gnutls26 (2.12.23-12ubuntu2.4) trusty-security; urgency=medium * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2 - debian/patches/CVE-2015-7575.patch: do not consider any values from the extension data to decide acceptable algorithms in lib/ext_signature.c. - CVE-2015-7575 -- Marc Deslauriers Thu, 07 Jan 2016 10:38:24 -0500 gnutls26 (2.12.23-12ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: Poodle TLS issue - debian/patches/fix_tls_poodle.patch: fixes off by one issue in padding check. Patch created by Hanno Boeck (https://hboeck.de/) (LP: #1510163) -- Bryan Quigley Wed, 25 Nov 2015 21:37:33 +0000 gnutls26 (2.12.23-12ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: signature forgery issue - debian/patches/CVE-2015-0282.patch: make sure the signature algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h. - CVE-2015-0282 * SECURITY UPDATE: certificate algorithm consistency issue - debian/patches/CVE-2015-0294.patch: make sure the two signature algorithms match on cert import in lib/x509/x509.c. - CVE-2015-0294 -- Marc Deslauriers Fri, 20 Mar 2015 09:08:01 -0400 gnutls26 (2.12.23-12ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: memory corruption due to server hello parsing - debian/patches/CVE-2014-3466.patch: validate session_id_len in lib/gnutls_handshake.c. - CVE-2014-3466 -- Marc Deslauriers Sun, 01 Jun 2014 11:03:46 -0400 gnutls26 (2.12.23-12ubuntu2) trusty; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers Mon, 03 Mar 2014 14:10:30 -0500 gnutls26 (2.12.23-12ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. - Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. - Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. - debian/patches/99_update-libtool.patch: Update libtool.m4 - debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. -- Matthias Klose Thu, 27 Feb 2014 09:58:58 +0100 gnutls26 (2.12.23-12) unstable; urgency=high * 26_fix_rejection-of-v1-intermedi.diff pulled and unfuzzed from GIT 3.x: A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior). CVE-2014-1959 / GNUTLS-SA-2014-1 -- Andreas Metzler Sat, 15 Feb 2014 16:37:36 +0100 gnutls26 (2.12.23-11) unstable; urgency=medium * (Build-)Depend on libtasn1-6-dev instead of on transitional libtasn1-3-dev package. -- Andreas Metzler Sat, 08 Feb 2014 15:29:24 +0100 gnutls26 (2.12.23-10) unstable; urgency=medium * Point vcs* to git. * Fix build on or1k (OpenRISC), thanks to Christian Svensson. Closes: #736750 + Drop (build-)depends on libp11-kit-dev on or1k which is lacking libffi currently. + Do not use chrpath if we are cross compiling. -- Andreas Metzler Mon, 27 Jan 2014 13:37:21 +0100 gnutls26 (2.12.23-9) experimental; urgency=low * Upload to experimental. * Built against libtasn1-6. -- Andreas Metzler Sat, 30 Nov 2013 12:57:27 +0100 gnutls26 (2.12.23-8) unstable; urgency=low * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless transition to gnutls28. -- Andreas Metzler Sun, 06 Oct 2013 13:49:36 +0200 gnutls26 (2.12.23-7) unstable; urgency=medium * Upload to unstable, built against libtasn1-3. * 25_updatedgdocfrommaster.diff - Update gdoc script from gnutls master to fix spurious build failure with perl 5.18. Closes: #724167 -- Andreas Metzler Wed, 25 Sep 2013 19:25:23 +0200 gnutls26 (2.12.23-6) experimental; urgency=low * Upload to experimental. * Let's try libtasn1-6 again, gcr in unstable should now be able to handle it. * Use debhelper v9, make libgnutls26-dbg Multi-arch: same. * Fix vcs-field-not-canonical lintian error by using anonscm instead of svn.debian.org. * Delete rpath in gnutls-binaries shipped in libgnutls26-dbg. -- Andreas Metzler Sat, 29 Jun 2013 13:29:55 +0200 gnutls26 (2.12.23-5) unstable; urgency=high * [21_sanitycheck.diff] Fix out of bounds data access. Closes: #709301 (CVE-2013-2116, DSA 2697-1) -- Andreas Metzler Thu, 23 May 2013 19:04:28 +0200 gnutls26 (2.12.23-4) unstable; urgency=low * Build against libtasn1-3 again. -- Andreas Metzler Sat, 18 May 2013 17:44:46 +0200 gnutls26 (2.12.23-3) unstable; urgency=low * Upload to unstable, 2.12.20 FTBFS with libc 2.17 due to removal of gets. * Import 2.12.20-* changelog entries. -- Andreas Metzler Thu, 09 May 2013 13:50:33 +0200 gnutls26 (2.12.23-2) experimental; urgency=low * Build against libtasn1-6. -- Andreas Metzler Mon, 06 May 2013 18:47:37 +0200 gnutls26 (2.12.23-1ubuntu5) trusty; urgency=low * 25_updatedgdocfrommaster.diff - Update gdoc script from gnutls master to fix spurious build failure with perl 5.18. Closes: #724167 * debian/patches/99_update-libtool.patch: Update libtool.m4 * debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. -- Adam Conrad Wed, 04 Dec 2013 23:23:10 -0700 gnutls26 (2.12.23-1ubuntu4) saucy; urgency=low * Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. Based on a similar change by Matthias Klose in libidn. -- Colin Watson Mon, 07 Oct 2013 15:51:16 +0100 gnutls26 (2.12.23-1ubuntu3) saucy; urgency=low * Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. -- Colin Watson Sat, 05 Oct 2013 00:00:39 +0100 gnutls26 (2.12.23-1ubuntu2) saucy; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers Mon, 27 May 2013 08:34:01 -0400 gnutls26 (2.12.23-1ubuntu1) raring; urgency=low * Merge from debian-experimental, remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. * Drop gnulib-gets.diff: upstream. -- Timo Aaltonen Thu, 07 Mar 2013 12:47:58 +0200 gnutls26 (2.12.23-1) experimental; urgency=low * New upstream version. + Includes fix for lucky thirteen TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619 GNUTLS-SA-2013-1 -- Andreas Metzler Wed, 06 Feb 2013 14:11:02 +0100 gnutls26 (2.12.22-1) experimental; urgency=low * Update watchfile, based on Bart Martens version from q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 2.x versions. * New upstream version. + Drop 30_strlen_on_null.diff. -- Andreas Metzler Sun, 06 Jan 2013 09:27:43 +0100 gnutls26 (2.12.21-4) experimental; urgency=low * 30_strlen_on_null.diff: Pulled from upstream git. Fix segfault caused by running strlen() on NULL. Closes: #647747 -- Andreas Metzler Sun, 18 Nov 2012 14:48:57 +0100 gnutls26 (2.12.21-3) experimental; urgency=low * Build with -sa. -- Andreas Metzler Sun, 11 Nov 2012 09:50:41 +0100 gnutls26 (2.12.21-2) experimental; urgency=low * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x packages. Add a new gnutls26-doc package which drops manpages and info format documentation in favour of being is co-installable with gnutls-doc. -- Andreas Metzler Sun, 11 Nov 2012 09:23:27 +0100 gnutls26 (2.12.21-1) experimental; urgency=low * New upstream release. + Works with libtasn1 3.0, requires at least libtasn1 2.14. Bump b-d. -- Andreas Metzler Sat, 10 Nov 2012 19:05:36 +0100 gnutls26 (2.12.20-6) unstable; urgency=low * For wheezy build gnutls-bin and guile-gnutls from this source package rather than from gnutls28. gnutls28 is a leaf-package in wheezy. Not shipping would mean a lot less work for the security team if there was a GnuTLS vulnerability. If wanted, it can be re-introduced via backports. The versioning trick has been copied from Ubuntu. * Since guile support would require building with --disable-largefile on armel armhf mipsel we do not provide the package there. -- Andreas Metzler Thu, 04 Apr 2013 18:34:25 +0200 gnutls26 (2.12.20-5) unstable; urgency=low * Testbuild gnutls guile bindings, binary packages unchanged. -- Andreas Metzler Fri, 22 Mar 2013 18:58:28 +0100 gnutls26 (2.12.20-4) unstable; urgency=high * Pull fixes from 2.12.23: + 34_pkcs11_memleak.diff Eliminated memory leak in PCKS #11 initialization. + 35_TLS-CBC_timing-attack.diff (GNUTLS-SA-2013-1) TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619 -- Andreas Metzler Mon, 04 Feb 2013 19:35:29 +0100 gnutls26 (2.12.20-3) unstable; urgency=low * Pull fixes from 2.12.22: +31_allow_key_usage_violation.diff: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. +32_record-padding-parsing.patch: Fix record padding parsing issue. +33_stricter_rsa_pkcs_1.5.diff: Fixes random handshake failures with non-GnuTLS implementations. This brings us up to GnuTLS 2.12.22, except for these differences: - The equivalent change of 33_stricter_rsa_pkcs_1.5.diff for the nettle code is not included as it is not relevant for Debian's binary packages. - 0b9d8d6f21dad85038c6de36d8fbd56271263f64 Corrected bug in PGP subpacket encoding. - Compatibility with libtasn1 3.x, which would require libtasn1 >=2.14. - Updated gnulib. * Update watchfile, based on Bart Martens version from q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 2.x versions. -- Andreas Metzler Sun, 06 Jan 2013 10:56:57 +0100 gnutls26 (2.12.20-2ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. * Avoid assuming that gets is declared. -- Colin Watson Thu, 06 Dec 2012 18:29:32 +0000 gnutls26 (2.12.20-2) unstable; urgency=low * 30_strlen_on_null.diff: Fix segfault caused by running strlen() on NULL. Closes: #647747 * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x packages. Add a new gnutls26-doc package which drops manpages and info format documentation in favour of being co-installable with gnutls-doc. -- Andreas Metzler Tue, 13 Nov 2012 19:21:25 +0100 gnutls26 (2.12.20-1) unstable; urgency=low * New upstream release. * Drop 25_nssldapsfix.diff (already included). -- Andreas Metzler Sun, 10 Jun 2012 16:53:50 +0200 gnutls26 (2.12.19-2) unstable; urgency=low * Pull debian/patches/25_nssldapsfix.diff from upstream git. (LP: #1003841) -- Andreas Metzler Thu, 07 Jun 2012 19:17:07 +0200 gnutls26 (2.12.19-1) unstable; urgency=low * New upstream release. -- Andreas Metzler Sat, 05 May 2012 20:02:34 +0200 gnutls26 (2.12.18-1) unstable; urgency=low * New upstream release. -- Andreas Metzler Fri, 16 Mar 2012 19:34:18 +0100 gnutls26 (2.12.17-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sat, 10 Mar 2012 16:07:43 +0100 gnutls26 (2.12.17-1) experimental; urgency=low * New upstream release. + Unfuzz 20_tests-select.diff. + Bump libp11-kit-dev build-dep. + Bump shlibs. + Includes fix for CVE-2012-1573. -- Andreas Metzler Sat, 03 Mar 2012 18:17:30 +0100 gnutls26 (2.12.16-1) unstable; urgency=low * New upstream release. -- Andreas Metzler Sat, 07 Jan 2012 13:20:09 +0100 gnutls26 (2.12.14-5ubuntu4) quantal; urgency=low * Apply upstream patch to fix validation of certificates when more than one with the same short hash exists in the CA bundle (LP: #1003841). -- Thorsten Glaser Thu, 24 May 2012 11:19:12 +0200 gnutls26 (2.12.14-5ubuntu3) precise; urgency=low * SECURITY UPDATE: Denial of service via crafted TLS record (LP: #978661) - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks Wed, 11 Apr 2012 02:52:23 -0500 gnutls26 (2.12.14-5ubuntu2) precise; urgency=low * Bump the version of gnutls-doc too, for the same reason as gnutls-bin. -- Colin Watson Tue, 24 Jan 2012 20:05:00 +0000 gnutls26 (2.12.14-5ubuntu1) precise; urgency=low * Start building gnutls-bin from this source package again, superseding the version in gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. -- Colin Watson Tue, 24 Jan 2012 18:18:46 +0000 gnutls26 (2.12.14-5) unstable; urgency=low * Disable gnutls-guile package, let it be provided by gnutls28. -- Andreas Metzler Sat, 17 Dec 2011 12:05:34 +0100 gnutls26 (2.12.14-4) unstable; urgency=low * Prepare for uploading gnutls28 to unstable. + Drop gnutls-bin package, it is going to be provided by gnutls28. + Binaries are still useful for debugging, ship them with libgnutls-dbg in LIBDIR/libgnutls26. -- Andreas Metzler Sat, 03 Dec 2011 09:39:54 +0100 gnutls26 (2.12.14-3) unstable; urgency=low * [20_tests-select.diff] Do not run gnulib test-select test anymore. The test fails on kfreebsd-i386, the gnutls library does not use select(). Closes: #648247 -- Andreas Metzler Tue, 15 Nov 2011 19:10:06 +0100 gnutls26 (2.12.14-2) unstable; urgency=low * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix FTBFS on these architectures. See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html -- Andreas Metzler Sat, 12 Nov 2011 09:30:42 +0100 gnutls26 (2.12.14-1) unstable; urgency=medium * Simplify dependencies: + libgnutls-dev Provides/Conflicts/Replaces gnutls-dev (which is also provided by gnutls28' libgnutls*-dev). + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0), libgnutls11-dev. * New upstream bugfix release. + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 Closes: #648441 -- Andreas Metzler Tue, 08 Nov 2011 19:34:28 +0100 gnutls26 (2.12.12-1) unstable; urgency=low * New upstream version. * Drop -mlong-double-64 on powerpc, updated gnulib should fix this issue and the build-failure on powerpc64. Closes: #644944 * Delete superfluous info from debian/README.source. * Drop 20_guiledocstring, included upstream. -- Andreas Metzler Fri, 21 Oct 2011 19:33:04 +0200 gnutls26 (2.12.11-1) unstable; urgency=low * New upstream version. + Allow CA importing of 0 certificates to succeed. Closes: #640639 * Add libp11-kit-dev to libgnutls-dev dependencies. (see #643811) * [20_guiledocstring.diff] guile: Fix docstring extraction with CPP 4.5+. -- Andreas Metzler Sat, 01 Oct 2011 15:28:13 +0200 gnutls26 (2.12.10-2) unstable; urgency=low * Add -mlong-double-64 to CFLAGS on powerpc to work around gnulib testsuite error (test-float). See http://savannah.gnu.org/bugs/?33710 and http://mid.gmane.org/relbj8-8jh.ln1%40argenau.downhill.at.eu.org -- Andreas Metzler Sun, 11 Sep 2011 08:23:54 +0200 gnutls26 (2.12.10-1) unstable; urgency=low * New upstream version. + Uses p11-kit instead of forked pakchois for PKCS#11. Update build-depends (libp11-kit-dev and pkg-config) and debian/copyright. * Drop superfluous patches (20_gcrypt15compat.diff, 21_gnutls-cli.man.diff 22_export_gnutls_openpgp_privkey_sign_hash.diff 23_deinit_privkey.diff 24_XmppAddr-UTF8String.diff). * Fix binary-control-field-duplicates-source lintian warnings. -- Andreas Metzler Sat, 03 Sep 2011 14:40:36 +0200 gnutls26 (2.12.7-8) unstable; urgency=high * Since libgnutls*-dbg contains debugging symbols of helper applications libgnutls26-dbg and libgnutls28-dbg are not co-installable. Add Conflicts. * [24_XmppAddr-UTF8String.diff] Correct parsing of XMPP subject alternative names. Closes: #638586 * [23_deinit_privkey.diff] gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure. Closes: #638595 * Upload with urgency=high, 638595 breaks wwwoffle's TLS support. -- Andreas Metzler Sun, 28 Aug 2011 08:54:26 +0200 gnutls26 (2.12.7-7) unstable; urgency=high * 21_gnutls-cli.man.diff pulled from upstream git: Formatting fix for gnutls-cli manpage. Closes: #637551 * 22_export_gnutls_openpgp_privkey_sign_hash.diff. Fix ABI breakage, export_gnutls_openpgp_privkey_sign_hash() used to be present in 2.10.x was accidentally dropped from the symbol list. (Thanks, Jakub Wilk) Closes: #638801 -- Andreas Metzler Mon, 22 Aug 2011 19:24:08 +0200 gnutls26 (2.12.7-6) unstable; urgency=low * Use common-install-arch instead of common-install-prehook-arch to delete rpath. -- Andreas Metzler Fri, 12 Aug 2011 20:26:22 +0200 gnutls26 (2.12.7-5) unstable; urgency=low * libgnutls26 Breaks sipsak (<= 0.9.6-2.1+b1) [sparc armhf]. Closes: #637520 * Delete unneccessary rpath entries. -- Andreas Metzler Fri, 12 Aug 2011 16:55:24 +0200 gnutls26 (2.12.7-4) unstable; urgency=low * Upload to unstable. * Point watch file to stable release directory. * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config Libs.private. Closes: #632891 * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) -- Andreas Metzler Sun, 07 Aug 2011 09:58:28 +0200 gnutls26 (2.12.7-3) experimental; urgency=low [ Simon Josefsson ] * Fix Debian BTS URL in --with-packager-bug-reports option. [ Andreas Metzler ] * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Andreas Metzler Mon, 25 Jul 2011 19:59:36 +0200 gnutls26 (2.12.7-2) experimental; urgency=low * Stop shipping libtool la files. * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime libraries and guile-wrapper are Multi-Arch: same with Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are Multi-Arch: foreign, -dev and -dbg remain unchanged. + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not co-installable with itself. -- Andreas Metzler Sun, 26 Jun 2011 15:01:58 +0200 gnutls26 (2.12.7-1) experimental; urgency=low * New upstream version. * Update 17_ignoretestsuitteerrors.diff. * A new version of pokerth has been uploaded to sid, update libgnutls26 Breaks accordingly. -- Andreas Metzler Sun, 19 Jun 2011 08:49:01 +0200 gnutls26 (2.12.6.1-1) experimental; urgency=low * New upstream version. * Bump shlibs, global_set_time_function() was added. * Stop setting CFLAGS += -Wall, it is set by default again. * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite errors. -- Andreas Metzler Sun, 05 Jun 2011 13:18:50 +0200 gnutls26 (2.12.5-1) experimental; urgency=low * New upstream version. * Bump shlibs, gnutls_x509_crq_verify() was added. -- Andreas Metzler Sat, 14 May 2011 13:21:12 +0200 gnutls26 (2.12.4-1) experimental; urgency=low * New upstream version. * Bump shlibs. (gnutls_certificate_get_issuer() added). -- Andreas Metzler Sun, 08 May 2011 15:19:18 +0200 gnutls26 (2.12.3-1) experimental; urgency=low * New upstream version. * Drop patches included upstream: [18_restoreHMAC-MD5.diff] -- Andreas Metzler Fri, 22 Apr 2011 18:26:11 +0200 gnutls26 (2.12.2-2) experimental; urgency=low * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 for compatibility. Closes: #623001 -- Andreas Metzler Sun, 17 Apr 2011 15:44:30 +0200 gnutls26 (2.12.2-1) experimental; urgency=low * New upstream version. * [lintian] Drop article from short package descriptions. -- Andreas Metzler Fri, 08 Apr 2011 19:36:27 +0200 gnutls26 (2.12.1-1) experimental; urgency=low * New upstream version. + certtool: Generated certificate request with stricter permissions. Closes: #619746 * Drop superfluous patches: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will need a binNMU when gnutls 2.12.x uploaded to unstable. -- Andreas Metzler Sat, 02 Apr 2011 15:22:46 +0200 gnutls26 (2.12.0-1) experimental; urgency=low * New upstream stable release. + Drop superceded patches 17_goldhotfix.patch 18_libgnutls-openssl_soname.diff. * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff -- Andreas Metzler Sun, 27 Mar 2011 10:23:11 +0200 gnutls26 (2.11.7-2) experimental; urgency=low * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool versioning: 27:0:0). * Split off libgnutls-openssl to a separate package, since the sonames are not in sync anymore. -- Andreas Metzler Fri, 11 Mar 2011 17:48:47 +0100 gnutls26 (2.11.7-1) experimental; urgency=low * New upstream version (rc for 2.12) + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + Bump shlibs. * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. -- Andreas Metzler Thu, 10 Mar 2011 12:12:01 +0100 gnutls26 (2.11.6-2) experimental; urgency=low * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) on big endian architectures. -- Andreas Metzler Wed, 23 Feb 2011 19:20:40 +0100 gnutls26 (2.11.6-1) experimental; urgency=low * Development release. * Continue building against libgcrypt, run configure with --with-libgcrypt. * Refresh patches/15_fixgnutlspc.diff. * Set --with-packager* options. * Install newly available p11tool binary. * Bump libgcrypt11-dev Build-Depends. * C++ wrapper soname bump, change package name accordingly. * Bump shlibs. * Update debian/copyright. * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Sat, 19 Feb 2011 15:29:43 +0100 gnutls26 (2.10.5-3) unstable; urgency=medium * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Andreas Metzler Mon, 25 Jul 2011 19:26:34 +0200 gnutls26 (2.10.5-2) unstable; urgency=low * Stop shipping libtool la files. -- Andreas Metzler Sat, 25 Jun 2011 18:13:38 +0200 gnutls26 (2.10.5-1) unstable; urgency=low * New upstream bugfix release. + Drop 15_fixgnutlspc.diff, included upstream. * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Mon, 28 Feb 2011 18:52:57 +0100 gnutls26 (2.10.4-2) unstable; urgency=low * Use debhelper compatibility level 7. * Merge in changes from 2.8.6-1: + Use dh_lintian. + Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. + hotfix pkg-config files (proper fix to be included upstream). + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff Closes: #405239 * Upload to unstable. -- Andreas Metzler Sun, 06 Feb 2011 16:44:09 +0100 gnutls26 (2.10.4-1) experimental; urgency=low * New upstream release. V1 CAs are trusted by default. -- Andreas Metzler Mon, 06 Dec 2010 19:13:48 +0100 gnutls26 (2.10.3-1) experimental; urgency=low * Drop workaround for 519006, binutils is fixed even in squeeze. * New upstream bugfix release. -- Andreas Metzler Fri, 19 Nov 2010 19:19:26 +0100 gnutls26 (2.10.2-1) experimental; urgency=low * New upstream version. + Fix asynchronous API handling. Closes: #588187 + certtool does not crash on reading from /dev/null anymore. Closes: #588029 * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. -- Andreas Metzler Thu, 30 Sep 2010 19:10:31 +0200 gnutls26 (2.10.1-1) experimental; urgency=low * Update package descriptions. Closes: #588067 * New upstream version. -- Andreas Metzler Sun, 25 Jul 2010 14:56:45 +0200 gnutls26 (2.10.0-2) experimental; urgency=low * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental (2.31.2-1) not yet. Closes: #587755 -- Andreas Metzler Sat, 03 Jul 2010 08:58:57 +0200 gnutls26 (2.10.0-1) experimental; urgency=low * New upstream stable release. * Point watchfile to stable releases. -- Andreas Metzler Sat, 26 Jun 2010 14:48:40 +0200 gnutls26 (2.9.12-2) experimental; urgency=low * Work around gcc-4.4 bug by building without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a useless and almost empty package on these archs.) * Drop ancient workaround for gcc bug on hppa. http://bugs.debian.org/128036 -- Andreas Metzler Sat, 19 Jun 2010 14:38:22 +0200 gnutls26 (2.9.12-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Thu, 17 Jun 2010 19:20:04 +0200 gnutls26 (2.9.11-1) experimental; urgency=low * New upstream version. * Drop 15_gnutlspriority.diff, superseded. -- Andreas Metzler Mon, 07 Jun 2010 19:36:33 +0200 gnutls26 (2.9.10-2) experimental; urgency=low * [15_gnutlspriority.diff] Restore compatibility with programs using gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. Closes: #579831 -- Andreas Metzler Thu, 27 May 2010 18:40:53 +0200 gnutls26 (2.9.10-1) experimental; urgency=low * New upstream version. * New functions added, bump shlibs. -- Andreas Metzler Thu, 22 Apr 2010 19:29:52 +0200 gnutls26 (2.9.9-1) experimental; urgency=low * Package upstream development branch for experimental. * Track development versions in watchfile. * Package C++ wrapper again. Closes: #548637 -- Andreas Metzler Sun, 20 Dec 2009 11:31:33 +0100 gnutls26 (2.8.6-1) unstable; urgency=low * Use dh_lintian. * Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. * hotfix pkg-config files (proper fix to be included upstream). * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff -- Andreas Metzler Sat, 20 Mar 2010 15:53:35 +0100 gnutls26 (2.8.5-2) unstable; urgency=low * Add a huge bunch of lintian overrides for the guile stuff to make dak happy. -- Andreas Metzler Fri, 13 Nov 2009 19:53:04 +0100 gnutls26 (2.8.5-1) unstable; urgency=low * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) * Switch to '3.0 (quilt)' source format, allowing us to use upstreams orig.tar.bz2 without repacking it to gz. * New upstream version. + Drop patches/20_fixtimebomb.diff. -- Andreas Metzler Thu, 12 Nov 2009 19:57:08 +0100 gnutls26 (2.8.4-2) unstable; urgency=high * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 -- Andreas Metzler Sun, 01 Nov 2009 13:21:27 +0100 gnutls26 (2.8.4-1) unstable; urgency=low * New upstream version. + Drop debian/patches/15_openpgp.diff. * Sync priorities with override file, libgnutls26 has been bumped from important to standard. -- Andreas Metzler Sat, 26 Sep 2009 10:33:52 +0200 gnutls26 (2.8.3-3) unstable; urgency=low * Empty dependency_libs in la-files. (Squeeze release goal.) -- Andreas Metzler Sat, 05 Sep 2009 09:09:22 +0200 gnutls26 (2.8.3-2) unstable; urgency=low * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke openpgp connections. -- Andreas Metzler Sat, 22 Aug 2009 14:14:48 +0200 gnutls26 (2.8.3-1) unstable; urgency=high * New upstream version. + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it was built against. Closes: #540449 + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html * Drop 15_chainverify_expiredcert.diff, included upstream. * Urgency high, since 541439 applies to testing, too. -- Andreas Metzler Fri, 14 Aug 2009 19:14:29 +0200 gnutls26 (2.8.1-2) unstable; urgency=low [ Simon Josefsson ] * Remove cruft in rules file. * Remove patches/15_tasn1inpc.diff, not needed. [ Andreas Metzler ] * Finally add an entry to the NEWS.Debian file concerning the deprecation of RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 * Upload to unstable. * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. Fix testsuite error caused by expired certificate. -- Andreas Metzler Thu, 06 Aug 2009 19:12:51 +0200 gnutls26 (2.8.1-1) experimental; urgency=low * New upstream stable release. -- Andreas Metzler Thu, 11 Jun 2009 09:15:28 +0200 gnutls26 (2.7.14-1) experimental; urgency=low * [debian/control] set section setting of source package to libs instead of devel. * New upstream version. + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + Bump shlibs, new symbols added. -- Andreas Metzler Tue, 26 May 2009 19:51:41 +0200 gnutls26 (2.7.12-1) experimental; urgency=low * Fix typo in changelog. Closes: #526427 * New upstream release. + Does not ship the scripts libgnutls-extra-config and libgnutls-config and the .m4 snippet to use it anymore. Please switch to pkg-config or standard autoconf test. Drop manpages and both patches/13_lessdeps_gnutls-config.diff and patches/13_lessdeps_gnutls-config.diff from the debian diff. + Update remaining patches. + Bump shlibs, new symbols added. * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of GNUTLS_2_8. * New upstream uses separate ./configure scripts for the different libraries. Invoke the main ./configure script with --cache-file=$(CURDIR)/config.cache to speed things up. -- Andreas Metzler Thu, 21 May 2009 11:18:35 +0200 gnutls26 (2.6.6-1) unstable; urgency=high * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. * New upstream security release. + libgnutls: Corrected double free on signature verification failure. GNUTLS-SA-2009-1 CVE-2009-1415 + libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. GNUTLS-SA-2009-2 CVE-2009-1416 + libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. GNUTLS-SA-2009-3 CVE-2009-1417 * The former two issues only apply to gnutls 2.6.x. The latter is a behavior change, add a NEWS.Debian file to document it. -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 gnutls26 (2.6.5-1) unstable; urgency=low * Sync sections in debian/control with override file. libgnutls26-dbg is section debug, guile-gnutls is section lisp. * New upstream version. (Needed for Libtasn1-3 2.0) * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. * Standards-Version: 3.8.1, no changes required. -- Andreas Metzler Tue, 14 Apr 2009 14:23:19 +0200 gnutls26 (2.6.4-2) unstable; urgency=low * Upload to unstable. * Merge changelog entries from unstable and experimental. -- Andreas Metzler Mon, 16 Feb 2009 16:43:37 +0100 gnutls26 (2.6.4-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 07 Feb 2009 14:32:57 +0100 gnutls26 (2.6.3-1) experimental; urgency=low * New upstream version. + Corrects bug gnutls-cli which caused a rehandshake request to be ignored. Closes: #396867 * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) -- Andreas Metzler Sun, 21 Dec 2008 10:46:38 +0100 gnutls26 (2.6.2-2) experimental; urgency=low * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 * [lintian] Add ${misc:Depends} to multiple dendency lines. -- Andreas Metzler Sat, 06 Dec 2008 13:31:58 +0100 gnutls26 (2.6.2-1) experimental; urgency=low * New upstream version. + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + Drop 20_fix_501077.diff. * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper there. * Add Simon Josefsson to uploaders. -- Andreas Metzler Thu, 13 Nov 2008 19:30:06 +0100 gnutls26 (2.6.0-1) experimental; urgency=low * New upstream stable release. * Add debian/patches/20_fix_501077.diff to fix an out of bound access in gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 -- Andreas Metzler Sat, 25 Oct 2008 09:59:03 +0200 gnutls26 (2.5.9-1) experimental; urgency=low * New upstream development version. * Bump shlibs. -- Andreas Metzler Sat, 04 Oct 2008 12:40:01 +0200 gnutls26 (2.4.2-6) unstable; urgency=medium * New patches, syncing with 2.4.3 upstream oldstable release: + 24_intermedcertificate.patch If a non-root certificate ist trusted gnutls certificateificate verification stops there instead of checking up to the root of the certificate chain. + 22_whitespace.patch - Whitespace only changes, to make it possible to apply upstream fixes without manual changes. + 25_bufferoverrun.patch. Fix buffer overrun bug in gnutls_x509_crt_list_import. http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 gnutls26 (2.4.2-5) unstable; urgency=low * Pull two patches from upstream stable branch to make gnutls behavior match documentation: + patch 23_permit_v1_CA.diff:Accept v1 x509 CA certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. CVE-2009-2409 -- Andreas Metzler Sat, 31 Jan 2009 16:26:52 +0100 gnutls26 (2.4.2-4) unstable; urgency=medium * Add Simon Josefsson to uploaders. * Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 -- Andreas Metzler Sat, 06 Dec 2008 12:09:33 +0100 gnutls26 (2.4.2-3) unstable; urgency=low * Fix a crash on trying to verify self-signed certificates introduced by the patch for CVE-2008-4989. Closes: #505279 -- Andreas Metzler Wed, 12 Nov 2008 19:23:23 +0100 gnutls26 (2.4.2-2) unstable; urgency=medium * [CVE-2008-4989.diff] Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3 -- Andreas Metzler Mon, 10 Nov 2008 19:42:54 +0100 gnutls26 (2.4.2-1) unstable; urgency=low * New upstream bugfix release. * Up to date gnutls-cli manpage. Closes: #492775 -- Andreas Metzler Sun, 21 Sep 2008 10:35:16 +0200 gnutls26 (2.4.1-1) unstable; urgency=medium * New upstream version, fixing a local denial of service vulnerability only present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 -- Andreas Metzler Tue, 01 Jul 2008 19:35:51 +0200 gnutls26 (2.4.0-2) unstable; urgency=low * Standards version 3.8.0. Rename README.source_and_patches to README.source. * Upload to unstable. * Point watchfile to stable releases again. * Merge experimental and unstable changelog. -- Andreas Metzler Tue, 24 Jun 2008 19:13:25 +0200 gnutls26 (2.4.0-1) experimental; urgency=low * New upstream stable release. * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. -- Andreas Metzler Wed, 18 Jun 2008 19:40:38 +0200 gnutls26 (2.3.15-1) experimental; urgency=low * New upstream version. (rc4) Disables 'openpgp-certs' tests. Closes: #486269 -- Andreas Metzler Mon, 16 Jun 2008 19:08:24 +0200 gnutls26 (2.3.14-1) experimental; urgency=low * New upstream version. (rc3) -- Andreas Metzler Wed, 11 Jun 2008 19:16:18 +0200 gnutls26 (2.3.13-1) experimental; urgency=low * New upstream version. 2nd rc for 2.4.0. * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. -- Andreas Metzler Sun, 08 Jun 2008 18:00:51 +0200 gnutls26 (2.3.12-1) experimental; urgency=low * New upstream version. Bump shlibs. * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite failure on sparc. -- Andreas Metzler Thu, 05 Jun 2008 19:08:29 +0200 gnutls26 (2.3.11-1) experimental; urgency=low * New upstream version. + Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See . CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + Fixes subjectAltName wildcard matching. Closes: #479174 + certtool now writes keyfiles with 0600 permissions. Closes: #373169 -- Andreas Metzler Sat, 24 May 2008 08:25:36 +0200 gnutls26 (2.2.5-1) unstable; urgency=high * New upstream version. Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See . CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 -- Andreas Metzler Tue, 20 May 2008 19:19:55 +0200 gnutls26 (2.3.9-1) experimental; urgency=low * New upstream development version. - OpenPGP support merged into libgnutls and is now licensed under LGPL. The included copy of OpenCDK has been stripped down and re-licensed under the LGPL. Using the external OpenCDK is not supported anymore, the external library will not be maintained anymore. Drop respective (build-)depends. - API extended, bump shlibs. - certtool asks for password confirmation. Closes: #364287 - performance enhancements for gnutls_certificate_set_x509_trust_file. Closes: #400448 - gnutls-cli: exits when hostname doesn't match certificate. Use --insecure to avoid hostname comparison. * For paranoia sake build with -D_REENTRANT even if upstream has stopped doing so. * [debian/copyright] : update, and stop including a GFDL copy. * Point watchfile to development versions. -- Andreas Metzler Sat, 17 May 2008 16:56:04 +0200 gnutls26 (2.2.3-1) unstable; urgency=low * New upstream stable release. - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 -- Andreas Metzler Mon, 12 May 2008 18:29:12 +0200 gnutls26 (2.2.3~rc-1) unstable; urgency=low * New upstream version. Release candidate for 2.2.3. + Increase default handshake packet size limit to 48kb. Closes: #478191 * remove unsupported .l command from debian/libgnutls-config.1 * Use Programming/C as doc-base section. -- Andreas Metzler Thu, 01 May 2008 13:09:49 +0200 gnutls26 (2.2.2-1) unstable; urgency=low * New upstream version. Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. corrected string handling in parse_general_name. Closes: #465197 * Point watchfile to ftp.gnutls.org. * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. -- Andreas Metzler Fri, 22 Feb 2008 19:08:36 +0100 gnutls26 (2.2.1-3) unstable; urgency=low * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build gnutls guile wrapper on ia64. -- Andreas Metzler Mon, 04 Feb 2008 19:14:03 +0100 gnutls26 (2.2.1-2) unstable; urgency=low * Add Vcs-Svn: and Vcs-Browser control fields. * Upload to unstable. -- Andreas Metzler Sun, 03 Feb 2008 18:14:21 +0100 gnutls26 (2.2.1-1) experimental; urgency=low * New upstream version. * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper there. * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both packages contain gnutls-bin debugging symbols. Closes: #459295. -- Andreas Metzler Sun, 20 Jan 2008 18:27:33 +0100 gnutls26 (2.2.0-1) experimental; urgency=low * New upstream version. License change! Main library stays LGPLv2.1+ but libgnutls-extra, libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is updated. * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older versions were GPLv2+) and this license is not compatible with GPLv3+. * Non packaged 2.1.8 introduced new symbol gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for DSA2 support. Closes: #455513 * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. -- Andreas Metzler Sat, 15 Dec 2007 16:41:54 +0100 gnutls26 (2.1.7-1) experimental; urgency=low * New upstream version. - Another soname bump. Packages renamed. * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since dak does not allow that yet. * Add Build-Conflicts: libgnutls-dev to stop libtool from linking libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 -- Andreas Metzler Sat, 1 Dec 2007 10:40:17 +0100 gnutls25 (2.1.6-2) experimental; urgency=low * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make experimental buildds happy. -- Andreas Metzler Mon, 19 Nov 2007 18:58:48 +0100 gnutls25 (2.1.6-1) experimental; urgency=low * New upstream version. API changes! Please consult /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, removed (mainly *_authz_*) and changed interfaces. This is the first release canddate for 2.2. The deprecation of gnutls_set_default_priority() is supposed to be undone before the final stable release. * Bump build-depends. * Stop building and shipping the C++ library, since nobody is using it. I will happly re-add it if requested. * Add Homepage field to debian/control. * Build and ship Guile bindings. Requested by Ludovic Courtès who also provided the initial patch. (On a sidenote I think guile generally does not do the right thing by throwing dlopened modules into /usr/lib/.) * Update debian/copyright. -- Andreas Metzler Sat, 17 Nov 2007 16:42:01 +0100 gnutls13 (2.0.1-1) unstable; urgency=low * New upstream version. * Remove doc/*.info* on clean to allow building thrice in a row. (Closes: #441740) -- Andreas Metzler Sat, 29 Sep 2007 11:29:22 +0200 gnutls13 (1.7.19-1) unstable; urgency=low * New upstream version 1.7.19. - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. This takes of care of the mutt breakage. Closes: #439640 -- Andreas Metzler Mon, 27 Aug 2007 19:36:23 +0200 gnutls13 (1.7.18-2) unstable; urgency=low * Upload to unstable -- Andreas Metzler Sat, 25 Aug 2007 09:27:18 +0200 gnutls13 (1.7.18-1) experimental; urgency=low * New upstream version 1.7.18, release candidate for 2.0. * Bump shlibs, since functions have been added. * Image files renamed upstream with gnutls- prefix and symlinked to /usr/share/info/ in Debian package. Closes: #423577 -- Andreas Metzler Sat, 18 Aug 2007 09:06:11 +0200 gnutls13 (1.7.16-1) experimental; urgency=low * New upstream version 1.7.16. -- Andreas Metzler Sat, 11 Aug 2007 10:50:21 +0200 gnutls13 (1.7.14-1) experimental; urgency=low * New upstream version - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 -- Andreas Metzler Sat, 30 Jun 2007 09:06:35 +0200 gnutls13 (1.7.12-1) experimental; urgency=low * New upstream version 1.7.12 - Fixes memory errors in certificate parsing. Closes: #333050 * Bump shlibs, due to API extensions in 1.7.10. * Rebuilding of docs simpified, strip debian/README.source_and_patches to reflect that. -- Andreas Metzler Sat, 23 Jun 2007 11:14:26 +0200 gnutls13 (1.7.9-1) experimental; urgency=low * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) * New upstream version. - Uses opencdk10 (0.6.x). - Improved gnutls_set_default_priority() priorities, with matching correct docs. (Closes: #422024) - bumped shlibs. * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage twice in a row on the same sourcetree. (Closes: #424357) Document what is needed to rebuild doc/gnutls.pdf in README.source_and_patches. -- Andreas Metzler Mon, 28 May 2007 08:36:42 +0200 gnutls13 (1.7.7-1) experimental; urgency=low * New development upstream version 1.7.7. - Point watchfile to development versions. - Bump shlibs for added APIs. - Includes German translation. (Closes: #392857) -- Andreas Metzler Sun, 15 Apr 2007 10:11:21 +0200 gnutls13 (1.6.3-1) unstable; urgency=low * New upstream version, pulling selected fixes and features from 1.7.x. * Bump shlibs. -- Andreas Metzler Sun, 27 May 2007 09:26:14 +0200 gnutls13 (1.6.2-2) unstable; urgency=low * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) -- Andreas Metzler Sun, 13 May 2007 09:48:31 +0200 gnutls13 (1.6.2-1) unstable; urgency=low * New upstream version - Really Closes: #403887 libgnutls failes to parse OpenSSL generated certificates, since it contains a regenerated pkix_asn1_tab.c. - Ship German translation. Closes: #392857 -- Andreas Metzler Sat, 21 Apr 2007 10:57:02 +0200 gnutls13 (1.6.1-2) unstable; urgency=low * [gnutls-bin.install] Ship psktool. * Ship gettext translations in deb package, but as gnutls13.mo instead of gnutls.mo. * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* changelog entries after branchoff. Point watchfile to stable upstream versions again. * Drop dependency of libgnutls13-dbg on libgnutlsxx13. -- Andreas Metzler Sat, 3 Feb 2007 13:49:48 +0100 gnutls13 (1.6.1-1) experimental; urgency=low [ James Westby ] * New upstream release. -- Andreas Metzler Sat, 3 Feb 2007 13:18:03 +0100 gnutls13 (1.6.0-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 18 Nov 2006 13:21:56 +0100 gnutls13 (1.5.3-1) experimental; urgency=low [ Andreas Metzler ] * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. * New upstream version 1.5.3. * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. * Drop code for re-libtoolizing and running auto* from debian/rules, it is unused and would not work anymore. (We can later grab the from SVN and update it to make work if we ever need it.) -- Andreas Metzler Sat, 28 Oct 2006 12:56:46 +0200 gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low [ Andreas Metzler ] * Add a watchfile. * New upstream development version. - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was broken. - Drop unneeded patches/16_libs.private_gnutls.diff patches/16_libs.private_gnutls-extra.diff - Point watchfile to development versions. - Builds a C++ library. * Switch to debhelper v5 mode to be able to ship debug symbols of libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. * Branched off from 1.4.4-1. -- Andreas Metzler Sat, 30 Sep 2006 09:54:38 +0200 gnutls13 (1.4.4-3) unstable; urgency=low * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS version, try to negotiate the highest version support by the GnuTLS server, instead of the lowest. -- Andreas Metzler Sat, 11 Nov 2006 10:35:29 +0100 gnutls13 (1.4.4-2) unstable; urgency=low [ Andreas Metzler ] * Add a watchfile. * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. -- Andreas Metzler Tue, 12 Sep 2006 19:57:49 +0200 gnutls13 (1.4.4-1) unstable; urgency=high [ Andreas Metzler ] * New upstream version 1.4.4 - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't crash mutt. (closes: #386725) GNUTLS-SA-2006-4 is CVE-2006-4790. -- Andreas Metzler Tue, 12 Sep 2006 19:09:47 +0200 gnutls13 (1.4.3-2) unstable; urgency=low * the lesser of two weevils release. [ Andreas Metzler ] * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in various programs, including mutt. (closes: #386680) -- Andreas Metzler Sat, 9 Sep 2006 19:29:52 +0200 gnutls13 (1.4.3-1) unstable; urgency=high [ Andreas Metzler ] * New upstream version 1.4.3. - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. GNUTLS-SA-2006-4 - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. GNUTLS-SA-2006-3 - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. -- Andreas Metzler Fri, 8 Sep 2006 19:12:33 +0200 gnutls13 (1.4.2-1) unstable; urgency=medium [ Andreas Metzler ] * New upstream bugfix release. - Fixes a crash in the certificate verification logic. -- Andreas Metzler Sat, 12 Aug 2006 10:44:16 +0200 gnutls13 (1.4.1-1) unstable; urgency=low [ James Westby ] * New upstream release. * Remove the following patches as they are now included upstream: - 10_certtoolmanpage.diff - 15_fixcompilewarning.diff - 30_man_hyphen_*.patch * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than gnutls-api so that devhelp can find it. -- Andreas Metzler Sat, 15 Jul 2006 11:11:08 +0200 gnutls13 (1.4.0-3) unstable; urgency=low [ Andreas Metzler ] * Strip "libgnutls-config --libs"' output to only list stuff required for dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's README.Debian. * Pull patches/16_libs.private_gnutls.diff and debian/patches/16_libs.private_gnutls-extra.diff from upstream to make pkg-config usable for static linking. -- Andreas Metzler Sun, 2 Jul 2006 12:10:56 +0200 gnutls13 (1.4.0-2) unstable; urgency=low [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) * Also ship css-, devhelp- and sgml files in gnutls-doc. * patches/15_fixcompilewarning.diff correct order of funtion arguments. [ James Westby ] * This release allows the port to be specified as the name of the service when using gnutls-cli (closes: #342891) -- Andreas Metzler Sat, 17 Jun 2006 20:44:09 +0200 gnutls13 (1.4.0-1) experimental; urgency=low * New maintainer team. Thanks, Matthias for all the work you did. * Re-add gnutls-doc package, featuring api-reference as manual pages and html, and reference manual in html and pdf format. (closes: #368185,#368449) * Fix reference to gnutls0.4-doc package in debian/copyright. Update debian/copyright and include actual copyright statements. (closes: #369071) * Bump shlibs because of changes to extra.h * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will generate the necessary directories. * Drop debian/NEWS.Debian as it only talks about the move of the (since purged) gnutls-doc package to contrib a long time ago. (Thanks Simon Josefsson, for these suggestions.) * new upstream version. (closes: #368323) * clean packaging against upstream tarball. - Drop all patches, except for fixing error in certtool.1 and setting gnutls_libs=-lgnutls-extra in libgnutls-extra-config. - Add --enable-ld-version-script to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of patching ./configure.in. (closes: #367358) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Build against external libtasn1-3. (closes: #363294) * Standards-Version: 3.7.2, no changes required. * debian/control and override file are in sync with respect to Priority and Section, everthing except libgnutls13-dbg already was. (closes: #366956) * acknowledge my own NMU. (closes: #367065) * libgnutls13-dbg is nonempty (closes: #367056) -- Andreas Metzler Sat, 20 May 2006 11:22:36 +0000 gnutls13 (1.3.5-1.1) unstable; urgency=low * NMU * Invoke ./configure with --with-included-libtasn1 to prevent accidental linking against the broken 0.3.1-1 upload of libtasn1-2-dev which contained libtasn1.so.3 and force gnutls13 to use the internal version of libtasn instead until libtasn1-3-dev is uploaded. Drop broken Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead of --dbg-package=libgnutls12. (closes: #367056) -- Andreas Metzler Sat, 13 May 2006 07:45:32 +0000 gnutls13 (1.3.5-1) unstable; urgency=low * New Upstream version. - Security fix. - Yet another ABI change. * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 * Let -dev package depend on liblzo-dev (closes:#347438) * Fix certtool help output (closes:#338623) -- Matthias Urlichs Sat, 18 Mar 2006 22:46:25 +0100 gnutls12 (1.2.9-2) unstable; urgency=low * Install /usr/lib/pkgconfig/*.pc files. * Depend on texinfo (>= 4.8, for the @euro{} sign). -- Matthias Urlichs Tue, 15 Nov 2005 19:26:02 +0100 gnutls12 (1.2.9-1) unstable; urgency=low * New Upstream version. -- Matthias Urlichs Fri, 11 Nov 2005 18:51:28 +0100 gnutls12 (1.2.8-1) unstable; urgency=low * New Upstream version. - depends on libgcrypt11 1.2.2 * Bumped shlibs version, just to be on the safe side. -- Matthias Urlichs Wed, 19 Oct 2005 12:05:14 +0200 gnutls12 (1.2.6-1) unstable; urgency=low * New Upstream version. * Remove Provides: on libgnutls11-dev. Hopefully this will be temporary (pending discussion with Upstream). -- Matthias Urlichs Thu, 11 Aug 2005 12:21:36 +0200 gnutls12 (1.2.5-3) unstable; urgency=high * Updated libgnutls12.shlibs file. Thanks to Mike Paul . Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks dependencies on this library -- Matthias Urlichs Thu, 21 Jul 2005 13:19:25 +0200 gnutls12 (1.2.5-2) unstable; urgency=medium * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. Added an explicit dependency as a stopgap fix. -- Matthias Urlichs Thu, 21 Jul 2005 08:27:22 +0200 gnutls12 (1.2.5-1) unstable; urgency=low * Merged with the latest stable release. * Renamed to gnutls12. - Changed the library version strings to GNUTLS_1_2. - Renamed the development package back to "libgnutls-dev". -- Matthias Urlichs Tue, 5 Jul 2005 10:35:56 +0200 gnutls11 (1.0.19-1) experimental; urgency=low * Merged with the latest stable release. -- Matthias Urlichs Sun, 26 Dec 2004 13:28:45 +0100 gnutls11 (1.0.16-13) unstable; urgency=high * Fixed an ASN.1 extraction error. Found by Pelle Johansson . -- Matthias Urlichs Mon, 29 Nov 2004 10:16:21 +0100 gnutls11 (1.0.16-12) unstable; urgency=high * Fixed a segfault in certtool. Closes: #278361. -- Matthias Urlichs Thu, 11 Nov 2004 09:40:02 +0100 gnutls11 (1.0.16-11) unstable; urgency=medium * Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken. -- Matthias Urlichs Sat, 6 Nov 2004 13:11:03 +0100 gnutls11 (1.0.16-10) unstable; urgency=high * Fixed one instance of uninitialized memory usage. -- Matthias Urlichs Thu, 21 Oct 2004 06:07:53 +0200 gnutls11 (1.0.16-9) unstable; urgency=high * Pulled from Upstream CVS: - Fix two memory leaks. - Fix NULL dereference. -- Matthias Urlichs Fri, 8 Oct 2004 10:43:20 +0200 gnutls11 (1.0.16-8) unstable; urgency=high * Pulled these changes from Upstream CVS: - Added default limits in the verification of certificate chains, to avoid denial of service attacks. - Added gnutls_certificate_set_verify_limits() to override them. - Added gnutls_certificate_verify_peers2(). -- Matthias Urlichs Sun, 12 Sep 2004 02:05:25 +0200 gnutls11 (1.0.16-7) unstable; urgency=low * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. Thanks to joeyh@debian.org for reporting this problem. -- Matthias Urlichs Sat, 14 Aug 2004 11:22:51 +0200 gnutls11 (1.0.16-6) unstable; urgency=medium * Memory leak, found by Modestas Vainius . - Closes: #264420 -- Matthias Urlichs Sun, 8 Aug 2004 22:21:01 +0200 gnutls11 (1.0.16-5) unstable; urgency=low * Depend on current libtasn1-2 (>= 0.2.10). - Closes: #264198. * Fixed maintainer email to point to Debian address. -- Matthias Urlichs Sat, 7 Aug 2004 19:44:38 +0200 gnutls11 (1.0.16-4) unstable; urgency=low * The OpenSSL compatibility library has been linked incorrectly (-ltasn1 was missing). * Need to build-depend on current opencdk8 and libtasn1-2 version. -- Matthias Urlichs Sat, 7 Aug 2004 19:29:32 +0200 gnutls11 (1.0.16-3) unstable; urgency=high * Documentation no longer includes LaTeX-produced output (the source contains latex2html-specific features, which is non-free). * Urgency: High because of pending base freeze. -- Matthias Urlichs Mon, 26 Jul 2004 11:18:20 +0200 gnutls11 (1.0.16-2) unstable; urgency=high * Actually *enable* debug symbols :-/ * Urgency: High for speedy inclusion in d-i -- Matthias Urlichs Fri, 23 Jul 2004 22:38:07 +0200 gnutls11 (1.0.16-1) experimental; urgency=low * Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html. -- Matthias Urlichs Wed, 21 Jul 2004 16:58:26 +0200 gnutls10 (1.0.4-4) unstable; urgency=low * New maintainer. * Run autotools at source package build time. - Closes: #257237: FTBFS (i386/sid): aclocal failed * Remove "package is still changed upstream" warning. * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. -- Matthias Urlichs Fri, 16 Jul 2004 02:09:36 +0200 gnutls10 (1.0.4-3) unstable; urgency=low * control: Changed the build dependency and the dependency of libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which could cause linking against two versions of libgcrypt. -- Ivo Timmermans Sat, 24 Jan 2004 15:32:22 +0100 gnutls10 (1.0.4-2) unstable; urgency=low * libgnutls-doc.doc-base: Removed HTML manual listing. * control: Removed Jordi Mallach from the list of Uploaders. Thanks, Jordi :) -- Ivo Timmermans Wed, 14 Jan 2004 13:35:42 +0100 gnutls10 (1.0.4-1) unstable; urgency=low * New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream. -- Ivo Timmermans Tue, 13 Jan 2004 23:57:16 +0100 gnutls10 (1.0.0-1) unstable; urgency=low * New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list. -- Ivo Timmermans Mon, 29 Dec 2003 23:23:08 +0100 gnutls8 (0.9.99-1) experimental; urgency=low * New upstream release. * Included upstream GPG signature in .orig.tar.gz. -- Ivo Timmermans Wed, 3 Dec 2003 22:33:52 +0100 gnutls8 (0.9.98-1) experimental; urgency=low * New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch]. -- Ivo Timmermans Sun, 23 Nov 2003 15:44:38 +0100 gnutls8 (0.9.95-1) experimental; urgency=low * New upstream version. -- Ivo Timmermans Fri, 7 Nov 2003 19:50:22 +0100 gnutls8 (0.9.94-1) experimental; urgency=low * New upstream version; package based on gnutls7 0.8.12-2. * debian/control: * Build-depend on libgcrypt7-dev (>= 1.1.44-0). * debian/rules: Run auto* after the patches have been applied. -- Ivo Timmermans Fri, 31 Oct 2003 18:47:09 +0100