gnutls28 3.6.15-4ubuntu1 source package in Ubuntu

Changelog

gnutls28 (3.6.15-4ubuntu1) groovy; urgency=low

  * Merge from Debian unstable LP: #1893924.  Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).

gnutls28 (3.6.15-4) unstable; urgency=medium

  * autopkgtest: Require build-essential.
  * autopkgtest: respect dpkg-buildflags for helper-binary build.

gnutls28 (3.6.15-3) unstable; urgency=medium

  * More autopkgtest hotfixes.

gnutls28 (3.6.15-2) unstable; urgency=medium

  * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
    installed gnutls-bin.
  * In autopkgtest set top_builddir and builddir, ignore
    tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.

gnutls28 (3.6.15-1) unstable; urgency=low

  * New upstream version.
    + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
      unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
      Closes: #969547
    + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
      50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
    + Fix build error due to outdated gettext in Debian by removing newer
      gettext m4 macros from m4/.

gnutls28 (3.6.14-2) unstable; urgency=medium

  * Pull selected patches from upstream GIT:
    + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
      Fixes difference in generated docs on 32 and 64 bit archs.
    + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      Fix memleak in gnutls_aead_cipher_init() with keys having invalid
      length. (Broken since 3.6.3)
    + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
      Closes: #962467

gnutls28 (3.6.14-1) unstable; urgency=high

  * Drop debugging code added in -4, fixes nocheck profile build error.
    Closes: #962199
  * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
    debian/upstream/signing-key.asc.
  * New upstream version.
    + Fixes insecure session ticket key construction.
      [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
    + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
      51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
      51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
      51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
  * Drop guile-gnutls.lintian-overrides.
  * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
    AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
    IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
    Hopefully Closes: #962218

 -- Dimitri John Ledkov <email address hidden>  Thu, 24 Sep 2020 12:03:44 +0100

Upload details

Uploaded by:
Dimitri John Ledkov
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnutls28_3.6.15.orig.tar.xz 5.8 MiB 0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558
gnutls28_3.6.15.orig.tar.xz.asc 833 bytes 49abc685c9504b4b4de7a0cd8075ee9a4c01f0a6e2b2c9b86a24c58b1e7ac7c5
gnutls28_3.6.15-4ubuntu1.debian.tar.xz 64.2 KiB 0b671893cde7cb7fb98fffcaf2935135b993624d098da0d83603c5458eac110b
gnutls28_3.6.15-4ubuntu1.dsc 3.5 KiB 416313563c8fbf112aa817bd418b7c752b496f5d21f1ac38a8534009dc8d2f0f

View changes file

Binary packages built by this source

gnutls-bin: GNU TLS library - commandline utilities

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains a commandline interface to the GNU TLS library, which
 can be used to set up secure connections from e.g. shell scripts, debugging
 connection issues or managing certificates.
 .
 Useful utilities include:
  - TLS termination: gnutls-cli, gnutls-serv
  - key and certificate management: certtool, ocsptool, p11tool
  - credential management: srptool, psktool

gnutls-bin-dbgsym: debug symbols for gnutls-bin
gnutls-doc: GNU TLS library - documentation and examples

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains all the GnuTLS documentation.

guile-gnutls: GNU TLS library - GNU Guile bindings

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the GNU Guile modules.

guile-gnutls-dbgsym: debug symbols for guile-gnutls
libgnutls-dane0: GNU TLS library - DANE security support

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the runtime library for DANE (DNS-based Authentication
 of Named Entities) support.

libgnutls-dane0-dbgsym: debug symbols for libgnutls-dane0
libgnutls-openssl27: GNU TLS library - OpenSSL wrapper

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the runtime library of the GnuTLS OpenSSL wrapper.

libgnutls-openssl27-dbgsym: debug symbols for libgnutls-openssl27
libgnutls28-dev: GNU TLS library - development files

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the GnuTLS development files.

libgnutls30: GNU TLS library - main runtime library

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the main runtime library.

libgnutls30-dbgsym: debug symbols for libgnutls30
libgnutlsxx28: GNU TLS library - C++ runtime library

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the C++ runtime libraries.

libgnutlsxx28-dbgsym: debug symbols for libgnutlsxx28