2009
gnutls13 (1.4.4-3+etch4) oldstable-security; urgency=high
* Add patch from Simon Josefsson to reenable X.509v1 support for root
CAs. Closes: #514807, #514735.
-- Florian Weimer <fw@deneb.enyo.de> Mon, 23 Feb 2009 21:45:41 +0100
gnutls13 (1.4.4-3+etch3) stable-security; urgency=low
* 20_GNUTLS-SA-2008-3.patch: The previous fix for CVE-2008-4989 stopped Gnutls from trusting e.g. verisign. #507633.
-- Andreas Metzler <ametzler@debian.org> Sun, 01 Feb 2009 15:39:16 +0100
2008
gnutls13 (1.4.4-3+etch2) stable-security; urgency=low
* Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3 Closes: #505469
-- Andreas Metzler <ametzler@debian.org> Sat, 22 Nov 2008 16:02:25 +0100
gnutls13 (1.4.4-3+etch1) stable-security; urgency=high
* Apply patch from Simon Josefsson to fix three security vulnerabilities
(GNUTLS-SA-2008-1):
- Fix crash when sending invalid server name (GNUTLS-SA-2008-1-1)
- Fix crash when sending repeated client hellos (GNUTLS-SA-2008-1-2)
- Fix crash in cipher padding decoding for invalid record lengths
(GNUTLS-SA-2008-1-3)
-- Florian Weimer <fw@deneb.enyo.de> Tue, 20 May 2008 09:57:16 +0200
2006
gnutls13 (1.4.4-3) unstable; urgency=low
* Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
version, try to negotiate the highest version support by the GnuTLS
server, instead of the lowest.
-- Andreas Metzler <ametzler@debian.org> Sat, 11 Nov 2006 10:35:29 +0100
gnutls13 (1.4.4-2) unstable; urgency=low
[ Andreas Metzler ]
* Add a watchfile.
* Fix debian/copyright.
- Do not use "copyright" as title of a paragraph listing licenses.
(Closes: #290194)
- Add a copy of the FDL 1.2 to debian/copyright.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:57:49 +0200
gnutls13 (1.4.4-1) unstable; urgency=high
[ Andreas Metzler ]
* New upstream version 1.4.4
- Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
crash mutt. (closes: #386725)
GNUTLS-SA-2006-4 is CVE-2006-4790.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:09:47 +0200
gnutls13 (1.4.3-2) unstable; urgency=low
* the lesser of two weevils release.
[ Andreas Metzler ]
* Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
various programs, including mutt. (closes: #386680)
-- Andreas Metzler <ametzler@debian.org> Sat, 9 Sep 2006 19:29:52 +0200
gnutls13 (1.4.3-1) unstable; urgency=high
[ Andreas Metzler ]
* New upstream version 1.4.3.
- Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
rump session attack. GNUTLS-SA-2006-4
- Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
GNUTLS-SA-2006-3
- Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
-- Andreas Metzler <ametzler@debian.org> Fri, 8 Sep 2006 19:12:33 +0200
gnutls13 (1.4.2-1) unstable; urgency=medium
[ Andreas Metzler ]
* New upstream bugfix release.
- Fixes a crash in the certificate verification logic.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Aug 2006 10:44:16 +0200
gnutls13 (1.4.1-1) unstable; urgency=low
[ James Westby ]
* New upstream release.
* Remove the following patches as they are now included upstream:
- 10_certtoolmanpage.diff
- 15_fixcompilewarning.diff
- 30_man_hyphen_*.patch
* Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
gnutls-api so that devhelp can find it.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Jul 2006 11:11:08 +0200
gnutls13 (1.4.0-3) unstable; urgency=low
[ Andreas Metzler ]
* Strip "libgnutls-config --libs"' output to only list stuff required for
dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
README.Debian.
* Pull patches/16_libs.private_gnutls.diff and
debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
pkg-config usable for static linking.
-- Andreas Metzler <ametzler@debian.org> Sun, 2 Jul 2006 12:10:56 +0200
gnutls13 (1.4.0-2) unstable; urgency=low
[ Andreas Metzler ]
* Set maintainer to alioth mailinglist.
* Drop code for updating config.guess/config.sub from debian/rules, as cdbs
handles this. Build-Depend on autotools-dev.
* Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
* Use cdbs' simple-patchsys.mk.
- add debian/README.source_and_patches
- add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff
* Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
* Also ship css-, devhelp- and sgml files in gnutls-doc.
* patches/15_fixcompilewarning.diff correct order of funtion arguments.
[ James Westby ]
* This release allows the port to be specified as the name of the service
when using gnutls-cli (closes: #342891)
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Jun 2006 20:44:09 +0200
gnutls13 (1.4.0-1) experimental; urgency=low
* New maintainer team. Thanks, Matthias for all the work you did.
* Re-add gnutls-doc package, featuring api-reference as manual pages and
html, and reference manual in html and pdf format.
(closes: #368185,#368449)
* Fix reference to gnutls0.4-doc package in debian/copyright. Update
debian/copyright and include actual copyright statements.
(closes: #369071)
* Bump shlibs because of changes to extra.h
* Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
generate the necessary directories.
* Drop debian/NEWS.Debian as it only talks about the move of the (since
purged) gnutls-doc package to contrib a long time ago.
(Thanks Simon Josefsson, for these suggestions.)
* new upstream version. (closes: #368323)
* clean packaging against upstream tarball.
- Drop all patches, except for fixing error in certtool.1 and setting
gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
- Add --enable-ld-version-script
to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
patching ./configure.in.
(closes: #367358)
* Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
* Build against external libtasn1-3. (closes: #363294)
* Standards-Version: 3.7.2, no changes required.
* debian/control and override file are in sync with respect to Priority and
Section, everthing except libgnutls13-dbg already was. (closes: #366956)
* acknowledge my own NMU. (closes: #367065)
* libgnutls13-dbg is nonempty (closes: #367056)
-- Andreas Metzler <ametzler@debian.org> Sat, 20 May 2006 11:22:36 +0000
gnutls13 (1.3.5-1.1) unstable; urgency=low
* NMU
* Invoke ./configure with --with-included-libtasn1 to prevent accidental
linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
contained libtasn1.so.3 and force gnutls13 to use the internal version of
libtasn instead until libtasn1-3-dev is uploaded. Drop broken
Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294)
* Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
of --dbg-package=libgnutls12. (closes: #367056)
-- Andreas Metzler <ametzler@debian.org> Sat, 13 May 2006 07:45:32 +0000
gnutls13 (1.3.5-1) unstable; urgency=low
* New Upstream version.
- Security fix.
- Yet another ABI change.
* Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
* Let -dev package depend on liblzo-dev (closes:#347438)
* Fix certtool help output (closes:#338623)
-- Matthias Urlichs <smurf@debian.org> Sat, 18 Mar 2006 22:46:25 +0100
2005
gnutls12 (1.2.9-2) unstable; urgency=low
* Install /usr/lib/pkgconfig/*.pc files.
* Depend on texinfo (>= 4.8, for the @euro{} sign).
-- Matthias Urlichs <smurf@debian.org> Tue, 15 Nov 2005 19:26:02 +0100
gnutls12 (1.2.9-1) unstable; urgency=low
* New Upstream version.
-- Matthias Urlichs <smurf@debian.org> Fri, 11 Nov 2005 18:51:28 +0100
gnutls12 (1.2.8-1) unstable; urgency=low
* New Upstream version.
- depends on libgcrypt11 1.2.2
* Bumped shlibs version, just to be on the safe side.
-- Matthias Urlichs <smurf@debian.org> Wed, 19 Oct 2005 12:05:14 +0200
gnutls12 (1.2.6-1) unstable; urgency=low
* New Upstream version.
* Remove Provides: on libgnutls11-dev.
Hopefully this will be temporary (pending discussion with Upstream).
-- Matthias Urlichs <smurf@debian.org> Thu, 11 Aug 2005 12:21:36 +0200
gnutls12 (1.2.5-3) unstable; urgency=high
* Updated libgnutls12.shlibs file.
Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
dependencies on this library
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 13:19:25 +0200
gnutls12 (1.2.5-2) unstable; urgency=medium
* Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
Added an explicit dependency as a stopgap fix.
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 08:27:22 +0200
gnutls12 (1.2.5-1) unstable; urgency=low
* Merged with the latest stable release.
* Renamed to gnutls12.
- Changed the library version strings to GNUTLS_1_2.
- Renamed the development package back to "libgnutls-dev".
-- Matthias Urlichs <smurf@debian.org> Tue, 5 Jul 2005 10:35:56 +0200
2004
gnutls11 (1.0.19-1) experimental; urgency=low
* Merged with the latest stable release.
-- Matthias Urlichs <smurf@debian.org> Sun, 26 Dec 2004 13:28:45 +0100
gnutls11 (1.0.16-13) unstable; urgency=high
* Fixed an ASN.1 extraction error.
Found by Pelle Johansson <morth@morth.org>.
-- Matthias Urlichs <smurf@debian.org> Mon, 29 Nov 2004 10:16:21 +0100
gnutls11 (1.0.16-12) unstable; urgency=high
* Fixed a segfault in certtool. Closes: #278361.
-- Matthias Urlichs <smurf@debian.org> Thu, 11 Nov 2004 09:40:02 +0100
gnutls11 (1.0.16-11) unstable; urgency=medium
* Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken.
-- Matthias Urlichs <smurf@debian.org> Sat, 6 Nov 2004 13:11:03 +0100
gnutls11 (1.0.16-10) unstable; urgency=high
* Fixed one instance of uninitialized memory usage.
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Oct 2004 06:07:53 +0200
gnutls11 (1.0.16-9) unstable; urgency=high
* Pulled from Upstream CVS:
- Fix two memory leaks.
- Fix NULL dereference.
-- Matthias Urlichs <smurf@debian.org> Fri, 8 Oct 2004 10:43:20 +0200
gnutls11 (1.0.16-8) unstable; urgency=high
* Pulled these changes from Upstream CVS:
- Added default limits in the verification of certificate chains,
to avoid denial of service attacks.
- Added gnutls_certificate_set_verify_limits() to override them.
- Added gnutls_certificate_verify_peers2().
-- Matthias Urlichs <smurf@debian.org> Sun, 12 Sep 2004 02:05:25 +0200
gnutls11 (1.0.16-7) unstable; urgency=low
* Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
Thanks to joeyh@debian.org for reporting this problem.
-- Matthias Urlichs <smurf@debian.org> Sat, 14 Aug 2004 11:22:51 +0200
gnutls11 (1.0.16-6) unstable; urgency=medium
* Memory leak, found by Modestas Vainius <geromanas@mailas.com>. - Closes: #264420
-- Matthias Urlichs <smurf@debian.org> Sun, 8 Aug 2004 22:21:01 +0200
gnutls11 (1.0.16-5) unstable; urgency=low
* Depend on current libtasn1-2 (>= 0.2.10).
- Closes: #264198.
* Fixed maintainer email to point to Debian address.
-- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:44:38 +0200
gnutls11 (1.0.16-4) unstable; urgency=low
* The OpenSSL compatibility library has been linked incorrectly
(-ltasn1 was missing).
* Need to build-depend on current opencdk8 and libtasn1-2 version.
-- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:29:32 +0200
gnutls11 (1.0.16-3) unstable; urgency=high
* Documentation no longer includes LaTeX-produced output
(the source contains latex2html-specific features, which is non-free).
* Urgency: High because of pending base freeze.
-- Matthias Urlichs <smurf@debian.org> Mon, 26 Jul 2004 11:18:20 +0200
gnutls11 (1.0.16-2) unstable; urgency=high
* Actually enable debug symbols :-/ * Urgency: High for speedy inclusion in d-i
-- Matthias Urlichs <smurf@debian.org> Fri, 23 Jul 2004 22:38:07 +0200
gnutls11 (1.0.16-1) experimental; urgency=low
* Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html.
-- Matthias Urlichs <smurf@debian.org> Wed, 21 Jul 2004 16:58:26 +0200
gnutls10 (1.0.4-4) unstable; urgency=low
* New maintainer.
* Run autotools at source package build time.
- Closes: #257237: FTBFS (i386/sid): aclocal failed
* Remove "package is still changed upstream" warning.
* Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
-- Matthias Urlichs <smurf@debian.org> Fri, 16 Jul 2004 02:09:36 +0200
gnutls10 (1.0.4-3) unstable; urgency=low
* control: Changed the build dependency and the dependency of
libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
could cause linking against two versions of libgcrypt.
-- Ivo Timmermans <ivo@debian.org> Sat, 24 Jan 2004 15:32:22 +0100
gnutls10 (1.0.4-2) unstable; urgency=low
* libgnutls-doc.doc-base: Removed HTML manual listing.
* control: Removed Jordi Mallach from the list of Uploaders. Thanks,
Jordi :)
-- Ivo Timmermans <ivo@debian.org> Wed, 14 Jan 2004 13:35:42 +0100
gnutls10 (1.0.4-1) unstable; urgency=low
* New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream.
-- Ivo Timmermans <ivo@debian.org> Tue, 13 Jan 2004 23:57:16 +0100
2003
gnutls10 (1.0.0-1) unstable; urgency=low
* New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list.
-- Ivo Timmermans <ivo@debian.org> Mon, 29 Dec 2003 23:23:08 +0100
gnutls8 (0.9.99-1) experimental; urgency=low
* New upstream release. * Included upstream GPG signature in .orig.tar.gz.
-- Ivo Timmermans <ivo@debian.org> Wed, 3 Dec 2003 22:33:52 +0100
gnutls8 (0.9.98-1) experimental; urgency=low
* New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch].
-- Ivo Timmermans <ivo@debian.org> Sun, 23 Nov 2003 15:44:38 +0100
gnutls8 (0.9.95-1) experimental; urgency=low
* New upstream version.
-- Ivo Timmermans <ivo@debian.org> Fri, 7 Nov 2003 19:50:22 +0100
gnutls8 (0.9.94-1) experimental; urgency=low
* New upstream version; package based on gnutls7 0.8.12-2.
* debian/control:
* Build-depend on libgcrypt7-dev (>= 1.1.44-0).
* debian/rules: Run auto* after the patches have been applied.
-- Ivo Timmermans <ivo@debian.org> Fri, 31 Oct 2003 18:47:09 +0100