nettle (2.7.1-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: miscomputation bugs in secp-256r1 modulo functions - debian/patches/CVE-2015-8803_8805.patch: fix carry propagation bugs in ecc-256.c. - CVE-2015-8803 - CVE-2015-8805 * SECURITY UPDATE: carry folding bug in x86_64 ecc_384_modp - debian/patches/CVE-2015-8804.patch: fix carry propagation bug in x86_64/ecc-384-modp.asm. - CVE-2015-8804 -- Marc Deslauriers Wed, 10 Feb 2016 13:34:57 -0500 nettle (2.7.1-1) unstable; urgency=low * New upstream bugfix release. -- Magnus Holmgren Wed, 29 May 2013 19:25:35 +0200 nettle (2.7-2) unstable; urgency=low * Tag some (ECC related) symbols that only exist on some architectures. -- Magnus Holmgren Tue, 07 May 2013 22:57:14 +0200 nettle (2.7-1) unstable; urgency=low * New upstream release (Closes: #706081). * Include watch file improvements from Bart Martens via the QA system. -- Magnus Holmgren Sat, 04 May 2013 19:50:28 +0200 nettle (2.6-1) experimental; urgency=low * New upstream release. -- Magnus Holmgren Sun, 24 Mar 2013 11:38:21 +0100 nettle (2.5-1) experimental; urgency=low * New upstream release (Closes: #685855). - All symbols from nettle-internal.c have been dropped from the built library, and pkcs1_signature_prefix renamed with a leading underscore, without SONAME change, as they were all for internal use only. * debian/watch: Updated to handle -pre releases. -- Magnus Holmgren Sat, 25 Aug 2012 18:28:37 +0200 nettle (2.4-2) unstable; urgency=low * Drop README.source; not needed since the package was converted to format 3.0. * Correct errors in DEP 5-format debian/copyright. * Use dpkg-buildflags to set CFLAGS et al. * Bump Standards-Version to 3.9.3. -- Magnus Holmgren Sat, 23 Jun 2012 14:41:45 +0200 nettle (2.4-1) unstable; urgency=low * New upstream bugfix release. -- Magnus Holmgren Sat, 03 Sep 2011 17:59:01 +0200 nettle (2.3-1) unstable; urgency=low * New upstream release. * nettle-dev.install: Include pkg-config files added by upstream (Closes: #634294). * debian/copyright: Add ripemd160-related files. -- Magnus Holmgren Sat, 03 Sep 2011 00:48:54 +0200 nettle (2.2-1) unstable; urgency=low * New upstream release (Closes: #633574). - The function nettle_arcfour_stream() was dropped without changing the SONAME, because it was undocumented and untested and should not be in use. * Add symbols files and correct dependencies in shlibs files. * Update copyright information, in particular regarding blowfish and serpent, trying to follow DEP5. * Add manpage nettle-hash(1) and mention nettle-hash in description of nettle-bin. * Add multi-arch support. * Bump Standards-Version to 3.9.2. * Switch to Debhelper compat level 8. * nettle-bin: Change Conflicts from moving sexp-conv into Breaks+Replaces and drop long-obsolete conflict with libnettle1. * Improve libnettle and libhogweed package descriptions, explaining the difference between them. -- Magnus Holmgren Sat, 06 Aug 2011 19:13:56 +0200 nettle (2.1-2) unstable; urgency=low * Upload to unstable. * Increase Debhelper compat level to 7. * debian/rules: Add build-indep and build-arch targets. * debian/copyright: Add entry for dsa2sexp.c. * No longer suggest lsh-utils-doc as an alternative to lsh-doc. -- Magnus Holmgren Sun, 20 Mar 2011 01:48:24 +0100 nettle (2.1-1) experimental; urgency=low * New upstream release (Closes: #594386). Thanks to Sedat Dilek for sorting things out. - Drop rsa2sexp_algorithm_name.dpatch, 20_link_with_gmp.dpatch; incorporated upstream. - The SOVERSIONs of libnettle and libhogweed have changed to 4 and 2, respectively; update and rename debian/control, debian/libnettle3.*, debian/libhogweed1.*, and debian/nettle-bin.links accordingly. * Build-depend on the new libgmp10-dev instead of libgmp3-dev. * Convert to source package format 3.0 (quilt), using dh_autotools-dev_*config to update config.sub and config.guess files. * Handle the parallel DEB_BUILD_OPTIONS option. * Pass --libdir=/usr/lib to ./configure since it will otherwise try to be smart and pick /usr/lib32 or /usr/lib64 on certain platforms. * General tidying of debian/rules: - Remove handling of noopt option (dpkg-buildpackage sets CFLAGS). - Remove remnants of nostrip option handling. - Only pass --host to ./configure if HOST != BUILD, as is recommended. - Remove redundant compiler and configure flags. * Bump Standards-Version to 3.9.1. -- Magnus Holmgren Tue, 18 Jan 2011 23:44:49 +0100 nettle (2.0-2) unstable; urgency=low * rsa2sexp_algorithm_name.dpatch (new): Use a default algorithm name that LSH understands in the sexp representation of an RSA key, so that pkcs1-conv can be used to convert existing OpenSSH private keys. * debian/control: Add ${misc:Depends} to all packages lacking it. * debian/control: nettle-dev: Depend on dpkg (>= 1.15.4) | install-info as recommended for the transition to triggerized install-info. * Upgraded to Standards-Version 3.8.3 with the previous change. -- Magnus Holmgren Sun, 11 Oct 2009 23:27:07 +0200 nettle (2.0-1) unstable; urgency=low * Merge with experimental branch. - There was no lsh-utils 2.0.3-2 in Debian, so the conflict is with lsh-utils < 2.0.4-dfsg-1. - Drop the transitional libnettle-dev package that was in experimental. Due to the split, depending packages will need sourceful uploads anyway. * New upstream version. - Drop 30_sparc_aes_include.dpatch; incorporated upstream. * Add debug package. * nettle-dev.doc-info: Correct Section and Document. * Bump Standards-Version to 3.8.2. -- Magnus Holmgren Sun, 02 Aug 2009 17:20:28 +0200 nettle (1.16~cvs20070603-2) experimental; urgency=low * 30_sparc_aes_include.dpatch: Patch from upstream CVS, fixes FTBFS on sparc (Closes: #441265). * debian/rules: Check for Makefile instead of ignoring all `make distclean' errors. -- Magnus Holmgren Sat, 08 Sep 2007 19:58:29 +0200 nettle (1.16~cvs20070603-1) experimental; urgency=low * Upstream CVS snapshot splitting off public-key algorithms as libhogweed1. - Drop 10_cleanup.dpatch; incorporated upstream. - Rename libnettle-dev as nettle-dev. * No longer install sexp-conv as an alternative; conflict with lsh-utils (<< 2.0.3-2, which is anticipated to stop shipping an identical sexp-conv and depend on nettle-bin instead). * Link with --as-needed to avoid unnecessary NEEDED tags. -- Magnus Holmgren Mon, 11 Jun 2007 17:36:08 +0200 nettle (1.15-6) unstable; urgency=low * No longer install sexp-conv as an alternative; conflict with lsh-utils prior to 2.0.4-dfsg-1, which depends on nettle-bin instead of shipping a copy of sexp-conv (Closes: #510942). Drop nettle-bin.postinst and nettle-bin.prerm (nettle-bin.prerm will remove the alternative on upgrade, which is actually a bug, but works out fine in this case). * Switch to Debhelper level 5. Remove files that don't exist from install lists (copied from a template, apparently). * Upgrade to Standards-Version 3.8.1: + Add debian/README.source (ยง 4.9). * Add debian/libnettle2.symbols. -- Magnus Holmgren Mon, 13 Apr 2009 22:52:44 +0200 nettle (1.15-5) unstable; urgency=low * New maintainer email address. * Bring debian/control format up-to-date with Homepage and Vcs fields. * Add machine-readable copyright information to debian/copyright and clarify licensing of nettle-lfib-stream.1 and pkcs1-conv.1. The machine-readable information may not be completely accurate at this point due to the many different authors and licenses. * Don't ignore make potential distclean errors. * debian/libnettle-dev.doc-base: Change section to Programming/C following the abolishion of the Apps section. * Bump Standards-Version to 3.7.3 without any changes. -- Magnus Holmgren Sun, 20 Apr 2008 00:40:55 +0200 nettle (1.15-4) unstable; urgency=low * Add manpage for nettle-lfib-stream(1) (Closes: #413293). * Add manpage for pkcs1-conv(1) (Closes: #413294). * Correct manpage for sexp-conv(1). -- Magnus Holmgren Mon, 11 Jun 2007 13:37:53 +0200 nettle (1.15-3) unstable; urgency=low * Use dh_install instead of dh_movefiles. * Run "make check" by default. * Ship nettle.pdf in libnettle-dev. * Include PDF and Info formats in doc-base control file. * Clean up the libnettle-dev examples directory. There should only be source files. Note that most of the examples aren't made to be compiled outside of the nettle source tree, except sha-example.c, which is the example found in the documentation. * Move descore.README and TODO from libnettle2.docs to libnettle-dev.docs, and also add README and NEWS to the latter. * Make debian/copyright more correct. * Add pkcs1-conv to nettle-bin package description. -- Magnus Holmgren Wed, 06 Jun 2007 14:35:13 +0200 nettle (1.15-2) unstable; urgency=high * Fix serious regression: The -lgmp added in 1.8-1 fell off in 1.15-1 (Closes: #415034). * Use dpatch to handle patches. * Make package binNMUable. * Add XS-Vcs-* fields to debian/control. * Make dependencies on libnettle2 versioned. -- Magnus Holmgren Tue, 15 May 2007 16:15:19 +0200 nettle (1.15-1) unstable; urgency=low * New maintainer (Closes: #411677). * New upstream version. The non-free IETF RFC has been removed by upstream. * Updated Standards-Version to 3.7.2 without any changes. * Converted doc-base and copyright files to UTF-8. * Added extra cleanup to clean target of debian/rules so that dpkg-buildpackage can be run more than once. * debian/watch: updated. * debian/control: added autotools-dev as a build-dependency. * debian/rules: don't include config.guess and config.sub in .diff.gz. -- Magnus Holmgren Thu, 1 Mar 2007 19:29:49 +0100 nettle (1.14.1-1) unstable; urgency=low * Removed non-DFSG file from the archive and disabled the corresponding test case * Source package contains non-free IETF RFC/I-D's (Closes: #393400) * Since there is no upstream release available, a "fake" version number is added to the version. -- Marek Habersack Wed, 18 Oct 2006 09:47:03 +0200 nettle (1.14-1) unstable; urgency=low * The latest upstream version -- Marek Habersack Tue, 9 May 2006 21:41:17 +0200 nettle (1.12-3) unstable; urgency=high * Force a recompile to match the new libgmp3 package name -- Marek Habersack Tue, 19 Jul 2005 12:01:28 +0200 nettle (1.12-2) unstable; urgency=high * Make libnettle-dev depend on libgmp3-dev -- Marek Habersack Tue, 8 Mar 2005 02:19:01 +0100 nettle (1.12-1) unstable; urgency=high * The latest upstream release * sexp-conv is installed as sexp-conv.nettle and registered with the alternatives system now. * added the sexp-conv mainpage borrowed from the lsh-utils package. -- Marek Habersack Tue, 30 Nov 2004 01:45:49 +0100 nettle (1.10-1) unstable; urgency=low * The latest upstream version -- Marek Habersack Tue, 4 May 2004 15:56:02 +0200 nettle (1.9-1) unstable; urgency=low * The latest upstream release -- Marek Habersack Mon, 16 Feb 2004 02:53:34 +0100 nettle (1.8-1) unstable; urgency=low * The latest upstream release * libnettle1 links directly against gmp now to avoid problems with programs linking to libnettle without referencing -lgmp explicitly. * libnettle1 is gone - upstream changed the SOVERSION to 2 -- Marek Habersack Wed, 14 Jan 2004 22:27:19 +0100 nettle (1.7-3) unstable; urgency=low * Don't drink and drive, or another doc-base fix -- Marek Habersack Mon, 10 Nov 2003 19:07:20 -0500 nettle (1.7-2) unstable; urgency=low * Fixed the doc-base problem with the missing Section field -- Marek Habersack Sun, 9 Nov 2003 22:06:09 -0500 nettle (1.7-1) unstable; urgency=low * Initial Release. -- Marek Habersack Tue, 4 Nov 2003 18:23:07 +0100