--- gnutls26-2.8.3.orig/debian/libgnutls-dev.README.Debian +++ gnutls26-2.8.3/debian/libgnutls-dev.README.Debian @@ -0,0 +1,10 @@ +libgnutls-config is patched to only list stuff needed for dynamic +linking against libgnutls (i.e. "-lgnutls") on Debian. Static linking +requires using either + +a) libtool +b) "pkg-config --libs --static gnutls" instead of libgnutls-config --libs. + +This also applies to libgnutls-extra-config. + +Andreas Metzler --- gnutls26-2.8.3.orig/debian/README.source +++ gnutls26-2.8.3/debian/README.source @@ -0,0 +1,19 @@ +Uses cdbs with simple-patchsys.mk. + +Patches in debian/patches (i.e. *diff *patch) are applied automatically in +alphanumeric order. + +Use +debian/rules apply-patches +to see the patched source. + +See cdbs-edit-patch for a useful way to make modifications. + + +---------------------------------------- +Rebuilding PDF documentation: + +apt-get install texlive-latex-base texlive-fonts-recommended \ + texlive-generic-recommended + +make pdf --- gnutls26-2.8.3.orig/debian/gnutls-doc.docs +++ gnutls26-2.8.3/debian/gnutls-doc.docs @@ -0,0 +1 @@ +doc/gnutls.pdf --- gnutls26-2.8.3.orig/debian/compat +++ gnutls26-2.8.3/debian/compat @@ -0,0 +1 @@ +5 --- gnutls26-2.8.3.orig/debian/gnutls-doc.examples +++ gnutls26-2.8.3/debian/gnutls-doc.examples @@ -0,0 +1 @@ +doc/examples/*.c --- gnutls26-2.8.3.orig/debian/gnutls-doc.links +++ gnutls26-2.8.3/debian/gnutls-doc.links @@ -0,0 +1 @@ +/usr/share/doc/gnutls-doc/api-reference /usr/share/gtk-doc/html/gnutls --- gnutls26-2.8.3.orig/debian/gnutls-bin.install +++ gnutls26-2.8.3/debian/gnutls-bin.install @@ -0,0 +1,4 @@ +debian/tmp/usr/bin/gnutls-* usr/bin +debian/tmp/usr/bin/certtool usr/bin +debian/tmp/usr/bin/srptool usr/bin +debian/tmp/usr/bin/psktool usr/bin --- gnutls26-2.8.3.orig/debian/gnutls-doc.install +++ gnutls26-2.8.3/debian/gnutls-doc.install @@ -0,0 +1,7 @@ +doc/reference/html/*html usr/share/doc/gnutls-doc/api-reference +doc/reference/html/*png usr/share/doc/gnutls-doc/api-reference +doc/reference/html/*.css usr/share/doc/gnutls-doc/api-reference +doc/reference/html/*.sgml usr/share/doc/gnutls-doc/api-reference +doc/reference/html/*.devhelp* usr/share/doc/gnutls-doc/api-reference +doc/*.html usr/share/doc/gnutls-doc/html +doc/*.png usr/share/doc/gnutls-doc/html --- gnutls26-2.8.3.orig/debian/libgnutls26.NEWS +++ gnutls26-2.8.3/debian/libgnutls26.NEWS @@ -0,0 +1,45 @@ +gnutls26 (2.6.6-1) unstable; urgency=high + + * libgnutls: Check expiration/activation time on untrusted certificates. + Before the library did not check activation/expiration times on + certificates, and was documented as not doing so. We have realized that + many applications that use libgnutls, including gnutls-cli, fail to + perform proper checks. Implementing similar logic in all applications + leads to code duplication. Hence, we decided to check whether the + current time (as reported by the time function) is within the + activation/expiration period of certificates when verifying untrusted + certificates. + + This changes the semantics of gnutls_x509_crt_list_verify, which in + turn is used by gnutls_certificate_verify_peers and + gnutls_certificate_verify_peers2. We add two new + gnutls_certificate_status_t codes for reporting the new error + condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also + add a new gnutls_certificate_verify_flags flag, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new + behaviour. + GNUTLS-SA-2009-3 CVE-2009-1417 + http://www.gnu.org/software/gnutls/security.html + + -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 + +gnutls26 (2.4.2-5) unstable; urgency=medium + + * The gnutls certificate verification code has been changed to stop + trusting some weak algoritms. Verifying untrusted X.509 certificates + signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. + + See , + and + + + "certtool -i < signature.pem" will inform about the algoritm used for + signing (Search for "Signature Algorithm" in its output.). The proper + fix is to re-issue the certificates with a more secure algoritm. As a + hotfix the respective certicate itself can be added to the list of + trusted certificates. Obviously this should only be done after + verifying the certificate by different means than relying on the weak + signature. + + -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 --- gnutls26-2.8.3.orig/debian/watch +++ gnutls26-2.8.3/debian/watch @@ -0,0 +1,2 @@ +version=3 +ftp://ftp.gnutls.org/pub/gnutls/gnutls-(.*)\.tar\.bz2 debian uupdate --- gnutls26-2.8.3.orig/debian/gnutls-doc.manpages +++ gnutls26-2.8.3/debian/gnutls-doc.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* --- gnutls26-2.8.3.orig/debian/control +++ gnutls26-2.8.3/debian/control @@ -0,0 +1,116 @@ +Source: gnutls26 +Section: libs +Priority: optional +Maintainer: Debian GnuTLS Maintainers +Uploaders: Andreas Metzler , Eric Dorland , James Westby , Simon Josefsson +Build-Depends: debhelper (>= 5.0.0), libgcrypt11-dev (>= 1.3.2), zlib1g-dev, cdbs, gtk-doc-tools, texinfo (>= 4.8), libtasn1-3-dev (>= 0.3.4-0), autotools-dev, guile-1.8-dev +Build-Conflicts: libgnutls-dev +Standards-Version: 3.8.3 +Vcs-Svn: svn://svn.debian.org/svn/pkg-gnutls/packages/gnutls26/trunk +Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/ +Homepage: http://www.gnutls.org/ + +Package: libgnutls-dev +Priority: optional +Section: libdevel +Architecture: any +Provides: gnutls-dev +Depends: libgnutls26 (= ${binary:Version}), libgcrypt11-dev (>= 1.3.0), libc6-dev | libc-dev, zlib1g-dev, libtasn1-3-dev (>= 0.3.4), ${misc:Depends} +Suggests: gnutls-doc, gnutls-bin, guile-gnutls +Conflicts: libgnutls11-dev, gnutls-dev (<< 0.4.0-0), gnutls0.4-dev +Replaces: libgnutls11-dev, gnutls-dev (<< 0.4.0-0), gnutls0.4-dev +Description: the GNU TLS library - development files + gnutls is a portable library which implements the Transport Layer + Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols. + . + Currently gnutls implements: + - the TLS 1.0 and SSL 3.0 protocols, without any US-export + controlled algorithms + - X509 Public Key Infrastructure (with several limitations). + - SRP for TLS authentication. + - TLS Extension mechanism + . + This package contains the gnutls development files. + +Package: libgnutls26 +Priority: important +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, ${misc:Depends} +Replaces: gnutls0, gnutls3, gnutls0.4 +Conflicts: gnutls0, gnutls0.4 +Suggests: gnutls-bin +Description: the GNU TLS library - runtime library + gnutls is a portable library which implements the Transport Layer + Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols. + . + Currently gnutls implements: + - the TLS 1.0 and SSL 3.0 protocols, without any US-export + controlled algorithms + - X509 Public Key Infrastructure (with several limitations). + - SRP for TLS authentication. + - TLS Extension mechanism + . + This package contains the runtime libraries. + +Package: libgnutls26-dbg +Priority: extra +Architecture: any +Section: debug +Depends: libgnutls26 (= ${binary:Version}), ${misc:Depends} +Conflicts: libgnutls13-dbg +Description: GNU TLS library - debugger symbols + gnutls is a portable library which implements the Transport Layer + Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols. + . + Currently gnutls implements: + - the TLS 1.0 and SSL 3.0 protocols, without any US-export + controlled algorithms + - X509 Public Key Infrastructure (with several limitations). + - SRP for TLS authentication. + - TLS Extension mechanism + . + This package contains the debugger symbols. + +Package: gnutls-bin +Priority: optional +Architecture: any +Section: net +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0) +Replaces: libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0) +Description: the GNU TLS library - commandline utilities + gnutls is a portable library which implements the Transport Layer + Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols. + . + This package contains a commandline interface to the GNU TLS library, + which can be used to set up secure connections from e.g. shell scripts. + +Package: gnutls-doc +Priority: optional +Architecture: all +Section: doc +Depends: ${misc:Depends} +Description: the GNU TLS library - documentation and examples + gnutls is a portable library which implements the Transport Layer + Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols. + . + This package contains all the gnutls documentation. + +Package: guile-gnutls +Priority: optional +Architecture: any +Section: lisp +Depends: ${misc:Depends},${shlibs:Depends}, guile-1.8 +Description: the GNU TLS library - GNU Guile bindings + gnutls is a portable library which implements the Transport Layer + Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols. + . + Currently gnutls implements: + - the TLS 1.0 and SSL 3.0 protocols, without any US-export + controlled algorithms + - X509 Public Key Infrastructure (with several limitations). + - SRP for TLS authentication. + - TLS Extension mechanism + . + This package contains the GNU Guile 1.8 modules. --- gnutls26-2.8.3.orig/debian/gnutls-doc.doc-base +++ gnutls26-2.8.3/debian/gnutls-doc.doc-base @@ -0,0 +1,16 @@ +Document: gnutls +Title: GnuTLS Manual +Author: Simon Josefsson +Abstract: GnuTLS library manual +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/gnutls-doc/html/gnutls.html +Files: /usr/share/doc/gnutls-doc/html/* + +Format: PDF +Files: /usr/share/doc/gnutls-doc/gnutls.pdf + +Format: info +Index: /usr/share/info/gnutls.info.gz +Files: /usr/share/info/gnutls.info* --- gnutls26-2.8.3.orig/debian/gnutls-bin.examples +++ gnutls26-2.8.3/debian/gnutls-bin.examples @@ -0,0 +1 @@ +doc/certtool.cfg --- gnutls26-2.8.3.orig/debian/copyright +++ gnutls26-2.8.3/debian/copyright @@ -0,0 +1,125 @@ +This package was debianized by Ivo Timmermans on +Fri, 3 Aug 2001 10:00:42 +0200. +It was later taken over by Matthias Urlichs and is now +maintained by Andreas Metzler Eric Dorland +, James Westby + + +It was downloaded from ftp://gnutls.hellug.gr/pub/gnutls + +Upstream Authors: + Nikos Mavroyanopoulos + Fabio Fiorina + Simon Josefsson + Timo Schulz + Andrew McDonald + Ludovic Courtes + Mario Lenz + Howard Chu + Ivo Timmermans + Stefan Walter + Yoshisato YANAGISAWA + Emile Van Bergen + Joe Orton + Daniel Kahn Gillmor + David Marín Carreño + + +License: The main library is licensed under GNU Lesser General Public +License (LGPL) version 2.1+, Gnutls Extra (i.e. openssl wrapper library, +and library for code for "GnuTLS Inner Application" support) and commandline + utilities are licenced under the GNU General Public License version 3+. The + Guile bindings use the same license as the respective underlying library, +i.e. LGPLv2.1+ for the main library and GPLv3+ for Gnutls extra. + +Copyright: +-------------------- + * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GNUTLS. + * + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA +-------------------- +/* + * Copyright (C) 2001, 2004, 2005, 2007, 2008, 2009 Free Software Foundation + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GNUTLS-EXTRA. + * + * GNUTLS-EXTRA is free software: you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * GNUTLS-EXTRA is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see + * . + */ +-------------------- + +The documentation is distributed under the terms of the GNU Free +Documentation License (FDL): +-------------------- +Copyright @copyright{} 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. + +@quotation +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A +copy of the license is included in the section entitled ``GNU Free +Documentation License''. +@end quotation +-------------------- + +On Debian GNU/Linux systems, the complete text of the latest version of the GNU +Lesser General Public License can be found in `/usr/share/common-licenses/LGPL' +v2.1 of the license in `/usr/share/common-licenses/LGPL-2.1'; the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. The GNU Free +Documentation License is available under /usr/share/common-licenses/GFDL-1.3. + + + +Excerpt from upstream's README: +LICENSE ISSUES +-------------- + +Since the 0.4.2 version the gnutls library is covered under the GNU +Lesser GPL. Previously released versions were licensed under the GNU +GPL. + +We changed the license for most of GNUTLS because other free libraries +already exist that do the same jobs and have lax licenses. We want +GNUTLS to be usable in all the same places as those other libraries. +We kept some parts of GNUTLS under the GPL because they are unique, +and with the GPL they provide free software projects (which deserve +our help) an advantage over non-free projects (which do not deserve +our help, since they refuse to share with us). For more explanation, +see http://www.gnu.org/philosophy/why-not-lgpl.html. + +The GNU Lesser GPL license applies to the main gnutls library, while +the gnutls-extra library is under the GPL. The gnutls-extra library +contains the code for "GnuTLS Inner Application" support and the +OpenSSL compatibility layer. The gnutls library is located in the +lib/ directory, while the gnutls-extra library is at libextra/. --- gnutls26-2.8.3.orig/debian/changelog +++ gnutls26-2.8.3/debian/changelog @@ -0,0 +1,978 @@ +gnutls26 (2.8.3-2) unstable; urgency=low + + * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke + openpgp connections. + + -- Andreas Metzler Sat, 22 Aug 2009 14:14:48 +0200 + +gnutls26 (2.8.3-1) unstable; urgency=high + + * New upstream version. + + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it + was built against. Closes: #540449 + + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 + certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 + http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html + * Drop 15_chainverify_expiredcert.diff, included upstream. + * Urgency high, since 541439 applies to testing, too. + + -- Andreas Metzler Fri, 14 Aug 2009 19:14:29 +0200 + +gnutls26 (2.8.1-2) unstable; urgency=low + + [ Simon Josefsson ] + * Remove cruft in rules file. + * Remove patches/15_tasn1inpc.diff, not needed. + + [ Andreas Metzler ] + * Finally add an entry to the NEWS.Debian file concerning the deprecation of + RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 + * Upload to unstable. + * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. + Fix testsuite error caused by expired certificate. + + -- Andreas Metzler Thu, 06 Aug 2009 19:12:51 +0200 + +gnutls26 (2.8.1-1) experimental; urgency=low + + * New upstream stable release. + + -- Andreas Metzler Thu, 11 Jun 2009 09:15:28 +0200 + +gnutls26 (2.7.14-1) experimental; urgency=low + + * [debian/control] set section setting of source package to libs instead of + devel. + * New upstream version. + + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + + Bump shlibs, new symbols added. + + -- Andreas Metzler Tue, 26 May 2009 19:51:41 +0200 + +gnutls26 (2.7.12-1) experimental; urgency=low + + * Fix typo in changelog. Closes: #526427 + * New upstream release. + + Does not ship the scripts libgnutls-extra-config and libgnutls-config + and the .m4 snippet to use it anymore. Please switch to pkg-config or + standard autoconf test. Drop manpages and + both patches/13_lessdeps_gnutls-config.diff and + patches/13_lessdeps_gnutls-config.diff from the debian diff. + + Update remaining patches. + + Bump shlibs, new symbols added. + * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was + already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of + GNUTLS_2_8. + * New upstream uses separate ./configure scripts for the different + libraries. Invoke the main ./configure script with + --cache-file=$(CURDIR)/config.cache to speed things up. + + -- Andreas Metzler Thu, 21 May 2009 11:18:35 +0200 + +gnutls26 (2.6.6-1) unstable; urgency=high + + * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This + way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. + * New upstream security release. + + libgnutls: Corrected double free on signature verification failure. + GNUTLS-SA-2009-1 CVE-2009-1415 + + libgnutls: Fix DSA key generation. Noticed when investigating the + previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS + 2.6.x are corrupt. See the advisory for more details. + GNUTLS-SA-2009-2 CVE-2009-1416 + + libgnutls: Check expiration/activation time on untrusted certificates. + Before the library did not check activation/expiration times on + certificates, and was documented as not doing so. + GNUTLS-SA-2009-3 CVE-2009-1417 + * The former two issues only apply to gnutls 2.6.x. The latter is a + behavior change, add a NEWS.Debian file to document it. + + -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 + +gnutls26 (2.6.5-1) unstable; urgency=low + + * Sync sections in debian/control with override file. libgnutls26-dbg is + section debug, guile-gnutls is section lisp. + * New upstream version. (Needed for Libtasn1-3 2.0) + * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. + * Standards-Version: 3.8.1, no changes required. + + -- Andreas Metzler Tue, 14 Apr 2009 14:23:19 +0200 + +gnutls26 (2.6.4-2) unstable; urgency=low + + * Upload to unstable. + * Merge changelog entries from unstable and experimental. + + -- Andreas Metzler Mon, 16 Feb 2009 16:43:37 +0100 + +gnutls26 (2.6.4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Sat, 07 Feb 2009 14:32:57 +0100 + +gnutls26 (2.6.3-1) experimental; urgency=low + + * New upstream version. + + Corrects bug gnutls-cli which caused a rehandshake request + to be ignored. Closes: #396867 + * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) + + -- Andreas Metzler Sun, 21 Dec 2008 10:46:38 +0100 + +gnutls26 (2.6.2-2) experimental; urgency=low + + * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some + correct certificate chains were not recognized as verified. + Closes: #507633 + * [lintian] Add ${misc:Depends} to multiple dendency lines. + + -- Andreas Metzler Sat, 06 Dec 2008 13:31:58 +0100 + +gnutls26 (2.6.2-1) experimental; urgency=low + + * New upstream version. + + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + + Drop 20_fix_501077.diff. + * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper + there. + * Add Simon Josefsson to uploaders. + + -- Andreas Metzler Thu, 13 Nov 2008 19:30:06 +0100 + +gnutls26 (2.6.0-1) experimental; urgency=low + + * New upstream stable release. + * Add debian/patches/20_fix_501077.diff to fix an out of bound access in + gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 + + -- Andreas Metzler Sat, 25 Oct 2008 09:59:03 +0200 + +gnutls26 (2.5.9-1) experimental; urgency=low + + * New upstream development version. + * Bump shlibs. + + -- Andreas Metzler Sat, 04 Oct 2008 12:40:01 +0200 + +gnutls26 (2.4.2-6) unstable; urgency=medium + + * New patches, syncing with 2.4.3 upstream oldstable release: + + 24_intermedcertificate.patch If a non-root certificate ist trusted + gnutls certificateificate verification stops there instead of checking + up to the root of the certificate chain. + + 22_whitespace.patch - Whitespace only changes, to make it possible to + apply upstream fixes without manual changes. + + 25_bufferoverrun.patch. Fix buffer overrun bug in + gnutls_x509_crt_list_import. + http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e + + -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 + +gnutls26 (2.4.2-5) unstable; urgency=low + + * Pull two patches from upstream stable branch to make gnutls behavior + match documentation: + + patch 23_permit_v1_CA.diff:Accept v1 x509 CA + certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 + certificates signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. + CVE-2009-2409 + + -- Andreas Metzler Sat, 31 Jan 2009 16:26:52 +0100 + +gnutls26 (2.4.2-4) unstable; urgency=medium + + * Add Simon Josefsson to uploaders. + * Another fix for the verification fix. Some correct certificate chains were + not recognized as verified. Closes: #507633 + + -- Andreas Metzler Sat, 06 Dec 2008 12:09:33 +0100 + +gnutls26 (2.4.2-3) unstable; urgency=low + + * Fix a crash on trying to verify self-signed certificates introduced by the + patch for CVE-2008-4989. Closes: #505279 + + -- Andreas Metzler Wed, 12 Nov 2008 19:23:23 +0100 + +gnutls26 (2.4.2-2) unstable; urgency=medium + + * [CVE-2008-4989.diff] Fix man in the middle attack for certificate + verification. CVE-2008-4989 GNUTLS-SA-2008-3 + + -- Andreas Metzler Mon, 10 Nov 2008 19:42:54 +0100 + +gnutls26 (2.4.2-1) unstable; urgency=low + + * New upstream bugfix release. + * Up to date gnutls-cli manpage. Closes: #492775 + + -- Andreas Metzler Sun, 21 Sep 2008 10:35:16 +0200 + +gnutls26 (2.4.1-1) unstable; urgency=medium + + * New upstream version, fixing a local denial of service vulnerability only + present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 + + -- Andreas Metzler Tue, 01 Jul 2008 19:35:51 +0200 + +gnutls26 (2.4.0-2) unstable; urgency=low + + * Standards version 3.8.0. Rename README.source_and_patches to README.source. + * Upload to unstable. + * Point watchfile to stable releases again. + * Merge experimental and unstable changelog. + + -- Andreas Metzler Tue, 24 Jun 2008 19:13:25 +0200 + +gnutls26 (2.4.0-1) experimental; urgency=low + + * New upstream stable release. + * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. + + -- Andreas Metzler Wed, 18 Jun 2008 19:40:38 +0200 + +gnutls26 (2.3.15-1) experimental; urgency=low + + * New upstream version. (rc4) + Disables 'openpgp-certs' tests. Closes: #486269 + + -- Andreas Metzler Mon, 16 Jun 2008 19:08:24 +0200 + +gnutls26 (2.3.14-1) experimental; urgency=low + + * New upstream version. (rc3) + + -- Andreas Metzler Wed, 11 Jun 2008 19:16:18 +0200 + +gnutls26 (2.3.13-1) experimental; urgency=low + + * New upstream version. 2nd rc for 2.4.0. + * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. + + -- Andreas Metzler Sun, 08 Jun 2008 18:00:51 +0200 + +gnutls26 (2.3.12-1) experimental; urgency=low + + * New upstream version. Bump shlibs. + * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 + * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite + failure on sparc. + + -- Andreas Metzler Thu, 05 Jun 2008 19:08:29 +0200 + +gnutls26 (2.3.11-1) experimental; urgency=low + + * New upstream version. + + Fixes three security vulnerabilities. + [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See + . + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + + Fixes subjectAltName wildcard matching. Closes: #479174 + + certtool now writes keyfiles with 0600 permissions. Closes: #373169 + + -- Andreas Metzler Sat, 24 May 2008 08:25:36 +0200 + +gnutls26 (2.2.5-1) unstable; urgency=high + + * New upstream version. + Fixes three security vulnerabilities. + [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See + . + CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + + -- Andreas Metzler Tue, 20 May 2008 19:19:55 +0200 + +gnutls26 (2.3.9-1) experimental; urgency=low + + * New upstream development version. + - OpenPGP support merged into libgnutls and is now licensed under LGPL. + The included copy of OpenCDK has been stripped down and re-licensed + under the LGPL. Using the external OpenCDK is not supported anymore, the + external library will not be maintained anymore. Drop respective + (build-)depends. + - API extended, bump shlibs. + - certtool asks for password confirmation. Closes: #364287 + - performance enhancements for gnutls_certificate_set_x509_trust_file. + Closes: #400448 + - gnutls-cli: exits when hostname doesn't match certificate. + Use --insecure to avoid hostname comparison. + * For paranoia sake build with -D_REENTRANT even if upstream has stopped + doing so. + * [debian/copyright] : update, and stop including a GFDL copy. + * Point watchfile to development versions. + + -- Andreas Metzler Sat, 17 May 2008 16:56:04 +0200 + +gnutls26 (2.2.3-1) unstable; urgency=low + + * New upstream stable release. + - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 + + -- Andreas Metzler Mon, 12 May 2008 18:29:12 +0200 + +gnutls26 (2.2.3~rc-1) unstable; urgency=low + + * New upstream version. Release candidate for 2.2.3. + + Increase default handshake packet size limit to 48kb. Closes: #478191 + * remove unsupported .l command from debian/libgnutls-config.1 + * Use Programming/C as doc-base section. + + -- Andreas Metzler Thu, 01 May 2008 13:09:49 +0200 + +gnutls26 (2.2.2-1) unstable; urgency=low + + * New upstream version. + Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() + and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary + strings and return the proper size. + corrected string handling in parse_general_name. + Closes: #465197 + * Point watchfile to ftp.gnutls.org. + * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. + + -- Andreas Metzler Fri, 22 Feb 2008 19:08:36 +0100 + +gnutls26 (2.2.1-3) unstable; urgency=low + + * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build + gnutls guile wrapper on ia64. + + -- Andreas Metzler Mon, 04 Feb 2008 19:14:03 +0100 + +gnutls26 (2.2.1-2) unstable; urgency=low + + * Add Vcs-Svn: and Vcs-Browser control fields. + * Upload to unstable. + + -- Andreas Metzler Sun, 03 Feb 2008 18:14:21 +0100 + +gnutls26 (2.2.1-1) experimental; urgency=low + + * New upstream version. + * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper + there. + * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both + packages contain gnutls-bin debugging symbols. Closes: #459295. + + -- Andreas Metzler Sun, 20 Jan 2008 18:27:33 +0100 + +gnutls26 (2.2.0-1) experimental; urgency=low + + * New upstream version. + License change! Main library stays LGPLv2.1+ but libgnutls-extra, + libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is + updated. + * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older + versions were GPLv2+) and this license is not compatible with GPLv3+. + * Non packaged 2.1.8 introduced new symbol + gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. + * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. + * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for + DSA2 support. Closes: #455513 + * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. + + -- Andreas Metzler Sat, 15 Dec 2007 16:41:54 +0100 + +gnutls26 (2.1.7-1) experimental; urgency=low + + * New upstream version. + - Another soname bump. Packages renamed. + * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since + dak does not allow that yet. + * Add Build-Conflicts: libgnutls-dev to stop libtool from linking + libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 + + -- Andreas Metzler Sat, 1 Dec 2007 10:40:17 +0100 + +gnutls25 (2.1.6-2) experimental; urgency=low + + * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make + experimental buildds happy. + + -- Andreas Metzler Mon, 19 Nov 2007 18:58:48 +0100 + +gnutls25 (2.1.6-1) experimental; urgency=low + + * New upstream version. API changes! Please consult + /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, + removed (mainly *_authz_*) and changed interfaces. + This is the first release canddate for 2.2. The deprecation of + gnutls_set_default_priority() is supposed to be undone before the final + stable release. + * Bump build-depends. + * Stop building and shipping the C++ library, since nobody is using it. I + will happly re-add it if requested. + * Add Homepage field to debian/control. + * Build and ship Guile bindings. Requested by Ludovic Courtès who also + provided the initial patch. (On a sidenote I think guile generally does + not do the right thing by throwing dlopened modules into /usr/lib/.) + * Update debian/copyright. + + -- Andreas Metzler Sat, 17 Nov 2007 16:42:01 +0100 + +gnutls13 (2.0.1-1) unstable; urgency=low + + * New upstream version. + * Remove doc/*.info* on clean to allow building thrice in a row. + (Closes: #441740) + + -- Andreas Metzler Sat, 29 Sep 2007 11:29:22 +0200 + +gnutls13 (1.7.19-1) unstable; urgency=low + + * New upstream version 1.7.19. + - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. + This takes of care of the mutt breakage. Closes: #439640 + + -- Andreas Metzler Mon, 27 Aug 2007 19:36:23 +0200 + +gnutls13 (1.7.18-2) unstable; urgency=low + + * Upload to unstable + + -- Andreas Metzler Sat, 25 Aug 2007 09:27:18 +0200 + +gnutls13 (1.7.18-1) experimental; urgency=low + + * New upstream version 1.7.18, release candidate for 2.0. + * Bump shlibs, since functions have been added. + * Image files renamed upstream with gnutls- prefix and symlinked to + /usr/share/info/ in Debian package. Closes: #423577 + + -- Andreas Metzler Sat, 18 Aug 2007 09:06:11 +0200 + +gnutls13 (1.7.16-1) experimental; urgency=low + + * New upstream version 1.7.16. + + -- Andreas Metzler Sat, 11 Aug 2007 10:50:21 +0200 + +gnutls13 (1.7.14-1) experimental; urgency=low + + * New upstream version + - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 + + -- Andreas Metzler Sat, 30 Jun 2007 09:06:35 +0200 + +gnutls13 (1.7.12-1) experimental; urgency=low + + * New upstream version 1.7.12 + - Fixes memory errors in certificate parsing. Closes: #333050 + * Bump shlibs, due to API extensions in 1.7.10. + * Rebuilding of docs simpified, strip debian/README.source_and_patches to + reflect that. + + -- Andreas Metzler Sat, 23 Jun 2007 11:14:26 +0200 + +gnutls13 (1.7.9-1) experimental; urgency=low + + * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) + * New upstream version. + - Uses opencdk10 (0.6.x). + - Improved gnutls_set_default_priority() priorities, with matching correct + docs. (Closes: #422024) + - bumped shlibs. + * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage + twice in a row on the same sourcetree. (Closes: #424357) Document what is + needed to rebuild doc/gnutls.pdf in README.source_and_patches. + + -- Andreas Metzler Mon, 28 May 2007 08:36:42 +0200 + +gnutls13 (1.7.7-1) experimental; urgency=low + + * New development upstream version 1.7.7. + - Point watchfile to development versions. + - Bump shlibs for added APIs. + - Includes German translation. (Closes: #392857) + + -- Andreas Metzler Sun, 15 Apr 2007 10:11:21 +0200 + +gnutls13 (1.6.3-1) unstable; urgency=low + + * New upstream version, pulling selected fixes and features from 1.7.x. + * Bump shlibs. + + -- Andreas Metzler Sun, 27 May 2007 09:26:14 +0200 + +gnutls13 (1.6.2-2) unstable; urgency=low + + * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) + + -- Andreas Metzler Sun, 13 May 2007 09:48:31 +0200 + +gnutls13 (1.6.2-1) unstable; urgency=low + + * New upstream version + - Really Closes: #403887 libgnutls failes to parse OpenSSL generated + certificates, since it contains a regenerated pkix_asn1_tab.c. + - Ship German translation. Closes: #392857 + + -- Andreas Metzler Sat, 21 Apr 2007 10:57:02 +0200 + +gnutls13 (1.6.1-2) unstable; urgency=low + + * [gnutls-bin.install] Ship psktool. + * Ship gettext translations in deb package, but as gnutls13.mo instead of + gnutls.mo. + * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* + changelog entries after branchoff. Point watchfile to stable upstream + versions again. + * Drop dependency of libgnutls13-dbg on libgnutlsxx13. + + -- Andreas Metzler Sat, 3 Feb 2007 13:49:48 +0100 + +gnutls13 (1.6.1-1) experimental; urgency=low + + [ James Westby ] + * New upstream release. + + -- Andreas Metzler Sat, 3 Feb 2007 13:18:03 +0100 + +gnutls13 (1.6.0-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Sat, 18 Nov 2006 13:21:56 +0100 + +gnutls13 (1.5.3-1) experimental; urgency=low + + [ Andreas Metzler ] + * Fix debian/copyright. + - Do not use "copyright" as title of a paragraph listing licenses. + (Closes: #290194) + - Add a copy of the FDL 1.2 to debian/copyright. + * New upstream version 1.5.3. + * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. + * Drop code for re-libtoolizing and running auto* from debian/rules, it is + unused and would not work anymore. (We can later grab the from SVN and + update it to make work if we ever need it.) + + -- Andreas Metzler Sat, 28 Oct 2006 12:56:46 +0200 + +gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low + + [ Andreas Metzler ] + * Add a watchfile. + * New upstream development version. + - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz + - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was + broken. + - Drop unneeded patches/16_libs.private_gnutls.diff + patches/16_libs.private_gnutls-extra.diff + - Point watchfile to development versions. + - Builds a C++ library. + * Switch to debhelper v5 mode to be able to ship debug symbols of + libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. + * Branched off from 1.4.4-1. + + -- Andreas Metzler Sat, 30 Sep 2006 09:54:38 +0200 + +gnutls13 (1.4.4-3) unstable; urgency=low + + * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: + When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS + version, try to negotiate the highest version support by the GnuTLS + server, instead of the lowest. + + -- Andreas Metzler Sat, 11 Nov 2006 10:35:29 +0100 + +gnutls13 (1.4.4-2) unstable; urgency=low + + [ Andreas Metzler ] + * Add a watchfile. + * Fix debian/copyright. + - Do not use "copyright" as title of a paragraph listing licenses. + (Closes: #290194) + - Add a copy of the FDL 1.2 to debian/copyright. + + -- Andreas Metzler Tue, 12 Sep 2006 19:57:49 +0200 + +gnutls13 (1.4.4-1) unstable; urgency=high + + [ Andreas Metzler ] + * New upstream version 1.4.4 + - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't + crash mutt. (closes: #386725) + GNUTLS-SA-2006-4 is CVE-2006-4790. + + -- Andreas Metzler Tue, 12 Sep 2006 19:09:47 +0200 + +gnutls13 (1.4.3-2) unstable; urgency=low + + * the lesser of two weevils release. + [ Andreas Metzler ] + * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in + various programs, including mutt. (closes: #386680) + + -- Andreas Metzler Sat, 9 Sep 2006 19:29:52 +0200 + +gnutls13 (1.4.3-1) unstable; urgency=high + + [ Andreas Metzler ] + * New upstream version 1.4.3. + - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 + rump session attack. GNUTLS-SA-2006-4 + - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. + GNUTLS-SA-2006-3 + - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. + + -- Andreas Metzler Fri, 8 Sep 2006 19:12:33 +0200 + +gnutls13 (1.4.2-1) unstable; urgency=medium + + [ Andreas Metzler ] + * New upstream bugfix release. + - Fixes a crash in the certificate verification logic. + + -- Andreas Metzler Sat, 12 Aug 2006 10:44:16 +0200 + +gnutls13 (1.4.1-1) unstable; urgency=low + + [ James Westby ] + * New upstream release. + * Remove the following patches as they are now included upstream: + - 10_certtoolmanpage.diff + - 15_fixcompilewarning.diff + - 30_man_hyphen_*.patch + * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than + gnutls-api so that devhelp can find it. + + -- Andreas Metzler Sat, 15 Jul 2006 11:11:08 +0200 + +gnutls13 (1.4.0-3) unstable; urgency=low + + [ Andreas Metzler ] + * Strip "libgnutls-config --libs"' output to only list stuff required for + dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's + README.Debian. + * Pull patches/16_libs.private_gnutls.diff and + debian/patches/16_libs.private_gnutls-extra.diff from upstream to make + pkg-config usable for static linking. + + -- Andreas Metzler Sun, 2 Jul 2006 12:10:56 +0200 + +gnutls13 (1.4.0-2) unstable; urgency=low + + [ Andreas Metzler ] + * Set maintainer to alioth mailinglist. + * Drop code for updating config.guess/config.sub from debian/rules, as cdbs + handles this. Build-Depend on autotools-dev. + * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. + * Use cdbs' simple-patchsys.mk. + - add debian/README.source_and_patches + - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff + * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) + * Also ship css-, devhelp- and sgml files in gnutls-doc. + * patches/15_fixcompilewarning.diff correct order of funtion arguments. + + [ James Westby ] + * This release allows the port to be specified as the name of the service + when using gnutls-cli (closes: #342891) + + -- Andreas Metzler Sat, 17 Jun 2006 20:44:09 +0200 + +gnutls13 (1.4.0-1) experimental; urgency=low + + * New maintainer team. Thanks, Matthias for all the work you did. + * Re-add gnutls-doc package, featuring api-reference as manual pages and + html, and reference manual in html and pdf format. + (closes: #368185,#368449) + * Fix reference to gnutls0.4-doc package in debian/copyright. Update + debian/copyright and include actual copyright statements. + (closes: #369071) + * Bump shlibs because of changes to extra.h + * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will + generate the necessary directories. + * Drop debian/NEWS.Debian as it only talks about the move of the (since + purged) gnutls-doc package to contrib a long time ago. + (Thanks Simon Josefsson, for these suggestions.) + * new upstream version. (closes: #368323) + * clean packaging against upstream tarball. + - Drop all patches, except for fixing error in certtool.1 and setting + gnutls_libs=-lgnutls-extra in libgnutls-extra-config. + - Add --enable-ld-version-script + to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of + patching ./configure.in. + (closes: #367358) + * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. + * Build against external libtasn1-3. (closes: #363294) + * Standards-Version: 3.7.2, no changes required. + * debian/control and override file are in sync with respect to Priority and + Section, everthing except libgnutls13-dbg already was. (closes: #366956) + * acknowledge my own NMU. (closes: #367065) + * libgnutls13-dbg is nonempty (closes: #367056) + + -- Andreas Metzler Sat, 20 May 2006 11:22:36 +0000 + +gnutls13 (1.3.5-1.1) unstable; urgency=low + + * NMU + * Invoke ./configure with --with-included-libtasn1 to prevent accidental + linking against the broken 0.3.1-1 upload of libtasn1-2-dev which + contained libtasn1.so.3 and force gnutls13 to use the internal version of + libtasn instead until libtasn1-3-dev is uploaded. Drop broken + Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) + * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead + of --dbg-package=libgnutls12. (closes: #367056) + + -- Andreas Metzler Sat, 13 May 2006 07:45:32 +0000 + +gnutls13 (1.3.5-1) unstable; urgency=low + + * New Upstream version. + - Security fix. + - Yet another ABI change. + * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 + * Let -dev package depend on liblzo-dev (closes:#347438) + * Fix certtool help output (closes:#338623) + + -- Matthias Urlichs Sat, 18 Mar 2006 22:46:25 +0100 + +gnutls12 (1.2.9-2) unstable; urgency=low + + * Install /usr/lib/pkgconfig/*.pc files. + * Depend on texinfo (>= 4.8, for the @euro{} sign). + + -- Matthias Urlichs Tue, 15 Nov 2005 19:26:02 +0100 + +gnutls12 (1.2.9-1) unstable; urgency=low + + * New Upstream version. + + -- Matthias Urlichs Fri, 11 Nov 2005 18:51:28 +0100 + +gnutls12 (1.2.8-1) unstable; urgency=low + + * New Upstream version. + - depends on libgcrypt11 1.2.2 + * Bumped shlibs version, just to be on the safe side. + + -- Matthias Urlichs Wed, 19 Oct 2005 12:05:14 +0200 + +gnutls12 (1.2.6-1) unstable; urgency=low + + * New Upstream version. + * Remove Provides: on libgnutls11-dev. + Hopefully this will be temporary (pending discussion with Upstream). + + -- Matthias Urlichs Thu, 11 Aug 2005 12:21:36 +0200 + +gnutls12 (1.2.5-3) unstable; urgency=high + + * Updated libgnutls12.shlibs file. + Thanks to Mike Paul . + Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks + dependencies on this library + + -- Matthias Urlichs Thu, 21 Jul 2005 13:19:25 +0200 + +gnutls12 (1.2.5-2) unstable; urgency=medium + + * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. + Added an explicit dependency as a stopgap fix. + + -- Matthias Urlichs Thu, 21 Jul 2005 08:27:22 +0200 + +gnutls12 (1.2.5-1) unstable; urgency=low + + * Merged with the latest stable release. + * Renamed to gnutls12. + - Changed the library version strings to GNUTLS_1_2. + - Renamed the development package back to "libgnutls-dev". + + -- Matthias Urlichs Tue, 5 Jul 2005 10:35:56 +0200 + +gnutls11 (1.0.19-1) experimental; urgency=low + + * Merged with the latest stable release. + + -- Matthias Urlichs Sun, 26 Dec 2004 13:28:45 +0100 + +gnutls11 (1.0.16-13) unstable; urgency=high + + * Fixed an ASN.1 extraction error. + Found by Pelle Johansson . + + -- Matthias Urlichs Mon, 29 Nov 2004 10:16:21 +0100 + +gnutls11 (1.0.16-12) unstable; urgency=high + + * Fixed a segfault in certtool. Closes: #278361. + + -- Matthias Urlichs Thu, 11 Nov 2004 09:40:02 +0100 + +gnutls11 (1.0.16-11) unstable; urgency=medium + + * Merged binary (non-UF8) string printing code from Upstream. + * Password code in certtool was somewhat broken. + + -- Matthias Urlichs Sat, 6 Nov 2004 13:11:03 +0100 + +gnutls11 (1.0.16-10) unstable; urgency=high + + * Fixed one instance of uninitialized memory usage. + + -- Matthias Urlichs Thu, 21 Oct 2004 06:07:53 +0200 + +gnutls11 (1.0.16-9) unstable; urgency=high + + * Pulled from Upstream CVS: + - Fix two memory leaks. + - Fix NULL dereference. + + -- Matthias Urlichs Fri, 8 Oct 2004 10:43:20 +0200 + +gnutls11 (1.0.16-8) unstable; urgency=high + + * Pulled these changes from Upstream CVS: + - Added default limits in the verification of certificate chains, + to avoid denial of service attacks. + - Added gnutls_certificate_set_verify_limits() to override them. + - Added gnutls_certificate_verify_peers2(). + + -- Matthias Urlichs Sun, 12 Sep 2004 02:05:25 +0200 + +gnutls11 (1.0.16-7) unstable; urgency=low + + * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. + Thanks to joeyh@debian.org for reporting this problem. + + -- Matthias Urlichs Sat, 14 Aug 2004 11:22:51 +0200 + +gnutls11 (1.0.16-6) unstable; urgency=medium + + * Memory leak, found by Modestas Vainius . + - Closes: #264420 + + -- Matthias Urlichs Sun, 8 Aug 2004 22:21:01 +0200 + +gnutls11 (1.0.16-5) unstable; urgency=low + + * Depend on current libtasn1-2 (>= 0.2.10). + - Closes: #264198. + * Fixed maintainer email to point to Debian address. + + -- Matthias Urlichs Sat, 7 Aug 2004 19:44:38 +0200 + +gnutls11 (1.0.16-4) unstable; urgency=low + + * The OpenSSL compatibility library has been linked incorrectly + (-ltasn1 was missing). + * Need to build-depend on current opencdk8 and libtasn1-2 version. + + -- Matthias Urlichs Sat, 7 Aug 2004 19:29:32 +0200 + +gnutls11 (1.0.16-3) unstable; urgency=high + + * Documentation no longer includes LaTeX-produced output + (the source contains latex2html-specific features, which is non-free). + * Urgency: High because of pending base freeze. + + -- Matthias Urlichs Mon, 26 Jul 2004 11:18:20 +0200 + +gnutls11 (1.0.16-2) unstable; urgency=high + + * Actually *enable* debug symbols :-/ + * Urgency: High for speedy inclusion in d-i + + -- Matthias Urlichs Fri, 23 Jul 2004 22:38:07 +0200 + +gnutls11 (1.0.16-1) experimental; urgency=low + + * Update to latest Upstream version. + * now depends on libgcrypt11 + * Include debugging package + * Use hevea, not latex2html. + + -- Matthias Urlichs Wed, 21 Jul 2004 16:58:26 +0200 + +gnutls10 (1.0.4-4) unstable; urgency=low + + * New maintainer. + * Run autotools at source package build time. + - Closes: #257237: FTBFS (i386/sid): aclocal failed + * Remove "package is still changed upstream" warning. + * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. + + -- Matthias Urlichs Fri, 16 Jul 2004 02:09:36 +0200 + +gnutls10 (1.0.4-3) unstable; urgency=low + + * control: Changed the build dependency and the dependency of + libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; + libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which + could cause linking against two versions of libgcrypt. + + -- Ivo Timmermans Sat, 24 Jan 2004 15:32:22 +0100 + +gnutls10 (1.0.4-2) unstable; urgency=low + + * libgnutls-doc.doc-base: Removed HTML manual listing. + * control: Removed Jordi Mallach from the list of Uploaders. Thanks, + Jordi :) + + -- Ivo Timmermans Wed, 14 Jan 2004 13:35:42 +0100 + +gnutls10 (1.0.4-1) unstable; urgency=low + + * New upstream release (Closes: #227527) + * The new documentation in libgnutls-doc fixes several typo's and + style glitches: + Closes: #215772: inconsistent auth method list in manual + Closes: #215775: dangling footnote on page 14 of manual + Closes: #215777: bad sentence on page 18 of manual + Closes: #215780: incorrect info about ldaps/imaps in manual + * rules: + * Use --add-missing instead of --force in the call to automake. + * Don't build gnutls.ps, use the upstream version. + (Closes: #224846) + * gnutls-bin.manpages: Use glob to find manpages. + * patches/008_manpages.diff: Removed; included upstream. + + -- Ivo Timmermans Tue, 13 Jan 2004 23:57:16 +0100 + +gnutls10 (1.0.0-1) unstable; urgency=low + + * New upstream release. + * Major soversion changed to 10. + * control: Changed build dependencies of libtasn1-dev. + * libgnutls10.shlibs: Added libgnutls-openssl to the list. + + -- Ivo Timmermans Mon, 29 Dec 2003 23:23:08 +0100 + +gnutls8 (0.9.99-1) experimental; urgency=low + + * New upstream release. + * Included upstream GPG signature in .orig.tar.gz. + + -- Ivo Timmermans Wed, 3 Dec 2003 22:33:52 +0100 + +gnutls8 (0.9.98-1) experimental; urgency=low + + * New upstream release. + * debian/control: libgnutls8-dev depends on libopencdk8-dev. + * debian/libgnutls-doc.examples: Install src/*.[ch]. + + -- Ivo Timmermans Sun, 23 Nov 2003 15:44:38 +0100 + +gnutls8 (0.9.95-1) experimental; urgency=low + + * New upstream version. + + -- Ivo Timmermans Fri, 7 Nov 2003 19:50:22 +0100 + +gnutls8 (0.9.94-1) experimental; urgency=low + + * New upstream version; package based on gnutls7 0.8.12-2. + * debian/control: + * Build-depend on libgcrypt7-dev (>= 1.1.44-0). + * debian/rules: Run auto* after the patches have been applied. + + -- Ivo Timmermans Fri, 31 Oct 2003 18:47:09 +0100 + + --- gnutls26-2.8.3.orig/debian/rules +++ gnutls26-2.8.3/debian/rules @@ -0,0 +1,53 @@ +#! /usr/bin/make -f +# Build the gnutls package for Debian. + +CFLAGS += -D_REENTRANT +ifeq ($(DEB_BUILD_ARCH),hppa) + CFLAGS += -fno-gcse +endif + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk + +DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script --disable-cxx --without-lzo --enable-guile --with-guile-site-dir=/usr/share/guile/site --cache-file=$(CURDIR)/config.cache +DEB_MAKE_CHECK_TARGET = check +DEB_DH_STRIP_ARGS = --dbg-package=libgnutls26-dbg +DEB_DH_MAKESHLIBS_ARGS_libgnutls26 := -V 'libgnutls26 (>=2.7.14-0)' +DEB_DH_MAKESHLIBS_ARGS_guile-gnutls := -Xusr/lib/libguile-gnutls- +DEB_COMPRESS_EXCLUDE := gnutls.pdf + +# pre-clean rule: save gnutls.pdf since it is expensive to regenerate. +# See README.source +cleanbuilddir/gnutls-doc:: + if [ -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi + + +# additional commands for clean +clean:: + mkdir -p m4 + + -rm -rf autom4te.cache + + -rm -f tests/stamp-tests + # stupid conflicts + -rm -f doc/*.info* lib/po/libgnutls26.pot + # restore gnutls.pdf + if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi + +# additional comands for build rule +build/gnutls-doc:: + $(MAKE) html + +# add post deb preparation (including debhelper stuff) actions +# generate symlinks manually and use dh_link to make them policy-conform. +binary-install/gnutls-doc:: + cd debian/gnutls-doc && \ + for i in usr/share/doc/gnutls-doc/html/gnutls*.png ; do \ + i=`basename "$$i"` ; \ + ln -s "/usr/share/doc/gnutls-doc/html/$$i" \ + usr/share/info/ ; \ + done && \ + cd ../.. && \ + dh_link -pgnutls-doc + --- gnutls26-2.8.3.orig/debian/libgnutls26.install +++ gnutls26-2.8.3/debian/libgnutls26.install @@ -0,0 +1,3 @@ +debian/tmp/usr/lib/libgnutls.so.* usr/lib +debian/tmp/usr/lib/libgnutls-*.so.* usr/lib +debian/tmp/usr/share/locale/* /usr/share/locale --- gnutls26-2.8.3.orig/debian/libgnutls-dev.install +++ gnutls26-2.8.3/debian/libgnutls-dev.install @@ -0,0 +1,8 @@ +debian/tmp/usr/include/* usr/include +debian/tmp/usr/lib/libgnutls*.so usr/lib +debian/tmp/usr/lib/libgnutls*.a usr/lib +debian/tmp/usr/lib/libgnutls.la usr/lib +debian/tmp/usr/lib/libgnutls-*.la usr/lib +debian/tmp/usr/lib/pkgconfig/gnutls.pc usr/lib/pkgconfig +debian/tmp/usr/lib/pkgconfig/gnutls-extra.pc usr/lib/pkgconfig + --- gnutls26-2.8.3.orig/debian/guile-gnutls.install +++ gnutls26-2.8.3/debian/guile-gnutls.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/libguile-gnutls*.so* usr/lib +debian/tmp/usr/share/guile/site usr/share/guile --- gnutls26-2.8.3.orig/debian/gnutls-doc.info +++ gnutls26-2.8.3/debian/gnutls-doc.info @@ -0,0 +1 @@ +debian/tmp/usr/share/info/gnutls.info* --- gnutls26-2.8.3.orig/debian/guile-gnutls.README.Debian +++ gnutls26-2.8.3/debian/guile-gnutls.README.Debian @@ -0,0 +1,8 @@ +guile bindings for gnutls. + +Guile binary extensions currently use dlopened dynamic libraries installed in +/usr/lib/. These are not to be used a C-libraries. Which is why ... + - we do not provide shlibs files for these + - and the .so symlink is not in the dev-package. + +(Thanks to Ludovic Courtès for the explanations.) --- gnutls26-2.8.3.orig/debian/gnutls-doc.doc-base.apireference +++ gnutls26-2.8.3/debian/gnutls-doc.doc-base.apireference @@ -0,0 +1,9 @@ +Document: gnutls-api +Title: GNU TLS API Reference Manual +Author: Simon Josefsson +Abstract: GNU TLS API Reference Manual +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/gnutls-doc/api-reference/index.html +Files: /usr/share/doc/gnutls-doc/api-reference/* --- gnutls26-2.8.3.orig/debian/gnutls-bin.manpages +++ gnutls26-2.8.3/debian/gnutls-bin.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/*/*.1 --- gnutls26-2.8.3.orig/debian/patches/14_version_gettextcat.diff +++ gnutls26-2.8.3/debian/patches/14_version_gettextcat.diff @@ -0,0 +1,12 @@ +diff -NurbB gnutls-2.7.10.orig/lib/po/Makevars gnutls-2.7.10/lib/po/Makevars +--- gnutls-2.7.10.orig/lib/po/Makevars 2009-05-11 18:15:43.000000000 +0200 ++++ gnutls-2.7.10/lib/po/Makevars 2009-05-14 19:29:24.000000000 +0200 +@@ -1,7 +1,7 @@ + # Makefile variables for PO directory in any package using GNU gettext. + + # Usually the message domain is the same as the package name. +-DOMAIN = $(PACKAGE) ++DOMAIN = $(PACKAGE)26 + + # These two variables depend on the location of this directory. + subdir = po --- gnutls26-2.8.3.orig/debian/patches/15_openpgp.diff +++ gnutls26-2.8.3/debian/patches/15_openpgp.diff @@ -0,0 +1,23 @@ +From 9eed44b4ef9538117cc134956b32bc8fd39534fd Mon Sep 17 00:00:00 2001 +From: Simon Josefsson +Date: Thu, 20 Aug 2009 10:21:09 +0000 +Subject: Fix OpenPGP hostname comparison. + +--- +diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c +index 8018ced..aa2a235 100644 +--- a/lib/openpgp/pgp.c ++++ b/lib/openpgp/pgp.c +@@ -589,6 +589,10 @@ gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, + + if (ret == 0) + { ++ /* Length returned by gnutls_openpgp_crt_get_name includes ++ the terminating zero. */ ++ dnsnamesize--; ++ + if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) + return 1; + } +-- +cgit v0.8.2.1