-
gnutls28 (3.6.9-5ubuntu1.2) eoan-security; urgency=medium
* SECURITY UPDATE: flaw in TLS session ticket key construction
- debian/patches/CVE-2020-13777.patch: differentiate initial state from
valid time window of TOTP in lib/stek.c,
tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
- CVE-2020-13777
-- Marc Deslauriers <email address hidden> Fri, 05 Jun 2020 07:19:51 -0400
-
gnutls28 (3.6.9-5ubuntu1.1) eoan-security; urgency=medium
* SECURITY UPDATE: incorrect randomness in DTLS negotiation
- debian/patches/CVE-2020-11501.patch: fix zeroed random in
lib/handshake.c.
- CVE-2020-11501
-- Marc Deslauriers <email address hidden> Mon, 06 Apr 2020 08:05:51 -0400
-
gnutls28 (3.6.9-5ubuntu1) eoan; urgency=medium
* Build-depend on texlive-plain-generic instead of obsolete texlive-
generic-recommended.
-- Steve Langasek <email address hidden> Tue, 01 Oct 2019 13:25:29 -0700
-
gnutls28 (3.6.9-5) unstable; urgency=medium
* 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
GIT master: Fix interop problems with gnutls 2.x. Closes: #933538
-- Andreas Metzler <email address hidden> Sat, 14 Sep 2019 13:38:41 +0200
-
gnutls28 (3.6.9-4build1) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <email address hidden> Thu, 05 Sep 2019 10:50:47 +0000
-
gnutls28 (3.6.9-4) unstable; urgency=medium
* i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
assembly code. (Thanks, Steve Langasek for report and patch!)
Closes: #934193
-- Andreas Metzler <email address hidden> Thu, 08 Aug 2019 19:40:21 +0200
-
gnutls28 (3.6.9-3ubuntu1) eoan; urgency=medium
* debian/patches/i386-fix-wrong-reloc.patch: fix relocation problem on
i386.
-- Steve Langasek <email address hidden> Wed, 07 Aug 2019 18:04:43 -0700
-
gnutls28 (3.6.9-3) unstable; urgency=medium
* autopkgtest: Skip system-override-sig-hash.sh.
-- Andreas Metzler <email address hidden> Sat, 03 Aug 2019 06:48:46 +0200
-
gnutls28 (3.6.9-2) unstable; urgency=medium
* Upload to unstable.
-- Andreas Metzler <email address hidden> Fri, 02 Aug 2019 19:12:42 +0200
-
gnutls28 (3.6.8-2) unstable; urgency=low
* Use DH 11 compat again.
* 3.6.8 builds with gcc-9. Closes: #925701
* Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
Andres Klode) Closes: #930541
See also https://gitlab.com/gnutls/gnutls/merge_requests/986
* Upload to unstable.
-- Andreas Metzler <email address hidden> Sat, 06 Jul 2019 14:10:29 +0200
-
gnutls28 (3.6.7-4ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/add-openssl-test-link.patch: add link for libssl
- set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of
letting it be assumed
* Dropped changes, years old, never upstreamed, and presumed obsolete:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
gnutls28 (3.6.7-4) unstable; urgency=medium
* Cherry-pick important bug-fixes from 3.6.8:
+ 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
The gnutls_srp_set_server_credentials_function can be used with the 8192
parameters as well.
https://gitlab.com/gnutls/gnutls/issues/761
+ 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
Fix calculation of Streebog digests (incorrect carry operation in
512 bit addition).
+ 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
Closes: #929907
+ 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
crafting via IDNA conversion.
https://gitlab.com/gnutls/gnutls/issues/720
+ 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
flag.
https://gitlab.com/gnutls/gnutls/issues/754
-- Steve Langasek <email address hidden> Fri, 14 Jun 2019 13:15:25 -0700
-
gnutls28 (3.6.7-3ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
- set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of
letting it be assumed
gnutls28 (3.6.7-3) unstable; urgency=medium
* Revert debhelper upgrade, use DH 10.
-- Steve Langasek <email address hidden> Wed, 22 May 2019 22:05:27 -0700
-
gnutls28 (3.6.7-2ubuntu3) eoan; urgency=medium
* Revert previous upload, move setting of ac_cv_sizeof_time_t to
debian/tests/run-upstream-testsuite.
-- Julian Andres Klode <email address hidden> Mon, 29 Apr 2019 17:21:07 +0200
-
gnutls28 (3.6.7-2ubuntu2) eoan; urgency=medium
* tests-cert-tests-crl-Try-to-infer-64-bit-time-using-.patch: Try to figure
out if we have a 64-bit timestamp using date(1), rather than just assuming
it for out-of-tree tests.
-- Julian Andres Klode <email address hidden> Mon, 29 Apr 2019 12:29:03 +0200
-
gnutls28 (3.6.7-2ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
gnutls28 (3.6.7-2) unstable; urgency=medium
* Upload to unstable.
gnutls28 (3.6.7-1) experimental; urgency=medium
* New upstream version.
+ Update AUTHOR list in copyright file.
+ Update symbol file.
+ Fixes issue preventing sending and receiving from different
threads when false start was enabled. Closes: #922879
+ gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477
+ Fixes a memory corruption (double free) vulnerability in the
certificate verification API.
https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
GNUTLS-SA-2019-03-27
+ Fixes an invalid pointer access via malformed TLS1.3 async messages;
https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
GNUTLS-SA-2019-03-27
gnutls28 (3.6.6-3) unstable; urgency=low
* Add @ to autopkgtest's Depends.
* Use DH 11 compat.
gnutls28 (3.6.6-2) unstable; urgency=low
* Upload to unstable.
gnutls28 (3.6.6-1) experimental; urgency=low
* New upstream version.
+ Fixes certtool.1 syntax. Closes: #920215
+ Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff.
+ Update symbol file for released version.
gnutls28 (3.6.5+git20190105-1) experimental; urgency=low
* New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6.
+ Update symbol and copyright file.
* Delete autogen stamp-files on clean to enforce regeneration.
-- Julian Andres Klode <email address hidden> Tue, 23 Apr 2019 09:59:19 +0200
-
gnutls28 (3.6.5-2ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
* this is a new upstream release including a fix for LP: #1804673
gnutls28 (3.6.5-2) unstable; urgency=low
* Upload to unstable.
* autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1.
gnutls28 (3.6.5-1) experimental; urgency=medium
* Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments.
* Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is
now in oldstable.
* New upstream version.
+ Requires nettle >= 3.4.1(rc).
+ List newly added symbols in symbol file. Bump generated dependencies to
>= 3.6.5 since multiple enums have been extended.
+ Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835
* [lintian] Drop dh_strip override, stable has automatic debug packages.
-- Julian Andres Klode <email address hidden> Tue, 18 Dec 2018 17:24:06 +0100