-
gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
* Merge CVE fixes CVE-2021-20231 CVE-2021-20232
gnutls28 (3.7.1-3) unstable; urgency=low
* Rename/refetch
*build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has
been merged into upstream GIT.
* Upload to unstable.
gnutls28 (3.7.1-2) experimental; urgency=medium
* Also run ocsptool tests in autopkgtest.
* Add CVE numbers to previous changelog entry.
* Pull selected fixes from upstream GIT:
+ 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+ 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
+ 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch
+ 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch
+ 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch
+ 56_04-examples-avoid-memory-leak-in-tlsproxy.patch
+ 56_05-examples-avoid-memory-leak-in-ex-verify.patch
* 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch
Ship missing image file. (Thanks, lintian)
gnutls28 (3.7.1-1) unstable; urgency=medium
* New upstream version
Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
* Upload to unstable.
gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
* Fix autopkgtest skiplist.
gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
* Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
+ Drop cherry-picked patches {48,49,50}_*.
+ Update copyright file.
gnutls28 (3.7.0-7) unstable; urgency=medium
* Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
(Thanks to Tim Kosse for the pointer) Closes: #980119
gnutls28 (3.7.0-6) unstable; urgency=medium
* Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
with merged version from upstream GIT master. Features a fix for an assert
on connection to servers which send a duplicate chain including the
self-signed CA. Closes: #980513
-- Dimitri John Ledkov <email address hidden> Wed, 14 Apr 2021 15:44:37 +0100
-
gnutls28 (3.7.0-5ubuntu1) hirsute; urgency=low
* Merge from Debian unstable LP: #1893924. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
gnutls28 (3.7.0-5) unstable; urgency=low
* Update from upstream GIT master, replace patches, add new ones.
+ 48_0001-Fix-non-empty-session-id-TLS13_APPENDIX_D4.patch added.
+ 50_0001-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
--> 48_0002-tests-Fix-tpmtool_test-due-to-changes-in-trousers.patch
+ 50_0002-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
--> 48_0003-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch
Closes: #977552
+ 45_opensslcompat_no_export_gl.diff
--> 48_0005-libgnutls-openssl-Clean-up-list-of-exported-symbols.patch.
+ 48_0006-Fix-a-common-typo-of-gnutls_priority_t.patch added.
* Upload to unstable.
gnutls28 (3.7.0-4) experimental; urgency=medium
* Test build of fixes from
https://gitlab.com/gnutls/gnutls/-/merge_requests/1371 and
https://gitlab.com/gnutls/gnutls/-/merge_requests/1370/ for #976836 and
#977552.
gnutls28 (3.7.0-3) unstable; urgency=low
* Upload to unstable.
gnutls28 (3.7.0-2) experimental; urgency=low
* Fix guile-gnutls guile-x.x dependency.
* 45_opensslcompat_no_export_gl.diff: Cleanup exported symbols.
gnutls28 (3.7.0-1) experimental; urgency=low
* New upstream version.
+ Drop 50_autopkgtestfixes.diff.
+ Update symbol file, bump all requirements to 3.7.0. (New mac/cipher
added).
+ Requires nettle >= 3.6.
* [lintian] Use v4 watch file.
* Add a symbol file for libgnutls-openssl27.
* Use dh v13 compat, (Some fixes for dh_missing.)
-- Dimitri John Ledkov <email address hidden> Thu, 31 Dec 2020 15:56:50 +0000
-
gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low
* Merge from Debian unstable LP: #1893924. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Add patch to fix ftbfs gnulib with new glibc.
gnutls28 (3.6.15-4) unstable; urgency=medium
* autopkgtest: Require build-essential.
* autopkgtest: respect dpkg-buildflags for helper-binary build.
gnutls28 (3.6.15-3) unstable; urgency=medium
* More autopkgtest hotfixes.
gnutls28 (3.6.15-2) unstable; urgency=medium
* 50_autopkgtestfixes.diff: Fix testsuite issues when running against
installed gnutls-bin.
* In autopkgtest set top_builddir and builddir, ignore
tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
gnutls28 (3.6.15-1) unstable; urgency=low
* New upstream version.
+ Fixes NULL pointer dereference if a no_renegotiation alert is sent with
unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
Closes: #969547
+ Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
+ Fix build error due to outdated gettext in Debian by removing newer
gettext m4 macros from m4/.
gnutls28 (3.6.14-2) unstable; urgency=medium
* Pull selected patches from upstream GIT:
+ 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
Fixes difference in generated docs on 32 and 64 bit archs.
+ 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
Fix memleak in gnutls_aead_cipher_init() with keys having invalid
length. (Broken since 3.6.3)
+ 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
Closes: #962467
gnutls28 (3.6.14-1) unstable; urgency=high
* Drop debugging code added in -4, fixes nocheck profile build error.
Closes: #962199
* Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
debian/upstream/signing-key.asc.
* New upstream version.
+ Fixes insecure session ticket key construction.
[GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
+ Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
* Drop guile-gnutls.lintian-overrides.
* 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
Hopefully Closes: #962218
-- Dimitri John Ledkov <email address hidden> Thu, 24 Sep 2020 12:03:44 +0100