diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 4183 |
1 files changed, 4183 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..34bc950 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,4183 @@ +gnutls28 (3.7.9-2+deb12u2) bookworm; urgency=medium + + * Cherrypick two CVE fixes from 3.8.3: + Fix assertion failure when verifying a certificate chain with a cycle of + cross signatures. CVE-2024-0567 GNUTLS-SA-2024-01-09 Closes: #1061045 + Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553 + GNUTLS-SA-2024-01-14 Closes: #1061046 + + -- Andreas Metzler <ametzler@debian.org> Fri, 19 Jan 2024 18:28:37 +0100 + +gnutls28 (3.7.9-2+deb12u1) bookworm; urgency=medium + + * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel + in RSA-PSK key exchange) from 3.8.2. Closes: #1056188 + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Nov 2023 07:50:48 +0100 + +gnutls28 (3.7.9-2) unstable; urgency=medium + + * CI: Do not try to run tests/ktls.sh, it uses a helper binary. (Plus gnutls + is not built with ktls support on Debian yet.) Closes: #1034350 + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Apr 2023 13:45:57 +0200 + +gnutls28 (3.7.9-1) unstable; urgency=medium + + * Drop unused lintian override. + * New upstream version. + + Drop cherrypicked patches. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Feb 2023 07:00:58 +0100 + +gnutls28 (3.7.8-5) unstable; urgency=high + + [ Debian Janitor ] + * Remove constraints unnecessary since buster (oldstable): + + Build-Depends: Drop versioned constraint on libp11-kit-dev, + libtasn1-6-dev, libunbound-dev and libunistring-dev. + + Build-Depends-Indep: Drop versioned constraint on texinfo. + + libgnutls28-dev: Drop versioned constraint on libp11-kit-dev in Depends. + + [ Andreas Metzler ] + * 55_01-auth-rsa-side-step-potential-side-channel.patch + 55_02-rsa-remove-dead-code.patch 55_03-document-the-CVE-fix.patch: + Effectively update to 3.7.9, fixing GNUTLS-SA-2020-07-14 / CVE-2023-0361 + + -- Andreas Metzler <ametzler@debian.org> Fri, 10 Feb 2023 07:29:17 +0100 + +gnutls28 (3.7.8-4) unstable; urgency=low + + * Replace 50_Fix-removal-of-duplicate-certs-during-verification.patch with + version merged to upstream GIT master. Add + 51_add-gnulib-linkedhash-list-module.diff since the new patch uses + gnulib's linkedhash-list module. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 31 Oct 2022 18:10:09 +0100 + +gnutls28 (3.7.8-3) experimental; urgency=low + + * 50_Fix-removal-of-duplicate-certs-during-verification.patch frpm + https://gitlab.com/gnutls/gnutls/-/merge_requests/1653 fixes chain + verification error on duplicate server cert in chain. + Closes: #1007138 + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2022 13:51:15 +0200 + +gnutls28 (3.7.8-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Oct 2022 13:28:06 +0200 + +gnutls28 (3.7.8-1) experimental; urgency=low + + * New upstream version. + + Drop 50_01-Avoid-redirection-bashism-in-testsuite.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Oct 2022 13:48:17 +0200 + +gnutls28 (3.7.7-2) unstable; urgency=medium + + * 50_01-Avoid-redirection-bashism-in-testsuite.patch: Fix CI error. + + -- Andreas Metzler <ametzler@debian.org> Sun, 31 Jul 2022 10:32:04 +0200 + +gnutls28 (3.7.7-1) unstable; urgency=low + + * New upstream bugfix release: Fixes double free during verification of + pkcs7 signatures. [GNUTLS-SA-2022-07-07, CVSS: medium] [CVE-2022-2509] + + Update symbol file. + * Add lintian overrides for source-is-missing false positives. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Jul 2022 14:09:32 +0200 + +gnutls28 (3.7.6-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Jun 2022 10:23:16 +0200 + +gnutls28 (3.7.6-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 May 2022 14:31:39 +0200 + +gnutls28 (3.7.5-1) experimental; urgency=low + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 May 2022 08:16:07 +0200 + +gnutls28 (3.7.4-2) unstable; urgency=low + + * 40_srptest_doubletimeout.diff: Increase timeout for tests/srp to fix + occasionasonal error on slow buildds (mipsel, hppa). + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 14 Apr 2022 08:54:25 +0200 + +gnutls28 (3.7.4-1) experimental; urgency=low + + * Drop superfluous dependency on libopts25-dev. + * New upstream version. + + Drop superfluous patches. (40_bashism_in_test.diff + 41_more_bashism_in_test.diff) + + Update symbol file. + + libgnutlsxx soname bumped due to ABI break in .1 (db_check_entry and + db_check_entry now have const parameters). + + -- Andreas Metzler <ametzler@debian.org> Sun, 03 Apr 2022 13:30:32 +0200 + +gnutls28 (3.7.3-4) unstable; urgency=low + + [ Helmut Grohne ] + * Fix FTCBFS: Annotate python3 dependency with :any. (Closes: #1004183) + + [ Andreas Metzler ] + * CI: Sort test list. + * CI: Skip another test wrapping a binary test. + * CI: Fix missed &> redirection. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Jan 2022 08:14:48 +0100 + +gnutls28 (3.7.3-3) unstable; urgency=low + + * Fix CI errors: + + Set PKCS12_ITER_COUNT=600000, avoid more tests requiring a special test + binary. + + 40_bashism_in_test.diff: Avoid &> redirection. + + -- Andreas Metzler <ametzler@debian.org> Sat, 22 Jan 2022 07:45:00 +0100 + +gnutls28 (3.7.3-2) unstable; urgency=low + + * B-d on python3 instead of python3-minimal, the json module is not part of + -minimal. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 20 Jan 2022 18:40:59 +0100 + +gnutls28 (3.7.3-1) experimental; urgency=low + + * New upstream version. + + Does not use GNU autogen anymore, update Build-Depends. + + Drop 40_fix-gtk-mkhtml.patch. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Tue, 18 Jan 2022 18:58:41 +0100 + +gnutls28 (3.7.2-5) unstable; urgency=medium + + * 40_fix-gtk-mkhtml.patch by Dennis Filder fixes gtk-doc generation. + Closes: #1003075 + * Cherrypick some improvements to debian/rules suggested by Dennis Filder. + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Jan 2022 18:46:29 +0100 + +gnutls28 (3.7.2-4) unstable; urgency=low + + * Run wrap-and-sort -ast, and drop depends/b-d on libgmp > 2:6 since even + oldstable uses this version. + * Upload to unstable + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 Dec 2021 13:57:12 +0100 + +gnutls28 (3.7.2-3) experimental; urgency=medium + + * Another test build against guile-3.0. #964284 + + -- Andreas Metzler <ametzler@debian.org> Sun, 29 Aug 2021 14:29:40 +0200 + +gnutls28 (3.7.2-2) unstable; urgency=low + + * Invoke dh_autoreconf with GTKDOCIZE=echo for arch-only builds, fixing + FTBFS. Closes: #992849 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Tue, 24 Aug 2021 19:46:02 +0200 + +gnutls28 (3.7.2-1) experimental; urgency=medium + + * New upstream version. + + Drop debian/patches/5[56]*. + + Update libgnutls30.symbols. + + Update copyright file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 20 Jun 2021 13:49:44 +0200 + +gnutls28 (3.7.1-5) unstable; urgency=medium + + * Another fix from 3.7.2: + 56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch + * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff applied upstream, renamed to + 56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 May 2021 12:14:30 +0200 + +gnutls28 (3.7.1-4) unstable; urgency=medium + + * Pull fixes from upstream Git master + + Ensure array allocations overflow safe. + https://gitlab.com/gnutls/gnutls/-/issues/1179 + 56_15-mem-add-_gnutls_reallocarray-and-_gnutls_reallocarra.patch + 56_16-pkcs11x-find_ext_cb-fix-error-propagation.patch + 56_17-build-avoid-potential-integer-overflow-in-array-allo.patch + 56_18-build-avoid-integer-overflow-in-additions.patch + 56_19-_gnutls_calloc-remove-unused-function.patch + + Add option to disable TLS 1.3 middlebox compatibility mode + https://gitlab.com/gnutls/gnutls/-/issues/1208 + 56_20-priority-add-option-to-disable-TLS-1.3-middlebox-com.patch + (Changes gperf input file, add b-d on gperf.) + + Fix session-id changing when responding to HelloRetryRequest + 56_24-handshake-don-t-regenerate-legacy_session_id-in-seco.patch + https://gitlab.com/gnutls/gnutls/-/issues/1210 + + Fix timing of sending TLSv1.3 early data. + 56_28-handshake-fix-timing-of-sending-early-data.patch + https://gitlab.com/gnutls/gnutls/-/issues/1146 + + -- Andreas Metzler <ametzler@debian.org> Sun, 25 Apr 2021 12:55:14 +0200 + +gnutls28 (3.7.1-3) unstable; urgency=low + + * Rename/refetch + *build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has + been merged into upstream GIT. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Tue, 30 Mar 2021 11:21:58 +0200 + +gnutls28 (3.7.1-2) experimental; urgency=medium + + * Also run ocsptool tests in autopkgtest. + * Add CVE numbers to previous changelog entry. + * Pull selected fixes from upstream GIT: + + 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch + + 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch + + 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch + + 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch + + 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch + + 56_04-examples-avoid-memory-leak-in-tlsproxy.patch + + 56_05-examples-avoid-memory-leak-in-ex-verify.patch + * 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch + Ship missing image file. (Thanks, lintian) + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Mar 2021 14:01:16 +0100 + +gnutls28 (3.7.1-1) unstable; urgency=medium + + * New upstream version + Fixes potential use-after-free in sending "key_share" and "pre_shared_key" + extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 10 Mar 2021 19:02:31 +0100 + +gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium + + * Fix autopkgtest skiplist. + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Mar 2021 16:26:05 +0100 + +gnutls28 (3.7.0+git20210306-1) experimental; urgency=low + + * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa + + Drop cherry-picked patches {48,49,50}_*. + + Update copyright file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Mar 2021 08:28:52 +0100 + +gnutls28 (3.7.0-7) unstable; urgency=medium + + * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch + 50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch + 50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream + master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl. + (Thanks to Tim Kosse for the pointer) Closes: #980119 + + -- Andreas Metzler <ametzler@debian.org> Fri, 12 Feb 2021 19:03:16 +0100 + +gnutls28 (3.7.0-6) unstable; urgency=medium + + * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch + with merged version from upstream GIT master. Features a fix for an assert + on connection to servers which send a duplicate chain including the + self-signed CA. Closes: #980513 + + -- Andreas Metzler <ametzler@debian.org> Mon, 08 Feb 2021 18:04:21 +0100 + +gnutls28 (3.7.0-5) unstable; urgency=low + + * Update from upstream GIT master, replace patches, add new ones. + + 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added. + + 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch + --> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch + + 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch + --> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch + Closes: #977552 + + 45_opensslcompat_no_export_gl.diff + --> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch. + + 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 31 Dec 2020 13:11:15 +0100 + +gnutls28 (3.7.0-4) experimental; urgency=medium + + * Test build of fixes from + https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and + https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and + #977552. + + -- Andreas Metzler <ametzler@debian.org> Tue, 29 Dec 2020 07:52:38 +0100 + +gnutls28 (3.7.0-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 07 Dec 2020 18:44:34 +0100 + +gnutls28 (3.7.0-2) experimental; urgency=low + + * Fix guile-gnutls guile-x.x dependency. + * 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols. + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Dec 2020 18:22:34 +0100 + +gnutls28 (3.7.0-1) experimental; urgency=low + + * New upstream version. + + Drop 50_autopkgtestfixes.diff. + + Update symbol file, bump all requirements to 3.7.0. (New mac/cipher + added). + + Requires nettle >= 3.6. + * [lintian] Use v4 watch file. + * Add a symbol file for libgnutls-openssl27. + * Use dh v13 compat, (Some fixes for dh_missing.) + + -- Andreas Metzler <ametzler@debian.org> Thu, 03 Dec 2020 18:40:03 +0100 + +gnutls28 (3.6.15-4) unstable; urgency=medium + + * autopkgtest: Require build-essential. + * autopkgtest: respect dpkg-buildflags for helper-binary build. + + -- Andreas Metzler <ametzler@debian.org> Wed, 16 Sep 2020 18:45:09 +0200 + +gnutls28 (3.6.15-3) unstable; urgency=medium + + * More autopkgtest hotfixes. + + -- Andreas Metzler <ametzler@debian.org> Tue, 15 Sep 2020 17:56:30 +0200 + +gnutls28 (3.6.15-2) unstable; urgency=medium + + * 50_autopkgtestfixes.diff: Fix testsuite issues when running against + installed gnutls-bin. + * In autopkgtest set top_builddir and builddir, ignore + tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Sep 2020 17:56:48 +0200 + +gnutls28 (3.6.15-1) unstable; urgency=low + + * New upstream version. + + Fixes NULL pointer dereference if a no_renegotiation alert is sent with + unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04 + Closes: #969547 + + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch + 50_03-gnutls_cipher_init-fix-potential-memleak.patch + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + + Fix build error due to outdated gettext in Debian by removing newer + gettext m4 macros from m4/. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Sep 2020 09:50:07 +0200 + +gnutls28 (3.6.14-2) unstable; urgency=medium + + * Pull selected patches from upstream GIT: + + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch: + Fixes difference in generated docs on 32 and 64 bit archs. + + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch + 50_03-gnutls_cipher_init-fix-potential-memleak.patch + Fix memleak in gnutls_aead_cipher_init() with keys having invalid + length. (Broken since 3.6.3) + + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + Closes: #962467 + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2020 11:27:34 +0200 + +gnutls28 (3.6.14-1) unstable; urgency=high + + * Drop debugging code added in -4, fixes nocheck profile build error. + Closes: #962199 + * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to + debian/upstream/signing-key.asc. + * New upstream version. + + Fixes insecure session ticket key construction. + [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289 + + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch + 51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch + 51_02-x509-trigger-fallback-verification-path-when-cert-is.patch + 51_03-tests-add-test-case-for-certificate-chain-supersedin.patch + * Drop guile-gnutls.lintian-overrides. + * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass + AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without + IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!) + Hopefully Closes: #962218 + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Jun 2020 14:11:30 +0200 + +gnutls28 (3.6.13-4) unstable; urgency=medium + + * Output some network related debugging from debian/rules. + * Fix verification error with alternate chains. Closes: #961889 + + -- Andreas Metzler <ametzler@debian.org> Mon, 01 Jun 2020 10:34:25 +0200 + +gnutls28 (3.6.13-3) unstable; urgency=medium + + * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS + master: Handle zero length session tickets, fixing connection errors on + TLS1.2 sessions to some big hosting providers. (See LP 1876286) + + -- Andreas Metzler <ametzler@debian.org> Thu, 28 May 2020 18:25:45 +0200 + +gnutls28 (3.6.13-2) unstable; urgency=high + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 03 Apr 2020 17:48:40 +0200 + +gnutls28 (3.6.13-1) experimental; urgency=low + + * New upstream version. + + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 + support), since 3.6.3. The DTLS client would not contribute any + randomness to the DTLS negotiation, breaking the security + guarantees of the DTLS protocol + GNUTLS-SA-2020-03-31 CVE-2020-11501 Closes: #955556 + * Fix guile lintian override for shared-lib-without-dependency-information. + + -- Andreas Metzler <ametzler@debian.org> Thu, 02 Apr 2020 18:31:26 +0200 + +gnutls28 (3.6.12-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 14 Feb 2020 16:14:28 +0100 + +gnutls28 (3.6.12-1) experimental; urgency=low + + [ Debian Janitor ] + * Drop unnecessary dh arguments: --parallel + + [ Andreas Metzler ] + * Fix bindtextdomain() call and dgettext() invocations to search for the + correct filename. (Thanks, Laurent Bigonville for report and diagnosis.) + Closes: #949151 + * [lintian] Drop superfluous debian/source/include-binaries. + * New upstream version. + + Update symbol file. + + Drop workaround for #658110, install guile shared objects to multi-arch + paths. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Feb 2020 17:45:13 +0100 + +gnutls28 (3.6.11.1-2) unstable; urgency=low + + * Use dh 12 compat level. + + Install gtk-doc files from as-installed location instead of builddir to + avoid dh_missing warnings. + * List *.la files in debian/not-installed. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Dec 2019 18:07:49 +0100 + +gnutls28 (3.6.11.1-1) experimental; urgency=low + + * New upstream version. + Drop 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch + 50_02-guile-Silence-auto-compilation-warning-for-guild.patch + * Update symbol file (VKO GOST key exchange supported was added). + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Dec 2019 07:49:26 +0100 + +gnutls28 (3.6.10-5) unstable; urgency=medium + + * 50_01-guile-Do-not-attempt-to-load-shared-object-when-cros.patch + 50_02-guile-Silence-auto-compilation-warning-for-guild.patch from upstream + GIT master: Fix crossbuild error. (Thanks, Ludovic Courtès!) + Closes: #943905 + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 Nov 2019 18:41:44 +0100 + +gnutls28 (3.6.10-4) unstable; urgency=medium + + * Add support for noguile build profile. See #943905. + + -- Andreas Metzler <ametzler@debian.org> Sat, 02 Nov 2019 06:30:43 +0100 + +gnutls28 (3.6.10-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 30 Oct 2019 19:23:36 +0100 + +gnutls28 (3.6.10-2) experimental; urgency=medium + + * Switch b-d from texlive-generic-recommended to texlive-plain-generic. + Closes: #941526 + + -- Andreas Metzler <ametzler@debian.org> Wed, 02 Oct 2019 19:46:25 +0200 + +gnutls28 (3.6.10-1) experimental; urgency=low + + * New upstream version. + + Drop i386-fix-wrong-reloc.patch and + 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch. + + Update symbol files. + + Update copyright. Stop shipping a copy of the GNU Affero General Public + License version 3. (pkcs11-mock.* is now under a different license.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 29 Sep 2019 18:39:12 +0200 + +gnutls28 (3.6.9-7) experimental; urgency=low + + * Fix copy-paste error (missing line) in libgnutls-dane0 description. + * Re-add guile-gnutls, test-build (including testsuite) was successful. + Closes: #905272 + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Sep 2019 17:29:57 +0200 + +gnutls28 (3.6.9-6) experimental; urgency=low + + * Test-build guile bindings. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Sep 2019 17:34:01 +0200 + +gnutls28 (3.6.9-5) unstable; urgency=medium + + * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream + GIT master: Fix interop problems with gnutls 2.x. Closes: #933538 + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Sep 2019 13:38:41 +0200 + +gnutls28 (3.6.9-4) unstable; urgency=medium + + * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken + assembly code. (Thanks, Steve Langasek for report and patch!) + Closes: #934193 + + -- Andreas Metzler <ametzler@debian.org> Thu, 08 Aug 2019 19:40:21 +0200 + +gnutls28 (3.6.9-3) unstable; urgency=medium + + * autopkgtest: Skip system-override-sig-hash.sh. + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Aug 2019 06:48:46 +0200 + +gnutls28 (3.6.9-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 02 Aug 2019 19:12:42 +0200 + +gnutls28 (3.6.9-1) experimental; urgency=low + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sat, 27 Jul 2019 16:29:55 +0200 + +gnutls28 (3.6.8-2) unstable; urgency=low + + * Use DH 11 compat again. + * 3.6.8 builds with gcc-9. Closes: #925701 + * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian + Andres Klode) Closes: #930541 + See also https://gitlab.com/gnutls/gnutls/merge_requests/986 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Jul 2019 14:10:29 +0200 + +gnutls28 (3.6.8-1) experimental; urgency=low + + * New upstream version. + + Rebuild gnutls.pdf, add b-d on texlive-generic-recommended, + texlive-latex-base. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 May 2019 18:20:43 +0200 + +gnutls28 (3.6.7-4) unstable; urgency=medium + + * Cherry-pick important bug-fixes from 3.6.8: + + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch + The gnutls_srp_set_server_credentials_function can be used with the 8192 + parameters as well. + https://gitlab.com/gnutls/gnutls/issues/761 + + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch + Fix calculation of Streebog digests (incorrect carry operation in + 512 bit addition). + + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch + Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client. + Closes: #929907 + + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch + Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain + crafting via IDNA conversion. + https://gitlab.com/gnutls/gnutls/issues/720 + + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch + Fixed bug preventing the use of gnutls_pubkey_verify_data2() and + gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN + flag. + https://gitlab.com/gnutls/gnutls/issues/754 + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Jun 2019 19:21:23 +0200 + +gnutls28 (3.6.7-3) unstable; urgency=medium + + * Revert debhelper upgrade, use DH 10. + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 May 2019 10:48:52 +0200 + +gnutls28 (3.6.7-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 28 Mar 2019 15:09:02 +0100 + +gnutls28 (3.6.7-1) experimental; urgency=medium + + * New upstream version. + + Update AUTHOR list in copyright file. + + Update symbol file. + + Fixes issue preventing sending and receiving from different + threads when false start was enabled. Closes: #922879 + + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477 + + Fixes a memory corruption (double free) vulnerability in the + certificate verification API. + https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 + GNUTLS-SA-2019-03-27 + + Fixes an invalid pointer access via malformed TLS1.3 async messages; + https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836 + GNUTLS-SA-2019-03-27 + + -- Andreas Metzler <ametzler@debian.org> Thu, 28 Mar 2019 07:44:36 +0100 + +gnutls28 (3.6.6-3) unstable; urgency=low + + * Add @ to autopkgtest's Depends. + * Use DH 11 compat. + + -- Andreas Metzler <ametzler@debian.org> Sat, 09 Mar 2019 13:44:49 +0100 + +gnutls28 (3.6.6-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Jan 2019 17:57:52 +0100 + +gnutls28 (3.6.6-1) experimental; urgency=low + + * New upstream version. + + Fixes certtool.1 syntax. Closes: #920215 + + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff. + + Update symbol file for released version. + + -- Andreas Metzler <ametzler@debian.org> Fri, 25 Jan 2019 19:18:53 +0100 + +gnutls28 (3.6.5+git20190105-1) experimental; urgency=low + + * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6. + + Update symbol and copyright file. + * Delete autogen stamp-files on clean to enforce regeneration. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Jan 2019 13:19:00 +0100 + +gnutls28 (3.6.5-2) unstable; urgency=low + + * Upload to unstable. + * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1. + + -- Andreas Metzler <ametzler@debian.org> Sun, 16 Dec 2018 13:56:19 +0100 + +gnutls28 (3.6.5-1) experimental; urgency=medium + + * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments. + * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is + now in oldstable. + * New upstream version. + + Requires nettle >= 3.4.1(rc). + + List newly added symbols in symbol file. Bump generated dependencies to + >= 3.6.5 since multiple enums have been extended. + + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835 + * [lintian] Drop dh_strip override, stable has automatic debug packages. + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Dec 2018 19:11:28 +0100 + +gnutls28 (3.6.4-2) experimental; urgency=medium + + * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2018 07:05:20 +0200 + +gnutls28 (3.6.4-1) experimental; urgency=medium + + * New upstream version. + * Update symbol file. + * Drop --enable-tls13-support configure option. + + -- Andreas Metzler <ametzler@debian.org> Thu, 27 Sep 2018 19:26:00 +0200 + +gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium + + * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback + detection for the draft-tls support, because it will be triggered once + TLS versions with the final numbering are deployed. (Thanks, Nikos!) + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2018 11:17:10 +0200 + +gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium + + * Set Rules-Requires-Root: no. + * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41. + + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Wed, 15 Aug 2018 13:18:59 +0200 + +gnutls28 (3.6.3-2) experimental; urgency=medium + + * Update basic feature list in package descriptions, based on short + description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3 + added.) Closes: #904681 + * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes + cherrypicked by Nikos for Fedora rawhide. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Jul 2018 13:14:33 +0200 + +gnutls28 (3.6.3-1) experimental; urgency=medium + + * New upstream version. + * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Jul 2018 16:29:45 +0200 + +gnutls28 (3.6.2+git20180714-1) experimental; urgency=low + + * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94. + + SSL 3.0 disabled by default at compile-time. + * Bump symbol dependency info. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Jul 2018 13:20:23 +0200 + +gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium + + * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e. + * Drop 40_add_missingm4.diff. + * Bump symbol dependency info. + * For testing build with --enable-tls13-support. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Jul 2018 14:48:54 +0200 + +gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium + + * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS. + + -- Andreas Metzler <ametzler@debian.org> Sun, 01 Jul 2018 10:58:54 +0200 + +gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium + + * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762. + * Drop superfluous patches: + + 40_increase_srp_test_timeout.diff + + 50_mark_tests_xfail.diff + + 52_fix_testcompat-main-openssl.diff + * Add new functions to symbol file. + * Many enums/flags extended, be conservative and bump sympol dependency + info. + * Bump libgnutlsxx28 shlibs. + * Bump (b-)d on nettle-dev and libp11-kit-dev. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2018 19:44:43 +0200 + +gnutls28 (3.6.2-3) experimental; urgency=low + + * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix + FTBFS with softhsm 2.4.0. + * [lintian] Delete trailing empty lines in changelog. + * 52_fix_testcompat-main-openssl.diff: Allow running test successfully + and against binaries from installed gnutls-bin package. + * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et + al) of the upstream testsuite. + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2018 17:42:17 +0200 + +gnutls28 (3.6.2-2) experimental; urgency=low + + * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test + The new srp-8192 test failed on slow archs (mips/mipsel). + * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and + build-depends-on-1-revision. + * Point Vcs-* to salsa. + * Sort Build-Depends alphabetically. + + -- Andreas Metzler <ametzler@debian.org> Sun, 18 Feb 2018 13:42:07 +0100 + +gnutls28 (3.6.2-1) experimental; urgency=low + + * (Build-)depend on libidn2-dev instead of transitional package + libidn2-0-dev. Closes: #883187 + * Point homepage field and watchfile to https URL. + * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to + debian/upstream/signing-key.asc (and stop uscan from doing so on every + invocation). + * Refresh upstream key, adding signing subkey + A812CBFDFCDC4D0BE7A093129D5EAAF69013B842. + * New upstream version. + + When verifying against a self signed certificate ignore issuer. That + is, ignore issuer when checking the issuer's parameters strength, + resolving issue #347 which caused self signed certificates to be + additionally marked as of insufficient security level. + Closes: #885127 + + Bump shlibs/symbol files for newly added symbols. + * [lintian] Clean up trailing whitespace in debian/changelog. + * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard + -> optional). + * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from + build-depends. Stop specifying --parallel --with autoreconf. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Feb 2018 10:56:47 +0100 + +gnutls28 (3.6.1-1) experimental; urgency=medium + + * New upstream version. + + Drop 35_modernize_gtkdoc.diff. + + Fixes interoperability issue with openssl when safe renegotiation was + used. Closes: #873055 + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Oct 2017 17:32:15 +0200 + +gnutls28 (3.6.0-2) experimental; urgency=medium + + * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc + support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am + from gtk-doc git head (that is 1.26 + + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. + Closes: #876587 + + -- Andreas Metzler <ametzler@debian.org> Sun, 01 Oct 2017 18:04:16 +0200 + +gnutls28 (3.6.0-1) experimental; urgency=low + + * New upstream version. + + Multiple enums listing function flags have been extended, new + algorithms have been added. Bump dependency info on all symbols in + main GnuTLS library to >= 3.6.0, to make sure the versioning is + strict enough. + + Drop (build-)dependency on zlib1g-dev. + + Update copyright info. + + Calls to gnutls_record_send() and gnutls_record_recv() + prior to handshake being complete are now refused. Closes: #849807 + * Drop --without-lzo from ./configure, it has been a noop for a long time. + * Build in private directory, using "dh --builddirectory=b4deb". + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Aug 2017 17:26:25 +0200 + +gnutls28 (3.5.19-1) unstable; urgency=low + + * New upstream version. + + Drop 35_modernize_gtkdoc.diff. + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Jul 2018 14:07:09 +0200 + +gnutls28 (3.5.18-1) unstable; urgency=medium + + * New upstream version. + * Refresh upstream key, adding new signing subkey. Move to ascii armored + keyring. + + -- Andreas Metzler <ametzler@debian.org> Fri, 16 Feb 2018 18:39:11 +0100 + +gnutls28 (3.5.17-1) unstable; urgency=low + + * New upstream version. + + When verifying against a self signed certificate ignore issuer. That + is, ignore issuer when checking the issuer's parameters strength, + resolving issue #347 which caused self signed certificates to be + additionally marked as of insufficient security level. + Closes: #885127 + + -- Andreas Metzler <ametzler@debian.org> Wed, 17 Jan 2018 19:13:49 +0100 + +gnutls28 (3.5.16-1) unstable; urgency=medium + + * New upstream version. + + Fixes interoperability issue with openssl when safe renegotiation was + used. Closes: #873055 + * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc + support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am + from gtk-doc git head (that is 1.26 + + c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check. + Closes: #876587 + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Oct 2017 13:57:48 +0200 + +gnutls28 (3.5.15-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 23 Aug 2017 18:56:34 +0200 + +gnutls28 (3.5.15-1) experimental; urgency=medium + + * New upstream version. Drop unneeded patches. + (31_arm64ilp32-unaccelerated.patch + 35_record-added-sanity-checking-in-the-record-layer-ver.patch + 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch) + + -- Andreas Metzler <ametzler@debian.org> Mon, 21 Aug 2017 19:27:13 +0200 + +gnutls28 (3.5.14-3) unstable; urgency=low + + * 35_record-added-sanity-checking-in-the-record-layer-ver.patch from + upstream gnutls_3_5_x branch: Prevent crash on calling gnutls_bye() on an + already terminated or deinitialized session. Closes: #867303 + * 36_parse_pem_cert_mem-fixed-issue-resulting-to-accessin.patch from + upstream gnutls_3_5_x branch: parse_pem_cert_mem: fixed issue resulting + to accessing past the input data. + * 31_arm64ilp32-unaccelerated.patch by Wookey: Disable assembly + code on arm64ilp32 to fix FTBFS. Closes: #872454 + * Use /usr/share/dpkg/pkg-info.mk instead of dpkg-parsechangelog, except for + the compatibility code for setting SOURCE_DATE_EPOCH with dpkg << 1.18.8. + * Standards-Version 4.0.1, update priorities (extra->optional). + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Aug 2017 18:47:38 +0200 + +gnutls28 (3.5.14-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jul 2017 18:34:43 +0200 + +gnutls28 (3.5.14-1) experimental; urgency=low + + [ Dan Nicholson ] + * Build with --disable-rpath. Closes: #865674 + + [ Andreas Metzler ] + * New upstream version. + * Build against external libunistring. + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Jul 2017 19:31:06 +0200 + +gnutls28 (3.5.13-2) unstable; urgency=medium + + * Upload to unstable, merge changelogs. + + -- Andreas Metzler <ametzler@debian.org> Thu, 22 Jun 2017 18:18:19 +0200 + +gnutls28 (3.5.13-1) experimental; urgency=low + + * New upstream version. + + Drop 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch. + + Fixes GNUTLS-SA-2017-4/CVE-2017-7507 - Crash due to a null pointer + dereference. #864560 + + -- Andreas Metzler <ametzler@debian.org> Fri, 09 Jun 2017 18:53:39 +0200 + +gnutls28 (3.5.12-2) experimental; urgency=medium + + * 35_test-corrected-typo-preventing-the-run-of-openpgp-te.patch: Correct + typo preventing the run of openpgp test. + * Stop disabling heartbeat support. Closes: #861193 + + -- Andreas Metzler <ametzler@debian.org> Sun, 14 May 2017 11:34:32 +0200 + +gnutls28 (3.5.12-1) experimental; urgency=medium + + * New upstream version. + * Bump dep info on gnutls_session_ext_register. + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 May 2017 19:14:52 +0200 + +gnutls28 (3.5.11-1) experimental; urgency=medium + + * New upstream version. + * gnutls.pc: do not include libtool options into Libs.private. + Closes: #857943 + * gnutls.pc does not refer to e.g. zlib in *both* Requires.private and + Libs.private. (LP: #1660915) + * OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, + which includes TLS1.2 support. Closes: #857436 + * Add b-d on ca-certificates, needed for trust-store check. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Apr 2017 14:51:31 +0200 + +gnutls28 (3.5.10-1) experimental; urgency=medium + + * New upstream version. + + gnutls.pc: do not include libidn2 in Requires.private. Closes: #855888 + + Includes fixes for GNUTLS-SA-2017-3[ABC]. + + Bump info for gnutls_store_commitment, gnutls_ocsp_resp_verify_direct + and gnutls_ocsp_resp_verify which now accept (more) flags. + + -- Andreas Metzler <ametzler@debian.org> Thu, 09 Mar 2017 18:37:48 +0100 + +gnutls28 (3.5.9-1) experimental; urgency=medium + + * New upstream version. + + Drop debian/patches/35_0*. + + Update symbol file, adding gnutls_idna_map and gnutls_idna_reverse_map. + * Build with IDNA 2008 support, b-d on libidn2-0-dev instead of + libidn11-dev. + + -- Andreas Metzler <ametzler@debian.org> Sun, 12 Feb 2017 19:37:32 +0100 + +gnutls28 (3.5.8-6) unstable; urgency=high + + * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving + well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507 + Closes: #864560 + + -- Andreas Metzler <ametzler@debian.org> Sun, 11 Jun 2017 10:44:33 +0200 + +gnutls28 (3.5.8-5) unstable; urgency=medium + + * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo + in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch. + * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch: + Addressed large allocation in OpenPGP certificate parsing, that could lead + in out-of-memory condition. Issue found using oss-fuzz project, and was + fixed by Alex Gaynor. + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 + [GNUTLS-SA-2017-3C] + + -- Andreas Metzler <ametzler@debian.org> Tue, 07 Mar 2017 19:07:31 +0100 + +gnutls28 (3.5.8-4) unstable; urgency=medium + + * More upstream fixes from gnutls_3_5_x branch: + + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer + overflow resulting to invalid memory write in OpenPGP certificate + parsing. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + [GNUTLS-SA-2017-3A] + + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of + 1 byte past the end of buffer in OpenPGP certificate parsing. Issue + found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch + Addressed crashes in OpenPGP certificate parsing, related to private key + parser. No longer allow OpenPGP certificates (public keys) to contain + private key sub-packets. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + [GNUTLS-SA-2017-3B] + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Mar 2017 16:23:15 +0100 + +gnutls28 (3.5.8-3) unstable; urgency=high + + * Another two bugfixes from upstream. + + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch + Address test suite failure due to timezone differences. + Closes: #853732 + + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch + When returning success, but no elements + gnutls_pkcs11_obj_list_import_url4 could have returned zero number of + elements with a pointer that was uninitialized. + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2017 12:58:45 +0100 + +gnutls28 (3.5.8-2) unstable; urgency=medium + + * Pull two fixes from upstream GIT gnutls_3_5_x branch + 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch + 35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Jan 2017 15:32:40 +0100 + +gnutls28 (3.5.8-1) unstable; urgency=medium + + * New upstream release. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 09 Jan 2017 18:50:17 +0100 + +gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium + + * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from + upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding + tests/key-tests/key-invalid.) + + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch + 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch + + libgnutls: Fix double free in certificate information printing. If the + PKIX extension proxy was set with a policy language set but no policy + specified, that could lead to a double free. GNUTLS-SA-2017-1 + CVE-2017-5334 + + libgnutls: Addressed invalid memory accesses in OpenPGP certificate + parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2 + CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337 + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Jan 2017 15:54:37 +0100 + +gnutls28 (3.5.7-3) unstable; urgency=medium + + * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch, + 35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from + upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned + by PKCS#8 decryption functions when an invalid key is provided. This + addresses regression on decrypting certain PKCS#8 keys. + Closes: #848905 + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Dec 2016 18:47:13 +0100 + +gnutls28 (3.5.7-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Fri, 09 Dec 2016 18:10:53 +0100 + +gnutls28 (3.5.7-1) experimental; urgency=low + + * New upstream version. + * Drop unneeded patches. + 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch + 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch + 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch + 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch + 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch + 41_04_cleanups-in-_gnutls_buffer_to_datum.patch + 41_05_x509-output-use-the-new-functions-for-DN-output.patch + 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch + 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch + * Add missing dependency of libgnutls28-dev on libgnutls-dane0. + * Update symbol file. (Add new symbols, bump dependency on functions that + might return new error codes.) + * Build with --with-included-unistring, Debian's libunistring package is + too old (non dual-licensed). + + -- Andreas Metzler <ametzler@debian.org> Thu, 08 Dec 2016 14:03:16 +0100 + +gnutls28 (3.5.6-7) unstable; urgency=low + + * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest + for dns-root-data to libgnutls-dane0. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Nov 2016 19:42:02 +0100 + +gnutls28 (3.5.6-6) experimental; urgency=medium + + * Pull a patch set from upstream GIT which reverts the DN sorting change in + 3.5.6 and adds new functions to provide a RFC4514 compliant sorting. + Closes: #844539 + 41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch + 41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch + 41_03_certtool-use-the-new-APIs-for-DN-extraction.patch + 41_04_cleanups-in-_gnutls_buffer_to_datum.patch + 41_05_x509-output-use-the-new-functions-for-DN-output.patch + 41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch + 41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch + * Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Nov 2016 19:15:20 +0100 + +gnutls28 (3.5.6-5) experimental; urgency=low + + * Merge changes from unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 19:09:55 +0100 + +gnutls28 (3.5.6-4) unstable; urgency=medium + + * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch + 40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from + upstream git master. The latter fixes a gnutls-cli-debug segfault. + Closes: #844061 + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 18:40:05 +0100 + +gnutls28 (3.5.6-3) experimental; urgency=low + + * Package libgnutls-dane, as libunbound is now built against nettle instead + of OpenSSL. Closes: #733295 + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 Nov 2016 14:02:00 +0100 + +gnutls28 (3.5.6-2) unstable; urgency=low + + * Upload to unstable. + * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are + longer than 32-bits. (Upstream GIT commit + fcdb461e935dbdc0892241a35be7499116f22a67). + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Nov 2016 18:28:02 +0100 + +gnutls28 (3.5.6-1) experimental; urgency=low + + * New upstream version. + + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff + 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch). + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Tue, 08 Nov 2016 19:31:31 +0100 + +gnutls28 (3.5.5-6) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 31 Oct 2016 19:00:47 +0100 + +gnutls28 (3.5.5-5) experimental; urgency=medium + + * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from + https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility + issue with GnuTLS 3.3 clients. Closes: #841723 + * Bump symbol dependency info for multiple + gnutls_certificate_(set|get)_*_key* functions. If + %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a + non-negative return code on success instead of 0 for success and negative + numbers for failure. + * Add b-d on openssl (for testsuite). + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Oct 2016 18:03:49 +0200 + +gnutls28 (3.5.5-4) unstable; urgency=medium + + * Upload to unstable. + * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch. + + -- Andreas Metzler <ametzler@debian.org> Tue, 25 Oct 2016 19:19:25 +0200 + +gnutls28 (3.5.5-3) experimental; urgency=medium + + * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced + in 3.5.5. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2016 15:51:58 +0200 + +gnutls28 (3.5.5-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2016 13:49:51 +0200 + +gnutls28 (3.5.5-1) experimental; urgency=medium + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Tue, 11 Oct 2016 19:19:42 +0200 + +gnutls28 (3.5.4-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 11 Sep 2016 13:14:49 +0200 + +gnutls28 (3.5.4-1) experimental; urgency=medium + + * New upstream version. + + Drop superfluous patches: + 35_gnutls-cli-print-Handshake-was-completed.patch + 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch + 37_openssl-format-fix-from-openconnect.patch + 39_ocsptool-corrected-bug-in-session-establishment.patch + 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch + 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch + 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch + 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch + 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch + + Update symbol file. + * Add b-d on softhsm2 for pkcs11 tests. + + -- Andreas Metzler <ametzler@debian.org> Sat, 10 Sep 2016 14:45:06 +0200 + +gnutls28 (3.5.3-5) experimental; urgency=medium + + * Pull DTLS fixes from upstream GIT master. + 45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch + 45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch + 45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch + 45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch + Closes: #835587 + + -- Andreas Metzler <ametzler@debian.org> Wed, 07 Sep 2016 19:56:58 +0200 + +gnutls28 (3.5.3-4) unstable; urgency=high + + * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of + ocsptool --ask ... Closes: #836371 + * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP + certificate check doesn't actually verify the serial length and might + succeed when it shouldn't. CVE-2016-7444 + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Sep 2016 14:00:22 +0200 + +gnutls28 (3.5.3-3) unstable; urgency=medium + + * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake + was completed', fixing emacs' lisp/net/tls.el. Closes: #834516 + * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch + gnutls-cli STARTTLS support was broken in 3.5.3. + * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of + OpenSSL encrypted PEM files. + + -- Andreas Metzler <ametzler@debian.org> Wed, 24 Aug 2016 19:27:04 +0200 + +gnutls28 (3.5.3-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 15 Aug 2016 13:06:28 +0200 + +gnutls28 (3.5.3-1) experimental; urgency=medium + + * New upstream version. + + Update libgnutls30.symbols. + + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to + apply it in the previous upload anyway.) + + Add b-d on libcmocka-dev (marked with <!nocheck>). + + -- Andreas Metzler <ametzler@debian.org> Wed, 10 Aug 2016 19:14:22 +0200 + +gnutls28 (3.5.2-3) experimental; urgency=medium + + * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch + from upstream GIT, which should allow gnutls continue to work with + CVE-2016-6489-patched nettle. + + -- Andreas Metzler <ametzler@debian.org> Mon, 08 Aug 2016 19:41:41 +0200 + +gnutls28 (3.5.2-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 27 Jul 2016 19:05:04 +0200 + +gnutls28 (3.5.2-1) experimental; urgency=low + + * New upstream version. + * Add libssl-dev b-d (marked with <!nocheck>), which can be used in + testsuite. + + -- Andreas Metzler <ametzler@debian.org> Sun, 10 Jul 2016 06:51:39 +0200 + +gnutls28 (3.5.1-1) experimental; urgency=medium + + * Merge from unstable: + + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should + have been dropped with the soname bump from libgnutls-deb0-28 to + libgnutls30 in the first place. (Thanks, Andreas Beckmann) + Closes: #825645 + + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via + the <!nocheck> profile. + * New upstream version. + + Drop 40_openssl_compat-removed-unneeded-headers.patch. + + Install README.md instead of README. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Jun 2016 17:34:44 +0200 + +gnutls28 (3.5.0-1) experimental; urgency=medium + + * New upstream release. + + Drop unneeded patches: + 40_src-added-systemkey-args-to-BUILT_SOURCES.patch + 45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch + 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch + 45_03_configure-corrected-regression-which-prevented-the-b.patch + 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch + * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT + to fix FTBFS in openssl wrapper. + * crywrap is not shipped with GnuTLS anymore. + * Update copyright info, ship copy of the GNU Affero General Public + License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of + the testsuite use this license. + * Update symbol file: + + Add new functions. + + Multiple core enums (including gnutls_init_flags_t) have been extended, + and most gnutls users will invoke at least one function affected by + this change. Bump symbol dependency info to >= 3.5.0 for all symbols, + because we would end up with this dependency anyway. + + -- Andreas Metzler <ametzler@debian.org> Tue, 17 May 2016 19:17:13 +0200 + +gnutls28 (3.4.14-1) unstable; urgency=medium + + * Also mark b-d on net-tools/freebsd-net-tools as optional via the + <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and + patch). Closes: #826693 + * New upstream bugfix release. This includes the following fix: + + libgnutls: Address issue when utilizing the p11-kit trust store + for certificate verification (GNUTLS-SA-2016-2). + The issue is not relevant for the Debian binary packages, since we do not + build with --with-default-trust-store-pkcs11=. + + + -- Andreas Metzler <ametzler@debian.org> Sat, 09 Jul 2016 14:01:05 +0200 + +gnutls28 (3.4.13-1) unstable; urgency=high + + * New upstream bugfix release. + + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was + introduced in 3.4.12. + + Testsuite requires netstat, add b-d. + + -- Andreas Metzler <ametzler@debian.org> Mon, 06 Jun 2016 20:05:42 +0200 + +gnutls28 (3.4.12-2) unstable; urgency=medium + + * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should + have been dropped with the soname bump from libgnutls-deb0-28 to + libgnutls30 in the first place. (Thanks, Andreas Beckmann) + Closes: #825645 + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 May 2016 16:13:39 +0200 + +gnutls28 (3.4.12-1) unstable; urgency=medium + + * New upstream version. + + Drop superfluous patches. + (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch + 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch + 45_03_configure-corrected-regression-which-prevented-the-b.patch + 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) + + Update copyright info, ship copy of the GNU Affero General Public + License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files + of the testsuite use this license. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 May 2016 08:15:15 +0200 + +gnutls28 (3.4.11-4) unstable; urgency=medium + + * Drop guile-gnutls package, testsuite errors have stayed unfixed too long. + Closes: #821457, #805863 + + -- Andreas Metzler <ametzler@debian.org> Tue, 26 Apr 2016 18:45:45 +0200 + +gnutls28 (3.4.11-3) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 17 Apr 2016 12:54:35 +0200 + +gnutls28 (3.4.11-2) experimental; urgency=medium + + * Pull post-release fixes from upstream gnutls_3_4_x branch. + (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch + 45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch + 45_03_configure-corrected-regression-which-prevented-the-b.patch + 45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch) + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 Apr 2016 11:59:38 +0200 + +gnutls28 (3.4.11-1) experimental; urgency=medium + + * New upstream version. + + Drop superfluous patches. + (41_tests-mini-loss-time-ensure-client-timeouts.diff + 42_mini-loss-time-improved-timeout-detection.patch + 43_fix_cpucapoverride.diff) + * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is + not installed/built anymore. Update gnutls-doc file list. + * Enable hardening=+bindnow. + + -- Andreas Metzler <ametzler@debian.org> Tue, 12 Apr 2016 19:14:07 +0200 + +gnutls28 (3.4.10-4) unstable; urgency=medium + + * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix + GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is + unavailable. Closes: #818341 + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Mar 2016 19:41:22 +0100 + +gnutls28 (3.4.10-3) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Mon, 14 Mar 2016 18:29:53 +0100 + +gnutls28 (3.4.10-2) experimental; urgency=medium + + * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain) + * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch, + another try for Closes: #813598 + + -- Andreas Metzler <ametzler@debian.org> Mon, 07 Mar 2016 19:22:57 +0100 + +gnutls28 (3.4.10-1) experimental; urgency=medium + + * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT + master to fix FTBFS with parallel builds. Closes: #816148 + * New upstream version. + * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream + master branch to fix occasional testsuite error. Closes: #813598 + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 08:45:52 +0100 + +gnutls28 (3.4.9-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Feb 2016 15:18:46 +0100 + +gnutls28 (3.4.9-1) experimental; urgency=medium + + * New upstream version. + * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and + 36_Revert-tests-updated-to-account-for-cert-generation.patch. + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Feb 2016 15:57:24 +0100 + +gnutls28 (3.4.8-3) unstable; urgency=medium + + * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and + 36_Revert-tests-updated-to-account-for-cert-generation.patch + from upstream GIT. Closes: #813243 + + -- Andreas Metzler <ametzler@debian.org> Sun, 31 Jan 2016 17:28:05 +0100 + +gnutls28 (3.4.8-2) unstable; urgency=medium + + * Merge master branch into experimental. + + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. + + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. + This is a kludge and technically wrong, but will prevent partial + upgrades from stable. See: #788735 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Thu, 21 Jan 2016 15:45:49 +0100 + +gnutls28 (3.4.8-1) experimental; urgency=medium + + * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration + option was added to debhelper/unstable with version 9.20150628, bump + build-dependency accordingly. + * autoreconf requires automake 1.12.2, add build-dependency. + * New upstream version. + + Update symbol file. + * Move Vcs-* from git/http to https. + + -- Andreas Metzler <ametzler@debian.org> Fri, 08 Jan 2016 19:30:07 +0100 + +gnutls28 (3.4.7-1) experimental; urgency=medium + + * New upstream version. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Nov 2015 15:29:19 +0100 + +gnutls28 (3.4.6-1) experimental; urgency=medium + + * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and + later) to improve reproducibility of build. + * New upstream version. + + Update symbol file. + * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev + (>= 1.17.14). Both are required for build-profile support added in + previous upload. (Thanks, lintian.) + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Oct 2015 20:00:55 +0200 + +gnutls28 (3.4.5-1) experimental; urgency=medium + + [ Helmut Grohne ] + * Turn Build-Depends: datefudge optional via <!nocheck> profile. + Closes: #797544 + + [ Andreas Metzler ] + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2015 13:48:12 +0200 + +gnutls28 (3.4.4.1-1) experimental; urgency=medium + + * New upstream version. + + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, + bump dependency info for functions taking it as argument or returning it. + + Bump dependency info on private symbols. + + Update debian/copyright. + + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 + CVE-2015-6251 + + -- Andreas Metzler <ametzler@debian.org> Tue, 11 Aug 2015 20:12:46 +0200 + +gnutls28 (3.4.3-1) experimental; urgency=medium + + * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31. + * New upstream version. + + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum + gnutls_pkcs11_token_info_t. + + Add dependency info for new symbols, bump private symbol dependency. + + -- Andreas Metzler <ametzler@debian.org> Sun, 12 Jul 2015 20:01:09 +0200 + +gnutls28 (3.4.2-2) experimental; urgency=medium + + * Disable libidn support because CVE-2015-2059 is still not fixed. See + <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building + of crywrap. + + -- Andreas Metzler <ametzler@debian.org> Sun, 05 Jul 2015 14:18:06 +0200 + +gnutls28 (3.4.2-1) experimental; urgency=medium + + * New upstream version. + + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch. + + Update libgnutls30.symbols. (Add new fuctions, bump private symbol + version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.) + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jun 2015 08:45:14 +0200 + +gnutls28 (3.4.1-1) experimental; urgency=medium + + * New upstream version. + + Bump (build)-depends on nettle and p11-kit. + + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and + 55_nettle3.patch. + + Update 14_version_gettextcat.diff. + + Soname bump, library package renamed from libgnutls-deb0-28 to + libgnutls30. + + OpenSSL compat layer is not built by default anymore, pass + --enable-openssl-compatibility to ./configure. + + Update symbol file. + + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are + restricted to the corresponding protocols only, and the VERS-ALL + string is introduced to catch all possible protocols. Closes: #773145 + + Since the pkg-config file gnutls.pc now lists libidn in Requires.private + "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add + dependency on libidn11-dev to libgnutls28-dev. + * Fix typo in debian/rules + (s/-disable-silent-rules/--disable-silent-rules). + + -- Andreas Metzler <ametzler@debian.org> Fri, 05 Jun 2015 11:39:19 +0200 + +gnutls28 (3.3.20-1) unstable; urgency=medium + + * autoreconf requires automake 1.12.2, add build-dependency. + * New upstream version. + * Move Vcs-* from git/http to https. + + -- Andreas Metzler <ametzler@debian.org> Fri, 08 Jan 2016 18:57:41 +0100 + +gnutls28 (3.3.19-1) unstable; urgency=medium + + * New upstream version. + + Refresh 20_debian_specific_soname.diff. + + Update symbol file. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Nov 2015 17:48:27 +0100 + +gnutls28 (3.3.18-1) unstable; urgency=medium + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Wed, 30 Sep 2015 18:49:13 +0200 + +gnutls28 (3.3.17-1) unstable; urgency=medium + + * New upstream version. + + Drop superfluous patches. + (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch, + 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch, + 47_safe-renegotiation-simulate-receiving-the-extension-.patch) + + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags, + bump dependency info for functions taking it as argument or returning it. + + Bump dependency info on private symbols. + + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068 + CVE-2015-6251 + + -- Andreas Metzler <ametzler@debian.org> Mon, 10 Aug 2015 19:48:11 +0200 + +gnutls28 (3.3.16-2) unstable; urgency=medium + + * Refresh 40_no_more_ssl3.diff. + * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch + 46_safe-renegotiation-handle-case-where-client-didn-t-s.patch + 47_safe-renegotiation-simulate-receiving-the-extension-.patch + Pull three patches from upstream GIT to fix issue with server side sending + the status request extension even when not requested. + <http://article.gmane.org/gmane.network.gnutls.general/3929> + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Aug 2015 11:30:17 +0200 + +gnutls28 (3.3.16-1) unstable; urgency=medium + + * Limit watchfile to 3.3.x versions. + * New upstream version. + + Drop superfluous patches + (50_updated-sign-md5-rep-to-reduce-false-failures.patch, + 55_nettle3.patch, + 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch) + + Bump private symbol versioning. + + -- Andreas Metzler <ametzler@debian.org> Sun, 12 Jul 2015 19:00:04 +0200 + +gnutls28 (3.3.15-7) unstable; urgency=medium + + * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This + is a kludge and technically wrong, but will prevent partial upgrades from + stable. Closes: #788735 + * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4. + + -- Andreas Metzler <ametzler@debian.org> Tue, 16 Jun 2015 19:06:09 +0200 + +gnutls28 (3.3.15-6) unstable; urgency=high + + * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch + Closes: #788011 + + -- Andreas Metzler <ametzler@debian.org> Fri, 12 Jun 2015 19:10:33 +0200 + +gnutls28 (3.3.15-5) unstable; urgency=medium + + * Upload to unstable. + * Downgrade nettle-dev b-d to 2.7, this upload should build correctly + against both 2.7 and 3.x. + + -- Andreas Metzler <ametzler@debian.org> Tue, 02 Jun 2015 19:21:57 +0200 + +gnutls28 (3.3.15-4) experimental; urgency=medium + + * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it + allows compilation against both nettle 2.7 and 3.x. + * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev + and libtasn1-6-dev, the =${binary:Version} dependency of the development + packages on the respective library packages should make this superfluous. + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 May 2015 12:45:19 +0200 + +gnutls28 (3.3.15-3) experimental; urgency=medium + + * Add 55_nettle3.patch from + http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building + against nettle3. + + -- Andreas Metzler <ametzler@debian.org> Wed, 13 May 2015 19:20:07 +0200 + +gnutls28 (3.3.15-2) unstable; urgency=medium + + * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT, + fixing a testsuite error on kfreebsd-*. + + -- Andreas Metzler <ametzler@debian.org> Wed, 06 May 2015 19:06:03 +0200 + +gnutls28 (3.3.15-1) unstable; urgency=medium + + * New upstream stable release. + + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2]. + + -- Andreas Metzler <ametzler@debian.org> Mon, 04 May 2015 19:24:42 +0200 + +gnutls28 (3.3.14-3) experimental; urgency=medium + + * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch. + * (Build-)depend on nettle-dev >= 3.0. + + -- Andreas Metzler <ametzler@debian.org> Fri, 01 May 2015 11:49:04 +0200 + +gnutls28 (3.3.14-2) unstable; urgency=medium + + * Upload to unstable. + * Sync version of Depends and Build-Depends on libtasn1-6-dev. + + -- Andreas Metzler <ametzler@debian.org> Mon, 27 Apr 2015 09:27:50 +0200 + +gnutls28 (3.3.14-1) experimental; urgency=medium + + * New upstream version. + + Bump libtasn b-d to >= 4.3. + + -- Andreas Metzler <ametzler@debian.org> Tue, 31 Mar 2015 18:29:42 +0200 + +gnutls28 (3.3.13-1) experimental; urgency=medium + + * New upstream version. + + Includes fix for CVE-2015-0294, a certificate algorithm consistency + checking issue. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Feb 2015 08:27:10 +0100 + +gnutls28 (3.3.12-1) experimental; urgency=medium + + * New upstream version. + + gnutls-cli-debug STARTTLS is working. Closes: #467022 + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Jan 2015 12:42:06 +0100 + +gnutls28 (3.3.11-1) experimental; urgency=medium + + * New upstream version. + + Includes fix for OCSP response parsing issue. Closes: #772055 + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 Dec 2014 19:07:23 +0100 + +gnutls28 (3.3.10-2) experimental; urgency=medium + + * Remove SSL 3.0 from default priorities list. + Closes: #769904 + + -- Andreas Metzler <ametzler@debian.org> Wed, 19 Nov 2014 19:33:23 +0100 + +gnutls28 (3.3.10-1) experimental; urgency=medium + + * debian/rules: fix pattern for removal (and re-generation) of autogen-ed + manpages. + * New upstream version. + + Includes fix for a denial of service issue CVE-2014-8564 / + GNUTLS-SA-2014-5. + + When gnutls_global_init() is called for a second time, it will check + whether the /dev/urandom fd kept is still open and matches the original + one. That behavior works around issues with servers that close all file + descriptors. This should take care of #760476. + + -- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2014 19:29:30 +0100 + +gnutls28 (3.3.9-1) experimental; urgency=medium + + * New upstream version. + + Unfuzz 20_debian_specific_soname.diff. + + Drop 31_fallback_to_RUSAGE_SELF.diff. + + Bump private symbol dependency info. + + Bump dependency version of gnutls_certificate_get_issuer() and + gnutls_x509_trust_list_get_issuer() because of newly added + GNUTLS_TL_GET_COPY flag. + + -- Andreas Metzler <ametzler@debian.org> Mon, 13 Oct 2014 20:08:58 +0200 + +gnutls28 (3.3.8-7) unstable; urgency=medium + + * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff: + Pull two patches from upstream to a use-after-free flaw in + gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308 + Closes: #782776 + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Apr 2015 19:11:01 +0200 + +gnutls28 (3.3.8-6) unstable; urgency=medium + + * 39_check-whether-the-two-signatur.patch: Pull and unfuzz + 6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On + certificate import check whether the two signature algorithms match. + CVE-2015-0294. Closes: #779428 + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Feb 2015 14:17:21 +0100 + +gnutls28 (3.3.8-5) unstable; urgency=medium + + * Remove SSL 3.0 from default priorities list. + Closes: #769904 + + -- Andreas Metzler <ametzler@debian.org> Thu, 20 Nov 2014 19:25:20 +0100 + +gnutls28 (3.3.8-4) unstable; urgency=high + + * Drop 31_fallback_to_RUSAGE_SELF.diff. + * 35_recheck_urandom_fd.diff: When gnutls_global_init() is called manually + from the application check the urandom fd for validity. Closes: #768841 + and takes care of #760476. + * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on + session deinit. It is already being refreshed during the session lifetime. + * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63 + format, perform additional sanity checks on input. + CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154 + * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test + uses a cert in binary der-format which is not representable in a quilt + patches and we want to limit debian.tar.xz to modify stuff in debian/ we + have some special handling in debian/rules.) + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2014 19:31:07 +0100 + +gnutls28 (3.3.8-3) unstable; urgency=high + + [ Daniel Kahn Gillmor ] + * Add list of executables to gnutls-bin package description. + Closes: #763671 + + [ Andreas Metzler ] + * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails + try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos + Mavrogiannopoulos!) Closes: #760476 + + -- Andreas Metzler <ametzler@debian.org> Sat, 11 Oct 2014 16:16:00 +0200 + +gnutls28 (3.3.8-2) unstable; urgency=medium + + * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS + 3.3.8 requires libtasn1 >= 3.9. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2014 11:52:40 +0200 + +gnutls28 (3.3.8-1) experimental; urgency=medium + + * New upstream version. + + Refresh 20_debian_specific_soname.diff. + + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts + with old experimental upload 0.21.2-1 + + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of + some functions in the gnutls_pkcs11_* family due to new members in enums + gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private + symbol dependency info, and bump shlibs. + * Drop version from libgnutls28-dev's dependency on libp11-kit-dev. + The GnuTLS library package automatically gets a dependency on libp11-kit0 + (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on + libp11-kit0 (= ${binary:Version}). Therefore these dependencies already + enforce a version on libp11-kit-dev and we do not need to duplicate the + info. + * Add explicit build-dependency on libopts25-dev. Closes: #761618 + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Sep 2014 12:11:01 +0200 + +gnutls28 (3.3.7-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Aug 2014 08:01:51 +0200 + +gnutls28 (3.3.7-1) experimental; urgency=medium + + * New upstream release. + + Refresh 20_debian_specific_soname.diff. + + Add newly added symbols to libgnutls-deb0-28.symbols, bump private + symbol dependency info, and bump shlibs. + + New member in gnutls_pkcs11_obj_attr_t, bump version of + gnutls_pkcs11_obj_list_import_url*. + + -- Andreas Metzler <ametzler@debian.org> Sun, 24 Aug 2014 13:35:44 +0200 + +gnutls28 (3.3.6-2) unstable; urgency=medium + + * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS + lastest stable at freeze time. + * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the + at-build-time-default-compiler) by exporting @CPP@. + + -- Andreas Metzler <ametzler@debian.org> Sun, 24 Aug 2014 09:32:36 +0200 + +gnutls28 (3.3.6-1) experimental; urgency=medium + + * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) + with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 + * New upstream release. + + Refresh 20_debian_specific_soname.diff. + + Add newly added symbols to libgnutls-deb0-28.symbols and bump private + symbol dependency info. + + -- Andreas Metzler <ametzler@debian.org> Thu, 24 Jul 2014 08:50:01 +0200 + +gnutls28 (3.3.5-1) experimental; urgency=medium + + * New upstream version. + * Refresh patches/20_debian_specific_soname.diff. + * Drop 30_Updated-asm-sources.patch. + * Add new public symbols to symbol file, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Jun 2014 13:53:06 +0200 + +gnutls28 (3.3.3-1) experimental; urgency=medium + + * New upstream version, including a fix for GNUTLS-SA-2014-3 + CVE-2014-3466. + * Refresh 20_debian_specific_soname.diff. + * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git. + * New symbol gnutls_credentials_get, update symbol file and bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 May 2014 07:58:37 +0200 + +gnutls28 (3.3.2-2) experimental; urgency=high + + * Fix crashes due to symbol clashes when a binary ends up being linked + against GnuTLS v2 and v3 by bumping library symbol-versioning (and + therefore also the soname) in a Debian specific way, to make sure there is + no conflict with future: + + 20_debian_specific_soname.diff + - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* + - Add "-release deb0" to libtool link command. + + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + + Adapt symbol file accordingly. + + Change 14_version_gettextcat.diff, too. + Closes: #748742 + * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. + These have been unnecessary since we started using dh compat v9, where + debugging symbols are installed to /usr/lib/debug/.build-id. + + -- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2014 19:27:01 +0200 + +gnutls28 (3.3.2-1) experimental; urgency=medium + + * Do not build-depend on guile-2.0 on m68k. Closes: #745461 + * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to + enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a + corresponding versioned build-dependency, to prevent building of + uninstallable packages. + * New upstream version. Drop 20_guile_no_override_allocation.diff and + 21_Treat-othername-as-printable.diff. + + -- Andreas Metzler <ametzler@debian.org> Thu, 08 May 2014 19:47:09 +0200 + +gnutls28 (3.3.1-1) experimental; urgency=medium + + * New upstream version. + + Drop 20_sparc_chainverify_buserror.diff. + + Pull 20_guile_no_override_allocation.diff and + 21_Treat-othername-as-printable.diff from upstream GIT. + + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped + upstream since it was never exported in a public header and is not + used according to codesearch.d.o. + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Apr 2014 19:25:11 +0200 + +gnutls28 (3.3.0-2) experimental; urgency=medium + + * Drop last remains of -xssl from debian/. + * Add debian/libgnutls28.symbols. + * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test + increase the space available for certificates to fix sparc testsuite + error. + * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from + libgnutls28-dev. + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Apr 2014 19:53:30 +0200 + +gnutls28 (3.3.0-1) experimental; urgency=medium + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Apr 2014 07:49:11 +0200 + +gnutls28 (3.3.0~pre0-1) experimental; urgency=medium + + * Also version the p11-kit dependency. + * New upstream version. + + Set --enable-static, as only shared libs are built by default. + + libgnutls-xssl is no more. + + Bump shlibs. + * Upload to experimental. + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Mar 2014 19:19:37 +0100 + +gnutls28 (3.2.16-1) unstable; urgency=medium + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Wed, 23 Jul 2014 12:36:32 +0200 + +gnutls28 (3.2.15-3) unstable; urgency=medium + + * [debian/copright]: Replace reference to GPLv2.1 (which does not exist) + with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160 + * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3 + series. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Jul 2014 13:55:48 +0200 + +gnutls28 (3.2.15-2) unstable; urgency=high + + * Fix crashes due to symbol clashes when a binary ends up being linked + against GnuTLS v2 and v3 by bumping library symbol-versioning (and + therefore also the soname) in a Debian specific way, to make sure there is + no conflict with future: + + 20_debian_specific_soname.diff + - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_* + - Add "-release deb0" to libtool link command. + + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname. + + Change 14_version_gettextcat.diff, too. + Closes: #74874 + * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg. + These have been unnecessary since we started using dh compat v9, where + debugging symbols are installed to /usr/lib/debug/.build-id. + * debian/copyright: Add info about GPLv2 compatibility. + + -- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2014 18:56:03 +0200 + +gnutls28 (3.2.15-1) unstable; urgency=high + + * New upstream version. + + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466. + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 May 2014 08:37:00 +0200 + +gnutls28 (3.2.14-1) unstable; urgency=medium + + * Do not build-depend on guile-2.0 on m68k. Closes: #745461 + * New upstream version. + * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to + enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a + corresponding versioned build-dependency, to prevent building of + uninstallable packages. + + -- Andreas Metzler <ametzler@debian.org> Wed, 07 May 2014 19:29:26 +0200 + +gnutls28 (3.2.13-2) unstable; urgency=medium + + * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from + libgnutls28-dev. + + -- Andreas Metzler <ametzler@debian.org> Wed, 16 Apr 2014 19:24:25 +0200 + +gnutls28 (3.2.13-1) unstable; urgency=medium + + * Also version the p11-kit dependency. + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Apr 2014 19:08:40 +0200 + +gnutls28 (3.2.12.1-2) unstable; urgency=medium + + * Upload to unstable. + * Sync from Ubuntu (Colin Watson): + + Add arm64 and ppc64el to the list of non-ia64 architectures on which + guile-gnutls is built. + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Mar 2014 17:50:43 +0100 + +gnutls28 (3.2.12.1-1) experimental; urgency=medium + + * New upstream version. + + Drop superfluous patches: + 20_bug-in-gnutls_pcert_list_import_x509_raw.patch + 20_CVE-2014-0092.diff + + -- Andreas Metzler <ametzler@debian.org> Wed, 05 Mar 2014 19:40:42 +0100 + +gnutls28 (3.2.11-2) unstable; urgency=high + + * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11. + * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate + validation issue. CVE-2014-0092 + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Mar 2014 08:48:21 +0100 + +gnutls28 (3.2.11-1) unstable; urgency=high + + * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1) + * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Feb 2014 14:38:52 +0100 + +gnutls28 (3.2.10-2) unstable; urgency=high + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Feb 2014 12:10:16 +0100 + +gnutls28 (3.2.10-1) experimental; urgency=high + + * New upstream version. + * New symbols exported, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Feb 2014 09:22:36 +0100 + +gnutls28 (3.2.9-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Wed, 29 Jan 2014 19:05:05 +0100 + +gnutls28 (3.2.9-1) experimental; urgency=medium + + * New upstream version. + + %COMPAT implies %DUMBFW. (See #733039) + * Drop 40_guilenoparallel.diff, which did not have any effect after enabling + dh_autoreconf. + * Stop dh_clean from removing *.bak, upstream tarball actually contains + files named such in src/ subdirectory. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Jan 2014 19:00:11 +0100 + +gnutls28 (3.2.8.1-3) unstable; urgency=medium + + * Correct c'n'p error in Vcs-Git field. + * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx) + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 Jan 2014 13:23:46 +0100 + +gnutls28 (3.2.8.1-2) unstable; urgency=low + + * Upload to unstable, without libgnutls-openssl27. + + -- Andreas Metzler <ametzler@debian.org> Fri, 27 Dec 2013 15:45:39 +0100 + +gnutls28 (3.2.8.1-1) experimental; urgency=low + + * New upstream version. + + Drop debian/patches/45_add_strerror-module.patch, which was pulled from + upstream. + + Bump shlibs. + * Add debian/upstream-signing-key.pgp (listed in + debian/source/include-binaries) and update watchfile to check + upstream signature. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Dec 2013 16:59:19 +0100 + +gnutls28 (3.2.7-4) experimental; urgency=low + + * Upload to experimental, with libgnutls-openssl27. + * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Dec 2013 18:43:16 +0100 + +gnutls28 (3.2.7-3) unstable; urgency=low + + * Point vcs* to git. + * Upload to unstable, without libgnutls-openssl27. + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Dec 2013 18:15:43 +0100 + +gnutls28 (3.2.7-2) experimental; urgency=low + + * Fix kfreebsd FTBFS. + + 45_add_strerror-module.patch add gnulib strerror module. + + Use dh_autoreconf. + + -- Andreas Metzler <ametzler@debian.org> Fri, 29 Nov 2013 19:10:39 +0100 + +gnutls28 (3.2.7-1) experimental; urgency=low + + * New upstream version. + + Add b-d on bison. + + Bump shlibs. + + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch. + + Simplify debian/rules, stop removing autogened files. + + -- Andreas Metzler <ametzler@debian.org> Wed, 27 Nov 2013 19:30:00 +0100 + +gnutls28 (3.2.6-2) experimental; urgency=low + + * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain + for the hint.) + * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition. + + -- Andreas Metzler <ametzler@debian.org> Sun, 10 Nov 2013 13:54:49 +0100 + +gnutls28 (3.2.6-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Tue, 05 Nov 2013 19:25:51 +0100 + +gnutls28 (3.2.5-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + * Ship examples/examples.h which is needed for building examples/*.c. Also + add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor) + Closes: #726971 + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Oct 2013 14:40:05 +0200 + +gnutls28 (3.2.4-5) experimental; urgency=low + + * Re-enable building of libgnutls-openssl27 binary package. + * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless + transition to gnutls28. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Oct 2013 19:10:06 +0200 + +gnutls28 (3.2.4-4) unstable; urgency=low + + * 40_guilenoparallel.diff: Disable parallel build in + guile/modules/. + + -- Andreas Metzler <ametzler@debian.org> Mon, 09 Sep 2013 19:48:04 +0200 + +gnutls28 (3.2.4-3) unstable; urgency=low + + * Looks like "Architecture" in debian/control cannot be folded, unfold the + respective entry for guile-gnutls. + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Sep 2013 08:03:27 +0200 + +gnutls28 (3.2.4-2) unstable; urgency=low + + * Manpages were missing on binary-only builds. Closes: #721725 + * Build with + --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since + ca-certificates not pulled in by build-dependencies anymore. + Closes: #721726 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Sep 2013 08:10:17 +0200 + +gnutls28 (3.2.4-1) experimental; urgency=low + + * New upstream release. + + Drop 40_Clean-up-after-test.patch. + * Fix path to png files in info files with sed instead of symlinking images. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 Aug 2013 19:02:33 +0200 + +gnutls28 (3.2.3-3) experimental; urgency=low + + * Switch to dh, to easily allow us to move gtk-doc-tools to + Build-Depends-Indep. Closes: #682596 + + -- Andreas Metzler <ametzler@debian.org> Sun, 25 Aug 2013 10:25:52 +0200 + +gnutls28 (3.2.3-2) experimental; urgency=low + + * Build gnutls-guile against guile-2.0. + + Drop --disable-largefile on armel armhf mipsel. + + ia64 does not build guile-2.0, disable guile-support there. + + -- Andreas Metzler <ametzler@debian.org> Sun, 04 Aug 2013 13:28:13 +0200 + +gnutls28 (3.2.3-1) unstable; urgency=low + + * New upstream release. + * Drop superfluous patches. (35_gnutls-priority-string.diff + 36_avoid-leaking-a-buffer-element.diff) + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Tue, 30 Jul 2013 19:45:28 +0200 + +gnutls28 (3.2.2-2) unstable; urgency=low + + * Pull two patches from upstream: + +35_gnutls-priority-string.diff Fix priority string parsing broken in + 3.2.2 Closes: #717314 + +36_avoid-leaking-a-buffer-element.diff + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Jul 2013 18:08:42 +0200 + +gnutls28 (3.2.2-1) unstable; urgency=low + + * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam) + Closes: #678070 + * New upstream version. + * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Mon, 15 Jul 2013 11:41:50 +0200 + +gnutls28 (3.2.1-2) unstable; urgency=low + + * Upload to unstable. + * Do not link everything against nettle on mips(el), the issue being worked + around was fixed by the latest eglibc upload. + * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch: + same. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Jun 2013 16:55:09 +0200 + +gnutls28 (3.2.1-1) experimental; urgency=low + + * New upstream version. + + Bump nettle build-dep to >= 2.7. + + Bump shlibs. + + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check + whether it still fails on kfreebsd-i386. + + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent + false positive error in 32-bit systems. + + [32_linkagainstgmp.diff] Link libgnutls against gmp. + + -- Andreas Metzler <ametzler@debian.org> Sun, 09 Jun 2013 20:08:29 +0200 + +gnutls28 (3.1.12-2) unstable; urgency=low + + * Upload to unstable. + * Fix vcs-field-not-canonical lintian error by using anonscm instead of + svn.debian.org. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jun 2013 14:41:39 +0200 + +gnutls28 (3.1.12-1) experimental; urgency=low + + * Use rm -f on clean, fixing an issue with building twice in row. + * New upstream version. + * On mips/mipsel link everything and the kitchen-sink against nettle to work + around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'"). + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Jun 2013 07:58:55 +0200 + +gnutls28 (3.1.11-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Fri, 10 May 2013 16:39:17 +0200 + +gnutls28 (3.1.10-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 23 Mar 2013 16:21:30 +0100 + +gnutls28 (3.1.9.1-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs. + * Force re-generation of autogen-ed manpages. + + -- Andreas Metzler <ametzler@debian.org> Sun, 03 Mar 2013 17:06:05 +0100 + +gnutls28 (3.1.8-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sun, 10 Feb 2013 13:35:32 +0100 + +gnutls28 (3.1.7-1) experimental; urgency=low + + * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching + the build-depency. (Thanks, Daniel Kahn Gillmor) + * New upstream version. + + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack. + CVE-2013-0169 CVE-2013-1619. + + New symbols added, bump shlibs. + + Ship newly available libgnutls-xssl0 library in a separate package. + * Disable Heart Beat (RFC6520) support. + + -- Andreas Metzler <ametzler@debian.org> Tue, 05 Feb 2013 14:58:31 +0100 + +gnutls28 (3.1.6-1) experimental; urgency=low + + * Update watchfile, based on Bart Martens version for gnutls26 on + q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to + 3.x versions. + * New upstream version. + + requires libtasn1 >= 3.1, bump build-depends. + + requires a a newer version of autogen, bump build-depends. + + update debian/copyright to reflect the fact that GnuTLS authors have + stopped assigning copyright to FSF. + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Jan 2013 09:38:41 +0100 + +gnutls28 (3.1.5-1) experimental; urgency=low + + * New upstream version. + + Drop 40_danetestfail.diff + + Unfuzz 20_test-select.diff + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Wed, 28 Nov 2012 19:23:10 +0100 + +gnutls28 (3.1.4-1) experimental; urgency=low + + * New upstream release. + + Drop 40_fixtypo.diff. + + debian/copyright: update upstream author list. + + New symbols added, bump shlibs. + * 40_danetestfail.diff - Do not try to run dane test without dane support. + + -- Andreas Metzler <ametzler@debian.org> Sat, 10 Nov 2012 09:21:41 +0100 + +gnutls28 (3.1.3-1) experimental; urgency=low + + * New upstream release. + * Explicitly set --disable-libdane --without-tpm. + * Bump shlibs. + * 40_fixtypo.diff pulled from upstream git. + * Update debian/copyright from AUTHORS. + + -- Andreas Metzler <ametzler@debian.org> Sat, 13 Oct 2012 15:52:09 +0200 + +gnutls28 (3.1.2-1) experimental; urgency=low + + * New upstream release. + + Requires libtasn1-3 2.14, bump (b-)d. + + New symbols added, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2012 08:13:47 +0200 + +gnutls28 (3.1.1-1) experimental; urgency=low + + * New upstream release. + + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6. + Closes: #686242 + + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff + 42_dump-the-errno.diff 43_possiblefix.diff) + + Bump shlibs. + * Sync version of libgnutls-dev dependency on nettle-dev with the + build-dependency. + + -- Andreas Metzler <ametzler@debian.org> Tue, 04 Sep 2012 19:28:08 +0200 + +gnutls28 (3.1.0-5) experimental; urgency=low + + * 43_possiblefix.diff might fix the test suite error. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Sep 2012 16:05:34 +0200 + +gnutls28 (3.1.0-4) experimental; urgency=low + + * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the + testsuite error. + + -- Andreas Metzler <ametzler@debian.org> Sun, 02 Sep 2012 13:28:55 +0200 + +gnutls28 (3.1.0-3) experimental; urgency=low + + * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Sep 2012 10:02:54 +0200 + +gnutls28 (3.1.0-2) experimental; urgency=low + + * Mention abbreviation "DTLS" in package description. + * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test, + it spuriously fails on about half of the buildds. + + -- Andreas Metzler <ametzler@debian.org> Sat, 01 Sep 2012 08:41:11 +0200 + +gnutls28 (3.1.0-1) experimental; urgency=low + + * New upstream release. + + Bump nettle build-dep to >= 2.5. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sun, 26 Aug 2012 13:40:15 +0200 + +gnutls28 (3.0.22-2) unstable; urgency=low + + * Upload to unstable. This is a leaf-package, experimental should get + 3.1.0. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2012 09:22:37 +0200 + +gnutls28 (3.0.22-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sun, 05 Aug 2012 08:29:14 +0200 + +gnutls28 (3.0.21-1) experimental; urgency=low + + * New upstream version. + + Drop 35_s390buildfix.diff. + * Bump shlibs (new functions added.) + + -- Andreas Metzler <ametzler@debian.org> Tue, 03 Jul 2012 19:50:14 +0200 + +gnutls28 (3.0.20-3) unstable; urgency=low + + * 35_s390buildfix.diff - Fixes test-suite error on s390x. + + -- Andreas Metzler <ametzler@debian.org> Thu, 21 Jun 2012 19:52:47 +0200 + +gnutls28 (3.0.20-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 16 Jun 2012 16:20:01 +0200 + +gnutls28 (3.0.20-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs (new functions added.) + * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for + CLOCK_MONOTONIC now. #662018 + + -- Andreas Metzler <ametzler@debian.org> Wed, 06 Jun 2012 20:46:11 +0200 + +gnutls28 (3.0.19-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Apr 2012 18:42:46 +0200 + +gnutls28 (3.0.19-1) experimental; urgency=low + + * New upstream version. + + libgnutls: When decoding a PKCS #11 URL the pin-source field + is assumed to be a file that stores the pin. (LP: #929108) + + Drop 31_killchild.diff, included upstream. + + -- Andreas Metzler <ametzler@debian.org> Sun, 22 Apr 2012 18:14:41 +0200 + +gnutls28 (3.0.18-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 Apr 2012 16:34:15 +0200 + +gnutls28 (3.0.18-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + * patches/31_killchild.diff: Revert upstream change which caused tee-ing a + build to hang. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Apr 2012 09:11:39 +0200 + +gnutls28 (3.0.17-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Mar 2012 19:19:31 +0100 + +gnutls28 (3.0.17-1) experimental; urgency=low + + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Mar 2012 15:59:17 +0100 + +gnutls28 (3.0.15-2) experimental; urgency=low + + * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since + support for CLOCK_MONOTONIC is missing there. (See #662018.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 11 Mar 2012 10:24:39 +0100 + +gnutls28 (3.0.15-1) experimental; urgency=low + + * New upstream version. + + Drop superfluous patches (30_microseconds-does-not-overflow.patch, + 31_provide-accurate-value-to-select.patch) + + Includes fix for CVE-2012-1573. + * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts. + * Bump libgnutls-dev dependency on libp11-kit-dev. + + -- Andreas Metzler <ametzler@debian.org> Sun, 04 Mar 2012 15:58:38 +0100 + +gnutls28 (3.0.14-1) experimental; urgency=low + + * New upstream version. + + Drop 30_force-kill-of-child.diff. + * Pull 30_microseconds-does-not-overflow.patch and + 31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite + error (tests/mini-loss) on kfreebsd-*. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Feb 2012 15:24:39 +0100 + +gnutls28 (3.0.13-1) experimental; urgency=low + + * New upstream version. + + bump libp11-kit-dev build-dep. to >= 0.11. + + drop 30_guilegnutlserrorcodes.diff. + * Drop debian/ocsptool.1 use, newly available upstream manpage instead. + * Use and link against Debian's packaged version of autogen/libopts. + + B-d on autogen. + + remove autogen-generated files (*.c, *.h) on clean. autogen requires + that the system headers are at least of the same version as the + one which was used to generate the files from their respective .def + sources. + * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Mon, 20 Feb 2012 19:30:16 +0100 + +gnutls28 (3.0.12-2) unstable; urgency=low + + * De-multiarch guile-gnutls. Closes: #658110 + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2012 14:34:48 +0100 + +gnutls28 (3.0.12-1) unstable; urgency=low + + * New upstream version. + * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile + testsuite error. + * Update debian/copyright. + * Bump shlibs. (OCSP support) + * Add trivial ocsptool manpage. + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Jan 2012 10:38:44 +0100 + +gnutls28 (3.0.11-1) unstable; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Jan 2012 12:55:33 +0100 + +gnutls28 (3.0.10-1) unstable; urgency=low + + * Drop guile-gnutls.README.Debian - binary guile modules are no longer + directly installed in $libdir. + * New upstream version. + + Drop patches/30_correctly-set-the-odd-bits.patch. + + gnutls_random_art() added. Update copyright, bump shlibs. + + src/serv.c: Only use configured interfaces. Patch by Pino Toscano. + Closes: #652552 + + -- Andreas Metzler <ametzler@debian.org> Fri, 06 Jan 2012 08:52:19 +0100 + +gnutls28 (3.0.9-2) unstable; urgency=low + + * [20_test-select.diff] Do not run gnulib test-select test anymore. The + test fails on kfreebsd-i386, the gnutls library does not use select(). + * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Dec 2011 11:41:19 +0100 + +gnutls28 (3.0.9-1) experimental; urgency=low + + * New upstream version. + * Include guile-gnutls package. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Wed, 14 Dec 2011 19:54:20 +0100 + +gnutls28 (3.0.8-2) unstable; urgency=low + + * First upload to unstable. + + Disable openssl-wrapper package, let it be provided by gnutls26 until + gnutls28 is in testing. + + Disable gnutls-guile package, let it be provided by gnutls26 until + gnutls28 is in testing. + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Dec 2011 10:30:04 +0100 + +gnutls28 (3.0.8-1) experimental; urgency=low + + * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix + guile related FTBFS on these architectures. + See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html + * New upstream version. + + Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Nov 2011 17:05:25 +0100 + +gnutls28 (3.0.7-1) experimental; urgency=low + + * New upstream version. + + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441 + * Drop 20_addGNU-stack.diff, included upstream. + * loadable Guile module no longer installed directly to $libdir but to + $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and + Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify + DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module. + * gnutls-extra is removed upstream, there is no need anymore to manually + remove the bits and pieces in debian/rules. + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Nov 2011 19:35:30 +0100 + +gnutls28 (3.0.4-2) experimental; urgency=low + + * Drop libgnutls-dev.README.Debian, the information provided there stopped + being relevant in 2.7.12. + * Delete superfluous info from debian/README.source. + * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not + seem to be possible. + http://lists.debian.org/debian-devel/2011/10/msg00332.html + * Simplify dependencies: + + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is + also provided by gnutls26' libgnutls-dev). + + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, + gnutls-dev (<< 0.4.0-0), libgnutls11-dev. + + -- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2011 17:41:27 +0200 + +gnutls28 (3.0.4-1) experimental; urgency=low + + * New upstream version. + + bump shlibs. + + bump nettle build-dependency to >= 2.4. (Required for ripemd-160). + * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811 + * [20_addGNU-stack.diff] Add GNU-stack note to newly added + padlock-common.s. + * Stop shipping libgnutls-extra.so. It is an empty shell currently and will + be packaged for Debian again when it provides functionality. + * Update debian/copyright, accelerated assembly code is non-FSF copyright. + * Add crywrap.8 manpage. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Oct 2011 13:37:39 +0200 + +gnutls28 (3.0.3-1) experimental; urgency=low + + * New upstream version. (Includes a fix for #640639) + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 Sep 2011 19:37:06 +0200 + +gnutls28 (3.0.2-1) experimental; urgency=low + + * Update debian/copyright for crywrap. + * Since libgnutls*-dbg contains debugging symbols of helper applications + libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update + Conflicts. + * New upstream version. It also includes the fixes for #638586 (Correct + parsing of XMPP subject alternative names) and #638595 + (gnutls_certificate_set_x509_key() and + gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the + release of the private key during the lifetime of the certificate + structure.) + * Configure with --enable-gtk-doc, the included API reference is incomplete + in the tarball. + * [lintian] Get rid of binary-control-field-duplicates-source field + warnings. + * [lintian] Add description header to 14_version_gettextcat.diff + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Sep 2011 13:18:17 +0200 + +gnutls28 (3.0.1-1) experimental; urgency=low + + * Update Vcs-Svn and Vcs-Browser for new source package name. + * New upstream version. + + corrects formatting of gnutls-cli(1) manpage. Closes: #637551 + * Bump build-dependency on libp11-kit-dev to (>= 0.4). + * Drop 20_executablestack.diff, included upstream. + * Includes crywrap(8), an application that proxies TLS session to a port + using a plaintext service. + * Add build-dependency on libidn11-dev, needed for newly added crywrap tool. + * Bump shlibs. (New flags). + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Aug 2011 14:54:23 +0200 + +gnutls28 (3.0.0-2) experimental; urgency=low + + * Add missing b-d on chrpath. + * Search for .xz instead of .bz2 in watchfile. + + -- Andreas Metzler <ametzler@debian.org> Tue, 16 Aug 2011 13:57:22 +0200 + +gnutls28 (3.0.0-1) experimental; urgency=low + + * Drop gcrypt related patches (16_unnecessarydep.diff + 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff + 20_gcrypt15compat.diff), update remaining one + (14_version_gettextcat.diff). + * Build against nettle and p11-kit. + + Update DEB_CONFIGURE_EXTRA_FLAGS. + + Update (Build-)Depends. (Add pkg-config, it is used for locating + p11-kit.) + * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 -> + libgnutls28. + * Drop libgnutls Breaks, they are superfluous after the soname change. + * Delete config.log on clean. + * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to + assembly files. + * Delete unneccessary rpath entries. + * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a + NEWS entry for this license change. + * Move gnutls-extra library to separate package. + + -- Andreas Metzler <ametzler@debian.org> Sun, 14 Aug 2011 16:44:11 +0200 + +gnutls26 (2.12.7-4) unstable; urgency=low + + * Upload to unstable. + * Point watch file to stable release directory. + * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config + Libs.private. Closes: #632891 + * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) + + -- Andreas Metzler <ametzler@debian.org> Sun, 07 Aug 2011 09:58:28 +0200 + +gnutls26 (2.12.7-3) experimental; urgency=low + + [ Simon Josefsson ] + * Fix Debian BTS URL in --with-packager-bug-reports option. + + [ Andreas Metzler ] + * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. + + -- Andreas Metzler <ametzler@debian.org> Mon, 25 Jul 2011 19:59:36 +0200 + +gnutls26 (2.12.7-2) experimental; urgency=low + + * Stop shipping libtool la files. + * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update + *.install accordingly. + + Bump cdbs Build-Depends to 0.4.93 (required for expanding + $(DEB_HOST_MULTIARCH)). + + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + + runtime libraries and guile-wrapper are Multi-Arch: same with + Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are + Multi-Arch: foreign, -dev and -dbg remain unchanged. + + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg + package. It contains debugging symbols for both library and helper + binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not + co-installable with itself. + + -- Andreas Metzler <ametzler@debian.org> Sun, 26 Jun 2011 15:01:58 +0200 + +gnutls26 (2.12.7-1) experimental; urgency=low + + * New upstream version. + * Update 17_ignoretestsuitteerrors.diff. + * A new version of pokerth has been uploaded to sid, update libgnutls26 + Breaks accordingly. + + -- Andreas Metzler <ametzler@debian.org> Sun, 19 Jun 2011 08:49:01 +0200 + +gnutls26 (2.12.6.1-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs, global_set_time_function() was added. + * Stop setting CFLAGS += -Wall, it is set by default again. + * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite + errors. + + -- Andreas Metzler <ametzler@debian.org> Sun, 05 Jun 2011 13:18:50 +0200 + +gnutls26 (2.12.5-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs, gnutls_x509_crq_verify() was added. + + -- Andreas Metzler <ametzler@debian.org> Sat, 14 May 2011 13:21:12 +0200 + +gnutls26 (2.12.4-1) experimental; urgency=low + + * New upstream version. + * Bump shlibs. (gnutls_certificate_get_issuer() added). + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2011 15:19:18 +0200 + +gnutls26 (2.12.3-1) experimental; urgency=low + + * New upstream version. + * Drop patches included upstream: [18_restoreHMAC-MD5.diff] + + -- Andreas Metzler <ametzler@debian.org> Fri, 22 Apr 2011 18:26:11 +0200 + +gnutls26 (2.12.2-2) experimental; urgency=low + + * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 + for compatibility. Closes: #623001 + + -- Andreas Metzler <ametzler@debian.org> Sun, 17 Apr 2011 15:44:30 +0200 + +gnutls26 (2.12.2-1) experimental; urgency=low + + * New upstream version. + * [lintian] Drop article from short package descriptions. + + -- Andreas Metzler <ametzler@debian.org> Fri, 08 Apr 2011 19:36:27 +0200 + +gnutls26 (2.12.1-1) experimental; urgency=low + + * New upstream version. + + certtool: Generated certificate request with stricter permissions. + Closes: #619746 + * Drop superfluous patches: + 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff + 19_uninitializedvar.diff 20_access_freedmemory.diff + * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will + need a binNMU when gnutls 2.12.x uploaded to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sat, 02 Apr 2011 15:22:46 +0200 + +gnutls26 (2.12.0-1) experimental; urgency=low + + * New upstream stable release. + + Drop superceded patches 17_goldhotfix.patch + 18_libgnutls-openssl_soname.diff. + * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: + 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff + 19_uninitializedvar.diff 20_access_freedmemory.diff + + -- Andreas Metzler <ametzler@debian.org> Sun, 27 Mar 2011 10:23:11 +0200 + +gnutls26 (2.11.7-2) experimental; urgency=low + + * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool + versioning: 27:0:0). + * Split off libgnutls-openssl to a separate package, since the sonames are + not in sync anymore. + + -- Andreas Metzler <ametzler@debian.org> Fri, 11 Mar 2011 17:48:47 +0100 + +gnutls26 (2.11.7-1) experimental; urgency=low + + * New upstream version (rc for 2.12) + + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + + Bump shlibs. + * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. + + -- Andreas Metzler <ametzler@debian.org> Thu, 10 Mar 2011 12:12:01 +0100 + +gnutls26 (2.11.6-2) experimental; urgency=low + + * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) + on big endian architectures. + + -- Andreas Metzler <ametzler@debian.org> Wed, 23 Feb 2011 19:20:40 +0100 + +gnutls26 (2.11.6-1) experimental; urgency=low + + * Development release. + * Continue building against libgcrypt, run configure with --with-libgcrypt. + * Refresh patches/15_fixgnutlspc.diff. + * Set --with-packager* options. + * Install newly available p11tool binary. + * Bump libgcrypt11-dev Build-Depends. + * C++ wrapper soname bump, change package name accordingly. + * Bump shlibs. + * Update debian/copyright. + * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not + seem to set it by default. + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Feb 2011 15:29:43 +0100 + +gnutls26 (2.10.5-3) unstable; urgency=medium + + * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. + + -- Andreas Metzler <ametzler@debian.org> Mon, 25 Jul 2011 19:26:34 +0200 + +gnutls26 (2.10.5-2) unstable; urgency=low + + * Stop shipping libtool la files. + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Jun 2011 18:13:38 +0200 + +gnutls26 (2.10.5-1) unstable; urgency=low + + * New upstream bugfix release. + + Drop 15_fixgnutlspc.diff, included upstream. + * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not + seem to set it by default. + + -- Andreas Metzler <ametzler@debian.org> Mon, 28 Feb 2011 18:52:57 +0100 + +gnutls26 (2.10.4-2) unstable; urgency=low + + * Use debhelper compatibility level 7. + * Merge in changes from 2.8.6-1: + + Use dh_lintian. + + Use dh_makeshlibs for the guile stuff, too. This gets us + a) ldconfig in postinst. Closes: #553109 + and + b) a shlibs file. + However the shared objects /usr/lib/libguile-gnutls*so* are still not + designed to be used as libraries (linking) but are dlopened. guile-1.10 + will address this issue by keeping this stuff in a private directory. + + hotfix pkg-config files (proper fix to be included upstream). + + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff + Closes: #405239 + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 06 Feb 2011 16:44:09 +0100 + +gnutls26 (2.10.4-1) experimental; urgency=low + + * New upstream release. V1 CAs are trusted by default. + + -- Andreas Metzler <ametzler@debian.org> Mon, 06 Dec 2010 19:13:48 +0100 + +gnutls26 (2.10.3-1) experimental; urgency=low + + * Drop workaround for 519006, binutils is fixed even in squeeze. + * New upstream bugfix release. + + -- Andreas Metzler <ametzler@debian.org> Fri, 19 Nov 2010 19:19:26 +0100 + +gnutls26 (2.10.2-1) experimental; urgency=low + + * New upstream version. + + Fix asynchronous API handling. Closes: #588187 + + certtool does not crash on reading from /dev/null anymore. + Closes: #588029 + * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Sep 2010 19:10:31 +0200 + +gnutls26 (2.10.1-1) experimental; urgency=low + + * Update package descriptions. Closes: #588067 + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sun, 25 Jul 2010 14:56:45 +0200 + +gnutls26 (2.10.0-2) experimental; urgency=low + + * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), + libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 + support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental + (2.31.2-1) not yet. Closes: #587755 + + -- Andreas Metzler <ametzler@debian.org> Sat, 03 Jul 2010 08:58:57 +0200 + +gnutls26 (2.10.0-1) experimental; urgency=low + + * New upstream stable release. + * Point watchfile to stable releases. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Jun 2010 14:48:40 +0200 + +gnutls26 (2.9.12-2) experimental; urgency=low + + * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building + without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a + useless and almost empty package on these archs.) + * Drop ancient workaround for gcc bug on hppa. + http://bugs.debian.org/128036 + + -- Andreas Metzler <ametzler@debian.org> Sat, 19 Jun 2010 14:38:22 +0200 + +gnutls26 (2.9.12-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Thu, 17 Jun 2010 19:20:04 +0200 + +gnutls26 (2.9.11-1) experimental; urgency=low + + * New upstream version. + * Drop 15_gnutlspriority.diff, superseded. + + -- Andreas Metzler <ametzler@debian.org> Mon, 07 Jun 2010 19:36:33 +0200 + +gnutls26 (2.9.10-2) experimental; urgency=low + + * [15_gnutlspriority.diff] Restore compatibility with programs using + gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. + Closes: #579831 + + -- Andreas Metzler <ametzler@debian.org> Thu, 27 May 2010 18:40:53 +0200 + +gnutls26 (2.9.10-1) experimental; urgency=low + + * New upstream version. + * New functions added, bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Thu, 22 Apr 2010 19:29:52 +0200 + +gnutls26 (2.9.9-1) experimental; urgency=low + + * Package upstream development branch for experimental. + * Track development versions in watchfile. + * Package C++ wrapper again. Closes: #548637 + + -- Andreas Metzler <ametzler@debian.org> Sun, 20 Dec 2009 11:31:33 +0100 + +gnutls26 (2.8.6-1) unstable; urgency=low + + * Use dh_lintian. + * Use dh_makeshlibs for the guile stuff, too. This gets us + a) ldconfig in postinst. Closes: #553109 + and + b) a shlibs file. + However the shared objects /usr/lib/libguile-gnutls*so* are still not + designed to be used as libraries (linking) but are dlopened. guile-1.10 + will address this issue by keeping this stuff in a private directory. + * hotfix pkg-config files (proper fix to be included upstream). + * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 Mar 2010 15:53:35 +0100 + +gnutls26 (2.8.5-2) unstable; urgency=low + + * Add a huge bunch of lintian overrides for the guile stuff to make dak + happy. + + -- Andreas Metzler <ametzler@debian.org> Fri, 13 Nov 2009 19:53:04 +0100 + +gnutls26 (2.8.5-1) unstable; urgency=low + + * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) + * Switch to '3.0 (quilt)' source format, allowing us to use upstreams + orig.tar.bz2 without repacking it to gz. + * New upstream version. + + Drop patches/20_fixtimebomb.diff. + + -- Andreas Metzler <ametzler@debian.org> Thu, 12 Nov 2009 19:57:08 +0100 + +gnutls26 (2.8.4-2) unstable; urgency=high + + * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 + + -- Andreas Metzler <ametzler@debian.org> Sun, 01 Nov 2009 13:21:27 +0100 + +gnutls26 (2.8.4-1) unstable; urgency=low + + * New upstream version. + + Drop debian/patches/15_openpgp.diff. + * Sync priorities with override file, libgnutls26 has been bumped from + important to standard. + + -- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2009 10:33:52 +0200 + +gnutls26 (2.8.3-3) unstable; urgency=low + + * Empty dependency_libs in la-files. (Squeeze release goal.) + + -- Andreas Metzler <ametzler@debian.org> Sat, 05 Sep 2009 09:09:22 +0200 + +gnutls26 (2.8.3-2) unstable; urgency=low + + * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke + openpgp connections. + + -- Andreas Metzler <ametzler@debian.org> Sat, 22 Aug 2009 14:14:48 +0200 + +gnutls26 (2.8.3-1) unstable; urgency=high + + * New upstream version. + + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it + was built against. Closes: #540449 + + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 + certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 + http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html + * Drop 15_chainverify_expiredcert.diff, included upstream. + * Urgency high, since 541439 applies to testing, too. + + -- Andreas Metzler <ametzler@debian.org> Fri, 14 Aug 2009 19:14:29 +0200 + +gnutls26 (2.8.1-2) unstable; urgency=low + + [ Simon Josefsson ] + * Remove cruft in rules file. + * Remove patches/15_tasn1inpc.diff, not needed. + + [ Andreas Metzler ] + * Finally add an entry to the NEWS.Debian file concerning the deprecation of + RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 + * Upload to unstable. + * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. + Fix testsuite error caused by expired certificate. + + -- Andreas Metzler <ametzler@debian.org> Thu, 06 Aug 2009 19:12:51 +0200 + +gnutls26 (2.8.1-1) experimental; urgency=low + + * New upstream stable release. + + -- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2009 09:15:28 +0200 + +gnutls26 (2.7.14-1) experimental; urgency=low + + * [debian/control] set section setting of source package to libs instead of + devel. + * New upstream version. + + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + + Bump shlibs, new symbols added. + + -- Andreas Metzler <ametzler@debian.org> Tue, 26 May 2009 19:51:41 +0200 + +gnutls26 (2.7.12-1) experimental; urgency=low + + * Fix typo in changelog. Closes: #526427 + * New upstream release. + + Does not ship the scripts libgnutls-extra-config and libgnutls-config + and the .m4 snippet to use it anymore. Please switch to pkg-config or + standard autoconf test. Drop manpages and + both patches/13_lessdeps_gnutls-config.diff and + patches/13_lessdeps_gnutls-config.diff from the debian diff. + + Update remaining patches. + + Bump shlibs, new symbols added. + * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was + already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of + GNUTLS_2_8. + * New upstream uses separate ./configure scripts for the different + libraries. Invoke the main ./configure script with + --cache-file=$(CURDIR)/config.cache to speed things up. + + -- Andreas Metzler <ametzler@debian.org> Thu, 21 May 2009 11:18:35 +0200 + +gnutls26 (2.6.6-1) unstable; urgency=high + + * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This + way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. + * New upstream security release. + + libgnutls: Corrected double free on signature verification failure. + GNUTLS-SA-2009-1 CVE-2009-1415 + + libgnutls: Fix DSA key generation. Noticed when investigating the + previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS + 2.6.x are corrupt. See the advisory for more details. + GNUTLS-SA-2009-2 CVE-2009-1416 + + libgnutls: Check expiration/activation time on untrusted certificates. + Before the library did not check activation/expiration times on + certificates, and was documented as not doing so. + GNUTLS-SA-2009-3 CVE-2009-1417 + * The former two issues only apply to gnutls 2.6.x. The latter is a + behavior change, add a NEWS.Debian file to document it. + + -- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200 + +gnutls26 (2.6.5-1) unstable; urgency=low + + * Sync sections in debian/control with override file. libgnutls26-dbg is + section debug, guile-gnutls is section lisp. + * New upstream version. (Needed for Libtasn1-3 2.0) + * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. + * Standards-Version: 3.8.1, no changes required. + + -- Andreas Metzler <ametzler@debian.org> Tue, 14 Apr 2009 14:23:19 +0200 + +gnutls26 (2.6.4-2) unstable; urgency=low + + * Upload to unstable. + * Merge changelog entries from unstable and experimental. + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Feb 2009 16:43:37 +0100 + +gnutls26 (2.6.4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 14:32:57 +0100 + +gnutls26 (2.6.3-1) experimental; urgency=low + + * New upstream version. + + Corrects bug gnutls-cli which caused a rehandshake request + to be ignored. Closes: #396867 + * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Dec 2008 10:46:38 +0100 + +gnutls26 (2.6.2-2) experimental; urgency=low + + * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some + correct certificate chains were not recognized as verified. + Closes: #507633 + * [lintian] Add ${misc:Depends} to multiple dendency lines. + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 13:31:58 +0100 + +gnutls26 (2.6.2-1) experimental; urgency=low + + * New upstream version. + + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + + Drop 20_fix_501077.diff. + * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper + there. + * Add Simon Josefsson to uploaders. + + -- Andreas Metzler <ametzler@debian.org> Thu, 13 Nov 2008 19:30:06 +0100 + +gnutls26 (2.6.0-1) experimental; urgency=low + + * New upstream stable release. + * Add debian/patches/20_fix_501077.diff to fix an out of bound access in + gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Oct 2008 09:59:03 +0200 + +gnutls26 (2.5.9-1) experimental; urgency=low + + * New upstream development version. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Oct 2008 12:40:01 +0200 + +gnutls26 (2.4.2-6) unstable; urgency=medium + + * New patches, syncing with 2.4.3 upstream oldstable release: + + 24_intermedcertificate.patch If a non-root certificate ist trusted + gnutls certificateificate verification stops there instead of checking + up to the root of the certificate chain. + + 22_whitespace.patch - Whitespace only changes, to make it possible to + apply upstream fixes without manual changes. + + 25_bufferoverrun.patch. Fix buffer overrun bug in + gnutls_x509_crt_list_import. + http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e + + -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100 + +gnutls26 (2.4.2-5) unstable; urgency=low + + * Pull two patches from upstream stable branch to make gnutls behavior + match documentation: + + patch 23_permit_v1_CA.diff:Accept v1 x509 CA + certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 + certificates signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. + CVE-2009-2409 + + -- Andreas Metzler <ametzler@debian.org> Sat, 31 Jan 2009 16:26:52 +0100 + +gnutls26 (2.4.2-4) unstable; urgency=medium + + * Add Simon Josefsson to uploaders. + * Another fix for the verification fix. Some correct certificate chains were + not recognized as verified. Closes: #507633 + + -- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 12:09:33 +0100 + +gnutls26 (2.4.2-3) unstable; urgency=low + + * Fix a crash on trying to verify self-signed certificates introduced by the + patch for CVE-2008-4989. Closes: #505279 + + -- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2008 19:23:23 +0100 + +gnutls26 (2.4.2-2) unstable; urgency=medium + + * [CVE-2008-4989.diff] Fix man in the middle attack for certificate + verification. CVE-2008-4989 GNUTLS-SA-2008-3 + + -- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2008 19:42:54 +0100 + +gnutls26 (2.4.2-1) unstable; urgency=low + + * New upstream bugfix release. + * Up to date gnutls-cli manpage. Closes: #492775 + + -- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2008 10:35:16 +0200 + +gnutls26 (2.4.1-1) unstable; urgency=medium + + * New upstream version, fixing a local denial of service vulnerability only + present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 + + -- Andreas Metzler <ametzler@debian.org> Tue, 01 Jul 2008 19:35:51 +0200 + +gnutls26 (2.4.0-2) unstable; urgency=low + + * Standards version 3.8.0. Rename README.source_and_patches to README.source. + * Upload to unstable. + * Point watchfile to stable releases again. + * Merge experimental and unstable changelog. + + -- Andreas Metzler <ametzler@debian.org> Tue, 24 Jun 2008 19:13:25 +0200 + +gnutls26 (2.4.0-1) experimental; urgency=low + + * New upstream stable release. + * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Wed, 18 Jun 2008 19:40:38 +0200 + +gnutls26 (2.3.15-1) experimental; urgency=low + + * New upstream version. (rc4) + Disables 'openpgp-certs' tests. Closes: #486269 + + -- Andreas Metzler <ametzler@debian.org> Mon, 16 Jun 2008 19:08:24 +0200 + +gnutls26 (2.3.14-1) experimental; urgency=low + + * New upstream version. (rc3) + + -- Andreas Metzler <ametzler@debian.org> Wed, 11 Jun 2008 19:16:18 +0200 + +gnutls26 (2.3.13-1) experimental; urgency=low + + * New upstream version. 2nd rc for 2.4.0. + * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. + + -- Andreas Metzler <ametzler@debian.org> Sun, 08 Jun 2008 18:00:51 +0200 + +gnutls26 (2.3.12-1) experimental; urgency=low + + * New upstream version. Bump shlibs. + * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 + * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite + failure on sparc. + + -- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2008 19:08:29 +0200 + +gnutls26 (2.3.11-1) experimental; urgency=low + + * New upstream version. + + Fixes three security vulnerabilities. + [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See + <http://www.gnu.org/software/gnutls/security.html>. + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + + Fixes subjectAltName wildcard matching. Closes: #479174 + + certtool now writes keyfiles with 0600 permissions. Closes: #373169 + + -- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2008 08:25:36 +0200 + +gnutls26 (2.2.5-1) unstable; urgency=high + + * New upstream version. + Fixes three security vulnerabilities. + [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See + <http://www.gnu.org/software/gnutls/security.html>. + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + + -- Andreas Metzler <ametzler@debian.org> Tue, 20 May 2008 19:19:55 +0200 + +gnutls26 (2.3.9-1) experimental; urgency=low + + * New upstream development version. + - OpenPGP support merged into libgnutls and is now licensed under LGPL. + The included copy of OpenCDK has been stripped down and re-licensed + under the LGPL. Using the external OpenCDK is not supported anymore, the + external library will not be maintained anymore. Drop respective + (build-)depends. + - API extended, bump shlibs. + - certtool asks for password confirmation. Closes: #364287 + - performance enhancements for gnutls_certificate_set_x509_trust_file. + Closes: #400448 + - gnutls-cli: exits when hostname doesn't match certificate. + Use --insecure to avoid hostname comparison. + * For paranoia sake build with -D_REENTRANT even if upstream has stopped + doing so. + * [debian/copyright] : update, and stop including a GFDL copy. + * Point watchfile to development versions. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 May 2008 16:56:04 +0200 + +gnutls26 (2.2.3-1) unstable; urgency=low + + * New upstream stable release. + - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 + + -- Andreas Metzler <ametzler@debian.org> Mon, 12 May 2008 18:29:12 +0200 + +gnutls26 (2.2.3~rc-1) unstable; urgency=low + + * New upstream version. Release candidate for 2.2.3. + + Increase default handshake packet size limit to 48kb. Closes: #478191 + * remove unsupported .l command from debian/libgnutls-config.1 + * Use Programming/C as doc-base section. + + -- Andreas Metzler <ametzler@debian.org> Thu, 01 May 2008 13:09:49 +0200 + +gnutls26 (2.2.2-1) unstable; urgency=low + + * New upstream version. + Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() + and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary + strings and return the proper size. + corrected string handling in parse_general_name. + Closes: #465197 + * Point watchfile to ftp.gnutls.org. + * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. + + -- Andreas Metzler <ametzler@debian.org> Fri, 22 Feb 2008 19:08:36 +0100 + +gnutls26 (2.2.1-3) unstable; urgency=low + + * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build + gnutls guile wrapper on ia64. + + -- Andreas Metzler <ametzler@debian.org> Mon, 04 Feb 2008 19:14:03 +0100 + +gnutls26 (2.2.1-2) unstable; urgency=low + + * Add Vcs-Svn: and Vcs-Browser control fields. + * Upload to unstable. + + -- Andreas Metzler <ametzler@debian.org> Sun, 03 Feb 2008 18:14:21 +0100 + +gnutls26 (2.2.1-1) experimental; urgency=low + + * New upstream version. + * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper + there. + * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both + packages contain gnutls-bin debugging symbols. Closes: #459295. + + -- Andreas Metzler <ametzler@debian.org> Sun, 20 Jan 2008 18:27:33 +0100 + +gnutls26 (2.2.0-1) experimental; urgency=low + + * New upstream version. + License change! Main library stays LGPLv2.1+ but libgnutls-extra, + libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is + updated. + * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older + versions were GPLv2+) and this license is not compatible with GPLv3+. + * Non packaged 2.1.8 introduced new symbol + gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. + * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. + * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for + DSA2 support. Closes: #455513 + * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Dec 2007 16:41:54 +0100 + +gnutls26 (2.1.7-1) experimental; urgency=low + + * New upstream version. + - Another soname bump. Packages renamed. + * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since + dak does not allow that yet. + * Add Build-Conflicts: libgnutls-dev to stop libtool from linking + libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 + + -- Andreas Metzler <ametzler@debian.org> Sat, 1 Dec 2007 10:40:17 +0100 + +gnutls25 (2.1.6-2) experimental; urgency=low + + * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make + experimental buildds happy. + + -- Andreas Metzler <ametzler@debian.org> Mon, 19 Nov 2007 18:58:48 +0100 + +gnutls25 (2.1.6-1) experimental; urgency=low + + * New upstream version. API changes! Please consult + /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, + removed (mainly *_authz_*) and changed interfaces. + This is the first release canddate for 2.2. The deprecation of + gnutls_set_default_priority() is supposed to be undone before the final + stable release. + * Bump build-depends. + * Stop building and shipping the C++ library, since nobody is using it. I + will happly re-add it if requested. + * Add Homepage field to debian/control. + * Build and ship Guile bindings. Requested by Ludovic Courtès who also + provided the initial patch. (On a sidenote I think guile generally does + not do the right thing by throwing dlopened modules into /usr/lib/.) + * Update debian/copyright. + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Nov 2007 16:42:01 +0100 + +gnutls13 (2.0.1-1) unstable; urgency=low + + * New upstream version. + * Remove doc/*.info* on clean to allow building thrice in a row. + (Closes: #441740) + + -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2007 11:29:22 +0200 + +gnutls13 (1.7.19-1) unstable; urgency=low + + * New upstream version 1.7.19. + - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. + This takes of care of the mutt breakage. Closes: #439640 + + -- Andreas Metzler <ametzler@debian.org> Mon, 27 Aug 2007 19:36:23 +0200 + +gnutls13 (1.7.18-2) unstable; urgency=low + + * Upload to unstable + + -- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2007 09:27:18 +0200 + +gnutls13 (1.7.18-1) experimental; urgency=low + + * New upstream version 1.7.18, release candidate for 2.0. + * Bump shlibs, since functions have been added. + * Image files renamed upstream with gnutls- prefix and symlinked to + /usr/share/info/ in Debian package. Closes: #423577 + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2007 09:06:11 +0200 + +gnutls13 (1.7.16-1) experimental; urgency=low + + * New upstream version 1.7.16. + + -- Andreas Metzler <ametzler@debian.org> Sat, 11 Aug 2007 10:50:21 +0200 + +gnutls13 (1.7.14-1) experimental; urgency=low + + * New upstream version + - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2007 09:06:35 +0200 + +gnutls13 (1.7.12-1) experimental; urgency=low + + * New upstream version 1.7.12 + - Fixes memory errors in certificate parsing. Closes: #333050 + * Bump shlibs, due to API extensions in 1.7.10. + * Rebuilding of docs simpified, strip debian/README.source_and_patches to + reflect that. + + -- Andreas Metzler <ametzler@debian.org> Sat, 23 Jun 2007 11:14:26 +0200 + +gnutls13 (1.7.9-1) experimental; urgency=low + + * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) + * New upstream version. + - Uses opencdk10 (0.6.x). + - Improved gnutls_set_default_priority() priorities, with matching correct + docs. (Closes: #422024) + - bumped shlibs. + * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage + twice in a row on the same sourcetree. (Closes: #424357) Document what is + needed to rebuild doc/gnutls.pdf in README.source_and_patches. + + -- Andreas Metzler <ametzler@debian.org> Mon, 28 May 2007 08:36:42 +0200 + +gnutls13 (1.7.7-1) experimental; urgency=low + + * New development upstream version 1.7.7. + - Point watchfile to development versions. + - Bump shlibs for added APIs. + - Includes German translation. (Closes: #392857) + + -- Andreas Metzler <ametzler@debian.org> Sun, 15 Apr 2007 10:11:21 +0200 + +gnutls13 (1.6.3-1) unstable; urgency=low + + * New upstream version, pulling selected fixes and features from 1.7.x. + * Bump shlibs. + + -- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2007 09:26:14 +0200 + +gnutls13 (1.6.2-2) unstable; urgency=low + + * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) + + -- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2007 09:48:31 +0200 + +gnutls13 (1.6.2-1) unstable; urgency=low + + * New upstream version + - Really Closes: #403887 libgnutls failes to parse OpenSSL generated + certificates, since it contains a regenerated pkix_asn1_tab.c. + - Ship German translation. Closes: #392857 + + -- Andreas Metzler <ametzler@debian.org> Sat, 21 Apr 2007 10:57:02 +0200 + +gnutls13 (1.6.1-2) unstable; urgency=low + + * [gnutls-bin.install] Ship psktool. + * Ship gettext translations in deb package, but as gnutls13.mo instead of + gnutls.mo. + * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* + changelog entries after branchoff. Point watchfile to stable upstream + versions again. + * Drop dependency of libgnutls13-dbg on libgnutlsxx13. + + -- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:49:48 +0100 + +gnutls13 (1.6.1-1) experimental; urgency=low + + [ James Westby ] + * New upstream release. + + -- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:18:03 +0100 + +gnutls13 (1.6.0-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler <ametzler@debian.org> Sat, 18 Nov 2006 13:21:56 +0100 + +gnutls13 (1.5.3-1) experimental; urgency=low + + [ Andreas Metzler ] + * Fix debian/copyright. + - Do not use "copyright" as title of a paragraph listing licenses. + (Closes: #290194) + - Add a copy of the FDL 1.2 to debian/copyright. + * New upstream version 1.5.3. + * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. + * Drop code for re-libtoolizing and running auto* from debian/rules, it is + unused and would not work anymore. (We can later grab the from SVN and + update it to make work if we ever need it.) + + -- Andreas Metzler <ametzler@debian.org> Sat, 28 Oct 2006 12:56:46 +0200 + +gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low + + [ Andreas Metzler ] + * Add a watchfile. + * New upstream development version. + - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz + - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was + broken. + - Drop unneeded patches/16_libs.private_gnutls.diff + patches/16_libs.private_gnutls-extra.diff + - Point watchfile to development versions. + - Builds a C++ library. + * Switch to debhelper v5 mode to be able to ship debug symbols of + libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. + * Branched off from 1.4.4-1. + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Sep 2006 09:54:38 +0200 + +gnutls13 (1.4.4-3) unstable; urgency=low + + * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: + When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS + version, try to negotiate the highest version support by the GnuTLS + server, instead of the lowest. + + -- Andreas Metzler <ametzler@debian.org> Sat, 11 Nov 2006 10:35:29 +0100 + +gnutls13 (1.4.4-2) unstable; urgency=low + + [ Andreas Metzler ] + * Add a watchfile. + * Fix debian/copyright. + - Do not use "copyright" as title of a paragraph listing licenses. + (Closes: #290194) + - Add a copy of the FDL 1.2 to debian/copyright. + + -- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:57:49 +0200 + +gnutls13 (1.4.4-1) unstable; urgency=high + + [ Andreas Metzler ] + * New upstream version 1.4.4 + - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't + crash mutt. (closes: #386725) + GNUTLS-SA-2006-4 is CVE-2006-4790. + + -- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:09:47 +0200 + +gnutls13 (1.4.3-2) unstable; urgency=low + + * the lesser of two weevils release. + [ Andreas Metzler ] + * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in + various programs, including mutt. (closes: #386680) + + -- Andreas Metzler <ametzler@debian.org> Sat, 9 Sep 2006 19:29:52 +0200 + +gnutls13 (1.4.3-1) unstable; urgency=high + + [ Andreas Metzler ] + * New upstream version 1.4.3. + - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 + rump session attack. GNUTLS-SA-2006-4 + - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. + GNUTLS-SA-2006-3 + - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. + + -- Andreas Metzler <ametzler@debian.org> Fri, 8 Sep 2006 19:12:33 +0200 + +gnutls13 (1.4.2-1) unstable; urgency=medium + + [ Andreas Metzler ] + * New upstream bugfix release. + - Fixes a crash in the certificate verification logic. + + -- Andreas Metzler <ametzler@debian.org> Sat, 12 Aug 2006 10:44:16 +0200 + +gnutls13 (1.4.1-1) unstable; urgency=low + + [ James Westby ] + * New upstream release. + * Remove the following patches as they are now included upstream: + - 10_certtoolmanpage.diff + - 15_fixcompilewarning.diff + - 30_man_hyphen_*.patch + * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than + gnutls-api so that devhelp can find it. + + -- Andreas Metzler <ametzler@debian.org> Sat, 15 Jul 2006 11:11:08 +0200 + +gnutls13 (1.4.0-3) unstable; urgency=low + + [ Andreas Metzler ] + * Strip "libgnutls-config --libs"' output to only list stuff required for + dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's + README.Debian. + * Pull patches/16_libs.private_gnutls.diff and + debian/patches/16_libs.private_gnutls-extra.diff from upstream to make + pkg-config usable for static linking. + + -- Andreas Metzler <ametzler@debian.org> Sun, 2 Jul 2006 12:10:56 +0200 + +gnutls13 (1.4.0-2) unstable; urgency=low + + [ Andreas Metzler ] + * Set maintainer to alioth mailinglist. + * Drop code for updating config.guess/config.sub from debian/rules, as cdbs + handles this. Build-Depend on autotools-dev. + * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. + * Use cdbs' simple-patchsys.mk. + - add debian/README.source_and_patches + - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff + * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) + * Also ship css-, devhelp- and sgml files in gnutls-doc. + * patches/15_fixcompilewarning.diff correct order of funtion arguments. + + [ James Westby ] + * This release allows the port to be specified as the name of the service + when using gnutls-cli (closes: #342891) + + -- Andreas Metzler <ametzler@debian.org> Sat, 17 Jun 2006 20:44:09 +0200 + +gnutls13 (1.4.0-1) experimental; urgency=low + + * New maintainer team. Thanks, Matthias for all the work you did. + * Re-add gnutls-doc package, featuring api-reference as manual pages and + html, and reference manual in html and pdf format. + (closes: #368185,#368449) + * Fix reference to gnutls0.4-doc package in debian/copyright. Update + debian/copyright and include actual copyright statements. + (closes: #369071) + * Bump shlibs because of changes to extra.h + * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will + generate the necessary directories. + * Drop debian/NEWS.Debian as it only talks about the move of the (since + purged) gnutls-doc package to contrib a long time ago. + (Thanks Simon Josefsson, for these suggestions.) + * new upstream version. (closes: #368323) + * clean packaging against upstream tarball. + - Drop all patches, except for fixing error in certtool.1 and setting + gnutls_libs=-lgnutls-extra in libgnutls-extra-config. + - Add --enable-ld-version-script + to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of + patching ./configure.in. + (closes: #367358) + * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. + * Build against external libtasn1-3. (closes: #363294) + * Standards-Version: 3.7.2, no changes required. + * debian/control and override file are in sync with respect to Priority and + Section, everthing except libgnutls13-dbg already was. (closes: #366956) + * acknowledge my own NMU. (closes: #367065) + * libgnutls13-dbg is nonempty (closes: #367056) + + -- Andreas Metzler <ametzler@debian.org> Sat, 20 May 2006 11:22:36 +0000 + +gnutls13 (1.3.5-1.1) unstable; urgency=low + + * NMU + * Invoke ./configure with --with-included-libtasn1 to prevent accidental + linking against the broken 0.3.1-1 upload of libtasn1-2-dev which + contained libtasn1.so.3 and force gnutls13 to use the internal version of + libtasn instead until libtasn1-3-dev is uploaded. Drop broken + Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) + * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead + of --dbg-package=libgnutls12. (closes: #367056) + + -- Andreas Metzler <ametzler@debian.org> Sat, 13 May 2006 07:45:32 +0000 + +gnutls13 (1.3.5-1) unstable; urgency=low + + * New Upstream version. + - Security fix. + - Yet another ABI change. + * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 + * Let -dev package depend on liblzo-dev (closes:#347438) + * Fix certtool help output (closes:#338623) + + -- Matthias Urlichs <smurf@debian.org> Sat, 18 Mar 2006 22:46:25 +0100 + +gnutls12 (1.2.9-2) unstable; urgency=low + + * Install /usr/lib/pkgconfig/*.pc files. + * Depend on texinfo (>= 4.8, for the @euro{} sign). + + -- Matthias Urlichs <smurf@debian.org> Tue, 15 Nov 2005 19:26:02 +0100 + +gnutls12 (1.2.9-1) unstable; urgency=low + + * New Upstream version. + + -- Matthias Urlichs <smurf@debian.org> Fri, 11 Nov 2005 18:51:28 +0100 + +gnutls12 (1.2.8-1) unstable; urgency=low + + * New Upstream version. + - depends on libgcrypt11 1.2.2 + * Bumped shlibs version, just to be on the safe side. + + -- Matthias Urlichs <smurf@debian.org> Wed, 19 Oct 2005 12:05:14 +0200 + +gnutls12 (1.2.6-1) unstable; urgency=low + + * New Upstream version. + * Remove Provides: on libgnutls11-dev. + Hopefully this will be temporary (pending discussion with Upstream). + + -- Matthias Urlichs <smurf@debian.org> Thu, 11 Aug 2005 12:21:36 +0200 + +gnutls12 (1.2.5-3) unstable; urgency=high + + * Updated libgnutls12.shlibs file. + Thanks to Mike Paul <w5ydkaz02@sneakemail.com>. + Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks + dependencies on this library + + -- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 13:19:25 +0200 + +gnutls12 (1.2.5-2) unstable; urgency=medium + + * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. + Added an explicit dependency as a stopgap fix. + + -- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 08:27:22 +0200 + +gnutls12 (1.2.5-1) unstable; urgency=low + + * Merged with the latest stable release. + * Renamed to gnutls12. + - Changed the library version strings to GNUTLS_1_2. + - Renamed the development package back to "libgnutls-dev". + + -- Matthias Urlichs <smurf@debian.org> Tue, 5 Jul 2005 10:35:56 +0200 + +gnutls11 (1.0.19-1) experimental; urgency=low + + * Merged with the latest stable release. + + -- Matthias Urlichs <smurf@debian.org> Sun, 26 Dec 2004 13:28:45 +0100 + +gnutls11 (1.0.16-13) unstable; urgency=high + + * Fixed an ASN.1 extraction error. + Found by Pelle Johansson <morth@morth.org>. + + -- Matthias Urlichs <smurf@debian.org> Mon, 29 Nov 2004 10:16:21 +0100 + +gnutls11 (1.0.16-12) unstable; urgency=high + + * Fixed a segfault in certtool. Closes: #278361. + + -- Matthias Urlichs <smurf@debian.org> Thu, 11 Nov 2004 09:40:02 +0100 + +gnutls11 (1.0.16-11) unstable; urgency=medium + + * Merged binary (non-UF8) string printing code from Upstream. + * Password code in certtool was somewhat broken. + + -- Matthias Urlichs <smurf@debian.org> Sat, 6 Nov 2004 13:11:03 +0100 + +gnutls11 (1.0.16-10) unstable; urgency=high + + * Fixed one instance of uninitialized memory usage. + + -- Matthias Urlichs <smurf@debian.org> Thu, 21 Oct 2004 06:07:53 +0200 + +gnutls11 (1.0.16-9) unstable; urgency=high + + * Pulled from Upstream CVS: + - Fix two memory leaks. + - Fix NULL dereference. + + -- Matthias Urlichs <smurf@debian.org> Fri, 8 Oct 2004 10:43:20 +0200 + +gnutls11 (1.0.16-8) unstable; urgency=high + + * Pulled these changes from Upstream CVS: + - Added default limits in the verification of certificate chains, + to avoid denial of service attacks. + - Added gnutls_certificate_set_verify_limits() to override them. + - Added gnutls_certificate_verify_peers2(). + + -- Matthias Urlichs <smurf@debian.org> Sun, 12 Sep 2004 02:05:25 +0200 + +gnutls11 (1.0.16-7) unstable; urgency=low + + * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. + Thanks to joeyh@debian.org for reporting this problem. + + -- Matthias Urlichs <smurf@debian.org> Sat, 14 Aug 2004 11:22:51 +0200 + +gnutls11 (1.0.16-6) unstable; urgency=medium + + * Memory leak, found by Modestas Vainius <geromanas@mailas.com>. + - Closes: #264420 + + -- Matthias Urlichs <smurf@debian.org> Sun, 8 Aug 2004 22:21:01 +0200 + +gnutls11 (1.0.16-5) unstable; urgency=low + + * Depend on current libtasn1-2 (>= 0.2.10). + - Closes: #264198. + * Fixed maintainer email to point to Debian address. + + -- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:44:38 +0200 + +gnutls11 (1.0.16-4) unstable; urgency=low + + * The OpenSSL compatibility library has been linked incorrectly + (-ltasn1 was missing). + * Need to build-depend on current opencdk8 and libtasn1-2 version. + + -- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:29:32 +0200 + +gnutls11 (1.0.16-3) unstable; urgency=high + + * Documentation no longer includes LaTeX-produced output + (the source contains latex2html-specific features, which is non-free). + * Urgency: High because of pending base freeze. + + -- Matthias Urlichs <smurf@debian.org> Mon, 26 Jul 2004 11:18:20 +0200 + +gnutls11 (1.0.16-2) unstable; urgency=high + + * Actually *enable* debug symbols :-/ + * Urgency: High for speedy inclusion in d-i + + -- Matthias Urlichs <smurf@debian.org> Fri, 23 Jul 2004 22:38:07 +0200 + +gnutls11 (1.0.16-1) experimental; urgency=low + + * Update to latest Upstream version. + * now depends on libgcrypt11 + * Include debugging package + * Use hevea, not latex2html. + + -- Matthias Urlichs <smurf@debian.org> Wed, 21 Jul 2004 16:58:26 +0200 + +gnutls10 (1.0.4-4) unstable; urgency=low + + * New maintainer. + * Run autotools at source package build time. + - Closes: #257237: FTBFS (i386/sid): aclocal failed + * Remove "package is still changed upstream" warning. + * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. + + -- Matthias Urlichs <smurf@debian.org> Fri, 16 Jul 2004 02:09:36 +0200 + +gnutls10 (1.0.4-3) unstable; urgency=low + + * control: Changed the build dependency and the dependency of + libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; + libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which + could cause linking against two versions of libgcrypt. + + -- Ivo Timmermans <ivo@debian.org> Sat, 24 Jan 2004 15:32:22 +0100 + +gnutls10 (1.0.4-2) unstable; urgency=low + + * libgnutls-doc.doc-base: Removed HTML manual listing. + * control: Removed Jordi Mallach from the list of Uploaders. Thanks, + Jordi :) + + -- Ivo Timmermans <ivo@debian.org> Wed, 14 Jan 2004 13:35:42 +0100 + +gnutls10 (1.0.4-1) unstable; urgency=low + + * New upstream release (Closes: #227527) + * The new documentation in libgnutls-doc fixes several typo's and + style glitches: + Closes: #215772: inconsistent auth method list in manual + Closes: #215775: dangling footnote on page 14 of manual + Closes: #215777: bad sentence on page 18 of manual + Closes: #215780: incorrect info about ldaps/imaps in manual + * rules: + * Use --add-missing instead of --force in the call to automake. + * Don't build gnutls.ps, use the upstream version. + (Closes: #224846) + * gnutls-bin.manpages: Use glob to find manpages. + * patches/008_manpages.diff: Removed; included upstream. + + -- Ivo Timmermans <ivo@debian.org> Tue, 13 Jan 2004 23:57:16 +0100 + +gnutls10 (1.0.0-1) unstable; urgency=low + + * New upstream release. + * Major soversion changed to 10. + * control: Changed build dependencies of libtasn1-dev. + * libgnutls10.shlibs: Added libgnutls-openssl to the list. + + -- Ivo Timmermans <ivo@debian.org> Mon, 29 Dec 2003 23:23:08 +0100 + +gnutls8 (0.9.99-1) experimental; urgency=low + + * New upstream release. + * Included upstream GPG signature in .orig.tar.gz. + + -- Ivo Timmermans <ivo@debian.org> Wed, 3 Dec 2003 22:33:52 +0100 + +gnutls8 (0.9.98-1) experimental; urgency=low + + * New upstream release. + * debian/control: libgnutls8-dev depends on libopencdk8-dev. + * debian/libgnutls-doc.examples: Install src/*.[ch]. + + -- Ivo Timmermans <ivo@debian.org> Sun, 23 Nov 2003 15:44:38 +0100 + +gnutls8 (0.9.95-1) experimental; urgency=low + + * New upstream version. + + -- Ivo Timmermans <ivo@debian.org> Fri, 7 Nov 2003 19:50:22 +0100 + +gnutls8 (0.9.94-1) experimental; urgency=low + + * New upstream version; package based on gnutls7 0.8.12-2. + * debian/control: + * Build-depend on libgcrypt7-dev (>= 1.1.44-0). + * debian/rules: Run auto* after the patches have been applied. + + -- Ivo Timmermans <ivo@debian.org> Fri, 31 Oct 2003 18:47:09 +0100 |