-
gnutls28 (3.5.6-4ubuntu4.3) zesty; urgency=medium
* Cherry pick several fixes from Debian 3.5.8-5+deb9u3:
- 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch
38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from
gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa
signatures. LP: #1714506
- 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
decryption on aarch64. LP: #1707172
-- Julian Andres Klode <email address hidden> Sat, 02 Sep 2017 16:12:49 +0200
-
gnutls28 (3.5.6-4ubuntu4.2) zesty; urgency=medium
* use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
which includes TLS1.2 support. (LP: #1709193)
-- Simon Deziel <email address hidden> Thu, 10 Aug 2017 12:47:14 +0000
-
gnutls28 (3.5.6-4ubuntu4.1) zesty-security; urgency=medium
* SECURITY UPDATE: null pointer dereference via status response TLS
extension decoding
- debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
properly deinitialized in lib/ext/status_request.c.
- debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
from client extension in lib/ext/status_request.c.
- debian/patches/CVE-2017-7507-3.patch: documented requirements for
parameters in lib/ext/status_request.c.
- CVE-2017-7507
* SECURITY UPDATE: DoS and possible code execution via OpenPGP
certificate decoding
- debian/patches/CVE-2017-7869.patch: enforce packet limits in
lib/opencdk/read-packet.c.
- CVE-2017-7869
-- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 09:26:39 -0400
-
gnutls28 (3.5.6-4ubuntu4) zesty; urgency=medium
* Fix FTBFS because of failing test (LP: #1679868)
- debian/patches/fix_tests_timezone.patch: address test suite failure
due to timezone differences in tests/cert-tests/pkcs7.
-- Marc Deslauriers <email address hidden> Wed, 05 Apr 2017 10:06:24 -0400
-
gnutls28 (3.5.6-4ubuntu3) zesty; urgency=medium
* SECURITY UPDATE: double-free when reading proxy language
- debian/patches/CVE-2017-5334.patch: fix double-free in
lib/x509/x509_ext.c.
- CVE-2017-5334
* SECURITY UPDATE: out of memory error in stream reading functions
- debian/patches/CVE-2017-5335.patch: add error checking to
lib/opencdk/read-packet.c.
- CVE-2017-5335
* SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
- debian/patches/CVE-2017-5336.patch: check return code in
lib/opencdk/pubkey.c.
- CVE-2017-5336
* SECURITY UPDATE: heap read overflow when reading streams
- debian/patches/CVE-2017-5337.patch: add more precise checks to
lib/opencdk/read-packet.c.
- CVE-2017-5337
-- Marc Deslauriers <email address hidden> Wed, 01 Feb 2017 14:21:40 -0500
-
gnutls28 (3.5.6-4ubuntu2) zesty; urgency=medium
* d/p/dname-api-*.patch fix gnutls api breakage on dname order in
gnutls 3.5.6 (LP: #1641615)
- d/libgnutls30.symbols add new symbols added by the upstream fix
-- Christian Ehrhardt <email address hidden> Thu, 17 Nov 2016 08:39:43 +0100
-
gnutls28 (3.5.6-4ubuntu1) zesty; urgency=medium
* Merge with Debian. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable failing
test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
* New upstream version avoids getrandom() at initialization which caused
NetworkManager to hang at boot. (LP: #1622893)
gnutls28 (3.5.6-4) unstable; urgency=medium
* Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from
upstream git master. The latter fixes a gnutls-cli-debug segfault.
Closes: #844061
gnutls28 (3.5.6-2) unstable; urgency=low
* Upload to unstable.
* Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are
longer than 32-bits. (Upstream GIT commit
fcdb461e935dbdc0892241a35be7499116f22a67).
gnutls28 (3.5.6-1) experimental; urgency=low
* New upstream version.
+ Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff
41_Reverted-the-behavior-of-sending-a-status-request-ex.patch).
+ Update symbol file.
gnutls28 (3.5.5-6) unstable; urgency=medium
* Upload to unstable.
gnutls28 (3.5.5-5) experimental; urgency=medium
* 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from
https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility
issue with GnuTLS 3.3 clients. Closes: #841723
* Bump symbol dependency info for multiple
gnutls_certificate_(set|get)_*_key* functions. If
%GNUTLS_CERTIFICATE_API_V2 is set these functions will return a
non-negative return code on success instead of 0 for success and negative
numbers for failure.
* Add b-d on openssl (for testsuite).
gnutls28 (3.5.5-4) unstable; urgency=medium
* Upload to unstable.
* Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch.
gnutls28 (3.5.5-3) experimental; urgency=medium
* 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced
in 3.5.5.
gnutls28 (3.5.5-2) unstable; urgency=medium
* Upload to unstable.
gnutls28 (3.5.5-1) experimental; urgency=medium
* New upstream version.
+ Update symbol file.
gnutls28 (3.5.4-2) unstable; urgency=medium
* Upload to unstable.
gnutls28 (3.5.4-1) experimental; urgency=medium
* New upstream version.
+ Drop superfluous patches:
35_gnutls-cli-print-Handshake-was-completed.patch
36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
37_openssl-format-fix-from-openconnect.patch
39_ocsptool-corrected-bug-in-session-establishment.patch
40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
+ Update symbol file.
* Add b-d on softhsm2 for pkcs11 tests.
-- Martin Pitt <email address hidden> Mon, 14 Nov 2016 12:47:23 +0100
-
gnutls28 (3.5.3-5ubuntu1) yakkety; urgency=medium
* Merge with Debian (LP: #1624856). Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable failing
test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
gnutls28 (3.5.3-5) experimental; urgency=medium
* Pull DTLS fixes from upstream GIT master.
45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
Closes: #835587
-- Anders Kaseorg <email address hidden> Sun, 18 Sep 2016 08:03:47 -0400
