gnutls11 (1.0.16-14ubuntu1.1) dapper-security; urgency=low

  * SECURITY UPDATE: Signature forgery.
  * Add debian/patches/00CVS_CVE-2006-4790.patch:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate. (Similar to
      recent OpenSSL update.)
    - Patch taken from upstream CVS:
      http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html
    - CVE-2006-4790

 -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 18 Sep 2006 12:53:48 +0000

gnutls11 (1.0.16-14ubuntu1) dapper; urgency=low

  * Add debian/patches/01_tasn_api_length.patch:
    - lib/x509/xml.c: Fix calls to libtasn1-2's internal _asn1_* API calls for
      new libtasn1-2 version; these calls now expect a buffer length argument to
      check for buffer overflows.
    - lib/minitasn1/: Changed internal _asn1_ function prototypes in header
      files according to recent change in libtasn1-2.
  * debian/rules: Activate simple-patchsys.mk unconditionally.
  * debian/control: Bump libtasn1-2-dev build dependency to >=
    0.2.17-1ubuntu1.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 15 Feb 2006 16:26:26 +0100

gnutls11 (1.0.16-14) unstable; urgency=high

  * Ack NMU.
  * High priority because it needs to propagate to testing in order to
    allow a bugfix for stable-p-u to be uploaded. :-/
  * Fix occasional SSL connection setup error. Closes:#325971
  * Drop gnutls-bin, it's provided by gnutls12 now.

 -- Matthias Urlichs <smurf@debian.org>  Tue, 25 Oct 2005 19:31:09 +0200

gnutls11 (1.0.16-13.1) unstable; urgency=high

  * Non-Maintainer Upload fixing DoS
  * DoS in TLS 1.x record packet parsing [CAN-2005-1431, GNUTLS-SA-2005-1]
    (Closes: #309111)

 -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Sun, 22 May 2005 21:47:58 +0200

gnutls11 (1.0.16-13) unstable; urgency=high

  * Fixed an ASN.1 extraction error.
    Found by Pelle Johansson <morth@morth.org>.

 -- Matthias Urlichs <smurf@debian.org>  Mon, 29 Nov 2004 10:16:21 +0100

gnutls11 (1.0.16-12) unstable; urgency=high

  * Fixed a segfault in certtool. Closes: #278361.

 -- Matthias Urlichs <smurf@debian.org>  Thu, 11 Nov 2004 09:40:02 +0100

gnutls11 (1.0.16-11) unstable; urgency=medium

  * Merged binary (non-UF8) string printing code from Upstream.
  * Password code in certtool was somewhat broken.

 -- Matthias Urlichs <smurf@debian.org>  Sat,  6 Nov 2004 13:11:03 +0100

gnutls11 (1.0.16-10) unstable; urgency=high

  * Fixed one instance of uninitialized memory usage.

 -- Matthias Urlichs <smurf@debian.org>  Thu, 21 Oct 2004 06:07:53 +0200

gnutls11 (1.0.16-9) unstable; urgency=high

  * Pulled from Upstream CVS:
    - Fix two memory leaks.
    - Fix NULL dereference.

 -- Matthias Urlichs <smurf@debian.org>  Fri,  8 Oct 2004 10:43:20 +0200

gnutls11 (1.0.16-8) unstable; urgency=high

  * Pulled these changes from Upstream CVS:
    - Added default limits in the verification of certificate chains,
      to avoid denial of service attacks.
    - Added gnutls_certificate_set_verify_limits() to override them.
    - Added gnutls_certificate_verify_peers2().

 -- Matthias Urlichs <smurf@debian.org>  Sun, 12 Sep 2004 02:05:25 +0200

gnutls11 (1.0.16-7) unstable; urgency=low

  * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
    Thanks to joeyh@debian.org for reporting this problem.

 -- Matthias Urlichs <smurf@debian.org>  Sat, 14 Aug 2004 11:22:51 +0200

gnutls11 (1.0.16-6) unstable; urgency=medium

  * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
    - Closes: #264420

 -- Matthias Urlichs <smurf@debian.org>  Sun,  8 Aug 2004 22:21:01 +0200

gnutls11 (1.0.16-5) unstable; urgency=low

  * Depend on current libtasn1-2 (>= 0.2.10).
    - Closes: #264198.
  * Fixed maintainer email to point to Debian address.

 -- Matthias Urlichs <smurf@debian.org>  Sat,  7 Aug 2004 19:44:38 +0200

gnutls11 (1.0.16-4) unstable; urgency=low

  * The OpenSSL compatibility library has been linked incorrectly
    (-ltasn1 was missing).
  * Need to build-depend on current opencdk8 and libtasn1-2 version.

 -- Matthias Urlichs <smurf@debian.org>  Sat,  7 Aug 2004 19:29:32 +0200

gnutls11 (1.0.16-3) unstable; urgency=high

  * Documentation no longer includes LaTeX-produced output
    (the source contains latex2html-specific features, which is non-free).
  * Urgency: High because of pending base freeze.

 -- Matthias Urlichs <smurf@debian.org>  Mon, 26 Jul 2004 11:18:20 +0200

gnutls11 (1.0.16-2) unstable; urgency=high

  * Actually *enable* debug symbols :-/
  * Urgency: High for speedy inclusion in d-i

 -- Matthias Urlichs <smurf@debian.org>  Fri, 23 Jul 2004 22:38:07 +0200

gnutls11 (1.0.16-1) experimental; urgency=low

  * Update to latest Upstream version.
  * now depends on libgcrypt11
  * Include debugging package
  * Use hevea, not latex2html.

 -- Matthias Urlichs <smurf@debian.org>  Wed, 21 Jul 2004 16:58:26 +0200

gnutls10 (1.0.4-4) unstable; urgency=low

  * New maintainer.
  * Run autotools at source package build time.
    - Closes: #257237: FTBFS (i386/sid): aclocal failed
  * Remove "package is still changed upstream" warning.
  * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.

 -- Matthias Urlichs <smurf@debian.org>  Fri, 16 Jul 2004 02:09:36 +0200

gnutls10 (1.0.4-3) unstable; urgency=low

  * control: Changed the build dependency and the dependency of
    libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
    libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
    could cause linking against two versions of libgcrypt.

 -- Ivo Timmermans <ivo@debian.org>  Sat, 24 Jan 2004 15:32:22 +0100

gnutls10 (1.0.4-2) unstable; urgency=low

  * libgnutls-doc.doc-base: Removed HTML manual listing.
  * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
    Jordi :)

 -- Ivo Timmermans <ivo@debian.org>  Wed, 14 Jan 2004 13:35:42 +0100

gnutls10 (1.0.4-1) unstable; urgency=low

  * New upstream release  (Closes: #227527)
      * The new documentation in libgnutls-doc fixes several typo's and
        style glitches:  
        Closes: #215772: inconsistent auth method list in manual
        Closes: #215775: dangling footnote on page 14 of manual
        Closes: #215777: bad sentence on page 18 of manual
        Closes: #215780: incorrect info about ldaps/imaps in manual
  * rules:
      * Use --add-missing instead of --force in the call to automake.
      * Don't build gnutls.ps, use the upstream version.
        (Closes: #224846)
  * gnutls-bin.manpages: Use glob to find manpages.
  * patches/008_manpages.diff: Removed; included upstream.

 -- Ivo Timmermans <ivo@debian.org>  Tue, 13 Jan 2004 23:57:16 +0100

gnutls10 (1.0.0-1) unstable; urgency=low

  * New upstream release.
  * Major soversion changed to 10.
  * control: Changed build dependencies of libtasn1-dev.
  * libgnutls10.shlibs: Added libgnutls-openssl to the list.

 -- Ivo Timmermans <ivo@debian.org>  Mon, 29 Dec 2003 23:23:08 +0100

gnutls8 (0.9.99-1) experimental; urgency=low

  * New upstream release.
  * Included upstream GPG signature in .orig.tar.gz.

 -- Ivo Timmermans <ivo@debian.org>  Wed,  3 Dec 2003 22:33:52 +0100

gnutls8 (0.9.98-1) experimental; urgency=low

  * New upstream release.
  * debian/control: libgnutls8-dev depends on libopencdk8-dev.
  * debian/libgnutls-doc.examples: Install src/*.[ch].

 -- Ivo Timmermans <ivo@debian.org>  Sun, 23 Nov 2003 15:44:38 +0100

gnutls8 (0.9.95-1) experimental; urgency=low

  * New upstream version.

 -- Ivo Timmermans <ivo@debian.org>  Fri,  7 Nov 2003 19:50:22 +0100

gnutls8 (0.9.94-1) experimental; urgency=low

  * New upstream version; package based on gnutls7 0.8.12-2.
  * debian/control:
      * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
  * debian/rules: Run auto* after the patches have been applied.

 -- Ivo Timmermans <ivo@debian.org>  Fri, 31 Oct 2003 18:47:09 +0100