Ubuntu
gnutls28 package

Change logs for gnutls28 source package in Eoan

  1. Eoan (19.10)
  2. Change log 
  • gnutls28 (3.6.9-5ubuntu1.2) eoan-security; urgency=medium

  * SECURITY UPDATE: flaw in TLS session ticket key construction
    - debian/patches/CVE-2020-13777.patch: differentiate initial state from
      valid time window of TOTP in lib/stek.c,
      tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
    - CVE-2020-13777

 -- Marc Deslauriers <email address hidden>  Fri, 05 Jun 2020 07:19:51 -0400
  • gnutls28 (3.6.9-5ubuntu1.1) eoan-security; urgency=medium

  * SECURITY UPDATE: incorrect randomness in DTLS negotiation
    - debian/patches/CVE-2020-11501.patch: fix zeroed random in
      lib/handshake.c.
    - CVE-2020-11501

 -- Marc Deslauriers <email address hidden>  Mon, 06 Apr 2020 08:05:51 -0400
  • gnutls28 (3.6.9-5ubuntu1) eoan; urgency=medium

  * Build-depend on texlive-plain-generic instead of obsolete texlive-
    generic-recommended.

 -- Steve Langasek <email address hidden>  Tue, 01 Oct 2019 13:25:29 -0700
  • gnutls28 (3.6.9-5) unstable; urgency=medium

  * 40_gnutls_epoch_set_keys-do-not-forbid-random-padding-.patch from upstream
    GIT master: Fix interop problems with gnutls 2.x. Closes: #933538

 -- Andreas Metzler <email address hidden>  Sat, 14 Sep 2019 13:38:41 +0200
  • gnutls28 (3.6.9-4build1) eoan; urgency=medium

  * No-change upload with strops.h and sys/strops.h removed in glibc.

 -- Matthias Klose <email address hidden>  Thu, 05 Sep 2019 10:50:47 +0000
  • gnutls28 (3.6.9-4) unstable; urgency=medium

  * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
    assembly code. (Thanks, Steve Langasek for report and patch!)
    Closes: #934193

 -- Andreas Metzler <email address hidden>  Thu, 08 Aug 2019 19:40:21 +0200
  • gnutls28 (3.6.9-3ubuntu1) eoan; urgency=medium

  * debian/patches/i386-fix-wrong-reloc.patch: fix relocation problem on
    i386.

 -- Steve Langasek <email address hidden>  Wed, 07 Aug 2019 18:04:43 -0700
  • gnutls28 (3.6.9-3) unstable; urgency=medium

  * autopkgtest: Skip system-override-sig-hash.sh.

 -- Andreas Metzler <email address hidden>  Sat, 03 Aug 2019 06:48:46 +0200
  • gnutls28 (3.6.9-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Fri, 02 Aug 2019 19:12:42 +0200
  • gnutls28 (3.6.8-2) unstable; urgency=low

  * Use DH 11 compat again.
  * 3.6.8 builds with gcc-9. Closes: #925701
  * Fix autopkgtest on 32bit architectures. (Bug report and patch by Julian
    Andres Klode) Closes: #930541
    See also https://gitlab.com/gnutls/gnutls/merge_requests/986
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 06 Jul 2019 14:10:29 +0200
  • gnutls28 (3.6.7-4ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/add-openssl-test-link.patch: add link for libssl
    - set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of
      letting it be assumed
  * Dropped changes, years old, never upstreamed, and presumed obsolete:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.

gnutls28 (3.6.7-4) unstable; urgency=medium

  * Cherry-pick important bug-fixes from 3.6.8:
    + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch
      The gnutls_srp_set_server_credentials_function can be used with the 8192
      parameters as well.
      https://gitlab.com/gnutls/gnutls/issues/761
    + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch
      Fix calculation of Streebog digests (incorrect carry operation in
      512 bit addition).
    + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
      Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client.
      Closes: #929907
    + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
      Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain
      crafting via IDNA conversion.
      https://gitlab.com/gnutls/gnutls/issues/720
    + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
      Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
      gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN
      flag.
      https://gitlab.com/gnutls/gnutls/issues/754

 -- Steve Langasek <email address hidden>  Fri, 14 Jun 2019 13:15:25 -0700
  • gnutls28 (3.6.7-3ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
    - set ac_cv_sizeof_time_t debian/tests/run-upstream-testsuite instead of
      letting it be assumed

gnutls28 (3.6.7-3) unstable; urgency=medium

  * Revert debhelper upgrade, use DH 10.

 -- Steve Langasek <email address hidden>  Wed, 22 May 2019 22:05:27 -0700
  • gnutls28 (3.6.7-2ubuntu3) eoan; urgency=medium

  * Revert previous upload, move setting of ac_cv_sizeof_time_t to
    debian/tests/run-upstream-testsuite.

 -- Julian Andres Klode <email address hidden>  Mon, 29 Apr 2019 17:21:07 +0200
  • gnutls28 (3.6.7-2ubuntu2) eoan; urgency=medium

  * tests-cert-tests-crl-Try-to-infer-64-bit-time-using-.patch: Try to figure
    out if we have a 64-bit timestamp using date(1), rather than just assuming
    it for out-of-tree tests.

 -- Julian Andres Klode <email address hidden>  Mon, 29 Apr 2019 12:29:03 +0200
  • gnutls28 (3.6.7-2ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

gnutls28 (3.6.7-2) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.6.7-1) experimental; urgency=medium

  * New upstream version.
    + Update AUTHOR list in copyright file.
    + Update symbol file.
    + Fixes issue preventing sending and receiving from different
      threads when false start was enabled. Closes: #922879
    + gnutls-cli: fix --benchmark-ciphers type overflow. Closes: #920477
    + Fixes a memory corruption (double free) vulnerability in the
      certificate verification API.
      https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829
      GNUTLS-SA-2019-03-27
    + Fixes an invalid pointer access via malformed TLS1.3 async messages;
      https://gitlab.com/gnutls/gnutls/issues/704 CVE-2019-3836
      GNUTLS-SA-2019-03-27

gnutls28 (3.6.6-3) unstable; urgency=low

  * Add @ to autopkgtest's Depends.
  * Use DH 11 compat.

gnutls28 (3.6.6-2) unstable; urgency=low

  * Upload to unstable.

gnutls28 (3.6.6-1) experimental; urgency=low

  * New upstream version.
    + Fixes certtool.1 syntax. Closes: #920215
    + Includes m4/gtk-doc.m4 again, drop 40_add_missingm4.diff.
    + Update symbol file for released version.

gnutls28 (3.6.5+git20190105-1) experimental; urgency=low

  * New upstream snapshot 1626663a7cad198457066df044bdf6196469c8d6.
    + Update symbol and copyright file.
  * Delete autogen stamp-files on clean to enforce regeneration.

 -- Julian Andres Klode <email address hidden>  Tue, 23 Apr 2019 09:59:19 +0200
  • gnutls28 (3.6.5-2ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl
  * this is a new upstream release including a fix for LP: #1804673

gnutls28 (3.6.5-2) unstable; urgency=low

  * Upload to unstable.
  * autopkgtest: Do not try to run cbc-record-check.sh, export ENABLE_GOST=1.

gnutls28 (3.6.5-1) experimental; urgency=medium

  * Run "wrap-and-sort --max-line-length=72 --short-indent" and back comments.
  * Drop automake (>= 1:1.12.2) from Build-Depends; automake 1.14 is
    now in oldstable.
  * New upstream version.
    + Requires nettle >= 3.4.1(rc).
    + List newly added symbols in symbol file. Bump generated dependencies to
      >= 3.6.5 since multiple enums have been extended.
    + Accepts CTYPE-OPENPGP as (no-op) priority list element. Closes: #910835
  * [lintian] Drop dh_strip override, stable has automatic debug packages.

 -- Julian Andres Klode <email address hidden>  Tue, 18 Dec 2018 17:24:06 +0100