libtasn1-3 (2.10-1ubuntu1.3) precise-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via overflow in _asn1_ltostr - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c, lib/parser_aux.h. - CVE-2015-2806 -- Marc Deslauriers Thu, 02 Apr 2015 11:22:00 -0400 libtasn1-3 (2.10-1ubuntu1.2) precise-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via invalid ASN.1 data - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths in lib/decoding.c. - CVE-2014-3467 - CVE-2014-3468 * SECURITY UPDATE: denial of service via NULL value - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c. - CVE-2014-3469 -- Marc Deslauriers Fri, 18 Jul 2014 13:36:06 -0400 libtasn1-3 (2.10-1ubuntu1.1) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via certain large length values. - debian/patches/CVE-2012-1569.diff: return an error when the decoded length value plus @len would exceed @der_len in lib/decoding.c. - CVE-2012-1569 -- Marc Deslauriers Tue, 24 Apr 2012 14:01:18 -0400 libtasn1-3 (2.10-1ubuntu1) precise; urgency=low * debian/rules: Disable compression of NEWS file for now to unbreak upgrades. Debugging the underlying gzip bug is quite hard and will take more time than a few hours. (LP: #889303) -- Martin Pitt Mon, 14 Nov 2011 08:59:19 +0100 libtasn1-3 (2.10-1build1) precise; urgency=low * No-change rebuild to (hopefully) fix unreproducible broken NEWS.gz on amd64. (LP: #889303) -- Martin Pitt Mon, 14 Nov 2011 08:41:08 +0100 libtasn1-3 (2.10-1) unstable; urgency=low [Simon Josefsson] * Fix Debian BTS URL in --with-packager-bug-reports option. [Andreas Metzler] * New upstream Version. (Includes workaround for #639818) * Point watchfile to ftp.gnu.org instead of ftp.gnutls.org. * [debian/control] Drop priority and section from libtasn1-3 binary package stanza. * Update debian/copyright. -- Andreas Metzler Mon, 31 Oct 2011 08:54:49 +0100 libtasn1-3 (2.9-4) unstable; urgency=low * Merge from Ubuntu (build for multiarch): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime library is Multi-Arch: same and has Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) is Multi-Arch: foreign. -dev is unchanged. * Diverge from the Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/asn1Decoding) and is therefore not co-installable with itself. -- Andreas Metzler Sat, 18 Jun 2011 09:13:50 +0200 libtasn1-3 (2.9-3) unstable; urgency=low * Stop shipping libtool la file in -dev package, now that it is not refered in other packages' dependency_libs anymore. * Stop setting CFLAGS += -Wall, it is set by default again. -- Andreas Metzler Sun, 24 Apr 2011 08:29:12 +0200 libtasn1-3 (2.9-2) unstable; urgency=low * Upload to unstable. * Downgrade libtasn1-3 priority to standard. * Drop superfluous code from debian/rules. * set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Sat, 12 Feb 2011 16:38:16 +0100 libtasn1-3 (2.9-1) experimental; urgency=low * New upstream release. * Use debhelper compatibility level 7. * Fix libtasn1-3-dbg short description. * Drop -D_REENTRANT from CFLAGS. * Drop DEB_DH_STRIP_ARGS = --dbg-package libtasn1-3-dbg from debian/rules, it is handled automatically. * Drop old Conflicts/Replaces that were relevant when upgrading from sarge and earlier, i.e. from versions older than old-stable. * Standards-Version: 3.9.1 -- Andreas Metzler Sat, 08 Jan 2011 10:31:39 +0100 libtasn1-3 (2.7-1) unstable; urgency=low * New upstream version. -- Andreas Metzler Sat, 29 May 2010 09:10:34 +0200 libtasn1-3 (2.6-1) unstable; urgency=low * New upstream version. * Drop libtasn1-config.1, we have not shipped the documented script since 2.0. -- Andreas Metzler Sat, 24 Apr 2010 09:12:34 +0200 libtasn1-3 (2.5-1) unstable; urgency=low * New upstream version. * Do not run test-suite when cross compiling. (Thanks, Colin Watson) Closes: #554343 -- Andreas Metzler Mon, 15 Mar 2010 19:16:34 +0100 libtasn1-3 (2.4-1) unstable; urgency=low * New upstream version. * Update debian/copyright. * Drop cdbs simple-patchsys in favour of dpkg-source v3. Remove unneeded debian/README.source. * Use dh_installinfo instead of dh_install for info files to get the recommended dependency on dpkg (>= 1.15.4) | install-info. -- Andreas Metzler Sat, 23 Jan 2010 15:20:23 +0100 libtasn1-3 (2.3-1) unstable; urgency=low * Move libtasn1-3-bin to section devel. #532649 * New upstream version. * Set newly available --with-packager options. * Update homepage location, this is now an official GNU project. * Standards version 3.8.2: + In debian/copyright point to /usr/share/common-licenses/GFDL-1.3 instead of shipping our own copy. * Fix dh_install pattern for installation of info files to not match a dir file. -- Andreas Metzler Fri, 31 Jul 2009 19:27:41 +0200 libtasn1-3 (2.2-1) unstable; urgency=low * Sync debian/control with override file, libtasn1-3-dbg is section debug. * New upstream version. * Standards-Version 3.8.1, no changes required. * Add Homepage field to debian/control. -- Andreas Metzler Thu, 21 May 2009 09:06:49 +0200 libtasn1-3 (2.0~0.20090323-1) experimental; urgency=low * New upstream version, 2.0 prerelease. + Does not include libtasn1-config anymore. -- Andreas Metzler Sun, 29 Mar 2009 17:44:46 +0200 libtasn1-3 (1.8-1) unstable; urgency=low * New upstream version. * [lintian] Add ${misc:Depends}. * Standards-Version 3.8.0. + Rename README.source_and_patches to README.source -- Andreas Metzler Tue, 17 Feb 2009 13:17:19 +0100 libtasn1-3 (1.7-1) experimental; urgency=low * New upstream release * docs are now FDL 1.3, update debian/copyright. * 1.6 introduces asn1_strerror, et.al. as replacement for the libtasn1_* stuff. Bump shlibs. * libtasn1.m4 is gone (use pkg-config, please). -- Andreas Metzler Tue, 18 Nov 2008 20:02:52 +0100 libtasn1-3 (1.5-3) experimental; urgency=low * Cherry-pick the patch for handling BER encoded certificates without the ABI breakage introduced by tree optimization from upstream git. * Also add resulting patchlet for tests/Makefile.in and TestIndef.p12 (Binary file), fixing FTBFS. Closes: #504783 -- Andreas Metzler Sun, 16 Nov 2008 15:27:50 +0100 libtasn1-3 (1.5-2) experimental; urgency=low * Add Simon Josefsson to uploaders. * Support decoding of PKCS#12 certificates. (Patch from upstream). Bump shlibs. Closes: #503833 -- Andreas Metzler Thu, 06 Nov 2008 19:18:58 +0100 libtasn1-3 (1.5-1) unstable; urgency=low * New upstream bugfix release. * Drop tetex-bin Build-Depends alternative. -- Andreas Metzler Sat, 20 Sep 2008 08:43:45 +0200 libtasn1-3 (1.4-1) unstable; urgency=low * New upstream version. * remove cruft from debian/rules * Use Programming/C instead of gone section Apps/Net for doc-base. -- Andreas Metzler Sat, 26 Apr 2008 09:47:38 +0200 libtasn1-3 (1.3-1) unstable; urgency=low * New upstream version. * Add Vcs-Svn: and Vcs-Browser control fields. * [lintian-happiness] Stop ignoring errors on $(MAKE) distclean. * Set CFLAGS += -D_REENTRANT, since policy requires it and upstream stopped setting it by default. -- Andreas Metzler Sat, 02 Feb 2008 09:44:03 +0100 libtasn1-3 (1.2-1) unstable; urgency=low * New upstream version. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. -- Andreas Metzler Wed, 26 Dec 2007 10:27:50 +0100 libtasn1-3 (1.1-1) unstable; urgency=low * New upstream version 1.1. - Uses GPLv3+ for self tests, tools /with their manpages) and build infrastructure. - The library itself continues to stay LGPLv2.1+ * Update debian/copyright. -- Andreas Metzler Sun, 2 Dec 2007 09:28:57 +0100 libtasn1-3 (0.3.10-1) unstable; urgency=low * add texlive-latex-base | tetex-bin to build-depends to allow to run dpkg-build-package twice in the same extracted sourcecode. (According to my tests this is the minimal package for working pdf-generation from makeinfo.) Closes: #424540 * New upstream version 0.3.10. (Just updated gnulib files and minimal changes to configure.in.) -- Andreas Metzler Sat, 11 Aug 2007 09:45:09 +0200 libtasn1-3 (0.3.9-1) unstable; urgency=low * New upstream version. * Switch to debhelper v5 mode. Drop usr/share/doc/* from debian/libtasn1-3-dev.install. Bump build-depends. * Downgrade libtasn1-3-bin priority to extra and drop Recomends on libtasn1-3-bin in libtasn1-3. (Closes: #416556) -- Andreas Metzler Sun, 8 Apr 2007 12:06:30 +0200 libtasn1-3 (0.3.8-1) experimental; urgency=low [ James Westby ] * Quote $(CURDIR) in debian/rules to avoid FTBFS if it has spaces. [ Andreas Metzler ] * New upstream version. - Fix reading of binary files in asn1Decoding, for Windows. -- Andreas Metzler Sat, 3 Feb 2007 10:39:02 +0100 libtasn1-3 (0.3.7-1) experimental; urgency=low [ Andreas Metzler ] * New upstream version. Uploaded to experimental, because we are frozen. * Drop patches/20_asnparser.diff (condionally #include only #ifdef HAVE_UNISTD_H). -- Andreas Metzler Sat, 14 Oct 2006 15:13:50 +0200 libtasn1-3 (0.3.6-2) unstable; urgency=low [ Andreas Metzler ] * Add a watchfile. * Add a copy of the FDL 1.2 to debian/copyright. -- Andreas Metzler Sat, 14 Oct 2006 14:37:30 +0200 libtasn1-3 (0.3.6-1) unstable; urgency=low * New upstream version. * Drop superfluous patches: - 30_man_hyphen_get_length.diff - 30_man_hyphen_read_value.diff - 30_man_hyphen_write_value.diff -- Andreas Metzler Sat, 16 Sep 2006 16:15:10 +0200 libtasn1-3 (0.3.5-2) unstable; urgency=low [ Andreas Metzler ] * Add libtasn1-2 (<< 0.2.17-1) to libtasn-3-bin's Conflicts/Replaces. (closes: #379424) -- Andreas Metzler Sun, 23 Jul 2006 16:31:38 +0200 libtasn1-3 (0.3.5-1) unstable; urgency=low [ Andreas Metzler ] * Ship pkg-config file libtasn1.pc. [ James Westby ] * New upstream revision. - Fixes creation of zero length buffers on 64 bit platforms. (closes: #375630) -- Andreas Metzler Tue, 27 Jun 2006 19:01:34 +0200 libtasn1-3 (0.3.4-2) unstable; urgency=low [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/20_asnparser.diff * Do not gzip pdf documentation. * Register library manual with doc-base. * Standards version 3.7.2, no changes required. [ James Westby ] * Added debian/patches/30_man_hyphen* to fix a lintain warning about use of "-" as a minus sign. * Added a man-page for libtasn1-config in libtasn1-3-dev. -- Andreas Metzler Wed, 7 Jun 2006 20:14:52 +0200 libtasn1-3 (0.3.4-1) experimental; urgency=low * New maintainer team. Thanks, Matthias for all the work you did. * New upstream version, based on Bastian's NMU. (closes: #356694) Replacing libtasn1-2 with this version is going to fix grave bug #352182. * clean packaging against upstream tarball. - Set DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script to force versioning of symbols, instead of patching ./configure.in. - Disable invocation of gnulib-tool in debian/rules. - Upstream tarball does not contain ansn1.tex and fdl.tex. Ignore the former and use fdl.texi for the latter. - stop removing doc/libtasn1.ps on clean and drop build-dependency on tetex-bin, tetex-extra. - The file is part of the upstream tarball, no need to regenerate it unless we patch the sources. - ship libtasn1.pdf instead of libtasn1.pdf. - drop build-depency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. - use dh_install instead of dh_move and manual instal -m... commands, simplifiying debian/rules. - remove debian/*.dirs. - drop Debian-specific stub manpage for asn1Decoding.1 asn1Parser.1 asn1Coding.1 and use the upstream one instead. * libtasn1-3-bin conflicts/replaces libtasn1-2-bin (closes: #362245) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Copy a complete copyright statement into debian/copyright. -- Andreas Metzler Thu, 1 Jun 2006 17:07:51 +0000 libtasn1-2 (0.3.1-1.1) unstable; urgency=high * Non-maintainer upload. * Fix name of binary packages. (closes: #361890) - Remove spurious conflicts. -- Bastian Blank Tue, 11 Apr 2006 07:41:21 +0000 libtasn1-2 (0.3.1-1) unstable; urgency=high * New Upstream release. - Fixes a buffer overrun: Closes:#352182 - Yes, I know, this release is *late*. Sorry about that. -- Matthias Urlichs Sat, 18 Mar 2006 03:21:11 +0100 libtasn1-2 (0.2.17-1) unstable; urgency=low * New Upstream version. * Build-Depend on texinfo. Closes:#332563 * Split off binaries into a tasn1-2-bin packages. Closes:#330739 - Also added stub manpages for them. * Fix autotools call in "make clean" rule. * Use current gnulib. -- Matthias Urlichs Tue, 25 Oct 2005 11:57:41 +0200 libtasn1-2 (0.2.13-2) unstable; urgency=low * Changed the Copyright statement. Closes: #290209: Improper copyright file * Added missing Priority: statements to debian/control. Closes: #294706: changes file is missing priority * Added missing AC_PROG_LIBTOOL to configure.in. * Updated Standards-Version: to 3.6.2; no changes. -- Matthias Urlichs Thu, 14 Jul 2005 05:43:49 +0200 libtasn1-2 (0.2.13-1) unstable; urgency=low * Merged Upstream release. * Upstream removed symbol versioning and replaced it with a simple export-visibility rule. Restored -- we can't go back. Besides, versioning is a Good Thing. * The previous upload Closes: #301575: New upstream version available. * Switched to autoconf 1.9. -- Matthias Urlichs Mon, 4 Jul 2005 16:07:13 +0200 libtasn1-2 (0.2.10-5) unstable; urgency=low * Closes: #264032: debian/rules clean doesn't undo all build effects * Re-enable libtasn1-2-dbg. -- Matthias Urlichs Wed, 15 Sep 2004 22:24:20 +0200 libtasn1-2 (0.2.10-4) unstable; urgency=medium * Updated shlib deps (new function) -- Matthias Urlichs Fri, 13 Aug 2004 11:45:01 +0200 libtasn1-2 (0.2.10-3) unstable; urgency=low * Depend on binutils (>= 2.14.90.0.7). - Closes: #262267: libtasn1-2: Change Build-Depends Thanks to Dirk Prösdorf . -- Matthias Urlichs Fri, 30 Jul 2004 14:29:58 +0200 libtasn1-2 (0.2.10-2) unstable; urgency=low * Priority: Important -- only for the library package please. -- Matthias Urlichs Thu, 29 Jul 2004 14:10:38 +0200 libtasn1-2 (0.2.10-1) unstable; urgency=high * Merged to current Upstream version * Didn't install libtasn1-config. * Didn't install libtasn1.m4. -- Matthias Urlichs Thu, 29 Jul 2004 12:58:01 +0200 libtasn1-2 (0.2.7.0-2) unstable; urgency=medium * The binary package ended up empty due to a local bug. Sorry. -- Matthias Urlichs Wed, 14 Jul 2004 13:45:04 +0200 libtasn1-2 (0.2.7.0-1) unstable; urgency=low * Use the original .orig.tgz file; the old one is broken. -- Matthias Urlichs Mon, 12 Jul 2004 19:25:22 +0200 libtasn1-2 (0.2.7-3) unstable; urgency=low * New maintainer. * Use the included test scripts. * Don't use the included generated files: Upstream CVS doesn't have them. - Depend on tetex-bin and bison. -- Matthias Urlichs Sun, 11 Jul 2004 13:40:13 +0200 libtasn1-2 (0.2.7-2) unstable; urgency=HIGH * patches/001_decoding_bof_0.2.7.diff: patch to fix DER parsing routines vulnerability registered as CAN-2004-0401. -- Ivo Timmermans Mon, 10 May 2004 11:39:23 +0200 libtasn1-2 (0.2.7-1) unstable; urgency=low * Thanks to Andreas Metzler for preparing this package. * New upstream release, which introduces versioned symbols. * debian/control: Added conflict with libtasn1-1. (Closes: #228204) -- Ivo Timmermans Tue, 23 Mar 2004 19:39:04 +0100 libtasn1-2 (0.2.6-1) unstable; urgency=low * New upstream release; package renamed to libtasn1-2. * debian/rules: Moved to cdbs. * debian/control: * updated Standards-Version; * tightened debhelper build dependency; * added auto* to the build dependencies. -- Ivo Timmermans Sat, 6 Dec 2003 21:02:25 +0100 libtasn1-1 (0.2.4-3) unstable; urgency=low * debian/rules: Use libtool rather than install to install the stuff in src. -- Ivo Timmermans Thu, 8 May 2003 22:35:35 +0200 libtasn1-1 (0.2.4-2) unstable; urgency=low * debian/rules, debian/libtasn1-1.{dirs,files}: Install asn1Coding, asn1Decoding, asn1Parser from src in /usr/bin. (Closes: #192465) * debian/control: Update Standards-Version. -- Ivo Timmermans Thu, 8 May 2003 21:37:19 +0200 libtasn1-1 (0.2.4-1) unstable; urgency=low * New upstream release. (Closes: #187398) -- Ivo Timmermans Thu, 3 Apr 2003 11:19:03 +0200 libtasn1-1 (0.2.1-1) unstable; urgency=low * New upstream release. - Fixed tests. (Closes: #164612) * Made it a separate source package. -- Ivo Timmermans Fri, 14 Feb 2003 21:42:10 +0100 libtasn1 (0.1.2-1) unstable; urgency=low * New upstream release -- Ivo Timmermans Fri, 11 Oct 2002 17:37:51 +0200 libtasn1 (0.1.1-3) unstable; urgency=low * debian/control: Conflict with the versions of libgnutls that included a libtasn1.{la,a,so}. (Closes: #156765) * debian/libtasn1-dev.files: Include libtasn1.la. -- Ivo Timmermans Tue, 20 Aug 2002 18:17:28 +0200 libtasn1 (0.1.1-2) unstable; urgency=low * debian/libtasn1-0.shlibs: Changed so version from 0.1.1 to 0; remove upper version limit; set lower limit to 0.1.1-2 (current). -- Ivo Timmermans Wed, 14 Aug 2002 16:49:15 +0200 libtasn1 (0.1.1-1) unstable; urgency=low * Initial Release. (Closes: #150106) -- Ivo Timmermans Sat, 10 Aug 2002 22:02:49 +0200