-
gnutls28 (3.6.4-2ubuntu1.2) cosmic-security; urgency=medium
* SECURITY UPDATE: double free in cert verification API
- debian/patches/CVE-2019-3829-1.patch: automatically NULLify after
gnutls_free() in lib/includes/gnutls/gnutls.h.in.
- debian/patches/CVE-2019-3829-2.patch: remove redundant resets of
variables after free().
- debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer
in lib/x509/x509.c.
- CVE-2019-3829
* SECURITY UPDATE: uninitialized pointer access
- debian/patches/CVE-2019-3836.patch: add missing initialization of
local variable in lib/handshake-tls13.c.
- CVE-2019-3836
-- Marc Deslauriers <email address hidden> Tue, 28 May 2019 13:14:35 -0400
-
gnutls28 (3.6.4-2ubuntu1.1) cosmic; urgency=medium
* gnutls-3.6.4-fix-rehandshake.patch: Fix rehandshake breaking glib
stuff (LP: #1804673)
-- Julian Andres Klode <email address hidden> Mon, 21 Jan 2019 08:56:16 +0100
-
gnutls28 (3.6.4-2ubuntu1) cosmic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
* 0001-Skip-tests-tls13-prf.c-if-visibility-protected-doesn.patch:
cherrypick upstream patch to fix test-suite with symbolic-functions
* This upstream release includes TLS 1.3 support.
gnutls28 (3.6.4-2) experimental; urgency=medium
* Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.
gnutls28 (3.6.4-1) experimental; urgency=medium
* New upstream version.
* Update symbol file.
* Drop --enable-tls13-support configure option.
gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium
* 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback
detection for the draft-tls support, because it will be triggered once
TLS versions with the final numbering are deployed. (Thanks, Nikos!)
gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium
* Set Rules-Requires-Root: no.
* New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41.
+ Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch
+ Update symbol file.
gnutls28 (3.6.3-2) experimental; urgency=medium
* Update basic feature list in package descriptions, based on short
description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3
added.) Closes: #904681
* 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes
cherrypicked by Nikos for Fedora rawhide.
gnutls28 (3.6.3-1) experimental; urgency=medium
* New upstream version.
* 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
gnutls28 (3.6.2+git20180714-1) experimental; urgency=low
* New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94.
+ SSL 3.0 disabled by default at compile-time.
* Bump symbol dependency info.
gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium
* New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e.
* Drop 40_add_missingm4.diff.
* Bump symbol dependency info.
* For testing build with --enable-tls13-support.
gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium
* 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.
gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium
* New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762.
* Drop superfluous patches:
+ 40_increase_srp_test_timeout.diff
+ 50_mark_tests_xfail.diff
+ 52_fix_testcompat-main-openssl.diff
* Add new functions to symbol file.
* Many enums/flags extended, be conservative and bump sympol dependency
info.
* Bump libgnutlsxx28 shlibs.
* Bump (b-)d on nettle-dev and libp11-kit-dev.
gnutls28 (3.6.2-3) experimental; urgency=low
* 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix
FTBFS with softhsm 2.4.0.
* [lintian] Delete trailing empty lines in changelog.
* 52_fix_testcompat-main-openssl.diff: Allow running test successfully
and against binaries from installed gnutls-bin package.
* Add autopkgtest, running a subset (the shellscripts using gnutls-cli et
al) of the upstream testsuite.
gnutls28 (3.6.2-2) experimental; urgency=low
* 40_increase_srp_test_timeout.diff: Increase timeouts for srp test
The new srp-8192 test failed on slow archs (mips/mipsel).
* Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and
build-depends-on-1-revision.
* Point Vcs-* to salsa.
* Sort Build-Depends alphabetically.
gnutls28 (3.6.2-1) experimental; urgency=low
* (Build-)depend on libidn2-dev instead of transitional package
libidn2-0-dev. Closes: #883187
* Point homepage field and watchfile to https URL.
* Use gpg --enarmor to move from debian/upstream-signing-key.pgp to
debian/upstream/signing-key.asc (and stop uscan from doing so on every
invocation).
* Refresh upstream key, adding signing subkey
A812CBFDFCDC4D0BE7A093129D5EAAF69013B842.
* New upstream version.
+ When verifying against a self signed certificate ignore issuer. That
is, ignore issuer when checking the issuer's parameters strength,
resolving issue #347 which caused self signed certificates to be
additionally marked as of insufficient security level.
Closes: #885127
+ Bump shlibs/symbol files for newly added symbols.
* [lintian] Clean up trailing whitespace in debian/changelog.
* Sync priorities with override file (libgnutls30/libgnutls-dane0 standard
-> optional).
* DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from
build-depends. Stop specifying --parallel --with autoreconf.
gnutls28 (3.6.1-1) experimental; urgency=medium
* New upstream version.
+ Drop 35_modernize_gtkdoc.diff.
+ Fixes interoperability issue with openssl when safe renegotiation was
used. Closes: #873055
+ Update symbol file.
gnutls28 (3.6.0-2) experimental; urgency=medium
* 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
from gtk-doc git head (that is 1.26 +
c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
Closes: #876587
gnutls28 (3.6.0-1) experimental; urgency=low
* New upstream version.
+ Multiple enums listing function flags have been extended, new
algorithms have been added. Bump dependency info on all symbols in
main GnuTLS library to >= 3.6.0, to make sure the versioning is
strict enough.
+ Drop (build-)dependency on zlib1g-dev.
+ Update copyright info.
+ Calls to gnutls_record_send() and gnutls_record_recv()
prior to handshake being complete are now refused. Closes: #849807
* Drop --without-lzo from ./configure, it has been a noop for a long time.
* Build in private directory, using "dh --builddirectory=b4deb".
-- Dimitri John Ledkov <email address hidden> Fri, 05 Oct 2018 17:12:04 +0100
-
gnutls28 (3.5.19-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
gnutls28 (3.5.19-1) unstable; urgency=low
* New upstream version.
+ Drop 35_modernize_gtkdoc.diff.
-- Julian Andres Klode <email address hidden> Thu, 16 Aug 2018 11:36:30 +0200
-
gnutls28 (3.5.18-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
gnutls28 (3.5.18-1) unstable; urgency=medium
* New upstream version.
* Refresh upstream key, adding new signing subkey. Move to ascii armored
keyring.
-- Julian Andres Klode <email address hidden> Mon, 12 Mar 2018 11:12:59 +0100