diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:14 +0000 |
| commit | 99db386956013535171c924df0cfc024f2197339 (patch) | |
| tree | 002b011f06152f99888cabf1cc528c1d53da17a9 | |
| parent | Adding upstream version 3.7.9. (diff) | |
| download | gnutls28-99db386956013535171c924df0cfc024f2197339.tar.xz gnutls28-99db386956013535171c924df0cfc024f2197339.zip | |
Adding debian version 3.7.9-2+deb12u2.debian/3.7.9-2+deb12u2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
46 files changed, 11316 insertions, 0 deletions
diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..b7ce9ba --- /dev/null +++ b/debian/README.source @@ -0,0 +1,6 @@ +Rebuilding PDF documentation: + +apt-get install texlive-latex-base texlive-fonts-recommended \ + texlive-generic-recommended + +make pdf diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..34bc950 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,4183 @@ +gnutls28 (3.7.9-2+deb12u2) bookworm; urgency=medium + + * Cherrypick two CVE fixes from 3.8.3: + Fix assertion failure when verifying a certificate chain with a cycle of + cross signatures. CVE-2024-0567 GNUTLS-SA-2024-01-09 Closes: #1061045 + Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553 + GNUTLS-SA-2024-01-14 Closes: #1061046 + + -- Andreas Metzler <ametzler@debian.org> Fri, 19 Jan 2024 18:28:37 +0100 + +gnutls28 (3.7.9-2+deb12u1) bookworm; urgency=medium + + * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel + in RSA-PSK key exchange) from 3.8.2. Closes: #1056188 + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Nov 2023 07:50:48 +0100 + +gnutls28 (3.7.9-2) unstable; urgency=medium + + * CI: Do not try to run tests/ktls.sh, it uses a helper binary. (Plus gnutls + is not built with ktls support on Debian yet.) Closes: #1034350 + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Apr 2023 13:45:57 +0200 + +gnutls28 (3.7.9-1) unstable; urgency=medium + + * Drop unused lintian override. + * New upstream version. + + Drop cherrypicked patches. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Feb 2023 07:00:58 +0100 + +gnutls28 (3.7.8-5) unstable; urgency=high + + [ Debian Janitor ] + * Remove constraints unnecessary since buster (oldstable): + + Build-Depends: Drop versioned constraint on libp11-kit-dev, + libtasn1-6-dev, libunbound-dev and libunistring-dev. + + Build-Depends-Indep: Drop versioned constraint on texinfo. + + libgnutls28-dev: Drop versioned constraint on libp11-kit-dev in Depends. + + [ Andreas Metzler ] + * 55_01-auth-rsa-side-step-potential-side-channel.patch + 55_02-rsa-remove-dead-code.patch 55_03-document-the-CVE-fix.patch: + Effectively update to 3.7.9, fixing GNUTLS-SA-2020-07-14 / CVE-2023-0361 + + -- Andreas Metzler <ametzler@debian.org> Fri, 10 Feb 2023 07:29:17 +0100 + +gnutls28 (3.7.8-4) unstable; urgency=low + + * Replace 50_Fix-removal-of-duplicate-certs-during-verification.patch with + version merged to upstream GIT master. Add + 51_add-gnulib-linkedhash-list-module.diff since the new patch uses + gnulib's linkedhash-list module. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 31 Oct 2022 18:10:09 +0100 + +gnutls28 (3.7.8-3) experimental; urgency=low + + * 50_Fix-removal-of-duplicate-certs-during-verification.patch frpm + https://gitlab.com/gnutls/gnutls/-/merge_requests/1653 fixes chain + verification error on duplicate server cert in chain. + Closes: #1007138 + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2022 13:51:15 +0200 + +gnutls28 (3.7.8-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Oct 2022 13:28:06 +0200 + +gnutls28 (3.7.8-1) experimental; urgency=low + + * New upstream version. + + Drop 50_01-Avoid-redirection-bashism-in-testsuite.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Oct 2022 13:48:17 +0200 + +gnutls28 (3.7.7-2) unstable; urgency=medium + + * 50_01-Avoid-redirection-bashism-in-testsuite.patch: Fix CI error. + + -- Andreas Metzler <ametzler@debian.org> Sun, 31 Jul 2022 10:32:04 +0200 + +gnutls28 (3.7.7-1) unstable; urgency=low + + * New upstream bugfix release: Fixes double free during verification of + pkcs7 signatures. [GNUTLS-SA-2022-07-07, CVSS: medium] [CVE-2022-2509] + + Update symbol file. + * Add lintian overrides for source-is-missing false positives. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Jul 2022 14:09:32 +0200 + +gnutls28 (3.7.6-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Jun 2022 10:23:16 +0200 + +gnutls28 (3.7.6-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 May 2022 14:31:39 +0200 + +gnutls28 (3.7.5-1) experimental; urgency=low + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 May 2022 08:16:07 +0200 + +gnutls28 (3.7.4-2) unstable; urgency=low + + * 40_srptest_doubletimeout.diff: Increase timeout for tests/srp to fix + occasionasonal error on slow buildds (mipsel, hppa). + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 14 Apr 2022 08:54:25 +0200 + +gnutls28 (3.7.4-1) experimental; urgency=low + + * Drop superfluous dependency on libopts25-dev. + * New upstream version. + + Drop superfluous patches. (40_bashism_in_test.diff + 41_more_bashism_in_test.diff) + + Update symbol file. + + libgnutlsxx soname bumped due to ABI break in .1 (db_check_entry and + db_check_entry now have const parameters). + + -- Andreas Metzler <ametzler@debian.org> Sun, 03 Apr 2022 13:30:32 +0200 + +gnutls28 (3.7.3-4) unstable; urgency=low + + [ Helmut Grohne ] + * Fix FTCBFS: Annotate python3 dependency with :any. (Closes: #1004183) + + [ Andreas Metzler ] + * CI: Sort test list. + * CI: Skip another test wrapping a binary test. + * CI: Fix missed &> redirection. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Jan 2022 08:14:48 +0100 + +gnutls28 (3.7.3-3) unstable; urgency=low + + * Fix CI errors: + + Set PKCS12_ITER_COUNT=600000, avoid more tests requiring a special test + binary. + + 40_bashism_in_test.diff: Avoid &> redirection. + + -- Andreas Metzler <ametzler@debian.org> Sat, 22 Jan 2022 07:45:00 +0100 + +gnutls28 (3.7.3-2) unstable; urgency=low + + * B-d on python3 instead of python3-minimal, the json module is not part of + -minimal. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 20 Jan 2022 18:40:59 +0100 + +gnutls28 (3.7.3-1) experimental; urgency=low + + * New upstream version. + + Does not use GNU autogen anymore, update Build-Depends. + + Drop 40_fix-gtk-mkhtml.patch. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Tue, 18 Jan 2022 18:58:41 +0100 + +gnutls28 (3.7.2-5) unstable; urgency=medium + + * 40_fix-gtk-mkhtml.patch by Dennis Filder fixes gtk-doc generation. + Closes: #1003075 + * Cherrypick some improvements to debian/rules suggested by Dennis Filder. + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Jan 2022 18:46:29 +0100 + +gnutls28 (3.7.2-4) unstable; urgency=low + + * Run wrap-and-sort -ast, and drop depends/b-d on libgmp > 2:6 since even + oldstable uses this version. + * Upload to unstable + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 Dec 2021 13:57:12 +0100 + +gnutls28 (3.7.2-3) experimental; urgency=medium + + * Another test build against guile-3.0. #964284 + + -- Andreas Metzler <ametzler@debian.org> Sun, 29 Aug 2021 14:29:40 +0200 + +gnutls28 (3.7.2-2) unstable; urgency=low + + * Invoke dh_autoreconf with GTKDOCIZE=echo for arch-only builds, fixing + FTBFS. Closes: #992849 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Tue, 24 Aug 2021 19:46:02 +0200 + +gnutls28 (3.7.2-1) experimental; urgency=medium + + * New upstream version. + + Drop debian/patches/5[56]*. + + Update libgnutls30.symbols. + + Update copyright file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 20 Jun 2021 13:49:44 +0200 + +gnutls28 (3.7.1-5) unstable; urgency=medium + + * Another fix from 3.7.2: + 56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch + * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff applied upstream, renamed to + 56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 May 2021 12:14:30 +0200 + +gnutls28 (3.7.1-4) unstable; urgency=medium + + * Pull fixes from upstream Git master + + Ensure array allocations overflow safe. + https://gitlab.com/gnutls/gnutls/-/issues/1179 + 56_15-mem-add-_gnutls_reallocarray-and-_gnutls_reallocarra.patch + 56_16-pkcs11x-find_ext_cb-fix-error-propagation.patch + 56_17-build-avoid-potential-integer-overflow-in-array-allo.patch + 56_18-build-avoid-integer-overflow-in-additions.patch + 56_19-_gnutls_calloc-remove-unused-function.patch + + Add option to disable TLS 1.3 middlebox compatibility mode + https://gitlab.com/gnutls/gnutls/-/issues/1208 + 56_20-priority-add-option-to-disable-TLS-1.3-middlebox-com.patch + (Changes gperf input file, add b-d on gperf.) + + Fix session-id changing when responding to HelloRetryRequest + 56_24-handshake-don-t-regenerate-legacy_session_id-in-seco.patch + https://gitlab.com/gnutls/gnutls/-/issues/1210 + + Fix timing of sending TLSv1.3 early data. + 56_28-handshake-fix-timing-of-sending-early-data.patch + https://gitlab.com/gnutls/gnutls/-/issues/1146 + + -- Andreas Metzler <ametzler@debian.org> Sun, 25 Apr 2021 12:55:14 +0200 + +gnutls28 (3.7.1-3) unstable; urgency=low + + * Rename/refetch + *build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has + been merged into upstream GIT. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Tue, 30 Mar 2021 11:21:58 +0200 + +gnutls28 (3.7.1-2) experimental; urgency=medium + + * Also run ocsptool tests in autopkgtest. + * Add CVE numbers to previous changelog entry. + * Pull selected fixes from upstream GIT: + + 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch + + 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch + + 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch + + 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch + + 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch + + 56_04-examples-avoid-memory-leak-in-tlsproxy.patch + + 56_05-examples-avoid-memory-leak-in-ex-verify.patch + * 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch + Ship missing image file. (Thanks, lintian) + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Mar 2021 14:01:16 +0100 + +gnutls28 (3.7.1-1) unstable; urgency=medium + + * New upstream version + Fixes potential use-after-free in sending "key_share" and "pre_shared_key" + extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 10 Mar 2021 19:02:31 +0100 + +gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium + + * Fix autopkgtest skiplist. + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Mar 2021 16:26:05 +0100 + +gnutls28 (3.7.0+git20210306-1) experimental; urgency=low + + * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa + + Drop cherry-picked patches {48,49,50}_*. + + Update copyright file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Mar 2021 08:28:52 +0100 + +gnutls28 (3.7.0-7) unstable; urgency=medium + + * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch + 50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch + 50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream + master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl. + (Thanks to Tim Kosse for the pointer) Closes: #980119 + + -- Andreas Metzler <ametzler@debian.org> Fri, 12 Feb 2021 19:03:16 +0100 + +gnutls28 (3.7.0-6) unstable; urgency=medium + + * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch + with merged version from upstream GIT master. Features a fix for an assert + on connection to servers which send a duplicate chain including the + self-signed CA. Closes: #980513 + + -- Andreas Metzler <ametzler@debian.org> Mon, 08 Feb 2021 18:04:21 +0100 + +gnutls28 (3.7.0-5) unstable; urgency=low + + * Update from upstream GIT master, replace patches, add new ones. + + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added. + + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch + --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch + + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch + --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch + Closes: #977552 + + 45_opensslcompat_no_export_gl.diff + --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch. + + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 31 Dec 2020 13:11:15 +0100 + +gnutls28 (3.7.0-4) experimental; urgency=medium + + * Test build of fixes from + https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and + https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and + #977552. + + -- Andreas Metzler <ametzler@debian.org> Tue, 29 Dec 2020 07:52:38 +0100 + +gnutls28 (3.7.0-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 07 Dec 2020 18:44:34 +0100 + +gnutls28 (3.7.0-2) experimental; urgency=low + + * Fix guile-gnutls guile-x.x dependency. + * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols. + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Dec 2020 18:22:34 +0100 + +gnutls28 (3.7.0-1) experimental; urgency=low + + * New upstream version. + + Drop 50_autopkgtestfixes.diff. + + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher + added). + + Requires nettle >= 3.6. + * [lintian] Use v4 watch file. + * Add a symbol file for libgnutls-openssl27. + * Use dh v13 compat, (Some fixes for dh_missing.) + + -- Andreas Metzler <ametzler@debian.org> Thu, 03 Dec 2020 18:40:03 +0100 + +gnutls28 (3.6.15-4) unstable; urgency=medium + + * autopkgtest: Require build-essential. + * autopkgtest: respect dpkg-buildflags for helper-binary build. + + -- Andreas Metzler <ametzler@debian.org> Wed, 16 Sep 2020 18:45:09 +0200 + +gnutls28 (3.6.15-3) unstable; urgency=medium + + * More autopkgtest hotfixes. + + -- Andreas Metzler <ametzler@debian.org> Tue, 15 Sep 2020 17:56:30 +0200 + +gnutls28 (3.6.15-2) unstable; urgency=medium + + * 50_autopkgtestfixes.diff: Fix testsuite issues when running against + installed gnutls-bin. + * In autopkgtest set top_builddir and builddir, ignore + tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Sep 2020 17:56:48 +0200 + +gnutls28 (3.6.15-1) unstable; urgency=low + + * New upstream version. + + Fixes NULL pointer dereference if a no_renegotiation alert is sent with + unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04 + Closes: #969547 + + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch + 50_03-gnutls_cipher_init-fix-potential-memleak.patch + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + + Fix build error due to outdated gettext in Debian by removing newer + gettext m4 macros from m4/. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Sep 2020 09:50:07 +0200 + +gnutls28 (3.6.14-2) unstable; urgency=medium + + * Pull selected patches from upstream GIT: + + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch: + Fixes difference in generated docs on 32 and 64 bit archs. + + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch + 50_03-gnutls_cipher_init-fix-potential-memleak.patch + Fix memleak in gnutls_aead_cipher_init() with keys having invalid + length. (Broken since 3.6.3) + + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + Closes: #962467 + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2020 11:27:34 +0200 + +gnutls28 (3.6.14-1) unstable; urgency=high + + * Drop debugging code added in -4, fixes nocheck profile build error. + Closes: #962199 + * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to + debian/upstream/signing-key.asc. + * New upstream version. + + Fixes insecure session ticket key construction. + [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289 + + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch + 51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch + 51_02-x509-trigger-fallback-verification-path-when-cert-is.patch + 51_03-tests-add-test-case-for-certificate-chain-supersedin.patch + * Drop guile-gnutls.lintian-overrides. + * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass + AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without + IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!) + Hopefully Closes: #962218 + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Jun 2020 14:11:30 +0200 + +gnutls28 (3.6.13-4) unstable; urgency=medium + + * Output some network related debugging from debian/rules. + * Fix verification error with alternate chains. Closes: #961889 + + -- Andreas Metzler <ametzler@debian.org> Mon, 01 Jun 2020 10:34:25 +0200 + +gnutls28 (3.6.13-3) unstable; urgency=medium + + * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS + master: Handle zero length session tickets, fixing connection errors on + TLS1.2 sessions to some big hosting providers. (See LP 1876286) + + -- Andreas Metzler <ametzler@debian.org> Thu, 28 May 2020 18:25:45 +0200 + +gnutls28 (3.6.13-2) unstable; urgency=high + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 03 Apr 2020 17:48:40 +0200 + +gnutls28 (3.6.13-1) experimental; urgency=low + + * New upstream version. + + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 + support), since 3.6.3. The DTLS client would not contribute any + randomness to the DTLS negotiation, breaking the security + guarantees of the DTLS protocol + GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556 + * Fix guile lintian override for shared-lib-without-dependency-information. + + -- Andreas Metzler <ametzler@debian.org> Thu, 02 Apr 2020 18:31:26 +0200 + +gnutls28 (3.6.12-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 14 Feb 2020 16:14:28 +0100 + +gnutls28 (3.6.12-1) experimental; urgency=low + + [ Debian Janitor ] + * Drop unnecessary dh arguments: --parallel + + [ Andreas Metzler ] + * Fix bindtextdomain() call and dgettext() invocations to search for the + correct filename. (Thanks, Laurent Bigonville for report and diagnosis.) + Closes: #949151 + * [lintian] Drop superfluous debian/source/include-binaries. + * New upstream version. + + Update symbol file. + + Drop workaround for #658110, install guile shared objects to multi-arch + paths. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Feb 2020 17:45:13 +0100 + +gnutls28 (3.6.11.1-2) unstable; urgency=low + + * Use dh 12 compat level. + + Install gtk-doc files from as-installed location instead of builddir to + avoid dh_missing warnings. + * List *.la files in debian/not-installed. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Dec 2019 18:07:49 +0100 + +gnutls28 (3.6.11.1-1) experimental; urgency=low + + * New upstream version. + Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch + 50_02-guile-Silence-auto-compilation-warning-for-guild.patch + * Update symbol file (VKO GOST key exchange supported was added). + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Dec 2019 07:49:26 +0100 + +gnutls28 (3.6.10-5) unstable; urgency=medium + + * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch + 50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream + GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!) + Closes: #943905 + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 Nov 2019 18:41:44 +0100 + +gnutls28 (3.6.10-4) unstable; urgency=medium + + * Add support for noguile build profile. See #943905. + + -- Andreas Metzler <ametzler@debian.org> Sat, 02 Nov 2019 06:30:43 +0100 + +gnutls28 (3.6.10-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 30 Oct 2019 19:23:36 +0100 + +gnutls28 (3.6.10-2) experimental; urgency=medium + + * Switch b-d from texlive-generic-recommended to texlive-plain-generic. + Closes: #941526 + + -- Andreas Metzler <ametzler@debian.org> Wed, 02 Oct 2019 19:46:25 +0200 + +gnutls28 (3.6.10-1) experimental; urgency=low + + * New upstream version. + + Drop i386-fix-wrong-reloc.patch and + 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch. + + Update symbol files. + + Update copyright. Stop shipping a copy of the GNU Affero General Public + License version 3. (pkcs11-mock.* is now under a different license.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 29 Sep 2019 18:39:12 +0200 + +gnutls28 (3.6.9-7) experimental; urgency=low + + * Fix copy-paste error (missing line) in libgnutls-dane0 description. + * Re-add guile-gnutls, test-build (including testsuite) was successful. + Closes: #905272 + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Sep 2019 17:29:57 +0200 + +gnutls28 (3.6.9-6) experimental; urgency=low + + * Test-build guile bindings. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Sep 2019 17:34:01 +0200 + +gnutls28 (3.6.9-5) unstable; urgency=medium + + * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream + GIT master: Fix interop problems with gnutls 2.x. Closes: #933538 + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Sep 2019 13:38:41 +0200 + +gnutls28 (3.6.9-4) unstable; urgency=medium + + * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken + assembly code. (Thanks, Steve Langasek for report and patch!) + Closes: #934193 + + -- Andreas Metzler <ametzler@debian.org> Thu, 08 Aug 2019 19:40:21 +0200 + +gnutls28 (3.6.9-3) unstable; urgency=medium + + * autopkgtest: Skip system-override-sig-hash.sh. + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Aug 2019 06:48:46 +0200 + +gnutls28 (3.6.9-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 02 Aug 2019 19:12:42 +0200 + +gnutls28 (3.6.9-1) experimental; urgency=low + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sat, 27 Jul 2019 16:29:55 +0200 + +gnutls28 (3.6.8-2) unstable; urgency=low + + * Use DH 11 compat again. + * 3.6.8 builds with gcc-9. Closes: #925701 + * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian + Andres Klode) Closes: #930541 + See also https://gitlab.com/gnutls/gnutls/merge_requests/986 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Jul 2019 14:10:29 +0200 + +gnutls28 (3.6.8-1) experimental; urgency=low + + * New upstream version. + + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended, + texlive-latex-base. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 May 2019 18:20:43 +0200 + +gnutls28 (3.6.7-4) unstable; urgency=medium + + * Cherry-pick important bug-fixes from 3.6.8: + + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch + The gnutls_srp_set_server_credentials_function can be used with the 8192 + parameters as well. + https://gitlab.com/gnutls/gnutls/issues/761 + + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch + Fix calculation of Streebog digests (incorrect carry operation in + 512 bit addition). + + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch + Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client. + Closes: #929907 + + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch + Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain + crafting via IDNA conversion. + https://gitlab.com/gnutls/gnutls/issues/720 + + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch + Fixed bug preventing the use of gnutls_pubkey_verify_data2() and + gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN + flag. + https://gitlab.com/gnutls/gnutls/issues/754 + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Jun 2019 19:21:23 +0200 + +gnutls28 (3.6.7-3) unstable; urgency=medium + + * Revert debhelper upgrade, use DH 10. + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 May 2019 10:48:52 +0200 + +gnutls28 (3.6.7-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 28 Mar 2019 15:09:02 +0100 + +gnutls28 (3.6.7-1) experimental; urgency=medium + + * New upstream version. + + Update AUTHOR list in copyright file. + + Update symbol file. + + Fixes issue preventing sending and receiving from different + threads when false start was enabled. Closes: #922879 + + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477 + + Fixes a memory corruption (double free) vulnerability in the + certificate verification API. + https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 + GNUTLS-SA-2019-03-27 + + Fixes an invalid pointer access via malformed TLS1.3 async messages; + https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836 + GNUTLS-SA-2019-03-27 + + -- Andreas Metzler <ametzler@debian.org> Thu, 28 Mar 2019 07:44:36 +0100 + +gnutls28 (3.6.6-3) unstable; urgency=low + + * Add @ to autopkgtest's Depends. + * Use DH 11 compat. + + -- Andreas Metzler <ametzler@debian.org> Sat, 09 Mar 2019 13:44:49 +0100 + +gnutls28 (3.6.6-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Jan 2019 17:57:52 +0100 + +gnutls28 (3.6.6-1) experimental; urgency=low + + * New upstream version. + + Fixes certtool.1 syntax. Closes: #920215 + + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff. + + Update symbol file for released version. + + -- Andreas Metzler <ametzler@debian.org> Fri, 25 Jan 2019 19:18:53 +0100 + +gnutls28 (3.6.5+git20190105-1) experimental; urgency=low + + * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6. + + Update symbol and copyright file. + * Delete autogen stamp-files on clean to enforce regeneration. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Jan 2019 13:19:00 +0100 + +gnutls28 (3.6.5-2) unstable; urgency=low + + * Upload to unstable. + * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1. + + -- Andreas Metzler <ametzler@debian.org> Sun, 16 Dec 2018 13:56:19 +0100 + +gnutls28 (3.6.5-1) experimental; urgency=medium + + * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments. + * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is + now in oldstable. + * New upstream version. + + Requires nettle >= 3.4.1(rc). + + List newly added symbols in symbol file. Bump generated dependencies to + >= 3.6.5 since multiple enums have been extended. + + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835 + * [lintian] Drop dh_strip override, stable has automatic debug packages. + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Dec 2018 19:11:28 +0100 + +gnutls28 (3.6.4-2) experimental; urgency=medium + + * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2018 07:05:20 +0200 + +gnutls28 (3.6.4-1) experimental; urgency=medium + + * New upstream version. + * Update symbol file. + * Drop --enable-tls13-support configure option. + + -- Andreas Metzler <ametzler@debian.org> Thu, 27 Sep 2018 19:26:00 +0200 + +gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium + + * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback + detection for the draft-tls support, because it will be triggered once + TLS versions with the final numbering are deployed. (Thanks, Nikos!) + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2018 11:17:10 +0200 + +gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium + + * Set Rules-Requires-Root: no. + * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41. + + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Wed, 15 Aug 2018 13:18:59 +0200 + +gnutls28 (3.6.3-2) experimental; urgency=medium + + * Update basic feature list in package descriptions, based on short + description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3 + added.) Closes: #904681 + * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes + cherrypicked by Nikos for Fedora rawhide. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Jul 2018 13:14:33 +0200 + +gnutls28 (3.6.3-1) experimental; urgency=medium + + * New upstream version. + * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Jul 2018 16:29:45 +0200 + +gnutls28 (3.6.2+git20180714-1) experimental; urgency=low + + * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94. + + SSL 3.0 disabled by default at compile-time. + * Bump symbol dependency info. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Jul 2018 13:20:23 +0200 + +gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium + + * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e. + * Drop 40_add_missingm4.diff. + * Bump symbol dependency info. + * For testing build with --enable-tls13-support. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Jul 2018 14:48:54 +0200 + +gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium + + * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. + + -- Andreas Metzler <ametzler@debian.org> Sun, 01 Jul 2018 10:58:54 +0200 + +gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium + + * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762. + * Drop superfluous patches: + + 40_increase_srp_test_timeout.diff + + 50_mark_tests_xfail.diff + + 52_fix_testcompat-main-openssl.diff + * Add new functions to symbol file. + * Many enums/flags extended, be conservative and bump sympol dependency + info. + * Bump libgnutlsxx28 shlibs. + * Bump (b-)d on nettle-dev and libp11-kit-dev. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2018 19:44:43 +0200 + +gnutls28 (3.6.2-3) experimental; urgency=low + + * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix + FTBFS with softhsm 2.4.0. + * [lintian] Delete trailing empty lines in changelog. + * 52_fix_testcompat-main-openssl.diff: Allow running test successfully + and against binaries from installed gnutls-bin package. + * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et + al) of the upstream testsuite. + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2018 17:42:17 +0200 + +gnutls28 (3.6.2-2) experimental; urgency=low + + * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test + The new srp-8192 test failed on slow archs (mips/mipsel). + * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and + build-depends-on-1-revision. + * Point Vcs-* to salsa. + * Sort Build-Depends alphabetically. + + -- Andreas Metzler <ametzler@debian.org> Sun, 18 Feb 2018 13:42:07 +0100 + +gnutls28 (3.6.2-1) experimental; urgency=low + + * (Build-)depend on libidn2-dev instead of transitional package + libidn2-0-dev. Closes: #883187 + * Point homepage field and watchfile to https URL. + * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to + debian/upstream/signing-key.asc (and stop uscan from doing so on every + invocation). + * Refresh upstream key, adding signing subkey + A812CBFDFCDC4D0BE7A093129D5EAAF69013B842. + * New upstream version. + + When verifying against a self signed certificate ignore issuer. That + is, ignore issuer when checking the issuer's parameters strength, + resolving issue #347 which caused self signed certificates to be + additionally marked as of insufficient security level. + Closes: #885127 + + Bump shlibs/symbol files for newly added symbols. + * [lintian] Clean up trailing whitespace in debian/changelog. + * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard + -> optional). + * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from + build-depends. Stop specifying --parallel --with autoreconf. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Feb 2018 10:56:47 +0100 + +gnutls28 (3.6.1-1) experimental; urgency=medium + + * New upstream version. + + Drop 35_modernize_gtkdoc.diff. + + Fixes interoperability issue with openssl when safe renegotiation was + used. Closes: #873055 + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Oct 2017 17:32:15 +0200 + +gnutls28 (3.6.0-2) experimental; urgency=medium + + * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc + support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am + from gtk-doc git head (that is 1.26 + + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. + Closes: #876587 + + -- Andreas Metzler <ametzler@debian.org> Sun, 01 Oct 2017 18:04:16 +0200 + +gnutls28 (3.6.0-1) experimental; urgency=low + + * New upstream version. + + Multiple enums listing function flags have been extended, new + algorithms have been added. Bump dependency info on all symbols in + main GnuTLS library to >= 3.6.0, to make sure the versioning is + strict enough. + + Drop (build-)dependency on zlib1g-dev. + + Update copyright info. + + Calls to gnutls_record_send() and gnutls_record_recv() + prior to handshake being complete are now refused. Closes: #849807 + * Drop --without-lzo from ./configure, it has been a noop for a long time. + * Build in private directory, using "dh --builddirectory=b4deb". + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Aug 2017 17:26:25 +0200 + +gnutls28 (3.5.19-1) unstable; urgency=low + + * New upstream version. + + Drop 35_modernize_gtkdoc.diff. + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Jul 2018 14:07:09 +0200 + +gnutls28 (3.5.18-1) unstable; urgency=medium + + * New upstream version. + * Refresh upstream key, adding new signing subkey. Move to ascii armored + keyring. + + -- Andreas Metzler <ametzler@debian.org> Fri, 16 Feb 2018 18:39:11 +0100 + +gnutls28 (3.5.17-1) unstable; urgency=low + + * New upstream version. + + When verifying against a self signed certificate ignore issuer. That + is, ignore issuer when checking the issuer's parameters strength, + resolving issue #347 which caused self signed certificates to be + additionally marked as of insufficient security level. + Closes: #885127 + + -- Andreas Metzler <ametzler@debian.org> Wed, 17 Jan 2018 19:13:49 +0100 + +gnutls28 (3.5.16-1) unstable; urgency=medium + + * New upstream version. + + Fixes interoperability issue with openssl when safe renegotiation was + used. Closes: #873055 + * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc + support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am + from gtk-doc git head (that is 1.26 + + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. + Closes: #876587 + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Oct 2017 13:57:48 +0200 + +gnutls28 (3.5.15-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 23 Aug 2017 18:56:34 +0200 + +gnutls28 (3.5.15-1) experimental; urgency=medium + + * New upstream version. Drop unneeded patches. + (31_arm64ilp32-unaccelerated.patch + 35_record-added-sanity-checking-in-the-record-layer-ver.patch + 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch) + + -- Andreas Metzler <ametzler@debian.org> Mon, 21 Aug 2017 19:27:13 +0200 + +gnutls28 (3.5.14-3) unstable; urgency=low + + * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from + upstream gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an + already terminated or deinitialized session. Closes: #867303 + * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from + upstream gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting + to accessing past the input data. + * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly + code on arm64ilp32 to fix FTBFS. Closes: #872454 + * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for + the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8. + * Standards-Version 4.0.1, update priorities (extra->optional). + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Aug 2017 18:47:38 +0200 + +gnutls28 (3.5.14-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jul 2017 18:34:43 +0200 + +gnutls28 (3.5.14-1) experimental; urgency=low + + [ Dan Nicholson ] + * Build with --disable-rpath. Closes: #865674 + + [ Andreas Metzler ] + * New upstream version. + * Build against external libunistring. + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Jul 2017 19:31:06 +0200 + +gnutls28 (3.5.13-2) unstable; urgency=medium + + * Upload to unstable, merge changelogs. + + -- Andreas Metzler <ametzler@debian.org> Thu, 22 Jun 2017 18:18:19 +0200 + +gnutls28 (3.5.13-1) experimental; urgency=low + + * New upstream version. + + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch. + + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer + dereference. #864560 + + -- Andreas Metzler <ametzler@debian.org> Fri, 09 Jun 2017 18:53:39 +0200 + +gnutls28 (3.5.12-2) experimental; urgency=medium + + * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct + typo preventing the run of openpgp test. + * Stop disabling heartbeat support. Closes: #861193 + + -- Andreas Metzler <ametzler@debian.org> Sun, 14 May 2017 11:34:32 +0200 + +gnutls28 (3.5.12-1) experimental; urgency=medium + + * New upstream version. + * Bump dep info on gnutls_session_ext_register. + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 May 2017 19:14:52 +0200 + +gnutls28 (3.5.11-1) experimental; urgency=medium + + * New upstream version. + * gnutls.pc: do not include libtool options into Libs.private. + Closes: #857943 + * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and + Libs.private. (LP: #1660915) + * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, + which includes TLS1.2 support. Closes: #857436 + * Add b-d on ca-certificates, needed for trust-store check. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Apr 2017 14:51:31 +0200 + +gnutls28 (3.5.10-1) experimental; urgency=medium + + * New upstream version. + + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888 + + Includes fixes for GNUTLS-SA-2017-3[ABC]. + + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct + and gnutls_ocsp_resp_verify which now accept (more) flags. + + -- Andreas Metzler <ametzler@debian.org> Thu, 09 Mar 2017 18:37:48 +0100 + +gnutls28 (3.5.9-1) experimental; urgency=medium + + * New upstream version. + + Drop debian/patches/35_0*. + + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map. + * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of + libidn11-dev. + + -- Andreas Metzler <ametzler@debian.org> Sun, 12 Feb 2017 19:37:32 +0100 + +gnutls28 (3.5.8-6) unstable; urgency=high + + * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving + well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507 + Closes: #864560 + + -- Andreas Metzler <ametzler@debian.org> Sun, 11 Jun 2017 10:44:33 +0200 + +gnutls28 (3.5.8-5) unstable; urgency=medium + + * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo + in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch. + * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch: + Addressed large allocation in OpenPGP certificate parsing, that could lead + in out-of-memory condition. Issue found using oss-fuzz project, and was + fixed by Alex Gaynor. + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 + [GNUTLS-SA-2017-3C] + + -- Andreas Metzler <ametzler@debian.org> Tue, 07 Mar 2017 19:07:31 +0100 + +gnutls28 (3.5.8-4) unstable; urgency=medium + + * More upstream fixes from gnutls_3_5_x branch: + + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer + overflow resulting to invalid memory write in OpenPGP certificate + parsing. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + [GNUTLS-SA-2017-3A] + + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of + 1 byte past the end of buffer in OpenPGP certificate parsing. Issue + found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch + Addressed crashes in OpenPGP certificate parsing, related to private key + parser. No longer allow OpenPGP certificates (public keys) to contain + private key sub-packets. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + [GNUTLS-SA-2017-3B] + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Mar 2017 16:23:15 +0100 + +gnutls28 (3.5.8-3) unstable; urgency=high + + * Another two bugfixes from upstream. + + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch + Address test suite failure due to timezone differences. + Closes: #853732 + + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch + When returning success, but no elements + gnutls_pkcs11_obj_list_import_url4 could have returned zero number of + elements with a pointer that was uninitialized. + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2017 12:58:45 +0100 + +gnutls28 (3.5.8-2) unstable; urgency=medium + + * Pull two fixes from upstream GIT gnutls_3_5_x branch + 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch + 35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Jan 2017 15:32:40 +0100 + +gnutls28 (3.5.8-1) unstable; urgency=medium + + * New upstream release. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 09 Jan 2017 18:50:17 +0100 + +gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium + + * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from + upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding + tests/key-tests/key-invalid.) + + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch + 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch + + libgnutls: Fix double free in certificate information printing. If the + PKIX extension proxy was set with a policy language set but no policy + specified, that could lead to a double free. GNUTLS-SA-2017-1 + CVE-2017-5334 + + libgnutls: Addressed invalid memory accesses in OpenPGP certificate + parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2 + CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337 + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Jan 2017 15:54:37 +0100 + +gnutls28 (3.5.7-3) unstable; urgency=medium + + * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch, + 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from + upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned + by PKCS#8 decryption functions when an invalid key is provided. This + addresses regression on decrypting certain PKCS#8 keys. + Closes: #848905 + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Dec 2016 18:47:13 +0100 + +gnutls28 (3.5.7-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 09 Dec 2016 18:10:53 +0100 + +gnutls28 (3.5.7-1) experimental; urgency=low + + * New upstream version. + * Drop unneeded patches. + 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch + 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch + 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch + 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch + 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch + 41_04_cleanups-in-_gnutls_buffer_to_datum.patch + 41_05_x509-output-use-the-new-functions-for-DN-output.patch + 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch + 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch + * Add missing dependency of libgnutls28-dev on libgnutls-dane0. + * Update symbol file. (Add new symbols, bump dependency on functions that + might return new error codes.) + * Build with --with-included-unistring, Debian's libunistring package is + too old (non dual-licensed). + + -- Andreas Metzler <ametzler@debian.org> Thu, 08 Dec 2016 14:03:16 +0100 + +gnutls28 (3.5.6-7) unstable; urgency=low + + * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest + for dns-root-data to libgnutls-dane0. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Nov 2016 19:42:02 +0100 + +gnutls28 (3.5.6-6) experimental; urgency=medium + + * Pull a patch set from upstream GIT which reverts the DN sorting change in + 3.5.6 and adds new functions to provide a RFC4514 compliant sorting. + Closes: #844539 + 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch + 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch + 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch + 41_04_cleanups-in-_gnutls_buffer_to_datum.patch + 41_05_x509-output-use-the-new-functions-for-DN-output.patch + 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch + 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch + * Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Nov 2016 19:15:20 +0100 + +gnutls28 (3.5.6-5) experimental; urgency=low + + * Merge changes from unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 19:09:55 +0100 + +gnutls28 (3.5.6-4) unstable; urgency=medium + + * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch + 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from + upstream git master. The latter fixes a gnutls-cli-debug segfault. + Closes: #844061 + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 18:40:05 +0100 + +gnutls28 (3.5.6-3) experimental; urgency=low + + * Package libgnutls-dane, as libunbound is now built against nettle instead + of OpenSSL. Closes: #733295 + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 14:02:00 +0100 + +gnutls28 (3.5.6-2) unstable; urgency=low + + * Upload to unstable. + * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are + longer than 32-bits. (Upstream GIT commit + fcdb461e935dbdc0892241a35be7499116f22a67). + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Nov 2016 18:28:02 +0100 + +gnutls28 (3.5.6-1) experimental; urgency=low + + * New upstream version. + + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff + 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch). + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Tue, 08 Nov 2016 19:31:31 +0100 + +gnutls28 (3.5.5-6) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 31 Oct 2016 19:00:47 +0100 + +gnutls28 (3.5.5-5) experimental; urgency=medium + + * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from + https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility + issue with GnuTLS 3.3 clients. Closes: #841723 + * Bump symbol dependency info for multiple + gnutls_certificate_(set|get)_*_key* functions. If + %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a + non-negative return code on success instead of 0 for success and negative + numbers for failure. + * Add b-d on openssl (for testsuite). + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Oct 2016 18:03:49 +0200 + +gnutls28 (3.5.5-4) unstable; urgency=medium + + * Upload to unstable. + * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch. + + -- Andreas Metzler <ametzler@debian.org> Tue, 25 Oct 2016 19:19:25 +0200 + +gnutls28 (3.5.5-3) experimental; urgency=medium + + * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced + in 3.5.5. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2016 15:51:58 +0200 + +gnutls28 (3.5.5-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2016 13:49:51 +0200 + +gnutls28 (3.5.5-1) experimental; urgency=medium + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Tue, 11 Oct 2016 19:19:42 +0200 + +gnutls28 (3.5.4-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 11 Sep 2016 13:14:49 +0200 + +gnutls28 (3.5.4-1) experimental; urgency=medium + + * New upstream version. + + Drop superfluous patches: + 35_gnutls-cli-print-Handshake-was-completed.patch + 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch + 37_openssl-format-fix-from-openconnect.patch + 39_ocsptool-corrected-bug-in-session-establishment.patch + 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch + 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch + 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch + 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch + 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch + + Update symbol file. + * Add b-d on softhsm2 for pkcs11 tests. + + -- Andreas Metzler <ametzler@debian.org> Sat, 10 Sep 2016 14:45:06 +0200 + +gnutls28 (3.5.3-5) experimental; urgency=medium + + * Pull DTLS fixes from upstream GIT master. + 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch + 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch + 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch + 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch + Closes: #835587 + + -- Andreas Metzler <ametzler@debian.org> Wed, 07 Sep 2016 19:56:58 +0200 + +gnutls28 (3.5.3-4) unstable; urgency=high + + * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of + ocsptool --ask ... Closes: #836371 + * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP + certificate check doesn't actually verify the serial length and might + succeed when it shouldn't. CVE-2016-7444 + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Sep 2016 14:00:22 +0200 + +gnutls28 (3.5.3-3) unstable; urgency=medium + + * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake + was completed', fixing emacs' lisp/net/tls.el. Closes: #834516 + * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch + gnutls-cli STARTTLS support was broken in 3.5.3. + * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of + OpenSSL encrypted PEM files. + + -- Andreas Metzler <ametzler@debian.org> Wed, 24 Aug 2016 19:27:04 +0200 + +gnutls28 (3.5.3-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 15 Aug 2016 13:06:28 +0200 + +gnutls28 (3.5.3-1) experimental; urgency=medium + + * New upstream version. + + Update libgnutls30.symbols. + + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to + apply it in the previous upload anyway.) + + Add b-d on libcmocka-dev (marked with <!nocheck>). + + -- Andreas Metzler <ametzler@debian.org> Wed, 10 Aug 2016 19:14:22 +0200 + +gnutls28 (3.5.2-3) experimental; urgency=medium + + * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch + from upstream GIT, which should allow gnutls continue to work with + CVE-2016-6489-patched nettle. + + -- Andreas Metzler <ametzler@debian.org> Mon, 08 Aug 2016 19:41:41 +0200 + +gnutls28 (3.5.2-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 27 Jul 2016 19:05:04 +0200 + +gnutls28 (3.5.2-1) experimental; urgency=low + + * New upstream version. + * Add libssl-dev b-d (marked with <!nocheck>), which can be used in + testsuite. + + -- Andreas Metzler <ametzler@debian.org> Sun, 10 Jul 2016 06:51:39 +0200 + +gnutls28 (3.5.1-1) experimental; urgency=medium + + * Merge from unstable: + + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should + have been dropped with the soname bump from libgnutls-deb0-28 to + libgnutls30 in the first place. (Thanks, Andreas Beckmann) + Closes: #825645 + + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via + the <!nocheck> profile. + * New upstream version. + + Drop 40_openssl_compat-removed-unneeded-headers.patch. + + Install README.md instead of README. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Jun 2016 17:34:44 +0200 + +gnutls28 (3.5.0-1) experimental; urgency=medium + + * New upstream release. + + Drop unneeded patches: + 40_src-added-systemkey-args-to-BUILT_SOURCES.patch + 45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch + 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch + 45_03_configure-corrected-regression-which-prevented-the-b.patch + 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch + * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT + to fix FTBFS in openssl wrapper. + * crywrap is not shipped with GnuTLS anymore. + * Update copyright info, ship copy of the GNU Affero General Public + License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of + the testsuite use this license. + * Update symbol file: + + Add new functions. + + Multiple core enums (including gnutls_init_flags_t) have been extended, + and most gnutls users will invoke at least one function affected by + this change. Bump symbol dependency info to >= 3.5.0 for all symbols, + because we would end up with this dependency anyway. + + -- Andreas Metzler <ametzler@debian.org> Tue, 17 May 2016 19:17:13 +0200 + +gnutls28 (3.4.14-1) unstable; urgency=medium + + * Also mark b-d on net-tools/freebsd-net-tools as optional via the + <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and + patch). Closes: #826693 + * New upstream bugfix release. This includes the following fix: + + libgnutls: Address issue when utilizing the p11-kit trust store + for certificate verification (GNUTLS-SA-2016-2). + The issue is not relevant for the Debian binary packages, since we do not + build with --with-default-trust-store-pkcs11=. + + + -- Andreas Metzler <ametzler@debian.org> Sat, 09 Jul 2016 14:01:05 +0200 + +gnutls28 (3.4.13-1) unstable; urgency=high + + * New upstream bugfix release. + + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was + introduced in 3.4.12. + + Testsuite requires netstat, add b-d. + + -- Andreas Metzler <ametzler@debian.org> Mon, 06 Jun 2016 20:05:42 +0200 + +gnutls28 (3.4.12-2) unstable; urgency=medium + + * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should + have been dropped with the soname bump from libgnutls-deb0-28 to + libgnutls30 in the first place. (Thanks, Andreas Beckmann) + Closes: #825645 + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 May 2016 16:13:39 +0200 + +gnutls28 (3.4.12-1) unstable; urgency=medium + + * New upstream version. + + Drop superfluous patches. + (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch + 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch + 45_03_configure-corrected-regression-which-prevented-the-b.patch + 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) + + Update copyright info, ship copy of the GNU Affero General Public + License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files + of the testsuite use this license. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 May 2016 08:15:15 +0200 + +gnutls28 (3.4.11-4) unstable; urgency=medium + + * Drop guile-gnutls package, testsuite errors have stayed unfixed too long. + Closes: #821457, #805863 + + -- Andreas Metzler <ametzler@debian.org> Tue, 26 Apr 2016 18:45:45 +0200 + +gnutls28 (3.4.11-3) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 17 Apr 2016 12:54:35 +0200 + +gnutls28 (3.4.11-2) experimental; urgency=medium + + * Pull post-release fixes from upstream gnutls_3_4_x branch. + (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch + 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch + 45_03_configure-corrected-regression-which-prevented-the-b.patch + 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 Apr 2016 11:59:38 +0200 + +gnutls28 (3.4.11-1) experimental; urgency=medium + + * New upstream version. + + Drop superfluous patches. + (41_tests-mini-loss-time-ensure-client-timeouts.diff + 42_mini-loss-time-improved-timeout-detection.patch + 43_fix_cpucapoverride.diff) + * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is + not installed/built anymore. Update gnutls-doc file list. + * Enable hardening=+bindnow. + + -- Andreas Metzler <ametzler@debian.org> Tue, 12 Apr 2016 19:14:07 +0200 + +gnutls28 (3.4.10-4) unstable; urgency=medium + + * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix + GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is + unavailable. Closes: #818341 + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Mar 2016 19:41:22 +0100 + +gnutls28 (3.4.10-3) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 14 Mar 2016 18:29:53 +0100 + +gnutls28 (3.4.10-2) experimental; urgency=medium + + * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain) + * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch, + another try for Closes: #813598 + + -- Andreas Metzler <ametzler@debian.org> Mon, 07 Mar 2016 19:22:57 +0100 + +gnutls28 (3.4.10-1) experimental; urgency=medium + + * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT + master to fix FTBFS with parallel builds. Closes: #816148 + * New upstream version. + * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream + master branch to fix occasional testsuite error. Closes: #813598 + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 08:45:52 +0100 + +gnutls28 (3.4.9-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Feb 2016 15:18:46 +0100 + +gnutls28 (3.4.9-1) experimental; urgency=medium + + * New upstream version. + * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and + 36_Revert-tests-updated-to-account-for-cert-generation.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Feb 2016 15:57:24 +0100 + +gnutls28 (3.4.8-3) unstable; urgency=medium + + * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and + 36_Revert-tests-updated-to-account-for-cert-generation.patch + from upstream GIT. Closes: #813243 + + -- Andreas Metzler <ametzler@debian.org> Sun, 31 Jan 2016 17:28:05 +0100 + +gnutls28 (3.4.8-2) unstable; urgency=medium + + * Merge master branch into experimental. + + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. + + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. + This is a kludge and technically wrong, but will prevent partial + upgrades from stable. See: #788735 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 21 Jan 2016 15:45:49 +0100 + +gnutls28 (3.4.8-1) experimental; urgency=medium + + * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration + option was added to debhelper/unstable with version 9.20150628, bump + build-dependency accordingly. + * autoreconf requires automake 1.12.2, add build-dependency. + * New upstream version. + + Update symbol file. + * Move Vcs-* from git/http to https. + + -- Andreas Metzler <ametzler@debian.org> Fri, 08 Jan 2016 19:30:07 +0100 + +gnutls28 (3.4.7-1) experimental; urgency=medium + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Nov 2015 15:29:19 +0100 + +gnutls28 (3.4.6-1) experimental; urgency=medium + + * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and + later) to improve reproducibility of build. + * New upstream version. + + Update symbol file. + * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev + (>= 1.17.14). Both are required for build-profile support added in + previous upload. (Thanks, lintian.) + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Oct 2015 20:00:55 +0200 + +gnutls28 (3.4.5-1) experimental; urgency=medium + + [ Helmut Grohne ] + * Turn Build-Depends: datefudge optional via <!nocheck> profile. + Closes: #797544 + + [ Andreas Metzler ] + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2015 13:48:12 +0200 + +gnutls28 (3.4.4.1-1) experimental; urgency=medium + + * New upstream version. + + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, + bump dependency info for functions taking it as argument or returning it. + + Bump dependency info on private symbols. + + Update debian/copyright. + + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 + CVE-2015-6251 + + -- Andreas Metzler <ametzler@debian.org> Tue, 11 Aug 2015 20:12:46 +0200 + +gnutls28 (3.4.3-1) experimental; urgency=medium + + * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31. + * New upstream version. + + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum + gnutls_pkcs11_token_info_t. + + Add dependency info for new symbols, bump private symbol dependency. + + -- Andreas Metzler <ametzler@debian.org> Sun, 12 Jul 2015 20:01:09 +0200 + +gnutls28 (3.4.2-2) experimental; urgency=medium + + * Disable libidn support because CVE-2015-2059 is still not fixed. See + <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building + of crywrap. + + -- Andreas Metzler <ametzler@debian.org> Sun, 05 Jul 2015 14:18:06 +0200 + +gnutls28 (3.4.2-1) experimental; urgency=medium + + * New upstream version. + + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch. + + Update libgnutls30.symbols. (Add new fuctions, bump private symbol + version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.) + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jun 2015 08:45:14 +0200 + +gnutls28 (3.4.1-1) experimental; urgency=medium + + * New upstream version. + + Bump (build)-depends on nettle and p11-kit. + + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and + 55_nettle3.patch. + + Update 14_version_gettextcat.diff. + + Soname bump, library package renamed from libgnutls-deb0-28 to + libgnutls30. + + OpenSSL compat layer is not built by default anymore, pass + --enable-openssl-compatibility to ./configure. + + Update symbol file. + + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are + restricted to the corresponding protocols only, and the VERS-ALL + string is introduced to catch all possible protocols. Closes: #773145 + + Since the pkg-config file gnutls.pc now lists libidn in Requires.private + "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add + dependency on libidn11-dev to libgnutls28-dev. + * Fix typo in debian/rules + (s/-disable-silent-rules/--disable-silent-rules). + + -- Andreas Metzler <ametzler@debian.org> Fri, 05 Jun 2015 11:39:19 +0200 + +gnutls28 (3.3.20-1) unstable; urgency=medium + + * autoreconf requires automake 1.12.2, add build-dependency. + * New upstream version. + * Move Vcs-* from git/http to https. + + -- Andreas Metzler <ametzler@debian.org> Fri, 08 Jan 2016 18:57:41 +0100 + +gnutls28 (3.3.19-1) unstable; urgency=medium + + * New upstream version. + + Refresh 20_debian_specific_soname.diff. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Nov 2015 17:48:27 +0100 + +gnutls28 (3.3.18-1) unstable; urgency=medium + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Wed, 30 Sep 2015 18:49:13 +0200 + +gnutls28 (3.3.17-1) unstable; urgency=medium + + * New upstream version. + + Drop superfluous patches. + (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch, + 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch, + 47_safe-renegotiation-simulate-receiving-the-extension-.patch) + + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, + bump dependency info for functions taking it as argument or returning it. + + Bump dependency info on private symbols. + + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 + CVE-2015-6251 + + -- Andreas Metzler <ametzler@debian.org> Mon, 10 Aug 2015 19:48:11 +0200 + +gnutls28 (3.3.16-2) unstable; urgency=medium + + * Refresh 40_no_more_ssl3.diff. + * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch + 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch + 47_safe-renegotiation-simulate-receiving-the-extension-.patch + Pull three patches from upstream GIT to fix issue with server side sending + the status request extension even when not requested. + <http://article.gmane.org/gmane.network.gnutls.general/3929> + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Aug 2015 11:30:17 +0200 + +gnutls28 (3.3.16-1) unstable; urgency=medium + + * Limit watchfile to 3.3.x versions. + * New upstream version. + + Drop superfluous patches + (50_updated-sign-md5-rep-to-reduce-false-failures.patch, + 55_nettle3.patch, + 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch) + + Bump private symbol versioning. + + -- Andreas Metzler <ametzler@debian.org> Sun, 12 Jul 2015 19:00:04 +0200 + +gnutls28 (3.3.15-7) unstable; urgency=medium + + * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This + is a kludge and technically wrong, but will prevent partial upgrades from + stable. Closes: #788735 + * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. + + -- Andreas Metzler <ametzler@debian.org> Tue, 16 Jun 2015 19:06:09 +0200 + +gnutls28 (3.3.15-6) unstable; urgency=high + + * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch + Closes: #788011 + + -- Andreas Metzler <ametzler@debian.org> Fri, 12 Jun 2015 19:10:33 +0200 + +gnutls28 (3.3.15-5) unstable; urgency=medium + + * Upload to unstable. + * Downgrade nettle-dev b-d to 2.7, this upload should build correctly + against both 2.7 and 3.x. + + -- Andreas Metzler <ametzler@debian.org> Tue, 02 Jun 2015 19:21:57 +0200 + +gnutls28 (3.3.15-4) experimental; urgency=medium + + * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it + allows compilation against both nettle 2.7 and 3.x. + * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev + and libtasn1-6-dev, the =${binary:Version} dependency of the development + packages on the respective library packages should make this superfluous. + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 May 2015 12:45:19 +0200 + +gnutls28 (3.3.15-3) experimental; urgency=medium + + * Add 55_nettle3.patch from + http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building + against nettle3. + + -- Andreas Metzler <ametzler@debian.org> Wed, 13 May 2015 19:20:07 +0200 + +gnutls28 (3.3.15-2) unstable; urgency=medium + + * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT, + fixing a testsuite error on kfreebsd-*. + + -- Andreas Metzler <ametzler@debian.org> Wed, 06 May 2015 19:06:03 +0200 + +gnutls28 (3.3.15-1) unstable; urgency=medium + + * New upstream stable release. + + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2]. + + -- Andreas Metzler <ametzler@debian.org> Mon, 04 May 2015 19:24:42 +0200 + +gnutls28 (3.3.14-3) experimental; urgency=medium + + * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch. + * (Build-)depend on nettle-dev >= 3.0. + + -- Andreas Metzler <ametzler@debian.org> Fri, 01 May 2015 11:49:04 +0200 + +gnutls28 (3.3.14-2) unstable; urgency=medium + + * Upload to unstable. + * Sync version of Depends and Build-Depends on libtasn1-6-dev. + + -- Andreas Metzler <ametzler@debian.org> Mon, 27 Apr 2015 09:27:50 +0200 + +gnutls28 (3.3.14-1) experimental; urgency=medium + + * New upstream version. + + Bump libtasn b-d to >= 4.3. + + -- Andreas Metzler <ametzler@debian.org> Tue, 31 Mar 2015 18:29:42 +0200 + +gnutls28 (3.3.13-1) experimental; urgency=medium + + * New upstream version. + + Includes fix for CVE-2015-0294, a certificate algorithm consistency + checking issue. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Feb 2015 08:27:10 +0100 + +gnutls28 (3.3.12-1) experimental; urgency=medium + + * New upstream version. + + gnutls-cli-debug STARTTLS is working. Closes: #467022 + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Jan 2015 12:42:06 +0100 + +gnutls28 (3.3.11-1) experimental; urgency=medium + + * New upstream version. + + Includes fix for OCSP response parsing issue. Closes: #772055 + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 Dec 2014 19:07:23 +0100 + +gnutls28 (3.3.10-2) experimental; urgency=medium + + * Remove SSL 3.0 from default priorities list. + Closes: #769904 + + -- Andreas Metzler <ametzler@debian.org> Wed, 19 Nov 2014 19:33:23 +0100 + +gnutls28 (3.3.10-1) experimental; urgency=medium + + * debian/rules: fix pattern for removal (and re-generation) of autogen-ed + manpages. + * New upstream version. + + Includes fix for a denial of service issue CVE-2014-8564 / + GNUTLS-SA-2014-5. + + When gnutls_global_init() is called for a second time, it will check + whether the /dev/urandom fd kept is still open and matches the original + one. That behavior works around issues with servers that close all file + descriptors. This should take care of #760476. + + -- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2014 19:29:30 +0100 + +gnutls28 (3.3.9-1) experimental; urgency=medium + + * New upstream version. + + Unfuzz 20_debian_specific_soname.diff. + + Drop 31_fallback_to_RUSAGE_SELF.diff. + + Bump private symbol dependency info. + + Bump dependency version of gnutls_certificate_get_issuer() and + gnutls_x509_trust_list_get_issuer() because of newly added + GNUTLS_TL_GET_COPY flag. + + -- Andreas Metzler <ametzler@debian.org> Mon, 13 Oct 2014 20:08:58 +0200 + +gnutls28 (3.3.8-7) unstable; urgency=medium + + * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff: + Pull two patches from upstream to a use-after-free flaw in + gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308 + Closes: #782776 + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Apr 2015 19:11:01 +0200 + +gnutls28 (3.3.8-6) unstable; urgency=medium + + * 39_check-whether-the-two-signatur.patch: Pull and unfuzz + 6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On + certificate import check whether the two signature algorithms match. + CVE-2015-0294. Closes: #779428 + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Feb 2015 14:17:21 +0100 + +gnutls28 (3.3.8-5) unstable; urgency=medium + + * Remove SSL 3.0 from default priorities list. + Closes: #769904 + + -- Andreas Metzler <ametzler@debian.org> Thu, 20 Nov 2014 19:25:20 +0100 + +gnutls28 (3.3.8-4) unstable; urgency=high + + * Drop 31_fallback_to_RUSAGE_SELF.diff. + * 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually + from the application check the urandom fd for validity. Closes: #768841 + and takes care of #760476. + * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on + session deinit. It is already being refreshed during the session lifetime. + * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63 + format, perform additional sanity checks on input. + CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154 + * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test + uses a cert in binary der-format which is not representable in a quilt + patches and we want to limit debian.tar.xz to modify stuff in debian/ we + have some special handling in debian/rules.) + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2014 19:31:07 +0100 + +gnutls28 (3.3.8-3) unstable; urgency=high + + [ Daniel Kahn Gillmor ] + * Add list of executables to gnutls-bin package description. + Closes: #763671 + + [ Andreas Metzler ] + * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails + try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos + Mavrogiannopoulos!) Closes: #760476 + + -- Andreas Metzler <ametzler@debian.org> Sat, 11 Oct 2014 16:16:00 +0200 + +gnutls28 (3.3.8-2) unstable; urgency=medium + + * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS + 3.3.8 requires libtasn1 >= 3.9. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2014 11:52:40 +0200 + +gnutls28 (3.3.8-1) experimental; urgency=medium + + * New upstream version. + + Refresh 20_debian_specific_soname.diff. + + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts + with old experimental upload 0.21.2-1 + + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of + some functions in the gnutls_pkcs11_* family due to new members in enums + gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private + symbol dependency info, and bump shlibs. + * Drop version from libgnutls28-dev's dependency on libp11-kit-dev. + The GnuTLS library package automatically gets a dependency on libp11-kit0 + (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on + libp11-kit0 (= ${binary:Version}). Therefore these dependencies already + enforce a version on libp11-kit-dev and we do not need to duplicate the + info. + * Add explicit build-dependency on libopts25-dev. Closes: #761618 + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Sep 2014 12:11:01 +0200 + +gnutls28 (3.3.7-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Aug 2014 08:01:51 +0200 + +gnutls28 (3.3.7-1) experimental; urgency=medium + + * New upstream release. + + Refresh 20_debian_specific_soname.diff. + + Add newly added symbols to libgnutls-deb0-28.symbols, bump private + symbol dependency info, and bump shlibs. + + New member in gnutls_pkcs11_obj_attr_t, bump version of + gnutls_pkcs11_obj_list_import_url*. + + -- Andreas Metzler <ametzler@debian.org> Sun, 24 Aug 2014 13:35:44 +0200 + +gnutls28 (3.3.6-2) unstable; urgency=medium + + * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS + lastest stable at freeze time. + * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the + at-build-time-default-compiler) by exporting @CPP@. + + -- Andreas Metzler <ametzler@debian.org> Sun, 24 Aug 2014 09:32:36 +0200 + +gnutls28 (3.3.6-1) experimental; urgency=medium + + * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) + with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 + * New upstream release. + + Refresh 20_debian_specific_soname.diff. + + Add newly added symbols to libgnutls-deb0-28.symbols and bump private + symbol dependency info. + + -- Andreas Metzler <ametzler@debian.org> Thu, 24 Jul 2014 08:50:01 +0200 + +gnutls28 (3.3.5-1) experimental; urgency=medium + + * New upstream version. + * Refresh patches/20_debian_specific_soname.diff. + * Drop 30_Updated-asm-sources.patch. + * Add new public symbols to symbol file, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Jun 2014 13:53:06 +0200 + +gnutls28 (3.3.3-1) experimental; urgency=medium + + * New upstream version, including a fix for GNUTLS-SA-2014-3 + CVE-2014-3466. + * Refresh 20_debian_specific_soname.diff. + * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git. + * New symbol gnutls_credentials_get, update symbol file and bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 May 2014 07:58:37 +0200 + +gnutls28 (3.3.2-2) experimental; urgency=high + + * Fix crashes due to symbol clashes when a binary ends up being linked + against GnuTLS v2 and v3 by bumping library symbol-versioning (and + therefore also the soname) in a Debian specific way, to make sure there is + no conflict with future: + + 20_debian_specific_soname.diff + - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* + - Add "-release deb0" to libtool link command. + + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + + Adapt symbol file accordingly. + + Change 14_version_gettextcat.diff, too. + Closes: #748742 + * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. + These have been unnecessary since we started using dh compat v9, where + debugging symbols are installed to /usr/lib/debug/.build-id. + + -- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2014 19:27:01 +0200 + +gnutls28 (3.3.2-1) experimental; urgency=medium + + * Do not build-depend on guile-2.0 on m68k. Closes: #745461 + * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to + enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a + corresponding versioned build-dependency, to prevent building of + uninstallable packages. + * New upstream version. Drop 20_guile_no_override_allocation.diff and + 21_Treat-othername-as-printable.diff. + + -- Andreas Metzler <ametzler@debian.org> Thu, 08 May 2014 19:47:09 +0200 + +gnutls28 (3.3.1-1) experimental; urgency=medium + + * New upstream version. + + Drop 20_sparc_chainverify_buserror.diff. + + Pull 20_guile_no_override_allocation.diff and + 21_Treat-othername-as-printable.diff from upstream GIT. + + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped + upstream since it was never exported in a public header and is not + used according to codesearch.d.o. + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Apr 2014 19:25:11 +0200 + +gnutls28 (3.3.0-2) experimental; urgency=medium + + * Drop last remains of -xssl from debian/. + * Add debian/libgnutls28.symbols. + * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test + increase the space available for certificates to fix sparc testsuite + error. + * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from + libgnutls28-dev. + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Apr 2014 19:53:30 +0200 + +gnutls28 (3.3.0-1) experimental; urgency=medium + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Apr 2014 07:49:11 +0200 + +gnutls28 (3.3.0~pre0-1) experimental; urgency=medium + + * Also version the p11-kit dependency. + * New upstream version. + + Set --enable-static, as only shared libs are built by default. + + libgnutls-xssl is no more. + + Bump shlibs. + * Upload to experimental. + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Mar 2014 19:19:37 +0100 + +gnutls28 (3.2.16-1) unstable; urgency=medium + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Wed, 23 Jul 2014 12:36:32 +0200 + +gnutls28 (3.2.15-3) unstable; urgency=medium + + * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) + with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 + * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3 + series. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Jul 2014 13:55:48 +0200 + +gnutls28 (3.2.15-2) unstable; urgency=high + + * Fix crashes due to symbol clashes when a binary ends up being linked + against GnuTLS v2 and v3 by bumping library symbol-versioning (and + therefore also the soname) in a Debian specific way, to make sure there is + no conflict with future: + + 20_debian_specific_soname.diff + - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* + - Add "-release deb0" to libtool link command. + + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + + Change 14_version_gettextcat.diff, too. + Closes: #74874 + * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. + These have been unnecessary since we started using dh compat v9, where + debugging symbols are installed to /usr/lib/debug/.build-id. + * debian/copyright: Add info about GPLv2 compatibility. + + -- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2014 18:56:03 +0200 + +gnutls28 (3.2.15-1) unstable; urgency=high + + * New upstream version. + + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466. + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 May 2014 08:37:00 +0200 + +gnutls28 (3.2.14-1) unstable; urgency=medium + + * Do not build-depend on guile-2.0 on m68k. Closes: #745461 + * New upstream version. + * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to + enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a + corresponding versioned build-dependency, to prevent building of + uninstallable packages. + + -- Andreas Metzler <ametzler@debian.org> Wed, 07 May 2014 19:29:26 +0200 + +gnutls28 (3.2.13-2) unstable; urgency=medium + + * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from + libgnutls28-dev. + + -- Andreas Metzler <ametzler@debian.org> Wed, 16 Apr 2014 19:24:25 +0200 + +gnutls28 (3.2.13-1) unstable; urgency=medium + + * Also version the p11-kit dependency. + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Apr 2014 19:08:40 +0200 + +gnutls28 (3.2.12.1-2) unstable; urgency=medium + + * Upload to unstable. + * Sync from Ubuntu (Colin Watson): + + Add arm64 and ppc64el to the list of non-ia64 architectures on which + guile-gnutls is built. + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Mar 2014 17:50:43 +0100 + +gnutls28 (3.2.12.1-1) experimental; urgency=medium + + * New upstream version. + + Drop superfluous patches: + 20_bug-in-gnutls_pcert_list_import_x509_raw.patch + 20_CVE-2014-0092.diff + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Mar 2014 19:40:42 +0100 + +gnutls28 (3.2.11-2) unstable; urgency=high + + * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11. + * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate + validation issue. CVE-2014-0092 + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Mar 2014 08:48:21 +0100 + +gnutls28 (3.2.11-1) unstable; urgency=high + + * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1) + * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Feb 2014 14:38:52 +0100 + +gnutls28 (3.2.10-2) unstable; urgency=high + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Feb 2014 12:10:16 +0100 + +gnutls28 (3.2.10-1) experimental; urgency=high + + * New upstream version. + * New symbols exported, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Feb 2014 09:22:36 +0100 + +gnutls28 (3.2.9-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 29 Jan 2014 19:05:05 +0100 + +gnutls28 (3.2.9-1) experimental; urgency=medium + + * New upstream version. + + %COMPAT implies %DUMBFW. (See #733039) + * Drop 40_guilenoparallel.diff, which did not have any effect after enabling + dh_autoreconf. + * Stop dh_clean from removing *.bak, upstream tarball actually contains + files named such in src/ subdirectory. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Jan 2014 19:00:11 +0100 + +gnutls28 (3.2.8.1-3) unstable; urgency=medium + + * Correct c'n'p error in Vcs-Git field. + * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx) + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 Jan 2014 13:23:46 +0100 + +gnutls28 (3.2.8.1-2) unstable; urgency=low + + * Upload to unstable, without libgnutls-openssl27. + + -- Andreas Metzler <ametzler@debian.org> Fri, 27 Dec 2013 15:45:39 +0100 + +gnutls28 (3.2.8.1-1) experimental; urgency=low + + * New upstream version. + + Drop debian/patches/45_add_strerror-module.patch, which was pulled from + upstream. + + Bump shlibs. + * Add debian/upstream-signing-key.pgp (listed in + debian/source/include-binaries) and update watchfile to check + upstream signature. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Dec 2013 16:59:19 +0100 + +gnutls28 (3.2.7-4) experimental; urgency=low + + * Upload to experimental, with libgnutls-openssl27. + * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Dec 2013 18:43:16 +0100 + +gnutls28 (3.2.7-3) unstable; urgency=low + + * Point vcs* to git. + * Upload to unstable, without libgnutls-openssl27. + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Dec 2013 18:15:43 +0100 + +gnutls28 (3.2.7-2) experimental; urgency=low + + * Fix kfreebsd FTBFS. + + 45_add_strerror-module.patch add gnulib strerror module. + + Use dh_autoreconf. + + -- Andreas Metzler <ametzler@debian.org> Fri, 29 Nov 2013 19:10:39 +0100 + +gnutls28 (3.2.7-1) experimental; urgency=low + + * New upstream version. + + Add b-d on bison. + + Bump shlibs. + + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch. + + Simplify debian/rules, stop removing autogened files. + + -- Andreas Metzler <ametzler@debian.org> Wed, 27 Nov 2013 19:30:00 +0100 + +gnutls28 (3.2.6-2) experimental; urgency=low + + * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain + for the hint.) + * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition. + + -- Andreas Metzler <ametzler@debian.org> Sun, 10 Nov 2013 13:54:49 +0100 + +gnutls28 (3.2.6-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Tue, 05 Nov 2013 19:25:51 +0100 + +gnutls28 (3.2.5-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + * Ship examples/examples.h which is needed for building examples/*.c. Also + add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor) + Closes: #726971 + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Oct 2013 14:40:05 +0200 + +gnutls28 (3.2.4-5) experimental; urgency=low + + * Re-enable building of libgnutls-openssl27 binary package. + * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless + transition to gnutls28. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Oct 2013 19:10:06 +0200 + +gnutls28 (3.2.4-4) unstable; urgency=low + + * 40_guilenoparallel.diff: Disable parallel build in + guile/modules/. + + -- Andreas Metzler <ametzler@debian.org> Mon, 09 Sep 2013 19:48:04 +0200 + +gnutls28 (3.2.4-3) unstable; urgency=low + + * Looks like "Architecture" in debian/control cannot be folded, unfold the + respective entry for guile-gnutls. + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Sep 2013 08:03:27 +0200 + +gnutls28 (3.2.4-2) unstable; urgency=low + + * Manpages were missing on binary-only builds. Closes: #721725 + * Build with + --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since + ca-certificates not pulled in by build-dependencies anymore. + Closes: #721726 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Sep 2013 08:10:17 +0200 + +gnutls28 (3.2.4-1) experimental; urgency=low + + * New upstream release. + + Drop 40_Clean-up-after-test.patch. + * Fix path to png files in info files with sed instead of symlinking images. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 Aug 2013 19:02:33 +0200 + +gnutls28 (3.2.3-3) experimental; urgency=low + + * Switch to dh, to easily allow us to move gtk-doc-tools to + Build-Depends-Indep. Closes: #682596 + + -- Andreas Metzler <ametzler@debian.org> Sun, 25 Aug 2013 10:25:52 +0200 + +gnutls28 (3.2.3-2) experimental; urgency=low + + * Build gnutls-guile against guile-2.0. + + Drop --disable-largefile on armel armhf mipsel. + + ia64 does not build guile-2.0, disable guile-support there. + + -- Andreas Metzler <ametzler@debian.org> Sun, 04 Aug 2013 13:28:13 +0200 + +gnutls28 (3.2.3-1) unstable; urgency=low + + * New upstream release. + * Drop superfluous patches. (35_gnutls-priority-string.diff + 36_avoid-leaking-a-buffer-element.diff) + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Tue, 30 Jul 2013 19:45:28 +0200 + +gnutls28 (3.2.2-2) unstable; urgency=low + + * Pull two patches from upstream: + +35_gnutls-priority-string.diff Fix priority string parsing broken in + 3.2.2 Closes: #717314 + +36_avoid-leaking-a-buffer-element.diff + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Jul 2013 18:08:42 +0200 + +gnutls28 (3.2.2-1) unstable; urgency=low + + * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam) + Closes: #678070 + * New upstream version. + * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Mon, 15 Jul 2013 11:41:50 +0200 + +gnutls28 (3.2.1-2) unstable; urgency=low + + * Upload to unstable. + * Do not link everything against nettle on mips(el), the issue being worked + around was fixed by the latest eglibc upload. + * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch: + same. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Jun 2013 16:55:09 +0200 + +gnutls28 (3.2.1-1) experimental; urgency=low + + * New upstream version. + + Bump nettle build-dep to >= 2.7. + + Bump shlibs. + + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check + whether it still fails on kfreebsd-i386. + + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent + false positive error in 32-bit systems. + + [32_linkagainstgmp.diff] Link libgnutls against gmp. + + -- Andreas Metzler <ametzler@debian.org> Sun, 09 Jun 2013 20:08:29 +0200 + +gnutls28 (3.1.12-2) unstable; urgency=low + + * Upload to unstable. + * Fix vcs-field-not-canonical lintian error by using anonscm instead of + svn.debian.org. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jun 2013 14:41:39 +0200 + +gnutls28 (3.1.12-1) experimental; urgency=low + + * Use rm -f on clean, fixing an issue with building twice in row. + * New upstream version. + * On mips/mipsel link everything and the kitchen-sink against nettle to work + around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'"). + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Jun 2013 07:58:55 +0200 + +gnutls28 (3.1.11-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Fri, 10 May 2013 16:39:17 +0200 + +gnutls28 (3.1.10-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 23 Mar 2013 16:21:30 +0100 + +gnutls28 (3.1.9.1-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs. + * Force re-generation of autogen-ed manpages. + + -- Andreas Metzler <ametzler@debian.org> Sun, 03 Mar 2013 17:06:05 +0100 + +gnutls28 (3.1.8-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sun, 10 Feb 2013 13:35:32 +0100 + +gnutls28 (3.1.7-1) experimental; urgency=low + + * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching + the build-depency. (Thanks, Daniel Kahn Gillmor) + * New upstream version. + + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack. + CVE-2013-0169 CVE-2013-1619. + + New symbols added, bump shlibs. + + Ship newly available libgnutls-xssl0 library in a separate package. + * Disable Heart Beat (RFC6520) support. + + -- Andreas Metzler <ametzler@debian.org> Tue, 05 Feb 2013 14:58:31 +0100 + +gnutls28 (3.1.6-1) experimental; urgency=low + + * Update watchfile, based on Bart Martens version for gnutls26 on + q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to + 3.x versions. + * New upstream version. + + requires libtasn1 >= 3.1, bump build-depends. + + requires a a newer version of autogen, bump build-depends. + + update debian/copyright to reflect the fact that GnuTLS authors have + stopped assigning copyright to FSF. + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Jan 2013 09:38:41 +0100 + +gnutls28 (3.1.5-1) experimental; urgency=low + + * New upstream version. + + Drop 40_danetestfail.diff + + Unfuzz 20_test-select.diff + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Wed, 28 Nov 2012 19:23:10 +0100 + +gnutls28 (3.1.4-1) experimental; urgency=low + + * New upstream release. + + Drop 40_fixtypo.diff. + + debian/copyright: update upstream author list. + + New symbols added, bump shlibs. + * 40_danetestfail.diff - Do not try to run dane test without dane support. + + -- Andreas Metzler <ametzler@debian.org> Sat, 10 Nov 2012 09:21:41 +0100 + +gnutls28 (3.1.3-1) experimental; urgency=low + + * New upstream release. + * Explicitly set --disable-libdane --without-tpm. + * Bump shlibs. + * 40_fixtypo.diff pulled from upstream git. + * Update debian/copyright from AUTHORS. + + -- Andreas Metzler <ametzler@debian.org> Sat, 13 Oct 2012 15:52:09 +0200 + +gnutls28 (3.1.2-1) experimental; urgency=low + + * New upstream release. + + Requires libtasn1-3 2.14, bump (b-)d. + + New symbols added, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2012 08:13:47 +0200 + +gnutls28 (3.1.1-1) experimental; urgency=low + + * New upstream release. + + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6. + Closes: #686242 + + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff + 42_dump-the-errno.diff 43_possiblefix.diff) + + Bump shlibs. + * Sync version of libgnutls-dev dependency on nettle-dev with the + build-dependency. + + -- Andreas Metzler <ametzler@debian.org> Tue, 04 Sep 2012 19:28:08 +0200 + +gnutls28 (3.1.0-5) experimental; urgency=low + + * 43_possiblefix.diff might fix the test suite error. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Sep 2012 16:05:34 +0200 + +gnutls28 (3.1.0-4) experimental; urgency=low + + * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the + testsuite error. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Sep 2012 13:28:55 +0200 + +gnutls28 (3.1.0-3) experimental; urgency=low + + * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Sep 2012 10:02:54 +0200 + +gnutls28 (3.1.0-2) experimental; urgency=low + + * Mention abbreviation "DTLS" in package description. + * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test, + it spuriously fails on about half of the buildds. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Sep 2012 08:41:11 +0200 + +gnutls28 (3.1.0-1) experimental; urgency=low + + * New upstream release. + + Bump nettle build-dep to >= 2.5. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sun, 26 Aug 2012 13:40:15 +0200 + +gnutls28 (3.0.22-2) unstable; urgency=low + + * Upload to unstable. This is a leaf-package, experimental should get + 3.1.0. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2012 09:22:37 +0200 + +gnutls28 (3.0.22-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sun, 05 Aug 2012 08:29:14 +0200 + +gnutls28 (3.0.21-1) experimental; urgency=low + + * New upstream version. + + Drop 35_s390buildfix.diff. + * Bump shlibs (new functions added.) + + -- Andreas Metzler <ametzler@debian.org> Tue, 03 Jul 2012 19:50:14 +0200 + +gnutls28 (3.0.20-3) unstable; urgency=low + + * 35_s390buildfix.diff - Fixes test-suite error on s390x. + + -- Andreas Metzler <ametzler@debian.org> Thu, 21 Jun 2012 19:52:47 +0200 + +gnutls28 (3.0.20-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 Jun 2012 16:20:01 +0200 + +gnutls28 (3.0.20-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs (new functions added.) + * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for + CLOCK_MONOTONIC now. #662018 + + -- Andreas Metzler <ametzler@debian.org> Wed, 06 Jun 2012 20:46:11 +0200 + +gnutls28 (3.0.19-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Apr 2012 18:42:46 +0200 + +gnutls28 (3.0.19-1) experimental; urgency=low + + * New upstream version. + + libgnutls: When decoding a PKCS #11 URL the pin-source field + is assumed to be a file that stores the pin. (LP: #929108) + + Drop 31_killchild.diff, included upstream. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Apr 2012 18:14:41 +0200 + +gnutls28 (3.0.18-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Apr 2012 16:34:15 +0200 + +gnutls28 (3.0.18-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + * patches/31_killchild.diff: Revert upstream change which caused tee-ing a + build to hang. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Apr 2012 09:11:39 +0200 + +gnutls28 (3.0.17-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Mar 2012 19:19:31 +0100 + +gnutls28 (3.0.17-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Mar 2012 15:59:17 +0100 + +gnutls28 (3.0.15-2) experimental; urgency=low + + * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since + support for CLOCK_MONOTONIC is missing there. (See #662018.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 11 Mar 2012 10:24:39 +0100 + +gnutls28 (3.0.15-1) experimental; urgency=low + + * New upstream version. + + Drop superfluous patches (30_microseconds-does-not-overflow.patch, + 31_provide-accurate-value-to-select.patch) + + Includes fix for CVE-2012-1573. + * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts. + * Bump libgnutls-dev dependency on libp11-kit-dev. + + -- Andreas Metzler <ametzler@debian.org> Sun, 04 Mar 2012 15:58:38 +0100 + +gnutls28 (3.0.14-1) experimental; urgency=low + + * New upstream version. + + Drop 30_force-kill-of-child.diff. + * Pull 30_microseconds-does-not-overflow.patch and + 31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite + error (tests/mini-loss) on kfreebsd-*. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Feb 2012 15:24:39 +0100 + +gnutls28 (3.0.13-1) experimental; urgency=low + + * New upstream version. + + bump libp11-kit-dev build-dep. to >= 0.11. + + drop 30_guilegnutlserrorcodes.diff. + * Drop debian/ocsptool.1 use, newly available upstream manpage instead. + * Use and link against Debian's packaged version of autogen/libopts. + + B-d on autogen. + + remove autogen-generated files (*.c, *.h) on clean. autogen requires + that the system headers are at least of the same version as the + one which was used to generate the files from their respective .def + sources. + * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Mon, 20 Feb 2012 19:30:16 +0100 + +gnutls28 (3.0.12-2) unstable; urgency=low + + * De-multiarch guile-gnutls. Closes: #658110 + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2012 14:34:48 +0100 + +gnutls28 (3.0.12-1) unstable; urgency=low + + * New upstream version. + * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile + testsuite error. + * Update debian/copyright. + * Bump shlibs. (OCSP support) + * Add trivial ocsptool manpage. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Jan 2012 10:38:44 +0100 + +gnutls28 (3.0.11-1) unstable; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Jan 2012 12:55:33 +0100 + +gnutls28 (3.0.10-1) unstable; urgency=low + + * Drop guile-gnutls.README.Debian - binary guile modules are no longer + directly installed in $libdir. + * New upstream version. + + Drop patches/30_correctly-set-the-odd-bits.patch. + + gnutls_random_art() added. Update copyright, bump shlibs. + + src/serv.c: Only use configured interfaces. Patch by Pino Toscano. + Closes: #652552 + + -- Andreas Metzler <ametzler@debian.org> Fri, 06 Jan 2012 08:52:19 +0100 + +gnutls28 (3.0.9-2) unstable; urgency=low + + * [20_test-select.diff] Do not run gnulib test-select test anymore. The + test fails on kfreebsd-i386, the gnutls library does not use select(). + * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Dec 2011 11:41:19 +0100 + +gnutls28 (3.0.9-1) experimental; urgency=low + + * New upstream version. + * Include guile-gnutls package. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Wed, 14 Dec 2011 19:54:20 +0100 + +gnutls28 (3.0.8-2) unstable; urgency=low + + * First upload to unstable. + + Disable openssl-wrapper package, let it be provided by gnutls26 until + gnutls28 is in testing. + + Disable gnutls-guile package, let it be provided by gnutls26 until + gnutls28 is in testing. + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Dec 2011 10:30:04 +0100 + +gnutls28 (3.0.8-1) experimental; urgency=low + + * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix + guile related FTBFS on these architectures. + See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Nov 2011 17:05:25 +0100 + +gnutls28 (3.0.7-1) experimental; urgency=low + + * New upstream version. + + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441 + * Drop 20_addGNU-stack.diff, included upstream. + * loadable Guile module no longer installed directly to $libdir but to + $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and + Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify + DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module. + * gnutls-extra is removed upstream, there is no need anymore to manually + remove the bits and pieces in debian/rules. + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Nov 2011 19:35:30 +0100 + +gnutls28 (3.0.4-2) experimental; urgency=low + + * Drop libgnutls-dev.README.Debian, the information provided there stopped + being relevant in 2.7.12. + * Delete superfluous info from debian/README.source. + * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not + seem to be possible. + http://lists.debian.org/debian-devel/2011/10/msg00332.html + * Simplify dependencies: + + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is + also provided by gnutls26' libgnutls-dev). + + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, + gnutls-dev (<< 0.4.0-0), libgnutls11-dev. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2011 17:41:27 +0200 + +gnutls28 (3.0.4-1) experimental; urgency=low + + * New upstream version. + + bump shlibs. + + bump nettle build-dependency to >= 2.4. (Required for ripemd-160). + * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811 + * [20_addGNU-stack.diff] Add GNU-stack note to newly added + padlock-common.s. + * Stop shipping libgnutls-extra.so. It is an empty shell currently and will + be packaged for Debian again when it provides functionality. + * Update debian/copyright, accelerated assembly code is non-FSF copyright. + * Add crywrap.8 manpage. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2011 13:37:39 +0200 + +gnutls28 (3.0.3-1) experimental; urgency=low + + * New upstream version. (Includes a fix for #640639) + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Sep 2011 19:37:06 +0200 + +gnutls28 (3.0.2-1) experimental; urgency=low + + * Update debian/copyright for crywrap. + * Since libgnutls*-dbg contains debugging symbols of helper applications + libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update + Conflicts. + * New upstream version. It also includes the fixes for #638586 (Correct + parsing of XMPP subject alternative names) and #638595 + (gnutls_certificate_set_x509_key() and + gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the + release of the private key during the lifetime of the certificate + structure.) + * Configure with --enable-gtk-doc, the included API reference is incomplete + in the tarball. + * [lintian] Get rid of binary-control-field-duplicates-source field + warnings. + * [lintian] Add description header to 14_version_gettextcat.diff + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Sep 2011 13:18:17 +0200 + +gnutls28 (3.0.1-1) experimental; urgency=low + + * Update Vcs-Svn and Vcs-Browser for new source package name. + * New upstream version. + + corrects formatting of gnutls-cli(1) manpage. Closes: #637551 + * Bump build-dependency on libp11-kit-dev to (>= 0.4). + * Drop 20_executablestack.diff, included upstream. + * Includes crywrap(8), an application that proxies TLS session to a port + using a plaintext service. + * Add build-dependency on libidn11-dev, needed for newly added crywrap tool. + * Bump shlibs. (New flags). + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Aug 2011 14:54:23 +0200 + +gnutls28 (3.0.0-2) experimental; urgency=low + + * Add missing b-d on chrpath. + * Search for .xz instead of .bz2 in watchfile. + + -- Andreas Metzler <ametzler@debian.org> Tue, 16 Aug 2011 13:57:22 +0200 + +gnutls28 (3.0.0-1) experimental; urgency=low + + * Drop gcrypt related patches (16_unnecessarydep.diff + 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff + 20_gcrypt15compat.diff), update remaining one + (14_version_gettextcat.diff). + * Build against nettle and p11-kit. + + Update DEB_CONFIGURE_EXTRA_FLAGS. + + Update (Build-)Depends. (Add pkg-config, it is used for locating + p11-kit.) + * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 -> + libgnutls28. + * Drop libgnutls Breaks, they are superfluous after the soname change. + * Delete config.log on clean. + * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to + assembly files. + * Delete unneccessary rpath entries. + * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a + NEWS entry for this license change. + * Move gnutls-extra library to separate package. + + -- Andreas Metzler <ametzler@debian.org> Sun, 14 Aug 2011 16:44:11 +0200 + +gnutls26 (2.12.7-4) unstable; urgency=low + + * Upload to unstable. + * Point watch file to stable release directory. + * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config + Libs.private. Closes: #632891 + * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Aug 2011 09:58:28 +0200 + +gnutls26 (2.12.7-3) experimental; urgency=low + + [ Simon Josefsson ] + * Fix Debian BTS URL in --with-packager-bug-reports option. + + [ Andreas Metzler ] + * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. + + -- Andreas Metzler <ametzler@debian.org> Mon, 25 Jul 2011 19:59:36 +0200 + +gnutls26 (2.12.7-2) experimental; urgency=low + + * Stop shipping libtool la files. + * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update + *.install accordingly. + + Bump cdbs Build-Depends to 0.4.93 (required for expanding + $(DEB_HOST_MULTIARCH)). + + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + + runtime libraries and guile-wrapper are Multi-Arch: same with + Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are + Multi-Arch: foreign, -dev and -dbg remain unchanged. + + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg + package. It contains debugging symbols for both library and helper + binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not + co-installable with itself. + + -- Andreas Metzler <ametzler@debian.org> Sun, 26 Jun 2011 15:01:58 +0200 + +gnutls26 (2.12.7-1) experimental; urgency=low + + * New upstream version. + * Update 17_ignoretestsuitteerrors.diff. + * A new version of pokerth has been uploaded to sid, update libgnutls26 + Breaks accordingly. + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 Jun 2011 08:49:01 +0200 + +gnutls26 (2.12.6.1-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs, global_set_time_function() was added. + * Stop setting CFLAGS += -Wall, it is set by default again. + * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite + errors. + + -- Andreas Metzler <ametzler@debian.org> Sun, 05 Jun 2011 13:18:50 +0200 + +gnutls26 (2.12.5-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs, gnutls_x509_crq_verify() was added. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 May 2011 13:21:12 +0200 + +gnutls26 (2.12.4-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs. (gnutls_certificate_get_issuer() added). + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2011 15:19:18 +0200 + +gnutls26 (2.12.3-1) experimental; urgency=low + + * New upstream version. + * Drop patches included upstream: [18_restoreHMAC-MD5.diff] + + -- Andreas Metzler <ametzler@debian.org> Fri, 22 Apr 2011 18:26:11 +0200 + +gnutls26 (2.12.2-2) experimental; urgency=low + + * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 + for compatibility. Closes: #623001 + + -- Andreas Metzler <ametzler@debian.org> Sun, 17 Apr 2011 15:44:30 +0200 + +gnutls26 (2.12.2-1) experimental; urgency=low + + * New upstream version. + * [lintian] Drop article from short package descriptions. + + -- Andreas Metzler <ametzler@debian.org> Fri, 08 Apr 2011 19:36:27 +0200 + +gnutls26 (2.12.1-1) experimental; urgency=low + + * New upstream version. + + certtool: Generated certificate request with stricter permissions. + Closes: #619746 + * Drop superfluous patches: + 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff + 19_uninitializedvar.diff 20_access_freedmemory.diff + * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will + need a binNMU when gnutls 2.12.x uploaded to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 02 Apr 2011 15:22:46 +0200 + +gnutls26 (2.12.0-1) experimental; urgency=low + + * New upstream stable release. + + Drop superceded patches 17_goldhotfix.patch + 18_libgnutls-openssl_soname.diff. + * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: + 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff + 19_uninitializedvar.diff 20_access_freedmemory.diff + + -- Andreas Metzler <ametzler@debian.org> Sun, 27 Mar 2011 10:23:11 +0200 + +gnutls26 (2.11.7-2) experimental; urgency=low + + * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool + versioning: 27:0:0). + * Split off libgnutls-openssl to a separate package, since the sonames are + not in sync anymore. + + -- Andreas Metzler <ametzler@debian.org> Fri, 11 Mar 2011 17:48:47 +0100 + +gnutls26 (2.11.7-1) experimental; urgency=low + + * New upstream version (rc for 2.12) + + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + + Bump shlibs. + * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Mar 2011 12:12:01 +0100 + +gnutls26 (2.11.6-2) experimental; urgency=low + + * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) + on big endian architectures. + + -- Andreas Metzler <ametzler@debian.org> Wed, 23 Feb 2011 19:20:40 +0100 + +gnutls26 (2.11.6-1) experimental; urgency=low + + * Development release. + * Continue building against libgcrypt, run configure with --with-libgcrypt. + * Refresh patches/15_fixgnutlspc.diff. + * Set --with-packager* options. + * Install newly available p11tool binary. + * Bump libgcrypt11-dev Build-Depends. + * C++ wrapper soname bump, change package name accordingly. + * Bump shlibs. + * Update debian/copyright. + * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not + seem to set it by default. + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Feb 2011 15:29:43 +0100 + +gnutls26 (2.10.5-3) unstable; urgency=medium + + * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. + + -- Andreas Metzler <ametzler@debian.org> Mon, 25 Jul 2011 19:26:34 +0200 + +gnutls26 (2.10.5-2) unstable; urgency=low + + * Stop shipping libtool la files. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Jun 2011 18:13:38 +0200 + +gnutls26 (2.10.5-1) unstable; urgency=low + + * New upstream bugfix release. + + Drop 15_fixgnutlspc.diff, included upstream. + * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not + seem to set it by default. + + -- Andreas Metzler <ametzler@debian.org> Mon, 28 Feb 2011 18:52:57 +0100 + +gnutls26 (2.10.4-2) unstable; urgency=low + + * Use debhelper compatibility level 7. + * Merge in changes from 2.8.6-1: + + Use dh_lintian. + + Use dh_makeshlibs for the guile stuff, too. This gets us + a) ldconfig in postinst. Closes: #553109 + and + b) a shlibs file. + However the shared objects /usr/lib/libguile-gnutls*so* are still not + designed to be used as libraries (linking) but are dlopened. guile-1.10 + will address this issue by keeping this stuff in a private directory. + + hotfix pkg-config files (proper fix to be included upstream). + + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff + Closes: #405239 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Feb 2011 16:44:09 +0100 + +gnutls26 (2.10.4-1) experimental; urgency=low + + * New upstream release. V1 CAs are trusted by default. + + -- Andreas Metzler <ametzler@debian.org> Mon, 06 Dec 2010 19:13:48 +0100 + +gnutls26 (2.10.3-1) experimental; urgency=low + + * Drop workaround for 519006, binutils is fixed even in squeeze. + * New upstream bugfix release. + + -- Andreas Metzler <ametzler@debian.org> Fri, 19 Nov 2010 19:19:26 +0100 + +gnutls26 (2.10.2-1) experimental; urgency=low + + * New upstream version. + + Fix asynchronous API handling. Closes: #588187 + + certtool does not crash on reading from /dev/null anymore. + Closes: #588029 + * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Sep 2010 19:10:31 +0200 + +gnutls26 (2.10.1-1) experimental; urgency=low + + * Update package descriptions. Closes: #588067 + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sun, 25 Jul 2010 14:56:45 +0200 + +gnutls26 (2.10.0-2) experimental; urgency=low + + * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), + libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 + support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental + (2.31.2-1) not yet. Closes: #587755 + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Jul 2010 08:58:57 +0200 + +gnutls26 (2.10.0-1) experimental; urgency=low + + * New upstream stable release. + * Point watchfile to stable releases. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Jun 2010 14:48:40 +0200 + +gnutls26 (2.9.12-2) experimental; urgency=low + + * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building + without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a + useless and almost empty package on these archs.) + * Drop ancient workaround for gcc bug on hppa. + http://bugs.debian.org/128036 + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Jun 2010 14:38:22 +0200 + +gnutls26 (2.9.12-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Jun 2010 19:20:04 +0200 + +gnutls26 (2.9.11-1) experimental; urgency=low + + * New upstream version. + * Drop 15_gnutlspriority.diff, superseded. + + -- Andreas Metzler <ametzler@debian.org> Mon, 07 Jun 2010 19:36:33 +0200 + +gnutls26 (2.9.10-2) experimental; urgency=low + + * [15_gnutlspriority.diff] Restore compatibility with programs using + gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. + Closes: #579831 + + -- Andreas Metzler <ametzler@debian.org> Thu, 27 May 2010 18:40:53 +0200 + +gnutls26 (2.9.10-1) experimental; urgency=low + + * New upstream version. + * New functions added, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Thu, 22 Apr 2010 19:29:52 +0200 + +gnutls26 (2.9.9-1) experimental; urgency=low + + * Package upstream development branch for experimental. + * Track development versions in watchfile. + * Package C++ wrapper again. Closes: #548637 + + -- Andreas Metzler <ametzler@debian.org> Sun, 20 Dec 2009 11:31:33 +0100 + +gnutls26 (2.8.6-1) unstable; urgency=low + + * Use dh_lintian. + * Use dh_makeshlibs for the guile stuff, too. This gets us + a) ldconfig in postinst. Closes: #553109 + and + b) a shlibs file. + However the shared objects /usr/lib/libguile-gnutls*so* are still not + designed to be used as libraries (linking) but are dlopened. guile-1.10 + will address this issue by keeping this stuff in a private directory. + * hotfix pkg-config files (proper fix to be included upstream). + * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Mar 2010 15:53:35 +0100 + +gnutls26 (2.8.5-2) unstable; urgency=low + + * Add a huge bunch of lintian overrides for the guile stuff to make dak + happy. + + -- Andreas Metzler <ametzler@debian.org> Fri, 13 Nov 2009 19:53:04 +0100 + +gnutls26 (2.8.5-1) unstable; urgency=low + + * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) + * Switch to '3.0 (quilt)' source format, allowing us to use upstreams + orig.tar.bz2 without repacking it to gz. + * New upstream version. + + Drop patches/20_fixtimebomb.diff. + + -- Andreas Metzler <ametzler@debian.org> Thu, 12 Nov 2009 19:57:08 +0100 + +gnutls26 (2.8.4-2) unstable; urgency=high + + * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 + + -- Andreas Metzler <ametzler@debian.org> Sun, 01 Nov 2009 13:21:27 +0100 + +gnutls26 (2.8.4-1) unstable; urgency=low + + * New upstream version. + + Drop debian/patches/15_openpgp.diff. + * Sync priorities with override file, libgnutls26 has been bumped from + important to standard. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2009 10:33:52 +0200 + +gnutls26 (2.8.3-3) unstable; urgency=low + + * Empty dependency_libs in la-files. (Squeeze release goal.) + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Sep 2009 09:09:22 +0200 + +gnutls26 (2.8.3-2) unstable; urgency=low + + * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke + openpgp connections. + + -- Andreas Metzler <ametzler@debian.org> Sat, 22 Aug 2009 14:14:48 +0200 + +gnutls26 (2.8.3-1) unstable; urgency=high + + * New upstream version. + + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it + was built against. Closes: #540449 + + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 + certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 + http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html + * Drop 15_chainverify_expiredcert.diff, included upstream. + * Urgency high, since 541439 applies to testing, too. + + -- Andreas Metzler <ametzler@debian.org> Fri, 14 Aug 2009 19:14:29 +0200 + +gnutls26 (2.8.1-2) unstable; urgency=low + + [ Simon Josefsson ] + * Remove cruft in rules file. + * Remove patches/15_tasn1inpc.diff, not needed. + + [ Andreas Metzler ] + * Finally add an entry to the NEWS.Debian file concerning the deprecation of + RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 + * Upload to unstable. + * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. + Fix testsuite error caused by expired certificate. + + -- Andreas Metzler <ametzler@debian.org> Thu, 06 Aug 2009 19:12:51 +0200 + +gnutls26 (2.8.1-1) experimental; urgency=low + + * New upstream stable release. + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2009 09:15:28 +0200 + +gnutls26 (2.7.14-1) experimental; urgency=low + + * [debian/control] set section setting of source package to libs instead of + devel. + * New upstream version. + + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + + Bump shlibs, new symbols added. + + -- Andreas Metzler <ametzler@debian.org> Tue, 26 May 2009 19:51:41 +0200 + +gnutls26 (2.7.12-1) experimental; urgency=low + + * Fix typo in changelog. Closes: #526427 + * New upstream release. + + Does not ship the scripts libgnutls-extra-config and libgnutls-config + and the .m4 snippet to use it anymore. Please switch to pkg-config or + standard autoconf test. Drop manpages and + both patches/13_lessdeps_gnutls-config.diff and + patches/13_lessdeps_gnutls-config.diff from the debian diff. + + Update remaining patches. + + Bump shlibs, new symbols added. + * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was + already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of + GNUTLS_2_8. + * New upstream uses separate ./configure scripts for the different + libraries. Invoke the main ./configure script with + --cache-file=$(CURDIR)/config.cache to speed things up. + + -- Andreas Metzler <ametzler@debian.org> Thu, 21 May 2009 11:18:35 +0200 + +gnutls26 (2.6.6-1) unstable; urgency=high + + * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This + way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. + * New upstream security release. + + libgnutls: Corrected double free on signature verification failure. + GNUTLS-SA-2009-1 CVE-2009-1415 + + libgnutls: Fix DSA key generation. Noticed when investigating the + previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS + 2.6.x are corrupt. See the advisory for more details. + GNUTLS-SA-2009-2 CVE-2009-1416 + + libgnutls: Check expiration/activation time on untrusted certificates. + Before the library did not check activation/expiration times on + certificates, and was documented as not doing so. + GNUTLS-SA-2009-3 CVE-2009-1417 + * The former two issues only apply to gnutls 2.6.x. The latter is a + behavior change, add a NEWS.Debian file to document it. + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200 + +gnutls26 (2.6.5-1) unstable; urgency=low + + * Sync sections in debian/control with override file. libgnutls26-dbg is + section debug, guile-gnutls is section lisp. + * New upstream version. (Needed for Libtasn1-3 2.0) + * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. + * Standards-Version: 3.8.1, no changes required. + + -- Andreas Metzler <ametzler@debian.org> Tue, 14 Apr 2009 14:23:19 +0200 + +gnutls26 (2.6.4-2) unstable; urgency=low + + * Upload to unstable. + * Merge changelog entries from unstable and experimental. + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Feb 2009 16:43:37 +0100 + +gnutls26 (2.6.4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 14:32:57 +0100 + +gnutls26 (2.6.3-1) experimental; urgency=low + + * New upstream version. + + Corrects bug gnutls-cli which caused a rehandshake request + to be ignored. Closes: #396867 + * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Dec 2008 10:46:38 +0100 + +gnutls26 (2.6.2-2) experimental; urgency=low + + * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some + correct certificate chains were not recognized as verified. + Closes: #507633 + * [lintian] Add ${misc:Depends} to multiple dendency lines. + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 13:31:58 +0100 + +gnutls26 (2.6.2-1) experimental; urgency=low + + * New upstream version. + + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + + Drop 20_fix_501077.diff. + * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper + there. + * Add Simon Josefsson to uploaders. + + -- Andreas Metzler <ametzler@debian.org> Thu, 13 Nov 2008 19:30:06 +0100 + +gnutls26 (2.6.0-1) experimental; urgency=low + + * New upstream stable release. + * Add debian/patches/20_fix_501077.diff to fix an out of bound access in + gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Oct 2008 09:59:03 +0200 + +gnutls26 (2.5.9-1) experimental; urgency=low + + * New upstream development version. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Oct 2008 12:40:01 +0200 + +gnutls26 (2.4.2-6) unstable; urgency=medium + + * New patches, syncing with 2.4.3 upstream oldstable release: + + 24_intermedcertificate.patch If a non-root certificate ist trusted + gnutls certificateificate verification stops there instead of checking + up to the root of the certificate chain. + + 22_whitespace.patch - Whitespace only changes, to make it possible to + apply upstream fixes without manual changes. + + 25_bufferoverrun.patch. Fix buffer overrun bug in + gnutls_x509_crt_list_import. + http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100 + +gnutls26 (2.4.2-5) unstable; urgency=low + + * Pull two patches from upstream stable branch to make gnutls behavior + match documentation: + + patch 23_permit_v1_CA.diff:Accept v1 x509 CA + certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 + certificates signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. + CVE-2009-2409 + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 Jan 2009 16:26:52 +0100 + +gnutls26 (2.4.2-4) unstable; urgency=medium + + * Add Simon Josefsson to uploaders. + * Another fix for the verification fix. Some correct certificate chains were + not recognized as verified. Closes: #507633 + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 12:09:33 +0100 + +gnutls26 (2.4.2-3) unstable; urgency=low + + * Fix a crash on trying to verify self-signed certificates introduced by the + patch for CVE-2008-4989. Closes: #505279 + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2008 19:23:23 +0100 + +gnutls26 (2.4.2-2) unstable; urgency=medium + + * [CVE-2008-4989.diff] Fix man in the middle attack for certificate + verification. CVE-2008-4989 GNUTLS-SA-2008-3 + + -- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2008 19:42:54 +0100 + +gnutls26 (2.4.2-1) unstable; urgency=low + + * New upstream bugfix release. + * Up to date gnutls-cli manpage. Closes: #492775 + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2008 10:35:16 +0200 + +gnutls26 (2.4.1-1) unstable; urgency=medium + + * New upstream version, fixing a local denial of service vulnerability only + present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 + + -- Andreas Metzler <ametzler@debian.org> Tue, 01 Jul 2008 19:35:51 +0200 + +gnutls26 (2.4.0-2) unstable; urgency=low + + * Standards version 3.8.0. Rename README.source_and_patches to README.source. + * Upload to unstable. + * Point watchfile to stable releases again. + * Merge experimental and unstable changelog. + + -- Andreas Metzler <ametzler@debian.org> Tue, 24 Jun 2008 19:13:25 +0200 + +gnutls26 (2.4.0-1) experimental; urgency=low + + * New upstream stable release. + * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Wed, 18 Jun 2008 19:40:38 +0200 + +gnutls26 (2.3.15-1) experimental; urgency=low + + * New upstream version. (rc4) + Disables 'openpgp-certs' tests. Closes: #486269 + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Jun 2008 19:08:24 +0200 + +gnutls26 (2.3.14-1) experimental; urgency=low + + * New upstream version. (rc3) + + -- Andreas Metzler <ametzler@debian.org> Wed, 11 Jun 2008 19:16:18 +0200 + +gnutls26 (2.3.13-1) experimental; urgency=low + + * New upstream version. 2nd rc for 2.4.0. + * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Jun 2008 18:00:51 +0200 + +gnutls26 (2.3.12-1) experimental; urgency=low + + * New upstream version. Bump shlibs. + * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 + * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite + failure on sparc. + + -- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2008 19:08:29 +0200 + +gnutls26 (2.3.11-1) experimental; urgency=low + + * New upstream version. + + Fixes three security vulnerabilities. + [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See + <http://www.gnu.org/software/gnutls/security.html>. + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + + Fixes subjectAltName wildcard matching. Closes: #479174 + + certtool now writes keyfiles with 0600 permissions. Closes: #373169 + + -- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2008 08:25:36 +0200 + +gnutls26 (2.2.5-1) unstable; urgency=high + + * New upstream version. + Fixes three security vulnerabilities. + [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See + <http://www.gnu.org/software/gnutls/security.html>. + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 May 2008 19:19:55 +0200 + +gnutls26 (2.3.9-1) experimental; urgency=low + + * New upstream development version. + - OpenPGP support merged into libgnutls and is now licensed under LGPL. + The included copy of OpenCDK has been stripped down and re-licensed + under the LGPL. Using the external OpenCDK is not supported anymore, the + external library will not be maintained anymore. Drop respective + (build-)depends. + - API extended, bump shlibs. + - certtool asks for password confirmation. Closes: #364287 + - performance enhancements for gnutls_certificate_set_x509_trust_file. + Closes: #400448 + - gnutls-cli: exits when hostname doesn't match certificate. + Use --insecure to avoid hostname comparison. + * For paranoia sake build with -D_REENTRANT even if upstream has stopped + doing so. + * [debian/copyright] : update, and stop including a GFDL copy. + * Point watchfile to development versions. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 May 2008 16:56:04 +0200 + +gnutls26 (2.2.3-1) unstable; urgency=low + + * New upstream stable release. + - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 + + -- Andreas Metzler <ametzler@debian.org> Mon, 12 May 2008 18:29:12 +0200 + +gnutls26 (2.2.3~rc-1) unstable; urgency=low + + * New upstream version. Release candidate for 2.2.3. + + Increase default handshake packet size limit to 48kb. Closes: #478191 + * remove unsupported .l command from debian/libgnutls-config.1 + * Use Programming/C as doc-base section. + + -- Andreas Metzler <ametzler@debian.org> Thu, 01 May 2008 13:09:49 +0200 + +gnutls26 (2.2.2-1) unstable; urgency=low + + * New upstream version. + Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() + and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary + strings and return the proper size. + corrected string handling in parse_general_name. + Closes: #465197 + * Point watchfile to ftp.gnutls.org. + * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. + + -- Andreas Metzler <ametzler@debian.org> Fri, 22 Feb 2008 19:08:36 +0100 + +gnutls26 (2.2.1-3) unstable; urgency=low + + * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build + gnutls guile wrapper on ia64. + + -- Andreas Metzler <ametzler@debian.org> Mon, 04 Feb 2008 19:14:03 +0100 + +gnutls26 (2.2.1-2) unstable; urgency=low + + * Add Vcs-Svn: and Vcs-Browser control fields. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 03 Feb 2008 18:14:21 +0100 + +gnutls26 (2.2.1-1) experimental; urgency=low + + * New upstream version. + * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper + there. + * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both + packages contain gnutls-bin debugging symbols. Closes: #459295. + + -- Andreas Metzler <ametzler@debian.org> Sun, 20 Jan 2008 18:27:33 +0100 + +gnutls26 (2.2.0-1) experimental; urgency=low + + * New upstream version. + License change! Main library stays LGPLv2.1+ but libgnutls-extra, + libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is + updated. + * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older + versions were GPLv2+) and this license is not compatible with GPLv3+. + * Non packaged 2.1.8 introduced new symbol + gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. + * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. + * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for + DSA2 support. Closes: #455513 + * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Dec 2007 16:41:54 +0100 + +gnutls26 (2.1.7-1) experimental; urgency=low + + * New upstream version. + - Another soname bump. Packages renamed. + * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since + dak does not allow that yet. + * Add Build-Conflicts: libgnutls-dev to stop libtool from linking + libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 + + -- Andreas Metzler <ametzler@debian.org> Sat, 1 Dec 2007 10:40:17 +0100 + +gnutls25 (2.1.6-2) experimental; urgency=low + + * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make + experimental buildds happy. + + -- Andreas Metzler <ametzler@debian.org> Mon, 19 Nov 2007 18:58:48 +0100 + +gnutls25 (2.1.6-1) experimental; urgency=low + + * New upstream version. API changes! Please consult + /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, + removed (mainly *_authz_*) and changed interfaces. + This is the first release canddate for 2.2. The deprecation of + gnutls_set_default_priority() is supposed to be undone before the final + stable release. + * Bump build-depends. + * Stop building and shipping the C++ library, since nobody is using it. I + will happly re-add it if requested. + * Add Homepage field to debian/control. + * Build and ship Guile bindings. Requested by Ludovic Courtès who also + provided the initial patch. (On a sidenote I think guile generally does + not do the right thing by throwing dlopened modules into /usr/lib/.) + * Update debian/copyright. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Nov 2007 16:42:01 +0100 + +gnutls13 (2.0.1-1) unstable; urgency=low + + * New upstream version. + * Remove doc/*.info* on clean to allow building thrice in a row. + (Closes: #441740) + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2007 11:29:22 +0200 + +gnutls13 (1.7.19-1) unstable; urgency=low + + * New upstream version 1.7.19. + - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. + This takes of care of the mutt breakage. Closes: #439640 + + -- Andreas Metzler <ametzler@debian.org> Mon, 27 Aug 2007 19:36:23 +0200 + +gnutls13 (1.7.18-2) unstable; urgency=low + + * Upload to unstable + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2007 09:27:18 +0200 + +gnutls13 (1.7.18-1) experimental; urgency=low + + * New upstream version 1.7.18, release candidate for 2.0. + * Bump shlibs, since functions have been added. + * Image files renamed upstream with gnutls- prefix and symlinked to + /usr/share/info/ in Debian package. Closes: #423577 + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2007 09:06:11 +0200 + +gnutls13 (1.7.16-1) experimental; urgency=low + + * New upstream version 1.7.16. + + -- Andreas Metzler <ametzler@debian.org> Sat, 11 Aug 2007 10:50:21 +0200 + +gnutls13 (1.7.14-1) experimental; urgency=low + + * New upstream version + - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2007 09:06:35 +0200 + +gnutls13 (1.7.12-1) experimental; urgency=low + + * New upstream version 1.7.12 + - Fixes memory errors in certificate parsing. Closes: #333050 + * Bump shlibs, due to API extensions in 1.7.10. + * Rebuilding of docs simpified, strip debian/README.source_and_patches to + reflect that. + + -- Andreas Metzler <ametzler@debian.org> Sat, 23 Jun 2007 11:14:26 +0200 + +gnutls13 (1.7.9-1) experimental; urgency=low + + * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) + * New upstream version. + - Uses opencdk10 (0.6.x). + - Improved gnutls_set_default_priority() priorities, with matching correct + docs. (Closes: #422024) + - bumped shlibs. + * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage + twice in a row on the same sourcetree. (Closes: #424357) Document what is + needed to rebuild doc/gnutls.pdf in README.source_and_patches. + + -- Andreas Metzler <ametzler@debian.org> Mon, 28 May 2007 08:36:42 +0200 + +gnutls13 (1.7.7-1) experimental; urgency=low + + * New development upstream version 1.7.7. + - Point watchfile to development versions. + - Bump shlibs for added APIs. + - Includes German translation. (Closes: #392857) + + -- Andreas Metzler <ametzler@debian.org> Sun, 15 Apr 2007 10:11:21 +0200 + +gnutls13 (1.6.3-1) unstable; urgency=low + + * New upstream version, pulling selected fixes and features from 1.7.x. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2007 09:26:14 +0200 + +gnutls13 (1.6.2-2) unstable; urgency=low + + * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2007 09:48:31 +0200 + +gnutls13 (1.6.2-1) unstable; urgency=low + + * New upstream version + - Really Closes: #403887 libgnutls failes to parse OpenSSL generated + certificates, since it contains a regenerated pkix_asn1_tab.c. + - Ship German translation. Closes: #392857 + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Apr 2007 10:57:02 +0200 + +gnutls13 (1.6.1-2) unstable; urgency=low + + * [gnutls-bin.install] Ship psktool. + * Ship gettext translations in deb package, but as gnutls13.mo instead of + gnutls.mo. + * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* + changelog entries after branchoff. Point watchfile to stable upstream + versions again. + * Drop dependency of libgnutls13-dbg on libgnutlsxx13. + + -- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:49:48 +0100 + +gnutls13 (1.6.1-1) experimental; urgency=low + + [ James Westby ] + * New upstream release. + + -- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:18:03 +0100 + +gnutls13 (1.6.0-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Nov 2006 13:21:56 +0100 + +gnutls13 (1.5.3-1) experimental; urgency=low + + [ Andreas Metzler ] + * Fix debian/copyright. + - Do not use "copyright" as title of a paragraph listing licenses. + (Closes: #290194) + - Add a copy of the FDL 1.2 to debian/copyright. + * New upstream version 1.5.3. + * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. + * Drop code for re-libtoolizing and running auto* from debian/rules, it is + unused and would not work anymore. (We can later grab the from SVN and + update it to make work if we ever need it.) + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Oct 2006 12:56:46 +0200 + +gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low + + [ Andreas Metzler ] + * Add a watchfile. + * New upstream development version. + - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz + - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was + broken. + - Drop unneeded patches/16_libs.private_gnutls.diff + patches/16_libs.private_gnutls-extra.diff + - Point watchfile to development versions. + - Builds a C++ library. + * Switch to debhelper v5 mode to be able to ship debug symbols of + libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. + * Branched off from 1.4.4-1. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Sep 2006 09:54:38 +0200 + +gnutls13 (1.4.4-3) unstable; urgency=low + + * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: + When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS + version, try to negotiate the highest version support by the GnuTLS + server, instead of the lowest. + + -- Andreas Metzler <ametzler@debian.org> Sat, 11 Nov 2006 10:35:29 +0100 + +gnutls13 (1.4.4-2) unstable; urgency=low + + [ Andreas Metzler ] + * Add a watchfile. + * Fix debian/copyright. + - Do not use "copyright" as title of a paragraph listing licenses. + (Closes: #290194) + - Add a copy of the FDL 1.2 to debian/copyright. + + -- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:57:49 +0200 + +gnutls13 (1.4.4-1) unstable; urgency=high + + [ Andreas Metzler ] + * New upstream version 1.4.4 + - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't + crash mutt. (closes: #386725) + GNUTLS-SA-2006-4 is CVE-2006-4790. + + -- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:09:47 +0200 + +gnutls13 (1.4.3-2) unstable; urgency=low + + * the lesser of two weevils release. + [ Andreas Metzler ] + * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in + various programs, including mutt. (closes: #386680) + + -- Andreas Metzler <ametzler@debian.org> Sat, 9 Sep 2006 19:29:52 +0200 + +gnutls13 (1.4.3-1) unstable; urgency=high + + [ Andreas Metzler ] + * New upstream version 1.4.3. + - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 + rump session attack. GNUTLS-SA-2006-4 + - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. + GNUTLS-SA-2006-3 + - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. + + -- Andreas Metzler <ametzler@debian.org> Fri, 8 Sep 2006 19:12:33 +0200 + +gnutls13 (1.4.2-1) unstable; urgency=medium + + [ Andreas Metzler ] + * New upstream bugfix release. + - Fixes a crash in the certificate verification logic. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Aug 2006 10:44:16 +0200 + +gnutls13 (1.4.1-1) unstable; urgency=low + + [ James Westby ] + * New upstream release. + * Remove the following patches as they are now included upstream: + - 10_certtoolmanpage.diff + - 15_fixcompilewarning.diff + - 30_man_hyphen_*.patch + * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than + gnutls-api so that devhelp can find it. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Jul 2006 11:11:08 +0200 + +gnutls13 (1.4.0-3) unstable; urgency=low + + [ Andreas Metzler ] + * Strip "libgnutls-config --libs"' output to only list stuff required for + dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's + README.Debian. + * Pull patches/16_libs.private_gnutls.diff and + debian/patches/16_libs.private_gnutls-extra.diff from upstream to make + pkg-config usable for static linking. + + -- Andreas Metzler <ametzler@debian.org> Sun, 2 Jul 2006 12:10:56 +0200 + +gnutls13 (1.4.0-2) unstable; urgency=low + + [ Andreas Metzler ] + * Set maintainer to alioth mailinglist. + * Drop code for updating config.guess/config.sub from debian/rules, as cdbs + handles this. Build-Depend on autotools-dev. + * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. + * Use cdbs' simple-patchsys.mk. + - add debian/README.source_and_patches + - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff + * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) + * Also ship css-, devhelp- and sgml files in gnutls-doc. + * patches/15_fixcompilewarning.diff correct order of funtion arguments. + + [ James Westby ] + * This release allows the port to be specified as the name of the service + when using gnutls-cli (closes: #342891) + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Jun 2006 20:44:09 +0200 + +gnutls13 (1.4.0-1) experimental; urgency=low + + * New maintainer team. Thanks, Matthias for all the work you did. + * Re-add gnutls-doc package, featuring api-reference as manual pages and + html, and reference manual in html and pdf format. + (closes: #368185,#368449) + * Fix reference to gnutls0.4-doc package in debian/copyright. Update + debian/copyright and include actual copyright statements. + (closes: #369071) + * Bump shlibs because of changes to extra.h + * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will + generate the necessary directories. + * Drop debian/NEWS.Debian as it only talks about the move of the (since + purged) gnutls-doc package to contrib a long time ago. + (Thanks Simon Josefsson, for these suggestions.) + * new upstream version. (closes: #368323) + * clean packaging against upstream tarball. + - Drop all patches, except for fixing error in certtool.1 and setting + gnutls_libs=-lgnutls-extra in libgnutls-extra-config. + - Add --enable-ld-version-script + to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of + patching ./configure.in. + (closes: #367358) + * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. + * Build against external libtasn1-3. (closes: #363294) + * Standards-Version: 3.7.2, no changes required. + * debian/control and override file are in sync with respect to Priority and + Section, everthing except libgnutls13-dbg already was. (closes: #366956) + * acknowledge my own NMU. (closes: #367065) + * libgnutls13-dbg is nonempty (closes: #367056) + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 May 2006 11:22:36 +0000 + +gnutls13 (1.3.5-1.1) unstable; urgency=low + + * NMU + * Invoke ./configure with --with-included-libtasn1 to prevent accidental + linking against the broken 0.3.1-1 upload of libtasn1-2-dev which + contained libtasn1.so.3 and force gnutls13 to use the internal version of + libtasn instead until libtasn1-3-dev is uploaded. Drop broken + Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) + * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead + of --dbg-package=libgnutls12. (closes: #367056) + + -- Andreas Metzler <ametzler@debian.org> Sat, 13 May 2006 07:45:32 +0000 + +gnutls13 (1.3.5-1) unstable; urgency=low + + * New Upstream version. + - Security fix. + - Yet another ABI change. + * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 + * Let -dev package depend on liblzo-dev (closes:#347438) + * Fix certtool help output (closes:#338623) + + -- Matthias Urlichs <smurf@debian.org> Sat, 18 Mar 2006 22:46:25 +0100 + +gnutls12 (1.2.9-2) unstable; urgency=low + + * Install /usr/lib/pkgconfig/*.pc files. + * Depend on texinfo (>= 4.8, for the @euro{} sign). + + -- Matthias Urlichs <smurf@debian.org> Tue, 15 Nov 2005 19:26:02 +0100 + +gnutls12 (1.2.9-1) unstable; urgency=low + + * New Upstream version. + + -- Matthias Urlichs <smurf@debian.org> Fri, 11 Nov 2005 18:51:28 +0100 + +gnutls12 (1.2.8-1) unstable; urgency=low + + * New Upstream version. + - depends on libgcrypt11 1.2.2 + * Bumped shlibs version, just to be on the safe side. + + -- Matthias Urlichs <smurf@debian.org> Wed, 19 Oct 2005 12:05:14 +0200 + +gnutls12 (1.2.6-1) unstable; urgency=low + + * New Upstream version. + * Remove Provides: on libgnutls11-dev. + Hopefully this will be temporary (pending discussion with Upstream). + + -- Matthias Urlichs <smurf@debian.org> Thu, 11 Aug 2005 12:21:36 +0200 + +gnutls12 (1.2.5-3) unstable; urgency=high + + * Updated libgnutls12.shlibs file. + Thanks to Mike Paul <w5ydkaz02@sneakemail.com>. + Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks + dependencies on this library + + -- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 13:19:25 +0200 + +gnutls12 (1.2.5-2) unstable; urgency=medium + + * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. + Added an explicit dependency as a stopgap fix. + + -- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 08:27:22 +0200 + +gnutls12 (1.2.5-1) unstable; urgency=low + + * Merged with the latest stable release. + * Renamed to gnutls12. + - Changed the library version strings to GNUTLS_1_2. + - Renamed the development package back to "libgnutls-dev". + + -- Matthias Urlichs <smurf@debian.org> Tue, 5 Jul 2005 10:35:56 +0200 + +gnutls11 (1.0.19-1) experimental; urgency=low + + * Merged with the latest stable release. + + -- Matthias Urlichs <smurf@debian.org> Sun, 26 Dec 2004 13:28:45 +0100 + +gnutls11 (1.0.16-13) unstable; urgency=high + + * Fixed an ASN.1 extraction error. + Found by Pelle Johansson <morth@morth.org>. + + -- Matthias Urlichs <smurf@debian.org> Mon, 29 Nov 2004 10:16:21 +0100 + +gnutls11 (1.0.16-12) unstable; urgency=high + + * Fixed a segfault in certtool. Closes: #278361. + + -- Matthias Urlichs <smurf@debian.org> Thu, 11 Nov 2004 09:40:02 +0100 + +gnutls11 (1.0.16-11) unstable; urgency=medium + + * Merged binary (non-UF8) string printing code from Upstream. + * Password code in certtool was somewhat broken. + + -- Matthias Urlichs <smurf@debian.org> Sat, 6 Nov 2004 13:11:03 +0100 + +gnutls11 (1.0.16-10) unstable; urgency=high + + * Fixed one instance of uninitialized memory usage. + + -- Matthias Urlichs <smurf@debian.org> Thu, 21 Oct 2004 06:07:53 +0200 + +gnutls11 (1.0.16-9) unstable; urgency=high + + * Pulled from Upstream CVS: + - Fix two memory leaks. + - Fix NULL dereference. + + -- Matthias Urlichs <smurf@debian.org> Fri, 8 Oct 2004 10:43:20 +0200 + +gnutls11 (1.0.16-8) unstable; urgency=high + + * Pulled these changes from Upstream CVS: + - Added default limits in the verification of certificate chains, + to avoid denial of service attacks. + - Added gnutls_certificate_set_verify_limits() to override them. + - Added gnutls_certificate_verify_peers2(). + + -- Matthias Urlichs <smurf@debian.org> Sun, 12 Sep 2004 02:05:25 +0200 + +gnutls11 (1.0.16-7) unstable; urgency=low + + * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. + Thanks to joeyh@debian.org for reporting this problem. + + -- Matthias Urlichs <smurf@debian.org> Sat, 14 Aug 2004 11:22:51 +0200 + +gnutls11 (1.0.16-6) unstable; urgency=medium + + * Memory leak, found by Modestas Vainius <geromanas@mailas.com>. + - Closes: #264420 + + -- Matthias Urlichs <smurf@debian.org> Sun, 8 Aug 2004 22:21:01 +0200 + +gnutls11 (1.0.16-5) unstable; urgency=low + + * Depend on current libtasn1-2 (>= 0.2.10). + - Closes: #264198. + * Fixed maintainer email to point to Debian address. + + -- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:44:38 +0200 + +gnutls11 (1.0.16-4) unstable; urgency=low + + * The OpenSSL compatibility library has been linked incorrectly + (-ltasn1 was missing). + * Need to build-depend on current opencdk8 and libtasn1-2 version. + + -- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:29:32 +0200 + +gnutls11 (1.0.16-3) unstable; urgency=high + + * Documentation no longer includes LaTeX-produced output + (the source contains latex2html-specific features, which is non-free). + * Urgency: High because of pending base freeze. + + -- Matthias Urlichs <smurf@debian.org> Mon, 26 Jul 2004 11:18:20 +0200 + +gnutls11 (1.0.16-2) unstable; urgency=high + + * Actually *enable* debug symbols :-/ + * Urgency: High for speedy inclusion in d-i + + -- Matthias Urlichs <smurf@debian.org> Fri, 23 Jul 2004 22:38:07 +0200 + +gnutls11 (1.0.16-1) experimental; urgency=low + + * Update to latest Upstream version. + * now depends on libgcrypt11 + * Include debugging package + * Use hevea, not latex2html. + + -- Matthias Urlichs <smurf@debian.org> Wed, 21 Jul 2004 16:58:26 +0200 + +gnutls10 (1.0.4-4) unstable; urgency=low + + * New maintainer. + * Run autotools at source package build time. + - Closes: #257237: FTBFS (i386/sid): aclocal failed + * Remove "package is still changed upstream" warning. + * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. + + -- Matthias Urlichs <smurf@debian.org> Fri, 16 Jul 2004 02:09:36 +0200 + +gnutls10 (1.0.4-3) unstable; urgency=low + + * control: Changed the build dependency and the dependency of + libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; + libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which + could cause linking against two versions of libgcrypt. + + -- Ivo Timmermans <ivo@debian.org> Sat, 24 Jan 2004 15:32:22 +0100 + +gnutls10 (1.0.4-2) unstable; urgency=low + + * libgnutls-doc.doc-base: Removed HTML manual listing. + * control: Removed Jordi Mallach from the list of Uploaders. Thanks, + Jordi :) + + -- Ivo Timmermans <ivo@debian.org> Wed, 14 Jan 2004 13:35:42 +0100 + +gnutls10 (1.0.4-1) unstable; urgency=low + + * New upstream release (Closes: #227527) + * The new documentation in libgnutls-doc fixes several typo's and + style glitches: + Closes: #215772: inconsistent auth method list in manual + Closes: #215775: dangling footnote on page 14 of manual + Closes: #215777: bad sentence on page 18 of manual + Closes: #215780: incorrect info about ldaps/imaps in manual + * rules: + * Use --add-missing instead of --force in the call to automake. + * Don't build gnutls.ps, use the upstream version. + (Closes: #224846) + * gnutls-bin.manpages: Use glob to find manpages. + * patches/008_manpages.diff: Removed; included upstream. + + -- Ivo Timmermans <ivo@debian.org> Tue, 13 Jan 2004 23:57:16 +0100 + +gnutls10 (1.0.0-1) unstable; urgency=low + + * New upstream release. + * Major soversion changed to 10. + * control: Changed build dependencies of libtasn1-dev. + * libgnutls10.shlibs: Added libgnutls-openssl to the list. + + -- Ivo Timmermans <ivo@debian.org> Mon, 29 Dec 2003 23:23:08 +0100 + +gnutls8 (0.9.99-1) experimental; urgency=low + + * New upstream release. + * Included upstream GPG signature in .orig.tar.gz. + + -- Ivo Timmermans <ivo@debian.org> Wed, 3 Dec 2003 22:33:52 +0100 + +gnutls8 (0.9.98-1) experimental; urgency=low + + * New upstream release. + * debian/control: libgnutls8-dev depends on libopencdk8-dev. + * debian/libgnutls-doc.examples: Install src/*.[ch]. + + -- Ivo Timmermans <ivo@debian.org> Sun, 23 Nov 2003 15:44:38 +0100 + +gnutls8 (0.9.95-1) experimental; urgency=low + + * New upstream version. + + -- Ivo Timmermans <ivo@debian.org> Fri, 7 Nov 2003 19:50:22 +0100 + +gnutls8 (0.9.94-1) experimental; urgency=low + + * New upstream version; package based on gnutls7 0.8.12-2. + * debian/control: + * Build-depend on libgcrypt7-dev (>= 1.1.44-0). + * debian/rules: Run auto* after the patches have been applied. + + -- Ivo Timmermans <ivo@debian.org> Fri, 31 Oct 2003 18:47:09 +0100 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..d858fc6 --- /dev/null +++ b/debian/clean @@ -0,0 +1 @@ +src/*.stamp diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..5985ac3 --- /dev/null +++ b/debian/control @@ -0,0 +1,265 @@ +Source: gnutls28 +Section: libs +Priority: optional +Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org> +Uploaders: + Andreas Metzler <ametzler@debian.org>, + Eric Dorland <eric@debian.org>, + James Westby <jw+debian@jameswestby.net>, + Simon Josefsson <simon@josefsson.org>, +Build-Depends: + bison, + ca-certificates <!nocheck>, + chrpath, + datefudge <!nocheck>, + debhelper-compat (= 13), + freebsd-net-tools [kfreebsd-i386 kfreebsd-amd64] <!nocheck>, + gperf, + guile-3.0-dev <!noguile>, + libcmocka-dev <!nocheck>, + libidn2-dev, + libp11-kit-dev, + libssl-dev <!nocheck>, + libtasn1-6-dev, + libunbound-dev, + libunistring-dev, + net-tools [!kfreebsd-i386 !kfreebsd-amd64] <!nocheck>, + nettle-dev (>= 3.6), + openssl <!nocheck>, + pkg-config, + python3:any, + softhsm2 <!nocheck>, +Build-Depends-Indep: + gtk-doc-tools, + texinfo, + texlive-latex-base, + texlive-plain-generic, +Build-Conflicts: + libgnutls-dev, +Rules-Requires-Root: no +Standards-Version: 4.6.2 +Vcs-Browser: https://salsa.debian.org/gnutls-team/gnutls +Vcs-Git: https://salsa.debian.org/gnutls-team/gnutls.git +Homepage: https://www.gnutls.org/ + +Package: libgnutls28-dev +Section: libdevel +Architecture: any +Provides: + gnutls-dev, + libgnutls-openssl-dev, +Depends: + libc6-dev | libc-dev, + libgnutls-dane0 (= ${binary:Version}), + libgnutls-openssl27 (= ${binary:Version}), + libgnutls30 (= ${binary:Version}), + libgnutlsxx30 (= ${binary:Version}), + libidn2-dev, + libp11-kit-dev, + libtasn1-6-dev, + nettle-dev (>= 3.6), + ${misc:Depends}, +Suggests: + gnutls-bin, + gnutls-doc, +Conflicts: + gnutls-dev, +Replaces: + gnutls-dev, +Multi-Arch: same +Description: GNU TLS library - development files + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains the GnuTLS development files. + +Package: libgnutls30 +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Suggests: + gnutls-bin, +Multi-Arch: same +Description: GNU TLS library - main runtime library + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains the main runtime library. + +Package: gnutls-bin +Architecture: any +Section: net +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: foreign +Description: GNU TLS library - commandline utilities + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains a commandline interface to the GNU TLS library, which + can be used to set up secure connections from e.g. shell scripts, debugging + connection issues or managing certificates. + . + Useful utilities include: + - TLS termination: gnutls-cli, gnutls-serv + - key and certificate management: certtool, ocsptool, p11tool + - credential management: srptool, psktool + +Package: gnutls-doc +Architecture: all +Section: doc +Depends: + ${misc:Depends}, +Multi-Arch: foreign +Description: GNU TLS library - documentation and examples + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains all the GnuTLS documentation. + +Package: libgnutlsxx30 +Architecture: any +Depends: + libgnutls30 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Multi-Arch: same +Description: GNU TLS library - C++ runtime library + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains the C++ runtime libraries. + +Package: libgnutls-openssl27 +Architecture: any +Depends: + libgnutls30 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +Multi-Arch: same +Description: GNU TLS library - OpenSSL wrapper + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains the runtime library of the GnuTLS OpenSSL wrapper. + +Package: libgnutls-dane0 +Architecture: any +Depends: + libgnutls30 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Pre-Depends: + ${misc:Pre-Depends}, +# dns-root-data for danetool +Suggests: + dns-root-data, +Multi-Arch: same +Description: GNU TLS library - DANE security support + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains the runtime library for DANE (DNS-based Authentication + of Named Entities) support. + +Package: guile-gnutls +Build-Profiles: <!noguile> +Architecture: any +Section: lisp +Depends: + guile-3.0, + ${misc:Depends}, + ${shlibs:Depends}, +Description: GNU TLS library - GNU Guile bindings + GnuTLS is a portable library which implements the Transport Layer + Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram + Transport Layer Security (DTLS 1.0, 1.2) protocols. + . + GnuTLS features support for: + - certificate path validation, as well as DANE and trust on first use. + - the Online Certificate Status Protocol (OCSP). + - public key methods, including RSA and Elliptic curves, as well as password + and key authentication methods such as SRP and PSK protocols. + - all the strong encryption algorithms, including AES and Camellia. + - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + - HSMs and cryptographic tokens, via PKCS #11. + . + This package contains the GNU Guile modules. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..c9660fe --- /dev/null +++ b/debian/copyright @@ -0,0 +1,1189 @@ +This package was debianized by Ivo Timmermans <ivo@debian.org> on +Fri, 3 Aug 2001 10:00:42 +0200. +It was later taken over by Matthias Urlichs <smurf@debian.org> and is now +maintained by Andreas Metzler <ametzler@debian.org> Eric Dorland +<eric@debian.org>, James Westby <jw+debian@jameswestby.net> + + +It was downloaded from https://www.gnupg.org/ftp/gcrypt/gnutls/ + +Upstream Authors (from AUTHORS file): +8X------------------------------------ +The authors list is autogenerated from the git history; sorted by number of commits + +Nikos Mavrogiannopoulos <nmav at gnutls.org> +Simon Josefsson <jas at josefsson.org> +Daiki Ueno <ueno at gnu.org> +Dmitry Baryshkov <dbaryshkov at gmail.com> +Tim Rühsen <tim.ruehsen at gmx.de> +Ludovic Courtès <ludo at gnu.org> +Timo Schulz <twoaday at gnutls.org> +Jonathan Bastien-Filiatrault <joe at x2a.org> +Andreas Metzler <ametzler at debian.org> +Alon Bar-Lev <alon.barlev at gmail.com> +Alexander Sosedkin <asosedkin at redhat.com> +Daniel Kahn Gillmor <dkg at fifthhorseman.net> +Tom Vrancken <dev at tomvrancken.nl> +Zoltan Fridrich <zfridric at redhat.com> +Martin Storsjo <martin at martin.st> +Tim Kosse <tim.kosse at filezilla-project.org> +Simo Sorce <simo at redhat.com> +Fabian Keil <fk at fabiankeil.de> +Fabio Fiorina <fiorinaf at gnutls.org> +Stef Walter <stefw at redhat.com> +Anderson Toshiyuki Sasaki <ansasaki at redhat.com> +Armin Burgmeier <armin at arbur.net> +František Krenželok <krenzelok.frantisek at gmail.com> +Andrew McDonald <admcd at gnutls.org> +Fiona Klute <fiona.klute at gmx.de> +Alex Gaynor <alex.gaynor at gmail.com> +Ander Juaristi <a at juaristi.eus> +Martin Ukrop <mukrop at redhat.com> +Jaak Ristioja <jaak.ristioja at cyber.ee> +Attila Molnar <attilamolnar at hush.com> +Hugo Beauzée-Luyssen <hugo at beauzee.fr> +Stefan Berger <stefanb at linux.ibm.com> +Steve Lhomme <robux4 at ycbcr.xyz> +Jakub Jelen <jjelen at redhat.com> +Martin Sucha <anty.sk+git at gmail.com> +David Woodhouse <dwmw2 at infradead.org> +Jan Vcelak <jan.vcelak at nic.cz> +Kevin Cernekee <cernekee at gmail.com> +Nikolay Sivov <nsivov at codeweavers.com> +Sahana Prasad <sahana at redhat.com> +Michael Catanzaro <mcatanzaro at gnome.org> +Daniel Lenski <dlenski at gmail.com> +JonasZhou <JonasZhou at zhaoxin.com> +Stefan Sørensen <stefan.sorensen at spectralink.com> +Tobias Heider <tobias.heider at canonical.com> +Adam Sampson <ats at offog.org> +Alfredo Pironti <alfredo at pironti.eu> +Brad Hards <bradh at frogmouth.net> +Dimitri John Ledkov <xnox at ubuntu.com> +Hubert Kario <hkario at redhat.com> +Michael Weiser <michael.weiser at gmx.de> +Patrick Pelletier <code at funwithsoftware.org> +Rolf Eike Beer <eike at sf-mail.de> +Ruslan N. Marchenko <me at ruff.mobi> +Sjoerd Simons <sjoerd.simons at collabora.co.uk> +Stefan Bühler <stbuehler at web.de> +Thomas Klute <thomas2.klute at uni-dortmund.de> +Wolfgang Meyer zu Bergsten <w.bergsten at sirrix.com> +Christian Grothoff <christian at grothoff.org> +Daniel P. Berrange <berrange at redhat.com> +Evgeny Grin <k2k at narod.ru> +Gustavo Zacarias <gustavo at zacarias.com.ar> +James Bottomley <James.Bottomley at HansenPartnership.com> +Jiří Klimeš <jklimes at redhat.com> +Karsten Ohme <k_o_ at users.sourceforge.net> +Kurt Roeckx <kurt at roeckx.be> +Peter Wu <peter at lekensteyn.nl> +Stanislav Zidek <szidek at redhat.com> +Stephan Mueller <smueller at chronox.de> +Thierry Quemerais <tquemerais at awox.com> +Tom Carroll <incentivedesign at gmail.com> +Vitezslav Cizek <vcizek at suse.com> +Alessandro Ghedini <alessandro at ghedini.me> +Alex Monk <krenair at gmail.com> +Benjamin Herrenschmidt <benh at kernel.crashing.org> +Bernhard M. Wiedemann <bwiedemann at suse.de> +Craig Gallek <cgallek at gmail.com> +David Caldwell <david at porkrind.org> +Diego Elio Pettenò <flameeyes at flameeyes.eu> +Elta Koepp <alexi_2019 at protonmail.com> +Fabrice Fontaine <fontaine.fabrice at gmail.com> +Giuseppe Scrivano <gscrivano at gnu.org> +Ilya Tumaykin <itumaykin at gmail.com> +Karl Tarbe <karl.tarbe at cyber.ee> +Ke Zhao <kzhao at redhat.com> +Leonardo Bras <leobras.c at gmail.com> +Mark Brand <mabrand at mabrand.nl> +Matthias-Christian Ott <ott at mirix.org> +Maya Rashish <coypu at sdf.org> +Michael Catanzaro <mcatanzaro at igalia.com> +Michał Górny <mgorny at gentoo.org> +Miroslav Lichvar <mlichvar at redhat.com> +Pedro Monreal <pmgdeb at gmail.com> +Pedro Monreal <pmonrealgonzalez at suse.de> +Petr Písař <petr.pisar at atlas.cz> +Pierre Ossman <ossman at cendio.se> +Roman Bogorodskiy <bogorodskiy at gmail.com> +Sam James <sam at gentoo.org> +Simon South <simon at simonsouth.net> +Steffen Jaeckel <jaeckel-floss at eyet-services.de> +Steve Dispensa <dispensa at phonefactor.com> +nia <nia at NetBSD.org> +raspa0 <raspa0 at protonmail.com> +Alban Crequy <alban.crequy at collabora.co.uk> +Albrecht Dreß <albrecht.dress at arcor.de> +Aleksei Nikiforov <darktemplar at basealt.ru> +Alexander Kanavin <alex.kanavin at gmail.com> +Alexandre Bique <bique.alexandre at gmail.com> +Andreas Schneider <asn at samba.org> +Andreas Schwab <schwab at suse.de> +Asad Mehmood <asad78611 at googlemail.com> +Avinash Sonawane <rootkea at gmail.com> +Bas van Schaik <gitlab.com at s.traiectum.net> +Bjoern Jacke <bjacke at samba.org> +Björn Jacke <bjacke at samba.org> +Bjørn Christensen <bhc at insight.dk> +Brad Smith <brad at comstyle.com> +Brian Wickman <bwickman97 at outlook.com> +Carolin Latze <latze at angry-red-pla.net> +Chen Hongzhi <hongzhi.chen at me.com> +Chris Barry <chris at barry.im> +Colin Walters <walters at verbum.org> +Dan Fandrich <dan at coneharvesters.com> +Daniel Schaefer <git at danielschaefer.me> +David Walker <david.walker at vcatechnology.com> +David Weber <dave at veryflatcat.com> +Dimitris Apostolou <dimitris.apostolou at icloud.com> +Dmitriy Tsvettsikh <dmitrycvet at gmail.com> +Dosenpfand <m at sad.bz> +Doug Nazar <nazard at nazar.ca> +Edward Stangler <estangler at bradmark.com> +Elias Pipping <pipping at exherbo.org> +Elta Koepp <elta_koepp at gmail.com> +Frank Morgner <morgner at informatik.hu-berlin.de> +Gregor Jasny <gjasny at googlemail.com> +Günther Deschner <gd at samba.org> +Hani Benhabiles <kroosec at gmail.com> +Hannes Reinecke <hare at suse.de> +Hans Leidekker <hans at codeweavers.com> +Ilya V. Matveychikov <i.matveychikov at securitycode.ru> +Jan Palus <jpalus at fastmail.com> +Jared Wong <jaredlwong at gmail.com> +Jason Spafford <nullprogrammer at gmail.com> +Jay Foad <jay.foad at gmail.com> +Jeffrey Walton <noloader at gmail.com> +Jens Lechtenboerger <jens.lechtenboerger at fsfe.org> +Jussi Kukkonen <jussi.kukkonen at intel.com> +Kenneth J. Miller <ken at miller.ec> +Lei Maohui <leimaohui at cn.fujitsu.com> +Lili Quan <13132239506 at 163.com> +Lucas Fisher <lucas.fisher at gmail.com> +Ludwig Nussel <ludwig.nussel at suse.de> +Luis G.F <luisgf at gmail.com> +Luke Dashjr <luke-jr+git at utopios.org> +Maciej S. Szmigiero <mail at maciej.szmigiero.name> +Maks Naumov <maksqwe1 at ukr.net> +Marcin Cieślak <saper at saper.info> +Marcus Meissner <meissner at suse.de> +Marga Manterola <marga at google.com> +Marius Bakke <mbakke at fastmail.com> +Marti Raudsepp <marti at juffo.org> +Marvin Scholz <epirat07 at gmail.com> +Matt Turner <mattst88 at gmail.com> +Matt Whitlock <matt at whitlock.name> +Micah Anderson <micah at riseup.net> +Michael Catanzaro <mcatanzaro at redhat.com> +Nick Alcock <nick.alcock at oracle.com> +Nick Child <nick.child at ibm.com> +Nicolas Dufresne <nicolas.dufresne at collabora.com> +Nils Maier <maierman at web.de> +Norbert Pocs <npocs at redhat.com> +Olga <olyasib12 at gmail.com> +Ondrej Moris <omoris at redhat.com> +Petr Pavlu <petr.pavlu at suse.com> +Philippe Proulx <eeppeliteloop at gmail.com> +Philippe Widmer <pw at earthwave.ch> +R. Andrew Bailey <bailey at akamai.com> +Raj Raman <rajramanca at gmail.com> +Remi Olivier <remi_8 at hotmail.com> +Rical Jasan <ricaljasan at pacific.net> +Ricardo M. Correia <rcorreia at wizy.org> +Richard Costa <richard.costa at suse.com> +Rickard Bellgrim <rickard at opendnssec.org> +Robert Scheck <robert at fedoraproject.org> +Roberto Newmon <robertonewmon at fake-box.com> +Ross Nicholson <phunkyfish at gmail.com> +Rowan Thorpe <rowan at rowanthorpe.com> +SUMIT AGGARWAL <aggarwal.s at samsung.com> +Sadie Powell <sadie at witchery.services> +Saurav Babu <saurav.babu at samsung.com> +Sebastian Dröge <sebastian at centricular.com> +Seppo Yli-Olli <seppo.yliolli at gmail.com> +Simon Arlott <sa.me.uk> +Tatsuhiro Tsujikawa <tatsuhiro.t at gmail.com> +Thomas Klausner <wiz at NetBSD.org> +Tobias Polzer <tobias.polzer at fau.de> +Tomas Hoger <thoger at redhat.com> +Tomas Mraz <tmraz at fedoraproject.org> +Tristan Matthews <le.businessman at gmail.com> +Werner Koch <wk at gnupg.org> +Yuriy M. Kaminskiy <yumkam at gmail.com> +ihsinme <ihsinme at gmail.com> +rrivers2 <5981058-rrivers2 at users.noreply.gitlab.com> +sskaje <sskaje at gmail.com> +Łukasz Stelmach <stlman at poczta.fm> + + +The translators list is autogenerated from po file history + +Anders Jonsson +Benno Schulenberg +Cristian Othón Martínez Vera +Felipe Castro +Jakub Bogusz +Jorma Karvonen +Mario Blättermann +Milo Casagrande +Mingye Wang (Arthur2e5) +Petr Pisar +Rafael Fontenelle +Remus-Gabriel Chelu +Sharuzzaman Ahmat Raslan +Stéphane Aulery +Temuri Doghonadze +Trần Ngọc Quân +Yuri Chornoivan +Мирослав Николић +8X------------------------------------ + +License: The main library is licensed under GNU Lesser +General Public License (LGPL) version 2.1+, Gnutls Extra (which is currently +just the openssl wrapper library), build system, testsuite and commandline +utilities are licenced under the GNU General Public License version 3+. The +Guile bindings use the same license as the respective underlying library, +i.e. LGPLv2.1+ for the main library and GPLv3+ for Gnutls extra. + +However to be able to use and link against libgnutls a program needs to be +available under a license compatible with LGPLv3+ or GPLv2+ since GnuTLS +requires nettle which requires GMP. GMP (>= 6.0.0) is dual licensed +LGPLv3+ or GPLv2+. Starting with 3.5.7 libunistring is needed, too. It also +is dual licensed LGPLv3+ or GPLv2+ (libunistring 0.9.7 and above, earlier +version were LGPLv3+ only.) + +Copyright: +-------------------- +/* -*- c -*- + * Copyright (C) 2000-2019 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +-------------------- +/* + * Copyright (C) 2004-2015 Free Software Foundation, Inc. + * Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk> + * + * This file is part of GnuTLS-EXTRA. + * + * GnuTLS-extra is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS-extra is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +-------------------- + +The documentation is distributed under the terms of the GNU Free +Documentation License (FDL): +-------------------- +Copyright (C) 2001-2023 Free Software Foundation, Inc. +Copyright (C) 2001-2023 Nikos Mavrogiannopoulos + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, + Version 1.3 or any later version published by the Free Software + Foundation; with no Invariant Sections, no Front-Cover Texts, and + no Back-Cover Texts. A copy of the license is included in the + section entitled "GNU Free Documentation License". +-------------------- + +-------------------- +From December 2012 onwards FSF is not the sole copyright holder of GnuTLS +anymore (See <http://article.gmane.org/gmane.network.gnutls.general/3026>), +the headers currently also list these authors/copyright holders:: +* Adam Sampson +* Alexander von Gernler +* Andrew McDonald +* ARPA2 project +* Attila Molnar +* Bardenheuer GmbH, Munich and Bundesdruckerei GmbH, Berlin +* Brian Wickman +* Canonical, Ltd. +* Christian Grothoff +* Daiki Ueno +* David Woodhouse +* Dmitry Eremin-Solenikov +* Dyalog Ltd. +* Fiona Klute +* Frank Morgner +* Fratnišek Krenželok +* Guillaume Roguez +* Hugo Beauzée-Luyssen +* IBM Corporation +* INRIA Paris-Rocquencourt +* Intel Corporation. +* Joe Orton +* Karl Tarbe +* KU Leuven +* Lucas Fisher +* Markus Friedl +* Michael Zucchi +* Niels Möller +* Nikos Mavrogiannopoulos +* Paul Sheer +* Pierre Ossman +* Red Hat, Inc. +* Ruslan N. Marchenko +* Sean Buckheister +* Simon Josefsson +* Stephan Mueller +* The Pkcs11Interop Project +* Thomas Klute +* Tim Kosse +* Tim Rühsen +* Tobias Heider +* Tom Vrancken +-------------------- + + + +On Debian GNU/Linux systems, the complete text of the latest version of +the GNU Lesser General Public License can be found in +`/usr/share/common-licenses/LGPL' v3 of the license in +`/usr/share/common-licenses/LGPL-3'; the GNU General Public License can +be found in `/usr/share/common-licenses/GPL' (version 3 in +/usr/share/common-licenses/GPL-3) The GNU Free Documentation +License is available under /usr/share/common-licenses/GFDL-1.3. + +============================================ + +Excerpt from upstream's README: + +LICENSING +========= + +Since GnuTLS version 3.1.10, the core library has been released under +the GNU Lesser General Public License (LGPL) version 2.1 or later. + +Note, however, that version 6.0.0 and later of the gmplib library used +by GnuTLS are distributed under a LGPLv3+ or GPLv2+ dual license, and +as such binaries of this library need to adhere to either LGPLv3+ or +GPLv2+ license. + + + + +The GNU LGPL applies to the main GnuTLS library, while the +included applications as well as gnutls-openssl +library are under the GNU GPL version 3. The gnutls library is +located in the lib/ and libdane/ directories, while the applications +in src/ and, the gnutls-openssl library is at extra/. + +For any copyright year range specified as YYYY-ZZZZ in this package +note that the range specifies every single year in that closed interval. +============================================ +============================================ + +Non FSF code + +============================================ + +lib/accelerated/x86 contains code by Andy Polyakov <appro@openssl.org>, +copyright is not assigned to the FSF. The code is licensed under the +CRYPTOGAMS license. + +-------------------- +# Copyright (c) 2011-2016, Andy Polyakov by <appro@openssl.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain copyright notices, +# this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# * Neither the name of the Andy Polyakov nor the names of its +# copyright holder and contributors may be used to endorse or +# promote products derived from this software without specific +# prior written permission. +# +# ALTERNATIVELY, provided that this notice is retained in full, this +# product may be distributed under the terms of the GNU General Public +# License (GPL), in which case the provisions of the GPL apply INSTEAD OF +# those given above. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-------------------- + +============================================ + +lib/extras/randomart.* + + +Upstream Authors: Markus Friedl + Alexander von Gernler + +Copyright: + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Alexander von Gernler. All rights reserved. +License: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +============================================ + +lib/accelerated/x86/elf/aes-ssse3-x86.s +lib/accelerated/x86/macosx/aes-ssse3-x86.s + +Upstream Authors: Mike Hamburg (Stanford University) + +Copyright: + * Mike Hamburg (Stanford University), 2009. +License: + Public domain. + +============================================ + +lib/system/inet_pton.c + +Upstream Authors: Internet Software Consortium + +Copyright/License: + * Copyright (c) 1996,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + +============================================ + +lib/extras/hex.* +Author: Rusty Russell <rusty@rustcorp.com.au> +Comment: http://ccodearchive.net/info/str/hex.html +License: CC0 license + Statement of Purpose + + The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). + + Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. + + For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. + + 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: + + the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; + moral rights retained by the original author(s) and/or performer(s); + publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; + rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; + rights protecting the extraction, dissemination, use and reuse of data in a Work; + database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and + other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. + + 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. + + 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. + + 4. Limitations and Disclaimers. + + No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. + Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. + Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. + Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. + +============================================ + +doc/examples/tlsproxy/ +Copyright: Copyright (c) 2016 Wrymouth Innovation Ltd +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR + OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + +============================================ + +Files: tests/pkcs11/pkcs11-mock.* +Copyright: 2011-2016 The Pkcs11Interop Project + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +X-Comment: Written originally for the Pkcs11Interop project by: + Jaroslav IMRICH <jimrich@jimrich.sk> +License: Apache-2.0 + On Debian systems the complete text of the license can be found in + /usr/share/common-licenses/Apache-2.0 + +============================================ + +lib/unistring/* +Author: Bruno Haible <bruno@clisp.org> +Copyright (C) 2009-2020 Free Software Foundation, Inc. +Comment: Debian package is built against libunistring-dev package. +License: LGPLv3+_or_GPLv2+ + +Files: fuzz/gnutls_base64_decoder_fuzzer.c + fuzz/gnutls_base64_encoder_fuzzer.c + fuzz/gnutls_ocsp_req_parser_fuzzer.c + fuzz/gnutls_ocsp_resp_parser_fuzzer.c fuzz/gnutls_server_fuzzer.c + fuzz/gnutls_set_trust_file_fuzzer.c fuzz/gnutls_handshake_server_fuzzer.c +Copyright: 2017 Red Hat, Inc. +License: Apache-2.0 + On Debian systems the complete text of the license can be found in + /usr/share/common-licenses/Apache-2.0 + +fuzz/gnutls_dn_parser_fuzzer.c fuzz/gnutls_idna_parser_fuzzer.c + fuzz/gnutls_pkcs12_key_parser_fuzzer.c fuzz/gnutls_pkcs8_key_parser_fuzzer.c + fuzz/gnutls_reverse_idna_parser_fuzzer.c +Copyright 2016 Nikos Mavrogiannopoulos +Comment: On Debian systems the complete license text is available in + /usr/share/common-licenses/Apache-2.0 +License + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + +fuzz/gnutls_pkcs7_parser_fuzzer.c fuzz/gnutls_private_key_parser_fuzzer.c + fuzz/gnutls_x509_parser_fuzzer.c +Copyright 2016 Google Inc. +Comment: On Debian systems the complete license text is available in + /usr/share/common-licenses/Apache-2.0 +License + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + +Files: fuzz/gnutls_client_fuzzer.c fuzz/gnutls_handshake_client_fuzzer.c +Copyright: 2016 Google Inc. + 2017 Red Hat, Inc. +Comment: On Debian systems the complete license text is available in + /usr/share/common-licenses/Apache-2.0 +License: Apache-2.0 + On Debian systems the complete text of the license can be found in + /usr/share/common-licenses/Apache-2.0 + + +Files: fuzz/main.c +Copyright: 2017 Tim Ruehsen +License: Expat + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + + +Files: fuzz/mem.h fuzz/psk.h fuzz/srp.h fuzz/certs.h + fuzz/gnutls_psk_server_fuzzer.c + fuzz/gnutls_psk_client_fuzzer.c fuzz/gnutls_srp_client_fuzzer.c + fuzz/gnutls_srp_server_fuzzer.c + fuzz/handshake.h +Copyright: 2017 Nikos Mavrogiannopoulos +License: Expat + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + +Files: fuzz/gnutls_client_rawpk_fuzzer.c fuzz/gnutls_server_rawpk_fuzzer.c +Copyright: 2017 Nikos Mavrogiannopoulos + 2019 Tom Vrancken (dev@tomvrancken.nl) +License: Expat + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + +Files: fuzz/gnutls_x509_crq_parser_fuzzer.c +Copyright: 2020 Dmitry Baryshkov +License: LGPLv2.1+ + +Files: lib/compress.c +Copyright: 2017-2022 Red Hat, Inc. +License: LGPLv2.1+ + +Files: lib/compress.h lib/ext/compress_certificate.c + lib/ext/compress_certificate.h tests/cipher-padding.c + tests/ktls.sh tests/pkcs7-verify-double-free.c +Copyright: 2022 Red Hat, Inc. +License: LGPLv2.1+ + +Files: lib/nettle/backport/block-internal.h +Copyright: 2011 Katholieke Universiteit Leuven + 2011, 2013, 2018 Niels Möller + 2018 Red Hat, Inc. + 2019 Dmitry Eremin-Solenikov +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/init.c +Copyright: 2010-2012 Free Software Foundation, Inc. + 2022 Tobias Heider <tobias.heider@canonical.com> +License: LGPLv2.1+ + +Files: lib/nettle/gost/acpkm.c lib/nettle/gost/acpkm.h +Copyright: 2018 Dmitry Eremin-Solenikov +License: LGPLv3+_or_GPLv2+ + + +Files: lib/nettle/gost/cmac-kuznyechik.c lib/nettle/gost/cmac-magma.c + lib/nettle/gost/magma.c +Copyright: 2017 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Files: lib/nettle/int/drbg-aes.h lib/nettle/int/dsa-fips.h + lib/nettle/int/dsa-keygen-fips186.c lib/nettle/int/dsa-validate.c + lib/nettle/int/provable-prime.c +Copyright: 2013 Red Hat | Copyright 2013, 2014 Red Hat +License: LGPLv3+_or_GPLv2+ + + +Files: lib/nettle/int/drbg-aes-self-test.c lib/nettle/gost/cmac.h +Copyright: 2013 2017 Red Hat + 2008 Free Software Foundation, Inc. +License: LGPLv3+_or_GPLv2+ + + +Files: lib/nettle/int/rsa-keygen-fips186.c +Copyright: 2002 Niels Möller + 2014 Red Hat +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/bignum-le.c lib/nettle/gost/bignum-le.h +Copyright: 2001 Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/write-le32.c +Copyright: 2001, 2011 Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/int/block8.h +Copyright: 2005, 2014 Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/int/mpn-base256.c + lib/nettle/int/mpn-base256.h +Copyright: 2013 Niels Möller + 2013 Red Hat +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/gost28147.h +Copyright: 2015 Dmitry Eremin-Solenikov + 2012 Nikos Mavrogiannopoulos, Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/streebog-meta.c +Copyright: 2012 Nikos Mavrogiannopoulos, Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/hmac-gost.h +Copyright: 2001, 2002 Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/hmac-streebog.c +Copyright: 2016 Dmitry Eremin-Solenikov +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/nettle-write.h +Copyright: 2010 Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/streebog.c +Copyright: 2013-2015 Dmitry Eremin-Solenikov +Comment: Based on my code in libgcrypt. +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/streebog.h +Copyright: 2015 Dmitry Eremin-Solenikov +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/kuznyechik.c lib/nettle/gost/kuznyechik.h + lib/nettle/gost/magma.h +Copyright: 2017 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/gostdsa2.h +Copyright: 2015 Dmity Eremin-Solenikov + 2013 Niels Möller +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/gostdsa-mask.c +Copyright: 2018 Dmitry Eremin-Solenikov +License: LGPLv3+_or_GPLv2+ + +Files: lib/nettle/gost/gost-wrap.c +Copyright: 2015, 2016 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com> +License: LGPLv3+_or_GPLv2+ + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +Files: lib/nettle/gost/gost28147.c +Copyright: 2015-2015 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> + Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com> +License: + based on Russian standard GOST 28147-89 + * For English description, check RFC 5830. + * S-Boxes are expanded from the tables defined in RFC4357: + * https://tools.ietf.org/html/rfc4357 + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be included + * in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Files: lib/nettle/rnd-fuzzer.c +Copyright 2017 Red Hat + Copyright 1995-2017 Free Software Foundation, Inc. +License + * This file is part of the GNU C Library. + * Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, August 1995. + * + * This file is part of GnuTLS. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see <http://www.gnu.org/licenses/>. + +Files: lib/name_val_array.h +License: LGPLv3+_or_GPLv2+ +Copyright: 2011-2019 Free Software Foundation, Inc. + 2019 Red Hat, Inc + +License: LGPLv3+_or_GPLv2+ + * This program is free software: you can redistribute it and/or + * modify it under the terms of either: + * + * * the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. + * + * or + * + * * the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * or both in parallel, as here. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received copies of the GNU General Public License and + * the GNU Lesser General Public License along with this program. If + * not, see http://www.gnu.org/licenses/. + +Files: cligen/*.py cligen/*/*.py cligen/*/*/*.py cligen/cligen.mk +Copyright: 2021-2022 Daiki Ueno +License: LGPLv2.1+ + + +Files: tests/no-extensions.c tests/system-override-curves.sh + tests/system-override-hash.c tests/resume-lifetime.c + tests/system-override-kx.sh tests/system-override-profiles.sh + tests/system-override-sig.c tests/system-override-sig-hash.sh + tests/system-override-tls.sh tests/system-override-versions.sh + tests/iov.c tests/tls13-without-timeout-func.c + tests/cert-tests/certtool-crl-decoding.sh + tests/cert-tests/certtool-long-cn.sh tests/cert-tests/certtool-long-oids.sh + tests/cert-tests/certtool-subca.sh tests/cert-tests/certtool-utf8.sh + tests/ciphersuite-name.c + tests/cert-tests/crq.sh tests/cert-tests/inhibit-anypolicy.sh + tests/cert-tests/pkcs12-utf8.s tests/cert-tests/pkcs7-broken-sigs.sh + tests/cert-tests/pkcs7-constraints2.sh tests/cert-tests/pkcs7-constraints.sh + tests/cert-tests/pkcs7-eddsa.sh tests/cert-tests/privkey-import.sh + tests/cert-tests/provable-dh-default.sh tests/cert-tests/provable-dh.sh + tests/fips-rsa-sizes.c + tests/ocsp-tests/ocsp-load-chain.sh + tests/ocsp-tests/ocsp-must-staple-connection.sh + tests/ocsp-tests/ocsptool.sh + tests/tls13/compress-cert-cli.c + tests/tls13/hello_retry_request_resume.c + tests/client-secrets.h + tests/sanity-lib.sh + tests/server-secrets.h + tests/tls13/compress-cert.c tests/tls13/compress-cert-neg2.c + tests/tls13/compress-cert-neg.c + tests/tls13/psk-ke-modes.c +License: GPLv3+ +Copyright: 2014-2022 Red Hat, Inc + +Files: tests/server-weak-keys.sh tests/cert-tests/alt-chain.sh + tests/cert-tests/cert-critical.sh tests/cert-tests/certtool-ecdsa.sh + tests/cert-tests/certtool-eddsa.sh tests/cert-tests/certtool-rsa-pss.sh + tests/cert-tests/certtool-verify-profiles.sh tests/cert-tests/crl.sh + tests/cert-tests/illegal-rsa.sh tests/cert-tests/invalid-sig.sh + tests/cert-tests/pkcs7-cat.sh tests/cert-tests/pkcs8.sh + tests/cert-tests/provable-privkey-dsa2048.sh + tests/cert-tests/provable-privkey-gen-default.sh + tests/cert-tests/provable-privkey-rsa2048.sh + tests/cert-tests/provable-privkey.sh tests/ocsp-tests/ocsp-test.sh +License: GPLv3+ +Copyright: 2014-2018 Nikos Mavrogiannopoulos + +Files: tests/openconnect-dtls12.c tests/system-override-invalid.sh + tests/system-override-sig-hash.sh tests/cert-tests/x509-duplicate-ext.sh +License: GPLv3+ +Copyright: 2019 Nikos Mavrogiannopoulos + +Files: tests/rfc7633-ok.c +License: GPLv3+ +Copyright: 2016-2019 Tim Kosse + 2019 Nikos Mavrogiannopoulos + +Files: tests/rfc7633-missing.c +License: GPLv3+ +Copyright: 2016 Tim Kosse + +Files: tests/sign-verify-data-newapi.c tests/cert-tests/cert-non-digits-time.sh + tests/cert-tests/reject-invalid-time.sh + tests/cert-tests/tolerate-invalid-time.sh + tests/gnutls-ids.c tests/cert-tests/cert-sanity.sh + tests/cert-tests/cert-time.sh tests/pkcs11/list-objects.c + tests/cert-tests/smime.sh tests/cert-tests/tlsfeature-test.sh + tests/dtls/dtls-resume.sh +License: GPLv3+ +Copyright: 2016-2017 Red Hat, Inc. + +Files: tests/kdf-api.c +License: LGPLv2.1+ +Copyright: 2020 Red Hat, Inc. + +Files: lib/fipshmac.c +License: LGPLv2.1+ +Copyright: 2020-2022 Red Hat, Inc. + +Files: tests/missingissuer_aia.c tests/missingissuer.c +License: GPLv3+ +Copyright: 2008-2014 Free Software Foundation, Inc. + +Files: tests/test-chains-issuer-aia.h tests/test-chains-issuer.h + tests/cert-tests/key-invalid.sh tests/cert-tests/md5-test.sh + tests/cert-tests/pkcs12-encode.sh +License: GPLv3+ +Copyright: 2004-2016 Free Software Foundation, Inc. + 2016 2017 Red Hat, Inc. + +Files: tests/set_x509_ocsp_multi_cli.c tests/handshake-write.c +License: GPLv3+ +Copyright: 2020 Red Hat, Inc. + +Files: tests/status-request-revoked.c tests/cert-tests/certtool.sh + tests/cert-tests/pkcs7.sh +License: GPLv3+ +Copyright: 2014-2018 Nikos Mavrogiannopoulos + 2018 2020 Red Hat, Inc. + +Files: tests/resume-with-record-size-limit.c +License: GPLv3+ +Copyright: 2004-2016 Free Software Foundation, Inc. + 2013 Adam Sampson <ats@offog.org> + 2016-2019 Red Hat, Inc. + +Files: tests/cipher-alignment.c +License: GPLv3+ +Copyright: 2004-2015 Free Software Foundation, Inc. + 2013 Adam Sampson <ats@offog.org> + 2015 Red Hat, Inc + +Files: tests/x509-server-verify.c tests/cert-tests/krb5-test.sh + tests/cert-tests/name-constraints.sh tests/cert-tests/othername-test.sh +License: GPLv3+ +Copyright: 2015 Red Hat, Inc. + 2019 Nikos Mavrogiannopoulos + +Files: tests/x509-upnconstraint.c +License: GPLv3+ +Copyright: 2022 Brian Wickman + +Files: tests/tls13/key_update_multiple.c tests/sign-verify-deterministic.c +License: GPLv3+ +Copyright: 2017-2019 Red Hat, Inc. + +Files: tests/tls13/no-auto-send-ticket.c +License: GPLv3+ +Copyright: 2017-2020 Red Hat, Inc. + +Files: tests/sign-verify-newapi.c +License: GPLv3+ +Copyright: 2004-2012 Free Software Foundation, Inc. + 2017-2019 Red Hat, Inc. + +Files: tests/buffer.c +License: GPLv3+ +Copyright: 2019 Tim Rühsen + +Files: tests/gnutls-cli-rawpk.sh +License: GPLv3+ +Copyright: 2019 Tom Vrancken (dev@tomvrancken.nl) + +Files: tests/system-override-default-priority-string.sh +License: GPLv3+ +Copyright: 2019 Canonical, Ltd. + +Files: tests/x509cert-dntypes.c +License: GPLv3+ +Copyright: 2020 Pierre Ossman for Cendio AB + +Files: fuzz/gnutls_ext_raw_parse_fuzzer.c tests/keylog-func.c +License: LGPLv2.1+ +Copyright: 2019 Red Hat, Inc. + +Files: tests/pskself2.c +Copyright: 2004-2012 Free Software Foundation, Inc. + 2013 Adam Sampson <ats@offog.org> + 2019 Free Software Foundation, Inc. +License: GPLv3+ + +Files: tests/cert-tests/pkcs12-gost.sh +Copyright: 2018 Dmitry Eremin-Solenikov + 2016 Red Hat, Inc. +License: GPLv3+ + +Files: tests/cert-tests/pkcs7-list-sign.sh +Copyright: 2017 Karl Tarbe +License: GPLv3+ + +Files: tests/cert-tests/pkcs8-gost.sh +Copyright: 2018 Dmitry Eremin-Solenikov + 2004-2006, 2010, 2012 Free Software Foundation, Inc. +License: GPLv3+ + +Files: tests/id-on-xmppAddr.c +Copyright: 2021 Steffen Jaeckel +License: GPLv3+ + +Files: tests/ocsp-tests/ocsp-tls-connection.sh +Copyright: 2016 Thomas Klute +License: GPLv3+ + +Files: tests/tls-channel-binding.c +Copyright: 2021 Ruslan N. Marchenko +License: GPLv3+ + +Files: lib/accelerated/afalg.c +Copyright: 2017 Stephan Mueller <smueller@chronox.de> +License: LGPLv2.1+ + + +Files: lib/inih/* +Copyright: 2009-2019, Ben Hoyt +License: BSD-3-Clause + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of Ben Hoyt nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY BEN HOYT ''AS IS'' AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BEN HOYT BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +Comment: https://github.com/benhoyt/inih +~ diff --git a/debian/gnutls-bin.examples b/debian/gnutls-bin.examples new file mode 100644 index 0000000..9ff2c75 --- /dev/null +++ b/debian/gnutls-bin.examples @@ -0,0 +1 @@ +doc/certtool.cfg diff --git a/debian/gnutls-bin.install b/debian/gnutls-bin.install new file mode 100644 index 0000000..bd72fef --- /dev/null +++ b/debian/gnutls-bin.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/* usr/bin diff --git a/debian/gnutls-bin.manpages b/debian/gnutls-bin.manpages new file mode 100644 index 0000000..d44b4bc --- /dev/null +++ b/debian/gnutls-bin.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/*/*.1 diff --git a/debian/gnutls-doc.dirs b/debian/gnutls-doc.dirs new file mode 100644 index 0000000..0821638 --- /dev/null +++ b/debian/gnutls-doc.dirs @@ -0,0 +1 @@ +/usr/share/info diff --git a/debian/gnutls-doc.doc-base b/debian/gnutls-doc.doc-base new file mode 100644 index 0000000..cb926c5 --- /dev/null +++ b/debian/gnutls-doc.doc-base @@ -0,0 +1,16 @@ +Document: gnutls +Title: GnuTLS Manual +Author: Simon Josefsson +Abstract: GnuTLS library manual +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/gnutls-doc/html/gnutls.html +Files: /usr/share/doc/gnutls-doc/html/* + +Format: PDF +Files: /usr/share/doc/gnutls-doc/gnutls.pdf + +Format: info +Index: /usr/share/info/gnutls.info.gz +Files: /usr/share/info/gnutls.info* diff --git a/debian/gnutls-doc.doc-base.apireference b/debian/gnutls-doc.doc-base.apireference new file mode 100644 index 0000000..ed73de0 --- /dev/null +++ b/debian/gnutls-doc.doc-base.apireference @@ -0,0 +1,9 @@ +Document: gnutls-api +Title: GNU TLS API Reference Manual +Author: Simon Josefsson +Abstract: GNU TLS API Reference Manual +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/gnutls-doc/api-reference/index.html +Files: /usr/share/doc/gnutls-doc/api-reference/* diff --git a/debian/gnutls-doc.docs b/debian/gnutls-doc.docs new file mode 100644 index 0000000..898ac13 --- /dev/null +++ b/debian/gnutls-doc.docs @@ -0,0 +1 @@ +b4deb/doc/gnutls.pdf diff --git a/debian/gnutls-doc.examples b/debian/gnutls-doc.examples new file mode 100644 index 0000000..933da21 --- /dev/null +++ b/debian/gnutls-doc.examples @@ -0,0 +1,3 @@ +doc/examples/*.c +doc/examples/*.cpp +doc/examples/*.h diff --git a/debian/gnutls-doc.info b/debian/gnutls-doc.info new file mode 100644 index 0000000..bcde2ce --- /dev/null +++ b/debian/gnutls-doc.info @@ -0,0 +1 @@ +debian/tmp/usr/share/info/*.info* diff --git a/debian/gnutls-doc.install b/debian/gnutls-doc.install new file mode 100644 index 0000000..86a178f --- /dev/null +++ b/debian/gnutls-doc.install @@ -0,0 +1,6 @@ +usr/share/doc/gnutls/*.html usr/share/doc/gnutls-doc/html +usr/share/doc/gnutls/*.png usr/share/doc/gnutls-doc/html +usr/share/gtk-doc/html/gnutls/*.css usr/share/doc/gnutls-doc/api-reference +usr/share/gtk-doc/html/gnutls/*.devhelp* usr/share/doc/gnutls-doc/api-reference +usr/share/gtk-doc/html/gnutls/*html usr/share/doc/gnutls-doc/api-reference +usr/share/gtk-doc/html/gnutls/*png usr/share/doc/gnutls-doc/api-reference diff --git a/debian/gnutls-doc.links b/debian/gnutls-doc.links new file mode 100644 index 0000000..52baaf5 --- /dev/null +++ b/debian/gnutls-doc.links @@ -0,0 +1 @@ +/usr/share/doc/gnutls-doc/api-reference /usr/share/gtk-doc/html/gnutls diff --git a/debian/gnutls-doc.manpages b/debian/gnutls-doc.manpages new file mode 100644 index 0000000..7c72677 --- /dev/null +++ b/debian/gnutls-doc.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* diff --git a/debian/guile-gnutls.install b/debian/guile-gnutls.install new file mode 100644 index 0000000..431be51 --- /dev/null +++ b/debian/guile-gnutls.install @@ -0,0 +1,3 @@ +/usr/lib/*/guile/*/extensions/guile-gnutls*.so* +/usr/lib/*/guile/*/site-ccache +/usr/share/guile/site diff --git a/debian/libgnutls-dane0.install b/debian/libgnutls-dane0.install new file mode 100644 index 0000000..ae12daa --- /dev/null +++ b/debian/libgnutls-dane0.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/*/libgnutls-dane.so.* diff --git a/debian/libgnutls-dane0.symbols b/debian/libgnutls-dane0.symbols new file mode 100644 index 0000000..463739b --- /dev/null +++ b/debian/libgnutls-dane0.symbols @@ -0,0 +1,21 @@ +libgnutls-dane.so.0 libgnutls-dane0 #MINVER# +* Build-Depends-Package: libgnutls28-dev + DANE_0_0@DANE_0_0 3.7.0 + dane_cert_type_name@DANE_0_0 3.7.0 + dane_cert_usage_name@DANE_0_0 3.7.0 + dane_match_type_name@DANE_0_0 3.7.0 + dane_query_data@DANE_0_0 3.7.0 + dane_query_deinit@DANE_0_0 3.7.0 + dane_query_entries@DANE_0_0 3.7.0 + dane_query_status@DANE_0_0 3.7.0 + dane_query_tlsa@DANE_0_0 3.7.0 + dane_query_to_raw_tlsa@DANE_0_0 3.7.0 + dane_raw_tlsa@DANE_0_0 3.7.0 + dane_state_deinit@DANE_0_0 3.7.0 + dane_state_init@DANE_0_0 3.7.0 + dane_state_set_dlv_file@DANE_0_0 3.7.0 + dane_strerror@DANE_0_0 3.7.0 + dane_verification_status_print@DANE_0_0 3.7.0 + dane_verify_crt@DANE_0_0 3.7.0 + dane_verify_crt_raw@DANE_0_0 3.7.0 + dane_verify_session_crt@DANE_0_0 3.7.0 diff --git a/debian/libgnutls-openssl27.install b/debian/libgnutls-openssl27.install new file mode 100644 index 0000000..391ab90 --- /dev/null +++ b/debian/libgnutls-openssl27.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/*/libgnutls-openssl.so.* diff --git a/debian/libgnutls-openssl27.symbols b/debian/libgnutls-openssl27.symbols new file mode 100644 index 0000000..c2e6d76 --- /dev/null +++ b/debian/libgnutls-openssl27.symbols @@ -0,0 +1,76 @@ +libgnutls-openssl.so.27 libgnutls-openssl27 #MINVER# +* Build-Depends-Package: libgnutls28-dev + BIO_get_fd@Base 3.7.0 + BIO_new_socket@Base 3.7.0 + ERR_error_string@Base 3.7.0 + ERR_get_error@Base 3.7.0 + MD5@Base 3.7.0 + MD5_Final@Base 3.7.0 + MD5_Init@Base 3.7.0 + MD5_Update@Base 3.7.0 + OpenSSL_add_all_algorithms@Base 3.7.0 + RAND_bytes@Base 3.7.0 + RAND_egd_bytes@Base 3.7.0 + RAND_file_name@Base 3.7.0 + RAND_load_file@Base 3.7.0 + RAND_pseudo_bytes@Base 3.7.0 + RAND_seed@Base 3.7.0 + RAND_status@Base 3.7.0 + RAND_write_file@Base 3.7.0 + RIPEMD160@Base 3.7.0 + RIPEMD160_Final@Base 3.7.0 + RIPEMD160_Init@Base 3.7.0 + RIPEMD160_Update@Base 3.7.0 + SSL_CIPHER_description@Base 3.7.0 + SSL_CIPHER_get_bits@Base 3.7.0 + SSL_CIPHER_get_name@Base 3.7.0 + SSL_CIPHER_get_version@Base 3.7.0 + SSL_CTX_free@Base 3.7.0 + SSL_CTX_new@Base 3.7.0 + SSL_CTX_sess_accept@Base 3.7.0 + SSL_CTX_sess_accept_good@Base 3.7.0 + SSL_CTX_sess_accept_renegotiate@Base 3.7.0 + SSL_CTX_sess_connect@Base 3.7.0 + SSL_CTX_sess_connect_good@Base 3.7.0 + SSL_CTX_sess_connect_renegotiate@Base 3.7.0 + SSL_CTX_sess_hits@Base 3.7.0 + SSL_CTX_sess_misses@Base 3.7.0 + SSL_CTX_sess_number@Base 3.7.0 + SSL_CTX_sess_timeouts@Base 3.7.0 + SSL_CTX_set_cipher_list@Base 3.7.0 + SSL_CTX_set_default_verify_paths@Base 3.7.0 + SSL_CTX_set_mode@Base 3.7.0 + SSL_CTX_set_options@Base 3.7.0 + SSL_CTX_set_verify@Base 3.7.0 + SSL_CTX_use_PrivateKey_file@Base 3.7.0 + SSL_CTX_use_certificate_file@Base 3.7.0 + SSL_accept@Base 3.7.0 + SSL_connect@Base 3.7.0 + SSL_free@Base 3.7.0 + SSL_get_current_cipher@Base 3.7.0 + SSL_get_error@Base 3.7.0 + SSL_get_peer_certificate@Base 3.7.0 + SSL_library_init@Base 3.7.0 + SSL_load_error_strings@Base 3.7.0 + SSL_new@Base 3.7.0 + SSL_pending@Base 3.7.0 + SSL_read@Base 3.7.0 + SSL_set_bio@Base 3.7.0 + SSL_set_connect_state@Base 3.7.0 + SSL_set_fd@Base 3.7.0 + SSL_set_rfd@Base 3.7.0 + SSL_set_verify@Base 3.7.0 + SSL_set_wfd@Base 3.7.0 + SSL_shutdown@Base 3.7.0 + SSL_want@Base 3.7.0 + SSL_write@Base 3.7.0 + SSLv23_client_method@Base 3.7.0 + SSLv23_server_method@Base 3.7.0 + SSLv3_client_method@Base 3.7.0 + SSLv3_server_method@Base 3.7.0 + TLSv1_client_method@Base 3.7.0 + TLSv1_server_method@Base 3.7.0 + X509_NAME_oneline@Base 3.7.0 + X509_free@Base 3.7.0 + X509_get_issuer_name@Base 3.7.0 + X509_get_subject_name@Base 3.7.0 diff --git a/debian/libgnutls28-dev.install b/debian/libgnutls28-dev.install new file mode 100644 index 0000000..4b58879 --- /dev/null +++ b/debian/libgnutls28-dev.install @@ -0,0 +1,5 @@ +debian/tmp/usr/include/* +debian/tmp/usr/lib/*/libgnutls*.a +debian/tmp/usr/lib/*/libgnutls*.so +debian/tmp/usr/lib/*/pkgconfig/gnutls-dane.pc +debian/tmp/usr/lib/*/pkgconfig/gnutls.pc diff --git a/debian/libgnutls30.NEWS b/debian/libgnutls30.NEWS new file mode 100644 index 0000000..c30ea2c --- /dev/null +++ b/debian/libgnutls30.NEWS @@ -0,0 +1,55 @@ +gnutls28 (3.0.0-1) experimental; urgency=low + + GnuTLS is now using nettle instead of libgcrypt as crypto backend. + + Related to this change (nettle uses LGPLv3+ licensed GMP) the licensing has + change. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. GnuTLS can therefore not + be used by projects using GPLv2 without the "or later" clause. + + -- Andreas Metzler <ametzler@downhill.g.la> Sun, 14 Aug 2011 14:27:12 +0200 + +gnutls26 (2.6.6-1) unstable; urgency=high + + libgnutls: Check expiration/activation time on untrusted certificates. + Before the library did not check activation/expiration times on + certificates, and was documented as not doing so. We have realized that + many applications that use libgnutls, including gnutls-cli, fail to + perform proper checks. Implementing similar logic in all applications + leads to code duplication. Hence, we decided to check whether the + current time (as reported by the time function) is within the + activation/expiration period of certificates when verifying untrusted + certificates. + + This changes the semantics of gnutls_x509_crt_list_verify, which in + turn is used by gnutls_certificate_verify_peers and + gnutls_certificate_verify_peers2. We add two new + gnutls_certificate_status_t codes for reporting the new error + condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also + add a new gnutls_certificate_verify_flags flag, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new + behaviour. + GNUTLS-SA-2009-3 CVE-2009-1417 + http://www.gnu.org/software/gnutls/security.html + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200 + +gnutls26 (2.4.2-5) unstable; urgency=medium + + * The gnutls certificate verification code has been changed to stop + trusting some weak algoritms. Verifying untrusted X.509 certificates + signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. + + See <http://www.win.tue.nl/hashclash/rogue-ca/>, + <http://bugs.debian.org/514578> and + <http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures> + + "certtool -i < signature.pem" will inform about the algoritm used for + signing (Search for "Signature Algorithm" in its output.). The proper + fix is to re-issue the certificates with a more secure algoritm. As a + hotfix the respective certicate itself can be added to the list of + trusted certificates. Obviously this should only be done after + verifying the certificate by different means than relying on the weak + signature. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100 diff --git a/debian/libgnutls30.docs b/debian/libgnutls30.docs new file mode 100644 index 0000000..aeeb0ea --- /dev/null +++ b/debian/libgnutls30.docs @@ -0,0 +1,4 @@ +AUTHORS +NEWS +README* +THANKS diff --git a/debian/libgnutls30.install b/debian/libgnutls30.install new file mode 100644 index 0000000..8856fe2 --- /dev/null +++ b/debian/libgnutls30.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/*/libgnutls.so.* +debian/tmp/usr/share/locale/* diff --git a/debian/libgnutls30.symbols b/debian/libgnutls30.symbols new file mode 100644 index 0000000..99adeaa --- /dev/null +++ b/debian/libgnutls30.symbols @@ -0,0 +1,1315 @@ +libgnutls.so.30 libgnutls30 #MINVER# +* Build-Depends-Package: libgnutls28-dev + GNUTLS_3_4@GNUTLS_3_4 3.7.0 + GNUTLS_3_6_0@GNUTLS_3_6_0 3.7.0 + GNUTLS_3_6_10@GNUTLS_3_6_10 3.7.0 + GNUTLS_3_6_12@GNUTLS_3_6_12 3.7.0 + GNUTLS_3_6_13@GNUTLS_3_6_13 3.7.0 + GNUTLS_3_6_14@GNUTLS_3_6_14 3.7.0 + GNUTLS_3_6_2@GNUTLS_3_6_2 3.7.0 + GNUTLS_3_6_3@GNUTLS_3_6_3 3.7.0 + GNUTLS_3_6_4@GNUTLS_3_6_4 3.7.0 + GNUTLS_3_6_5@GNUTLS_3_6_5 3.7.0 + GNUTLS_3_6_6@GNUTLS_3_6_6 3.7.0 + GNUTLS_3_6_8@GNUTLS_3_6_8 3.7.0 + GNUTLS_3_6_9@GNUTLS_3_6_9 3.7.0 + GNUTLS_3_7_0@GNUTLS_3_7_0 3.7.0 + GNUTLS_3_7_2@GNUTLS_3_7_2 3.7.2 + GNUTLS_3_7_3@GNUTLS_3_7_3 3.7.3 + GNUTLS_3_7_4@GNUTLS_3_7_4 3.7.4 + GNUTLS_3_7_5@GNUTLS_3_7_5 3.7.5 + GNUTLS_3_7_7@GNUTLS_3_7_7 3.7.7 + GNUTLS_FIPS140_3_4@GNUTLS_FIPS140_3_4 3.7.0 + (regex|optional)"@GNUTLS_PRIVATE_3_4$" 3.7.7-0+private+1 + _dsa_generate_dss_g@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _dsa_generate_dss_pq@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _dsa_validate_dss_g@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _dsa_validate_dss_pq@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _gnutls_cipher_get_iv@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _gnutls_decode_ber_rs_raw@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _gnutls_encode_ber_rs_raw@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + _gnutls_global_init_skip@GNUTLS_3_4 3.7.0 + _gnutls_prf_raw@GNUTLS_FIPS140_3_4 3.7.0 + _rsa_generate_fips186_4_keypair@GNUTLS_FIPS140_3_4 3.7.7-0+private+1 + dsa_generate_dss_keypair@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_aead_cipher_decrypt@GNUTLS_3_4 3.7.0 + gnutls_aead_cipher_decryptv2@GNUTLS_3_6_10 3.7.0 + gnutls_aead_cipher_deinit@GNUTLS_3_4 3.7.0 + gnutls_aead_cipher_encrypt@GNUTLS_3_4 3.7.0 + gnutls_aead_cipher_encryptv2@GNUTLS_3_6_10 3.7.0 + gnutls_aead_cipher_encryptv@GNUTLS_3_6_3 3.7.0 + gnutls_aead_cipher_init@GNUTLS_3_4 3.7.0 + gnutls_aead_cipher_set_key@GNUTLS_3_7_5 3.7.5 + gnutls_alert_get@GNUTLS_3_4 3.7.0 + gnutls_alert_get_name@GNUTLS_3_4 3.7.0 + gnutls_alert_get_strname@GNUTLS_3_4 3.7.0 + gnutls_alert_send@GNUTLS_3_4 3.7.0 + gnutls_alert_send_appropriate@GNUTLS_3_4 3.7.0 + gnutls_alert_set_read_function@GNUTLS_3_7_0 3.7.0 + gnutls_alpn_get_selected_protocol@GNUTLS_3_4 3.7.0 + gnutls_alpn_set_protocols@GNUTLS_3_4 3.7.0 + gnutls_anon_allocate_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_anon_allocate_server_credentials@GNUTLS_3_4 3.7.0 + gnutls_anon_free_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_anon_free_server_credentials@GNUTLS_3_4 3.7.0 + gnutls_anon_set_params_function@GNUTLS_3_4 3.7.0 + gnutls_anon_set_server_dh_params@GNUTLS_3_4 3.7.0 + gnutls_anon_set_server_known_dh_params@GNUTLS_3_4 3.7.0 + gnutls_anon_set_server_params_function@GNUTLS_3_4 3.7.0 + gnutls_anti_replay_deinit@GNUTLS_3_6_5 3.7.0 + gnutls_anti_replay_enable@GNUTLS_3_6_5 3.7.0 + gnutls_anti_replay_init@GNUTLS_3_6_5 3.7.0 + gnutls_anti_replay_set_add_function@GNUTLS_3_6_5 3.7.0 + gnutls_anti_replay_set_ptr@GNUTLS_3_6_5 3.7.0 + gnutls_anti_replay_set_window@GNUTLS_3_6_5 3.7.0 + gnutls_auth_client_get_type@GNUTLS_3_4 3.7.0 + gnutls_auth_get_type@GNUTLS_3_4 3.7.0 + gnutls_auth_server_get_type@GNUTLS_3_4 3.7.0 + gnutls_base64_decode2@GNUTLS_3_6_0 3.7.0 + gnutls_base64_encode2@GNUTLS_3_6_0 3.7.0 + gnutls_buffer_append_data@GNUTLS_3_4 3.7.0 + gnutls_bye@GNUTLS_3_4 3.7.0 + gnutls_calloc@GNUTLS_3_4 3.7.0 + gnutls_certificate_activation_time_peers@GNUTLS_3_4 3.7.0 + gnutls_certificate_allocate_credentials@GNUTLS_3_4 3.7.0 + gnutls_certificate_client_get_request_status@GNUTLS_3_4 3.7.0 + gnutls_certificate_expiration_time_peers@GNUTLS_3_4 3.7.0 + gnutls_certificate_free_ca_names@GNUTLS_3_4 3.7.0 + gnutls_certificate_free_cas@GNUTLS_3_4 3.7.0 + gnutls_certificate_free_credentials@GNUTLS_3_4 3.7.0 + gnutls_certificate_free_crls@GNUTLS_3_4 3.7.0 + gnutls_certificate_free_keys@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_crt_raw@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_issuer@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_ocsp_expiration@GNUTLS_3_6_3 3.7.0 + gnutls_certificate_get_openpgp_crt@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_openpgp_key@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_ours@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_peers@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_peers_subkey_id@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_trust_list@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_verify_flags@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_x509_crt@GNUTLS_3_4 3.7.0 + gnutls_certificate_get_x509_key@GNUTLS_3_4 3.7.0 + gnutls_certificate_send_x509_rdn_sequence@GNUTLS_3_4 3.7.0 + gnutls_certificate_server_set_request@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_dh_params@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_flags@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_key@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_known_dh_params@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_ocsp_status_request_file2@GNUTLS_3_6_3 3.7.0 + gnutls_certificate_set_ocsp_status_request_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_ocsp_status_request_function2@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_ocsp_status_request_function@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_ocsp_status_request_mem@GNUTLS_3_6_3 3.7.0 + gnutls_certificate_set_openpgp_key@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_openpgp_key_file2@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_openpgp_key_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_openpgp_key_mem2@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_openpgp_key_mem@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_openpgp_keyring_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_openpgp_keyring_mem@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_params_function@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_rawpk_key_file@GNUTLS_3_6_6 3.7.0 + gnutls_certificate_set_rawpk_key_mem@GNUTLS_3_6_6 3.7.0 + gnutls_certificate_set_retrieve_function2@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_retrieve_function3@GNUTLS_3_6_3 3.7.0 + gnutls_certificate_set_retrieve_function@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_trust_list@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_verify_flags@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_verify_function@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_verify_limits@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_crl@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_crl_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_crl_mem@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_key@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_key_file2@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_key_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_key_mem2@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_key_mem@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_simple_pkcs12_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_simple_pkcs12_mem@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_system_trust@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_trust@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_trust_dir@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_trust_file@GNUTLS_3_4 3.7.0 + gnutls_certificate_set_x509_trust_mem@GNUTLS_3_4 3.7.0 + gnutls_certificate_type_get2@GNUTLS_3_6_4 3.7.0 + gnutls_certificate_type_get@GNUTLS_3_4 3.7.0 + gnutls_certificate_type_get_id@GNUTLS_3_4 3.7.0 + gnutls_certificate_type_get_name@GNUTLS_3_4 3.7.0 + gnutls_certificate_type_list@GNUTLS_3_4 3.7.0 + gnutls_certificate_verification_profile_get_id@GNUTLS_3_6_12 3.7.0 + gnutls_certificate_verification_profile_get_name@GNUTLS_3_6_12 3.7.0 + gnutls_certificate_verification_status_print@GNUTLS_3_4 3.7.0 + gnutls_certificate_verify_peers2@GNUTLS_3_4 3.7.0 + gnutls_certificate_verify_peers3@GNUTLS_3_4 3.7.0 + gnutls_certificate_verify_peers@GNUTLS_3_4 3.7.0 + gnutls_check_version@GNUTLS_3_4 3.7.0 + gnutls_cipher_add_auth@GNUTLS_3_4 3.7.0 + gnutls_cipher_decrypt2@GNUTLS_3_4 3.7.0 + gnutls_cipher_decrypt3@GNUTLS_3_7_7 3.7.7 + gnutls_cipher_decrypt@GNUTLS_3_4 3.7.0 + gnutls_cipher_deinit@GNUTLS_3_4 3.7.0 + gnutls_cipher_encrypt2@GNUTLS_3_4 3.7.0 + gnutls_cipher_encrypt3@GNUTLS_3_7_7 3.7.7 + gnutls_cipher_encrypt@GNUTLS_3_4 3.7.0 + gnutls_cipher_get@GNUTLS_3_4 3.7.0 + gnutls_cipher_get_block_size@GNUTLS_3_4 3.7.0 + gnutls_cipher_get_id@GNUTLS_3_4 3.7.0 + gnutls_cipher_get_iv_size@GNUTLS_3_4 3.7.0 + gnutls_cipher_get_key_size@GNUTLS_3_4 3.7.0 + gnutls_cipher_get_name@GNUTLS_3_4 3.7.0 + gnutls_cipher_get_tag_size@GNUTLS_3_4 3.7.0 + gnutls_cipher_init@GNUTLS_3_4 3.7.0 + gnutls_cipher_list@GNUTLS_3_4 3.7.0 + gnutls_cipher_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_cipher_set_iv@GNUTLS_3_4 3.7.0 + gnutls_cipher_suite_get_name@GNUTLS_3_4 3.7.0 + gnutls_cipher_suite_info@GNUTLS_3_4 3.7.0 + gnutls_cipher_tag@GNUTLS_3_4 3.7.0 + gnutls_ciphersuite_get@GNUTLS_3_7_4 3.7.4 + gnutls_compress_certificate_get_selected_method@GNUTLS_3_7_4 3.7.4 + gnutls_compress_certificate_set_methods@GNUTLS_3_7_4 3.7.4 + gnutls_compression_get@GNUTLS_3_4 3.7.0 + gnutls_compression_get_id@GNUTLS_3_4 3.7.0 + gnutls_compression_get_name@GNUTLS_3_4 3.7.0 + gnutls_compression_list@GNUTLS_3_4 3.7.0 + gnutls_credentials_clear@GNUTLS_3_4 3.7.0 + gnutls_credentials_get@GNUTLS_3_4 3.7.0 + gnutls_credentials_set@GNUTLS_3_4 3.7.0 + gnutls_crypto_register_aead_cipher@GNUTLS_3_4 3.7.0 + gnutls_crypto_register_cipher@GNUTLS_3_4 3.7.0 + gnutls_crypto_register_digest@GNUTLS_3_4 3.7.0 + gnutls_crypto_register_mac@GNUTLS_3_4 3.7.0 + gnutls_db_check_entry@GNUTLS_3_4 3.7.0 + gnutls_db_check_entry_expire_time@GNUTLS_3_6_5 3.7.0 + gnutls_db_check_entry_time@GNUTLS_3_4 3.7.0 + gnutls_db_get_default_cache_expiration@GNUTLS_3_4 3.7.0 + gnutls_db_get_ptr@GNUTLS_3_4 3.7.0 + gnutls_db_remove_session@GNUTLS_3_4 3.7.0 + gnutls_db_set_cache_expiration@GNUTLS_3_4 3.7.0 + gnutls_db_set_ptr@GNUTLS_3_4 3.7.0 + gnutls_db_set_remove_function@GNUTLS_3_4 3.7.0 + gnutls_db_set_retrieve_function@GNUTLS_3_4 3.7.0 + gnutls_db_set_store_function@GNUTLS_3_4 3.7.0 + gnutls_decode_ber_digest_info@GNUTLS_3_4 3.7.0 + gnutls_decode_gost_rs_value@GNUTLS_3_6_3 3.7.0 + gnutls_decode_rs_value@GNUTLS_3_6_0 3.7.0 + gnutls_deinit@GNUTLS_3_4 3.7.0 + gnutls_dh_get_group@GNUTLS_3_4 3.7.0 + gnutls_dh_get_peers_public_bits@GNUTLS_3_4 3.7.0 + gnutls_dh_get_prime_bits@GNUTLS_3_4 3.7.0 + gnutls_dh_get_pubkey@GNUTLS_3_4 3.7.0 + gnutls_dh_get_secret_bits@GNUTLS_3_4 3.7.0 + gnutls_dh_params_cpy@GNUTLS_3_4 3.7.0 + gnutls_dh_params_deinit@GNUTLS_3_4 3.7.0 + gnutls_dh_params_export2_pkcs3@GNUTLS_3_4 3.7.0 + gnutls_dh_params_export_pkcs3@GNUTLS_3_4 3.7.0 + gnutls_dh_params_export_raw@GNUTLS_3_4 3.7.0 + gnutls_dh_params_generate2@GNUTLS_3_4 3.7.0 + gnutls_dh_params_import_dsa@GNUTLS_3_4 3.7.0 + gnutls_dh_params_import_pkcs3@GNUTLS_3_4 3.7.0 + gnutls_dh_params_import_raw2@GNUTLS_3_4 3.7.0 + gnutls_dh_params_import_raw3@GNUTLS_3_6_8 3.7.0 + gnutls_dh_params_import_raw@GNUTLS_3_4 3.7.0 + gnutls_dh_params_init@GNUTLS_3_4 3.7.0 + gnutls_dh_set_prime_bits@GNUTLS_3_4 3.7.0 + gnutls_digest_get_id@GNUTLS_3_4 3.7.0 + gnutls_digest_get_name@GNUTLS_3_4 3.7.0 + gnutls_digest_get_oid@GNUTLS_3_4 3.7.0 + gnutls_digest_list@GNUTLS_3_4 3.7.0 + gnutls_digest_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_digest_set_secure@GNUTLS_3_7_3 3.7.3 + gnutls_dtls_cookie_send@GNUTLS_3_4 3.7.0 + gnutls_dtls_cookie_verify@GNUTLS_3_4 3.7.0 + gnutls_dtls_get_data_mtu@GNUTLS_3_4 3.7.0 + gnutls_dtls_get_mtu@GNUTLS_3_4 3.7.0 + gnutls_dtls_get_timeout@GNUTLS_3_4 3.7.0 + gnutls_dtls_prestate_set@GNUTLS_3_4 3.7.0 + gnutls_dtls_set_data_mtu@GNUTLS_3_4 3.7.0 + gnutls_dtls_set_mtu@GNUTLS_3_4 3.7.0 + gnutls_dtls_set_timeouts@GNUTLS_3_4 3.7.0 + gnutls_early_cipher_get@GNUTLS_3_7_2 3.7.2 + gnutls_early_prf_hash_get@GNUTLS_3_7_2 3.7.2 + gnutls_ecc_curve_get@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_get_id@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_get_name@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_get_oid@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_get_pk@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_get_size@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_list@GNUTLS_3_4 3.7.0 + gnutls_ecc_curve_set_enabled@GNUTLS_3_7_3 3.7.3 + gnutls_encode_ber_digest_info@GNUTLS_3_4 3.7.0 + gnutls_encode_gost_rs_value@GNUTLS_3_6_3 3.7.0 + gnutls_encode_rs_value@GNUTLS_3_6_0 3.7.0 + gnutls_error_is_fatal@GNUTLS_3_4 3.7.0 + gnutls_error_to_alert@GNUTLS_3_4 3.7.0 + gnutls_est_record_overhead_size@GNUTLS_3_4 3.7.0 + gnutls_ext_get_current_msg@GNUTLS_3_6_3 3.7.0 + gnutls_ext_get_data@GNUTLS_3_4 3.7.0 + gnutls_ext_get_name2@GNUTLS_3_6_14 3.7.0 + gnutls_ext_get_name@GNUTLS_3_4 3.7.0 + gnutls_ext_raw_parse@GNUTLS_3_6_3 3.7.0 + gnutls_ext_register@GNUTLS_3_4 3.7.0 + gnutls_ext_set_data@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_2048_group_generator@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_2048_group_prime@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_2048_group_q@GNUTLS_3_6_8 3.7.0 + gnutls_ffdhe_2048_key_bits@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_3072_group_generator@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_3072_group_prime@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_3072_group_q@GNUTLS_3_6_8 3.7.0 + gnutls_ffdhe_3072_key_bits@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_4096_group_generator@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_4096_group_prime@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_4096_group_q@GNUTLS_3_6_8 3.7.0 + gnutls_ffdhe_4096_key_bits@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_6144_group_generator@GNUTLS_3_6_4 3.7.0 + gnutls_ffdhe_6144_group_prime@GNUTLS_3_6_4 3.7.0 + gnutls_ffdhe_6144_group_q@GNUTLS_3_6_8 3.7.0 + gnutls_ffdhe_6144_key_bits@GNUTLS_3_6_4 3.7.0 + gnutls_ffdhe_8192_group_generator@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_8192_group_prime@GNUTLS_3_4 3.7.0 + gnutls_ffdhe_8192_group_q@GNUTLS_3_6_8 3.7.0 + gnutls_ffdhe_8192_key_bits@GNUTLS_3_4 3.7.0 + gnutls_fingerprint@GNUTLS_3_4 3.7.0 + gnutls_fips140_context_deinit@GNUTLS_3_7_3 3.7.3 + gnutls_fips140_context_init@GNUTLS_3_7_3 3.7.3 + gnutls_fips140_get_operation_state@GNUTLS_3_7_3 3.7.3 + gnutls_fips140_mode_enabled@GNUTLS_3_4 3.7.0 + gnutls_fips140_pop_context@GNUTLS_3_7_3 3.7.3 + gnutls_fips140_push_context@GNUTLS_3_7_3 3.7.3 + gnutls_fips140_run_self_tests@GNUTLS_3_7_7 3.7.7 + gnutls_fips140_set_mode@GNUTLS_3_6_3 3.7.0 + gnutls_free@GNUTLS_3_4 3.7.0 + gnutls_get_library_config@GNUTLS_3_7_3 3.7.3 + gnutls_get_system_config_file@GNUTLS_3_6_9 3.7.0 + gnutls_global_deinit@GNUTLS_3_4 3.7.0 + gnutls_global_init@GNUTLS_3_4 3.7.2 + gnutls_global_set_audit_log_function@GNUTLS_3_4 3.7.0 + gnutls_global_set_log_function@GNUTLS_3_4 3.7.0 + gnutls_global_set_log_level@GNUTLS_3_4 3.7.0 + gnutls_global_set_mem_functions@GNUTLS_3_4 3.7.0 + gnutls_global_set_mutex@GNUTLS_3_4 3.7.0 + gnutls_global_set_time_function@GNUTLS_3_4 3.7.0 + gnutls_gost_paramset_get_name@GNUTLS_3_6_3 3.7.0 + gnutls_gost_paramset_get_oid@GNUTLS_3_6_3 3.7.0 + gnutls_group_get@GNUTLS_3_6_0 3.7.0 + gnutls_group_get_id@GNUTLS_3_6_0 3.7.0 + gnutls_group_get_name@GNUTLS_3_6_0 3.7.0 + gnutls_group_list@GNUTLS_3_6_0 3.7.0 + gnutls_handshake@GNUTLS_3_4 3.7.0 + gnutls_handshake_description_get_name@GNUTLS_3_4 3.7.0 + gnutls_handshake_get_last_in@GNUTLS_3_4 3.7.0 + gnutls_handshake_get_last_out@GNUTLS_3_4 3.7.0 + gnutls_handshake_set_hook_function@GNUTLS_3_4 3.7.0 + gnutls_handshake_set_max_packet_length@GNUTLS_3_4 3.7.0 + gnutls_handshake_set_post_client_hello_function@GNUTLS_3_4 3.7.0 + gnutls_handshake_set_private_extensions@GNUTLS_3_4 3.7.0 + gnutls_handshake_set_random@GNUTLS_3_4 3.7.0 + gnutls_handshake_set_read_function@GNUTLS_3_7_0 3.7.0 + gnutls_handshake_set_secret_function@GNUTLS_3_7_0 3.7.0 + gnutls_handshake_set_timeout@GNUTLS_3_4 3.7.0 + gnutls_handshake_write@GNUTLS_3_7_0 3.7.0 + gnutls_hash@GNUTLS_3_4 3.7.0 + gnutls_hash_copy@GNUTLS_3_6_9 3.7.0 + gnutls_hash_deinit@GNUTLS_3_4 3.7.0 + gnutls_hash_fast@GNUTLS_3_4 3.7.0 + gnutls_hash_get_len@GNUTLS_3_4 3.7.0 + gnutls_hash_init@GNUTLS_3_4 3.7.0 + gnutls_hash_output@GNUTLS_3_4 3.7.0 + gnutls_heartbeat_allowed@GNUTLS_3_4 3.7.0 + gnutls_heartbeat_enable@GNUTLS_3_4 3.7.0 + gnutls_heartbeat_get_timeout@GNUTLS_3_4 3.7.0 + gnutls_heartbeat_ping@GNUTLS_3_4 3.7.0 + gnutls_heartbeat_pong@GNUTLS_3_4 3.7.0 + gnutls_heartbeat_set_timeouts@GNUTLS_3_4 3.7.0 + gnutls_hex2bin@GNUTLS_3_4 3.7.0 + gnutls_hex_decode2@GNUTLS_3_4 3.7.0 + gnutls_hex_decode@GNUTLS_3_4 3.7.0 + gnutls_hex_encode@GNUTLS_3_4 3.7.0 + gnutls_hkdf_expand@GNUTLS_3_6_13 3.7.0 + gnutls_hkdf_extract@GNUTLS_3_6_13 3.7.0 + gnutls_hkdf_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_hex_encode2@GNUTLS_3_4 3.7.0 + gnutls_hmac@GNUTLS_3_4 3.7.0 + gnutls_hmac_copy@GNUTLS_3_6_9 3.7.0 + gnutls_hmac_deinit@GNUTLS_3_4 3.7.0 + gnutls_hmac_fast@GNUTLS_3_4 3.7.0 + gnutls_hmac_get_key_size@GNUTLS_3_6_12 3.7.0 + gnutls_hmac_get_len@GNUTLS_3_4 3.7.0 + gnutls_hmac_init@GNUTLS_3_4 3.7.0 + gnutls_hmac_output@GNUTLS_3_4 3.7.0 + gnutls_hmac_set_nonce@GNUTLS_3_4 3.7.0 + gnutls_idna_map@GNUTLS_3_4 3.7.0 + gnutls_idna_reverse_map@GNUTLS_3_4 3.7.0 + gnutls_init@GNUTLS_3_4 3.7.5 + gnutls_key_generate@GNUTLS_3_4 3.7.0 + gnutls_kx_get@GNUTLS_3_4 3.7.0 + gnutls_kx_get_id@GNUTLS_3_4 3.7.0 + gnutls_kx_get_name@GNUTLS_3_4 3.7.0 + gnutls_kx_list@GNUTLS_3_4 3.7.0 + gnutls_load_file@GNUTLS_3_4 3.7.0 + gnutls_mac_get@GNUTLS_3_4 3.7.0 + gnutls_mac_get_id@GNUTLS_3_4 3.7.0 + gnutls_mac_get_key_size@GNUTLS_3_4 3.7.0 + gnutls_mac_get_name@GNUTLS_3_4 3.7.0 + gnutls_mac_get_nonce_size@GNUTLS_3_4 3.7.0 + gnutls_mac_list@GNUTLS_3_4 3.7.0 + gnutls_mac_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_malloc@GNUTLS_3_4 3.7.0 + gnutls_memcmp@GNUTLS_3_4 3.7.0 + gnutls_memset@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_add_cert@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_add_cert_id@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_deinit@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_export@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_get_cert_id@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_get_extension@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_get_nonce@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_get_version@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_import@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_init@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_print@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_randomize_nonce@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_set_extension@GNUTLS_3_4 3.7.0 + gnutls_ocsp_req_set_nonce@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_check_crt@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_deinit@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_export2@GNUTLS_3_6_3 3.7.0 + gnutls_ocsp_resp_export@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_certs@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_extension@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_nonce@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_produced@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_responder2@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_responder@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_responder_raw_id@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_response@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_signature@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_signature_algorithm@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_single@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_status@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_get_version@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_import2@GNUTLS_3_6_3 3.7.0 + gnutls_ocsp_resp_import@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_init@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_list_import2@GNUTLS_3_6_3 3.7.0 + gnutls_ocsp_resp_print@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_verify@GNUTLS_3_4 3.7.0 + gnutls_ocsp_resp_verify_direct@GNUTLS_3_4 3.7.0 + gnutls_ocsp_status_request_enable_client@GNUTLS_3_4 3.7.0 + gnutls_ocsp_status_request_get2@GNUTLS_3_6_3 3.7.0 + gnutls_ocsp_status_request_get@GNUTLS_3_4 3.7.0 + gnutls_ocsp_status_request_is_checked@GNUTLS_3_4 3.7.0 + gnutls_oid_to_digest@GNUTLS_3_4 3.7.0 + gnutls_oid_to_ecc_curve@GNUTLS_3_4 3.7.0 + gnutls_oid_to_gost_paramset@GNUTLS_3_6_3 3.7.0 + gnutls_oid_to_mac@GNUTLS_3_4 3.7.0 + gnutls_oid_to_pk@GNUTLS_3_4 3.7.0 + gnutls_oid_to_sign@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_check_email@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_check_hostname2@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_check_hostname@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_deinit@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_export2@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_export@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_auth_subkey@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_creation_time@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_expiration_time@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_fingerprint@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_key_usage@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_name@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_pk_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_pk_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_preferred_key_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_revoked_status@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_count@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_creation_time@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_expiration_time@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_fingerprint@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_idx@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_pk_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_pk_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_revoked_status@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_subkey_usage@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_get_version@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_import@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_init@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_print@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_set_preferred_key_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_verify_ring@GNUTLS_3_4 3.7.0 + gnutls_openpgp_crt_verify_self@GNUTLS_3_4 3.7.0 + gnutls_openpgp_keyring_check_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_keyring_deinit@GNUTLS_3_4 3.7.0 + gnutls_openpgp_keyring_get_crt@GNUTLS_3_4 3.7.0 + gnutls_openpgp_keyring_get_crt_count@GNUTLS_3_4 3.7.0 + gnutls_openpgp_keyring_import@GNUTLS_3_4 3.7.0 + gnutls_openpgp_keyring_init@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_deinit@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_export2@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_export@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_export_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_export_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_export_subkey_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_export_subkey_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_fingerprint@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_preferred_key_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_revoked_status@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_count@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_creation_time@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_expiration_time@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_fingerprint@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_idx@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_get_subkey_revoked_status@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_import@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_init@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_sec_param@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_set_preferred_key_id@GNUTLS_3_4 3.7.0 + gnutls_openpgp_privkey_sign_hash@GNUTLS_3_4 3.7.0 + gnutls_openpgp_send_cert@GNUTLS_3_4 3.7.0 + gnutls_openpgp_set_recv_key_function@GNUTLS_3_4 3.7.0 + gnutls_packet_deinit@GNUTLS_3_4 3.7.0 + gnutls_packet_get@GNUTLS_3_4 3.7.0 + gnutls_pbkdf2@GNUTLS_3_6_13 3.7.0 + gnutls_pbkdf2_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_pcert_deinit@GNUTLS_3_4 3.7.0 + gnutls_pcert_export_openpgp@GNUTLS_3_4 3.7.0 + gnutls_pcert_export_x509@GNUTLS_3_4 3.7.0 + gnutls_pcert_import_openpgp@GNUTLS_3_4 3.7.0 + gnutls_pcert_import_openpgp_raw@GNUTLS_3_4 3.7.0 + gnutls_pcert_import_rawpk@GNUTLS_3_6_6 3.7.0 + gnutls_pcert_import_rawpk_raw@GNUTLS_3_6_6 3.7.0 + gnutls_pcert_import_x509@GNUTLS_3_4 3.7.0 + gnutls_pcert_import_x509_list@GNUTLS_3_4 3.7.0 + gnutls_pcert_import_x509_raw@GNUTLS_3_4 3.7.0 + gnutls_pcert_list_import_x509_file@GNUTLS_3_6_3 3.7.0 + gnutls_pcert_list_import_x509_raw@GNUTLS_3_4 3.7.0 + gnutls_pem_base64_decode2@GNUTLS_3_4 3.7.0 + gnutls_pem_base64_decode@GNUTLS_3_4 3.7.0 + gnutls_pem_base64_encode2@GNUTLS_3_4 3.7.0 + gnutls_pem_base64_encode@GNUTLS_3_4 3.7.0 + gnutls_perror@GNUTLS_3_4 3.7.0 + gnutls_pk_algorithm_get_name@GNUTLS_3_4 3.7.0 + gnutls_pk_bits_to_sec_param@GNUTLS_3_4 3.7.0 + gnutls_pk_get_id@GNUTLS_3_4 3.7.0 + gnutls_pk_get_name@GNUTLS_3_4 3.7.0 + gnutls_pk_get_oid@GNUTLS_3_4 3.7.0 + gnutls_pk_list@GNUTLS_3_4 3.7.0 + gnutls_pk_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_pk_to_sign@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_add_provider@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_copy_attached_extension@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_copy_pubkey@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_copy_secret_key@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_copy_x509_crt2@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_copy_x509_privkey2@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_crt_is_known@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_delete_url@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_get_pin_function@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_get_raw_issuer@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_get_raw_issuer_by_dn@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_get_raw_issuer_by_subject_key_id@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_export2@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_export3@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_export@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_export_url@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_flags_get_str@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_get_exts@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_get_flags@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_get_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_get_ptr@GNUTLS_3_6_3 3.7.0 + gnutls_pkcs11_obj_get_type@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_import_url@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_list_import_url3@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_list_import_url4@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_set_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_obj_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_cpy@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_export_pubkey@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_export_url@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_generate3@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_get_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_import_url@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_privkey_status@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_reinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_set_token_function@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_check_mechanism@GNUTLS_3_6_0 3.7.0 + gnutls_pkcs11_token_get_flags@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_get_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_get_mechanism@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_get_ptr@GNUTLS_3_6_3 3.7.0 + gnutls_pkcs11_token_get_random@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_get_url@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_token_set_pin@GNUTLS_3_4 3.7.0 + gnutls_pkcs11_type_get_name@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_decrypt@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_enc_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_encrypt@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_get_count@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_get_data@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_get_friendly_name@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_get_type@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_set_crl@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_set_crt@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_set_data@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_set_friendly_name@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_set_key_id@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_bag_set_privkey@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_export2@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_export@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_generate_mac2@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_generate_mac@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_get_bag@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_import@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_mac_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_set_bag@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_simple_parse@GNUTLS_3_4 3.7.0 + gnutls_pkcs12_verify_mac@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_add_attr@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_attrs_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_delete_crl@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_delete_crt@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_export2@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_export@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_attr@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_crl_count@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_crl_raw2@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_crl_raw@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_crt_count@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_crt_raw2@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_crt_raw@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_embedded_data@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_embedded_data_oid@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_signature_count@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_get_signature_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_import@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_init@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_print@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_print_signature_info@GNUTLS_3_6_14 3.7.0 + gnutls_pkcs7_set_crl@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_set_crl_raw@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_set_crt@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_set_crt_raw@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_sign@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_signature_info_deinit@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_verify@GNUTLS_3_4 3.7.0 + gnutls_pkcs7_verify_direct@GNUTLS_3_4 3.7.0 + gnutls_pkcs8_info@GNUTLS_3_4 3.7.0 + gnutls_pkcs_schema_get_name@GNUTLS_3_4 3.7.0 + gnutls_pkcs_schema_get_oid@GNUTLS_3_4 3.7.0 + gnutls_prf@GNUTLS_3_4 3.7.0 + gnutls_prf_early@GNUTLS_3_6_8 3.7.0 + gnutls_prf_hash_get@GNUTLS_3_6_13 3.7.0 + gnutls_prf_raw@GNUTLS_3_4 3.7.0 + gnutls_prf_rfc5705@GNUTLS_3_4 3.7.0 + gnutls_priority_certificate_type_list2@GNUTLS_3_6_4 3.7.2 + gnutls_priority_certificate_type_list@GNUTLS_3_4 3.7.2 + gnutls_priority_cipher_list@GNUTLS_3_4 3.7.2 + gnutls_priority_compression_list@GNUTLS_3_4 3.7.2 + gnutls_priority_deinit@GNUTLS_3_4 3.7.5 + gnutls_priority_ecc_curve_list@GNUTLS_3_4 3.7.2 + gnutls_priority_get_cipher_suite_index@GNUTLS_3_4 3.7.2 + gnutls_priority_group_list@GNUTLS_3_6_0 3.7.2 + gnutls_priority_init2@GNUTLS_3_6_3 3.7.5 + gnutls_priority_init@GNUTLS_3_4 3.7.5 + gnutls_priority_kx_list@GNUTLS_3_4 3.7.2 + gnutls_priority_mac_list@GNUTLS_3_4 3.7.2 + gnutls_priority_protocol_list@GNUTLS_3_4 3.7.2 + gnutls_priority_set@GNUTLS_3_4 3.7.5 + gnutls_priority_set_direct@GNUTLS_3_4 3.7.5 + gnutls_priority_sign_list@GNUTLS_3_4 3.7.2 + gnutls_priority_string_list@GNUTLS_3_4 3.7.2 + gnutls_privkey_decrypt_data2@GNUTLS_3_6_5 3.7.0 + gnutls_privkey_decrypt_data@GNUTLS_3_4 3.7.0 + gnutls_privkey_deinit@GNUTLS_3_4 3.7.0 + gnutls_privkey_export_dsa_raw2@GNUTLS_3_6_0 3.7.3 + gnutls_privkey_export_dsa_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_export_ecc_raw2@GNUTLS_3_6_0 3.7.3 + gnutls_privkey_export_ecc_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_export_gost_raw2@GNUTLS_3_6_3 3.7.3 + gnutls_privkey_export_openpgp@GNUTLS_3_4 3.7.3 + gnutls_privkey_export_pkcs11@GNUTLS_3_4 3.7.3 + gnutls_privkey_export_rsa_raw2@GNUTLS_3_6_0 3.7.3 + gnutls_privkey_export_rsa_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_export_x509@GNUTLS_3_4 3.7.3 + gnutls_privkey_generate2@GNUTLS_3_4 3.7.0 + gnutls_privkey_generate@GNUTLS_3_4 3.7.0 + gnutls_privkey_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_privkey_get_seed@GNUTLS_3_4 3.7.0 + gnutls_privkey_get_spki@GNUTLS_3_6_0 3.7.0 + gnutls_privkey_get_type@GNUTLS_3_4 3.7.0 + gnutls_privkey_import_dsa_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_ecc_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_ext2@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_ext3@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_ext4@GNUTLS_3_6_0 3.7.3 + gnutls_privkey_import_ext@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_gost_raw@GNUTLS_3_6_3 3.7.3 + gnutls_privkey_import_openpgp@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_openpgp_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_pkcs11@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_rsa_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_tpm_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_tpm_url@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_url@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_x509@GNUTLS_3_4 3.7.3 + gnutls_privkey_import_x509_raw@GNUTLS_3_4 3.7.3 + gnutls_privkey_init@GNUTLS_3_4 3.7.0 + gnutls_privkey_set_flags@GNUTLS_3_4 3.7.0 + gnutls_privkey_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_privkey_set_spki@GNUTLS_3_6_0 3.7.0 + gnutls_privkey_sign_data2@GNUTLS_3_6_0 3.7.3 + gnutls_privkey_sign_data@GNUTLS_3_4 3.7.0 + gnutls_privkey_sign_hash2@GNUTLS_3_6_0 3.7.0 + gnutls_privkey_sign_hash@GNUTLS_3_4 3.7.0 + gnutls_privkey_status@GNUTLS_3_4 3.7.0 + gnutls_privkey_verify_params@GNUTLS_3_4 3.7.0 + gnutls_privkey_verify_seed@GNUTLS_3_4 3.7.0 + gnutls_protocol_get_id@GNUTLS_3_4 3.7.0 + gnutls_protocol_get_name@GNUTLS_3_4 3.7.0 + gnutls_protocol_get_version@GNUTLS_3_4 3.7.0 + gnutls_protocol_list@GNUTLS_3_4 3.7.0 + gnutls_protocol_set_enabled@GNUTLS_3_7_3 3.7.3 + gnutls_psk_allocate_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_psk_allocate_server_credentials@GNUTLS_3_4 3.7.0 + gnutls_psk_client_get_hint@GNUTLS_3_4 3.7.0 + gnutls_psk_free_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_psk_free_server_credentials@GNUTLS_3_4 3.7.0 + gnutls_psk_server_get_username2@GNUTLS_3_6_13 3.7.0 + gnutls_psk_server_get_username@GNUTLS_3_4 3.7.0 + gnutls_psk_set_client_credentials2@GNUTLS_3_6_13 3.7.0 + gnutls_psk_set_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_psk_set_client_credentials_function2@GNUTLS_3_6_13 3.7.0 + gnutls_psk_set_client_credentials_function@GNUTLS_3_4 3.7.0 + gnutls_psk_set_params_function@GNUTLS_3_4 3.7.0 + gnutls_psk_set_server_credentials_file@GNUTLS_3_4 3.7.0 + gnutls_psk_set_server_credentials_function2@GNUTLS_3_6_13 3.7.0 + gnutls_psk_set_server_credentials_function@GNUTLS_3_4 3.7.0 + gnutls_psk_set_server_credentials_hint@GNUTLS_3_4 3.7.0 + gnutls_psk_set_server_dh_params@GNUTLS_3_4 3.7.0 + gnutls_psk_set_server_known_dh_params@GNUTLS_3_4 3.7.0 + gnutls_psk_set_server_params_function@GNUTLS_3_4 3.7.0 + gnutls_pubkey_deinit@GNUTLS_3_4 3.7.0 + gnutls_pubkey_encrypt_data@GNUTLS_3_4 3.7.0 + gnutls_pubkey_export2@GNUTLS_3_4 3.7.0 + gnutls_pubkey_export@GNUTLS_3_4 3.7.0 + gnutls_pubkey_export_dsa_raw2@GNUTLS_3_6_0 3.7.0 + gnutls_pubkey_export_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_export_ecc_raw2@GNUTLS_3_6_0 3.7.0 + gnutls_pubkey_export_ecc_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_export_ecc_x962@GNUTLS_3_4 3.7.0 + gnutls_pubkey_export_gost_raw2@GNUTLS_3_6_3 3.7.0 + gnutls_pubkey_export_rsa_raw2@GNUTLS_3_6_0 3.7.0 + gnutls_pubkey_export_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_pubkey_get_key_usage@GNUTLS_3_4 3.7.0 + gnutls_pubkey_get_openpgp_key_id@GNUTLS_3_4 3.7.0 + gnutls_pubkey_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_pubkey_get_preferred_hash_algorithm@GNUTLS_3_4 3.7.0 + gnutls_pubkey_get_spki@GNUTLS_3_6_0 3.7.0 + gnutls_pubkey_import@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_ecc_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_ecc_x962@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_gost_raw@GNUTLS_3_6_3 3.7.0 + gnutls_pubkey_import_openpgp@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_openpgp_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_pkcs11@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_privkey@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_tpm_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_tpm_url@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_url@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_x509@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_x509_crq@GNUTLS_3_4 3.7.0 + gnutls_pubkey_import_x509_raw@GNUTLS_3_4 3.7.0 + gnutls_pubkey_init@GNUTLS_3_4 3.7.0 + gnutls_pubkey_print@GNUTLS_3_4 3.7.0 + gnutls_pubkey_set_key_usage@GNUTLS_3_4 3.7.0 + gnutls_pubkey_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_pubkey_set_spki@GNUTLS_3_6_0 3.7.0 + gnutls_pubkey_verify_data2@GNUTLS_3_4 3.7.3 + gnutls_pubkey_verify_hash2@GNUTLS_3_4 3.7.3 + gnutls_pubkey_verify_params@GNUTLS_3_4 3.7.3 + gnutls_random_art@GNUTLS_3_4 3.7.0 + gnutls_range_split@GNUTLS_3_4 3.7.0 + gnutls_realloc@GNUTLS_3_4 3.7.0 + gnutls_reauth@GNUTLS_3_6_3 3.7.0 + gnutls_record_can_use_length_hiding@GNUTLS_3_4 3.7.0 + gnutls_record_check_corked@GNUTLS_3_4 3.7.0 + gnutls_record_check_pending@GNUTLS_3_4 3.7.0 + gnutls_record_cork@GNUTLS_3_4 3.7.0 + gnutls_record_disable_padding@GNUTLS_3_4 3.7.0 + gnutls_record_discard_queued@GNUTLS_3_4 3.7.0 + gnutls_record_get_direction@GNUTLS_3_4 3.7.0 + gnutls_record_get_discarded@GNUTLS_3_4 3.7.0 + gnutls_record_get_max_early_data_size@GNUTLS_3_6_5 3.7.0 + gnutls_record_get_max_size@GNUTLS_3_4 3.7.0 + gnutls_record_get_state@GNUTLS_3_4 3.7.0 + gnutls_record_overhead_size@GNUTLS_3_4 3.7.0 + gnutls_record_recv@GNUTLS_3_4 3.7.0 + gnutls_record_recv_early_data@GNUTLS_3_6_5 3.7.0 + gnutls_record_recv_packet@GNUTLS_3_4 3.7.0 + gnutls_record_recv_seq@GNUTLS_3_4 3.7.0 + gnutls_record_send2@GNUTLS_3_6_3 3.7.0 + gnutls_record_send@GNUTLS_3_4 3.7.0 + gnutls_record_send_early_data@GNUTLS_3_6_5 3.7.0 + gnutls_record_send_file@GNUTLS_3_7_4 3.7.4 + gnutls_record_send_range@GNUTLS_3_4 3.7.0 + gnutls_record_set_max_early_data_size@GNUTLS_3_6_4 3.7.0 + gnutls_record_set_max_recv_size@GNUTLS_3_6_8 3.7.0 + gnutls_record_set_max_size@GNUTLS_3_4 3.7.0 + gnutls_record_set_state@GNUTLS_3_4 3.7.0 + gnutls_record_set_timeout@GNUTLS_3_4 3.7.0 + gnutls_record_uncork@GNUTLS_3_4 3.7.0 + gnutls_register_custom_url@GNUTLS_3_4 3.7.0 + gnutls_rehandshake@GNUTLS_3_4 3.7.0 + gnutls_rnd@GNUTLS_3_4 3.7.0 + gnutls_rnd_refresh@GNUTLS_3_4 3.7.0 + gnutls_safe_renegotiation_status@GNUTLS_3_4 3.7.0 + gnutls_sec_param_get_name@GNUTLS_3_4 3.7.0 + gnutls_sec_param_to_pk_bits@GNUTLS_3_4 3.7.0 + gnutls_sec_param_to_symmetric_bits@GNUTLS_3_4 3.7.0 + gnutls_secure_malloc@GNUTLS_3_4 3.7.0 + gnutls_server_name_get@GNUTLS_3_4 3.7.0 + gnutls_server_name_set@GNUTLS_3_4 3.7.0 + gnutls_session_channel_binding@GNUTLS_3_4 3.7.2 + gnutls_session_enable_compatibility_mode@GNUTLS_3_4 3.7.0 + gnutls_session_etm_status@GNUTLS_3_4 3.7.0 + gnutls_session_ext_master_secret_status@GNUTLS_3_4 3.7.0 + gnutls_session_ext_register@GNUTLS_3_4 3.7.0 + gnutls_session_force_valid@GNUTLS_3_4 3.7.0 + gnutls_session_get_data2@GNUTLS_3_4 3.7.0 + gnutls_session_get_data@GNUTLS_3_4 3.7.0 + gnutls_session_get_desc@GNUTLS_3_4 3.7.0 + gnutls_session_get_flags@GNUTLS_3_4 3.7.0 + gnutls_session_get_id2@GNUTLS_3_4 3.7.0 + gnutls_session_get_id@GNUTLS_3_4 3.7.0 + gnutls_session_get_keylog_function@GNUTLS_3_6_13 3.7.0 + gnutls_session_get_master_secret@GNUTLS_3_4 3.7.0 + gnutls_session_get_ptr@GNUTLS_3_4 3.7.0 + gnutls_session_get_random@GNUTLS_3_4 3.7.0 + gnutls_session_get_verify_cert_status@GNUTLS_3_4 3.7.0 + gnutls_session_is_resumed@GNUTLS_3_4 3.7.0 + gnutls_session_key_update@GNUTLS_3_6_3 3.7.0 + gnutls_session_resumption_requested@GNUTLS_3_4 3.7.0 + gnutls_session_set_data@GNUTLS_3_4 3.7.0 + gnutls_session_set_id@GNUTLS_3_4 3.7.0 + gnutls_session_set_keylog_function@GNUTLS_3_6_13 3.7.0 + gnutls_session_set_premaster@GNUTLS_3_4 3.7.0 + gnutls_session_set_ptr@GNUTLS_3_4 3.7.0 + gnutls_session_set_verify_cert2@GNUTLS_3_4 3.7.0 + gnutls_session_set_verify_cert@GNUTLS_3_4 3.7.0 + gnutls_session_set_verify_function@GNUTLS_3_4 3.7.0 + gnutls_session_set_verify_output_function@GNUTLS_3_7_0 3.7.0 + gnutls_session_supplemental_register@GNUTLS_3_4 3.7.0 + gnutls_session_ticket_enable_client@GNUTLS_3_4 3.7.0 + gnutls_session_ticket_enable_server@GNUTLS_3_4 3.7.0 + gnutls_session_ticket_key_generate@GNUTLS_3_4 3.7.0 + gnutls_session_ticket_send@GNUTLS_3_6_3 3.7.0 + gnutls_set_default_priority@GNUTLS_3_4 3.7.0 + gnutls_set_default_priority_append@GNUTLS_3_6_3 3.7.5 + gnutls_sign_algorithm_get@GNUTLS_3_4 3.7.0 + gnutls_sign_algorithm_get_client@GNUTLS_3_4 3.7.0 + gnutls_sign_algorithm_get_requested@GNUTLS_3_4 3.7.0 + gnutls_sign_get_hash_algorithm@GNUTLS_3_4 3.7.0 + gnutls_sign_get_id@GNUTLS_3_4 3.7.0 + gnutls_sign_get_name@GNUTLS_3_4 3.7.0 + gnutls_sign_get_oid@GNUTLS_3_4 3.7.0 + gnutls_sign_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_sign_is_secure2@GNUTLS_3_6_0 3.7.0 + gnutls_sign_is_secure@GNUTLS_3_4 3.7.0 + gnutls_sign_list@GNUTLS_3_4 3.7.0 + gnutls_sign_set_secure@GNUTLS_3_7_3 3.7.3 + gnutls_sign_set_secure_for_certs@GNUTLS_3_7_3 3.7.3 + gnutls_sign_supports_pk_algorithm@GNUTLS_3_6_0 3.7.0 + gnutls_srp_1024_group_generator@GNUTLS_3_4 3.7.0 + gnutls_srp_1024_group_prime@GNUTLS_3_4 3.7.0 + gnutls_srp_1536_group_generator@GNUTLS_3_4 3.7.0 + gnutls_srp_1536_group_prime@GNUTLS_3_4 3.7.0 + gnutls_srp_2048_group_generator@GNUTLS_3_4 3.7.0 + gnutls_srp_2048_group_prime@GNUTLS_3_4 3.7.0 + gnutls_srp_3072_group_generator@GNUTLS_3_4 3.7.0 + gnutls_srp_3072_group_prime@GNUTLS_3_4 3.7.0 + gnutls_srp_4096_group_generator@GNUTLS_3_4 3.7.0 + gnutls_srp_4096_group_prime@GNUTLS_3_4 3.7.0 + gnutls_srp_8192_group_generator@GNUTLS_3_6_2 3.7.0 + gnutls_srp_8192_group_prime@GNUTLS_3_6_2 3.7.0 + gnutls_srp_allocate_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_srp_allocate_server_credentials@GNUTLS_3_4 3.7.0 + gnutls_srp_base64_decode2@GNUTLS_3_4 3.7.0 + gnutls_srp_base64_decode@GNUTLS_3_4 3.7.0 + gnutls_srp_base64_encode2@GNUTLS_3_4 3.7.0 + gnutls_srp_base64_encode@GNUTLS_3_4 3.7.0 + gnutls_srp_free_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_srp_free_server_credentials@GNUTLS_3_4 3.7.0 + gnutls_srp_server_get_username@GNUTLS_3_4 3.7.0 + gnutls_srp_set_client_credentials@GNUTLS_3_4 3.7.0 + gnutls_srp_set_client_credentials_function@GNUTLS_3_4 3.7.0 + gnutls_srp_set_prime_bits@GNUTLS_3_4 3.7.0 + gnutls_srp_set_server_credentials_file@GNUTLS_3_4 3.7.0 + gnutls_srp_set_server_credentials_function@GNUTLS_3_4 3.7.0 + gnutls_srp_set_server_fake_salt_seed@GNUTLS_3_4 3.7.0 + gnutls_srp_verifier@GNUTLS_3_4 3.7.0 + gnutls_srtp_get_keys@GNUTLS_3_4 3.7.0 + gnutls_srtp_get_mki@GNUTLS_3_4 3.7.0 + gnutls_srtp_get_profile_id@GNUTLS_3_4 3.7.0 + gnutls_srtp_get_profile_name@GNUTLS_3_4 3.7.0 + gnutls_srtp_get_selected_profile@GNUTLS_3_4 3.7.0 + gnutls_srtp_set_mki@GNUTLS_3_4 3.7.0 + gnutls_srtp_set_profile@GNUTLS_3_4 3.7.0 + gnutls_srtp_set_profile_direct@GNUTLS_3_4 3.7.0 + gnutls_store_commitment@GNUTLS_3_4 3.7.0 + gnutls_store_pubkey@GNUTLS_3_4 3.7.0 + gnutls_strdup@GNUTLS_3_4 3.7.0 + gnutls_strerror@GNUTLS_3_4 3.7.0 + gnutls_strerror_name@GNUTLS_3_4 3.7.0 + gnutls_subject_alt_names_deinit@GNUTLS_3_4 3.7.0 + gnutls_subject_alt_names_get@GNUTLS_3_4 3.7.0 + gnutls_subject_alt_names_init@GNUTLS_3_4 3.7.0 + gnutls_subject_alt_names_set@GNUTLS_3_4 3.7.0 + gnutls_supplemental_get_name@GNUTLS_3_4 3.7.0 + gnutls_supplemental_recv@GNUTLS_3_4 3.7.0 + gnutls_supplemental_register@GNUTLS_3_4 3.7.0 + gnutls_supplemental_send@GNUTLS_3_4 3.7.0 + gnutls_system_key_add_x509@GNUTLS_3_4 3.7.0 + gnutls_system_key_delete@GNUTLS_3_4 3.7.0 + gnutls_system_key_iter_deinit@GNUTLS_3_4 3.7.0 + gnutls_system_key_iter_get_info@GNUTLS_3_4 3.7.0 + gnutls_system_recv_timeout@GNUTLS_3_4 3.7.0 + gnutls_tdb_deinit@GNUTLS_3_4 3.7.0 + gnutls_tdb_init@GNUTLS_3_4 3.7.0 + gnutls_tdb_set_store_commitment_func@GNUTLS_3_4 3.7.0 + gnutls_tdb_set_store_func@GNUTLS_3_4 3.7.0 + gnutls_tdb_set_verify_func@GNUTLS_3_4 3.7.0 + gnutls_tlsprf_self_test@GNUTLS_FIPS140_3_4 3.7.0 + gnutls_tpm_get_registered@GNUTLS_3_4 3.7.0 + gnutls_tpm_key_list_deinit@GNUTLS_3_4 3.7.0 + gnutls_tpm_key_list_get_url@GNUTLS_3_4 3.7.0 + gnutls_tpm_privkey_delete@GNUTLS_3_4 3.7.0 + gnutls_tpm_privkey_generate@GNUTLS_3_4 3.7.0 + gnutls_transport_get_int2@GNUTLS_3_4 3.7.0 + gnutls_transport_get_int@GNUTLS_3_4 3.7.0 + gnutls_transport_get_ptr2@GNUTLS_3_4 3.7.0 + gnutls_transport_get_ptr@GNUTLS_3_4 3.7.0 + gnutls_transport_is_ktls_enabled@GNUTLS_3_7_3 3.7.3 + gnutls_transport_set_errno@GNUTLS_3_4 3.7.0 + gnutls_transport_set_errno_function@GNUTLS_3_4 3.7.0 + gnutls_transport_set_fastopen@GNUTLS_3_4 3.7.0 + gnutls_transport_set_int2@GNUTLS_3_4 3.7.0 + gnutls_transport_set_ptr2@GNUTLS_3_4 3.7.0 + gnutls_transport_set_ptr@GNUTLS_3_4 3.7.0 + gnutls_transport_set_pull_function@GNUTLS_3_4 3.7.0 + gnutls_transport_set_pull_timeout_function@GNUTLS_3_4 3.7.0 + gnutls_transport_set_push_function@GNUTLS_3_4 3.7.0 + gnutls_transport_set_vec_push_function@GNUTLS_3_4 3.7.0 + gnutls_url_is_supported@GNUTLS_3_4 3.7.0 + gnutls_utf8_password_normalize@GNUTLS_3_4 3.7.0 + gnutls_verify_stored_pubkey@GNUTLS_3_4 3.7.0 + gnutls_x509_aia_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_aia_get@GNUTLS_3_4 3.7.0 + gnutls_x509_aia_init@GNUTLS_3_4 3.7.0 + gnutls_x509_aia_set@GNUTLS_3_4 3.7.0 + gnutls_x509_aki_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_aki_get_cert_issuer@GNUTLS_3_4 3.7.0 + gnutls_x509_aki_get_id@GNUTLS_3_4 3.7.0 + gnutls_x509_aki_init@GNUTLS_3_4 3.7.0 + gnutls_x509_aki_set_cert_issuer@GNUTLS_3_4 3.7.0 + gnutls_x509_aki_set_id@GNUTLS_3_4 3.7.0 + gnutls_x509_cidr_to_rfc5280@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_check_issuer@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_dist_points_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_dist_points_get@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_dist_points_init@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_dist_points_set@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_export2@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_export@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_authority_key_gn_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_authority_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_crt_count@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_crt_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_dn_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_extension_data2@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_extension_data@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_extension_info@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_extension_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_issuer_dn2@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_issuer_dn3@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_issuer_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_issuer_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_next_update@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_number@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_raw_issuer_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_signature@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_signature_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_signature_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_this_update@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_get_version@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_import@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_init@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_iter_crt_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_iter_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_list_import2@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_list_import@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_print@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_privkey_sign@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_authority_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_crt@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_crt_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_next_update@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_number@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_this_update@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_set_version@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_sign2@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_sign@GNUTLS_3_4 3.7.0 + gnutls_x509_crl_verify@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_export2@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_export@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_attribute_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_attribute_data@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_attribute_info@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_basic_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_challenge_password@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_dn2@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_dn3@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_dn_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_extension_by_oid2@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_extension_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_extension_data2@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_extension_data@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_extension_info@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_key_purpose_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_key_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_key_usage@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_pk_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_private_key_usage_period@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_signature_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_signature_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_spki@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crq_get_subject_alt_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_subject_alt_othername_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_tlsfeatures@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_get_version@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_import@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_init@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_print@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_privkey_sign@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_attribute_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_basic_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_challenge_password@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_extension_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_key@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_key_purpose_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_key_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_key_usage@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_private_key_usage_period@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_pubkey@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_spki@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crq_set_subject_alt_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_subject_alt_othername@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_tlsfeatures@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_set_version@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_sign2@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_sign@GNUTLS_3_4 3.7.0 + gnutls_x509_crq_verify@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_check_email@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_check_hostname2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_check_hostname@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_check_ip@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crt_check_issuer@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_check_key_purpose@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_check_revocation@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_cpy_crl_dist_points@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_equals2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_equals@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_export2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_export@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_activation_time@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_authority_info_access@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_authority_key_gn_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_authority_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_basic_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_ca_status@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_crl_dist_points@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_dn2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_dn3@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_dn_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_expiration_time@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_extension_by_oid2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_extension_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_extension_data2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_extension_data@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_extension_info@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_extension_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_fingerprint@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_inhibit_anypolicy@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crt_get_issuer@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_alt_name2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_alt_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_alt_othername_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_dn2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_dn3@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_dn_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_issuer_unique_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_key_purpose_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_key_usage@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_name_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_pk_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_pk_ecc_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_pk_gost_raw@GNUTLS_3_6_3 3.7.0 + gnutls_x509_crt_get_pk_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_pk_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_policy@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_preferred_hash_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_private_key_usage_period@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_proxy@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_raw_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_raw_issuer_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_signature@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_signature_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_signature_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_spki@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crt_get_subject@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_subject_alt_name2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_subject_alt_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_subject_alt_othername_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_subject_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_subject_unique_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_tlsfeatures@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_get_version@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_import@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_import_pkcs11@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_import_url@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_init@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_list_import2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_list_import@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_list_import_pkcs11@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_list_import_url@GNUTLS_3_6_3 3.7.0 + gnutls_x509_crt_list_verify@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_print@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_privkey_sign@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_activation_time@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_authority_info_access@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_authority_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_basic_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_ca_status@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_crl_dist_points2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_crl_dist_points@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_crq@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_crq_extension_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_crq_extensions@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_expiration_time@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_extension_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_flags@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crt_set_inhibit_anypolicy@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crt_set_issuer_alt_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_issuer_alt_othername@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_issuer_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_issuer_dn_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_issuer_unique_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_key@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_key_purpose_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_key_usage@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_name_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_policy@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_private_key_usage_period@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_proxy@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_proxy_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_pubkey@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_serial@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_spki@GNUTLS_3_6_0 3.7.0 + gnutls_x509_crt_set_subject_alt_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_subject_alt_othername@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_subject_alternative_name@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_subject_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_subject_unique_id@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_tlsfeatures@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_set_version@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_sign2@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_sign@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_verify@GNUTLS_3_4 3.7.0 + gnutls_x509_crt_verify_data2@GNUTLS_3_4 3.7.0 + gnutls_x509_ct_sct_get@GNUTLS_3_7_0 3.7.3 + gnutls_x509_ct_sct_get_version@GNUTLS_3_7_0 3.7.3 + gnutls_x509_dn_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_export2@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_export@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_get_rdn_ava@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_get_str2@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_get_str@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_import@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_init@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_oid_known@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_oid_name@GNUTLS_3_4 3.7.0 + gnutls_x509_dn_set_str@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_ct_export_scts@GNUTLS_3_7_0 3.7.3 + gnutls_x509_ext_ct_import_scts@GNUTLS_3_7_0 3.7.3 + gnutls_x509_ext_ct_scts_deinit@GNUTLS_3_7_0 3.7.3 + gnutls_x509_ext_ct_scts_init@GNUTLS_3_7_0 3.7.3 + gnutls_x509_ext_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_aia@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_authority_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_basic_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_crl_dist_points@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_inhibit_anypolicy@GNUTLS_3_6_0 3.7.0 + gnutls_x509_ext_export_key_purposes@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_key_usage@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_name_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_policies@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_private_key_usage_period@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_proxy@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_subject_alt_names@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_subject_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_export_tlsfeatures@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_aia@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_authority_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_basic_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_crl_dist_points@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_inhibit_anypolicy@GNUTLS_3_6_0 3.7.0 + gnutls_x509_ext_import_key_purposes@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_key_usage@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_name_constraints@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_policies@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_private_key_usage_period@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_proxy@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_subject_alt_names@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_subject_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_import_tlsfeatures@GNUTLS_3_4 3.7.0 + gnutls_x509_ext_print@GNUTLS_3_4 3.7.0 + gnutls_x509_key_purpose_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_key_purpose_get@GNUTLS_3_4 3.7.0 + gnutls_x509_key_purpose_init@GNUTLS_3_4 3.7.0 + gnutls_x509_key_purpose_set@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_add_excluded@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_add_permitted@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_check@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_check_crt@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_get_excluded@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_get_permitted@GNUTLS_3_4 3.7.0 + gnutls_x509_name_constraints_init@GNUTLS_3_4 3.7.0 + gnutls_x509_othername_to_virtual@GNUTLS_3_4 3.7.0 + gnutls_x509_policies_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_policies_get@GNUTLS_3_4 3.7.0 + gnutls_x509_policies_init@GNUTLS_3_4 3.7.0 + gnutls_x509_policies_set@GNUTLS_3_4 3.7.0 + gnutls_x509_policy_release@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_cpy@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export2@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export2_pkcs8@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export_ecc_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export_gost_raw@GNUTLS_3_6_3 3.7.0 + gnutls_x509_privkey_export_pkcs8@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export_rsa_raw2@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_export_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_fix@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_generate2@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_generate@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_get_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_get_pk_algorithm2@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_get_pk_algorithm@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_get_seed@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_get_spki@GNUTLS_3_6_0 3.7.0 + gnutls_x509_privkey_import2@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import_dsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import_ecc_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import_gost_raw@GNUTLS_3_6_3 3.7.0 + gnutls_x509_privkey_import_openssl@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import_pkcs8@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import_rsa_raw2@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_import_rsa_raw@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_init@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_sec_param@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_set_flags@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_set_pin_function@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_set_spki@GNUTLS_3_6_0 3.7.0 + gnutls_x509_privkey_sign_data@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_sign_hash@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_verify_params@GNUTLS_3_4 3.7.0 + gnutls_x509_privkey_verify_seed@GNUTLS_3_4 3.7.0 + gnutls_x509_rdn_get2@GNUTLS_3_4 3.7.0 + gnutls_x509_rdn_get@GNUTLS_3_4 3.7.0 + gnutls_x509_rdn_get_by_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_rdn_get_oid@GNUTLS_3_4 3.7.0 + gnutls_x509_spki_deinit@GNUTLS_3_6_0 3.7.0 + gnutls_x509_spki_get_rsa_pss_params@GNUTLS_3_6_0 3.7.0 + gnutls_x509_spki_init@GNUTLS_3_6_0 3.7.0 + gnutls_x509_spki_set_rsa_pss_params@GNUTLS_3_6_0 3.7.0 + gnutls_x509_tlsfeatures_add@GNUTLS_3_4 3.7.0 + gnutls_x509_tlsfeatures_check_crt@GNUTLS_3_4 3.7.0 + gnutls_x509_tlsfeatures_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_tlsfeatures_get@GNUTLS_3_4 3.7.0 + gnutls_x509_tlsfeatures_init@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_cas@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_crls@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_named_crt@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_system_trust@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_trust_dir@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_trust_file@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_add_trust_mem@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_get_issuer@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_get_issuer_by_dn@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_get_issuer_by_subject_key_id@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_get_ptr@GNUTLS_3_7_0 3.7.0 + gnutls_x509_trust_list_init@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_iter_deinit@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_iter_get_ca@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_remove_cas@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_remove_trust_file@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_remove_trust_mem@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_set_getissuer_function@GNUTLS_3_7_0 3.7.0 + gnutls_x509_trust_list_set_ptr@GNUTLS_3_7_0 3.7.0 + gnutls_x509_trust_list_verify_crt2@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_verify_crt@GNUTLS_3_4 3.7.0 + gnutls_x509_trust_list_verify_named_crt@GNUTLS_3_4 3.7.0 diff --git a/debian/libgnutlsxx30.install b/debian/libgnutlsxx30.install new file mode 100644 index 0000000..d3af152 --- /dev/null +++ b/debian/libgnutlsxx30.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/*/libgnutlsxx.so.* diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..dff38e8 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,6 @@ +usr/lib/${DEB_HOST_MULTIARCH}/guile/*/extensions/guile-gnutls-v-2.a +usr/lib/${DEB_HOST_MULTIARCH}/guile/*/extensions/guile-gnutls-v-2.la +usr/lib/*/libgnutls-dane.la +usr/lib/*/libgnutls-openssl.la +usr/lib/*/libgnutlsxx.la +usr/lib/*/libgnutls.la diff --git a/debian/patches/14_version_gettextcat.diff b/debian/patches/14_version_gettextcat.diff new file mode 100644 index 0000000..9a566aa --- /dev/null +++ b/debian/patches/14_version_gettextcat.diff @@ -0,0 +1,62 @@ +Description: Version filename of locale data (gnutls30.mo instead of + gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28 + co-installable. +Author: Andreas Metzler <ametzler@debian.org> +Last-Update: 2020-09-06 + +--- a/po/Makevars ++++ b/po/Makevars +@@ -5,7 +5,7 @@ + # unlimited permission to use, copy, distribute, and modify it. + + # Usually the message domain is the same as the package name. +-DOMAIN = $(PACKAGE) ++DOMAIN = $(PACKAGE)30 + + # These two variables depend on the location of this directory. + subdir = po +--- a/lib/global.c ++++ b/lib/global.c +@@ -262,7 +262,7 @@ static int _gnutls_global_init(unsigned + } + + #ifdef HAVE_DCGETTEXT +- bindtextdomain(PACKAGE, LOCALEDIR); ++ bindtextdomain(GNUTLSDOMAIN, LOCALEDIR); + #endif + + res = gnutls_crypto_init(); +--- a/configure.ac ++++ b/configure.ac +@@ -320,6 +320,9 @@ dnl Try the hooks.m4 + LIBGNUTLS_HOOKS + LIBGNUTLS_EXTRA_HOOKS + ++AC_DEFINE_UNQUOTED([GNUTLSDOMAIN], ["${PACKAGE}${DLL_VERSION}"], ++ [base filename for gettext message catalogue]) ++ + AC_ARG_ENABLE(tests, + AS_HELP_STRING([--disable-tests], [don't compile or run any tests]), + enable_tests=$enableval, enable_tests=$enable_tools) +--- a/lib/str.h ++++ b/lib/str.h +@@ -33,7 +33,7 @@ + + #ifdef HAVE_DCGETTEXT + # include "gettext.h" +-# define _(String) dgettext (PACKAGE, String) ++# define _(String) dgettext (GNUTLSDOMAIN, String) + # define N_(String) gettext_noop (String) + #else + # define _(String) String +--- a/libdane/errors.c ++++ b/libdane/errors.c +@@ -25,7 +25,7 @@ + + /* I18n of error codes. */ + #include "gettext.h" +-#define _(String) dgettext (PACKAGE, String) ++#define _(String) dgettext (GNUTLSDOMAIN, String) + #define N_(String) gettext_noop (String) + + #define ERROR_ENTRY(desc, name) \ diff --git a/debian/patches/30_guile-snarf.diff b/debian/patches/30_guile-snarf.diff new file mode 100644 index 0000000..f4f09b3 --- /dev/null +++ b/debian/patches/30_guile-snarf.diff @@ -0,0 +1,18 @@ +Description: Work around guile-snarf hardcoding the at-build default compiler + which breaks when it changes ion Debian. +Author: Andreas Metzler <ametzler@debian.org> +Origin: vendor +Bug-Debian: https://bugs.debian.org/759096 +Last-Update: 2014-08-24 + +--- gnutls28-3.3.6.orig/guile/src/Makefile.am ++++ gnutls28-3.3.6/guile/src/Makefile.am +@@ -15,6 +15,8 @@ + # License along with GnuTLS; if not, write to the Free Software + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + ++export CPP := @CPP@ ++ + GUILE_FOR_BUILD = \ + GUILE_AUTO_COMPILE=0 $(GUILE) -L $(top_srcdir)/guile/modules + diff --git a/debian/patches/40_srptest_doubletimeout.diff b/debian/patches/40_srptest_doubletimeout.diff new file mode 100644 index 0000000..0021971 --- /dev/null +++ b/debian/patches/40_srptest_doubletimeout.diff @@ -0,0 +1,47 @@ +Description: Increase timeout for srp test, fixing build error on mipsel +Author: Andreas Metzler <ametzler@debian.org> +Origin: vendor +Bug: https://gitlab.com/gnutls/gnutls/-/issues/1354 +Last-Update: 2022-04-13 + +--- a/tests/srp.c ++++ b/tests/srp.c +@@ -46,10 +46,12 @@ + #include <assert.h> + #include <gnutls/gnutls.h> + + #include "utils.h" + ++#define SRPTIMEOUTMULTIPLIER 2 ++ + static void terminate(void); + + /* This program tests the SRP and SRP-RSA ciphersuites. + */ + +@@ -129,11 +131,11 @@ + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); +- gnutls_handshake_set_timeout(session, get_timeout()); ++ gnutls_handshake_set_timeout(session, get_timeout() * SRPTIMEOUTMULTIPLIER ); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); +@@ -227,11 +229,11 @@ + gnutls_credentials_set(session, GNUTLS_CRD_SRP, s_srp_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + s_x509_cred); + + gnutls_transport_set_int(session, fd); +- gnutls_handshake_set_timeout(session, get_timeout()); ++ gnutls_handshake_set_timeout(session, get_timeout() * SRPTIMEOUTMULTIPLIER ); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); diff --git a/debian/patches/50_Fix-removal-of-duplicate-certs-during-verification.patch b/debian/patches/50_Fix-removal-of-duplicate-certs-during-verification.patch new file mode 100644 index 0000000..d8250cf --- /dev/null +++ b/debian/patches/50_Fix-removal-of-duplicate-certs-during-verification.patch @@ -0,0 +1,455 @@ +From e89378d5853d9bd0136b95aade37e23762ad9290 Mon Sep 17 00:00:00 2001 +From: Zoltan Fridrich <zfridric@redhat.com> +Date: Mon, 17 Oct 2022 15:27:37 +0200 +Subject: [PATCH] Fix removal of duplicate certs during verification + +Co-authored-by: Daiki Ueno <ueno@gnu.org> +Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> +--- + .gitignore | 1 + + lib/x509/verify-high.c | 101 ++++--------------- + tests/Makefile.am | 2 +- + tests/x509-verify-duplicate.c | 181 ++++++++++++++++++++++++++++++++++ + 4 files changed, 203 insertions(+), 82 deletions(-) + create mode 100644 tests/x509-verify-duplicate.c + +diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c +index 3b9a1011d0..0c46881398 100644 +--- a/lib/x509/verify-high.c ++++ b/lib/x509/verify-high.c +@@ -31,14 +31,16 @@ + #include <datum.h> + #include <hash-pjw-bare.h> + #include "x509_int.h" + #include <common.h> + #include <gnutls/x509-ext.h> + #include "verify-high.h" + #include "intprops.h" ++#include "gl_linkedhash_list.h" ++#include "gl_list.h" + + struct named_cert_st { + gnutls_x509_crt_t cert; + uint8_t name[MAX_SERVER_NAME_SIZE]; + unsigned int name_size; + }; + +@@ -64,90 +66,27 @@ struct gnutls_x509_trust_list_iter { + unsigned int pkcs11_index; + unsigned int pkcs11_size; + #endif + }; + + #define DEFAULT_SIZE 127 + +-struct cert_set_node_st { +- gnutls_x509_crt_t *certs; +- unsigned int size; +-}; +- +-struct cert_set_st { +- struct cert_set_node_st *node; +- unsigned int size; +-}; +- +-static int +-cert_set_init(struct cert_set_st *set, unsigned int size) +-{ +- memset(set, 0, sizeof(*set)); +- +- set->size = size; +- set->node = gnutls_calloc(size, sizeof(*set->node)); +- if (!set->node) { +- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); +- } +- +- return 0; +-} +- +-static void +-cert_set_deinit(struct cert_set_st *set) +-{ +- size_t i; +- +- for (i = 0; i < set->size; i++) { +- gnutls_free(set->node[i].certs); +- } +- +- gnutls_free(set->node); +-} +- + static bool +-cert_set_contains(struct cert_set_st *set, const gnutls_x509_crt_t cert) ++cert_eq(const void *cert1, const void *cert2) + { +- size_t hash, i; +- +- hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size); +- hash %= set->size; +- +- for (i = 0; i < set->node[hash].size; i++) { +- if (unlikely(gnutls_x509_crt_equals(set->node[hash].certs[i], cert))) { +- return true; +- } +- } +- +- return false; ++ const gnutls_x509_crt_t c1 = (const gnutls_x509_crt_t)cert1; ++ const gnutls_x509_crt_t c2 = (const gnutls_x509_crt_t)cert2; ++ return gnutls_x509_crt_equals(c1, c2); + } + +-static int +-cert_set_add(struct cert_set_st *set, const gnutls_x509_crt_t cert) ++static size_t ++cert_hashcode(const void *cert) + { +- size_t hash; +- +- hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size); +- hash %= set->size; +- +- if (unlikely(INT_ADD_OVERFLOW(set->node[hash].size, 1))) { +- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); +- } +- +- set->node[hash].certs = +- _gnutls_reallocarray_fast(set->node[hash].certs, +- set->node[hash].size + 1, +- sizeof(*set->node[hash].certs)); +- if (!set->node[hash].certs) { +- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); +- } +- set->node[hash].certs[set->node[hash].size] = cert; +- set->node[hash].size++; +- +- return 0; ++ const gnutls_x509_crt_t c = (const gnutls_x509_crt_t)cert; ++ return hash_pjw_bare(c->raw_dn.data, c->raw_dn.size) % DEFAULT_MAX_VERIFY_DEPTH; + } + + /** + * gnutls_x509_trust_list_init: + * @list: A pointer to the type to be initialized + * @size: The size of the internal hash table. Use (0) for default size. + * +@@ -1422,15 +1361,15 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t retrieved[DEFAULT_MAX_VERIFY_DEPTH]; + unsigned int retrieved_size = 0; + const char *hostname = NULL, *purpose = NULL, *email = NULL; + unsigned hostname_size = 0; + unsigned have_set_name = 0; + unsigned saved_output; + gnutls_datum_t ip = {NULL, 0}; +- struct cert_set_st cert_set = { NULL, 0 }; ++ gl_list_t records; + + if (cert_list == NULL || cert_list_size < 1) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + for (i=0;i<elements;i++) { + if (data[i].type == GNUTLS_DT_DNS_HOSTNAME) { + hostname = (void*)data[i].data; +@@ -1471,34 +1410,33 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + return 0; + } + } + + memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t)); + cert_list = sorted; + +- ret = cert_set_init(&cert_set, DEFAULT_MAX_VERIFY_DEPTH); +- if (ret < 0) { +- return ret; +- } ++ records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq, cert_hashcode, NULL, false); ++ if (records == NULL) ++ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + for (i = 0; i < cert_list_size && + cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH; ) { + unsigned int sorted_size = 1; + unsigned int j; + gnutls_x509_crt_t issuer; + + if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN)) { + sorted_size = _gnutls_sort_clist(&cert_list[i], + cert_list_size - i); + } + + /* Remove duplicates. Start with index 1, as the first element + * may be re-checked after issuer retrieval. */ +- for (j = 1; j < sorted_size; j++) { +- if (cert_set_contains(&cert_set, cert_list[i + j])) { ++ for (j = 0; j < sorted_size; j++) { ++ if (gl_list_search(records, cert_list[i + j])) { + if (i + j < cert_list_size - 1) { + memmove(&cert_list[i + j], + &cert_list[i + j + 1], + sizeof(cert_list[i])); + } + cert_list_size--; + break; +@@ -1507,16 +1445,16 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + /* Found a duplicate, try again with the same index. */ + if (j < sorted_size) { + continue; + } + + /* Record the certificates seen. */ + for (j = 0; j < sorted_size; j++, i++) { +- ret = cert_set_add(&cert_set, cert_list[i]); +- if (ret < 0) { ++ if (!gl_list_nx_add_last(records, cert_list[i])) { ++ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto cleanup; + } + } + + /* If the issuer of the certificate is known, no need + * for further processing. */ + if (gnutls_x509_trust_list_get_issuer(list, +@@ -1555,14 +1493,15 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + &retrieved[retrieved_size], + ret * sizeof(gnutls_x509_crt_t)); + retrieved_size += ret; + cert_list_size += ret; + + /* Start again from the end of the previous segment. */ + i--; ++ gl_list_remove(records, cert_list[i]); + } + } + + cert_list_size = shorten_clist(list, cert_list, cert_list_size); + if (cert_list_size <= 0) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + +@@ -1714,15 +1653,15 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, + } + } + + cleanup: + for (i = 0; i < retrieved_size; i++) { + gnutls_x509_crt_deinit(retrieved[i]); + } +- cert_set_deinit(&cert_set); ++ gl_list_free(records); + return ret; + } + + /** + * gnutls_x509_trust_list_verify_named_crt: + * @list: The list + * @cert: is the certificate to be verified +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 9d89a8282a..b6c3536a92 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -175,15 +175,15 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + mini-record mini-dtls-record handshake-timeout mini-record-range \ + cert-status fips-mode-pthread rsa-psk global-init sec-params sign-verify-data \ + fips-test fips-override-test mini-global-load name-constraints x509-extensions \ + long-session-id mini-x509-callbacks-intr mini-dtls-lowmtu set_x509_key_file-late \ + crlverify mini-dtls-discard mini-record-failure openconnect-dtls12 \ + tls12-rehandshake-cert-2 custom-urls set_x509_key_mem set_x509_key_file \ + tls12-rehandshake-cert-auto tls12-rehandshake-set-prio \ +- mini-chain-unsorted x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \ ++ mini-chain-unsorted x509-verify-duplicate x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \ + mini-dtls-record-asym key-import-export priority-set priority-set2 \ + pubkey-import-export sign-is-secure spki spki-abstract rsa-rsa-pss \ + mini-dtls-fork dtls-pthread mini-key-material x509cert-invalid \ + tls-ext-register tls-supplemental mini-dtls0-9 duplicate-extensions \ + record-retvals mini-server-name tls-etm tls-force-etm x509-cert-callback alerts \ + client-sign-md5-rep tls12-invalid-key-exchanges session-rdn-read \ + tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \ +diff --git a/tests/x509-verify-duplicate.c b/tests/x509-verify-duplicate.c +new file mode 100644 +index 0000000000..f47a8b2d81 +--- /dev/null ++++ b/tests/x509-verify-duplicate.c +@@ -0,0 +1,181 @@ ++/* ++ * Copyright (C) 2022 Red Hat, Inc. ++ * ++ * Author: Zoltan Fridrich ++ * ++ * This file is part of GnuTLS. ++ * ++ * GnuTLS is free software: you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GnuTLS is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <gnutls/x509.h> ++ ++#include "utils.h" ++ ++#define CHECK(X)\ ++{\ ++ r = X;\ ++ if (r < 0)\ ++ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\ ++}\ ++ ++static char cert_pem[] = ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIFLzCCBBegAwIBAgISAycvItcPAZ5yClzMOYYcod4cMA0GCSqGSIb3DQEBCwUA\n" ++ "MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\n" ++ "EwJSMzAeFw0yMjA4MjMwNjMzMjlaFw0yMjExMjEwNjMzMjhaMBcxFTATBgNVBAMT\n" ++ "DHZvaWRwb2ludC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSt\n" ++ "AazUWttuU/swyEdt70bpod6knYDJavnFUwicpT4ZfPh84Y2ci9Ay9oTVR8LzVq+o\n" ++ "3FIGxXlBFhCtoGA5k5Soao/JB40+gsY+O8LgcNAdejU78m5W4e2qXq4eu/4tFUCw\n" ++ "GkcRmqitnc5Jy0bEM+wCZKa42Lx0+WAhNRd/70yWIbzXOrXDnLgGc221JeYJ4it0\n" ++ "ajYcf3AZuSHhL3qsTLLzuYorPqWmDy27psUiDDJOIjxVbBCRL+AY40TsQm7CZZhZ\n" ++ "8sCkZU7rIvuDv7nf3QpUsF9Zqk9B3F4tTg0vsVuYeL1XCHGwpVeUS83MsZiLP8Zj\n" ++ "XGQTM6GiWuOAZ9JJjrsCAwEAAaOCAlgwggJUMA4GA1UdDwEB/wQEAwIFoDAdBgNV\n" ++ "HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E\n" ++ "FgQUlw1h3ZwSMKRwkrQ+F4XT3QV/tn8wHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA\n" ++ "5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu\n" ++ "by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w\n" ++ "JwYDVR0RBCAwHoIOKi52b2lkcG9pbnQuaW+CDHZvaWRwb2ludC5pbzBMBgNVHSAE\n" ++ "RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw\n" ++ "Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2\n" ++ "AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABgsme4hAAAAQDAEcw\n" ++ "RQIhAP6sPHv1PJez/VRMw5xmAAkNU/q9ydq1mTgp7j5uBB9AAiAxm+teG9utZCLP\n" ++ "TTTv89FHwFV9omfZzDNAiNgg8METHwB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4\n" ++ "+U1dJlwlXceEAAABgsme4gUAAAQDAEgwRgIhAPKWJ7WeuBUSnDqabTAVLKU+PpzA\n" ++ "bJJ9sehaCKW9AicZAiEAqphpC0lF4/iz2Gkxgd/DEkl9SyyAmR/lEJ7cWDMFhz8w\n" ++ "DQYJKoZIhvcNAQELBQADggEBAC0aCscObAdTerzGUrDsuQR5FuCTAmvdk3Isqjw1\n" ++ "dG3WuiwW1Z4ecpqCdvDSIv3toQDWVk6g/oa3fHDnY0/tu//vCwdneDdjK3gCM6cj\n" ++ "/q0cwj+rGFx/bEVz8PR5kc3DOHGKkmHPN1BNxeLBVpk4jxziXryAVbIvxq9JrGTE\n" ++ "SfWbWcMkHHw/QzpUfyD3B/GI8qw6XhdaNNkLDEDNV0sCPCuZYc5FBZzU4ExB2vMG\n" ++ "QVnPfxzKWmxHs10uxXyRZJlOrrbTGU8gi0vnOQZK290dtLzEyU2sdkic1ZSn+fCo\n" ++ "k++37mNDkiTnIQa3olRqHkypWqGfj8OyqU4XBV2Mmu4UATc=\n" ++ "-----END CERTIFICATE-----\n" ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIFLzCCBBegAwIBAgISAycvItcPAZ5yClzMOYYcod4cMA0GCSqGSIb3DQEBCwUA\n" ++ "MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\n" ++ "EwJSMzAeFw0yMjA4MjMwNjMzMjlaFw0yMjExMjEwNjMzMjhaMBcxFTATBgNVBAMT\n" ++ "DHZvaWRwb2ludC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSt\n" ++ "AazUWttuU/swyEdt70bpod6knYDJavnFUwicpT4ZfPh84Y2ci9Ay9oTVR8LzVq+o\n" ++ "3FIGxXlBFhCtoGA5k5Soao/JB40+gsY+O8LgcNAdejU78m5W4e2qXq4eu/4tFUCw\n" ++ "GkcRmqitnc5Jy0bEM+wCZKa42Lx0+WAhNRd/70yWIbzXOrXDnLgGc221JeYJ4it0\n" ++ "ajYcf3AZuSHhL3qsTLLzuYorPqWmDy27psUiDDJOIjxVbBCRL+AY40TsQm7CZZhZ\n" ++ "8sCkZU7rIvuDv7nf3QpUsF9Zqk9B3F4tTg0vsVuYeL1XCHGwpVeUS83MsZiLP8Zj\n" ++ "XGQTM6GiWuOAZ9JJjrsCAwEAAaOCAlgwggJUMA4GA1UdDwEB/wQEAwIFoDAdBgNV\n" ++ "HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E\n" ++ "FgQUlw1h3ZwSMKRwkrQ+F4XT3QV/tn8wHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA\n" ++ "5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu\n" ++ "by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w\n" ++ "JwYDVR0RBCAwHoIOKi52b2lkcG9pbnQuaW+CDHZvaWRwb2ludC5pbzBMBgNVHSAE\n" ++ "RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw\n" ++ "Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2\n" ++ "AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABgsme4hAAAAQDAEcw\n" ++ "RQIhAP6sPHv1PJez/VRMw5xmAAkNU/q9ydq1mTgp7j5uBB9AAiAxm+teG9utZCLP\n" ++ "TTTv89FHwFV9omfZzDNAiNgg8METHwB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4\n" ++ "+U1dJlwlXceEAAABgsme4gUAAAQDAEgwRgIhAPKWJ7WeuBUSnDqabTAVLKU+PpzA\n" ++ "bJJ9sehaCKW9AicZAiEAqphpC0lF4/iz2Gkxgd/DEkl9SyyAmR/lEJ7cWDMFhz8w\n" ++ "DQYJKoZIhvcNAQELBQADggEBAC0aCscObAdTerzGUrDsuQR5FuCTAmvdk3Isqjw1\n" ++ "dG3WuiwW1Z4ecpqCdvDSIv3toQDWVk6g/oa3fHDnY0/tu//vCwdneDdjK3gCM6cj\n" ++ "/q0cwj+rGFx/bEVz8PR5kc3DOHGKkmHPN1BNxeLBVpk4jxziXryAVbIvxq9JrGTE\n" ++ "SfWbWcMkHHw/QzpUfyD3B/GI8qw6XhdaNNkLDEDNV0sCPCuZYc5FBZzU4ExB2vMG\n" ++ "QVnPfxzKWmxHs10uxXyRZJlOrrbTGU8gi0vnOQZK290dtLzEyU2sdkic1ZSn+fCo\n" ++ "k++37mNDkiTnIQa3olRqHkypWqGfj8OyqU4XBV2Mmu4UATc=\n" ++ "-----END CERTIFICATE-----\n" ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\n" ++ "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" ++ "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\n" ++ "WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n" ++ "RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" ++ "AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\n" ++ "R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\n" ++ "sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\n" ++ "NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\n" ++ "Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n" ++ "/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\n" ++ "AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\n" ++ "Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\n" ++ "FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\n" ++ "AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\n" ++ "Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\n" ++ "gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\n" ++ "PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\n" ++ "ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\n" ++ "CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\n" ++ "lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\n" ++ "avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\n" ++ "yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\n" ++ "yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\n" ++ "hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\n" ++ "HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\n" ++ "MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\n" ++ "nLRbwHOoq7hHwg==\n" ++ "-----END CERTIFICATE-----\n" ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\n" ++ "MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n" ++ "DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\n" ++ "TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" ++ "cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\n" ++ "AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\n" ++ "ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\n" ++ "wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\n" ++ "LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n" ++ "4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\n" ++ "bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\n" ++ "sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\n" ++ "Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\n" ++ "FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\n" ++ "SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\n" ++ "PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\n" ++ "TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n" ++ "SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\n" ++ "c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n" ++ "+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\n" ++ "ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\n" ++ "b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\n" ++ "U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\n" ++ "MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n" ++ "5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n" ++ "9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\n" ++ "WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\n" ++ "he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\n" ++ "Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n" ++ "-----END CERTIFICATE-----\n"; ++ ++void doit(void) ++{ ++ int r; ++ unsigned i, certs_size, out; ++ unsigned flags = GNUTLS_VERIFY_DO_NOT_ALLOW_SAME | GNUTLS_VERIFY_DISABLE_TIME_CHECKS; ++ gnutls_x509_trust_list_t tl; ++ gnutls_x509_crt_t *certs = NULL; ++ gnutls_datum_t cert = { (unsigned char *)cert_pem, sizeof(cert_pem) - 1 }; ++ ++ CHECK(gnutls_x509_crt_list_import2(&certs, &certs_size, &cert, GNUTLS_X509_FMT_PEM, 0)); ++ CHECK(gnutls_x509_trust_list_init(&tl, 0)); ++ CHECK(gnutls_x509_trust_list_add_cas(tl, certs + certs_size - 1, 1, 0)); ++ CHECK(gnutls_x509_trust_list_verify_crt(tl, certs, certs_size, flags, &out, NULL)); ++ ++ if (out) ++ fail("Not verified\n"); ++ ++ gnutls_x509_trust_list_deinit(tl, 0); ++ for (i = 0; i < certs_size; ++i) ++ gnutls_x509_crt_deinit(certs[i]); ++ gnutls_free(certs); ++} +-- +2.35.1 + diff --git a/debian/patches/51_add-gnulib-linkedhash-list-module.diff b/debian/patches/51_add-gnulib-linkedhash-list-module.diff new file mode 100644 index 0000000..a7ce2fa --- /dev/null +++ b/debian/patches/51_add-gnulib-linkedhash-list-module.diff @@ -0,0 +1,2637 @@ +Description: Result of rebootstrapping with linkedhash-list module + Needed for 50_Fix-removal-of-duplicate-certs-during-verification.patch + . + Add linkedhash-list to gnulib_modules= in bootstrap.conf and run + ./bootstrap +Author: Andreas Metzler <ametzler@debian.org> +Origin: vendor +Forwarded: not-needed +Last-Update: 2022-10-31 + +--- /dev/null ++++ b/gl/gl_anyhash1.h +@@ -0,0 +1,31 @@ ++/* Hash table for sequential list, set, and map data type. ++ Copyright (C) 2006, 2009-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++/* Common code of ++ gl_linkedhash_list.c, gl_avltreehash_list.c, gl_rbtreehash_list.c, ++ gl_linkedhash_set.c, gl_hash_set.c, ++ gl_linkedhash_map.c, gl_hash_map.c. */ ++ ++/* Hash table entry. */ ++struct gl_hash_entry ++{ ++ struct gl_hash_entry *hash_next; /* chain of entries in same bucket */ ++ size_t hashcode; /* cache of the hash code of ++ - the key (for map data type) or ++ - the value (for list, set data types) */ ++}; ++typedef struct gl_hash_entry * gl_hash_entry_t; +--- /dev/null ++++ b/gl/gl_anyhash2.h +@@ -0,0 +1,82 @@ ++/* Hash table for sequential list, set, and map data type. ++ Copyright (C) 2006, 2009-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++/* Common code of ++ gl_linkedhash_list.c, gl_avltreehash_list.c, gl_rbtreehash_list.c, ++ gl_linkedhash_set.c, gl_hash_set.c, ++ gl_linkedhash_map.c, gl_hash_map.c. */ ++ ++#include "gl_anyhash_primes.h" ++ ++/* Resizes the hash table with a new estimated size. */ ++static void ++hash_resize (CONTAINER_T container, size_t estimate) ++{ ++ size_t new_size = next_prime (estimate); ++ ++ if (new_size > container->table_size) ++ { ++ gl_hash_entry_t *old_table = container->table; ++ /* Allocate the new table. */ ++ gl_hash_entry_t *new_table; ++ size_t i; ++ ++ if (size_overflow_p (xtimes (new_size, sizeof (gl_hash_entry_t)))) ++ goto fail; ++ new_table = ++ (gl_hash_entry_t *) calloc (new_size, sizeof (gl_hash_entry_t)); ++ if (new_table == NULL) ++ goto fail; ++ ++ /* Iterate through the entries of the old table. */ ++ for (i = container->table_size; i > 0; ) ++ { ++ gl_hash_entry_t node = old_table[--i]; ++ ++ while (node != NULL) ++ { ++ gl_hash_entry_t next = node->hash_next; ++ /* Add the entry to the new table. */ ++ size_t bucket = node->hashcode % new_size; ++ node->hash_next = new_table[bucket]; ++ new_table[bucket] = node; ++ ++ node = next; ++ } ++ } ++ ++ container->table = new_table; ++ container->table_size = new_size; ++ free (old_table); ++ } ++ return; ++ ++ fail: ++ /* Just continue without resizing the table. */ ++ return; ++} ++ ++/* Resizes the hash table if needed, after CONTAINER_COUNT (container) was ++ incremented. */ ++static void ++hash_resize_after_add (CONTAINER_T container) ++{ ++ size_t count = CONTAINER_COUNT (container); ++ size_t estimate = xsum (count, count / 2); /* 1.5 * count */ ++ if (estimate > container->table_size) ++ hash_resize (container, estimate); ++} +--- /dev/null ++++ b/gl/gl_anyhash_primes.h +@@ -0,0 +1,87 @@ ++/* Table of primes, for use by hash tables. ++ Copyright (C) 2006, 2009-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++/* Array of primes, approximately in steps of factor 1.2. ++ This table was computed by executing the Common Lisp expression ++ (dotimes (i 244) (format t "nextprime(~D)~%" (ceiling (expt 1.2d0 i)))) ++ and feeding the result to PARI/gp. */ ++static const size_t primes[] = ++ { ++ 11, 13, 17, 19, 23, 29, 37, 41, 47, 59, 67, 83, 97, 127, 139, 167, 199, ++ 239, 293, 347, 419, 499, 593, 709, 853, 1021, 1229, 1471, 1777, 2129, 2543, ++ 3049, 3659, 4391, 5273, 6323, 7589, 9103, 10937, 13109, 15727, 18899, ++ 22651, 27179, 32609, 39133, 46957, 56359, 67619, 81157, 97369, 116849, ++ 140221, 168253, 201907, 242309, 290761, 348889, 418667, 502409, 602887, ++ 723467, 868151, 1041779, 1250141, 1500181, 1800191, 2160233, 2592277, ++ 3110741, 3732887, 4479463, 5375371, 6450413, 7740517, 9288589, 11146307, ++ 13375573, 16050689, 19260817, 23112977, 27735583, 33282701, 39939233, ++ 47927081, 57512503, 69014987, 82818011, 99381577, 119257891, 143109469, ++ 171731387, 206077643, 247293161, 296751781, 356102141, 427322587, ++ 512787097, 615344489, 738413383, 886096061, 1063315271, 1275978331, ++ 1531174013, 1837408799, 2204890543UL, 2645868653UL, 3175042391UL, ++ 3810050851UL, ++#if SIZE_MAX > 4294967295UL ++ 4572061027UL, 5486473229UL, 6583767889UL, 7900521449UL, 9480625733UL, ++ 11376750877UL, 13652101063UL, 16382521261UL, 19659025513UL, 23590830631UL, ++ 28308996763UL, 33970796089UL, 40764955463UL, 48917946377UL, 58701535657UL, ++ 70441842749UL, 84530211301UL, 101436253561UL, 121723504277UL, ++ 146068205131UL, 175281846149UL, 210338215379UL, 252405858521UL, ++ 302887030151UL, 363464436191UL, 436157323417UL, 523388788231UL, ++ 628066545713UL, 753679854847UL, 904415825857UL, 1085298991109UL, ++ 1302358789181UL, 1562830547009UL, 1875396656429UL, 2250475987709UL, ++ 2700571185239UL, 3240685422287UL, 3888822506759UL, 4666587008147UL, ++ 5599904409713UL, 6719885291641UL, 8063862349969UL, 9676634819959UL, ++ 11611961783951UL, 13934354140769UL, 16721224968907UL, 20065469962669UL, ++ 24078563955191UL, 28894276746229UL, 34673132095507UL, 41607758514593UL, ++ 49929310217531UL, 59915172260971UL, 71898206713183UL, 86277848055823UL, ++ 103533417666967UL, 124240101200359UL, 149088121440451UL, 178905745728529UL, ++ 214686894874223UL, 257624273849081UL, 309149128618903UL, 370978954342639UL, ++ 445174745211143UL, 534209694253381UL, 641051633104063UL, 769261959724877UL, ++ 923114351670013UL, 1107737222003791UL, 1329284666404567UL, ++ 1595141599685509UL, 1914169919622551UL, 2297003903547091UL, ++ 2756404684256459UL, 3307685621107757UL, 3969222745329323UL, ++ 4763067294395177UL, 5715680753274209UL, 6858816903929113UL, ++ 8230580284714831UL, 9876696341657791UL, 11852035609989371UL, ++ 14222442731987227UL, 17066931278384657UL, 20480317534061597UL, ++ 24576381040873903UL, 29491657249048679UL, 35389988698858471UL, ++ 42467986438630267UL, 50961583726356109UL, 61153900471627387UL, ++ 73384680565952851UL, 88061616679143347UL, 105673940014972061UL, ++ 126808728017966413UL, 152170473621559703UL, 182604568345871671UL, ++ 219125482015045997UL, 262950578418055169UL, 315540694101666193UL, ++ 378648832921999397UL, 454378599506399233UL, 545254319407679131UL, ++ 654305183289214771UL, 785166219947057701UL, 942199463936469157UL, ++ 1130639356723763129UL, 1356767228068515623UL, 1628120673682218619UL, ++ 1953744808418662409UL, 2344493770102394881UL, 2813392524122873857UL, ++ 3376071028947448339UL, 4051285234736937517UL, 4861542281684325481UL, ++ 5833850738021191727UL, 7000620885625427969UL, 8400745062750513217UL, ++ 10080894075300616261UL, 12097072890360739951UL, 14516487468432885797UL, ++ 17419784962119465179UL, ++#endif ++ SIZE_MAX /* sentinel, to ensure the search terminates */ ++ }; ++ ++/* Returns a suitable prime >= ESTIMATE. */ ++static size_t ++next_prime (size_t estimate) ++{ ++ size_t i; ++ ++ for (i = 0; i < sizeof (primes) / sizeof (primes[0]); i++) ++ if (primes[i] >= estimate) ++ return primes[i]; ++ return SIZE_MAX; /* not a prime, but better than nothing */ ++} +--- /dev/null ++++ b/gl/gl_anylinked_list1.h +@@ -0,0 +1,48 @@ ++/* Sequential list data type implemented by a linked list. ++ Copyright (C) 2006, 2009-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++/* Common code of gl_linked_list.c and gl_linkedhash_list.c. */ ++ ++/* -------------------------- gl_list_t Data Type -------------------------- */ ++ ++/* Concrete list node implementation, valid for this file only. */ ++struct gl_list_node_impl ++{ ++#if WITH_HASHTABLE ++ struct gl_hash_entry h; /* hash table entry fields; must be first */ ++#endif ++ struct gl_list_node_impl *next; ++ struct gl_list_node_impl *prev; ++ const void *value; ++}; ++ ++/* Concrete gl_list_impl type, valid for this file only. */ ++struct gl_list_impl ++{ ++ struct gl_list_impl_base base; ++#if WITH_HASHTABLE ++ /* A hash table: managed as an array of collision lists. */ ++ struct gl_hash_entry **table; ++ size_t table_size; ++#endif ++ /* A circular list anchored at root. ++ The first node is = root.next, the last node is = root.prev. ++ The root's value is unused. */ ++ struct gl_list_node_impl root; ++ /* Number of list nodes, excluding the root. */ ++ size_t count; ++}; +--- /dev/null ++++ b/gl/gl_anylinked_list2.h +@@ -0,0 +1,1215 @@ ++/* Sequential list data type implemented by a linked list. ++ Copyright (C) 2006-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++/* Common code of gl_linked_list.c and gl_linkedhash_list.c. */ ++ ++/* If the symbol SIGNAL_SAFE_LIST is defined, the code is compiled in such ++ a way that a gl_list_t data structure may be used from within a signal ++ handler. The operations allowed in the signal handler are: ++ gl_list_iterator, gl_list_iterator_next, gl_list_iterator_free. ++ The list and node fields that are therefore accessed from the signal handler ++ are: ++ list->root, node->next, node->value. ++ We are careful to make modifications to these fields only in an order ++ that maintains the consistency of the list data structure at any moment, ++ and we use 'volatile' assignments to prevent the compiler from reordering ++ such assignments. */ ++#ifdef SIGNAL_SAFE_LIST ++# define ASYNCSAFE(type) *(type volatile *)& ++#else ++# define ASYNCSAFE(type) ++#endif ++ ++/* -------------------------- gl_list_t Data Type -------------------------- */ ++ ++static gl_list_t ++gl_linked_nx_create_empty (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates) ++{ ++ struct gl_list_impl *list = ++ (struct gl_list_impl *) malloc (sizeof (struct gl_list_impl)); ++ ++ if (list == NULL) ++ return NULL; ++ ++ list->base.vtable = implementation; ++ list->base.equals_fn = equals_fn; ++ list->base.hashcode_fn = hashcode_fn; ++ list->base.dispose_fn = dispose_fn; ++ list->base.allow_duplicates = allow_duplicates; ++#if WITH_HASHTABLE ++ list->table_size = 11; ++ list->table = ++ (gl_hash_entry_t *) calloc (list->table_size, sizeof (gl_hash_entry_t)); ++ if (list->table == NULL) ++ goto fail; ++#endif ++ list->root.next = &list->root; ++ list->root.prev = &list->root; ++ list->count = 0; ++ ++ return list; ++ ++#if WITH_HASHTABLE ++ fail: ++ free (list); ++ return NULL; ++#endif ++} ++ ++static gl_list_t ++gl_linked_nx_create (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates, ++ size_t count, const void **contents) ++{ ++ struct gl_list_impl *list = ++ (struct gl_list_impl *) malloc (sizeof (struct gl_list_impl)); ++ gl_list_node_t tail; ++ ++ if (list == NULL) ++ return NULL; ++ ++ list->base.vtable = implementation; ++ list->base.equals_fn = equals_fn; ++ list->base.hashcode_fn = hashcode_fn; ++ list->base.dispose_fn = dispose_fn; ++ list->base.allow_duplicates = allow_duplicates; ++#if WITH_HASHTABLE ++ { ++ size_t estimate = xsum (count, count / 2); /* 1.5 * count */ ++ if (estimate < 10) ++ estimate = 10; ++ list->table_size = next_prime (estimate); ++ if (size_overflow_p (xtimes (list->table_size, sizeof (gl_hash_entry_t)))) ++ goto fail1; ++ list->table = ++ (gl_hash_entry_t *) calloc (list->table_size, sizeof (gl_hash_entry_t)); ++ if (list->table == NULL) ++ goto fail1; ++ } ++#endif ++ list->count = count; ++ tail = &list->root; ++ for (; count > 0; contents++, count--) ++ { ++ gl_list_node_t node = ++ (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); ++ ++ if (node == NULL) ++ goto fail2; ++ ++ node->value = *contents; ++#if WITH_HASHTABLE ++ node->h.hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (node->value) ++ : (size_t)(uintptr_t) node->value); ++ ++ /* Add node to the hash table. */ ++ if (add_to_bucket (list, node) < 0) ++ { ++ free (node); ++ goto fail2; ++ } ++#endif ++ ++ /* Add node to the list. */ ++ node->prev = tail; ++ tail->next = node; ++ tail = node; ++ } ++ tail->next = &list->root; ++ list->root.prev = tail; ++ ++ return list; ++ ++ fail2: ++ { ++ gl_list_node_t node; ++ ++ for (node = tail; node != &list->root; ) ++ { ++ gl_list_node_t prev = node->prev; ++ ++ free (node); ++ node = prev; ++ } ++ } ++#if WITH_HASHTABLE ++ free (list->table); ++ fail1: ++#endif ++ free (list); ++ return NULL; ++} ++ ++static size_t _GL_ATTRIBUTE_PURE ++gl_linked_size (gl_list_t list) ++{ ++ return list->count; ++} ++ ++static const void * _GL_ATTRIBUTE_PURE ++gl_linked_node_value (gl_list_t list _GL_ATTRIBUTE_MAYBE_UNUSED, ++ gl_list_node_t node) ++{ ++ return node->value; ++} ++ ++static int ++gl_linked_node_nx_set_value (gl_list_t list _GL_ATTRIBUTE_MAYBE_UNUSED, ++ gl_list_node_t node, ++ const void *elt) ++{ ++#if WITH_HASHTABLE ++ if (elt != node->value) ++ { ++ size_t new_hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (elt) ++ : (size_t)(uintptr_t) elt); ++ ++ if (new_hashcode != node->h.hashcode) ++ { ++ remove_from_bucket (list, node); ++ node->value = elt; ++ node->h.hashcode = new_hashcode; ++ if (add_to_bucket (list, node) < 0) ++ { ++ /* Out of memory. We removed node from a bucket but cannot add ++ it to another bucket. In order to avoid inconsistencies, we ++ must remove node entirely from the list. */ ++ gl_list_node_t before_removed = node->prev; ++ gl_list_node_t after_removed = node->next; ++ ASYNCSAFE(gl_list_node_t) before_removed->next = after_removed; ++ after_removed->prev = before_removed; ++ list->count--; ++ free (node); ++ return -1; ++ } ++ } ++ else ++ node->value = elt; ++ } ++#else ++ node->value = elt; ++#endif ++ return 0; ++} ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_next_node (gl_list_t list, gl_list_node_t node) ++{ ++ return (node->next != &list->root ? node->next : NULL); ++} ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_previous_node (gl_list_t list, gl_list_node_t node) ++{ ++ return (node->prev != &list->root ? node->prev : NULL); ++} ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_first_node (gl_list_t list) ++{ ++ if (list->count > 0) ++ return list->root.next; ++ else ++ return NULL; ++} ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_last_node (gl_list_t list) ++{ ++ if (list->count > 0) ++ return list->root.prev; ++ else ++ return NULL; ++} ++ ++static const void * _GL_ATTRIBUTE_PURE ++gl_linked_get_at (gl_list_t list, size_t position) ++{ ++ size_t count = list->count; ++ gl_list_node_t node; ++ ++ if (!(position < count)) ++ /* Invalid argument. */ ++ abort (); ++ /* Here we know count > 0. */ ++ if (position <= ((count - 1) / 2)) ++ { ++ node = list->root.next; ++ for (; position > 0; position--) ++ node = node->next; ++ } ++ else ++ { ++ position = count - 1 - position; ++ node = list->root.prev; ++ for (; position > 0; position--) ++ node = node->prev; ++ } ++ return node->value; ++} ++ ++static gl_list_node_t ++gl_linked_nx_set_at (gl_list_t list, size_t position, const void *elt) ++{ ++ size_t count = list->count; ++ gl_list_node_t node; ++ ++ if (!(position < count)) ++ /* Invalid argument. */ ++ abort (); ++ /* Here we know count > 0. */ ++ if (position <= ((count - 1) / 2)) ++ { ++ node = list->root.next; ++ for (; position > 0; position--) ++ node = node->next; ++ } ++ else ++ { ++ position = count - 1 - position; ++ node = list->root.prev; ++ for (; position > 0; position--) ++ node = node->prev; ++ } ++#if WITH_HASHTABLE ++ if (elt != node->value) ++ { ++ size_t new_hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (elt) ++ : (size_t)(uintptr_t) elt); ++ ++ if (new_hashcode != node->h.hashcode) ++ { ++ remove_from_bucket (list, node); ++ node->value = elt; ++ node->h.hashcode = new_hashcode; ++ if (add_to_bucket (list, node) < 0) ++ { ++ /* Out of memory. We removed node from a bucket but cannot add ++ it to another bucket. In order to avoid inconsistencies, we ++ must remove node entirely from the list. */ ++ gl_list_node_t before_removed = node->prev; ++ gl_list_node_t after_removed = node->next; ++ ASYNCSAFE(gl_list_node_t) before_removed->next = after_removed; ++ after_removed->prev = before_removed; ++ list->count--; ++ free (node); ++ return NULL; ++ } ++ } ++ else ++ node->value = elt; ++ } ++#else ++ node->value = elt; ++#endif ++ return node; ++} ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_search_from_to (gl_list_t list, size_t start_index, size_t end_index, ++ const void *elt) ++{ ++ size_t count = list->count; ++ ++ if (!(start_index <= end_index && end_index <= count)) ++ /* Invalid arguments. */ ++ abort (); ++ { ++#if WITH_HASHTABLE ++ size_t hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (elt) ++ : (size_t)(uintptr_t) elt); ++ size_t bucket = hashcode % list->table_size; ++ gl_listelement_equals_fn equals = list->base.equals_fn; ++ ++ if (!list->base.allow_duplicates) ++ { ++ /* Look for the first match in the hash bucket. */ ++ gl_list_node_t found = NULL; ++ gl_list_node_t node; ++ ++ for (node = (gl_list_node_t) list->table[bucket]; ++ node != NULL; ++ node = (gl_list_node_t) node->h.hash_next) ++ if (node->h.hashcode == hashcode ++ && (equals != NULL ++ ? equals (elt, node->value) ++ : elt == node->value)) ++ { ++ found = node; ++ break; ++ } ++ if (start_index > 0) ++ /* Look whether found's index is < start_index. */ ++ for (node = list->root.next; ; node = node->next) ++ { ++ if (node == found) ++ return NULL; ++ if (--start_index == 0) ++ break; ++ } ++ if (end_index < count) ++ /* Look whether found's index is >= end_index. */ ++ { ++ end_index = count - end_index; ++ for (node = list->root.prev; ; node = node->prev) ++ { ++ if (node == found) ++ return NULL; ++ if (--end_index == 0) ++ break; ++ } ++ } ++ return found; ++ } ++ else ++ { ++ /* Look whether there is more than one match in the hash bucket. */ ++ bool multiple_matches = false; ++ gl_list_node_t first_match = NULL; ++ gl_list_node_t node; ++ ++ for (node = (gl_list_node_t) list->table[bucket]; ++ node != NULL; ++ node = (gl_list_node_t) node->h.hash_next) ++ if (node->h.hashcode == hashcode ++ && (equals != NULL ++ ? equals (elt, node->value) ++ : elt == node->value)) ++ { ++ if (first_match == NULL) ++ first_match = node; ++ else ++ { ++ multiple_matches = true; ++ break; ++ } ++ } ++ if (multiple_matches) ++ { ++ /* We need the match with the smallest index. But we don't have ++ a fast mapping node -> index. So we have to walk the list. */ ++ end_index -= start_index; ++ node = list->root.next; ++ for (; start_index > 0; start_index--) ++ node = node->next; ++ ++ for (; ++ end_index > 0; ++ node = node->next, end_index--) ++ if (node->h.hashcode == hashcode ++ && (equals != NULL ++ ? equals (elt, node->value) ++ : elt == node->value)) ++ return node; ++ /* The matches must have all been at indices < start_index or ++ >= end_index. */ ++ return NULL; ++ } ++ else ++ { ++ if (start_index > 0) ++ /* Look whether first_match's index is < start_index. */ ++ for (node = list->root.next; node != &list->root; node = node->next) ++ { ++ if (node == first_match) ++ return NULL; ++ if (--start_index == 0) ++ break; ++ } ++ if (end_index < list->count) ++ /* Look whether first_match's index is >= end_index. */ ++ { ++ end_index = list->count - end_index; ++ for (node = list->root.prev; ; node = node->prev) ++ { ++ if (node == first_match) ++ return NULL; ++ if (--end_index == 0) ++ break; ++ } ++ } ++ return first_match; ++ } ++ } ++#else ++ gl_listelement_equals_fn equals = list->base.equals_fn; ++ gl_list_node_t node = list->root.next; ++ ++ end_index -= start_index; ++ for (; start_index > 0; start_index--) ++ node = node->next; ++ ++ if (equals != NULL) ++ { ++ for (; end_index > 0; node = node->next, end_index--) ++ if (equals (elt, node->value)) ++ return node; ++ } ++ else ++ { ++ for (; end_index > 0; node = node->next, end_index--) ++ if (elt == node->value) ++ return node; ++ } ++ return NULL; ++#endif ++ } ++} ++ ++static size_t _GL_ATTRIBUTE_PURE ++gl_linked_indexof_from_to (gl_list_t list, size_t start_index, size_t end_index, ++ const void *elt) ++{ ++ size_t count = list->count; ++ ++ if (!(start_index <= end_index && end_index <= count)) ++ /* Invalid arguments. */ ++ abort (); ++ { ++#if WITH_HASHTABLE ++ /* Here the hash table doesn't help much. It only allows us to minimize ++ the number of equals() calls, by looking up first the node and then ++ its index. */ ++ size_t hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (elt) ++ : (size_t)(uintptr_t) elt); ++ size_t bucket = hashcode % list->table_size; ++ gl_listelement_equals_fn equals = list->base.equals_fn; ++ gl_list_node_t node; ++ ++ /* First step: Look up the node. */ ++ if (!list->base.allow_duplicates) ++ { ++ /* Look for the first match in the hash bucket. */ ++ for (node = (gl_list_node_t) list->table[bucket]; ++ node != NULL; ++ node = (gl_list_node_t) node->h.hash_next) ++ if (node->h.hashcode == hashcode ++ && (equals != NULL ++ ? equals (elt, node->value) ++ : elt == node->value)) ++ break; ++ } ++ else ++ { ++ /* Look whether there is more than one match in the hash bucket. */ ++ bool multiple_matches = false; ++ gl_list_node_t first_match = NULL; ++ ++ for (node = (gl_list_node_t) list->table[bucket]; ++ node != NULL; ++ node = (gl_list_node_t) node->h.hash_next) ++ if (node->h.hashcode == hashcode ++ && (equals != NULL ++ ? equals (elt, node->value) ++ : elt == node->value)) ++ { ++ if (first_match == NULL) ++ first_match = node; ++ else ++ { ++ multiple_matches = true; ++ break; ++ } ++ } ++ if (multiple_matches) ++ { ++ /* We need the match with the smallest index. But we don't have ++ a fast mapping node -> index. So we have to walk the list. */ ++ size_t index; ++ ++ index = start_index; ++ node = list->root.next; ++ for (; start_index > 0; start_index--) ++ node = node->next; ++ ++ for (; ++ index < end_index; ++ node = node->next, index++) ++ if (node->h.hashcode == hashcode ++ && (equals != NULL ++ ? equals (elt, node->value) ++ : elt == node->value)) ++ return index; ++ /* The matches must have all been at indices < start_index or ++ >= end_index. */ ++ return (size_t)(-1); ++ } ++ node = first_match; ++ } ++ ++ /* Second step: Look up the index of the node. */ ++ if (node == NULL) ++ return (size_t)(-1); ++ else ++ { ++ size_t index = 0; ++ ++ for (; node->prev != &list->root; node = node->prev) ++ index++; ++ ++ if (index >= start_index && index < end_index) ++ return index; ++ else ++ return (size_t)(-1); ++ } ++#else ++ gl_listelement_equals_fn equals = list->base.equals_fn; ++ size_t index = start_index; ++ gl_list_node_t node = list->root.next; ++ ++ for (; start_index > 0; start_index--) ++ node = node->next; ++ ++ if (equals != NULL) ++ { ++ for (; ++ index < end_index; ++ node = node->next, index++) ++ if (equals (elt, node->value)) ++ return index; ++ } ++ else ++ { ++ for (; ++ index < end_index; ++ node = node->next, index++) ++ if (elt == node->value) ++ return index; ++ } ++ return (size_t)(-1); ++#endif ++ } ++} ++ ++static gl_list_node_t ++gl_linked_nx_add_first (gl_list_t list, const void *elt) ++{ ++ gl_list_node_t node = ++ (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); ++ ++ if (node == NULL) ++ return NULL; ++ ++ ASYNCSAFE(const void *) node->value = elt; ++#if WITH_HASHTABLE ++ node->h.hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (node->value) ++ : (size_t)(uintptr_t) node->value); ++ ++ /* Add node to the hash table. */ ++ if (add_to_bucket (list, node) < 0) ++ { ++ free (node); ++ return NULL; ++ } ++#endif ++ ++ /* Add node to the list. */ ++ node->prev = &list->root; ++ ASYNCSAFE(gl_list_node_t) node->next = list->root.next; ++ node->next->prev = node; ++ ASYNCSAFE(gl_list_node_t) list->root.next = node; ++ list->count++; ++ ++#if WITH_HASHTABLE ++ hash_resize_after_add (list); ++#endif ++ ++ return node; ++} ++ ++static gl_list_node_t ++gl_linked_nx_add_last (gl_list_t list, const void *elt) ++{ ++ gl_list_node_t node = ++ (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); ++ ++ if (node == NULL) ++ return NULL; ++ ++ ASYNCSAFE(const void *) node->value = elt; ++#if WITH_HASHTABLE ++ node->h.hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (node->value) ++ : (size_t)(uintptr_t) node->value); ++ ++ /* Add node to the hash table. */ ++ if (add_to_bucket (list, node) < 0) ++ { ++ free (node); ++ return NULL; ++ } ++#endif ++ ++ /* Add node to the list. */ ++ ASYNCSAFE(gl_list_node_t) node->next = &list->root; ++ node->prev = list->root.prev; ++ ASYNCSAFE(gl_list_node_t) node->prev->next = node; ++ list->root.prev = node; ++ list->count++; ++ ++#if WITH_HASHTABLE ++ hash_resize_after_add (list); ++#endif ++ ++ return node; ++} ++ ++static gl_list_node_t ++gl_linked_nx_add_before (gl_list_t list, gl_list_node_t node, const void *elt) ++{ ++ gl_list_node_t new_node = ++ (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); ++ ++ if (new_node == NULL) ++ return NULL; ++ ++ ASYNCSAFE(const void *) new_node->value = elt; ++#if WITH_HASHTABLE ++ new_node->h.hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (new_node->value) ++ : (size_t)(uintptr_t) new_node->value); ++ ++ /* Add new_node to the hash table. */ ++ if (add_to_bucket (list, new_node) < 0) ++ { ++ free (new_node); ++ return NULL; ++ } ++#endif ++ ++ /* Add new_node to the list. */ ++ ASYNCSAFE(gl_list_node_t) new_node->next = node; ++ new_node->prev = node->prev; ++ ASYNCSAFE(gl_list_node_t) new_node->prev->next = new_node; ++ node->prev = new_node; ++ list->count++; ++ ++#if WITH_HASHTABLE ++ hash_resize_after_add (list); ++#endif ++ ++ return new_node; ++} ++ ++static gl_list_node_t ++gl_linked_nx_add_after (gl_list_t list, gl_list_node_t node, const void *elt) ++{ ++ gl_list_node_t new_node = ++ (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); ++ ++ if (new_node == NULL) ++ return NULL; ++ ++ ASYNCSAFE(const void *) new_node->value = elt; ++#if WITH_HASHTABLE ++ new_node->h.hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (new_node->value) ++ : (size_t)(uintptr_t) new_node->value); ++ ++ /* Add new_node to the hash table. */ ++ if (add_to_bucket (list, new_node) < 0) ++ { ++ free (new_node); ++ return NULL; ++ } ++#endif ++ ++ /* Add new_node to the list. */ ++ new_node->prev = node; ++ ASYNCSAFE(gl_list_node_t) new_node->next = node->next; ++ new_node->next->prev = new_node; ++ ASYNCSAFE(gl_list_node_t) node->next = new_node; ++ list->count++; ++ ++#if WITH_HASHTABLE ++ hash_resize_after_add (list); ++#endif ++ ++ return new_node; ++} ++ ++static gl_list_node_t ++gl_linked_nx_add_at (gl_list_t list, size_t position, const void *elt) ++{ ++ size_t count = list->count; ++ gl_list_node_t new_node; ++ ++ if (!(position <= count)) ++ /* Invalid argument. */ ++ abort (); ++ ++ new_node = (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); ++ if (new_node == NULL) ++ return NULL; ++ ++ ASYNCSAFE(const void *) new_node->value = elt; ++#if WITH_HASHTABLE ++ new_node->h.hashcode = ++ (list->base.hashcode_fn != NULL ++ ? list->base.hashcode_fn (new_node->value) ++ : (size_t)(uintptr_t) new_node->value); ++ ++ /* Add new_node to the hash table. */ ++ if (add_to_bucket (list, new_node) < 0) ++ { ++ free (new_node); ++ return NULL; ++ } ++#endif ++ ++ /* Add new_node to the list. */ ++ if (position <= (count / 2)) ++ { ++ gl_list_node_t node; ++ ++ node = &list->root; ++ for (; position > 0; position--) ++ node = node->next; ++ new_node->prev = node; ++ ASYNCSAFE(gl_list_node_t) new_node->next = node->next; ++ new_node->next->prev = new_node; ++ ASYNCSAFE(gl_list_node_t) node->next = new_node; ++ } ++ else ++ { ++ gl_list_node_t node; ++ ++ position = count - position; ++ node = &list->root; ++ for (; position > 0; position--) ++ node = node->prev; ++ ASYNCSAFE(gl_list_node_t) new_node->next = node; ++ new_node->prev = node->prev; ++ ASYNCSAFE(gl_list_node_t) new_node->prev->next = new_node; ++ node->prev = new_node; ++ } ++ list->count++; ++ ++#if WITH_HASHTABLE ++ hash_resize_after_add (list); ++#endif ++ ++ return new_node; ++} ++ ++static bool ++gl_linked_remove_node (gl_list_t list, gl_list_node_t node) ++{ ++ gl_list_node_t prev; ++ gl_list_node_t next; ++ ++#if WITH_HASHTABLE ++ /* Remove node from the hash table. */ ++ remove_from_bucket (list, node); ++#endif ++ ++ /* Remove node from the list. */ ++ prev = node->prev; ++ next = node->next; ++ ++ ASYNCSAFE(gl_list_node_t) prev->next = next; ++ next->prev = prev; ++ list->count--; ++ ++ if (list->base.dispose_fn != NULL) ++ list->base.dispose_fn (node->value); ++ free (node); ++ return true; ++} ++ ++static bool ++gl_linked_remove_at (gl_list_t list, size_t position) ++{ ++ size_t count = list->count; ++ gl_list_node_t removed_node; ++ ++ if (!(position < count)) ++ /* Invalid argument. */ ++ abort (); ++ /* Here we know count > 0. */ ++ if (position <= ((count - 1) / 2)) ++ { ++ gl_list_node_t node; ++ gl_list_node_t after_removed; ++ ++ node = &list->root; ++ for (; position > 0; position--) ++ node = node->next; ++ removed_node = node->next; ++ after_removed = node->next->next; ++ ASYNCSAFE(gl_list_node_t) node->next = after_removed; ++ after_removed->prev = node; ++ } ++ else ++ { ++ gl_list_node_t node; ++ gl_list_node_t before_removed; ++ ++ position = count - 1 - position; ++ node = &list->root; ++ for (; position > 0; position--) ++ node = node->prev; ++ removed_node = node->prev; ++ before_removed = node->prev->prev; ++ node->prev = before_removed; ++ ASYNCSAFE(gl_list_node_t) before_removed->next = node; ++ } ++#if WITH_HASHTABLE ++ remove_from_bucket (list, removed_node); ++#endif ++ list->count--; ++ ++ if (list->base.dispose_fn != NULL) ++ list->base.dispose_fn (removed_node->value); ++ free (removed_node); ++ return true; ++} ++ ++static bool ++gl_linked_remove (gl_list_t list, const void *elt) ++{ ++ gl_list_node_t node = gl_linked_search_from_to (list, 0, list->count, elt); ++ ++ if (node != NULL) ++ return gl_linked_remove_node (list, node); ++ else ++ return false; ++} ++ ++static void ++gl_linked_list_free (gl_list_t list) ++{ ++ gl_listelement_dispose_fn dispose = list->base.dispose_fn; ++ gl_list_node_t node; ++ ++ for (node = list->root.next; node != &list->root; ) ++ { ++ gl_list_node_t next = node->next; ++ if (dispose != NULL) ++ dispose (node->value); ++ free (node); ++ node = next; ++ } ++#if WITH_HASHTABLE ++ free (list->table); ++#endif ++ free (list); ++} ++ ++/* --------------------- gl_list_iterator_t Data Type --------------------- */ ++ ++static gl_list_iterator_t _GL_ATTRIBUTE_PURE ++gl_linked_iterator (gl_list_t list) ++{ ++ gl_list_iterator_t result; ++ ++ result.vtable = list->base.vtable; ++ result.list = list; ++ result.p = list->root.next; ++ result.q = &list->root; ++#if defined GCC_LINT || defined lint ++ result.i = 0; ++ result.j = 0; ++ result.count = 0; ++#endif ++ ++ return result; ++} ++ ++static gl_list_iterator_t _GL_ATTRIBUTE_PURE ++gl_linked_iterator_from_to (gl_list_t list, ++ size_t start_index, size_t end_index) ++{ ++ gl_list_iterator_t result; ++ size_t n1, n2, n3; ++ ++ if (!(start_index <= end_index && end_index <= list->count)) ++ /* Invalid arguments. */ ++ abort (); ++ result.vtable = list->base.vtable; ++ result.list = list; ++ n1 = start_index; ++ n2 = end_index - start_index; ++ n3 = list->count - end_index; ++ /* Find the maximum among n1, n2, n3, so as to reduce the number of ++ loop iterations to n1 + n2 + n3 - max(n1,n2,n3). */ ++ if (n1 > n2 && n1 > n3) ++ { ++ /* n1 is the maximum, use n2 and n3. */ ++ gl_list_node_t node; ++ size_t i; ++ ++ node = &list->root; ++ for (i = n3; i > 0; i--) ++ node = node->prev; ++ result.q = node; ++ for (i = n2; i > 0; i--) ++ node = node->prev; ++ result.p = node; ++ } ++ else if (n2 > n3) ++ { ++ /* n2 is the maximum, use n1 and n3. */ ++ gl_list_node_t node; ++ size_t i; ++ ++ node = list->root.next; ++ for (i = n1; i > 0; i--) ++ node = node->next; ++ result.p = node; ++ ++ node = &list->root; ++ for (i = n3; i > 0; i--) ++ node = node->prev; ++ result.q = node; ++ } ++ else ++ { ++ /* n3 is the maximum, use n1 and n2. */ ++ gl_list_node_t node; ++ size_t i; ++ ++ node = list->root.next; ++ for (i = n1; i > 0; i--) ++ node = node->next; ++ result.p = node; ++ for (i = n2; i > 0; i--) ++ node = node->next; ++ result.q = node; ++ } ++ ++#if defined GCC_LINT || defined lint ++ result.i = 0; ++ result.j = 0; ++ result.count = 0; ++#endif ++ ++ return result; ++} ++ ++static bool ++gl_linked_iterator_next (gl_list_iterator_t *iterator, ++ const void **eltp, gl_list_node_t *nodep) ++{ ++ if (iterator->p != iterator->q) ++ { ++ gl_list_node_t node = (gl_list_node_t) iterator->p; ++ *eltp = node->value; ++ if (nodep != NULL) ++ *nodep = node; ++ iterator->p = node->next; ++ return true; ++ } ++ else ++ return false; ++} ++ ++static void ++gl_linked_iterator_free (gl_list_iterator_t *iterator _GL_ATTRIBUTE_MAYBE_UNUSED) ++{ ++} ++ ++/* ---------------------- Sorted gl_list_t Data Type ---------------------- */ ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_sortedlist_search (gl_list_t list, gl_listelement_compar_fn compar, ++ const void *elt) ++{ ++ gl_list_node_t node; ++ ++ for (node = list->root.next; node != &list->root; node = node->next) ++ { ++ int cmp = compar (node->value, elt); ++ ++ if (cmp > 0) ++ break; ++ if (cmp == 0) ++ return node; ++ } ++ return NULL; ++} ++ ++static gl_list_node_t _GL_ATTRIBUTE_PURE ++gl_linked_sortedlist_search_from_to (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ size_t low, size_t high, ++ const void *elt) ++{ ++ size_t count = list->count; ++ ++ if (!(low <= high && high <= list->count)) ++ /* Invalid arguments. */ ++ abort (); ++ ++ high -= low; ++ if (high > 0) ++ { ++ /* Here we know low < count. */ ++ size_t position = low; ++ gl_list_node_t node; ++ ++ if (position <= ((count - 1) / 2)) ++ { ++ node = list->root.next; ++ for (; position > 0; position--) ++ node = node->next; ++ } ++ else ++ { ++ position = count - 1 - position; ++ node = list->root.prev; ++ for (; position > 0; position--) ++ node = node->prev; ++ } ++ ++ do ++ { ++ int cmp = compar (node->value, elt); ++ ++ if (cmp > 0) ++ break; ++ if (cmp == 0) ++ return node; ++ node = node->next; ++ } ++ while (--high > 0); ++ } ++ return NULL; ++} ++ ++static size_t _GL_ATTRIBUTE_PURE ++gl_linked_sortedlist_indexof (gl_list_t list, gl_listelement_compar_fn compar, ++ const void *elt) ++{ ++ gl_list_node_t node; ++ size_t index; ++ ++ for (node = list->root.next, index = 0; ++ node != &list->root; ++ node = node->next, index++) ++ { ++ int cmp = compar (node->value, elt); ++ ++ if (cmp > 0) ++ break; ++ if (cmp == 0) ++ return index; ++ } ++ return (size_t)(-1); ++} ++ ++static size_t _GL_ATTRIBUTE_PURE ++gl_linked_sortedlist_indexof_from_to (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ size_t low, size_t high, ++ const void *elt) ++{ ++ size_t count = list->count; ++ ++ if (!(low <= high && high <= list->count)) ++ /* Invalid arguments. */ ++ abort (); ++ ++ high -= low; ++ if (high > 0) ++ { ++ /* Here we know low < count. */ ++ size_t index = low; ++ size_t position = low; ++ gl_list_node_t node; ++ ++ if (position <= ((count - 1) / 2)) ++ { ++ node = list->root.next; ++ for (; position > 0; position--) ++ node = node->next; ++ } ++ else ++ { ++ position = count - 1 - position; ++ node = list->root.prev; ++ for (; position > 0; position--) ++ node = node->prev; ++ } ++ ++ do ++ { ++ int cmp = compar (node->value, elt); ++ ++ if (cmp > 0) ++ break; ++ if (cmp == 0) ++ return index; ++ node = node->next; ++ index++; ++ } ++ while (--high > 0); ++ } ++ return (size_t)(-1); ++} ++ ++static gl_list_node_t ++gl_linked_sortedlist_nx_add (gl_list_t list, gl_listelement_compar_fn compar, ++ const void *elt) ++{ ++ gl_list_node_t node; ++ ++ for (node = list->root.next; node != &list->root; node = node->next) ++ if (compar (node->value, elt) >= 0) ++ return gl_linked_nx_add_before (list, node, elt); ++ return gl_linked_nx_add_last (list, elt); ++} ++ ++static bool ++gl_linked_sortedlist_remove (gl_list_t list, gl_listelement_compar_fn compar, ++ const void *elt) ++{ ++ gl_list_node_t node; ++ ++ for (node = list->root.next; node != &list->root; node = node->next) ++ { ++ int cmp = compar (node->value, elt); ++ ++ if (cmp > 0) ++ break; ++ if (cmp == 0) ++ return gl_linked_remove_node (list, node); ++ } ++ return false; ++} +--- /dev/null ++++ b/gl/gl_linkedhash_list.c +@@ -0,0 +1,114 @@ ++/* Sequential list data type implemented by a hash table with a linked list. ++ Copyright (C) 2006, 2008-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++#include <config.h> ++ ++/* Specification. */ ++#include "gl_linkedhash_list.h" ++ ++#include <stdint.h> /* for uintptr_t, SIZE_MAX */ ++#include <stdlib.h> ++ ++#include "xsize.h" ++ ++#define WITH_HASHTABLE 1 ++ ++/* -------------------------- gl_list_t Data Type -------------------------- */ ++ ++/* Generic hash-table code. */ ++#include "gl_anyhash1.h" ++ ++/* Generic linked list code. */ ++#include "gl_anylinked_list1.h" ++ ++/* Generic hash-table code. */ ++#define CONTAINER_T gl_list_t ++#define CONTAINER_COUNT(list) (list)->count ++#include "gl_anyhash2.h" ++ ++/* Add a node to the hash table structure. */ ++static void ++add_to_bucket (gl_list_t list, gl_list_node_t node) ++{ ++ size_t bucket = node->h.hashcode % list->table_size; ++ ++ node->h.hash_next = list->table[bucket]; ++ list->table[bucket] = &node->h; ++} ++/* Tell all compilers that the return value is 0. */ ++#define add_to_bucket(list,node) ((add_to_bucket) (list, node), 0) ++ ++/* Remove a node from the hash table structure. */ ++static void ++remove_from_bucket (gl_list_t list, gl_list_node_t node) ++{ ++ size_t bucket = node->h.hashcode % list->table_size; ++ gl_hash_entry_t *p; ++ ++ for (p = &list->table[bucket]; ; p = &(*p)->hash_next) ++ { ++ if (*p == &node->h) ++ { ++ *p = node->h.hash_next; ++ break; ++ } ++ if (*p == NULL) ++ /* node is not in the right bucket. Did the hash codes ++ change inadvertently? */ ++ abort (); ++ } ++} ++ ++/* Generic linked list code. */ ++#include "gl_anylinked_list2.h" ++ ++ ++const struct gl_list_implementation gl_linkedhash_list_implementation = ++ { ++ gl_linked_nx_create_empty, ++ gl_linked_nx_create, ++ gl_linked_size, ++ gl_linked_node_value, ++ gl_linked_node_nx_set_value, ++ gl_linked_next_node, ++ gl_linked_previous_node, ++ gl_linked_first_node, ++ gl_linked_last_node, ++ gl_linked_get_at, ++ gl_linked_nx_set_at, ++ gl_linked_search_from_to, ++ gl_linked_indexof_from_to, ++ gl_linked_nx_add_first, ++ gl_linked_nx_add_last, ++ gl_linked_nx_add_before, ++ gl_linked_nx_add_after, ++ gl_linked_nx_add_at, ++ gl_linked_remove_node, ++ gl_linked_remove_at, ++ gl_linked_remove, ++ gl_linked_list_free, ++ gl_linked_iterator, ++ gl_linked_iterator_from_to, ++ gl_linked_iterator_next, ++ gl_linked_iterator_free, ++ gl_linked_sortedlist_search, ++ gl_linked_sortedlist_search_from_to, ++ gl_linked_sortedlist_indexof, ++ gl_linked_sortedlist_indexof_from_to, ++ gl_linked_sortedlist_nx_add, ++ gl_linked_sortedlist_remove ++ }; +--- /dev/null ++++ b/gl/gl_linkedhash_list.h +@@ -0,0 +1,34 @@ ++/* Sequential list data type implemented by a hash table with a linked list. ++ Copyright (C) 2006, 2009-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++#ifndef _GL_LINKEDHASH_LIST_H ++#define _GL_LINKEDHASH_LIST_H ++ ++#include "gl_list.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++extern const struct gl_list_implementation gl_linkedhash_list_implementation; ++#define GL_LINKEDHASH_LIST &gl_linkedhash_list_implementation ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* _GL_LINKEDHASH_LIST_H */ +--- /dev/null ++++ b/gl/gl_list.c +@@ -0,0 +1,3 @@ ++#include <config.h> ++#define GL_LIST_INLINE _GL_EXTERN_INLINE ++#include "gl_list.h" +--- /dev/null ++++ b/gl/gl_list.h +@@ -0,0 +1,914 @@ ++/* Abstract sequential list data type. -*- coding: utf-8 -*- ++ Copyright (C) 2006-2021 Free Software Foundation, Inc. ++ Written by Bruno Haible <bruno@clisp.org>, 2006. ++ ++ This program is free software: you can redistribute it and/or modify ++ it under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ ++ ++#ifndef _GL_LIST_H ++#define _GL_LIST_H ++ ++#include <stdbool.h> ++#include <stddef.h> ++ ++#ifndef _GL_INLINE_HEADER_BEGIN ++ #error "Please include config.h first." ++#endif ++_GL_INLINE_HEADER_BEGIN ++#ifndef GL_LIST_INLINE ++# define GL_LIST_INLINE _GL_INLINE ++#endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++ ++/* gl_list is an abstract list data type. It can contain any number of ++ objects ('void *' or 'const void *' pointers) in any given order. ++ Duplicates are allowed, but can optionally be forbidden. ++ ++ There are several implementations of this list datatype, optimized for ++ different operations or for memory. You can start using the simplest list ++ implementation, GL_ARRAY_LIST, and switch to a different implementation ++ later, when you realize which operations are performed the most frequently. ++ The API of the different implementations is exactly the same; when ++ switching to a different implementation, you only have to change the ++ gl_list_create call. ++ ++ The implementations are: ++ GL_ARRAY_LIST a growable array ++ GL_CARRAY_LIST a growable circular array ++ GL_LINKED_LIST a linked list ++ GL_AVLTREE_LIST a binary tree (AVL tree) ++ GL_RBTREE_LIST a binary tree (red-black tree) ++ GL_LINKEDHASH_LIST a hash table with a linked list ++ GL_AVLTREEHASH_LIST a hash table with a binary tree (AVL tree) ++ GL_RBTREEHASH_LIST a hash table with a binary tree (red-black tree) ++ ++ The memory consumption is asymptotically the same: O(1) for every object ++ in the list. When looking more closely at the average memory consumed ++ for an object, GL_ARRAY_LIST is the most compact representation, and ++ GL_LINKEDHASH_LIST and GL_TREEHASH_LIST need more memory. ++ ++ The guaranteed average performance of the operations is, for a list of ++ n elements: ++ ++ Operation ARRAY LINKED TREE LINKEDHASH TREEHASH ++ CARRAY with|without with|without ++ duplicates duplicates ++ ++ gl_list_size O(1) O(1) O(1) O(1) O(1) ++ gl_list_node_value O(1) O(1) O(1) O(1) O(1) ++ gl_list_node_set_value O(1) O(1) O(1) O(1) O((log n)²)/O(1) ++ gl_list_next_node O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_previous_node O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_first_node O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_last_node O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_get_at O(1) O(n) O(log n) O(n) O(log n) ++ gl_list_get_first O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_get_last O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_set_at O(1) O(n) O(log n) O(n) O((log n)²)/O(log n) ++ gl_list_set_first O(1) O(1) O(log n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_set_last O(1) O(1) O(log n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_search O(n) O(n) O(n) O(n)/O(1) O(log n)/O(1) ++ gl_list_search_from O(n) O(n) O(n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_search_from_to O(n) O(n) O(n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_indexof O(n) O(n) O(n) O(n) O(log n) ++ gl_list_indexof_from O(n) O(n) O(n) O(n) O((log n)²)/O(log n) ++ gl_list_indexof_from_to O(n) O(n) O(n) O(n) O((log n)²)/O(log n) ++ gl_list_add_first O(n)/O(1) O(1) O(log n) O(1) O((log n)²)/O(log n) ++ gl_list_add_last O(1) O(1) O(log n) O(1) O((log n)²)/O(log n) ++ gl_list_add_before O(n) O(1) O(log n) O(1) O((log n)²)/O(log n) ++ gl_list_add_after O(n) O(1) O(log n) O(1) O((log n)²)/O(log n) ++ gl_list_add_at O(n) O(n) O(log n) O(n) O((log n)²)/O(log n) ++ gl_list_remove_node O(n) O(1) O(log n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_remove_at O(n) O(n) O(log n) O(n) O((log n)²)/O(log n) ++ gl_list_remove_first O(n)/O(1) O(1) O(log n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_remove_last O(1) O(1) O(log n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_remove O(n) O(n) O(n) O(n)/O(1) O((log n)²)/O(log n) ++ gl_list_iterator O(1) O(1) O(log n) O(1) O(log n) ++ gl_list_iterator_from_to O(1) O(n) O(log n) O(n) O(log n) ++ gl_list_iterator_next O(1) O(1) O(log n) O(1) O(log n) ++ gl_sortedlist_search O(log n) O(n) O(log n) O(n) O(log n) ++ gl_sortedlist_search_from O(log n) O(n) O(log n) O(n) O(log n) ++ gl_sortedlist_indexof O(log n) O(n) O(log n) O(n) O(log n) ++ gl_sortedlist_indexof_fro O(log n) O(n) O(log n) O(n) O(log n) ++ gl_sortedlist_add O(n) O(n) O(log n) O(n) O((log n)²)/O(log n) ++ gl_sortedlist_remove O(n) O(n) O(log n) O(n) O((log n)²)/O(log n) ++ */ ++ ++/* -------------------------- gl_list_t Data Type -------------------------- */ ++ ++/* Type of function used to compare two elements. ++ NULL denotes pointer comparison. */ ++typedef bool (*gl_listelement_equals_fn) (const void *elt1, const void *elt2); ++ ++/* Type of function used to compute a hash code. ++ NULL denotes a function that depends only on the pointer itself. */ ++typedef size_t (*gl_listelement_hashcode_fn) (const void *elt); ++ ++/* Type of function used to dispose an element once it's removed from a list. ++ NULL denotes a no-op. */ ++typedef void (*gl_listelement_dispose_fn) (const void *elt); ++ ++struct gl_list_impl; ++/* Type representing an entire list. */ ++typedef struct gl_list_impl * gl_list_t; ++ ++struct gl_list_node_impl; ++/* Type representing the position of an element in the list, in a way that ++ is more adapted to the list implementation than a plain index. ++ Note: It is invalidated by insertions and removals! */ ++typedef struct gl_list_node_impl * gl_list_node_t; ++ ++struct gl_list_implementation; ++/* Type representing a list datatype implementation. */ ++typedef const struct gl_list_implementation * gl_list_implementation_t; ++ ++#if 0 /* Unless otherwise specified, these are defined inline below. */ ++ ++/* Creates an empty list. ++ IMPLEMENTATION is one of GL_ARRAY_LIST, GL_CARRAY_LIST, GL_LINKED_LIST, ++ GL_AVLTREE_LIST, GL_RBTREE_LIST, GL_LINKEDHASH_LIST, GL_AVLTREEHASH_LIST, ++ GL_RBTREEHASH_LIST. ++ EQUALS_FN is an element comparison function or NULL. ++ HASHCODE_FN is an element hash code function or NULL. ++ DISPOSE_FN is an element disposal function or NULL. ++ ALLOW_DUPLICATES is false if duplicate elements shall not be allowed in ++ the list. The implementation may verify this at runtime. */ ++/* declared in gl_xlist.h */ ++extern gl_list_t gl_list_create_empty (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_t gl_list_nx_create_empty (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates); ++ ++/* Creates a list with given contents. ++ IMPLEMENTATION is one of GL_ARRAY_LIST, GL_CARRAY_LIST, GL_LINKED_LIST, ++ GL_AVLTREE_LIST, GL_RBTREE_LIST, GL_LINKEDHASH_LIST, GL_AVLTREEHASH_LIST, ++ GL_RBTREEHASH_LIST. ++ EQUALS_FN is an element comparison function or NULL. ++ HASHCODE_FN is an element hash code function or NULL. ++ DISPOSE_FN is an element disposal function or NULL. ++ ALLOW_DUPLICATES is false if duplicate elements shall not be allowed in ++ the list. The implementation may verify this at runtime. ++ COUNT is the number of initial elements. ++ CONTENTS[0..COUNT-1] is the initial contents. */ ++/* declared in gl_xlist.h */ ++extern gl_list_t gl_list_create (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates, ++ size_t count, const void **contents); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_t gl_list_nx_create (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates, ++ size_t count, const void **contents); ++ ++/* Returns the current number of elements in a list. */ ++extern size_t gl_list_size (gl_list_t list); ++ ++/* Returns the element value represented by a list node. */ ++extern const void * gl_list_node_value (gl_list_t list, gl_list_node_t node); ++ ++/* Replaces the element value represented by a list node. */ ++/* declared in gl_xlist.h */ ++extern void gl_list_node_set_value (gl_list_t list, gl_list_node_t node, ++ const void *elt); ++/* Likewise. Returns 0 upon success, -1 upon out-of-memory. */ ++extern int gl_list_node_nx_set_value (gl_list_t list, gl_list_node_t node, ++ const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Returns the node immediately after the given node in the list, or NULL ++ if the given node is the last (rightmost) one in the list. */ ++extern gl_list_node_t gl_list_next_node (gl_list_t list, gl_list_node_t node); ++ ++/* Returns the node immediately before the given node in the list, or NULL ++ if the given node is the first (leftmost) one in the list. */ ++extern gl_list_node_t gl_list_previous_node (gl_list_t list, gl_list_node_t node); ++ ++/* Returns the first node in the list, or NULL if the list is empty. ++ This function is useful for iterating through the list like this: ++ gl_list_node_t node; ++ for (node = gl_list_first_node (list); node != NULL; node = gl_list_next_node (node)) ++ ... ++ */ ++extern gl_list_node_t gl_list_first_node (gl_list_t list); ++ ++/* Returns the last node in the list, or NULL if the list is empty. ++ This function is useful for iterating through the list in backward order, ++ like this: ++ gl_list_node_t node; ++ for (node = gl_list_last_node (list); node != NULL; node = gl_list_previous_node (node)) ++ ... ++ */ ++extern gl_list_node_t gl_list_last_node (gl_list_t list); ++ ++/* Returns the element at a given position in the list. ++ POSITION must be >= 0 and < gl_list_size (list). */ ++extern const void * gl_list_get_at (gl_list_t list, size_t position); ++ ++/* Returns the element at the first position in the list. ++ The list must be non-empty. */ ++extern const void * gl_list_get_first (gl_list_t list); ++ ++/* Returns the element at the last position in the list. ++ The list must be non-empty. */ ++extern const void * gl_list_get_last (gl_list_t list); ++ ++/* Replaces the element at a given position in the list. ++ POSITION must be >= 0 and < gl_list_size (list). ++ Returns its node. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_set_at (gl_list_t list, size_t position, ++ const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_set_at (gl_list_t list, size_t position, ++ const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Replaces the element at the first position in the list. ++ Returns its node. ++ The list must be non-empty. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_set_first (gl_list_t list, const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_set_first (gl_list_t list, const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Replaces the element at the last position in the list. ++ Returns its node. ++ The list must be non-empty. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_set_last (gl_list_t list, const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_set_last (gl_list_t list, const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Searches whether an element is already in the list. ++ Returns its node if found, or NULL if not present in the list. */ ++extern gl_list_node_t gl_list_search (gl_list_t list, const void *elt); ++ ++/* Searches whether an element is already in the list, ++ at a position >= START_INDEX. ++ Returns its node if found, or NULL if not present in the list. */ ++extern gl_list_node_t gl_list_search_from (gl_list_t list, size_t start_index, ++ const void *elt); ++ ++/* Searches whether an element is already in the list, ++ at a position >= START_INDEX and < END_INDEX. ++ Returns its node if found, or NULL if not present in the list. */ ++extern gl_list_node_t gl_list_search_from_to (gl_list_t list, ++ size_t start_index, ++ size_t end_index, ++ const void *elt); ++ ++/* Searches whether an element is already in the list. ++ Returns its position if found, or (size_t)(-1) if not present in the list. */ ++extern size_t gl_list_indexof (gl_list_t list, const void *elt); ++ ++/* Searches whether an element is already in the list, ++ at a position >= START_INDEX. ++ Returns its position if found, or (size_t)(-1) if not present in the list. */ ++extern size_t gl_list_indexof_from (gl_list_t list, size_t start_index, ++ const void *elt); ++ ++/* Searches whether an element is already in the list, ++ at a position >= START_INDEX and < END_INDEX. ++ Returns its position if found, or (size_t)(-1) if not present in the list. */ ++extern size_t gl_list_indexof_from_to (gl_list_t list, ++ size_t start_index, size_t end_index, ++ const void *elt); ++ ++/* Adds an element as the first element of the list. ++ Returns its node. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_add_first (gl_list_t list, const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_add_first (gl_list_t list, const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Adds an element as the last element of the list. ++ Returns its node. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_add_last (gl_list_t list, const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_add_last (gl_list_t list, const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Adds an element before a given element node of the list. ++ Returns its node. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_add_before (gl_list_t list, gl_list_node_t node, ++ const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_add_before (gl_list_t list, ++ gl_list_node_t node, ++ const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Adds an element after a given element node of the list. ++ Returns its node. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_add_after (gl_list_t list, gl_list_node_t node, ++ const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_add_after (gl_list_t list, gl_list_node_t node, ++ const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Adds an element at a given position in the list. ++ POSITION must be >= 0 and <= gl_list_size (list). */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_list_add_at (gl_list_t list, size_t position, ++ const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_list_nx_add_at (gl_list_t list, size_t position, ++ const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Removes an element from the list. ++ Returns true. */ ++extern bool gl_list_remove_node (gl_list_t list, gl_list_node_t node); ++ ++/* Removes an element at a given position from the list. ++ POSITION must be >= 0 and < gl_list_size (list). ++ Returns true. */ ++extern bool gl_list_remove_at (gl_list_t list, size_t position); ++ ++/* Removes the element at the first position from the list. ++ Returns true if it was found and removed, or false if the list was empty. */ ++extern bool gl_list_remove_first (gl_list_t list); ++ ++/* Removes the element at the last position from the list. ++ Returns true if it was found and removed, or false if the list was empty. */ ++extern bool gl_list_remove_last (gl_list_t list); ++ ++/* Searches and removes an element from the list. ++ Returns true if it was found and removed. */ ++extern bool gl_list_remove (gl_list_t list, const void *elt); ++ ++/* Frees an entire list. ++ (But this call does not free the elements of the list. It only invokes ++ the DISPOSE_FN on each of the elements of the list, and only if the list ++ is not a sublist.) */ ++extern void gl_list_free (gl_list_t list); ++ ++#endif /* End of inline and gl_xlist.h-defined functions. */ ++ ++/* --------------------- gl_list_iterator_t Data Type --------------------- */ ++ ++/* Functions for iterating through a list. */ ++ ++/* Type of an iterator that traverses a list. ++ This is a fixed-size struct, so that creation of an iterator doesn't need ++ memory allocation on the heap. */ ++typedef struct ++{ ++ /* For fast dispatch of gl_list_iterator_next. */ ++ const struct gl_list_implementation *vtable; ++ /* For detecting whether the last returned element was removed. */ ++ gl_list_t list; ++ size_t count; ++ /* Other, implementation-private fields. */ ++ void *p; void *q; ++ size_t i; size_t j; ++} gl_list_iterator_t; ++ ++#if 0 /* These are defined inline below. */ ++ ++/* Creates an iterator traversing a list. ++ The list contents must not be modified while the iterator is in use, ++ except for replacing or removing the last returned element. */ ++extern gl_list_iterator_t gl_list_iterator (gl_list_t list); ++ ++/* Creates an iterator traversing the element with indices i, ++ start_index <= i < end_index, of a list. ++ The list contents must not be modified while the iterator is in use, ++ except for replacing or removing the last returned element. */ ++extern gl_list_iterator_t gl_list_iterator_from_to (gl_list_t list, ++ size_t start_index, ++ size_t end_index); ++ ++/* If there is a next element, stores the next element in *ELTP, stores its ++ node in *NODEP if NODEP is non-NULL, advances the iterator and returns true. ++ Otherwise, returns false. */ ++extern bool gl_list_iterator_next (gl_list_iterator_t *iterator, ++ const void **eltp, gl_list_node_t *nodep); ++ ++/* Frees an iterator. */ ++extern void gl_list_iterator_free (gl_list_iterator_t *iterator); ++ ++#endif /* End of inline functions. */ ++ ++/* ---------------------- Sorted gl_list_t Data Type ---------------------- */ ++ ++/* The following functions are for lists without duplicates where the ++ order is given by a sort criterion. */ ++ ++/* Type of function used to compare two elements. Same as for qsort(). ++ NULL denotes pointer comparison. */ ++typedef int (*gl_listelement_compar_fn) (const void *elt1, const void *elt2); ++ ++#if 0 /* Unless otherwise specified, these are defined inline below. */ ++ ++/* Searches whether an element is already in the list. ++ The list is assumed to be sorted with COMPAR. ++ Returns its node if found, or NULL if not present in the list. ++ If the list contains several copies of ELT, the node of the leftmost one is ++ returned. */ ++extern gl_list_node_t gl_sortedlist_search (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++ ++/* Searches whether an element is already in the list. ++ The list is assumed to be sorted with COMPAR. ++ Only list elements with indices >= START_INDEX and < END_INDEX are ++ considered; the implementation uses these bounds to minimize the number ++ of COMPAR invocations. ++ Returns its node if found, or NULL if not present in the list. ++ If the list contains several copies of ELT, the node of the leftmost one is ++ returned. */ ++extern gl_list_node_t gl_sortedlist_search_from_to (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ size_t start_index, ++ size_t end_index, ++ const void *elt); ++ ++/* Searches whether an element is already in the list. ++ The list is assumed to be sorted with COMPAR. ++ Returns its position if found, or (size_t)(-1) if not present in the list. ++ If the list contains several copies of ELT, the position of the leftmost one ++ is returned. */ ++extern size_t gl_sortedlist_indexof (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++ ++/* Searches whether an element is already in the list. ++ The list is assumed to be sorted with COMPAR. ++ Only list elements with indices >= START_INDEX and < END_INDEX are ++ considered; the implementation uses these bounds to minimize the number ++ of COMPAR invocations. ++ Returns its position if found, or (size_t)(-1) if not present in the list. ++ If the list contains several copies of ELT, the position of the leftmost one ++ is returned. */ ++extern size_t gl_sortedlist_indexof_from_to (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ size_t start_index, ++ size_t end_index, ++ const void *elt); ++ ++/* Adds an element at the appropriate position in the list. ++ The list is assumed to be sorted with COMPAR. ++ Returns its node. */ ++/* declared in gl_xlist.h */ ++extern gl_list_node_t gl_sortedlist_add (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++/* Likewise. Returns NULL upon out-of-memory. */ ++extern gl_list_node_t gl_sortedlist_nx_add (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt) ++ _GL_ATTRIBUTE_NODISCARD; ++ ++/* Searches and removes an element from the list. ++ The list is assumed to be sorted with COMPAR. ++ Returns true if it was found and removed. ++ If the list contains several copies of ELT, only the leftmost one is ++ removed. */ ++extern bool gl_sortedlist_remove (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++ ++#endif /* End of inline and gl_xlist.h-defined functions. */ ++ ++/* ------------------------ Implementation Details ------------------------ */ ++ ++struct gl_list_implementation ++{ ++ /* gl_list_t functions. */ ++ gl_list_t (*nx_create_empty) (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates); ++ gl_list_t (*nx_create) (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates, ++ size_t count, const void **contents); ++ size_t (*size) (gl_list_t list); ++ const void * (*node_value) (gl_list_t list, gl_list_node_t node); ++ int (*node_nx_set_value) (gl_list_t list, gl_list_node_t node, ++ const void *elt); ++ gl_list_node_t (*next_node) (gl_list_t list, gl_list_node_t node); ++ gl_list_node_t (*previous_node) (gl_list_t list, gl_list_node_t node); ++ gl_list_node_t (*first_node) (gl_list_t list); ++ gl_list_node_t (*last_node) (gl_list_t list); ++ const void * (*get_at) (gl_list_t list, size_t position); ++ gl_list_node_t (*nx_set_at) (gl_list_t list, size_t position, ++ const void *elt); ++ gl_list_node_t (*search_from_to) (gl_list_t list, size_t start_index, ++ size_t end_index, const void *elt); ++ size_t (*indexof_from_to) (gl_list_t list, size_t start_index, ++ size_t end_index, const void *elt); ++ gl_list_node_t (*nx_add_first) (gl_list_t list, const void *elt); ++ gl_list_node_t (*nx_add_last) (gl_list_t list, const void *elt); ++ gl_list_node_t (*nx_add_before) (gl_list_t list, gl_list_node_t node, ++ const void *elt); ++ gl_list_node_t (*nx_add_after) (gl_list_t list, gl_list_node_t node, ++ const void *elt); ++ gl_list_node_t (*nx_add_at) (gl_list_t list, size_t position, ++ const void *elt); ++ bool (*remove_node) (gl_list_t list, gl_list_node_t node); ++ bool (*remove_at) (gl_list_t list, size_t position); ++ bool (*remove_elt) (gl_list_t list, const void *elt); ++ void (*list_free) (gl_list_t list); ++ /* gl_list_iterator_t functions. */ ++ gl_list_iterator_t (*iterator) (gl_list_t list); ++ gl_list_iterator_t (*iterator_from_to) (gl_list_t list, ++ size_t start_index, ++ size_t end_index); ++ bool (*iterator_next) (gl_list_iterator_t *iterator, ++ const void **eltp, gl_list_node_t *nodep); ++ void (*iterator_free) (gl_list_iterator_t *iterator); ++ /* Sorted gl_list_t functions. */ ++ gl_list_node_t (*sortedlist_search) (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++ gl_list_node_t (*sortedlist_search_from_to) (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ size_t start_index, ++ size_t end_index, ++ const void *elt); ++ size_t (*sortedlist_indexof) (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++ size_t (*sortedlist_indexof_from_to) (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ size_t start_index, size_t end_index, ++ const void *elt); ++ gl_list_node_t (*sortedlist_nx_add) (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++ bool (*sortedlist_remove) (gl_list_t list, ++ gl_listelement_compar_fn compar, ++ const void *elt); ++}; ++ ++struct gl_list_impl_base ++{ ++ const struct gl_list_implementation *vtable; ++ gl_listelement_equals_fn equals_fn; ++ gl_listelement_hashcode_fn hashcode_fn; ++ gl_listelement_dispose_fn dispose_fn; ++ bool allow_duplicates; ++}; ++ ++/* Define all functions of this file as accesses to the ++ struct gl_list_implementation. */ ++ ++GL_LIST_INLINE gl_list_t ++gl_list_nx_create_empty (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates) ++{ ++ return implementation->nx_create_empty (implementation, equals_fn, ++ hashcode_fn, dispose_fn, ++ allow_duplicates); ++} ++ ++GL_LIST_INLINE gl_list_t ++gl_list_nx_create (gl_list_implementation_t implementation, ++ gl_listelement_equals_fn equals_fn, ++ gl_listelement_hashcode_fn hashcode_fn, ++ gl_listelement_dispose_fn dispose_fn, ++ bool allow_duplicates, ++ size_t count, const void **contents) ++{ ++ return implementation->nx_create (implementation, equals_fn, hashcode_fn, ++ dispose_fn, allow_duplicates, count, ++ contents); ++} ++ ++GL_LIST_INLINE size_t ++gl_list_size (gl_list_t list) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->size (list); ++} ++ ++GL_LIST_INLINE const void * ++gl_list_node_value (gl_list_t list, gl_list_node_t node) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->node_value (list, node); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD int ++gl_list_node_nx_set_value (gl_list_t list, gl_list_node_t node, ++ const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->node_nx_set_value (list, node, elt); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_next_node (gl_list_t list, gl_list_node_t node) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->next_node (list, node); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_previous_node (gl_list_t list, gl_list_node_t node) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->previous_node (list, node); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_first_node (gl_list_t list) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->first_node (list); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_last_node (gl_list_t list) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->last_node (list); ++} ++ ++GL_LIST_INLINE const void * ++gl_list_get_at (gl_list_t list, size_t position) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->get_at (list, position); ++} ++ ++GL_LIST_INLINE const void * ++gl_list_get_first (gl_list_t list) ++{ ++ return gl_list_get_at (list, 0); ++} ++ ++GL_LIST_INLINE const void * ++gl_list_get_last (gl_list_t list) ++{ ++ return gl_list_get_at (list, gl_list_size (list) - 1); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_set_at (gl_list_t list, size_t position, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->nx_set_at (list, position, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_set_first (gl_list_t list, const void *elt) ++{ ++ return gl_list_nx_set_at (list, 0, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_set_last (gl_list_t list, const void *elt) ++{ ++ return gl_list_nx_set_at (list, gl_list_size (list) - 1, elt); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_search (gl_list_t list, const void *elt) ++{ ++ size_t size = ((const struct gl_list_impl_base *) list)->vtable->size (list); ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->search_from_to (list, 0, size, elt); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_search_from (gl_list_t list, size_t start_index, const void *elt) ++{ ++ size_t size = ((const struct gl_list_impl_base *) list)->vtable->size (list); ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->search_from_to (list, start_index, size, elt); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_list_search_from_to (gl_list_t list, size_t start_index, size_t end_index, ++ const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->search_from_to (list, start_index, end_index, elt); ++} ++ ++GL_LIST_INLINE size_t ++gl_list_indexof (gl_list_t list, const void *elt) ++{ ++ size_t size = ((const struct gl_list_impl_base *) list)->vtable->size (list); ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->indexof_from_to (list, 0, size, elt); ++} ++ ++GL_LIST_INLINE size_t ++gl_list_indexof_from (gl_list_t list, size_t start_index, const void *elt) ++{ ++ size_t size = ((const struct gl_list_impl_base *) list)->vtable->size (list); ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->indexof_from_to (list, start_index, size, elt); ++} ++ ++GL_LIST_INLINE size_t ++gl_list_indexof_from_to (gl_list_t list, size_t start_index, size_t end_index, ++ const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->indexof_from_to (list, start_index, end_index, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_add_first (gl_list_t list, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->nx_add_first (list, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_add_last (gl_list_t list, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->nx_add_last (list, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_add_before (gl_list_t list, gl_list_node_t node, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->nx_add_before (list, node, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_add_after (gl_list_t list, gl_list_node_t node, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->nx_add_after (list, node, elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_list_nx_add_at (gl_list_t list, size_t position, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->nx_add_at (list, position, elt); ++} ++ ++GL_LIST_INLINE bool ++gl_list_remove_node (gl_list_t list, gl_list_node_t node) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->remove_node (list, node); ++} ++ ++GL_LIST_INLINE bool ++gl_list_remove_at (gl_list_t list, size_t position) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->remove_at (list, position); ++} ++ ++GL_LIST_INLINE bool ++gl_list_remove_first (gl_list_t list) ++{ ++ size_t size = gl_list_size (list); ++ if (size > 0) ++ return gl_list_remove_at (list, 0); ++ else ++ return false; ++} ++ ++GL_LIST_INLINE bool ++gl_list_remove_last (gl_list_t list) ++{ ++ size_t size = gl_list_size (list); ++ if (size > 0) ++ return gl_list_remove_at (list, size - 1); ++ else ++ return false; ++} ++ ++GL_LIST_INLINE bool ++gl_list_remove (gl_list_t list, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->remove_elt (list, elt); ++} ++ ++GL_LIST_INLINE void ++gl_list_free (gl_list_t list) ++{ ++ ((const struct gl_list_impl_base *) list)->vtable->list_free (list); ++} ++ ++GL_LIST_INLINE gl_list_iterator_t ++gl_list_iterator (gl_list_t list) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->iterator (list); ++} ++ ++GL_LIST_INLINE gl_list_iterator_t ++gl_list_iterator_from_to (gl_list_t list, size_t start_index, size_t end_index) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->iterator_from_to (list, start_index, end_index); ++} ++ ++GL_LIST_INLINE bool ++gl_list_iterator_next (gl_list_iterator_t *iterator, ++ const void **eltp, gl_list_node_t *nodep) ++{ ++ return iterator->vtable->iterator_next (iterator, eltp, nodep); ++} ++ ++GL_LIST_INLINE void ++gl_list_iterator_free (gl_list_iterator_t *iterator) ++{ ++ iterator->vtable->iterator_free (iterator); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_sortedlist_search (gl_list_t list, gl_listelement_compar_fn compar, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->sortedlist_search (list, compar, elt); ++} ++ ++GL_LIST_INLINE gl_list_node_t ++gl_sortedlist_search_from_to (gl_list_t list, gl_listelement_compar_fn compar, size_t start_index, size_t end_index, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->sortedlist_search_from_to (list, compar, start_index, end_index, ++ elt); ++} ++ ++GL_LIST_INLINE size_t ++gl_sortedlist_indexof (gl_list_t list, gl_listelement_compar_fn compar, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->sortedlist_indexof (list, compar, elt); ++} ++ ++GL_LIST_INLINE size_t ++gl_sortedlist_indexof_from_to (gl_list_t list, gl_listelement_compar_fn compar, size_t start_index, size_t end_index, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->sortedlist_indexof_from_to (list, compar, start_index, end_index, ++ elt); ++} ++ ++GL_LIST_INLINE _GL_ATTRIBUTE_NODISCARD gl_list_node_t ++gl_sortedlist_nx_add (gl_list_t list, gl_listelement_compar_fn compar, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->sortedlist_nx_add (list, compar, elt); ++} ++ ++GL_LIST_INLINE bool ++gl_sortedlist_remove (gl_list_t list, gl_listelement_compar_fn compar, const void *elt) ++{ ++ return ((const struct gl_list_impl_base *) list)->vtable ++ ->sortedlist_remove (list, compar, elt); ++} ++ ++#ifdef __cplusplus ++} ++#endif ++ ++_GL_INLINE_HEADER_END ++ ++#endif /* _GL_LIST_H */ +--- a/gl/Makefile.am ++++ b/gl/Makefile.am +@@ -58,10 +58,11 @@ + # inet_pton \ + # intprops \ + # ldd \ + # lib-msvc-compat \ + # lib-symbol-versions \ ++# linkedhash-list \ + # lock \ + # maintainer-makefile \ + # manywarnings \ + # memmem-simple \ + # minmax \ +@@ -679,10 +680,22 @@ + + EXTRA_DIST += limits.in.h + + ## end gnulib module limits-h + ++## begin gnulib module linkedhash-list ++ ++libgnu_la_SOURCES += gl_linkedhash_list.h gl_linkedhash_list.c gl_anyhash1.h gl_anyhash2.h gl_anyhash_primes.h gl_anylinked_list1.h gl_anylinked_list2.h ++ ++## end gnulib module linkedhash-list ++ ++## begin gnulib module list ++ ++libgnu_la_SOURCES += gl_list.h gl_list.c ++ ++## end gnulib module list ++ + ## begin gnulib module lock + + libgnu_la_SOURCES += glthread/lock.h glthread/lock.c + + ## end gnulib module lock +--- a/m4/gnulib-comp.m4 ++++ b/m4/gnulib-comp.m4 +@@ -98,10 +98,12 @@ + # Code from module ldd: + # Code from module lib-msvc-compat: + # Code from module lib-symbol-versions: + # Code from module libc-config: + # Code from module limits-h: ++ # Code from module linkedhash-list: ++ # Code from module list: + # Code from module lock: + # Code from module lseek: + # Code from module maintainer-makefile: + # Code from module malloc-posix: + # Code from module malloca: +@@ -764,10 +766,19 @@ + lib/getdelim.c + lib/getdtablesize.c + lib/getline.c + lib/gettext.h + lib/gettimeofday.c ++ lib/gl_anyhash1.h ++ lib/gl_anyhash2.h ++ lib/gl_anyhash_primes.h ++ lib/gl_anylinked_list1.h ++ lib/gl_anylinked_list2.h ++ lib/gl_linkedhash_list.c ++ lib/gl_linkedhash_list.h ++ lib/gl_list.c ++ lib/gl_list.h + lib/glthread/lock.c + lib/glthread/lock.h + lib/glthread/threadlib.c + lib/hash-pjw-bare.c + lib/hash-pjw-bare.h diff --git a/debian/patches/60-auth-rsa_psk-side-step-potential-side-channel.patch b/debian/patches/60-auth-rsa_psk-side-step-potential-side-channel.patch new file mode 100644 index 0000000..e85c16a --- /dev/null +++ b/debian/patches/60-auth-rsa_psk-side-step-potential-side-channel.patch @@ -0,0 +1,229 @@ +From 29d6298d0b04cfff970b993915db71ba3f580b6d Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Mon, 23 Oct 2023 09:26:57 +0900 +Subject: [PATCH] auth/rsa_psk: side-step potential side-channel + +This removes branching that depends on secret data, porting changes +for regular RSA key exchange from +4804febddc2ed958e5ae774de2a8f85edeeff538 and +80a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the +allow_wrong_pms as it was used sorely to control debug output +depending on the branching. + +Signed-off-by: Daiki Ueno <ueno@gnu.org> +--- + lib/auth/rsa.c | 2 +- + lib/auth/rsa_psk.c | 90 ++++++++++++++++++---------------------------- + lib/gnutls_int.h | 4 --- + lib/priority.c | 1 - + 4 files changed, 35 insertions(+), 62 deletions(-) + +--- a/lib/auth/rsa.c ++++ b/lib/auth/rsa.c +@@ -205,11 +205,11 @@ proc_rsa_client_kx(gnutls_session_t sess + gnutls_privkey_decrypt_data2(session->internals.selected_key, + 0, &ciphertext, session->key.key.data, + session->key.key.size); + /* After this point, any conditional on failure that cause differences + * in execution may create a timing or cache access pattern side +- * channel that can be used as an oracle, so treat very carefully */ ++ * channel that can be used as an oracle, so tread carefully */ + + /* Error handling logic: + * In case decryption fails then don't inform the peer. Just use the + * random key previously generated. (in order to avoid attack against + * pkcs-1 formatting). +--- a/lib/auth/rsa_psk.c ++++ b/lib/auth/rsa_psk.c +@@ -262,18 +262,17 @@ static int + _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, + size_t _data_size) + { + gnutls_datum_t username; + psk_auth_info_t info; +- gnutls_datum_t plaintext; + gnutls_datum_t ciphertext; + gnutls_datum_t pwd_psk = { NULL, 0 }; + int ret, dsize; +- int randomize_key = 0; + ssize_t data_size = _data_size; + gnutls_psk_server_credentials_t cred; + gnutls_datum_t premaster_secret = { NULL, 0 }; ++ volatile uint8_t ver_maj, ver_min; + + cred = (gnutls_psk_server_credentials_t) + _gnutls_get_cred(session, GNUTLS_CRD_PSK); + + if (cred == NULL) { +@@ -327,75 +326,53 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + ciphertext.size = dsize; + +- ret = +- gnutls_privkey_decrypt_data(session->internals.selected_key, 0, +- &ciphertext, &plaintext); +- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { +- /* In case decryption fails then don't inform +- * the peer. Just use a random key. (in order to avoid +- * attack against pkcs-1 formatting). +- */ +- gnutls_assert(); +- _gnutls_debug_log +- ("auth_rsa_psk: Possible PKCS #1 format attack\n"); +- if (ret >= 0) { +- gnutls_free(plaintext.data); +- } +- randomize_key = 1; +- } else { +- /* If the secret was properly formatted, then +- * check the version number. +- */ +- if (_gnutls_get_adv_version_major(session) != +- plaintext.data[0] +- || (session->internals.allow_wrong_pms == 0 +- && _gnutls_get_adv_version_minor(session) != +- plaintext.data[1])) { +- /* No error is returned here, if the version number check +- * fails. We proceed normally. +- * That is to defend against the attack described in the paper +- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, +- * Ondej Pokorny and Tomas Rosa. +- */ +- gnutls_assert(); +- _gnutls_debug_log +- ("auth_rsa: Possible PKCS #1 version check format attack\n"); +- } +- } ++ ver_maj = _gnutls_get_adv_version_major(session); ++ ver_min = _gnutls_get_adv_version_minor(session); + ++ premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE); ++ if (premaster_secret.data == NULL) { + +- if (randomize_key != 0) { +- premaster_secret.size = GNUTLS_MASTER_SIZE; +- premaster_secret.data = +- gnutls_malloc(premaster_secret.size); +- if (premaster_secret.data == NULL) { +- gnutls_assert(); +- return GNUTLS_E_MEMORY_ERROR; +- } +- +- /* we do not need strong random numbers here. +- */ +- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data, +- premaster_secret.size); +- if (ret < 0) { +- gnutls_assert(); +- goto cleanup; +- } +- } else { +- premaster_secret.data = plaintext.data; +- premaster_secret.size = plaintext.size; ++ gnutls_assert(); ++ return GNUTLS_E_MEMORY_ERROR; + } ++ premaster_secret.size = GNUTLS_MASTER_SIZE; ++ ++ /* Fallback value when decryption fails. Needs to be unpredictable. */ ++ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data, ++ premaster_secret.size); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto cleanup; ++ } ++ ++ gnutls_privkey_decrypt_data2(session->internals.selected_key, 0, ++ &ciphertext, premaster_secret.data, ++ premaster_secret.size); ++ /* After this point, any conditional on failure that cause differences ++ * in execution may create a timing or cache access pattern side ++ * channel that can be used as an oracle, so tread carefully */ ++ ++ /* Error handling logic: ++ * In case decryption fails then don't inform the peer. Just use the ++ * random key previously generated. (in order to avoid attack against ++ * pkcs-1 formatting). ++ * ++ * If we get version mismatches no error is returned either. We ++ * proceed normally. This is to defend against the attack described ++ * in the paper "Attacking RSA-based sessions in SSL/TLS" by ++ * Vlastimil Klima, Ondej Pokorny and Tomas Rosa. ++ */ + + /* This is here to avoid the version check attack + * discussed above. + */ + +- premaster_secret.data[0] = _gnutls_get_adv_version_major(session); +- premaster_secret.data[1] = _gnutls_get_adv_version_minor(session); ++ premaster_secret.data[0] = ver_maj; ++ premaster_secret.data[1] = ver_min; + + /* find the key of this username + */ + ret = + _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk); +--- a/lib/gnutls_int.h ++++ b/lib/gnutls_int.h +@@ -983,11 +983,10 @@ struct gnutls_priority_st { + bool _allow_large_records; + bool _allow_small_records; + bool _no_etm; + bool _no_ext_master_secret; + bool _allow_key_usage_violation; +- bool _allow_wrong_pms; + bool _dumbfw; + unsigned int _dh_prime_bits; /* old (deprecated) variable */ + + DEF_ATOMIC_INT(usage_cnt); + }; +@@ -1001,20 +1000,18 @@ struct gnutls_priority_st { + (x)->allow_large_records = 1; \ + (x)->allow_small_records = 1; \ + (x)->no_etm = 1; \ + (x)->no_ext_master_secret = 1; \ + (x)->allow_key_usage_violation = 1; \ +- (x)->allow_wrong_pms = 1; \ + (x)->dumbfw = 1 + + #define ENABLE_PRIO_COMPAT(x) \ + (x)->_allow_large_records = 1; \ + (x)->_allow_small_records = 1; \ + (x)->_no_etm = 1; \ + (x)->_no_ext_master_secret = 1; \ + (x)->_allow_key_usage_violation = 1; \ +- (x)->_allow_wrong_pms = 1; \ + (x)->_dumbfw = 1 + + /* DH and RSA parameters types. + */ + typedef struct gnutls_dh_params_int { +@@ -1135,11 +1132,10 @@ typedef struct { + bool allow_large_records; + bool allow_small_records; + bool no_etm; + bool no_ext_master_secret; + bool allow_key_usage_violation; +- bool allow_wrong_pms; + bool dumbfw; + + /* old (deprecated) variable. This is used for both srp_prime_bits + * and dh_prime_bits as they don't overlap */ + /* For SRP: minimum bits to allow for SRP +--- a/lib/priority.c ++++ b/lib/priority.c +@@ -699,11 +699,10 @@ gnutls_priority_set(gnutls_session_t ses + COPY_TO_INTERNALS(allow_large_records); + COPY_TO_INTERNALS(allow_small_records); + COPY_TO_INTERNALS(no_etm); + COPY_TO_INTERNALS(no_ext_master_secret); + COPY_TO_INTERNALS(allow_key_usage_violation); +- COPY_TO_INTERNALS(allow_wrong_pms); + COPY_TO_INTERNALS(dumbfw); + COPY_TO_INTERNALS(dh_prime_bits); + + return 0; + } diff --git a/debian/patches/61-x509-detect-loop-in-certificate-chain.patch b/debian/patches/61-x509-detect-loop-in-certificate-chain.patch new file mode 100644 index 0000000..8464ca4 --- /dev/null +++ b/debian/patches/61-x509-detect-loop-in-certificate-chain.patch @@ -0,0 +1,188 @@ +From 9edbdaa84e38b1bfb53a7d72c1de44f8de373405 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Thu, 11 Jan 2024 15:45:11 +0900 +Subject: [PATCH 1/2] x509: detect loop in certificate chain +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There can be a loop in a certificate chain, when multiple CA +certificates are cross-signed with each other, such as A → B, B → C, +and C → A. Previously, the verification logic was not capable of +handling this scenario while sorting the certificates in the chain in +_gnutls_sort_clist, resulting in an assertion failure. This patch +properly detects such loop and aborts further processing in a graceful +manner. + +Signed-off-by: Daiki Ueno <ueno@gnu.org> +--- + lib/x509/common.c | 4 ++ + tests/test-chains.h | 125 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 129 insertions(+) + +--- a/lib/x509/common.c ++++ b/lib/x509/common.c +@@ -1794,10 +1794,14 @@ unsigned int _gnutls_sort_clist(gnutls_x + prev = issuer[prev]; + if (prev < 0) { /* no issuer */ + break; + } + ++ if (insorted[prev]) { /* loop detected */ ++ break; ++ } ++ + sorted[i] = clist[prev]; + insorted[prev] = 1; + } + + /* append the remaining certs */ +--- a/tests/test-chains.h ++++ b/tests/test-chains.h +@@ -4261,10 +4261,133 @@ static const char *rsa_sha1_not_in_trust + "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n" + "-----END CERTIFICATE-----\n", + NULL + }; + ++static const char *cross_signed[] = { ++ /* server (signed by A1) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBqDCCAVqgAwIBAgIUejlil+8DBffazcnMNwyOOP6yCCowBQYDK2VwMBoxGDAW\n" ++ "BgNVBAMTD0ludGVybWVkaWF0ZSBBMTAgFw0yNDAxMTEwNjI3MjJaGA85OTk5MTIz\n" ++ "MTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYDVQQD\n" ++ "Ew90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQA1ZVS0PcNeTPQMZ+FuVz82AHrj\n" ++ "qL5hWEpCDgpG4M4fxaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3Rl\n" ++ "c3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMC\n" ++ "B4AwHQYDVR0OBBYEFGtEUv+JSt+zPoO3lu0IiObZVoiNMB8GA1UdIwQYMBaAFPnY\n" ++ "v6Pw0IvKSqIlb6ewHyEAmTA3MAUGAytlcANBAAS2lyc87kH/aOvNKzPjqDwUYxPA\n" ++ "CfYjyaKea2d0DZLBM5+Bjnj/4aWwTKgVTJzWhLJcLtaSdVHrXqjr9NhEhQ0=\n" ++ "-----END CERTIFICATE-----\n", ++ /* A1 (signed by A) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBUjCCAQSgAwIBAgIUe/R+NVp04e74ySw2qgI6KZgFR20wBQYDK2VwMBExDzAN\n" ++ "BgNVBAMTBlJvb3QgQTAgFw0yNDAxMTEwNjI1MDFaGA85OTk5MTIzMTIzNTk1OVow\n" ++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEExMCowBQYDK2VwAyEAlkTNqwz973sy\n" ++ "u3whMjSiUMs77CZu5YA7Gi5KcakExrKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n" ++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT52L+j8NCLykqiJW+nsB8hAJkwNzAfBgNV\n" ++ "HSMEGDAWgBRbYgOkRGsd3Z74+CauX4htzLg0lzAFBgMrZXADQQBM0NBaFVPd3cTJ\n" ++ "DSaZNT34fsHuJk4eagpn8mBxKQpghq4s8Ap+nYtp2KiXjcizss53PeLXVnkfyLi0\n" ++ "TLVBHvUJ\n" ++ "-----END CERTIFICATE-----\n", ++ /* A (signed by B) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBSDCB+6ADAgECAhQtdJpg+qlPcLoRW8iiztJUD4xNvDAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MTk1OVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2hBs32p\n" ++ "WbnINkmOSNmOiZlGHKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMB8GA1UdIwQYMBaAFJFA\n" ++ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBAPv674p9ek5GjRcRfVQhgN+kQlHU\n" ++ "u774wL3Vx3fWA1E7+WchdMzcHrPoa5OKtKmxjIKUTO4SeDZL/AVpvulrWwk=\n" ++ "-----END CERTIFICATE-----\n", ++ /* A (signed by C) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n" ++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFEh/\n" ++ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb0+EBv\n" ++ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8=\n" ++ "-----END CERTIFICATE-----\n", ++ /* B1 (signed by B) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBUjCCAQSgAwIBAgIUfpmrVDc1XBA5/7QYMyGBuB9mTtUwBQYDK2VwMBExDzAN\n" ++ "BgNVBAMTBlJvb3QgQjAgFw0yNDAxMTEwNjI1MjdaGA85OTk5MTIzMTIzNTk1OVow\n" ++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEIxMCowBQYDK2VwAyEAh6ZTuJWsweVB\n" ++ "a5fsye5iq89kWDC2Y/Hlc0htLmjzMP+jYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n" ++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTMQu37PKyLjKfPODZgxYCaayff+jAfBgNV\n" ++ "HSMEGDAWgBSRQLNq4Oo/MPQCiLUZzjjoxthRujAFBgMrZXADQQBblmguY+lnYvOK\n" ++ "rAZJnqpEUGfm1tIFyu3rnlE7WOVcXRXMIoNApLH2iHIipQjlvNWuSBFBTC1qdewh\n" ++ "/e+0cgQB\n" ++ "-----END CERTIFICATE-----\n", ++ /* B (signed by A) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBSDCB+6ADAgECAhRpEm+dWNX6DMZh/nottkFfFFrXXDAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTcyNloYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n" ++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFFti\n" ++ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAFvmcK3Ida5ViVYDzxKVLPcPsCHe\n" ++ "3hxz99lBrerJC9iJSvRYTJoPBvjTxDYnBn5EFrQYMrUED+6i71lmGXNU9gs=\n" ++ "-----END CERTIFICATE-----\n", ++ /* B (signed by C) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7ReVifwM\n" ++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBaAFEh/\n" ++ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb0+EBv\n" ++ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8=\n" ++ "-----END CERTIFICATE-----\n", ++ /* C1 (signed by C) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBUjCCAQSgAwIBAgIUSKsfY1wD3eD2VmaaK1wt5naPckMwBQYDK2VwMBExDzAN\n" ++ "BgNVBAMTBlJvb3QgQzAgFw0yNDAxMTEwNjI1NDdaGA85OTk5MTIzMTIzNTk1OVow\n" ++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEMxMCowBQYDK2VwAyEA/t7i1chZlKkV\n" ++ "qxJOrmmyATn8XnpK+nV/iT4OMHSHfAyjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n" ++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRmpF3JjoP3NiBzE5J5ANT0bvfRmjAfBgNV\n" ++ "HSMEGDAWgBRIf1yoyLjHhGr1+UFaMt/UPhoZ8DAFBgMrZXADQQAeRBXv6WCTOp0G\n" ++ "3wgd8bbEGrrILfpi+qH7aj/MywgkPIlppDYRQ3jL6ASd+So/408dlE0DV9DXKBi0\n" ++ "725XUUYO\n" ++ "-----END CERTIFICATE-----\n", ++ /* C (signed by A) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBSDCB+6ADAgECAhRvbZv3SRTjDOiAbyFWHH4y0yMZkjAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTg1MVoYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e+qZEH\n" ++ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBaAFFti\n" ++ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAPl+SyiOfXJnjSWx8hFMhJ7w92mn\n" ++ "tkGifCFHBpUhYcBIMeMtLw0RBLXqaaN0EKlTFimiEkLClsU7DKYrpEEJegs=\n" ++ "-----END CERTIFICATE-----\n", ++ /* C (signed by B) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBSDCB+6ADAgECAhQU1OJWRVOLrGrgJiLwexd1/MwKkTAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MjAzMFoYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e+qZEH\n" ++ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBaAFJFA\n" ++ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBALXeyuj8vj6Q8j4l17VzZwmJl0gN\n" ++ "bCGoKMl0J/0NiN/fQRIsdbwQDh0RUN/RN3I6DTtB20ER6f3VdnzAh8nXkQ4=\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *cross_signed_ca[] = { ++ /* A (self-signed) */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIBJzCB2qADAgECAhQs1Ur+gzPs1ISxs3Tbs700q0CZcjAFBgMrZXAwETEPMA0G\n" ++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTYwMFoYDzk5OTkxMjMxMjM1OTU5WjAR\n" ++ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2hBs32p\n" ++ "WbnINkmOSNmOiZlGHKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\n" ++ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAHrVv7E9\n" ++ "5scuOVCH9gNRRm8Z9SUoLakRHAPnySdg6z/kI3vOgA/OM7reArpnW8l1H2FapgpL\n" ++ "bDeZ2XJH+BdVFwg=\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ + #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) + # pragma GCC diagnostic push + # pragma GCC diagnostic ignored "-Wunused-variable" + #endif + +@@ -4440,10 +4563,12 @@ static struct + 0, NULL, 1620052390, 1}, + { "rsa-sha1 not in trusted - not ok", + rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca, + GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1}, ++ { "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0, ++ 1704955300 }, + { NULL, NULL, NULL, 0, 0} + }; + + #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) + # pragma GCC diagnostic pop diff --git a/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch b/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch new file mode 100644 index 0000000..47de317 --- /dev/null +++ b/debian/patches/62-rsa-psk-minimize-branching-after-decryption.patch @@ -0,0 +1,129 @@ +From 40dbbd8de499668590e8af51a15799fbc430595e Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Wed, 10 Jan 2024 19:13:17 +0900 +Subject: [PATCH 2/2] rsa-psk: minimize branching after decryption + +This moves any non-trivial code between gnutls_privkey_decrypt_data2 +and the function return in _gnutls_proc_rsa_psk_client_kx up until the +decryption. This also avoids an extra memcpy to session->key.key. + +Signed-off-by: Daiki Ueno <ueno@gnu.org> +--- + lib/auth/rsa_psk.c | 69 ++++++++++++++++++++++++---------------------- + 1 file changed, 36 insertions(+), 33 deletions(-) + +--- a/lib/auth/rsa_psk.c ++++ b/lib/auth/rsa_psk.c +@@ -267,11 +267,10 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se + gnutls_datum_t ciphertext; + gnutls_datum_t pwd_psk = { NULL, 0 }; + int ret, dsize; + ssize_t data_size = _data_size; + gnutls_psk_server_credentials_t cred; +- gnutls_datum_t premaster_secret = { NULL, 0 }; + volatile uint8_t ver_maj, ver_min; + + cred = (gnutls_psk_server_credentials_t) + _gnutls_get_cred(session, GNUTLS_CRD_PSK); + +@@ -329,29 +328,52 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se + ciphertext.size = dsize; + + ver_maj = _gnutls_get_adv_version_major(session); + ver_min = _gnutls_get_adv_version_minor(session); + +- premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE); +- if (premaster_secret.data == NULL) { ++ /* Find the key of this username. A random value will be ++ * filled in if the key is not found. ++ */ ++ ret = _gnutls_psk_pwd_find_entry(session, info->username, ++ strlen(info->username), &pwd_psk); ++ if (ret < 0) ++ return gnutls_assert_val(ret); + +- gnutls_assert(); ++ /* Allocate memory for premaster secret, and fill in the ++ * fields except the decryption result. ++ */ ++ session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size; ++ session->key.key.data = gnutls_malloc(session->key.key.size); ++ if (session->key.key.data == NULL) { ++ gnutls_assert(); ++ _gnutls_free_key_datum(&pwd_psk); ++ /* No need to zeroize, as the secret is not copied in yet */ ++ _gnutls_free_datum(&session->key.key); + return GNUTLS_E_MEMORY_ERROR; + } +- premaster_secret.size = GNUTLS_MASTER_SIZE; + + /* Fallback value when decryption fails. Needs to be unpredictable. */ +- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data, +- premaster_secret.size); ++ ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2, ++ GNUTLS_MASTER_SIZE); + if (ret < 0) { + gnutls_assert(); +- goto cleanup; ++ _gnutls_free_key_datum(&pwd_psk); ++ /* No need to zeroize, as the secret is not copied in yet */ ++ _gnutls_free_datum(&session->key.key); ++ return ret; + } + ++ _gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data); ++ _gnutls_write_uint16(pwd_psk.size, ++ &session->key.key.data[2 + GNUTLS_MASTER_SIZE]); ++ memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2], pwd_psk.data, ++ pwd_psk.size); ++ _gnutls_free_key_datum(&pwd_psk); ++ + gnutls_privkey_decrypt_data2(session->internals.selected_key, 0, +- &ciphertext, premaster_secret.data, +- premaster_secret.size); ++ &ciphertext, session->key.key.data + 2, ++ GNUTLS_MASTER_SIZE); + /* After this point, any conditional on failure that cause differences + * in execution may create a timing or cache access pattern side + * channel that can be used as an oracle, so tread carefully */ + + /* Error handling logic: +@@ -367,35 +389,14 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se + + /* This is here to avoid the version check attack + * discussed above. + */ + +- premaster_secret.data[0] = ver_maj; +- premaster_secret.data[1] = ver_min; +- +- /* find the key of this username +- */ +- ret = +- _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk); +- if (ret < 0) { +- gnutls_assert(); +- goto cleanup; +- } +- +- ret = +- set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret); +- if (ret < 0) { +- gnutls_assert(); +- goto cleanup; +- } +- +- ret = 0; +- cleanup: +- _gnutls_free_key_datum(&pwd_psk); +- _gnutls_free_temp_key_datum(&premaster_secret); ++ session->key.key.data[2] = ver_maj; ++ session->key.key.data[3] = ver_min; + +- return ret; ++ return 0; + } + + static int + _gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, uint8_t * data, + size_t _data_size) diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..7e7162f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,8 @@ +14_version_gettextcat.diff +30_guile-snarf.diff +40_srptest_doubletimeout.diff +50_Fix-removal-of-duplicate-certs-during-verification.patch +51_add-gnulib-linkedhash-list-module.diff +60-auth-rsa_psk-side-step-potential-side-channel.patch +61-x509-detect-loop-in-certificate-chain.patch +62-rsa-psk-minimize-branching-after-decryption.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..d9ed51f --- /dev/null +++ b/debian/rules @@ -0,0 +1,130 @@ +#! /usr/bin/make -f +# Build the gnutls package for Debian. + +export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow +export DEB_CFLAGS_MAINT_APPEND := -Wall +export DEB_CXXFLAGS_MAINT_APPEND := -Wall + +include /usr/share/dpkg/pkg-info.mk + +# used by autogen +ifndef SOURCE_DATE_EPOCH + export MAN_PAGE_DATE = $(shell env LC_ALL=C date -u -d \ + "`dpkg-parsechangelog --show-field Date`" +%Y-%m-%d) +else + export MAN_PAGE_DATE = $(shell env LC_ALL=C date -u -d \ + "@$(SOURCE_DATE_EPOCH)" +%Y-%m-%d) +endif + +AMCONFBUILDINDEP := $(shell if dh_listpackages | grep -q gnutls-doc ; \ + then echo "--enable-gtk-doc" ; \ + else echo "--disable-gtk-doc --disable-doc"; fi) + +AMCONFBUILDGUILE := $(shell if dh_listpackages | grep -q guile-gnutls ; \ + then echo " --enable-guile" ; \ + else echo " --disable-guile" ; fi) + +CONFIGUREARGS = \ + --enable-ld-version-script --enable-cxx \ + --disable-rpath \ + --enable-libdane --without-tpm \ + --enable-openssl-compatibility \ + --disable-silent-rules \ + --with-unbound-root-key-file=/usr/share/dns/root.key \ + --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt \ + --with-packager=Debian \ + --with-packager-bug-reports=http://bugs.debian.org/ \ + --with-packager-version=$(DEB_VERSION) \ + +BDIR = -O--builddirectory=b4deb + +override_dh_auto_configure: + dh_auto_configure --verbose $(BDIR) -- \ + $(CONFIGUREARGS) \ + --enable-static \ + $(AMCONFBUILDGUILE) \ + $(AMCONFBUILDINDEP) + +override_dh_autoreconf: + rm -v `grep -rl gettext-0.20 m4/` + if ! dh_listpackages | grep -q gnutls-doc ; \ + then env GTKDOCIZE="echo DISABLED running gtkdocize" \ + dh_autoreconf --verbose $(BDIR) ; \ + else \ + dh_autoreconf --verbose $(BDIR) ; \ + fi + +override_dh_makeshlibs: + dh_makeshlibs $(BDIR) -p libgnutlsxx30 -V 'libgnutlsxx30 (>= 3.7.4)' + dh_makeshlibs $(BDIR) -p libgnutls30 \ + -V 'libgnutls30 (>= 3.7.0-0)' -- -c4 + dh_makeshlibs $(BDIR) -p libgnutls-dane0 \ + -V 'libgnutls-dane0 (>= 3.7.0-0)' \ + -- -c4 + dh_makeshlibs $(BDIR) -p libgnutls-openssl27 \ + -V 'libgnutls-openssl27 (>= 3.7.0-0)' \ + -- -c4 + dh_makeshlibs $(BDIR) --remaining-packages \ + -Xguile/2.2/ -Xguile/3.0/ + + +# pre-clean rule: save gnutls.pdf since it is expensive to regenerate. +# See README.source +override_dh_auto_clean: + if [ -e doc/gnutls.pdf ] ; then \ + mv -v doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi + if test -e Makefile ; then $(MAKE) distclean ; fi + #dh_auto_clean $(BDIR) --verbose + # restore gnutls.pdf + if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; \ + then mv -v doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi + +override_dh_auto_build: + dh_auto_build $(BDIR) --verbose +ifeq ($(filter --disable-doc,$(AMCONFBUILDINDEP)),) + $(MAKE) -C b4deb html + rm -f doc/gnutls.pdf && $(MAKE) -C b4deb/doc gnutls.pdf +else + $(MAKE) -C b4deb/doc/manpages +endif + +override_dh_auto_install: + dh_auto_install $(BDIR) --verbose +ifneq ($(filter --disable-doc,$(AMCONFBUILDINDEP)),) + $(MAKE) -C b4deb/doc/manpages DESTDIR=$(CURDIR)/debian/tmp install +else + $(MAKE) -C b4deb/doc/ DESTDIR=$(CURDIR)/debian/tmp install-html + # we symlink these + rm -vf debian/tmp/usr/share/info/*.png +endif + find debian/*/usr/lib/* -name '*.so.*.*' -type f -exec \ + chrpath -d {} + + +override_dh_installinfo: + dh_installinfo $(BDIR) + if test -e debian/gnutls-doc ; then \ + cd debian/gnutls-doc/usr/share/info && \ + sed -i -e 's:image src="\([^"]*.png"\):image src="/usr/share/doc/gnutls-doc/html/\1:g' *.info* ; \ + fi + +override_dh_installchangelogs: + dh_installchangelogs $(BDIR) + rm -vrf debian/libgnutlsxx30/usr/share/doc/libgnutlsxx30 + dh_link $(BDIR) -plibgnutlsxx30 usr/share/doc/libgnutls30 \ + usr/share/doc/libgnutlsxx30 + +override_dh_compress: + dh_compress $(BDIR) -X.pdf + +override_dh_auto_test: + dh_auto_test $(BDIR) --verbose -- VERBOSE=1 + +override_dh_clean: + dh_clean $(BDIR) -X.bak + +# Fails with "dwz: Section overlap detected" +override_dh_dwz: + dh_dwz $(BDIR) -Xextra.go -Xgnutls.go + +%: + dh $@ --builddirectory=b4deb diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..c8b93e0 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,6 @@ +# Only used as fallback with dpkg-dev < 1.18.8. debhelper 10 requires +# dpkg-dev (>= 1.18.2~), so we still need this. +gnutls28 source: debian-rules-parses-dpkg-parsechangelog +# False positives. Built by makeinfo --html +gnutls28 source: source-is-missing [doc/gnutls-guile.html] +gnutls28 source: source-is-missing [doc/gnutls.html] diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..ed87c39 --- /dev/null +++ b/debian/source/options @@ -0,0 +1,2 @@ +# Don't store changes on autogenerated files +extend-diff-ignore = "po/.*" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..7cc0ef3 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,11 @@ +Tests: run-upstream-testsuite +Depends: + build-essential, + ca-certificates, + datefudge, + freebsd-net-tools [kfreebsd-i386 kfreebsd-amd64], + net-tools [!kfreebsd-i386 !kfreebsd-amd64], + openssl, + softhsm2, + @, +Restrictions: rw-build-tree, allow-stderr diff --git a/debian/tests/run-upstream-testsuite b/debian/tests/run-upstream-testsuite new file mode 100755 index 0000000..d59c898 --- /dev/null +++ b/debian/tests/run-upstream-testsuite @@ -0,0 +1,73 @@ +#! /bin/sh + +set -e + +export srcdir=`pwd`/tests +export builddir=`pwd`/nonexist-builddir +PKGTDIR=`pwd`/b4deb/pkgtest + +rm -rf "$PKGTDIR" +mkdir -p "$PKGTDIR" "$PKGTDIR/top_builddir/tests" +export top_builddir="$PKGTDIR/top_builddir" + +printandrun() +{ + echo "$@" + "$@" +} + +printandrun \ + gcc \ + `env DEB_BUILD_MAINT_OPTIONS="hardening=+bindnow" dpkg-buildflags --get CPPFLAGS` \ + `env DEB_BUILD_MAINT_OPTIONS="hardening=+bindnow" dpkg-buildflags --get CFLAGS` \ + `env DEB_BUILD_MAINT_OPTIONS="hardening=+bindnow" dpkg-buildflags --get LDFLAGS` \ + -o ${top_builddir}/tests/datefudge-check tests/datefudge-check.c + +cd "$PKGTDIR" + +export CLI=/usr/bin/gnutls-cli \ + SERV=/usr/bin/gnutls-serv \ + CERTTOOL=/usr/bin/certtool P11TOOL=/usr/bin/p11tool \ + PSKTOOL=/usr/bin/psktool DANETOOL=/usr/bin/danetool \ + DCLI=/usr/bin/gnutls-cli-debug \ + OCSPTOOL=/usr/bin/ocsptool \ + ENABLE_GOST=1 \ + PKCS12_ITER_COUNT=600000 + +# Set the sizeof(time_t) to the correct value for the platform, to ensure we +# run the correct tests. +if test -z "${ac_cv_sizeof_time_t}"; then + if [ "$(date --date=@2147483648 +%Y 2>/dev/null)" = "2038" ]; then + export ac_cv_sizeof_time_t=8 + else + export ac_cv_sizeof_time_t=4 + fi +fi + +count=1 +for i in $(find ../../tests/ -type f -perm -u+rx | \ + grep -Ev 'tests/gnutls-cli-debug.sh|tests/system-override-hash.sh|tests/pkgconfig.sh|tests/system-override-sig.sh|tests/system-override-sig-allowlist.sh|tests/system-override-sig-tls.sh|tests/tls13/prf-early.sh|tests/dtls/dtls.sh|tests/dtls/dtls-resume.sh|tests/cert-tests/tolerate-invalid-time.sh|tests/slow/|tests/protocol-set-allowlist.sh|tests/system-override-hash-allowlist.sh|tests/system-override-curves-allowlist.sh|tests/ktls.sh' \ + | env LC_COLLATE=C.UTF-8 sort) ; do + echo "running [$count]$i ..." + case $(dirname $i) in + */tests/suite) + d=suite;; + */tests/cert-tests) + d=cert-tests;; + */tests/slow) + d=slow;; + *) + d="";; + esac + if env srcdir=../../tests/$d $i ; then + echo SUCCESS [$count]$i + else + if [ $? = 77 ] ; then + echo SKIPPED [$count]$i + else + echo FAIL [$count]$i + false + fi + fi + count=$((${count}+1)) +done diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..8773b43 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGRBEgd5bQBDCDc8Z7h2Damx3Xm+kMFXMKHqVUdPOqvcFT0c1gnQ9LPw3JiswvB +dM3SBRb2LxtEAnXt0Bw8WBbcCF9s05h8xjCSLDmBwQ1EBEeTvUN18TgeM6t4rNTZ +NrXl5wRmvkAzdO+EOHWx2gDRApLbdkkBK21+M6HPhtqRiMWK6zd5bPmiiAKNRv0G +aC71qUpdNSrWVzB02s8+LUivwH+kUksMX2nXps7b6RPhQyFl6FSv0LsHDd3yxRrB +JIikUAsSnQbDSPws+Srq1VFLhaARiPF2tg7ag1n4qbbZiK3XOSjK3X+b2XkdZrWY +7orBke/J1cMv/9XnqtsE1P1EYcuPk34yxjz/E5+0vf8DlzQ86c2DHRCpr81XV3qD +tNeouQFLDI1kkpG6QTY3S2SPMUht8V8JxhqBzbjWZmKGUf1ISYI2p9FqtXF4rL2D +u1QLPQGLwqYaUvnGCYFxEMpnDcYheF6zOUtow527WgrJcATDXW/HCzidwi2+o/cU +bdCeYOiN28IMCOIBJZjLABEBAAG0KU5pa29zIE1hdnJvZ2lhbm5vcG91bG9zIDxu +bWF2QGdudXRscy5vcmc+iQHDBBMBAgApAhsDBQklmAYABgsJCAcDAgQVAggDBBYC +AwECHgECF4AFAkjOsAcCGQEACgkQKe5YuZaGUXH5IgwbBS80+nEmYoVB/53P8Ewm +3qOIOkn0OQSXHeIsE+lhxxe2nCjl2wou3ydwjenYELk7x7WiNsD2R+x0zLmp+RnH +N5Mfik5X4pTwlE/511H4VSbG32MPp9KUnjqqmGB3zEIhybDPABUBb2ZZzRn6UK+s +Wx0hFdgrFcxQScoKxV2x/AALNSJXsYLbM3Xubfb7Uc+LPLgOQqCt1eDD6wGvYkx3 +kJ+rYbZXE32IiFbwhH++MuApPJv/DnSnhLmQdwuqLn+L1z4jAJ7Lv2tZ9tq9ZGYE +lil0pdzelPvoh1njSGFmG9+2R7tiHD/ZpWxbRPfUZ8aVeX7jUeLfO3KZbNY0lwgO +fMrWWlHq2219Jabvc5nVv2dp3DKQCcz0HAtW2vumjBTN1na8dDSWXzlvLzXs4+Aw +4X0fSP+K6SJlVSscmCDLxWIMC9+yrdxWDafOsRWPgrFIRk2YIdeU7Bah7qAIrqGV +19/NRPHmwuNOwW169Voo74EfnrMBb6THxvOVdd/ToGou9zYYQLQ3Tmlrb3MgTWF2 +cm9naWFubm9wb3Vsb3MgPG4ubWF2cm9naWFubm9wb3Vsb3NAZ21haWwuY29tPokB +wAQTAQIAJgUCSB3m1QIbAwUJJZgGAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJ +ECnuWLmWhlFxC+MMHiboc7xtuJFKBhF3tStS5KZE1yhY/dbaZ63K1Kr26BGwWGCX +eWUcQySBZMRfOxBM9lc+rubto1c9ryz+JsP6pkBsVJG8khKun8T5zWAK3gBCb+cP +fYXlEixUqmD0nSkrusKszIuUP4+Ib76MmsbeKe6TgqtzcQeP3Ysml8SdWBolHRqP +C5Uc1339A6uSvFDuOUtySX1laaq5PKb8YKWwfs1w+erBztg7ScbVf+X0cma9LJoc +aLhSfOMLxOqHhq+zUDa5R9ejQ4LAs7rVuqey3WUjICfse2J1U0Eh9BcoN3eNbP5b +DJmTQZGDNEF9FZKGmLKbFWLctZSC1cvQVMQr+kWke8huGmK82rVE9N66U7W474Fv +vxVjO9DHdwhf3qBGipql0j3M7wGUTN72WPWBmxFUGVZWRHnwhme49i06a4igZfc0 +VpMGTisgo95cTMIYL+J4cMcSfb2ZmguTz1WsKr7tY0p1JiOI9wwulFia8FwlLFjp +jGczmt+IFJbmG5Xe5i5lDz20K05pa29zIE1hdnJvZ2lhbm5vcG91bG9zIDxubWF2 +QGh1c2htYWlsLmNvbT6JAcIEEwECACgFAlEr1B4CGwMFCSWYBgAGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheAAAoJECnuWLmWhlFxgkgMII6qnB3KwgO4rNQyOf1dE1Ui +s4iJOuDULc9zYiP1lxDHROx7v4F3d5UTmxUL1v1D/1k+ln4rlyoJjHUImCZEzHC1 +Bf7rk0fy74E2gO7ilCTao9jrxn4VQOmigujpyAQfN05mzKxNoz2nJQWruGTndIqR +s+CESgNam5KZ1SOEIeM3JQ+gF5UO9JvRRTxLazXdjZAnAubQ4Hhy84n0Tag5YeYp +1dy6CF7OsSBj/oNrxdLK+vAYR77rX9npis8lpAiFSKasBGWk/Ar7xFBVV1vaZm1N +wXSp+EPH8q6hFWmbTrWvfI1aPJOVT9jGqsljjV8uPKGxzi1s+5IzUATrOp592AfG +C3AGEqVHaHdCngHlbpUsqbXK5OMItMax/yBAdduFPWIXNCIXlCj9350fsu1KCH9s +qn2rd8A0wPlj4AW7w1JFGTS5GcGv/45QEkURle2iOZSm6I8Zm88JaWnBoY4M2T3V +OuwhWSiljRHO3kpJQWnTs62Qv64kShhNESaTmnAa4M6BCFG5AQ0EWnlA6QEIALDZ +eBJYk87ac2obyhVuVBm3RWdCH7ppQgsriCluk5fJOSKgprqVWm++AoEGq04R+iNM +yxo/qxVjrJfIqGpPlYaE7eR36E8yL3iFOZqy3C/oYEi35rKHzSRv81DXEw8vqCTx +QhDBGxW8wK8GE5CW7Su5QvW3NJwlWT1cFpBS4ythQdIDm2ZX1c6xzIdOztzmZwxJ +reAzx7lMcuY7bQ9l8jkL3OcWRYUGQjLjvNXXPsLqA4bt+7xrldKQxxJJyzY0HWNC +R4MzSWA0XWniPKuoxeVx9dOu37csxboTKBR9mjXt6ZujbPSH0KOdQGGWL8I2MwXx +5yvgQPsEckKD3AP4zLkAEQEAAYkC9gQYAQgAJhYhBB9CQYkF2CBqp1TM3CnuWLmW +hlFxBQJaeUDpAhsCBQkSzAMAAUAJECnuWLmWhlFxwHQgBBkBCAAdFiEEWfu1XKfz +qKsMUDdz2BxIh/FnmmUFAlp5QOkACgkQ2BxIh/FnmmU2awf+KH4sUwIEnN75U0g7 +E7ub/aD9xbx2HCdCqgK+IUuasb4rpU13QpKi+Pyob7KlV4Ci4+uJw9cvlUbkebKF +WdbuyUE1XfY4xEZSNTR+HL6bpE6vuRuWxf/u4gTwB0hmk3FZ3WR18Z+vUO255Ys+ +/q055GLbpXZOYNN9ltdcJ8GrQqygtmfkGKm4Qv7DBlW8Uhj9bZFql6AieTIfAXYr +fPuKmn3fsB2zjizSxxmFCgaHkVMEdOzfGIR+3icX1VdLASwy54LTuU9OlY0LFXlC +bi6obaFP6M+XpZQiL84qUc4ETVslDXLiEuVotQurTvhGrcPePnkmy6JuTOexMhsi +YkaN7dgVDCCFvMTbhsv2ExkRU+5dnO9Ulh42OdA2zZfiQo8gDorS7RBi7RySbcb/ +QJppRyfgiw8NArZto98YJNim5Hh0CqWovHfBXnuK87FVPVmp1F/IYO8r9yFxHRaS +CWjTCpHnnZgq0zD64c9U7YciUgWyzfLSqy3b+SDzrxkCKyXbGlQcmRQ7sWzUiqqJ +1b1WA8QPsTO+hPvALkZQXGLc8m5VyMCFGvpJBnYQUBqdIQXQKmCquIhVkVZasuOD +O17fEVJNcrvbtvnPgXIrTp5amDiJjqdkx4YzRni4uxg6rcIsxjUhM9ae+rzlBK73 +MEewzclXMrmKw/x1VeEKdejY8tIZxwOuzQdtwgeyDebcifBrER2/8D3f+/LSXnXi +VCeSzuhXW7zVdknRcymH1FRplnADzObIAdNlBuvx6YWoNPdoHzp6ngKwFoN6ZOjV +srFguqQWVkTTLxMZ0X95ByAJ+I97LlKIbj4a+5yiBKFLSGweiKKxo/bIVYvdYSHG +IjPZhb5FCeXKfNWvuQENBFp5QQoBCAC1TvWcxHa3t/Na7MQK/SSzNbgq29NLdT62 +JX6xtbmmAp8dTKURPpEWbK/eFoWXHDeoc43VOdC5yseWSmZK6kPaEH/XJfmczSGr +HPPm6KScl8u3FbzjGZaI7KsUCxww/8PSGUy55xrUo6RdI6QIPoPXT4phIRvaPfn4 +UMccwM4dtmiG6hSltgsFejbDW0OYulJiFlpM/gkNDHucSV8+xuxHQbTXhhEOm4tQ +LYWsVtXzBi6roy+nUkuEFWDDnal2EoJ26COgmSaiYLw2ErkCa5jlrR84lD+3DB0F +Yq3j77J3P76WeZTaBppdJDJRLA8MKN5z78UHVzRkns7d615atDrdABEBAAGJAcAE +GAEIACYWIQQfQkGJBdggaqdUzNwp7li5loZRcQUCWnlBCgIbDAUJEswDAAAKCRAp +7li5loZRcUXnDB4sdi46PXOI4pycMs1l2neRFmyNaXJNSPcK6uvR1yYltfDtZbll +hfnwThxVghIf7nHHh9FeuREuBuE3RxdEe0EQPI20iduSoyob1oIQaLuiS2A70XGP +wKIKreewQZ7BZTCMVbE/DoiOc1rFupGg0wAlW0U5Sll83AAoOvHmFRNKIvj33X3J +rcNILuk0QzMBbkN8R8RE/lq8TqpkWNgxUPFUUh6RmgInikIii1N5lZyw/c14mPFO +2YDtTFlSrclRXMYKK9JGAWpDIoSsNObgYOrm5Bo9pdZJph63xI2pMhuwuAVtyVvV +54BGzhm+z9XCAnu5TrmcPwUMb2Hb/0OsOHCgVwChRTrtpFjyENMXQkLdBDYLg0tV +u9tZNjGCbPruHzY4ajDvkgzBHcMDHhMdhcI6l5bpCAnpHYRBPLRM8v9FYbGE97T9 +g/Su1w4ZnZjPoime0JeiCB8pPCnfltxFhkNnJQ7GCVh7wusuygB9qJ5sTNoelQxp +vNv4+Rf44bJMHaxnzi5xmQINBEpn7i4BEACh0wFe2B53UlIxWOQ3wrK3TIyHpmz9 +zyMCkdIP7x1b74Z/SxZA7N8uOk5BQh3GLBnYThJl3MSWOAgpbouyI5Eh9f+yZ27A +oBkQcd8JeHckbLvXCxG8GPOn1cqSBUsus+6tuG86LI3rudJSKsFZ2uH0amRfJSBB +nybrosy5dTn55GIJ3BbqWdaTP7uNFWRMzi6DA49m880hJ2qunkuAOX/q8kvKpfRu +JCdme9kXZc1l88FqGUEldCVYpG+SjdCFP9CmZJRYhF6UuRHSZXyJTw1WMmop7gYj +2F3QTsodnf1e9eDju/yWpzmPB4WACtrrO7wzPlufselFNIrHwx6tykvzflaYTg2b +rn9opmZTAM7eYXhBk8AEvOXCg1q4UXiSGtFpowBUVtoOGQHlSC218OnQyaMEsC7C +agb1EQqZNbXnvcMVzMIcXcKHFSAQrk5+IfNTQOok8FIWXWm8TYVDqVIpWEKDgHj0 +PwcPWtpkhjlgIP01a5uvrvv0w1Tq2NcjLppyYynoEvEbGWojku4lyCUWdWAL9n5h +3IClyBCqdH8OMtdL3WibGIlkbOcWXfsR+FURCv5eswMRAlZKuzLf6YyDzpZVWyOo +e+Qc+S4Dl8J+WeY7PquNJwGdtLklSi0436VYKup4kgoT3iAHYVOBt0K03nDtgnsm +2UxiER+e190YVwARAQABtBlEYWlraSBVZW5vIDx1ZW5vQGdudS5vcmc+iQJVBBMB +AgA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBEYiJcO0bzSHn8hJbNYF +hI7X5phxBQJbqxq7BQkaqS4NAAoJENYFhI7X5phxHx8P/AhCp8NYKOf4ygPuQBfB +X9mnr+NIvdQKDKWlYHeA64vnRtUR6XBJte29ibKgCeNRKMYZlW9rlWx0HvEXBiOh +WSeRXRZ+XNXMA5/KlvMXPIvo5JiBhgqRuKnDbzo8Q+O31cIfgp2fIOM73BAoB0rg +u8zol2cJKiyeDgjj4xTuF0lQJ6p5vCq9ZyoqxlBljCAAX7cwiTSUeYS92p6m50fa +BZkptYw5FfsLN/x5agOMwoG1D2c09s4ml0ZTwFK3kxZ9oqIUiRyLiPTQNIleiqhK +UTBb/uZVBgJLRjF5Dh3dDTYFtNnAcagsrySRtm9saEwbs7C6F15CT/T+MimkugV0 +xhdjl+iYiY1npog8pExAP8uap2sB6n36NvPWuFnbC8OZ7JddTGEdYpLvd1jGXpoA +WliDbXDsZFueEUvIKWhF2BrPY4DidnigsmNWDUq7BpZ3NsTlsh5siHPdtVFzG0kd +Csw4o88720iGQLkrQS+2KFe9Fa2cH5tSBWdNi6orHXeRiL+dMOLThKJpK5jqSTBp +5UbjaHZFX7iqBkxe2K3VDrRT8PSOlPxV0vBMuAxjhViCbCYtvvfhbqLK+/ZKCcPa +nsBD+tb7L4qPPRmLMKnxJTJUMn/Vthaa6zgzG2g8aEaN0BlfTIY2zNpx8RH2gG+9 +sX00aosk/ZBJhCVOLT9BXIbitB5EYWlraSBVZW5vIDx1ZW5vQHVuaXh1c2VyLm9y +Zz6JAlQEEwECAD4CGwMCHgECF4AFCwkIBwMFFQoJCAsFFgIDAQAWIQRGIiXDtG80 +h5/ISWzWBYSO1+aYcQUCW6sauwUJGqkuDQAKCRDWBYSO1+aYce6mD/0dP6AsDYzN +La3iRC+1NQgGjw/FTDq85Rb3OCseaSauVS6DE6ZdYpIMpPywGzZXlnYMQhLQBn+D +WyPZ8cleiYdhMBksC3/x1SoecepFsETKqUmOTXICbEHgCKIyU9LotxwDcDcb6nCB +wrD5Qo0myonYBJJfzxokiY/1Ij/zieWdA6ioO4a3dvV4FbgTCCnBUF8rIh38vjfv +VEGx7W+qo5K4kWQGeCW+kC68CMzKijiDY9jTSrcR9QGqLMS0PqXLJkQNzkDzypOa +bUBO9PkfjohmxW35C+FLooI4TAH/apqaYjJ8avYJLf5S7XgqUxWWdhXi/ZkirvXj +dI3sMHlVXGXYJtL1Zrm+Jq65HIiRpfC3t3WRt7GdSmIp5OoEm2GPGyQn2KN+viak +MfSpsgECi1fGMIEBpR8sv+rx2XbD0bLoJkdHW2RF8a9FRPwiNuhHevLtmcbbHFXb +q1njYbBZyaWPA5Y2ofEGJ5Dm0aew8hDFKg/XAwuyZZoHavH3vSCD8VTXw4B7m+oI +deXQO13UVgdhXda7UkNMTP7KN63zA67LCduUU5GwOoCzcueDTtT89sabLi9zC5VR +dMRXQiH+yw/eb4pH3F2OkYmicJ4g0um5tVDpGkc4Bv6ORREUuxGvXKMLMaMcqcmw +x3nx9EJ++CegeAbYBAd3IH4iR4xY0s03HrkCDQRLa0+8ARAAo0ZzSl6Yg/7W1Uoh +d24nGaX+AtSRSA77yR0GRLit+UqngHv7VKTAMGwX4FubBMVKAdwstZRCtgYtZDux +lPrZHQh4Yuo63C2IjIO0F2r2Gf3m2B1X4VWNrxoTiVc+KptP1r0GE9zqSUqqw9Y0 +/gG0aQ8RZPYdggT8Na6Aa4fE6mCsiDgT0rMC8D9OSCpPYe0sEJ5f7LV0XISzFWjK +yi991dm6WUiODbWISUBs1+zx1bL+CWAQlwnhUYQCcCy8knxjNw13QAobDo7RqG/7 +FvOCr+WDOubB8ZoYreDQuaOSMVUJ7b2GjrE2nxfSjgvHoKLLT7AEcVDTYoRmLyeV +i/DUtsEFTFrIkTCvv0LCujxDF58uKvfpTDxgWabhonFF+vESCCcpwGh2rXaKwNIR +Ug0CFcW4Q00HawZ5rX0sd92HfS5WlvqBc96DbbFD+eyUDL5+/0WDEoXkarZYUjjh +0Ffw3TkaNgdboXdg5bmTs7Fc/PKP9nmfXYTvAKzYUEaVoHMe3avpCOxclB9CHa8N +vag9yE/z5xDkxfOK6JdBxGoD9aM1Qd9pKySA0UJXk5nU6ILU+vRWCx5yvX2K5NZt +z3HN01m/9TwnHHDdA9kSQpdpK8ucCXceoNm4u8IOLcKUSbIYuY0RDyQABjcuTCgP +qKJ+g+oG8MDT98bs///QVNAFA2EAEQEAAYkCHwQYAQIACQUCS2tPvAIbDAAKCRDW +BYSO1+aYcTCsEACfo4LesDjAi8dc7EYt6cRkEKuxZlSTSWGddiRKdriwtYfRNPFf +mkF2Xu6W6JyJV783iITpekdUps/ypsqJcvQvUyIbTIZGa7MaHK4mizOyMSHwrstI +pxb7/WxKIAgjVcRaY1dQz7HDFVESkII2zUHCns8ijlKuOyAqvHjecJmu9ppcUVUc +VEx4ud0qJH2/WLq4VR63FsfxEjEe8x0gsI7X0OvXO+/miEycKHFWsZVFUGAgmrwj +gdYGA453+Rde4PsxhgsO3TfL4OAdOPKMoPEYkpwJjdpbeIn36jwFU1PK4sQ0RpIK +cWIjJBgnWqh8ErvprgmvOQDPa/ViuliLkUBI4djzbE5PpbWpky3xVAtLDqRvvC3r +Q9YSNwVkqX4E+Z3J1EXJ5mp7IlU9Bsu97z13/kx8J2OLwGOaNF/d7NrMnw1+2Ua4 +S4NDASrs/3iAUSwxWsJI6Xvt5g2DFaNUtQ6YO2LfCL5QxUJVkZSErqIIDOPOiUDX +43UtGYhJNZiI2uMPEWAydhZOoXKEe+eH4WbVC4F8xNBERmk36RZRruI2lpslopHW +s/qH+QEdPZi5eioQg7qidS36aJIHXlCDsMXv+u8U+cMhlive34yRo+WaOlcRRX+m +x2fK1VYVwbEd1jQ0D5H97h57JOGBF63kz7T70O7KeP8AKl9ar93FdtZF9g== +=WPT3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..35b421f --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 +opts=uversionmangle=s/(.*\d)(pre\d*)$/$1~$2/,pgpsigurlmangle=s/$/.sig/ \ +https://www.gnupg.org/ftp/gcrypt/gnutls/v3.(\d+)/ \ +gnutls-(3\.\d[^w]*)\.(?:tgz|zip|tar\.(?:gz|bz2|xz)) |