Ubuntu
gnutls28 package

Change logs for gnutls28 source package in Cosmic

  1. Cosmic (18.10)
  2. Change log 
  • gnutls28 (3.6.4-2ubuntu1.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: double free in cert verification API
    - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after
      gnutls_free() in lib/includes/gnutls/gnutls.h.in.
    - debian/patches/CVE-2019-3829-2.patch: remove redundant resets of
      variables after free().
    - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer
      in lib/x509/x509.c.
    - CVE-2019-3829
  * SECURITY UPDATE: uninitialized pointer access
    - debian/patches/CVE-2019-3836.patch: add missing initialization of
      local variable in lib/handshake-tls13.c.
    - CVE-2019-3836

 -- Marc Deslauriers <email address hidden>  Tue, 28 May 2019 13:14:35 -0400
  • gnutls28 (3.6.4-2ubuntu1.1) cosmic; urgency=medium

  * gnutls-3.6.4-fix-rehandshake.patch: Fix rehandshake breaking glib
    stuff (LP: #1804673)

 -- Julian Andres Klode <email address hidden>  Mon, 21 Jan 2019 08:56:16 +0100
  • gnutls28 (3.6.4-2ubuntu1) cosmic; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
  * 0001-Skip-tests-tls13-prf.c-if-visibility-protected-doesn.patch:
    cherrypick upstream patch to fix test-suite with symbolic-functions
  * This upstream release includes TLS 1.3 support.

gnutls28 (3.6.4-2) experimental; urgency=medium

  * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.

gnutls28 (3.6.4-1) experimental; urgency=medium

  * New upstream version.
  * Update symbol file.
  * Drop --enable-tls13-support configure option.

gnutls28 (3.6.3+git20180815-2) experimental; urgency=medium

  * 50_fedora_gnutls-3.6.3-rollback-fix.patch: Disables the rollback
    detection for the draft-tls support, because it will be triggered once
    TLS versions with the final numbering are deployed. (Thanks, Nikos!)

gnutls28 (3.6.3+git20180815-1) experimental; urgency=medium

  * Set Rules-Requires-Root: no.
  * New upstream snapshot d4624761e3893314d5504a6ecbc9da6ff758bc41.
    + Drop 50_gnutls-3.6.3-backport-upstream-fixes.patch
    + Update symbol file.

gnutls28 (3.6.3-2) experimental; urgency=medium

  * Update basic feature list in package descriptions, based on short
    description on https://gnutls.org/. (Inter alia: no more SSL 3.0, TLS 1.3
    added.) Closes: #904681
  * 50_gnutls-3.6.3-backport-upstream-fixes.patch: Selective tls1.3 fixes
    cherrypicked by Nikos for Fedora rawhide.

gnutls28 (3.6.3-1) experimental; urgency=medium

  * New upstream version.
  * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.

gnutls28 (3.6.2+git20180714-1) experimental; urgency=low

  * New upstream snapshot c378f48f61736cc3579e4ea0422b81209dff4e94.
    + SSL 3.0 disabled by default at compile-time.
  * Bump symbol dependency info.

gnutls28 (3.6.2+git20180707-1) experimental; urgency=medium

  * New upstream snapshot c27376064181a17811d23b5647d98d5656d8813e.
  * Drop 40_add_missingm4.diff.
  * Bump symbol dependency info.
  * For testing build with --enable-tls13-support.

gnutls28 (3.6.2+git20180629-2) experimental; urgency=medium

  * 40_add_missingm4.diff: copy gtk-doc.m4 to m4 to fix arch-only FTBFS.

gnutls28 (3.6.2+git20180629-1) experimental; urgency=medium

  * New upstream snapshot 5acae52b4ad3e2079c5dfac975badde51289e762.
  * Drop superfluous patches:
    + 40_increase_srp_test_timeout.diff
    + 50_mark_tests_xfail.diff
    + 52_fix_testcompat-main-openssl.diff
  * Add new functions to symbol file.
  * Many enums/flags extended, be conservative and bump sympol dependency
    info.
  * Bump libgnutlsxx28 shlibs.
  * Bump (b-)d on nettle-dev and libp11-kit-dev.

gnutls28 (3.6.2-3) experimental; urgency=low

  * 50_mark_tests_xfail.diff: Mark pkcs11/tls-neg-pkcs11-key as xfail to fix
    FTBFS with softhsm 2.4.0.
  * [lintian] Delete trailing empty lines in changelog.
  * 52_fix_testcompat-main-openssl.diff: Allow running test successfully
    and against binaries from installed gnutls-bin package.
  * Add autopkgtest, running a subset (the shellscripts using gnutls-cli et
    al) of the upstream testsuite.

gnutls28 (3.6.2-2) experimental; urgency=low

  * 40_increase_srp_test_timeout.diff: Increase timeouts for srp test
    The new srp-8192 test failed on slow archs (mips/mipsel).
  * Add lintian overrides for debian-rules-parses-dpkg-parsechangelog and
    build-depends-on-1-revision.
  * Point Vcs-* to salsa.
  * Sort Build-Depends alphabetically.

gnutls28 (3.6.2-1) experimental; urgency=low

  * (Build-)depend on libidn2-dev instead of transitional package
    libidn2-0-dev. Closes: #883187
  * Point homepage field and watchfile to https URL.
  * Use gpg --enarmor to move from debian/upstream-signing-key.pgp to
    debian/upstream/signing-key.asc (and stop uscan from doing so on every
    invocation).
  * Refresh upstream key, adding signing subkey
    A812CBFDFCDC4D0BE7A093129D5EAAF69013B842.
  * New upstream version.
    + When verifying against a self signed certificate ignore issuer. That
      is, ignore issuer when checking the issuer's parameters strength,
      resolving issue #347 which caused self signed certificates to be
      additionally marked as of insufficient security level.
      Closes: #885127
    + Bump shlibs/symbol files for newly added symbols.
  * [lintian] Clean up trailing whitespace in debian/changelog.
  * Sync priorities with override file (libgnutls30/libgnutls-dane0 standard
    -> optional).
  * DH compat 10. Drop autotools-dev/dpkg-dev/dh-autoreconf from
    build-depends. Stop specifying --parallel --with autoreconf.

gnutls28 (3.6.1-1) experimental; urgency=medium

  * New upstream version.
    + Drop 35_modernize_gtkdoc.diff.
    + Fixes interoperability issue with openssl when safe renegotiation was
      used. Closes: #873055
    + Update symbol file.

gnutls28 (3.6.0-2) experimental; urgency=medium

  * 35_modernize_gtkdoc.diff from upstream GIT master: Modernize gtk-doc
    support. Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am
    from gtk-doc git head (that is 1.26 +
    c08cc78562c59082fc83b55b58747177510b7a70). Disable gtkdoc-check.
    Closes: #876587

gnutls28 (3.6.0-1) experimental; urgency=low

  * New upstream version.
    + Multiple enums listing function flags have been extended, new
      algorithms have been added. Bump dependency info on all symbols in
      main GnuTLS library to >= 3.6.0, to make sure the versioning is
      strict enough.
    + Drop (build-)dependency on zlib1g-dev.
    + Update copyright info.
    + Calls to gnutls_record_send() and gnutls_record_recv()
      prior to handshake being complete are now refused. Closes: #849807
   * Drop --without-lzo from ./configure, it has been a noop for a long time.
   * Build in private directory, using "dh --builddirectory=b4deb".

 -- Dimitri John Ledkov <email address hidden>  Fri, 05 Oct 2018 17:12:04 +0100
  • gnutls28 (3.5.19-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

gnutls28 (3.5.19-1) unstable; urgency=low

  * New upstream version.
    + Drop 35_modernize_gtkdoc.diff.

 -- Julian Andres Klode <email address hidden>  Thu, 16 Aug 2018 11:36:30 +0200
  • gnutls28 (3.5.18-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

gnutls28 (3.5.18-1) unstable; urgency=medium

  * New upstream version.
  * Refresh upstream key, adding new signing subkey. Move to ascii armored
    keyring.

 -- Julian Andres Klode <email address hidden>  Mon, 12 Mar 2018 11:12:59 +0100