarraf authored
    * debian/xenial:
      Import Debian changes 3.4.10-4ubuntu1.7
    44a3316b
  • Ritesh Raj Sarraf's avatar
  • Emanuele Aina's avatar
    e6fd63a4
  • Sebastien Bacher's avatar
    Import Ubuntu changes 3.4.10-4ubuntu1.8 · 7a7c3092
    Sebastien Bacher authored and Andrej Shadura's avatar Andrej Shadura committed
    gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium
    
      * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
        - add support for zero length  session tickets returned from the server,
          thanks Rod for the backport and testing! (lp: #1876286)
    7a7c3092
  • Andrej Shadura's avatar
    25dada8b
  • Andrej Shadura's avatar
    Update the changelog · 4e36a7bf
    Andrej Shadura authored
    4e36a7bf
  • Andreas Metzler's avatar
    Import Debian changes 3.7.1-1 · 60452b47
    Andreas Metzler authored and Ariel D'Alessandro's avatar Ariel D'Alessandro committed
    gnutls28 (3.7.1-1) unstable; urgency=medium
    .
      * New upstream version
        Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
        extensions. GNUTLS-SA-2021-03-10.
      * Upload to unstable.
    .
    gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
    .
      * Fix autopkgtest skiplist.
    .
    gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
    .
      * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
        + Drop cherry-picked patches {48,49,50}_*.
        + Update copyright file.
    .
    gnutls28 (3.7.0-7) unstable; urgency=medium
    .
      * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
        50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
        50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
        master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
        (Thanks to Tim Kosse for the pointer) Closes: #980119
    .
    gnutls28 (3.7.0-6) unstable; urgency=medium
    .
      * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
        with merged version from upstream GIT master. Features a fix for an assert
        on connection to servers which send a duplicate chain including the
        self-signed CA. Closes: #980513
    .
    gnutls28 (3.7.0-5) unstable; urgency=low
    .
      * Update from upstream GIT master, replace patches, add new ones.
        + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added.
        + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
           --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
        + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
           --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
           Closes: #977552
        + 45_opensslcompat_no_export_gl.diff
           --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch.
        + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added.
      * Upload to unstable.
    .
    gnutls28 (3.7.0-4) experimental; urgency=medium
    .
      * Test build of fixes from
        https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and
        https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and
        #977552.
    .
    gnutls28 (3.7.0-3) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.7.0-2) experimental; urgency=low
    .
      * Fix guile-gnutls guile-x.x dependency.
      * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols.
    .
    gnutls28 (3.7.0-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 50_autopkgtestfixes.diff.
        + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher
          added).
        + Requires nettle >= 3.6.
      * [lintian] Use v4 watch file.
      * Add a symbol file for libgnutls-openssl27.
      * Use dh v13 compat, (Some fixes for dh_missing.)
    .
    gnutls28 (3.6.15-4) unstable; urgency=medium
    .
      * autopkgtest: Require build-essential.
      * autopkgtest: respect dpkg-buildflags for helper-binary build.
    .
    gnutls28 (3.6.15-3) unstable; urgency=medium
    .
      * More autopkgtest hotfixes.
    .
    gnutls28 (3.6.15-2) unstable; urgency=medium
    .
      * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
        installed gnutls-bin.
      * In autopkgtest set top_builddir and builddir, ignore
        tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
    .
    gnutls28 (3.6.15-1) unstable; urgency=low
    .
      * New upstream version.
        + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
          unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
          Closes: #969547
        + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
          50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
          50_03-gnutls_cipher_init-fix-potential-memleak.patch
          50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
        + Fix build error due to outdated gettext in Debian by removing newer
          gettext m4 macros from m4/.
    .
    gnutls28 (3.6.14-2) unstable; urgency=medium
    .
      * Pull selected patches from upstream GIT:
        + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
          Fixes difference in generated docs on 32 and 64 bit archs.
        + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
          50_03-gnutls_cipher_init-fix-potential-memleak.patch
          Fix memleak in gnutls_aead_cipher_init() with keys having invalid
          length. (Broken since 3.6.3)
        + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
          Closes: #962467
    .
    gnutls28 (3.6.14-1) unstable; urgency=high
    .
      * Drop debugging code added in -4, fixes nocheck profile build error.
        Closes: #962199
      * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
        debian/upstream/signing-key.asc.
      * New upstream version.
        + Fixes insecure session ticket key construction.
          [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
        + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
          51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
          51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
          51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
      * Drop guile-gnutls.lintian-overrides.
      * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
        AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
        IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
        Hopefully Closes: #962218
    .
    gnutls28 (3.6.13-4) unstable; urgency=medium
    .
      * Output some network related debugging from debian/rules.
      * Fix verification error with alternate chains. Closes: #961889
    .
    gnutls28 (3.6.13-3) unstable; urgency=medium
    .
      * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS
        master: Handle zero length session tickets, fixing connection errors on
        TLS1.2 sessions to some big hosting providers. (See LP 1876286)
    .
    gnutls28 (3.6.13-2) unstable; urgency=high
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.13-1) experimental; urgency=low
    .
      * New upstream version.
        + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
          support), since 3.6.3. The DTLS client would not contribute any
          randomness to the DTLS negotiation, breaking the security
          guarantees of the DTLS protocol
          GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556
      * Fix guile lintian override for shared-lib-without-dependency-information.
    .
    gnutls28 (3.6.12-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.12-1) experimental; urgency=low
    .
      [ Debian Janitor ]
      * Drop unnecessary dh arguments: --parallel
    .
      [ Andreas Metzler ]
      * Fix bindtextdomain() call and dgettext() invocations to search for the
        correct filename. (Thanks, Laurent Bigonville for report and diagnosis.)
        Closes: #949151
      * [lintian] Drop superfluous debian/source/include-binaries.
      * New upstream version.
        + Update symbol file.
        + Drop workaround for #658110, install guile shared objects to multi-arch
          paths.
    .
    gnutls28 (3.6.11.1-2) unstable; urgency=low
    .
      * Use dh 12 compat level.
        + Install gtk-doc files from as-installed location instead of builddir to
          avoid dh_missing warnings.
      * List *.la files in debian/not-installed.
      * Upload to unstable.
    .
    gnutls28 (3.6.11.1-1) experimental; urgency=low
    .
      * New upstream version.
        Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
        50_02-guile-Silence-auto-compilation-warning-for-guild.patch
      * Update symbol file (VKO GOST key exchange supported was added).
    .
    gnutls28 (3.6.10-5) unstable; urgency=medium
    .
      * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch
        50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream
        GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!)
        Closes: #943905
    .
    gnutls28 (3.6.10-4) unstable; urgency=medium
    .
      * Add support for noguile build profile. See #943905.
    .
    gnutls28 (3.6.10-3) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.10-2) experimental; urgency=medium
    .
      * Switch b-d from texlive-generic-recommended to texlive-plain-generic.
        Closes: #941526
    .
    gnutls28 (3.6.10-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop i386-fix-wrong-reloc.patch and
          40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch.
        + Update symbol files.
        + Update copyright. Stop shipping a copy of the GNU Affero General Public
          License version 3. (pkcs11-mock.* is now under a different license.)
    .
    gnutls28 (3.6.9-7) experimental; urgency=low
    .
      * Fix copy-paste error (missing line) in libgnutls-dane0 description.
      * Re-add guile-gnutls, test-build (including testsuite) was successful.
        Closes: #905272
    .
    gnutls28 (3.6.9-6) experimental; urgency=low
    .
      * Test-build guile bindings.
    .
    gnutls28 (3.6.9-5) unstable; urgency=medium
    .
      * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
        GIT master: Fix interop problems with gnutls 2.x. Closes: #933538
    .
    gnutls28 (3.6.9-4) unstable; urgency=medium
    .
      * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
        assembly code. (Thanks, Steve Langasek for report and patch!)
        Closes: #934193
    .
    gnutls28 (3.6.9-3) unstable; urgency=medium
    .
      * autopkgtest: Skip system-override-sig-hash.sh.
    .
    gnutls28 (3.6.9-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.9-1) experimental; urgency=low
    .
      * New upstream version.
        + Update symbol file.
    .
    gnutls28 (3.6.8-2) unstable; urgency=low
    .
      * Use DH 11 compat again.
      * 3.6.8 builds with gcc-9. Closes: #925701
      * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
        Andres Klode) Closes: #930541
        See also https://gitlab.com/gnutls/gnutls/merge_requests/986
      * Upload to unstable.
    .
    gnutls28 (3.6.8-1) experimental; urgency=low
    .
      * New upstream version.
        + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended,
          texlive-latex-base.
        + Update symbol file.
    .
    gnutls28 (3.6.7-4) unstable; urgency=medium
    .
      * Cherry-pick important bug-fixes from 3.6.8:
        + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
          The gnutls_srp_set_server_credentials_function can be used with the 8192
          parameters as well.
          https://gitlab.com/gnutls/gnutls/issues/761
        + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
          Fix calculation of Streebog digests (incorrect carry operation in
          512 bit addition).
        + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
          Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
          Closes: #929907
        + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
          Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
          crafting via IDNA conversion.
          https://gitlab.com/gnutls/gnutls/issues/720
        + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
          Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
          gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
          flag.
          https://gitlab.com/gnutls/gnutls/issues/754
    .
    gnutls28 (3.6.7-3) unstable; urgency=medium
    .
      * Revert debhelper upgrade, use DH 10.
    .
    gnutls28 (3.6.7-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.7-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update AUTHOR list in copyright file.
        + Update symbol file.
        + Fixes issue preventing sending and receiving from different
          threads when false start was enabled. Closes: #922879
        + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477
        + Fixes a memory corruption (double free) vulnerability in the
          certificate verification API.
          https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
          GNUTLS-SA-2019-03-27
        + Fixes an invalid pointer access via malformed TLS1.3 async messages;
          https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
          GNUTLS-SA-2019-03-27
    .
    gnutls28 (3.6.6-3) unstable; urgency=low
    .
      * Add @ to autopkgtest's Depends.
      * Use DH 11 compat.
    .
    gnutls28 (3.6.6-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.6.6-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes certtool.1 syntax. Closes: #920215
        + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff.
        + Update symbol file for released version.
    .
    gnutls28 (3.6.5+git20190105-1) experimental; urgency=low
    .
      * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6.
        + Update symbol and copyright file.
      * Delete autogen stamp-files on clean to enforce regeneration.
    .
    gnutls28 (3.6.5-2) unstable; urgency=low
    .
      * Upload to unstable.
      * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1.
    .
    gnutls28 (3.6.5-1) experimental; urgency=medium
    .
      * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments.
      * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is
        now in oldstable.
      * New upstream version.
        + Requires nettle >= 3.4.1(rc).
        + List newly added symbols in symbol file. Bump generated dependencies to
          >= 3.6.5 since multiple enums have been extended.
        + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835
      * [lintian] Drop dh_strip override, stable has automatic debug packages.
    .
    gnutls28 (3.6.4-2) experimental; urgency=medium
    .
      * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.
    .
    gnutls28 (3.6.4-1) experimental; urgency=medium
    .
      * New upstream version.
      * Update symbol file.
      * Drop --enable-tls13-support configure option.
    .
    gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium
    .
      * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback
        detection for the draft-tls support, because it will be triggered once
        TLS versions with the final numbering are deployed. (Thanks, Nikos!)
    .
    gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium
    .
      * Set Rules-Requires-Root: no.
      * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41.
        + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch
        + Update symbol file.
    .
    gnutls28 (3.6.3-2) experimental; urgency=medium
    .
      * Update basic feature list in package descriptions, based on short
        description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3
        added.) Closes: #904681
      * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes
        cherrypicked by Nikos for Fedora rawhide.
    .
    gnutls28 (3.6.3-1) experimental; urgency=medium
    .
      * New upstream version.
      * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
    .
    gnutls28 (3.6.2+git20180714-1) experimental; urgency=low
    .
      * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94.
        + SSL 3.0 disabled by default at compile-time.
      * Bump symbol dependency info.
    .
    gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium
    .
      * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e.
      * Drop 40_add_missingm4.diff.
      * Bump symbol dependency info.
      * For testing build with --enable-tls13-support.
    .
    gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium
    .
      * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
    .
    gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium
    .
      * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762.
      * Drop superfluous patches:
        + 40_increase_srp_test_timeout.diff
        + 50_mark_tests_xfail.diff
        + 52_fix_testcompat-main-openssl.diff
      * Add new functions to symbol file.
      * Many enums/flags extended, be conservative and bump sympol dependency
        info.
      * Bump libgnutlsxx28 shlibs.
      * Bump (b-)d on nettle-dev and libp11-kit-dev.
    .
    gnutls28 (3.6.2-3) experimental; urgency=low
    .
      * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix
        FTBFS with softhsm 2.4.0.
      * [lintian] Delete trailing empty lines in changelog.
      * 52_fix_testcompat-main-openssl.diff: Allow running test successfully
        and against binaries from installed gnutls-bin package.
      * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et
        al) of the upstream testsuite.
    .
    gnutls28 (3.6.2-2) experimental; urgency=low
    .
      * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test
        The new srp-8192 test failed on slow archs (mips/mipsel).
      * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and
        build-depends-on-1-revision.
      * Point Vcs-* to salsa.
      * Sort Build-Depends alphabetically.
    .
    gnutls28 (3.6.2-1) experimental; urgency=low
    .
      * (Build-)depend on libidn2-dev instead of transitional package
        libidn2-0-dev. Closes: #883187
      * Point homepage field and watchfile to https URL.
      * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to
        debian/upstream/signing-key.asc (and stop uscan from doing so on every
        invocation).
      * Refresh upstream key, adding signing subkey
        A812CBFDFCDC4D0BE7A093129D5EAAF69013B842.
      * New upstream version.
        + When verifying against a self signed certificate ignore issuer. That
          is, ignore issuer when checking the issuer's parameters strength,
          resolving issue #347 which caused self signed certificates to be
          additionally marked as of insufficient security level.
          Closes: #885127
        + Bump shlibs/symbol files for newly added symbols.
      * [lintian] Clean up trailing whitespace in debian/changelog.
      * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard
        -> optional).
      * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from
        build-depends. Stop specifying --parallel --with autoreconf.
    .
    gnutls28 (3.6.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop 35_modernize_gtkdoc.diff.
        + Fixes interoperability issue with openssl when safe renegotiation was
          used. Closes: #873055
        + Update symbol file.
    .
    gnutls28 (3.6.0-2) experimental; urgency=medium
    .
      * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
        support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
        from gtk-doc git head (that is 1.26 +
        c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
        Closes: #876587
    .
    gnutls28 (3.6.0-1) experimental; urgency=low
    .
      * New upstream version.
        + Multiple enums listing function flags have been extended, new
          algorithms have been added. Bump dependency info on all symbols in
          main GnuTLS library to >= 3.6.0, to make sure the versioning is
          strict enough.
        + Drop (build-)dependency on zlib1g-dev.
        + Update copyright info.
        + Calls to gnutls_record_send() and gnutls_record_recv()
          prior to handshake being complete are now refused. Closes: #849807
       * Drop --without-lzo from ./configure, it has been a noop for a long time.
       * Build in private directory, using "dh --builddirectory=b4deb".
    .
    gnutls28 (3.5.19-1) unstable; urgency=low
    .
      * New upstream version.
        + Drop 35_modernize_gtkdoc.diff.
    .
    gnutls28 (3.5.18-1) unstable; urgency=medium
    .
      * New upstream version.
      * Refresh upstream key, adding new signing subkey. Move to ascii armored
        keyring.
    .
    gnutls28 (3.5.17-1) unstable; urgency=low
    .
      * New upstream version.
        + When verifying against a self signed certificate ignore issuer. That
          is, ignore issuer when checking the issuer's parameters strength,
          resolving issue #347 which caused self signed certificates to be
          additionally marked as of insufficient security level.
          Closes: #885127
    .
    gnutls28 (3.5.16-1) unstable; urgency=medium
    .
      * New upstream version.
        + Fixes interoperability issue with openssl when safe renegotiation was
          used. Closes: #873055
      * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
        support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
        from gtk-doc git head (that is 1.26 +
        c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
        Closes: #876587
    .
    gnutls28 (3.5.15-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.15-1) experimental; urgency=medium
    .
      * New upstream version. Drop unneeded patches.
        (31_arm64ilp32-unaccelerated.patch
        35_record-added-sanity-checking-in-the-record-layer-ver.patch
        36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch)
    .
    gnutls28 (3.5.14-3) unstable; urgency=low
    .
      * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from
        upstream  gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an
        already terminated or deinitialized session. Closes: #867303
      * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from
        upstream  gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting
        to accessing past the input data.
      * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly
        code on arm64ilp32 to fix FTBFS. Closes: #872454
      * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for
        the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8.
      * Standards-Version 4.0.1, update priorities (extra->optional).
    .
    gnutls28 (3.5.14-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.14-1) experimental; urgency=low
    .
      [ Dan Nicholson ]
      * Build with --disable-rpath. Closes: #865674
    .
      [ Andreas Metzler ]
      * New upstream version.
      * Build against external libunistring.
    .
    gnutls28 (3.5.13-2) unstable; urgency=medium
    .
      * Upload to unstable, merge changelogs.
    .
    gnutls28 (3.5.13-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch.
        + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer
          dereference. #864560
    .
    gnutls28 (3.5.12-2) experimental; urgency=medium
    .
      * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct
        typo preventing the run of openpgp test.
      * Stop disabling heartbeat support. Closes: #861193
    .
    gnutls28 (3.5.12-1) experimental; urgency=medium
    .
      * New upstream version.
      * Bump dep info on gnutls_session_ext_register.
    .
    gnutls28 (3.5.11-1) experimental; urgency=medium
    .
      * New upstream version.
      * gnutls.pc: do not include libtool options into Libs.private.
        Closes: #857943
      * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and
        Libs.private. (LP: #1660915)
      * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
        which includes TLS1.2 support. Closes: #857436
      * Add b-d on ca-certificates, needed for trust-store check.
    .
    gnutls28 (3.5.10-1) experimental; urgency=medium
    .
      * New upstream version.
        + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888
        + Includes fixes for GNUTLS-SA-2017-3[ABC].
        + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct
          and gnutls_ocsp_resp_verify which now accept (more) flags.
    .
    gnutls28 (3.5.9-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop debian/patches/35_0*.
        + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map.
      * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of
        libidn11-dev.
    .
    gnutls28 (3.5.8-6) unstable; urgency=high
    .
      * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
        well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
        Closes: #864560
    .
    gnutls28 (3.5.8-5) unstable; urgency=medium
    .
      * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
        in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
      * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
        Addressed large allocation in OpenPGP certificate parsing, that could lead
        in out-of-memory condition. Issue found using oss-fuzz project, and was
        fixed by Alex Gaynor.
        https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
        [GNUTLS-SA-2017-3C]
    .
    gnutls28 (3.5.8-4) unstable; urgency=medium
    .
      * More upstream fixes from gnutls_3_5_x branch:
        + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
          overflow resulting to invalid memory write in OpenPGP certificate
          parsing.  Issue found using oss-fuzz project:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
          [GNUTLS-SA-2017-3A]
        + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
          1 byte past the end of buffer in OpenPGP certificate parsing. Issue
          found using oss-fuzz project:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
        + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
          Addressed crashes in OpenPGP certificate parsing, related to private key
          parser. No longer allow OpenPGP certificates (public keys) to contain
          private key sub-packets. Issue found using oss-fuzz project:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
          [GNUTLS-SA-2017-3B]
    .
    gnutls28 (3.5.8-3) unstable; urgency=high
    .
      * Another two bugfixes from upstream.
       + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
         Address test suite failure due to timezone differences.
         Closes: #853732
       + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
         When returning success, but no elements
         gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
         elements with a pointer that was uninitialized.
    .
    gnutls28 (3.5.8-2) unstable; urgency=medium
    .
      * Pull two fixes from upstream GIT gnutls_3_5_x branch
        35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
        35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.
    .
    gnutls28 (3.5.8-1) unstable; urgency=medium
    .
      * New upstream release.
      * Upload to unstable.
    .
    gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium
    .
      * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
        upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
        tests/key-tests/key-invalid.)
        + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
          35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
        + libgnutls: Fix double free in certificate information printing. If the
          PKIX extension proxy was set with a policy language set but no policy
          specified, that could lead to a double free. GNUTLS-SA-2017-1
          CVE-2017-5334
        + libgnutls: Addressed invalid memory accesses in OpenPGP certificate
          parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
          CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
    .
    gnutls28 (3.5.7-3) unstable; urgency=medium
    .
      * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
        35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
        upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
        by PKCS#8 decryption functions when an invalid key is provided. This
        addresses regression on decrypting certain PKCS#8 keys.
        Closes: #848905
    .
    gnutls28 (3.5.7-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.7-1) experimental; urgency=low
    .
      * New upstream version.
      * Drop unneeded patches.
        40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
        40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
        41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
        41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
        41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
        41_04_cleanups-in-_gnutls_buffer_to_datum.patch
        41_05_x509-output-use-the-new-functions-for-DN-output.patch
        41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
        41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
      * Add missing dependency of libgnutls28-dev on libgnutls-dane0.
      * Update symbol file. (Add new symbols, bump dependency on functions that
        might return new error codes.)
      * Build with --with-included-unistring, Debian's libunistring package is
        too old (non dual-licensed).
    .
    gnutls28 (3.5.6-7) unstable; urgency=low
    .
      * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
        for dns-root-data to libgnutls-dane0.
      * Upload to unstable.
    .
    gnutls28 (3.5.6-6) experimental; urgency=medium
    .
      * Pull a patch set from upstream GIT which reverts the DN sorting change in
        3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
        Closes: #844539
        41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
        41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
        41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
        41_04_cleanups-in-_gnutls_buffer_to_datum.patch
        41_05_x509-output-use-the-new-functions-for-DN-output.patch
        41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
        41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
      * Update symbol file.
    .
    gnutls28 (3.5.6-5) experimental; urgency=low
    .
      * Merge changes from unstable.
    .
    gnutls28 (3.5.6-4) unstable; urgency=medium
    .
      * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
       40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from
       upstream git master. The latter fixes a gnutls-cli-debug segfault.
       Closes: #844061
    .
    gnutls28 (3.5.6-3) experimental; urgency=low
    .
      * Package libgnutls-dane, as libunbound is now built against nettle instead
        of OpenSSL. Closes: #733295
    .
    gnutls28 (3.5.6-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are
        longer than 32-bits. (Upstream GIT commit
        fcdb461e935dbdc0892241a35be7499116f22a67).
    .
    gnutls28 (3.5.6-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff
          41_Reverted-the-behavior-of-sending-a-status-request-ex.patch).
        + Update symbol file.
    .
    gnutls28 (3.5.5-6) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.5-5) experimental; urgency=medium
    .
      * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from
        https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility
        issue with GnuTLS 3.3 clients. Closes: #841723
      * Bump symbol dependency info for multiple
        gnutls_certificate_(set|get)_*_key* functions. If
        %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a
        non-negative return code on success instead of 0 for success and negative
        numbers for failure.
      * Add b-d on openssl (for testsuite).
    .
    gnutls28 (3.5.5-4) unstable; urgency=medium
    .
      * Upload to unstable.
      * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch.
    .
    gnutls28 (3.5.5-3) experimental; urgency=medium
    .
      * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced
        in 3.5.5.
    .
    gnutls28 (3.5.5-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.5-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update symbol file.
    .
    gnutls28 (3.5.4-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.4-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches:
          35_gnutls-cli-print-Handshake-was-completed.patch
          36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
          37_openssl-format-fix-from-openconnect.patch
          39_ocsptool-corrected-bug-in-session-establishment.patch
          40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
          45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
          45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
          45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
          45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
        + Update symbol file.
      * Add b-d on softhsm2 for pkcs11 tests.
    .
    gnutls28 (3.5.3-5) experimental; urgency=medium
    .
      * Pull DTLS fixes from upstream GIT master.
        45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
        45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
        45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
        45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
        Closes: #835587
    .
    gnutls28 (3.5.3-4) unstable; urgency=high
    .
      * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of
        ocsptool --ask ... Closes: #836371
      * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP
        certificate check doesn't actually verify the serial length and might
        succeed when it shouldn't. CVE-2016-7444
    .
    gnutls28 (3.5.3-3) unstable; urgency=medium
    .
      * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake
        was completed', fixing emacs' lisp/net/tls.el. Closes: #834516
      * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
        gnutls-cli STARTTLS support was broken in 3.5.3.
      * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of
        OpenSSL encrypted PEM files.
    .
    gnutls28 (3.5.3-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.3-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update libgnutls30.symbols.
        + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to
          apply it in the previous upload anyway.)
        + Add b-d on libcmocka-dev (marked with <!nocheck>).
    .
    gnutls28 (3.5.2-3) experimental; urgency=medium
    .
      * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch
        from upstream GIT, which should allow gnutls continue to work with
        CVE-2016-6489-patched nettle.
    .
    gnutls28 (3.5.2-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.5.2-1) experimental; urgency=low
    .
      * New upstream version.
      * Add libssl-dev b-d (marked with <!nocheck>), which can be used in
        testsuite.
    .
    gnutls28 (3.5.1-1) experimental; urgency=medium
    .
      * Merge from unstable:
        + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
          have been dropped with the soname bump from libgnutls-deb0-28 to
          libgnutls30 in the first place. (Thanks, Andreas Beckmann)
          Closes: #825645
        + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via
          the <!nocheck> profile.
      * New upstream version.
        + Drop 40_openssl_compat-removed-unneeded-headers.patch.
        + Install README.md instead of README.
        + Update symbol file.
    .
    gnutls28 (3.5.0-1) experimental; urgency=medium
    .
      * New upstream release.
        + Drop unneeded patches:
          40_src-added-systemkey-args-to-BUILT_SOURCES.patch
          45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
          45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
          45_03_configure-corrected-regression-which-prevented-the-b.patch
          45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch
       * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT
         to fix FTBFS in openssl wrapper.
       * crywrap is not shipped with GnuTLS anymore.
       * Update copyright info, ship copy of the GNU Affero General Public
         License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of
         the testsuite use this license.
       * Update symbol file:
         + Add new functions.
         + Multiple core enums (including gnutls_init_flags_t) have been extended,
           and most gnutls users will invoke at least one function affected by
           this change. Bump symbol dependency info to >= 3.5.0 for all symbols,
           because we would end up with this dependency anyway.
    .
    gnutls28 (3.4.14-1) unstable; urgency=medium
    .
      * Also mark b-d on net-tools/freebsd-net-tools as optional via the
        <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and
        patch). Closes: #826693
      * New upstream bugfix release. This includes the following fix:
        + libgnutls: Address issue when utilizing the p11-kit trust store
          for certificate verification (GNUTLS-SA-2016-2).
        The issue is not relevant for the Debian binary packages, since we do not
        build with --with-default-trust-store-pkcs11=.
    .
    gnutls28 (3.4.13-1) unstable; urgency=high
    .
      * New upstream bugfix release.
        + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was
          introduced in 3.4.12.
        + Testsuite requires netstat, add b-d.
    .
    gnutls28 (3.4.12-2) unstable; urgency=medium
    .
      * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
        have been dropped with the soname bump from libgnutls-deb0-28 to
        libgnutls30 in the first place. (Thanks, Andreas Beckmann)
        Closes: #825645
    .
    gnutls28 (3.4.12-1) unstable; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches.
          (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
          45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
          45_03_configure-corrected-regression-which-prevented-the-b.patch
          45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
        + Update copyright info, ship copy of the GNU Affero General Public
          License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files
          of the testsuite use this license.
    .
    gnutls28 (3.4.11-4) unstable; urgency=medium
    .
      * Drop guile-gnutls package, testsuite errors have stayed unfixed too long.
        Closes: #821457, #805863
    .
    gnutls28 (3.4.11-3) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.4.11-2) experimental; urgency=medium
    .
      * Pull post-release fixes from upstream gnutls_3_4_x branch.
        (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
        45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
        45_03_configure-corrected-regression-which-prevented-the-b.patch
        45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
    .
    gnutls28 (3.4.11-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches.
          (41_tests-mini-loss-time-ensure-client-timeouts.diff
          42_mini-loss-time-improved-timeout-detection.patch
          43_fix_cpucapoverride.diff)
      * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is
        not installed/built anymore. Update gnutls-doc file list.
      * Enable hardening=+bindnow.
    .
    gnutls28 (3.4.10-4) unstable; urgency=medium
    .
      * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
        GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
        unavailable. Closes: #818341
    .
    gnutls28 (3.4.10-3) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.4.10-2) experimental; urgency=medium
    .
      * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
      * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
        another try for Closes: #813598
    .
    gnutls28 (3.4.10-1) experimental; urgency=medium
    .
      * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
        master to fix FTBFS with parallel builds. Closes: #816148
      * New upstream version.
      * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
        master branch to fix occasional testsuite error. Closes: #813598
    .
    gnutls28 (3.4.9-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.4.9-1) experimental; urgency=medium
    .
      * New upstream version.
      * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch.
    .
    gnutls28 (3.4.8-3) unstable; urgency=medium
    .
      * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
        36_Revert-tests-updated-to-account-for-cert-generation.patch
        from upstream GIT. Closes: #813243
    .
    gnutls28 (3.4.8-2) unstable; urgency=medium
    .
      * Merge master branch into experimental.
        + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
        + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
          This is a kludge and technically wrong, but will prevent partial
          upgrades from stable. See: #788735
      * Upload to unstable.
    .
    gnutls28 (3.4.8-1) experimental; urgency=medium
    .
      * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
        + Update symbol file.
      * Move Vcs-* from git/http to https.
    .
    gnutls28 (3.4.7-1) experimental; urgency=medium
    .
      * New upstream version.
        + Update symbol file.
    .
    gnutls28 (3.4.6-1) experimental; urgency=medium
    .
      * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
        later) to improve reproducibility of build.
      * New upstream version.
        + Update symbol file.
      * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
        (>= 1.17.14). Both are required for build-profile support added in
        previous upload. (Thanks, lintian.)
    .
    gnutls28 (3.4.5-1) experimental; urgency=medium
    .
      [ Helmut Grohne ]
      * Turn Build-Depends: datefudge optional via <!nocheck> profile.
        Closes: #797544
    .
      [ Andreas Metzler ]
      * New upstream version.
    .
    gnutls28 (3.4.4.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
          bump dependency info for functions taking it as argument or returning it.
        + Bump dependency info on private symbols.
        + Update debian/copyright.
        + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
          CVE-2015-6251
    .
    gnutls28 (3.4.3-1) experimental; urgency=medium
    .
      * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
      * New upstream version.
        + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
          gnutls_pkcs11_token_info_t.
        + Add dependency info for new symbols, bump private symbol dependency.
    .
    gnutls28 (3.4.2-2) experimental; urgency=medium
    .
      * Disable libidn support because CVE-2015-2059 is still not fixed. See
        <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
        of crywrap.
    .
    gnutls28 (3.4.2-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
        + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
          version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)
    .
    gnutls28 (3.4.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Bump (build)-depends on nettle and p11-kit.
        + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
          55_nettle3.patch.
        + Update 14_version_gettextcat.diff.
        + Soname bump, library package renamed from libgnutls-deb0-28 to
          libgnutls30.
        + OpenSSL compat layer is not built by default anymore, pass
          --enable-openssl-compatibility to ./configure.
        + Update symbol file.
        + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
          restricted to the corresponding protocols only, and the VERS-ALL
          string is introduced to catch all possible protocols. Closes: #773145
        + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
          "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
          dependency on libidn11-dev to libgnutls28-dev.
      * Fix typo in debian/rules
        (s/-disable-silent-rules/--disable-silent-rules).
    .
    gnutls28 (3.3.20-1) unstable; urgency=medium
    .
      * autoreconf requires automake 1.12.2, add build-dependency.
      * New upstream version.
      * Move Vcs-* from git/http to https.
    .
    gnutls28 (3.3.19-1) unstable; urgency=medium
    .
      * New upstream version.
       + Refresh 20_debian_specific_soname.diff.
       + Update symbol file.
    .
    gnutls28 (3.3.18-1) unstable; urgency=medium
    .
      * New upstream version.
    .
    gnutls28 (3.3.17-1) unstable; urgency=medium
    .
      * New upstream version.
       + Drop superfluous patches.
        (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
         46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
         47_safe-renegotiation-simulate-receiving-the-extension-.patch)
       + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
         bump dependency info for functions taking it as argument or returning it.
       + Bump dependency info on private symbols.
       + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
         CVE-2015-6251
    .
    gnutls28 (3.3.16-2) unstable; urgency=medium
    .
      * Refresh 40_no_more_ssl3.diff.
      * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
        46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
        47_safe-renegotiation-simulate-receiving-the-extension-.patch
        Pull three patches from upstream GIT to fix issue with server side sending
        the status request extension even when not requested.
        <http://article.gmane.org/gmane.network.gnutls.general/3929>
    .
    gnutls28 (3.3.16-1) unstable; urgency=medium
    .
      * Limit watchfile to 3.3.x versions.
      * New upstream version.
        + Drop superfluous patches
          (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
          55_nettle3.patch,
          56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
        + Bump private symbol versioning.
    .
    gnutls28 (3.3.15-7) unstable; urgency=medium
    .
      * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
        is a kludge and technically wrong, but will prevent partial upgrades from
        stable. Closes: #788735
      * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    .
    gnutls28 (3.3.15-6) unstable; urgency=high
    .
      * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
        Closes: #788011
    .
    gnutls28 (3.3.15-5) unstable; urgency=medium
    .
      * Upload to unstable.
      * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
        against both 2.7 and 3.x.
    .
    gnutls28 (3.3.15-4) experimental; urgency=medium
    .
      * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
        allows compilation against both nettle 2.7 and 3.x.
      * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
        and libtasn1-6-dev, the =${binary:Version} dependency of the development
        packages on the respective library packages should make this superfluous.
    .
    gnutls28 (3.3.15-3) experimental; urgency=medium
    .
      * Add 55_nettle3.patch from
        http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
        against nettle3.
    .
    gnutls28 (3.3.15-2) unstable; urgency=medium
    .
      * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
        fixing a testsuite error on kfreebsd-*.
    .
    gnutls28 (3.3.15-1) unstable; urgency=medium
    .
      * New upstream stable release.
        + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].
    .
    gnutls28 (3.3.14-3) experimental; urgency=medium
    .
      * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
      * (Build-)depend on nettle-dev >= 3.0.
    .
    gnutls28 (3.3.14-2) unstable; urgency=medium
    .
      * Upload to unstable.
      * Sync version of Depends and Build-Depends on libtasn1-6-dev.
    .
    gnutls28 (3.3.14-1) experimental; urgency=medium
    .
      * New upstream version.
        + Bump libtasn b-d to >= 4.3.
    .
    gnutls28 (3.3.13-1) experimental; urgency=medium
    .
      * New upstream version.
        + Includes fix for CVE-2015-0294, a certificate algorithm consistency
          checking issue.
    .
    gnutls28 (3.3.12-1) experimental; urgency=medium
    .
      * New upstream version.
        + gnutls-cli-debug STARTTLS is working. Closes: #467022
    .
    gnutls28 (3.3.11-1) experimental; urgency=medium
    .
      * New upstream version.
        + Includes fix for OCSP response parsing issue. Closes: #772055
    .
    gnutls28 (3.3.10-2) experimental; urgency=medium
    .
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    .
    gnutls28 (3.3.10-1) experimental; urgency=medium
    .
      * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
        manpages.
      * New upstream version.
        + Includes fix for a denial of service issue CVE-2014-8564 /
          GNUTLS-SA-2014-5.
        + When gnutls_global_init() is called for a second time, it will check
          whether the /dev/urandom fd kept is still open and matches the original
          one. That behavior works around issues with servers that close all file
          descriptors. This should take care of #760476.
    .
    gnutls28 (3.3.9-1) experimental; urgency=medium
    .
      * New upstream version.
        + Unfuzz 20_debian_specific_soname.diff.
        + Drop 31_fallback_to_RUSAGE_SELF.diff.
        + Bump private symbol dependency info.
        + Bump dependency version of gnutls_certificate_get_issuer() and
          gnutls_x509_trust_list_get_issuer() because of newly added
          GNUTLS_TL_GET_COPY flag.
    .
    gnutls28 (3.3.8-7) unstable; urgency=medium
    .
      * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
        Pull two patches from upstream to a use-after-free flaw in
        gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
        Closes: #782776
    .
    gnutls28 (3.3.8-6) unstable; urgency=medium
    .
      * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
        6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
        certificate import check whether the two signature algorithms match.
        CVE-2015-0294. Closes: #779428
    .
    gnutls28 (3.3.8-5) unstable; urgency=medium
    .
      * Remove SSL 3.0 from default priorities list.
        Closes: #769904
    .
    gnutls28 (3.3.8-4) unstable; urgency=high
    .
      * Drop 31_fallback_to_RUSAGE_SELF.diff.
      * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
        from the application check the urandom fd for validity. Closes: #768841
        and takes care of #760476.
      * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
        session deinit. It is already being refreshed during the session lifetime.
      * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
        format, perform additional sanity checks on input.
        CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
      * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
        uses a cert in binary der-format which is not representable in a quilt
        patches and we want to limit debian.tar.xz to modify stuff in debian/ we
        have some special handling in debian/rules.)
    .
    gnutls28 (3.3.8-3) unstable; urgency=high
    .
      [ Daniel Kahn Gillmor ]
      * Add list of executables to gnutls-bin package description.
        Closes: #763671
    .
      [ Andreas Metzler ]
      * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
        try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
        Mavrogiannopoulos!) Closes: #760476
    .
    gnutls28 (3.3.8-2) unstable; urgency=medium
    .
      * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
        3.3.8 requires libtasn1 >= 3.9.
      * Upload to unstable.
    .
    gnutls28 (3.3.8-1) experimental; urgency=medium
    .
      * New upstream version.
        + Refresh 20_debian_specific_soname.diff.
        + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
          with old experimental upload 0.21.2-1
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
          some functions in the gnutls_pkcs11_* family due to new members in enums
          gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
          symbol dependency info, and bump shlibs.
      * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
        The GnuTLS library package automatically gets a dependency on libp11-kit0
        (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
        libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
        enforce a version on libp11-kit-dev and we do not need to duplicate the
        info.
      * Add explicit build-dependency on libopts25-dev. Closes: #761618
    .
    gnutls28 (3.3.7-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.3.7-1) experimental; urgency=medium
    .
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
          symbol dependency info, and bump shlibs.
        + New member in gnutls_pkcs11_obj_attr_t, bump version of
          gnutls_pkcs11_obj_list_import_url*.
    .
    gnutls28 (3.3.6-2) unstable; urgency=medium
    .
      * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
        lastest stable at freeze time.
      * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
        at-build-time-default-compiler) by exporting @CPP@.
    .
    gnutls28 (3.3.6-1) experimental; urgency=medium
    .
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * New upstream release.
        + Refresh 20_debian_specific_soname.diff.
        + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
          symbol dependency info.
    .
    gnutls28 (3.3.5-1) experimental; urgency=medium
    .
      * New upstream version.
      * Refresh patches/20_debian_specific_soname.diff.
      * Drop 30_Updated-asm-sources.patch.
      * Add new public symbols to symbol file, bump shlibs.
    .
    gnutls28 (3.3.3-1) experimental; urgency=medium
    .
      * New upstream version, including a fix for GNUTLS-SA-2014-3
        CVE-2014-3466.
      * Refresh 20_debian_specific_soname.diff.
      * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
      * New symbol gnutls_credentials_get, update symbol file and bump shlibs.
    .
    gnutls28 (3.3.2-2) experimental; urgency=high
    .
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Adapt symbol file accordingly.
        + Change 14_version_gettextcat.diff, too.
          Closes: #748742
       * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
         These have been unnecessary since we started using dh compat v9, where
         debugging symbols are installed to /usr/lib/debug/.build-id.
    .
    gnutls28 (3.3.2-1) experimental; urgency=medium
    .
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
      * New upstream version. Drop 20_guile_no_override_allocation.diff and
        21_Treat-othername-as-printable.diff.
    .
    gnutls28 (3.3.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop 20_sparc_chainverify_buserror.diff.
        + Pull 20_guile_no_override_allocation.diff and
          21_Treat-othername-as-printable.diff from upstream GIT.
        + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
          upstream since it was never exported in a public header and is not
          used according to codesearch.d.o.
    .
    gnutls28 (3.3.0-2) experimental; urgency=medium
    .
      * Drop last remains of -xssl from debian/.
      * Add debian/libgnutls28.symbols.
      * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
        increase the space available for certificates to fix sparc testsuite
        error.
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    .
    gnutls28 (3.3.0-1) experimental; urgency=medium
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
    .
      * Also version the p11-kit dependency.
      * New upstream version.
        + Set --enable-static, as only shared libs are built by default.
        + libgnutls-xssl is no more.
        + Bump shlibs.
      * Upload to experimental.
    .
    gnutls28 (3.2.16-1) unstable; urgency=medium
    .
      * New upstream version.
    .
    gnutls28 (3.2.15-3) unstable; urgency=medium
    .
      * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
        with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
      * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
        series.
    .
    gnutls28 (3.2.15-2) unstable; urgency=high
    .
      * Fix crashes due to symbol clashes when a binary ends up being linked
        against GnuTLS v2 and v3 by bumping library symbol-versioning (and
        therefore also the soname) in a Debian specific way, to make sure there is
        no conflict with future:
        + 20_debian_specific_soname.diff
          - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
          - Add "-release deb0" to libtool link command.
        + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
        + Change 14_version_gettextcat.diff, too.
        Closes: #74874
      * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
        These have been unnecessary since we started using dh compat v9, where
        debugging symbols are installed to /usr/lib/debug/.build-id.
      * debian/copyright: Add info about GPLv2 compatibility.
    .
    gnutls28 (3.2.15-1) unstable; urgency=high
    .
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.
    .
    gnutls28 (3.2.14-1) unstable; urgency=medium
    .
      * Do not build-depend on guile-2.0 on m68k. Closes: #745461
      * New upstream version.
      * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
        enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
        corresponding versioned build-dependency, to prevent building of
        uninstallable packages.
    .
    gnutls28 (3.2.13-2) unstable; urgency=medium
    .
      * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
        libgnutls28-dev.
    .
    gnutls28 (3.2.13-1) unstable; urgency=medium
    .
      * Also version the p11-kit dependency.
      * New upstream version.
    .
    gnutls28 (3.2.12.1-2) unstable; urgency=medium
    .
      * Upload to unstable.
      * Sync from Ubuntu (Colin Watson):
        + Add arm64 and ppc64el to the list of non-ia64 architectures on which
          guile-gnutls is built.
    .
    gnutls28 (3.2.12.1-1) experimental; urgency=medium
    .
      * New upstream version.
        + Drop superfluous patches:
          20_bug-in-gnutls_pcert_list_import_x509_raw.patch
          20_CVE-2014-0092.diff
    .
    gnutls28 (3.2.11-2) unstable; urgency=high
    .
      * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
      * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
        validation issue. CVE-2014-0092
    .
    gnutls28 (3.2.11-1) unstable; urgency=high
    .
      * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
      * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.
    .
    gnutls28 (3.2.10-2) unstable; urgency=high
    .
      * Upload to unstable.
    .
    gnutls28 (3.2.10-1) experimental; urgency=high
    .
      * New upstream version.
      * New symbols exported, bump shlibs.
    .
    gnutls28 (3.2.9-2) unstable; urgency=medium
    .
      * Upload to unstable.
    .
    gnutls28 (3.2.9-1) experimental; urgency=medium
    .
      * New upstream version.
        + %COMPAT implies %DUMBFW. (See #733039)
      * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
        dh_autoreconf.
      * Stop dh_clean from removing *.bak, upstream tarball actually contains
        files named such in src/ subdirectory.
    .
    gnutls28 (3.2.8.1-3) unstable; urgency=medium
    .
      * Correct c'n'p error in Vcs-Git field.
      * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)
    .
    gnutls28 (3.2.8.1-2) unstable; urgency=low
    .
      * Upload to unstable, without libgnutls-openssl27.
    .
    gnutls28 (3.2.8.1-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
          upstream.
        + Bump shlibs.
      * Add debian/upstream-signing-key.pgp (listed in
        debian/source/include-binaries) and update watchfile to check
        upstream signature.
    .
    gnutls28 (3.2.7-4) experimental; urgency=low
    .
      * Upload to experimental, with libgnutls-openssl27.
      * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)
    .
    gnutls28 (3.2.7-3) unstable; urgency=low
    .
      * Point vcs* to git.
      * Upload to unstable, without libgnutls-openssl27.
    .
    gnutls28 (3.2.7-2) experimental; urgency=low
    .
      * Fix kfreebsd FTBFS.
        + 45_add_strerror-module.patch add gnulib strerror module.
        + Use dh_autoreconf.
    .
    gnutls28 (3.2.7-1) experimental; urgency=low
    .
      * New upstream version.
        + Add b-d on bison.
        + Bump shlibs.
        + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
        + Simplify debian/rules, stop removing autogened files.
    .
    gnutls28 (3.2.6-2) experimental; urgency=low
    .
      * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
        for the hint.)
      * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.
    .
    gnutls28 (3.2.6-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.2.5-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
      * Ship examples/examples.h which is needed for building examples/*.c. Also
        add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
        Closes: #726971
    .
    gnutls28 (3.2.4-5) experimental; urgency=low
    .
      * Re-enable building of libgnutls-openssl27 binary package.
      * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
        transition to gnutls28.
    .
    gnutls28 (3.2.4-4) unstable; urgency=low
    .
      * 40_guilenoparallel.diff: Disable parallel build in
        guile/modules/.
    .
    gnutls28 (3.2.4-3) unstable; urgency=low
    .
      * Looks like "Architecture" in debian/control cannot be folded, unfold the
        respective entry for guile-gnutls.
    .
    gnutls28 (3.2.4-2) unstable; urgency=low
    .
      * Manpages were missing on binary-only builds. Closes: #721725
      * Build with
        --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
        ca-certificates not pulled in by build-dependencies anymore.
        Closes: #721726
      * Upload to unstable.
    .
    gnutls28 (3.2.4-1) experimental; urgency=low
    .
      * New upstream release.
        + Drop 40_Clean-up-after-test.patch.
      * Fix path to png files in info files with sed instead of symlinking images.
      * Bump shlibs.
    .
    gnutls28 (3.2.3-3) experimental; urgency=low
    .
      * Switch to dh, to easily allow us to move gtk-doc-tools to
        Build-Depends-Indep. Closes: #682596
    .
    gnutls28 (3.2.3-2) experimental; urgency=low
    .
      * Build gnutls-guile against guile-2.0.
        + Drop --disable-largefile on armel armhf mipsel.
        + ia64 does not build guile-2.0, disable guile-support there.
    .
    gnutls28 (3.2.3-1) unstable; urgency=low
    .
      * New upstream release.
      * Drop superfluous patches. (35_gnutls-priority-string.diff
        36_avoid-leaking-a-buffer-element.diff)
      * Bump shlibs.
    .
    gnutls28 (3.2.2-2) unstable; urgency=low
    .
      * Pull two patches from upstream:
        +35_gnutls-priority-string.diff Fix priority string parsing broken in
         3.2.2 Closes: #717314
        +36_avoid-leaking-a-buffer-element.diff
    .
    gnutls28 (3.2.2-1) unstable; urgency=low
    .
      * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
        Closes: #678070
      * New upstream version.
      * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
      * Bump shlibs.
    .
    gnutls28 (3.2.1-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Do not link everything against nettle on mips(el), the issue being worked
        around was fixed by the latest eglibc upload.
      * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
        same.
    .
    gnutls28 (3.2.1-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump nettle build-dep to >= 2.7.
        + Bump shlibs.
        + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
          whether it still fails on kfreebsd-i386.
        + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
          false positive error in 32-bit systems.
        + [32_linkagainstgmp.diff] Link libgnutls against gmp.
    .
    gnutls28 (3.1.12-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Fix vcs-field-not-canonical lintian error by using anonscm instead of
        svn.debian.org.
    .
    gnutls28 (3.1.12-1) experimental; urgency=low
    .
      * Use rm -f on clean, fixing an issue with building twice in row.
      * New upstream version.
      * On mips/mipsel link everything and the kitchen-sink against nettle to work
        around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").
    .
    gnutls28 (3.1.11-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.1.10-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs.
    .
    gnutls28 (3.1.9.1-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs.
      * Force re-generation of autogen-ed manpages.
    .
    gnutls28 (3.1.8-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls28 (3.1.7-1) experimental; urgency=low
    .
      * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
        the build-depency. (Thanks, Daniel Kahn Gillmor)
      * New upstream version.
        + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
          CVE-2013-0169 CVE-2013-1619.
        + New symbols added, bump shlibs.
        + Ship newly available libgnutls-xssl0 library in a separate package.
      * Disable Heart Beat (RFC6520) support.
    .
    gnutls28 (3.1.6-1) experimental; urgency=low
    .
      * Update watchfile, based on Bart Martens version for gnutls26 on
        q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
        3.x versions.
      * New upstream version.
        + requires libtasn1 >= 3.1, bump build-depends.
        + requires a a newer version of autogen, bump build-depends.
        + update debian/copyright to reflect the fact that GnuTLS authors have
          stopped assigning copyright to FSF.
    .
    gnutls28 (3.1.5-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 40_danetestfail.diff
        + Unfuzz 20_test-select.diff
        + Bump shlibs.
    .
    gnutls28 (3.1.4-1) experimental; urgency=low
    .
      * New upstream release.
        + Drop 40_fixtypo.diff.
        + debian/copyright: update upstream author list.
        + New symbols added, bump shlibs.
      * 40_danetestfail.diff - Do not try to run dane test without dane support.
    .
    gnutls28 (3.1.3-1) experimental; urgency=low
    .
      * New upstream release.
      * Explicitly set --disable-libdane --without-tpm.
      * Bump shlibs.
      * 40_fixtypo.diff pulled from upstream git.
      * Update debian/copyright from AUTHORS.
    .
    gnutls28 (3.1.2-1) experimental; urgency=low
    .
      * New upstream release.
        + Requires libtasn1-3 2.14, bump (b-)d.
        + New symbols added, bump shlibs.
    .
    gnutls28 (3.1.1-1) experimental; urgency=low
    .
      * New upstream release.
        + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
          Closes: #686242
        + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
          42_dump-the-errno.diff 43_possiblefix.diff)
        + Bump shlibs.
      * Sync version of libgnutls-dev dependency on nettle-dev with the
        build-dependency.
    .
    gnutls28 (3.1.0-5) experimental; urgency=low
    .
      * 43_possiblefix.diff might fix the test suite error.
    .
    gnutls28 (3.1.0-4) experimental; urgency=low
    .
      * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
        testsuite error.
    .
    gnutls28 (3.1.0-3) experimental; urgency=low
    .
      * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.
    .
    gnutls28 (3.1.0-2) experimental; urgency=low
    .
      * Mention abbreviation "DTLS" in package description.
      * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
        it spuriously fails on about half of the buildds.
    .
    gnutls28 (3.1.0-1) experimental; urgency=low
    .
      * New upstream release.
        + Bump nettle build-dep to >= 2.5.
        + Bump shlibs.
    .
    gnutls28 (3.0.22-2) unstable; urgency=low
    .
      * Upload to unstable. This is a leaf-package, experimental should get
        3.1.0.
    .
    gnutls28 (3.0.22-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls28 (3.0.21-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 35_s390buildfix.diff.
      * Bump shlibs (new functions added.)
    .
    gnutls28 (3.0.20-3) unstable; urgency=low
    .
      * 35_s390buildfix.diff - Fixes test-suite error on s390x.
    .
    gnutls28 (3.0.20-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.20-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs (new functions added.)
      * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
        CLOCK_MONOTONIC now. #662018
    .
    gnutls28 (3.0.19-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.19-1) experimental; urgency=low
    .
      * New upstream version.
        + libgnutls: When decoding a PKCS #11 URL the pin-source field
          is assumed to be a file that stores the pin. (LP: #929108)
        + Drop 31_killchild.diff, included upstream.
    .
    gnutls28 (3.0.18-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.18-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
      * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
        build to hang.
    .
    gnutls28 (3.0.17-2) unstable; urgency=low
    .
      * Upload to unstable.
    .
    gnutls28 (3.0.17-1) experimental; urgency=low
    .
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.0.15-2) experimental; urgency=low
    .
      * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
        support for CLOCK_MONOTONIC is missing there. (See #662018.)
    .
    gnutls28 (3.0.15-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop superfluous patches (30_microseconds-does-not-overflow.patch,
          31_provide-accurate-value-to-select.patch)
        + Includes fix for CVE-2012-1573.
      * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
      * Bump libgnutls-dev dependency on libp11-kit-dev.
    .
    gnutls28 (3.0.14-1) experimental; urgency=low
    .
      * New upstream version.
        + Drop 30_force-kill-of-child.diff.
      * Pull 30_microseconds-does-not-overflow.patch and
        31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
        error (tests/mini-loss) on kfreebsd-*.
    .
    gnutls28 (3.0.13-1) experimental; urgency=low
    .
      * New upstream version.
        + bump libp11-kit-dev build-dep. to >= 0.11.
        + drop 30_guilegnutlserrorcodes.diff.
      * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
      * Use and link against Debian's packaged version of autogen/libopts.
        + B-d on autogen.
        + remove autogen-generated files (*.c, *.h) on clean. autogen requires
          that the system headers are at least of the same version as the
          one which was used to generate the files from their respective .def
          sources.
      * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
      * Bump shlibs.
    .
    gnutls28 (3.0.12-2) unstable; urgency=low
    .
      * De-multiarch guile-gnutls. Closes: #658110
    .
    gnutls28 (3.0.12-1) unstable; urgency=low
    .
      * New upstream version.
      * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
        testsuite error.
      * Update debian/copyright.
      * Bump shlibs. (OCSP support)
      * Add trivial ocsptool manpage.
    .
    gnutls28 (3.0.11-1) unstable; urgency=low
    .
      * New upstream version.
    .
    gnutls28 (3.0.10-1) unstable; urgency=low
    .
      * Drop guile-gnutls.README.Debian - binary guile modules are no longer
        directly installed in $libdir.
      * New upstream version.
        + Drop patches/30_correctly-set-the-odd-bits.patch.
        + gnutls_random_art() added. Update copyright, bump shlibs.
        + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
          Closes: #652552
    .
    gnutls28 (3.0.9-2) unstable; urgency=low
    .
      * [20_test-select.diff] Do not run gnulib test-select test anymore. The
        test fails on kfreebsd-i386, the gnutls library does not use select().
      * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
      * Upload to unstable.
    .
    gnutls28 (3.0.9-1) experimental; urgency=low
    .
      * New upstream version.
      * Include guile-gnutls package.
      * Bump shlibs.
    .
    gnutls28 (3.0.8-2) unstable; urgency=low
    .
      * First upload to unstable.
        + Disable openssl-wrapper package, let it be provided by gnutls26 until
          gnutls28 is in testing.
        + Disable gnutls-guile package, let it be provided by gnutls26 until
          gnutls28 is in testing.
    .
    gnutls28 (3.0.8-1) experimental; urgency=low
    .
      * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
        guile related FTBFS on these architectures.
        See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
      * New upstream version.
        + Bump shlibs.
    .
    gnutls28 (3.0.7-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
      * Drop 20_addGNU-stack.diff, included upstream.
      * loadable Guile module no longer installed directly to $libdir but to
        $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
        Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify
        DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
      * gnutls-extra is removed upstream, there is no need anymore to manually
        remove the bits and pieces in debian/rules.
    .
    gnutls28 (3.0.4-2) experimental; urgency=low
    .
      * Drop libgnutls-dev.README.Debian, the information provided there stopped
        being relevant in 2.7.12.
      * Delete superfluous info from debian/README.source.
      * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
        seem to be possible.
        http://lists.debian.org/debian-devel/2011/10/msg00332.html
      * Simplify dependencies:
        + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
          also provided by gnutls26' libgnutls-dev).
        + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
          gnutls-dev (<< 0.4.0-0), libgnutls11-dev.
    .
    gnutls28 (3.0.4-1) experimental; urgency=low
    .
      * New upstream version.
        + bump shlibs.
        + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
      * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
      * [20_addGNU-stack.diff] Add GNU-stack note to newly added
        padlock-common.s.
      * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
        be packaged for Debian again when it provides functionality.
      * Update debian/copyright, accelerated assembly code is non-FSF copyright.
      * Add crywrap.8 manpage.
    .
    gnutls28 (3.0.3-1) experimental; urgency=low
    .
      * New upstream version. (Includes a fix for #640639)
      * Bump shlibs.
    .
    gnutls28 (3.0.2-1) experimental; urgency=low
    .
      * Update debian/copyright for crywrap.
      * Since libgnutls*-dbg contains debugging symbols of helper applications
        libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
        Conflicts.
      * New upstream version. It also includes the fixes for #638586 (Correct
        parsing of XMPP subject alternative names) and #638595
        (gnutls_certificate_set_x509_key() and
        gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
        release of the private key during the lifetime of the certificate
        structure.)
      * Configure with --enable-gtk-doc, the included API reference is incomplete
        in the tarball.
      * [lintian] Get rid of binary-control-field-duplicates-source field
        warnings.
      * [lintian] Add description header to 14_version_gettextcat.diff
      * Bump shlibs.
    .
    gnutls28 (3.0.1-1) experimental; urgency=low
    .
      * Update Vcs-Svn and Vcs-Browser for new source package name.
      * New upstream version.
        + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
      * Bump build-dependency on libp11-kit-dev to (>= 0.4).
      * Drop 20_executablestack.diff, included upstream.
      * Includes crywrap(8), an application that proxies TLS session to a port
        using a plaintext service.
      * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
      * Bump shlibs. (New flags).
    .
    gnutls28 (3.0.0-2) experimental; urgency=low
    .
      * Add missing b-d on chrpath.
      * Search for .xz instead of .bz2 in watchfile.
    .
    gnutls28 (3.0.0-1) experimental; urgency=low
    .
      * Drop gcrypt related patches (16_unnecessarydep.diff
        17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
        20_gcrypt15compat.diff), update remaining one
        (14_version_gettextcat.diff).
      * Build against nettle and p11-kit.
        + Update DEB_CONFIGURE_EXTRA_FLAGS.
        + Update (Build-)Depends. (Add pkg-config, it is used for locating
          p11-kit.)
      * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
        libgnutls28.
      * Drop libgnutls Breaks, they are superfluous after the soname change.
      * Delete config.log on clean.
      * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
        assembly files.
      * Delete unneccessary rpath entries.
      * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
        NEWS entry for this license change.
      * Move gnutls-extra library to separate package.
    .
    gnutls26 (2.12.7-4) unstable; urgency=low
    .
      * Upload to unstable.
      * Point watch file to stable release directory.
      * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
        Libs.private. Closes: #632891
      * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)
    .
    gnutls26 (2.12.7-3) experimental; urgency=low
    .
      [ Simon Josefsson ]
      * Fix Debian BTS URL in --with-packager-bug-reports option.
    .
      [ Andreas Metzler ]
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    .
    gnutls26 (2.12.7-2) experimental; urgency=low
    .
      * Stop shipping libtool la files.
      * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
        + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
          *.install accordingly.
        + Bump cdbs Build-Depends to 0.4.93 (required for expanding
          $(DEB_HOST_MULTIARCH)).
        + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
        + runtime libraries and guile-wrapper are Multi-Arch: same with
          Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are
          Multi-Arch: foreign, -dev and -dbg remain unchanged.
        + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
          package. It contains debugging symbols for both library and helper
          binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
          co-installable with itself.
    .
    gnutls26 (2.12.7-1) experimental; urgency=low
    .
      * New upstream version.
      * Update 17_ignoretestsuitteerrors.diff.
      * A new version of pokerth has been uploaded to sid, update libgnutls26
        Breaks accordingly.
    .
    gnutls26 (2.12.6.1-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs, global_set_time_function() was added.
      * Stop setting CFLAGS += -Wall, it is set by default again.
      * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
        errors.
    .
    gnutls26 (2.12.5-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs, gnutls_x509_crq_verify() was added.
    .
    gnutls26 (2.12.4-1) experimental; urgency=low
    .
      * New upstream version.
      * Bump shlibs. (gnutls_certificate_get_issuer() added).
    .
    gnutls26 (2.12.3-1) experimental; urgency=low
    .
      * New upstream version.
      * Drop patches included upstream: [18_restoreHMAC-MD5.diff]
    .
    gnutls26 (2.12.2-2) experimental; urgency=low
    .
      * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
        for compatibility. Closes: #623001
    .
    gnutls26 (2.12.2-1) experimental; urgency=low
    .
      * New upstream version.
      * [lintian] Drop article from short package descriptions.
    .
    gnutls26 (2.12.1-1) experimental; urgency=low
    .
      * New upstream version.
        + certtool: Generated certificate request with stricter permissions.
          Closes: #619746
      * Drop superfluous patches:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
      * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
        need a binNMU when gnutls 2.12.x uploaded to unstable.
    .
    gnutls26 (2.12.0-1) experimental; urgency=low
    .
      * New upstream stable release.
        + Drop superceded patches 17_goldhotfix.patch
          18_libgnutls-openssl_soname.diff.
      * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
        17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
        19_uninitializedvar.diff 20_access_freedmemory.diff
    .
    gnutls26 (2.11.7-2) experimental; urgency=low
    .
      * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
        versioning: 27:0:0).
      * Split off libgnutls-openssl to a separate package, since the sonames are
        not in sync anymore.
    .
    gnutls26 (2.11.7-1) experimental; urgency=low
    .
      * New upstream version (rc for 2.12)
        + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
        + Bump shlibs.
      * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.
    .
    gnutls26 (2.11.6-2) experimental; urgency=low
    .
      * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
        on big endian architectures.
    .
    gnutls26 (2.11.6-1) experimental; urgency=low
    .
      * Development release.
      * Continue building against libgcrypt, run configure with --with-libgcrypt.
      * Refresh patches/15_fixgnutlspc.diff.
      * Set --with-packager* options.
      * Install newly available p11tool binary.
      * Bump libgcrypt11-dev Build-Depends.
      * C++ wrapper soname bump, change package name accordingly.
      * Bump shlibs.
      * Update debian/copyright.
      * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    .
    gnutls26 (2.10.5-3) unstable; urgency=medium
    .
      * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
    .
    gnutls26 (2.10.5-2) unstable; urgency=low
    .
      * Stop shipping libtool la files.
    .
    gnutls26 (2.10.5-1) unstable; urgency=low
    .
      * New upstream bugfix release.
        + Drop 15_fixgnutlspc.diff, included upstream.
      * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
        seem to set it by default.
    .
    gnutls26 (2.10.4-2) unstable; urgency=low
    .
      * Use debhelper compatibility level 7.
      * Merge in changes from 2.8.6-1:
        + Use dh_lintian.
        + Use dh_makeshlibs for the guile stuff, too. This gets us
          a) ldconfig in postinst. Closes: #553109
          and
          b) a shlibs file.
          However the shared objects /usr/lib/libguile-gnutls*so* are still not
          designed to be used as libraries (linking) but are dlopened. guile-1.10
          will address this issue by keeping this stuff in a private directory.
        + hotfix pkg-config files (proper fix to be included upstream).
        + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
          Closes: #405239
       * Upload to unstable.
    .
    gnutls26 (2.10.4-1) experimental; urgency=low
    .
      * New upstream release. V1 CAs are trusted by default.
    .
    gnutls26 (2.10.3-1) experimental; urgency=low
    .
      * Drop workaround for 519006, binutils is fixed even in squeeze.
      * New upstream bugfix release.
    .
    gnutls26 (2.10.2-1) experimental; urgency=low
    .
      * New upstream version.
        + Fix asynchronous API handling. Closes: #588187
        + certtool does not crash on reading from /dev/null anymore.
          Closes: #588029
      * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
    .
    gnutls26 (2.10.1-1) experimental; urgency=low
    .
      * Update package descriptions. Closes: #588067
      * New upstream version.
    .
    gnutls26 (2.10.0-2) experimental; urgency=low
    .
      * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1),
        libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
        support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
        (2.31.2-1) not yet. Closes: #587755
    .
    gnutls26 (2.10.0-1) experimental; urgency=low
    .
      * New upstream stable release.
      * Point watchfile to stable releases.
    .
    gnutls26 (2.9.12-2) experimental; urgency=low
    .
      * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
        without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
        useless and almost empty package on these archs.)
      * Drop ancient workaround for gcc bug on hppa.
        http://bugs.debian.org/128036
    .
    gnutls26 (2.9.12-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls26 (2.9.11-1) experimental; urgency=low
    .
      * New upstream version.
      * Drop 15_gnutlspriority.diff, superseded.
    .
    gnutls26 (2.9.10-2) experimental; urgency=low
    .
      * [15_gnutlspriority.diff] Restore compatibility with programs using
        gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
        Closes: #579831
    .
    gnutls26 (2.9.10-1) experimental; urgency=low
    .
      * New upstream version.
      * New functions added, bump shlibs.
    .
    gnutls26 (2.9.9-1) experimental; urgency=low
    .
      * Package upstream development branch for experimental.
      * Track development versions in watchfile.
      * Package C++ wrapper again. Closes: #548637
    .
    gnutls26 (2.8.6-1) unstable; urgency=low
    .
      * Use dh_lintian.
      * Use dh_makeshlibs for the guile stuff, too. This gets us
        a) ldconfig in postinst. Closes: #553109
        and
        b) a shlibs file.
        However the shared objects /usr/lib/libguile-gnutls*so* are still not
        designed to be used as libraries (linking) but are dlopened. guile-1.10
        will address this issue by keeping this stuff in a private directory.
      * hotfix pkg-config files (proper fix to be included upstream).
      * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
    .
    gnutls26 (2.8.5-2) unstable; urgency=low
    .
      * Add a huge bunch of lintian overrides for the guile stuff to make dak
        happy.
    .
    gnutls26 (2.8.5-1) unstable; urgency=low
    .
      * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
      * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
        orig.tar.bz2 without repacking it to gz.
      * New upstream version.
        + Drop patches/20_fixtimebomb.diff.
    .
    gnutls26 (2.8.4-2) unstable; urgency=high
    .
      * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
    .
    gnutls26 (2.8.4-1) unstable; urgency=low
    .
      * New upstream version.
        + Drop debian/patches/15_openpgp.diff.
      * Sync priorities with override file, libgnutls26 has been bumped from
        important to standard.
    .
    gnutls26 (2.8.3-3) unstable; urgency=low
    .
      * Empty dependency_libs in la-files. (Squeeze release goal.)
    .
    gnutls26 (2.8.3-2) unstable; urgency=low
    .
      * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
        openpgp connections.
    .
    gnutls26 (2.8.3-1) unstable; urgency=high
    .
      * New upstream version.
        + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
          was built against. Closes: #540449
        + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
          certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
          http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
      * Drop 15_chainverify_expiredcert.diff, included upstream.
      * Urgency high, since 541439 applies to testing, too.
    .
    gnutls26 (2.8.1-2) unstable; urgency=low
    .
      [ Simon Josefsson ]
      * Remove cruft in rules file.
      * Remove patches/15_tasn1inpc.diff, not needed.
    .
      [ Andreas Metzler ]
      * Finally add an entry to the NEWS.Debian file concerning the deprecation of
        RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
      * Upload to unstable.
      * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
        Fix testsuite error caused by expired certificate.
    .
    gnutls26 (2.8.1-1) experimental; urgency=low
    .
      * New upstream stable release.
    .
    gnutls26 (2.7.14-1) experimental; urgency=low
    .
      * [debian/control] set section setting of source package to libs instead of
        devel.
      * New upstream version.
        + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
        + Bump shlibs, new symbols added.
    .
    gnutls26 (2.7.12-1) experimental; urgency=low
    .
      * Fix typo in changelog. Closes: #526427
      * New upstream release.
        + Does not ship the scripts libgnutls-extra-config and libgnutls-config
          and the .m4 snippet to use it anymore. Please switch to pkg-config or
          standard autoconf test. Drop manpages and
          both patches/13_lessdeps_gnutls-config.diff and
          patches/13_lessdeps_gnutls-config.diff from the debian diff.
        + Update remaining patches.
        + Bump shlibs, new symbols added.
      * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
        already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
        GNUTLS_2_8.
      * New upstream uses separate ./configure scripts for the different
        libraries. Invoke the main ./configure script with
        --cache-file=$(CURDIR)/config.cache to speed things up.
    .
    gnutls26 (2.6.6-1) unstable; urgency=high
    .
      * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
        way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
      * New upstream security release.
        + libgnutls: Corrected double free on signature verification failure.
          GNUTLS-SA-2009-1 CVE-2009-1415
        + libgnutls: Fix DSA key generation. Noticed when investigating the
          previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
          2.6.x are corrupt.  See the advisory for more details.
          GNUTLS-SA-2009-2 CVE-2009-1416
        + libgnutls: Check expiration/activation time on untrusted certificates.
          Before the library did not check activation/expiration times on
          certificates, and was documented as not doing so.
          GNUTLS-SA-2009-3 CVE-2009-1417
       * The former two issues only apply to gnutls 2.6.x. The latter is a
         behavior change, add a NEWS.Debian file to document it.
    .
    gnutls26 (2.6.5-1) unstable; urgency=low
    .
      * Sync sections in debian/control with override file. libgnutls26-dbg is
        section debug, guile-gnutls is section lisp.
      * New upstream version. (Needed for Libtasn1-3 2.0)
      * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
      * Standards-Version: 3.8.1, no changes required.
    .
    gnutls26 (2.6.4-2) unstable; urgency=low
    .
      * Upload to unstable.
      * Merge changelog entries from unstable and experimental.
    .
    gnutls26 (2.6.4-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls26 (2.6.3-1) experimental; urgency=low
    .
      * New upstream version.
        + Corrects bug gnutls-cli which caused a rehandshake request
          to be ignored. Closes: #396867
      * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
    .
    gnutls26 (2.6.2-2) experimental; urgency=low
    .
      * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
        correct certificate chains were not recognized as verified.
        Closes: #507633
      * [lintian] Add ${misc:Depends} to multiple dendency lines.
    .
    gnutls26 (2.6.2-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
        + Drop 20_fix_501077.diff.
      * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
        there.
      * Add Simon Josefsson to uploaders.
    .
    gnutls26 (2.6.0-1) experimental; urgency=low
    .
      * New upstream stable release.
      * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
        gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
    .
    gnutls26 (2.5.9-1) experimental; urgency=low
    .
      * New upstream development version.
      * Bump shlibs.
    .
    gnutls26 (2.4.2-6) unstable; urgency=medium
    .
      * New patches, syncing with 2.4.3 upstream oldstable release:
        + 24_intermedcertificate.patch If a non-root certificate ist trusted
          gnutls certificateificate verification stops there instead of checking
          up to the root of the certificate chain.
        + 22_whitespace.patch - Whitespace only changes, to make it possible to
          apply upstream fixes without manual changes.
        + 25_bufferoverrun.patch. Fix buffer overrun bug in
          gnutls_x509_crt_list_import.
          http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
    .
    gnutls26 (2.4.2-5) unstable; urgency=low
    .
      * Pull two patches from upstream stable branch to make gnutls behavior
        match documentation:
       + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
         certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
       + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
         certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
         GNUTLS_CERT_INSECURE_ALGORITHM verification output.
         CVE-2009-2409
    .
    gnutls26 (2.4.2-4) unstable; urgency=medium
    .
      * Add Simon Josefsson to uploaders.
      * Another fix for the verification fix. Some correct certificate chains were
        not recognized as verified. Closes: #507633
    .
    gnutls26 (2.4.2-3) unstable; urgency=low
    .
      * Fix a crash on trying to verify self-signed certificates introduced by the
        patch for CVE-2008-4989. Closes: #505279
    .
    gnutls26 (2.4.2-2) unstable; urgency=medium
    .
      * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
        verification. CVE-2008-4989 GNUTLS-SA-2008-3
    .
    gnutls26 (2.4.2-1) unstable; urgency=low
    .
      * New upstream bugfix release.
      * Up to date gnutls-cli manpage. Closes: #492775
    .
    gnutls26 (2.4.1-1) unstable; urgency=medium
    .
      * New upstream version, fixing a local denial of service vulnerability only
        present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377
    .
    gnutls26 (2.4.0-2) unstable; urgency=low
    .
      * Standards version 3.8.0. Rename README.source_and_patches to README.source.
      * Upload to unstable.
      * Point watchfile to stable releases again.
      * Merge experimental and unstable changelog.
    .
    gnutls26 (2.4.0-1) experimental; urgency=low
    .
      * New upstream stable release.
      * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
    .
    gnutls26 (2.3.15-1) experimental; urgency=low
    .
      * New upstream version. (rc4)
        Disables 'openpgp-certs' tests. Closes: #486269
    .
    gnutls26 (2.3.14-1) experimental; urgency=low
    .
      * New upstream version. (rc3)
    .
    gnutls26 (2.3.13-1) experimental; urgency=low
    .
      * New upstream version. 2nd rc for 2.4.0.
      * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
    .
    gnutls26 (2.3.12-1) experimental; urgency=low
    .
      * New upstream version. Bump shlibs.
      * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
      * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
        failure on sparc.
    .
    gnutls26 (2.3.11-1) experimental; urgency=low
    .
      * New upstream version.
        + Fixes three security vulnerabilities.
          [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
          <http://www.gnu.org/software/gnutls/security.html>.
          CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
        + Fixes subjectAltName wildcard matching. Closes: #479174
        + certtool now writes keyfiles with 0600 permissions. Closes: #373169
    .
    gnutls26 (2.2.5-1) unstable; urgency=high
    .
      * New upstream version.
        Fixes three security vulnerabilities.
        [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
        <http://www.gnu.org/software/gnutls/security.html>.
        CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    .
    gnutls26 (2.3.9-1) experimental; urgency=low
    .
      * New upstream development version.
        - OpenPGP support merged into libgnutls and is now licensed under LGPL.
          The included copy of OpenCDK has been stripped down and re-licensed
          under the LGPL. Using the external OpenCDK is not supported anymore, the
          external library will not be maintained anymore. Drop respective
          (build-)depends.
        - API extended, bump shlibs.
        - certtool asks for password confirmation. Closes: #364287
        - performance enhancements for gnutls_certificate_set_x509_trust_file.
          Closes: #400448
        - gnutls-cli: exits when hostname doesn't match certificate.
          Use --insecure to avoid hostname comparison.
      * For paranoia sake build with -D_REENTRANT even if upstream has stopped
        doing so.
      * [debian/copyright] : update, and stop including a GFDL copy.
      * Point watchfile to development versions.
    .
    gnutls26 (2.2.3-1) unstable; urgency=low
    .
      * New upstream stable release.
        - --priority is documented in gnutls-cli(1) manpage. Closes: #467051
    .
    gnutls26 (2.2.3~rc-1) unstable; urgency=low
    .
      * New upstream version. Release candidate for 2.2.3.
        + Increase default handshake packet size limit to 48kb. Closes: #478191
      * remove unsupported .l command from debian/libgnutls-config.1
      * Use Programming/C as doc-base section.
    .
    gnutls26 (2.2.2-1) unstable; urgency=low
    .
      * New upstream version.
        Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
        and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
        strings and return the proper size.
        corrected string handling in parse_general_name.
        Closes: #465197
      * Point watchfile to ftp.gnutls.org.
      * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
    .
    gnutls26 (2.2.1-3) unstable; urgency=low
    .
      * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
        gnutls guile wrapper on ia64.
    .
    gnutls26 (2.2.1-2) unstable; urgency=low
    .
      * Add Vcs-Svn: and Vcs-Browser control fields.
      * Upload to unstable.
    .
    gnutls26 (2.2.1-1) experimental; urgency=low
    .
      * New upstream version.
      * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
        there.
      * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
        packages contain gnutls-bin debugging symbols. Closes: #459295.
    .
    gnutls26 (2.2.0-1) experimental; urgency=low
    .
      * New upstream version.
        License change! Main library stays LGPLv2.1+ but libgnutls-extra,
        libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
        updated.
      * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
        versions were GPLv2+) and this license is not compatible with GPLv3+.
      * Non packaged 2.1.8 introduced new symbol
        gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
      * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
      * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
        DSA2 support. Closes: #455513
      * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
    .
    gnutls26 (2.1.7-1) experimental; urgency=low
    .
      * New upstream version.
        - Another soname bump. Packages renamed.
      * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
        dak does not allow that yet.
      * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
        libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
    .
    gnutls25 (2.1.6-2) experimental; urgency=low
    .
      * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
        experimental buildds happy.
    .
    gnutls25 (2.1.6-1) experimental; urgency=low
    .
      * New upstream version. API changes! Please consult
        /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
        removed (mainly *_authz_*) and changed interfaces.
        This is the first release canddate for 2.2. The deprecation of
        gnutls_set_default_priority() is supposed to be undone before the final
        stable release.
      * Bump build-depends.
      * Stop building and shipping the C++ library, since nobody is using it. I
        will happly re-add it if requested.
      * Add Homepage field to debian/control.
      * Build and ship Guile bindings. Requested by Ludovic Courtès who also
        provided the initial patch. (On a sidenote I think guile generally does
        not do the right thing by throwing dlopened modules into /usr/lib/.)
      * Update debian/copyright.
    .
    gnutls13 (2.0.1-1) unstable; urgency=low
    .
      * New upstream version.
      * Remove doc/*.info* on clean to allow building thrice in a row.
        (Closes: #441740)
    .
    gnutls13 (1.7.19-1) unstable; urgency=low
    .
      * New upstream version 1.7.19.
        - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
          This takes of care of the mutt breakage. Closes: #439640
    .
    gnutls13 (1.7.18-2) unstable; urgency=low
    .
      * Upload to unstable
    .
    gnutls13 (1.7.18-1) experimental; urgency=low
    .
      * New upstream version 1.7.18, release candidate for 2.0.
      * Bump shlibs, since functions have been added.
      * Image files renamed upstream with gnutls- prefix and symlinked to
        /usr/share/info/ in Debian package. Closes: #423577
    .
    gnutls13 (1.7.16-1) experimental; urgency=low
    .
      * New upstream version 1.7.16.
    .
    gnutls13 (1.7.14-1) experimental; urgency=low
    .
      * New upstream version
        - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
    .
    gnutls13 (1.7.12-1) experimental; urgency=low
    .
      * New upstream version 1.7.12
        - Fixes memory errors in certificate parsing. Closes: #333050
      * Bump shlibs, due to API extensions in 1.7.10.
      * Rebuilding of docs simpified, strip debian/README.source_and_patches to
        reflect that.
    .
    gnutls13 (1.7.9-1) experimental; urgency=low
    .
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
      * New upstream version.
        - Uses opencdk10 (0.6.x).
        - Improved gnutls_set_default_priority() priorities, with matching correct
          docs. (Closes: #422024)
        - bumped shlibs.
      * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
        twice in a row on the same sourcetree. (Closes: #424357) Document what is
        needed to rebuild doc/gnutls.pdf in README.source_and_patches.
    .
    gnutls13 (1.7.7-1) experimental; urgency=low
    .
      * New development upstream version 1.7.7.
        - Point watchfile to development versions.
        - Bump shlibs for added APIs.
        - Includes German translation. (Closes: #392857)
    .
    gnutls13 (1.6.3-1) unstable; urgency=low
    .
      * New upstream version, pulling selected fixes and features from 1.7.x.
      * Bump shlibs.
    .
    gnutls13 (1.6.2-2) unstable; urgency=low
    .
      * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
    .
    gnutls13 (1.6.2-1) unstable; urgency=low
    .
      * New upstream version
        - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
          certificates, since it contains a regenerated pkix_asn1_tab.c.
        - Ship German translation. Closes: #392857
    .
    gnutls13 (1.6.1-2) unstable; urgency=low
    .
      * [gnutls-bin.install] Ship psktool.
      * Ship gettext translations in deb package, but as gnutls13.mo instead of
        gnutls.mo.
      * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
        changelog entries after branchoff. Point watchfile to stable upstream
        versions again.
      * Drop dependency of libgnutls13-dbg on libgnutlsxx13.
    .
    gnutls13 (1.6.1-1) experimental; urgency=low
    .
      [ James Westby ]
      * New upstream release.
    .
    gnutls13 (1.6.0-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls13 (1.5.3-1) experimental; urgency=low
    .
      [ Andreas Metzler ]
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
      * New upstream version 1.5.3.
      * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
      * Drop code for re-libtoolizing and running auto* from debian/rules, it is
        unused and would not work anymore. (We can later grab the from SVN and
        update it to make work if we ever need it.)
    .
    gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
    .
      [ Andreas Metzler ]
      * Add a watchfile.
      * New upstream development version.
        - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
        - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
          broken.
        - Drop unneeded patches/16_libs.private_gnutls.diff
          patches/16_libs.private_gnutls-extra.diff
        - Point watchfile to development versions.
        - Builds a C++ library.
      * Switch to debhelper v5 mode to be able to ship debug symbols of
        libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
      * Branched off from 1.4.4-1.
    .
    gnutls13 (1.4.4-3) unstable; urgency=low
    .
      * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
           When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
           version, try to negotiate the highest version support by the GnuTLS
           server, instead of the lowest.
    .
    gnutls13 (1.4.4-2) unstable; urgency=low
    .
      [ Andreas Metzler ]
      * Add a watchfile.
      * Fix debian/copyright.
        - Do not use "copyright" as title of a paragraph listing licenses.
          (Closes: #290194)
        - Add a copy of the FDL 1.2 to debian/copyright.
    .
    gnutls13 (1.4.4-1) unstable; urgency=high
    .
      [ Andreas Metzler ]
      * New upstream version 1.4.4
        - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
          crash mutt. (closes: #386725)
          GNUTLS-SA-2006-4 is CVE-2006-4790.
    .
    gnutls13 (1.4.3-2) unstable; urgency=low
    .
      * the lesser of two weevils release.
      [ Andreas Metzler ]
      * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
        various programs, including mutt. (closes: #386680)
    .
    gnutls13 (1.4.3-1) unstable; urgency=high
    .
      [ Andreas Metzler ]
      * New upstream version 1.4.3.
        - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
          rump session attack. GNUTLS-SA-2006-4
        - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
          GNUTLS-SA-2006-3
        - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
    .
    gnutls13 (1.4.2-1) unstable; urgency=medium
    .
      [ Andreas Metzler ]
      * New upstream bugfix release.
        - Fixes a crash in the certificate verification logic.
    .
    gnutls13 (1.4.1-1) unstable; urgency=low
    .
      [ James Westby ]
      * New upstream release.
      * Remove the following patches as they are now included upstream:
        - 10_certtoolmanpage.diff
        - 15_fixcompilewarning.diff
        - 30_man_hyphen_*.patch
      * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
        gnutls-api so that devhelp can find it.
    .
    gnutls13 (1.4.0-3) unstable; urgency=low
    .
      [ Andreas Metzler ]
      * Strip "libgnutls-config --libs"' output to only list stuff required for
        dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
        README.Debian.
      * Pull patches/16_libs.private_gnutls.diff and
        debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
        pkg-config usable for static linking.
    .
    gnutls13 (1.4.0-2) unstable; urgency=low
    .
      [ Andreas Metzler ]
      * Set maintainer to alioth mailinglist.
      * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
        handles this. Build-Depend on autotools-dev.
      * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
      * Use cdbs' simple-patchsys.mk.
        - add debian/README.source_and_patches
        - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
      * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
      * Also ship css-, devhelp- and sgml files in gnutls-doc.
      * patches/15_fixcompilewarning.diff correct order of funtion arguments.
    .
      [ James Westby ]
      * This release allows the port to be specified as the name of the service
        when using gnutls-cli (closes: #342891)
    .
    gnutls13 (1.4.0-1) experimental; urgency=low
    .
      * New maintainer team. Thanks, Matthias for all the work you did.
      * Re-add gnutls-doc package, featuring api-reference as manual pages and
        html, and reference manual in html and pdf format.
        (closes: #368185,#368449)
      * Fix reference to gnutls0.4-doc package in debian/copyright. Update
        debian/copyright and include actual copyright statements.
        (closes: #369071)
      * Bump shlibs because of changes to extra.h
      * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
        generate the necessary directories.
      * Drop debian/NEWS.Debian as it only talks about the move of the (since
        purged) gnutls-doc package to contrib a long time ago.
        (Thanks Simon Josefsson, for these suggestions.)
      * new upstream version. (closes: #368323)
      * clean packaging against upstream tarball.
        - Drop all patches, except for fixing error in certtool.1 and setting
          gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
        - Add  --enable-ld-version-script
          to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
          patching ./configure.in.
        (closes: #367358)
      * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
      * Build against external libtasn1-3. (closes: #363294)
      * Standards-Version: 3.7.2, no changes required.
      * debian/control and override file are in sync with respect to Priority and
        Section, everthing except libgnutls13-dbg already was. (closes: #366956)
      * acknowledge my own NMU. (closes: #367065)
      * libgnutls13-dbg is nonempty (closes: #367056)
    .
    gnutls13 (1.3.5-1.1) unstable; urgency=low
    .
      * NMU
      * Invoke ./configure with --with-included-libtasn1 to prevent accidental
        linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
        contained libtasn1.so.3 and force gnutls13 to use the internal version of
        libtasn instead until libtasn1-3-dev is uploaded. Drop broken
        Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
      * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
        of --dbg-package=libgnutls12. (closes: #367056)
    .
    gnutls13 (1.3.5-1) unstable; urgency=low
    .
      * New Upstream version.
        - Security fix.
        - Yet another ABI change.
      * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
      * Let -dev package depend on liblzo-dev (closes:#347438)
      * Fix certtool help output (closes:#338623)
    .
    gnutls12 (1.2.9-2) unstable; urgency=low
    .
      * Install /usr/lib/pkgconfig/*.pc files.
      * Depend on texinfo (>= 4.8, for the @euro{} sign).
    .
    gnutls12 (1.2.9-1) unstable; urgency=low
    .
      * New Upstream version.
    .
    gnutls12 (1.2.8-1) unstable; urgency=low
    .
      * New Upstream version.
        - depends on libgcrypt11 1.2.2
      * Bumped shlibs version, just to be on the safe side.
    .
    gnutls12 (1.2.6-1) unstable; urgency=low
    .
      * New Upstream version.
      * Remove Provides: on libgnutls11-dev.
        Hopefully this will be temporary (pending discussion with Upstream).
    .
    gnutls12 (1.2.5-3) unstable; urgency=high
    .
      * Updated libgnutls12.shlibs file.
        Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
        Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                      dependencies on this library
    .
    gnutls12 (1.2.5-2) unstable; urgency=medium
    .
      * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
        Added an explicit dependency as a stopgap fix.
    .
    gnutls12 (1.2.5-1) unstable; urgency=low
    .
      * Merged with the latest stable release.
      * Renamed to gnutls12.
        - Changed the library version strings to GNUTLS_1_2.
        - Renamed the development package back to "libgnutls-dev".
    .
    gnutls11 (1.0.19-1) experimental; urgency=low
    .
      * Merged with the latest stable release.
    .
    gnutls11 (1.0.16-13) unstable; urgency=high
    .
      * Fixed an ASN.1 extraction error.
        Found by Pelle Johansson <morth@morth.org>.
    .
    gnutls11 (1.0.16-12) unstable; urgency=high
    .
      * Fixed a segfault in certtool. Closes: #278361.
    .
    gnutls11 (1.0.16-11) unstable; urgency=medium
    .
      * Merged binary (non-UF8) string printing code from Upstream.
      * Password code in certtool was somewhat broken.
    .
    gnutls11 (1.0.16-10) unstable; urgency=high
    .
      * Fixed one instance of uninitialized memory usage.
    .
    gnutls11 (1.0.16-9) unstable; urgency=high
    .
      * Pulled from Upstream CVS:
        - Fix two memory leaks.
        - Fix NULL dereference.
    .
    gnutls11 (1.0.16-8) unstable; urgency=high
    .
      * Pulled these changes from Upstream CVS:
        - Added default limits in the verification of certificate chains,
          to avoid denial of service attacks.
        - Added gnutls_certificate_set_verify_limits() to override them.
        - Added gnutls_certificate_verify_peers2().
    .
    gnutls11 (1.0.16-7) unstable; urgency=low
    .
      * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
        Thanks to joeyh@debian.org for reporting this problem.
    .
    gnutls11 (1.0.16-6) unstable; urgency=medium
    .
      * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
        - Closes: #264420
    .
    gnutls11 (1.0.16-5) unstable; urgency=low
    .
      * Depend on current libtasn1-2 (>= 0.2.10).
        - Closes: #264198.
      * Fixed maintainer email to point to Debian address.
    .
    gnutls11 (1.0.16-4) unstable; urgency=low
    .
      * The OpenSSL compatibility library has been linked incorrectly
        (-ltasn1 was missing).
      * Need to build-depend on current opencdk8 and libtasn1-2 version.
    .
    gnutls11 (1.0.16-3) unstable; urgency=high
    .
      * Documentation no longer includes LaTeX-produced output
        (the source contains latex2html-specific features, which is non-free).
      * Urgency: High because of pending base freeze.
    .
    gnutls11 (1.0.16-2) unstable; urgency=high
    .
      * Actually *enable* debug symbols :-/
      * Urgency: High for speedy inclusion in d-i
    .
    gnutls11 (1.0.16-1) experimental; urgency=low
    .
      * Update to latest Upstream version.
      * now depends on libgcrypt11
      * Include debugging package
      * Use hevea, not latex2html.
    .
    gnutls10 (1.0.4-4) unstable; urgency=low
    .
      * New maintainer.
      * Run autotools at source package build time.
        - Closes: #257237: FTBFS (i386/sid): aclocal failed
      * Remove "package is still changed upstream" warning.
      * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
    .
    gnutls10 (1.0.4-3) unstable; urgency=low
    .
      * control: Changed the build dependency and the dependency of
        libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
        libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
        could cause linking against two versions of libgcrypt.
    .
    gnutls10 (1.0.4-2) unstable; urgency=low
    .
      * libgnutls-doc.doc-base: Removed HTML manual listing.
      * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
        Jordi :)
    .
    gnutls10 (1.0.4-1) unstable; urgency=low
    .
      * New upstream release  (Closes: #227527)
          * The new documentation in libgnutls-doc fixes several typo's and
            style glitches:
            Closes: #215772: inconsistent auth method list in manual
            Closes: #215775: dangling footnote on page 14 of manual
            Closes: #215777: bad sentence on page 18 of manual
            Closes: #215780: incorrect info about ldaps/imaps in manual
      * rules:
          * Use --add-missing instead of --force in the call to automake.
          * Don't build gnutls.ps, use the upstream version.
            (Closes: #224846)
      * gnutls-bin.manpages: Use glob to find manpages.
      * patches/008_manpages.diff: Removed; included upstream.
    .
    gnutls10 (1.0.0-1) unstable; urgency=low
    .
      * New upstream release.
      * Major soversion changed to 10.
      * control: Changed build dependencies of libtasn1-dev.
      * libgnutls10.shlibs: Added libgnutls-openssl to the list.
    .
    gnutls8 (0.9.99-1) experimental; urgency=low
    .
      * New upstream release.
      * Included upstream GPG signature in .orig.tar.gz.
    .
    gnutls8 (0.9.98-1) experimental; urgency=low
    .
      * New upstream release.
      * debian/control: libgnutls8-dev depends on libopencdk8-dev.
      * debian/libgnutls-doc.examples: Install src/*.[ch].
    .
    gnutls8 (0.9.95-1) experimental; urgency=low
    .
      * New upstream version.
    .
    gnutls8 (0.9.94-1) experimental; urgency=low
    .
      * New upstream version; package based on gnutls7 0.8.12-2.
      * debian/control:
          * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
      * debian/rules: Run auto* after the patches have been applied.
    60452b47
  • Apertis CI's avatar
    571ece0b
  • Apertis CI's avatar
  • Apertis CI's avatar
  • Ariel D'Alessandro's avatar
  • Apertis CI's avatar
  • Ariel D'Alessandro's avatar
    d/apertis: Update copyright information · 65d6e205
    Ariel D'Alessandro authored
    Because of a recent change in the CI scan pipeline [0],
    `ci-license-scan` script is now handling the whitelist in a different
    way, generating copyright information for all files, even those
    whitelisted.
    
    A few directories (wildcard entries) might be reported with a different
    license now, so manual tweaking is required in these cases.
    
    [0] infrastructure/apertis-docker-images@a51aa6de
    
    
    
    Signed-off-by: default avatarAriel D'Alessandro <ariel.dalessandro@collabora.com>
    65d6e205
  • Ariel D'Alessandro's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.1-5 · bc81debd
    Andreas Metzler authored
    bc81debd
  • Apertis CI robot's avatar
    Merge updates from debian/bullseye · f91d5565
    Apertis CI robot authored
    f91d5565
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.1-5+deb11u1 · ce890b29
    Andreas Metzler authored
    ce890b29
  • Apertis CI robot's avatar
    Merge updates from debian/bullseye · 8d4f46ed
    Apertis CI robot authored
    8d4f46ed
  • Apertis CI robot's avatar
    8933c1fc
  • Apertis CI robot's avatar
  • Salvatore Bonaccorso's avatar
    23e0a2c9
  • Ritesh Raj Sarraf's avatar
    807cc5d4
  • Ritesh Raj Sarraf's avatar
    Add test file patch to whitelist · f53a532b
    Ritesh Raj Sarraf authored
    
    Because this patch is licensed GPL-3+, it only generates a testcase
    
    Signed-off-by: default avatarRitesh Raj Sarraf <ritesh.sarraf@collabora.com>
    f53a532b
  • Ritesh Raj Sarraf's avatar
    Release gnutls28 version 3.7.1-5+deb11u2+apertis0 · cb37328a
    Ritesh Raj Sarraf authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
    cb37328a
  • Ritesh Raj Sarraf's avatar
  • Walter Lozano's avatar
    Enable long copyright · 7171f193
    Walter Lozano authored
    
    In order to avoid using wildcards on copyright report enable full
    copyright. This allows to create a more accurate license configuration
    and overcomes difficulties when trying to match copyrights with binaries
    on image generation.
    
    Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
    7171f193
  • Walter Lozano's avatar
    Adjust license configuration after long copyright · a05bef49
    Walter Lozano authored
    
    After enabling full copyright remove unneded entries which may lead to hide
    license issues.
    
    Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
    a05bef49
  • Walter Lozano's avatar
  • Walter Lozano's avatar
  • Apertis CI's avatar
    Import Upstream version 3.7.9 · 6fa315bb
    Apertis CI authored
    6fa315bb
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-1 · 991901c8
    Andreas Metzler authored
    991901c8
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 7cca426c
    Apertis CI robot authored
    7cca426c
  • Apertis CI robot's avatar
    f820cb12
  • Walter Lozano's avatar
    Update license scan configuration · 06c2ec12
    Walter Lozano authored
    
    Update the license scan configuration after the update of the package.
    
    Signed-off-by: default avatarWalter Lozano <walter.lozano@collabora.com>
    06c2ec12
  • Walter Lozano's avatar
    13c265af
  • Walter Lozano's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2 · 461fbb10
    Andreas Metzler authored
    461fbb10
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 3ca1c6f4
    Apertis CI robot authored
    3ca1c6f4
  • Apertis CI robot's avatar
    4c774c01
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2+deb12u1 · 0d6cba40
    Andreas Metzler authored
    0d6cba40
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 70d19d31
    Apertis CI robot authored
    70d19d31
  • Apertis CI robot's avatar
    73a66aa7
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2+deb12u2 · 70d844b5
    Andreas Metzler authored
    70d844b5
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · 56d34551
    Apertis CI robot authored
    56d34551
  • Apertis CI robot's avatar
    0ef6635f
  • Apertis CI robot's avatar
  • Andreas Metzler's avatar
    Import Debian changes 3.7.9-2+deb12u3 · 6190fa4e
    Andreas Metzler authored
    6190fa4e
  • Apertis CI robot's avatar
    Merge updates from debian/bookworm · d6e55900
    Apertis CI robot authored
    d6e55900
  • Apertis CI robot's avatar
    7a2a17f4
  • Apertis CI robot's avatar
Andreas Metzler <ametzler@debian.org> <ametzler@bebt.de>
Andreas Metzler <ametzler@debian.org> <ametzler@downhill.at.eu.org>
Andreas Metzler <ametzler@debian.org> <gitlab@bebt.de>
Daiki Ueno <ueno@gnu.org> <dueno@redhat.com>
Daiki Ueno <ueno@gnu.org> <ueno@redhat.com>
Daiki Ueno <ueno@gnu.org> <ueno@unixuser.org>
David Woodhouse <dwmw2@infradead.org> <david.woodhouse@intel.com>
František Krenželok <krenzelok.frantisek@gmail.com>
Giuseppe Scrivano <gscrivano@gnu.org> <giuseppe@southpole.se>
Ludovic Courtès <ludo@gnu.org>
Ludovic Courtès <ludo@gnu.org> <ludo@chbouib.org>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nikos@esat.kuleuven.be>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nikos@thingfish.esat.kuleuven.be>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@crystal.(none)>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@redhat.com>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@turtle.(none)>
Simon Josefsson <jas@josefsson.org> <jas@mocca.josefsson.org>
Simon Josefsson <jas@josefsson.org> <simon@josefsson.org>
Stefan Berger <stefanb@linux.ibm.com> <stefanb@linux.vnet.ibm.com>
Stef Walter <stefw@redhat.com> <stefw@collabora.co.uk>
Tim Rühsen <tim.ruehsen@gmx.de> Tim Ruehsen <tim.ruehsen@gmx.de>
Tom Vrancken <dev@tomvrancken.nl> <email@tomvrancken.nl>
Dmitry Baryshkov <dbaryshkov@gmail.com>
......@@ -8,30 +8,33 @@ Tim Rühsen <tim.ruehsen at gmx.de>
Ludovic Courtès <ludo at gnu.org>
Timo Schulz <twoaday at gnutls.org>
Jonathan Bastien-Filiatrault <joe at x2a.org>
Alon Bar-Lev <alon.barlev at gmail.com>
Andreas Metzler <ametzler at debian.org>
Alon Bar-Lev <alon.barlev at gmail.com>
Alexander Sosedkin <asosedkin at redhat.com>
Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Tom Vrancken <dev at tomvrancken.nl>
Zoltan Fridrich <zfridric at redhat.com>
Martin Storsjo <martin at martin.st>
Tim Kosse <tim.kosse at filezilla-project.org>
Simo Sorce <simo at redhat.com>
Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Fabian Keil <fk at fabiankeil.de>
Fabio Fiorina <fiorinaf at gnutls.org>
Stef Walter <stefw at redhat.com>
Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
Armin Burgmeier <armin at arbur.net>
František Krenželok <krenzelok.frantisek at gmail.com>
Andrew McDonald <admcd at gnutls.org>
Alex Gaynor <alex.gaynor at gmail.com>
Fiona Klute <fiona.klute at gmx.de>
Alex Gaynor <alex.gaynor at gmail.com>
Ander Juaristi <a at juaristi.eus>
Martin Ukrop <mukrop at redhat.com>
Jaak Ristioja <jaak.ristioja at cyber.ee>
Attila Molnar <attilamolnar at hush.com>
Hugo Beauzée-Luyssen <hugo at beauzee.fr>
Stefan Berger <stefanb at linux.ibm.com>
Steve Lhomme <robux4 at ycbcr.xyz>
Jakub Jelen <jjelen at redhat.com>
Martin Sucha <anty.sk+git at gmail.com>
Steve Lhomme <robux4 at ycbcr.xyz>
Ander Juaristi <a at juaristi.eus>
David Woodhouse <dwmw2 at infradead.org>
Jan Vcelak <jan.vcelak at nic.cz>
Kevin Cernekee <cernekee at gmail.com>
......@@ -41,69 +44,80 @@ Michael Catanzaro <mcatanzaro at gnome.org>
Daniel Lenski <dlenski at gmail.com>
JonasZhou <JonasZhou at zhaoxin.com>
Stefan Sørensen <stefan.sorensen at spectralink.com>
Tobias Heider <tobias.heider at canonical.com>
Adam Sampson <ats at offog.org>
Alfredo Pironti <alfredo at pironti.eu>
Brad Hards <bradh at frogmouth.net>
Dimitri John Ledkov <xnox at ubuntu.com>
Hubert Kario <hkario at redhat.com>
Michael Weiser <michael.weiser at gmx.de>
Patrick Pelletier <code at funwithsoftware.org>
Rolf Eike Beer <eike at sf-mail.de>
Ruslan N. Marchenko <me at ruff.mobi>
Sjoerd Simons <sjoerd.simons at collabora.co.uk>
Stefan Bühler <stbuehler at web.de>
Thomas Klute <thomas2.klute at uni-dortmund.de>
Wolfgang Meyer zu Bergsten <w.bergsten at sirrix.com>
Andreas Metzler <gitlab at bebt.de>
Christian Grothoff <christian at grothoff.org>
Daniel P. Berrange <berrange at redhat.com>
Evgeny Grin <k2k at narod.ru>
Gustavo Zacarias <gustavo at zacarias.com.ar>
James Bottomley <James.Bottomley at HansenPartnership.com>
Jiří Klimeš <jklimes at redhat.com>
Karsten Ohme <k_o_ at users.sourceforge.net>
Kurt Roeckx <kurt at roeckx.be>
Peter Wu <peter at lekensteyn.nl>
Stanislav Zidek <szidek at redhat.com>
Stephan Mueller <smueller at chronox.de>
Thierry Quemerais <tquemerais at awox.com>
Tom Carroll <incentivedesign at gmail.com>
Vitezslav Cizek <vcizek at suse.com>
Alessandro Ghedini <alessandro at ghedini.me>
Alex Monk <krenair at gmail.com>
Benjamin Herrenschmidt <benh at kernel.crashing.org>
Bernhard M. Wiedemann <bwiedemann at suse.de>
Craig Gallek <cgallek at gmail.com>
David Caldwell <david at porkrind.org>
Diego Elio Pettenò <flameeyes at flameeyes.eu>
Elta Koepp <alexi_2019 at protonmail.com>
Fabrice Fontaine <fontaine.fabrice at gmail.com>
Giuseppe Scrivano <gscrivano at gnu.org>
Hubert Kario <hkario at redhat.com>
Ilya Tumaykin <itumaykin at gmail.com>
Karl Tarbe <karl.tarbe at cyber.ee>
Ke Zhao <kzhao at redhat.com>
Leonardo Bras <leobras.c at gmail.com>
Mark Brand <mabrand at mabrand.nl>
Matthias-Christian Ott <ott at mirix.org>
Maya Rashish <coypu at sdf.org>
Michael Catanzaro <mcatanzaro at igalia.com>
Michał Górny <mgorny at gentoo.org>
Miroslav Lichvar <mlichvar at redhat.com>
Pedro Monreal <pmgdeb at gmail.com>
Pedro Monreal <pmonrealgonzalez at suse.de>
Petr Písař <petr.pisar at atlas.cz>
Pierre Ossman <ossman at cendio.se>
Roman Bogorodskiy <bogorodskiy at gmail.com>
Sam James <sam at gentoo.org>
Simon South <simon at simonsouth.net>
Steffen Jaeckel <jaeckel-floss at eyet-services.de>
Stephan Mueller <smueller at chronox.de>
Steve Dispensa <dispensa at phonefactor.com>
nia <nia at NetBSD.org>
raspa0 <raspa0 at protonmail.com>
Airtower <fiona.klute at gmx.de>
Alban Crequy <alban.crequy at collabora.co.uk>
Albrecht Dreß <albrecht.dress at arcor.de>
Aleksei Nikiforov <darktemplar at basealt.ru>
Alexander Kanavin <alex.kanavin at gmail.com>
Alexander Sosedkin <asosedkin at redhat.com>
Alexandre Bique <bique.alexandre at gmail.com>
Anderson Sasaki <ansasaki at redhat.com>
Andreas Schneider <asn at samba.org>
Andreas Schwab <schwab at suse.de>
Asad Mehmood <asad78611 at googlemail.com>
Avinash Sonawane <rootkea at gmail.com>
Bas van Schaik <gitlab.com at s.traiectum.net>
Bjoern Jacke <bjacke at samba.org>
Björn Jacke <bjacke at samba.org>
Bjørn Christensen <bhc at insight.dk>
Brad Smith <brad at comstyle.com>
Brian Wickman <bwickman97 at outlook.com>
Carolin Latze <latze at angry-red-pla.net>
Chen Hongzhi <hongzhi.chen at me.com>
Chris Barry <chris at barry.im>
......@@ -112,17 +126,21 @@ Dan Fandrich <dan at coneharvesters.com>
Daniel Schaefer <git at danielschaefer.me>
David Walker <david.walker at vcatechnology.com>
David Weber <dave at veryflatcat.com>
Dimitris Apostolou <dimitris.apostolou at icloud.com>
Dmitriy Tsvettsikh <dmitrycvet at gmail.com>
Dosenpfand <m at sad.bz>
Doug Nazar <nazard at nazar.ca>
Edward Stangler <estangler at bradmark.com>
Elias Pipping <pipping at exherbo.org>
Elta Koepp <elta_koepp at gmail.com>
Evgeny Grin <k2k at narod.ru>
Frank Morgner <morgner at informatik.hu-berlin.de>
Gregor Jasny <gjasny at googlemail.com>
Günther Deschner <gd at samba.org>
Hani Benhabiles <kroosec at gmail.com>
Hannes Reinecke <hare at suse.de>
Hans Leidekker <hans at codeweavers.com>
Ilya V. Matveychikov <i.matveychikov at securitycode.ru>
Jan Palus <jpalus at fastmail.com>
Jared Wong <jaredlwong at gmail.com>
Jason Spafford <nullprogrammer at gmail.com>
Jay Foad <jay.foad at gmail.com>
......@@ -130,7 +148,6 @@ Jeffrey Walton <noloader at gmail.com>
Jens Lechtenboerger <jens.lechtenboerger at fsfe.org>
Jussi Kukkonen <jussi.kukkonen at intel.com>
Kenneth J. Miller <ken at miller.ec>
KrenzelokFrantisek <krenzelok.frantisek at gmail.com>
Lei Maohui <leimaohui at cn.fujitsu.com>
Lili Quan <13132239506 at 163.com>
Lucas Fisher <lucas.fisher at gmail.com>
......@@ -144,11 +161,13 @@ Marcus Meissner <meissner at suse.de>
Marga Manterola <marga at google.com>
Marius Bakke <mbakke at fastmail.com>
Marti Raudsepp <marti at juffo.org>
Marvin Scholz <epirat07 at gmail.com>
Matt Turner <mattst88 at gmail.com>
Matt Whitlock <matt at whitlock.name>
Micah Anderson <micah at riseup.net>
Miroslav Lichvar <mlichvar at redhat.com>
Michael Catanzaro <mcatanzaro at redhat.com>
Nick Alcock <nick.alcock at oracle.com>
Nick Child <nick.child at ibm.com>
Nicolas Dufresne <nicolas.dufresne at collabora.com>
Nils Maier <maierman at web.de>
Norbert Pocs <npocs at redhat.com>
......@@ -162,6 +181,7 @@ Raj Raman <rajramanca at gmail.com>
Remi Olivier <remi_8 at hotmail.com>
Rical Jasan <ricaljasan at pacific.net>
Ricardo M. Correia <rcorreia at wizy.org>
Richard Costa <richard.costa at suse.com>
Rickard Bellgrim <rickard at opendnssec.org>
Robert Scheck <robert at fedoraproject.org>
Roberto Newmon <robertonewmon at fake-box.com>
......@@ -169,11 +189,11 @@ Ross Nicholson <phunkyfish at gmail.com>
Rowan Thorpe <rowan at rowanthorpe.com>
SUMIT AGGARWAL <aggarwal.s at samsung.com>
Sadie Powell <sadie at witchery.services>
Sahana Prasad <sahana.prasad07 at gmail.com>
Saurav Babu <saurav.babu at samsung.com>
Sebastian Dröge <sebastian at centricular.com>
Seppo Yli-Olli <seppo.yliolli at gmail.com>
Simon Arlott <sa.me.uk>
Stanislav Zidek <szidek at redhat.com>
Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com>
Thomas Klausner <wiz at NetBSD.org>
Tobias Polzer <tobias.polzer at fau.de>
Tomas Hoger <thoger at redhat.com>
......@@ -191,17 +211,19 @@ The translators list is autogenerated from po file history
Anders Jonsson
Benno Schulenberg
Cristian Othón Martínez Vera
Felipe Castro
Francisco Javier Serrador
Jakub Bogusz
Jorma Karvonen
Mario Blättermann
Milo Casagrande
Mingye Wang (Arthur2e5)
Petr Pisar
Rafael Fontenelle
Roland Illig
Remus-Gabriel Chelu
Sharuzzaman Ahmat Raslan
Stéphane Aulery
Temuri Doghonadze
Trần Ngọc Quân
Yuri Chornoivan
Мирослав Николић
......@@ -157,8 +157,25 @@ As such, some questions to answer before adding a new API:
13.0 is made available? Would it harm the addition of a new protocol?
The make rule 'abi-check' verifies that the ABI remained compatible since
the last tagged release. It relies on the git tree and abi-compliance-checker.
The make rule 'abi-check' verifies that the ABI remained compatible
since the last tagged release, which is maintained in a separate
[abi-dump](https://gitlab.com/gnutls/abi-dump) repository. This
repository shall be updated upon each release if any changes are
introduced in the ABI.
To add new API during development cycle, follow the steps below:
0. If there is no section in [lib/libgnutls.map](lib/libgnutls.map),
corresponding to the next release, add it, deriving from the
previous interface
1. Add new symbols in that section
2. Run `make abi-check-latest`; this will report differences as
errors. Edit the last section of
[devel/libgnutls.abignore](devel/libgnutls.abignore) to suppress
them.
When a new version is released and the abi-dump repository is updated,
the section will be cleared.
The above do not apply to the C++ library; this library's ABI should not
be considered stable.
......@@ -403,6 +420,12 @@ or adding new command line options to tools you need to run 'make
files-update', review the output (when feasible) and commit it separately,
e.g., with a message: "auto-generated files update".
The 'files-update' rule also regenerates the ABI dump files (.abi), used by
the 'abi-check' rule to ensure library ABI compatibility. To make it easier
to track actual changes to be made in those files, a git external diff
driver is provided as `devel/git-abidiff-gnutls`. See the comment in the
file for the instruction.
# Guile bindings:
......
This diff is collapsed.
......@@ -5,7 +5,7 @@
# It is necessary if you want to build targets usually of interest
# only to the maintainer.
# Copyright (C) 2001, 2003, 2006-2020 Free Software Foundation, Inc.
# Copyright (C) 2001, 2003, 2006-2021 Free Software Foundation, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
......
......@@ -31,9 +31,10 @@ by running './configure --help'.
sudo make install
```
The commands above build and install the static archive (libgnutls.a),
the shared object (libgnutls.so), and additional binaries such as certtool
and gnutls-cli.
The commands above build and install the shared object (libgnutls.so),
and additional binaries such as certtool and gnutls-cli. To build the
static archive (libgnutls.a), add --enable-static to the `./configure`
command.
The library depends on libnettle and gmplib.
* gmplib: for big number arithmetic, https://gmplib.org/
......
......@@ -57,18 +57,20 @@ if ENABLE_DOC
SUBDIRS += doc
endif
ACLOCAL_AMFLAGS = -I m4 -I src/libopts/m4 -I src/gl/m4 -I lib/unistring/m4 --install
ACLOCAL_AMFLAGS = -I m4 -I src/gl/m4 -I lib/unistring/m4 --install
EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \
ChangeLog THANKS INSTALL.md RELEASES.md
ChangeLog THANKS INSTALL.md RELEASES.md .mailmap
DISTCLEANFILES = AUTHORS
AUTHORS:
@echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS
@git shortlog -sen| cut -f 2 | sed 's/@/ at /g' >> AUTHORS
@echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS
@sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS
AUTHORS: Makefile.am .mailmap
$(AM_V_GEN) { \
echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n"; \
git shortlog -sen --no-merges --group author --group trailer:co-authored-by | cut -f 2 | sed 's/@/ at /g'; \
echo -e "\n\nThe translators list is autogenerated from po file history\n"; \
sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u; \
} > $@-t && mv $@-t $@
pic-check:
@echo "Checking for position dependent code"
......@@ -77,18 +79,18 @@ pic-check:
false; \
fi
ABIDW_COMMON = --no-show-locs --no-corpus-path
ABIDW_COMMON = --drop-private-types --no-show-locs --no-corpus-path
ABIGNORE_FILE = "$(top_srcdir)/devel/libgnutls.abignore"
SYMBOLS_LAST_FILE = "$(top_srcdir)/devel/symbols.last"
LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/libgnutls-latest-$$(uname -m).abi"
LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/libdane-latest-$$(uname -m).abi"
LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/abi-dump/libgnutls-latest-$$(uname -m).abi"
LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/abi-dump/libdane-latest-$$(uname -m).abi"
abi-dump-versioned: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "**************************************************************************"
@echo "Generating versioned ABI files of current gnutls and gnutls-dane libraries"
@echo "**************************************************************************"
@abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/libgnutls-$(VERSION)-$$(uname -m).abi"
@abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/libdane-$(VERSION)-$$(uname -m).abi"
@abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/abi-dump/libgnutls-$(VERSION)-$$(uname -m).abi"
@abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/abi-dump/libdane-$(VERSION)-$$(uname -m).abi"
abi-dump-latest: lib/libgnutls.la libdane/libgnutls-dane.la
@echo "****************************************************************"
......@@ -121,7 +123,7 @@ abi-check-latest: lib/libgnutls.la libdane/libgnutls-dane.la
ABICHECK_COMMON = --no-added-syms
abi-check: lib/libgnutls.la libdane/libgnutls-dane.la
@for file in $$(echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \
@for file in $$(echo $(srcdir)/devel/abi-dump/libgnutls-*-$$(uname -m).abi);do \
echo "Comparing libgnutls with $$file"; \
abidiff $${file} lib/.libs/libgnutls.so $(ABICHECK_COMMON) --suppressions $(ABIGNORE_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/" --hd2 $(builddir)/lib/includes/gnutls/; \
if test $$? != 0;then \
......@@ -131,7 +133,7 @@ abi-check: lib/libgnutls.la libdane/libgnutls-dane.la
exit 1; \
fi; \
done
@for file in $$(echo $(srcdir)/devel/libdane-*-$$(uname -m).abi);do \
@for file in $$(echo $(srcdir)/devel/abi-dump/libdane-*-$$(uname -m).abi);do \
echo "Comparing libgnutls-dane with $$file"; \
abidiff $${file} libdane/.libs/libgnutls-dane.so $(ABICHECK_COMMON) --hd2 "$(srcdir)/libdane/includes/gnutls/" --hd2 $(builddir)/lib/includes/gnutls/; \
if test $$? != 0;then \
......@@ -178,14 +180,7 @@ distclean-local: code-coverage-dist-clean
local-code-coverage-output: code-coverage-capture
cat GnuTLS-$(VERSION)-coverage/index.html|grep headerCovTableEntry|grep '%'|head -1|sed 's/^.*>\([0-9]\+\.[0-9]\+\s*%\)<.*$$/ coverage lines: \1/' || true
libopts-check:
@echo "*****************************************************************"
@echo "Checking whether included libopts matches the system's. If the"
@echo "check fails upgrade the included libopts."
@echo "*****************************************************************"
test "`autoopts-config libsrc|awk -F '-' '{print $$NF}'|sed 's/.tar.gz//'`" = "`cat $(srcdir)/src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`"
files-update: libopts-check abi-dump-latest
files-update:
$(MAKE) -C doc/ compare-makefile || mv doc/tmp-compare-makefile $(srcdir)/doc/Makefile.am
$(MAKE) -C doc/manpages compare-makefile || mv doc/manpages/tmp-compare-makefile $(srcdir)/doc/manpages/Makefile.am
$(MAKE) -C . symbol-check || mv symbols.last.tmp $(SYMBOLS_LAST_FILE)
......@@ -193,7 +188,7 @@ files-update: libopts-check abi-dump-latest
@echo "updated auto-generated files; please use git diff to verify the correctness of the changes"
@echo "******************************************************************************************"
dist-hook: libopts-check
dist-hook:
$(PKG_CONFIG) --atleast-version=2.2.0 guile-2.2
if test -d "$(top_srcdir)/devel";then \
$(MAKE) -C $(top_srcdir) symbol-check && \
......@@ -206,4 +201,7 @@ dist-hook: libopts-check
mv ChangeLog $(distdir)
touch -c $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update libopts-check AUTHORS
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update AUTHORS
include $(top_srcdir)/cligen/cligen.mk
noinst_PYTHON = $(cligen_sources)
This diff is collapsed.
......@@ -5,6 +5,302 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
See the end for copying conditions.
* Version 3.7.9 (released 2023-02-09)
** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
** API and ABI modifications:
No changes since last version.
* Version 3.7.8 (released 2022-09-27)
** libgnutls: In FIPS140 mode, RSA signature verification is an approved
operation if the key has modulus with known sizes (1024, 1280,
1536, and 1792 bits), in addition to any modulus sizes larger than
2048 bits, according to SP800-131A rev2.
** libgnutls: gnutls_session_channel_binding performs additional checks when
GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
"tls-exporter" channel binding is only usable when the handshake is
bound to a unique master secret (i.e., either TLS 1.3 or extended
master secret extension is negotiated). Otherwise the function now
returns error.
** libgnutls: usage of the following functions, which are designed to
loosen restrictions imposed by allowlisting mode of configuration,
has been additionally restricted. Invoking them is now only allowed
if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled
** API and ABI modifications:
No changes since last version.
* Version 3.7.7 (released 2022-07-28)
** libgnutls: Fixed double free during verification of pkcs7 signatures.
Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium]
[CVE-2022-2509]
** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
equal to 255 times hash digest size, to comply with RFC 5869 2.3.
** libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters (#1323).
** libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
** libgnutls: New block cipher functions have been added to transparently
handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
add/remove padding if the length of the original plaintext is not a multiple
of the block size.
** libgnutls: New function for manual FIPS self-testing.
** API and ABI modifications:
gnutls_fips140_run_self_tests: New function
gnutls_cipher_encrypt3: New function
gnutls_cipher_decrypt3: New function
gnutls_cipher_padding_flags_t: New enum
** guile: Guile 1.8 is no longer supported
** guile: Session record port treats premature termination as EOF
Previously, a ‘gnutls-error’ exception with the
‘error/premature-termination’ value would be thrown while reading from a
session record port when the underlying session was terminated
prematurely. This was inconvenient since users of the port may not be
prepared to handle such an exception.
Reading from the session record port now returns the end-of-file object
instead of throwing an exception, just like it would for a proper
session termination.
** guile: Session record ports can have a ‘close’ procedure.
The ‘session-record-port’ procedure now takes an optional second
parameter, and a new ‘set-session-record-port-close!’ procedure is
provided to specify a ‘close’ procedure for a session record port.
This ‘close’ procedure lets users specify cleanup operations for when
the port is closed, such as closing the file descriptor or port that
backs the underlying session.
* Version 3.7.6 (released 2022-05-27)
** libgnutls: Fixed invalid write when gnutls_realloc_zero()
is called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc (!1592, #1367, #1368, #1369).
** API and ABI modifications:
No changes since last version.
* Version 3.7.5 (released 2022-05-15)
** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority
modifier have been added to disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy (#477). On the other hand, since session
tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now
only disables session tickets in TLS 1.2. Future backward incompatibility:
in the next major release of GnuTLS, we plan to remove those flag and
modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2.
** gnutls-cli, gnutls-serv: Channel binding for printing information
has been changed from tls-unique to tls-exporter as tls-unique is
not supported in TLS 1.3.
** libgnutls: Certificate sanity checks has been enhanced to make
gnutls more RFC 5280 compliant (!1583).
Following changes were included:
- critical extensions are parsed when loading x509
certificate to prohibit any random octet strings.
Requires strict-x509 configure option to be enabled
- garbage bits in Key Usage extension are prohibited
- empty DirectoryStrings in Distinguished name structures
of Issuer and Subject name are prohibited
** libgnutls: Removed 3DES from FIPS approved algorithms (#1353).
According to the section 2 of SP800-131A Rev.2, 3DES algorithm
will be disallowed for encryption after December 31, 2023:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312).
The existing AEAD API that works in a scatter-gather fashion
(gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
For further optimization, new function (gnutls_aead_cipher_set_key) has been
added to set key on the existing AEAD handle without re-allocation.
** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode
when used in TLS (#1311).
** The configure arguments for Brotli and Zstandard (zstd) support
have changed to reflect the previous help text: they are now
--with-brotli/--with-zstd respectively (#1342).
** Detecting the Zstandard (zstd) library in configure has been
fixed (#1343).
** API and ABI modifications:
GNUTLS_NO_TICKETS_TLS12: New flag
gnutls_aead_cipher_set_key: New function
* Version 3.7.4 (released 2022-03-17)
** libgnutls: Added support for certificate compression as defined in RFC8879
(#1301). New API functions (gnutls_compress_certificate_get_selected_method
and gnutls_compress_certificate_set_methods) allow client and server to set
their preferences.
** certtool: Added option --compress-cert that allows user to specify
compression methods for certificate compression.
** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure
option to enforce stricter certificate sanity checks that are compliant with
RFC5280.
** libgnutls: Removed IA5String type from DirectoryString within issuer
and subject name to make DirectoryString RFC5280 compliant.
** libgnutls: Added function (gnutls_record_send_file) to send file content from
open file descriptor (!1486). The implementation is optimized if KTLS (kernel
TLS) is enabled.
** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name of
current ciphersuite from TLS session (#1291).
** libgnutls: The run-time dependency on tpm2-tss is now re-implemented using
dlopen, so GnuTLS does not indirectly link to other crypto libraries until
TPM2 functionality is utilized (!1544).
** API and ABI modifications:
GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
gnutls_compress_certificate_get_selected_method: Added
gnutls_compress_certificate_set_methods: Added
gnutls_ciphersuite_get: New function
gnutls_record_send_file: New function
libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1
* Version 3.7.3 (released 2022-01-17)
** libgnutls: The allowlisting configuration mode has been added to the system-wide
settings. In this mode, all the algorithms are initially marked as insecure
or disabled, while the applications can re-enable them either through the
[overrides] section of the configuration file or the new API (#1172).
** The build infrastructure no longer depends on GNU AutoGen for generating
command-line option handling, template file parsing in certtool, and
documentation generation (#773, #774). This change also removes run-time or
bundled dependency on the libopts library, and requires Python 3.6 or later
to regenerate the distribution tarball.
Note that this brings in known backward incompatibility in command-line
tools, such as long options are now case sensitive, while previously they
were treated in a case insensitive manner: for example --RSA is no longer a
valid option of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and
used as a gnutls_privkey_t (#594). The code was originally written for the
OpenConnect VPN project by David Woodhouse. To generate such blobs, use the
tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
** libgnutls: The library now transparently enables Linux KTLS
(kernel TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls back
to the user space implementation.
** certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
** certtool: The certtool command can now generate, manipulate, and evaluate
x25519 and x448 public keys, private keys, and certificates.
** libgnutls: Disabling a hashing algorithm through "insecure-hash"
configuration directive now also disables TLS ciphersuites that use it as a
PRF algorithm.
** libgnutls: PKCS#12 files are now created with modern algorithms by default
(!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and
HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
default PBKDF2 iteration count has been increased to 600000.
** libgnutls: PKCS#12 keys derived using GOST algorithm now uses
HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to
conform with the latest TC-26 requirements (#1225).
** libgnutls: The library now provides a means to report the status of approved
cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this
complements the existing mechanism to prohibit the use of unapproved
algorithms by making the library unusable state.
** gnutls-cli: The gnutls-cli command now provides a --list-config option to
print the library configuration (!1508).
** libgnutls: Fixed possible race condition in
gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared
among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low]
** API and ABI modifications:
GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t
GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags
gnutls_ecc_curve_set_enabled: Added.
gnutls_sign_set_secure: Added.
gnutls_sign_set_secure_for_certs: Added.
gnutls_digest_set_secure: Added.
gnutls_protocol_set_enabled: Added.
gnutls_fips140_context_init: New function
gnutls_fips140_context_deinit: New function
gnutls_fips140_push_context: New function
gnutls_fips140_pop_context: New function
gnutls_fips140_get_operation_state: New function
gnutls_fips140_operation_state_t: New enum
gnutls_transport_is_ktls_enabled: New function
gnutls_get_library_configuration: New function
* Version 3.7.2 (released 2021-05-29)
** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
to disable TLS 1.3 middlebox compatibility mode
** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
This can be enabled with --enable-afalg configure option, when libkcapi
package is installed (#308).
** libgnutls: Fixed timing of early data exchange. Previously, the client was
sending early data after receiving Server Hello, which not only negates the
benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
same ciphersuite is selected in initial and resumption handshake) (#1146).
** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
copied from the signing CA by default (#1126).
** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
deprecated and will be removed in the future releases.
** certtool: When producing certificates and certificate requests, subject DN
components that are provided individually will now be ordered by
assumed scale (e.g. Country before State, Organization before
OrganizationalUnit). This change also affects the order in which
certtool prompts interactively. Please rely on the template
mechanism for automated use of certtool! (#1243)
** API and ABI modifications:
gnutls_early_cipher_get: Added
gnutls_early_prf_hash_get: Added
** guile: Writes to a session record port no longer throw an exception upon
GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
* Version 3.7.1 (released 2021-03-10)
** libgnutls: Fixed potential use-after-free in sending "key_share"
......
This diff is collapsed.
This diff is collapsed.
# aminclude_static.am generated automatically by Autoconf
# from AX_AM_MACROS_STATIC on Wed Mar 10 12:51:43 CET 2021
# from AX_AM_MACROS_STATIC on Thu Feb 9 15:04:43 CET 2023
# Code coverage
......@@ -60,7 +60,7 @@ CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=$(if $(CODE_COVERAGE_BRANCH_COVERAGE),--
CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
CODE_COVERAGE_IGNORE_PATTERN ?=
GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
GITIGNOREFILES := $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V))
code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY))
code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE);
......@@ -97,7 +97,7 @@ code-coverage-clean:
code-coverage-dist-clean:
AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
AM_DISTCHECK_CONFIGURE_FLAGS := $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
else # ifneq ($(abs_builddir), $(abs_top_builddir))
check-code-coverage:
......
......@@ -4,7 +4,7 @@
me=ar-lib
scriptversion=2019-07-04.01; # UTC
# Copyright (C) 2010-2020 Free Software Foundation, Inc.
# Copyright (C) 2010-2021 Free Software Foundation, Inc.
# Written by Peter Rosin <peda@lysator.liu.se>.
#
# This program is free software; you can redistribute it and/or modify
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.