2009
gnutls26 (2.8.4-2) unstable; urgency=high
* [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920
-- Andreas Metzler <ametzler@debian.org> Sun, 01 Nov 2009 13:21:27 +0100
gnutls26 (2.8.4-1) unstable; urgency=low
* New upstream version.
+ Drop debian/patches/15_openpgp.diff.
* Sync priorities with override file, libgnutls26 has been bumped from
important to standard.
-- Andreas Metzler <ametzler@debian.org> Sat, 26 Sep 2009 10:33:52 +0200
gnutls26 (2.8.3-3) unstable; urgency=low
* Empty dependency_libs in la-files. (Squeeze release goal.)
-- Andreas Metzler <ametzler@debian.org> Sat, 05 Sep 2009 09:09:22 +0200
gnutls26 (2.8.3-2) unstable; urgency=low
* [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke openpgp connections.
-- Andreas Metzler <ametzler@debian.org> Sat, 22 Aug 2009 14:14:48 +0200
gnutls26 (2.8.3-1) unstable; urgency=high
* New upstream version.
+ Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
was built against. Closes: #540449
+ Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
* Drop 15_chainverify_expiredcert.diff, included upstream.
* Urgency high, since 541439 applies to testing, too.
-- Andreas Metzler <ametzler@debian.org> Fri, 14 Aug 2009 19:14:29 +0200
gnutls26 (2.8.1-2) unstable; urgency=low
[ Simon Josefsson ]
* Remove cruft in rules file.
* Remove patches/15_tasn1inpc.diff, not needed.
[ Andreas Metzler ]
* Finally add an entry to the NEWS.Debian file concerning the deprecation of
RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
* Upload to unstable.
* 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
Fix testsuite error caused by expired certificate.
-- Andreas Metzler <ametzler@debian.org> Thu, 06 Aug 2009 19:12:51 +0200
gnutls26 (2.8.1-1) experimental; urgency=low
* New upstream stable release.
-- Andreas Metzler <ametzler@debian.org> Thu, 11 Jun 2009 09:15:28 +0200
gnutls26 (2.7.14-1) experimental; urgency=low
* [debian/control] set section setting of source package to libs instead of
devel.
* New upstream version.
+ Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
+ Bump shlibs, new symbols added.
-- Andreas Metzler <ametzler@debian.org> Tue, 26 May 2009 19:51:41 +0200
gnutls26 (2.7.12-1) experimental; urgency=low
* Fix typo in changelog. Closes: #526427 * New upstream release. + Does not ship the scripts libgnutls-extra-config and libgnutls-config and the .m4 snippet to use it anymore. Please switch to pkg-config or standard autoconf test. Drop manpages and both patches/13_lessdeps_gnutls-config.diff and patches/13_lessdeps_gnutls-config.diff from the debian diff. + Update remaining patches. + Bump shlibs, new symbols added. * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of GNUTLS_2_8. * New upstream uses separate ./configure scripts for the different libraries. Invoke the main ./configure script with --cache-file=$(CURDIR)/config.cache to speed things up.
-- Andreas Metzler <ametzler@debian.org> Thu, 21 May 2009 11:18:35 +0200
gnutls26 (2.6.6-1) unstable; urgency=high
* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
+ libgnutls: Corrected double free on signature verification failure.
GNUTLS-SA-2009-1 CVE-2009-1415
+ libgnutls: Fix DSA key generation. Noticed when investigating the
previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
2.6.x are corrupt. See the advisory for more details.
GNUTLS-SA-2009-2 CVE-2009-1416
+ libgnutls: Check expiration/activation time on untrusted certificates.
Before the library did not check activation/expiration times on
certificates, and was documented as not doing so.
GNUTLS-SA-2009-3 CVE-2009-1417
* The former two issues only apply to gnutls 2.6.x. The latter is a
behavior change, add a NEWS.Debian file to document it.
-- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200
gnutls26 (2.6.5-1) unstable; urgency=low
* Sync sections in debian/control with override file. libgnutls26-dbg is
section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required.
-- Andreas Metzler <ametzler@debian.org> Tue, 14 Apr 2009 14:23:19 +0200
gnutls26 (2.6.4-2) unstable; urgency=low
* Upload to unstable. * Merge changelog entries from unstable and experimental.
-- Andreas Metzler <ametzler@debian.org> Mon, 16 Feb 2009 16:43:37 +0100
gnutls26 (2.6.4-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 14:32:57 +0100
2008
gnutls26 (2.6.3-1) experimental; urgency=low
* New upstream version.
+ Corrects bug gnutls-cli which caused a rehandshake request
to be ignored. Closes: #396867
* Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Dec 2008 10:46:38 +0100
gnutls26 (2.6.2-2) experimental; urgency=low
* 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
correct certificate chains were not recognized as verified.
Closes: #507633
* [lintian] Add ${misc:Depends} to multiple dendency lines.
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 13:31:58 +0100
gnutls26 (2.6.2-1) experimental; urgency=low
* New upstream version.
+ Fixes certification verifaction error CVE-2008-4989. Closes: #505360
+ Drop 20_fix_501077.diff.
* ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
there.
* Add Simon Josefsson to uploaders.
-- Andreas Metzler <ametzler@debian.org> Thu, 13 Nov 2008 19:30:06 +0100
gnutls26 (2.6.0-1) experimental; urgency=low
* New upstream stable release.
* Add debian/patches/20_fix_501077.diff to fix an out of bound access in
gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Oct 2008 09:59:03 +0200
gnutls26 (2.5.9-1) experimental; urgency=low
* New upstream development version. * Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Oct 2008 12:40:01 +0200
gnutls26 (2.4.2-6) unstable; urgency=medium
* New patches, syncing with 2.4.3 upstream oldstable release:
+ 24_intermedcertificate.patch If a non-root certificate ist trusted
gnutls certificateificate verification stops there instead of checking
up to the root of the certificate chain.
+ 22_whitespace.patch - Whitespace only changes, to make it possible to
apply upstream fixes without manual changes.
+ 25_bufferoverrun.patch. Fix buffer overrun bug in
gnutls_x509_crt_list_import.
http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
-- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100
gnutls26 (2.4.2-5) unstable; urgency=low
* Pull two patches from upstream stable branch to make gnutls behavior
match documentation:
+ patch 23_permit_v1_CA.diff:Accept v1 x509 CA
certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
+ 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output.
CVE-2009-2409
-- Andreas Metzler <ametzler@debian.org> Sat, 31 Jan 2009 16:26:52 +0100
gnutls26 (2.4.2-4) unstable; urgency=medium
* Add Simon Josefsson to uploaders.
* Another fix for the verification fix. Some correct certificate chains were
not recognized as verified. Closes: #507633
-- Andreas Metzler <ametzler@debian.org> Sat, 06 Dec 2008 12:09:33 +0100
gnutls26 (2.4.2-3) unstable; urgency=low
* Fix a crash on trying to verify self-signed certificates introduced by the
patch for CVE-2008-4989. Closes: #505279
-- Andreas Metzler <ametzler@debian.org> Wed, 12 Nov 2008 19:23:23 +0100
gnutls26 (2.4.2-2) unstable; urgency=medium
* [CVE-2008-4989.diff] Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3
-- Andreas Metzler <ametzler@debian.org> Mon, 10 Nov 2008 19:42:54 +0100
gnutls26 (2.4.2-1) unstable; urgency=low
* New upstream bugfix release. * Up to date gnutls-cli manpage. Closes: #492775
-- Andreas Metzler <ametzler@debian.org> Sun, 21 Sep 2008 10:35:16 +0200
gnutls26 (2.4.1-1) unstable; urgency=medium
* New upstream version, fixing a local denial of service vulnerability only
present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377
-- Andreas Metzler <ametzler@debian.org> Tue, 01 Jul 2008 19:35:51 +0200
gnutls26 (2.4.0-2) unstable; urgency=low
* Standards version 3.8.0. Rename README.source_and_patches to README.source. * Upload to unstable. * Point watchfile to stable releases again. * Merge experimental and unstable changelog.
-- Andreas Metzler <ametzler@debian.org> Tue, 24 Jun 2008 19:13:25 +0200
gnutls26 (2.4.0-1) experimental; urgency=low
* New upstream stable release. * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Wed, 18 Jun 2008 19:40:38 +0200
gnutls26 (2.3.15-1) experimental; urgency=low
* New upstream version. (rc4)
Disables 'openpgp-certs' tests. Closes: #486269
-- Andreas Metzler <ametzler@debian.org> Mon, 16 Jun 2008 19:08:24 +0200
gnutls26 (2.3.14-1) experimental; urgency=low
* New upstream version. (rc3)
-- Andreas Metzler <ametzler@debian.org> Wed, 11 Jun 2008 19:16:18 +0200
gnutls26 (2.3.13-1) experimental; urgency=low
* New upstream version. 2nd rc for 2.4.0. * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.
-- Andreas Metzler <ametzler@debian.org> Sun, 08 Jun 2008 18:00:51 +0200
gnutls26 (2.3.12-1) experimental; urgency=low
* New upstream version. Bump shlibs. * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite failure on sparc.
-- Andreas Metzler <ametzler@debian.org> Thu, 05 Jun 2008 19:08:29 +0200
gnutls26 (2.3.11-1) experimental; urgency=low
* New upstream version.
+ Fixes three security vulnerabilities.
[GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
<http://www.gnu.org/software/gnutls/security.html>;.
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
+ Fixes subjectAltName wildcard matching. Closes: #479174
+ certtool now writes keyfiles with 0600 permissions. Closes: #373169
-- Andreas Metzler <ametzler@debian.org> Sat, 24 May 2008 08:25:36 +0200
gnutls26 (2.2.5-1) unstable; urgency=high
* New upstream version.
Fixes three security vulnerabilities.
[GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
<http://www.gnu.org/software/gnutls/security.html>;.
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
-- Andreas Metzler <ametzler@debian.org> Tue, 20 May 2008 19:19:55 +0200
gnutls26 (2.3.9-1) experimental; urgency=low
* New upstream development version.
- OpenPGP support merged into libgnutls and is now licensed under LGPL.
The included copy of OpenCDK has been stripped down and re-licensed
under the LGPL. Using the external OpenCDK is not supported anymore, the
external library will not be maintained anymore. Drop respective
(build-)depends.
- API extended, bump shlibs.
- certtool asks for password confirmation. Closes: #364287
- performance enhancements for gnutls_certificate_set_x509_trust_file.
Closes: #400448
- gnutls-cli: exits when hostname doesn't match certificate.
Use --insecure to avoid hostname comparison.
* For paranoia sake build with -D_REENTRANT even if upstream has stopped
doing so.
* [debian/copyright] : update, and stop including a GFDL copy.
* Point watchfile to development versions.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 May 2008 16:56:04 +0200
gnutls26 (2.2.3-1) unstable; urgency=low
* New upstream stable release.
- --priority is documented in gnutls-cli(1) manpage. Closes: #467051
-- Andreas Metzler <ametzler@debian.org> Mon, 12 May 2008 18:29:12 +0200
gnutls26 (2.2.3~rc-1) unstable; urgency=low
* New upstream version. Release candidate for 2.2.3.
+ Increase default handshake packet size limit to 48kb. Closes: #478191
* remove unsupported .l command from debian/libgnutls-config.1
* Use Programming/C as doc-base section.
-- Andreas Metzler <ametzler@debian.org> Thu, 01 May 2008 13:09:49 +0200
gnutls26 (2.2.2-1) unstable; urgency=low
* New upstream version.
Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
strings and return the proper size.
corrected string handling in parse_general_name.
Closes: #465197
* Point watchfile to ftp.gnutls.org.
* Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.
-- Andreas Metzler <ametzler@debian.org> Fri, 22 Feb 2008 19:08:36 +0100
gnutls26 (2.2.1-3) unstable; urgency=low
* Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
gnutls guile wrapper on ia64.
-- Andreas Metzler <ametzler@debian.org> Mon, 04 Feb 2008 19:14:03 +0100
gnutls26 (2.2.1-2) unstable; urgency=low
* Add Vcs-Svn: and Vcs-Browser control fields. * Upload to unstable.
-- Andreas Metzler <ametzler@debian.org> Sun, 03 Feb 2008 18:14:21 +0100
gnutls26 (2.2.1-1) experimental; urgency=low
* New upstream version.
* guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
there.
* libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
packages contain gnutls-bin debugging symbols. Closes: #459295.
-- Andreas Metzler <ametzler@debian.org> Sun, 20 Jan 2008 18:27:33 +0100
2007
gnutls26 (2.2.0-1) experimental; urgency=low
* New upstream version.
License change! Main library stays LGPLv2.1+ but libgnutls-extra,
libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
updated.
* Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
versions were GPLv2+) and this license is not compatible with GPLv3+.
* Non packaged 2.1.8 introduced new symbol
gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
* Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
* Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
DSA2 support. Closes: #455513
* Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Dec 2007 16:41:54 +0100
gnutls26 (2.1.7-1) experimental; urgency=low
* New upstream version.
- Another soname bump. Packages renamed.
* Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
dak does not allow that yet.
* Add Build-Conflicts: libgnutls-dev to stop libtool from linking
libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035
-- Andreas Metzler <ametzler@debian.org> Sat, 1 Dec 2007 10:40:17 +0100
gnutls25 (2.1.6-2) experimental; urgency=low
* Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
experimental buildds happy.
-- Andreas Metzler <ametzler@debian.org> Mon, 19 Nov 2007 18:58:48 +0100
gnutls25 (2.1.6-1) experimental; urgency=low
* New upstream version. API changes! Please consult
/usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
removed (mainly *_authz_*) and changed interfaces.
This is the first release canddate for 2.2. The deprecation of
gnutls_set_default_priority() is supposed to be undone before the final
stable release.
* Bump build-depends.
* Stop building and shipping the C++ library, since nobody is using it. I
will happly re-add it if requested.
* Add Homepage field to debian/control.
* Build and ship Guile bindings. Requested by Ludovic Courtès who also
provided the initial patch. (On a sidenote I think guile generally does
not do the right thing by throwing dlopened modules into /usr/lib/.)
* Update debian/copyright.
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Nov 2007 16:42:01 +0100
gnutls13 (2.0.1-1) unstable; urgency=low
* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
(Closes: #441740)
-- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2007 11:29:22 +0200
gnutls13 (1.7.19-1) unstable; urgency=low
* New upstream version 1.7.19.
- Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
This takes of care of the mutt breakage. Closes: #439640
-- Andreas Metzler <ametzler@debian.org> Mon, 27 Aug 2007 19:36:23 +0200
gnutls13 (1.7.18-2) unstable; urgency=low
* Upload to unstable
-- Andreas Metzler <ametzler@debian.org> Sat, 25 Aug 2007 09:27:18 +0200
gnutls13 (1.7.18-1) experimental; urgency=low
* New upstream version 1.7.18, release candidate for 2.0.
* Bump shlibs, since functions have been added.
* Image files renamed upstream with gnutls- prefix and symlinked to
/usr/share/info/ in Debian package. Closes: #423577
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Aug 2007 09:06:11 +0200
gnutls13 (1.7.16-1) experimental; urgency=low
* New upstream version 1.7.16.
-- Andreas Metzler <ametzler@debian.org> Sat, 11 Aug 2007 10:50:21 +0200
gnutls13 (1.7.14-1) experimental; urgency=low
* New upstream version
- fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Jun 2007 09:06:35 +0200
gnutls13 (1.7.12-1) experimental; urgency=low
* New upstream version 1.7.12
- Fixes memory errors in certificate parsing. Closes: #333050
* Bump shlibs, due to API extensions in 1.7.10.
* Rebuilding of docs simpified, strip debian/README.source_and_patches to
reflect that.
-- Andreas Metzler <ametzler@debian.org> Sat, 23 Jun 2007 11:14:26 +0200
gnutls13 (1.7.9-1) experimental; urgency=low
* Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) * New upstream version. - Uses opencdk10 (0.6.x). - Improved gnutls_set_default_priority() priorities, with matching correct docs. (Closes: #422024) - bumped shlibs. * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage twice in a row on the same sourcetree. (Closes: #424357) Document what is needed to rebuild doc/gnutls.pdf in README.source_and_patches.
-- Andreas Metzler <ametzler@debian.org> Mon, 28 May 2007 08:36:42 +0200
gnutls13 (1.7.7-1) experimental; urgency=low
* New development upstream version 1.7.7.
- Point watchfile to development versions.
- Bump shlibs for added APIs.
- Includes German translation. (Closes: #392857)
-- Andreas Metzler <ametzler@debian.org> Sun, 15 Apr 2007 10:11:21 +0200
gnutls13 (1.6.3-1) unstable; urgency=low
* New upstream version, pulling selected fixes and features from 1.7.x. * Bump shlibs.
-- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2007 09:26:14 +0200
gnutls13 (1.6.2-2) unstable; urgency=low
* Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
-- Andreas Metzler <ametzler@debian.org> Sun, 13 May 2007 09:48:31 +0200
gnutls13 (1.6.2-1) unstable; urgency=low
* New upstream version
- Really Closes: #403887 libgnutls failes to parse OpenSSL generated
certificates, since it contains a regenerated pkix_asn1_tab.c.
- Ship German translation. Closes: #392857
-- Andreas Metzler <ametzler@debian.org> Sat, 21 Apr 2007 10:57:02 +0200
gnutls13 (1.6.1-2) unstable; urgency=low
* [gnutls-bin.install] Ship psktool.
* Ship gettext translations in deb package, but as gnutls13.mo instead of
gnutls.mo.
* Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
changelog entries after branchoff. Point watchfile to stable upstream
versions again.
* Drop dependency of libgnutls13-dbg on libgnutlsxx13.
-- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:49:48 +0100
gnutls13 (1.6.1-1) experimental; urgency=low
[ James Westby ] * New upstream release.
-- Andreas Metzler <ametzler@debian.org> Sat, 3 Feb 2007 13:18:03 +0100
2006
gnutls13 (1.6.0-1) experimental; urgency=low
* New upstream version.
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Nov 2006 13:21:56 +0100
gnutls13 (1.5.3-1) experimental; urgency=low
[ Andreas Metzler ]
* Fix debian/copyright.
- Do not use "copyright" as title of a paragraph listing licenses.
(Closes: #290194)
- Add a copy of the FDL 1.2 to debian/copyright.
* New upstream version 1.5.3.
* Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
* Drop code for re-libtoolizing and running auto* from debian/rules, it is
unused and would not work anymore. (We can later grab the from SVN and
update it to make work if we ever need it.)
-- Andreas Metzler <ametzler@debian.org> Sat, 28 Oct 2006 12:56:46 +0200
gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low
[ Andreas Metzler ]
* Add a watchfile.
* New upstream development version.
- Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
- Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
broken.
- Drop unneeded patches/16_libs.private_gnutls.diff
patches/16_libs.private_gnutls-extra.diff
- Point watchfile to development versions.
- Builds a C++ library.
* Switch to debhelper v5 mode to be able to ship debug symbols of
libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
* Branched off from 1.4.4-1.
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Sep 2006 09:54:38 +0200
gnutls13 (1.4.4-3) unstable; urgency=low
* Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
version, try to negotiate the highest version support by the GnuTLS
server, instead of the lowest.
-- Andreas Metzler <ametzler@debian.org> Sat, 11 Nov 2006 10:35:29 +0100
gnutls13 (1.4.4-2) unstable; urgency=low
[ Andreas Metzler ]
* Add a watchfile.
* Fix debian/copyright.
- Do not use "copyright" as title of a paragraph listing licenses.
(Closes: #290194)
- Add a copy of the FDL 1.2 to debian/copyright.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:57:49 +0200
gnutls13 (1.4.4-1) unstable; urgency=high
[ Andreas Metzler ]
* New upstream version 1.4.4
- Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
crash mutt. (closes: #386725)
GNUTLS-SA-2006-4 is CVE-2006-4790.
-- Andreas Metzler <ametzler@debian.org> Tue, 12 Sep 2006 19:09:47 +0200
gnutls13 (1.4.3-2) unstable; urgency=low
* the lesser of two weevils release.
[ Andreas Metzler ]
* Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
various programs, including mutt. (closes: #386680)
-- Andreas Metzler <ametzler@debian.org> Sat, 9 Sep 2006 19:29:52 +0200
gnutls13 (1.4.3-1) unstable; urgency=high
[ Andreas Metzler ]
* New upstream version 1.4.3.
- Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
rump session attack. GNUTLS-SA-2006-4
- Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
GNUTLS-SA-2006-3
- Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
-- Andreas Metzler <ametzler@debian.org> Fri, 8 Sep 2006 19:12:33 +0200
gnutls13 (1.4.2-1) unstable; urgency=medium
[ Andreas Metzler ]
* New upstream bugfix release.
- Fixes a crash in the certificate verification logic.
-- Andreas Metzler <ametzler@debian.org> Sat, 12 Aug 2006 10:44:16 +0200
gnutls13 (1.4.1-1) unstable; urgency=low
[ James Westby ]
* New upstream release.
* Remove the following patches as they are now included upstream:
- 10_certtoolmanpage.diff
- 15_fixcompilewarning.diff
- 30_man_hyphen_*.patch
* Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
gnutls-api so that devhelp can find it.
-- Andreas Metzler <ametzler@debian.org> Sat, 15 Jul 2006 11:11:08 +0200
gnutls13 (1.4.0-3) unstable; urgency=low
[ Andreas Metzler ]
* Strip "libgnutls-config --libs"' output to only list stuff required for
dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
README.Debian.
* Pull patches/16_libs.private_gnutls.diff and
debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
pkg-config usable for static linking.
-- Andreas Metzler <ametzler@debian.org> Sun, 2 Jul 2006 12:10:56 +0200
gnutls13 (1.4.0-2) unstable; urgency=low
[ Andreas Metzler ]
* Set maintainer to alioth mailinglist.
* Drop code for updating config.guess/config.sub from debian/rules, as cdbs
handles this. Build-Depend on autotools-dev.
* Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
* Use cdbs' simple-patchsys.mk.
- add debian/README.source_and_patches
- add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff
* Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
* Also ship css-, devhelp- and sgml files in gnutls-doc.
* patches/15_fixcompilewarning.diff correct order of funtion arguments.
[ James Westby ]
* This release allows the port to be specified as the name of the service
when using gnutls-cli (closes: #342891)
-- Andreas Metzler <ametzler@debian.org> Sat, 17 Jun 2006 20:44:09 +0200
gnutls13 (1.4.0-1) experimental; urgency=low
* New maintainer team. Thanks, Matthias for all the work you did.
* Re-add gnutls-doc package, featuring api-reference as manual pages and
html, and reference manual in html and pdf format.
(closes: #368185,#368449)
* Fix reference to gnutls0.4-doc package in debian/copyright. Update
debian/copyright and include actual copyright statements.
(closes: #369071)
* Bump shlibs because of changes to extra.h
* Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
generate the necessary directories.
* Drop debian/NEWS.Debian as it only talks about the move of the (since
purged) gnutls-doc package to contrib a long time ago.
(Thanks Simon Josefsson, for these suggestions.)
* new upstream version. (closes: #368323)
* clean packaging against upstream tarball.
- Drop all patches, except for fixing error in certtool.1 and setting
gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
- Add --enable-ld-version-script
to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
patching ./configure.in.
(closes: #367358)
* Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
* Build against external libtasn1-3. (closes: #363294)
* Standards-Version: 3.7.2, no changes required.
* debian/control and override file are in sync with respect to Priority and
Section, everthing except libgnutls13-dbg already was. (closes: #366956)
* acknowledge my own NMU. (closes: #367065)
* libgnutls13-dbg is nonempty (closes: #367056)
-- Andreas Metzler <ametzler@debian.org> Sat, 20 May 2006 11:22:36 +0000
gnutls13 (1.3.5-1.1) unstable; urgency=low
* NMU
* Invoke ./configure with --with-included-libtasn1 to prevent accidental
linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
contained libtasn1.so.3 and force gnutls13 to use the internal version of
libtasn instead until libtasn1-3-dev is uploaded. Drop broken
Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294)
* Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
of --dbg-package=libgnutls12. (closes: #367056)
-- Andreas Metzler <ametzler@debian.org> Sat, 13 May 2006 07:45:32 +0000
gnutls13 (1.3.5-1) unstable; urgency=low
* New Upstream version.
- Security fix.
- Yet another ABI change.
* Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
* Let -dev package depend on liblzo-dev (closes:#347438)
* Fix certtool help output (closes:#338623)
-- Matthias Urlichs <smurf@debian.org> Sat, 18 Mar 2006 22:46:25 +0100
2005
gnutls12 (1.2.9-2) unstable; urgency=low
* Install /usr/lib/pkgconfig/*.pc files.
* Depend on texinfo (>= 4.8, for the @euro{} sign).
-- Matthias Urlichs <smurf@debian.org> Tue, 15 Nov 2005 19:26:02 +0100
gnutls12 (1.2.9-1) unstable; urgency=low
* New Upstream version.
-- Matthias Urlichs <smurf@debian.org> Fri, 11 Nov 2005 18:51:28 +0100
gnutls12 (1.2.8-1) unstable; urgency=low
* New Upstream version.
- depends on libgcrypt11 1.2.2
* Bumped shlibs version, just to be on the safe side.
-- Matthias Urlichs <smurf@debian.org> Wed, 19 Oct 2005 12:05:14 +0200
gnutls12 (1.2.6-1) unstable; urgency=low
* New Upstream version.
* Remove Provides: on libgnutls11-dev.
Hopefully this will be temporary (pending discussion with Upstream).
-- Matthias Urlichs <smurf@debian.org> Thu, 11 Aug 2005 12:21:36 +0200
gnutls12 (1.2.5-3) unstable; urgency=high
* Updated libgnutls12.shlibs file.
Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
dependencies on this library
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 13:19:25 +0200
gnutls12 (1.2.5-2) unstable; urgency=medium
* Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
Added an explicit dependency as a stopgap fix.
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Jul 2005 08:27:22 +0200
gnutls12 (1.2.5-1) unstable; urgency=low
* Merged with the latest stable release.
* Renamed to gnutls12.
- Changed the library version strings to GNUTLS_1_2.
- Renamed the development package back to "libgnutls-dev".
-- Matthias Urlichs <smurf@debian.org> Tue, 5 Jul 2005 10:35:56 +0200
2004
gnutls11 (1.0.19-1) experimental; urgency=low
* Merged with the latest stable release.
-- Matthias Urlichs <smurf@debian.org> Sun, 26 Dec 2004 13:28:45 +0100
gnutls11 (1.0.16-13) unstable; urgency=high
* Fixed an ASN.1 extraction error.
Found by Pelle Johansson <morth@morth.org>.
-- Matthias Urlichs <smurf@debian.org> Mon, 29 Nov 2004 10:16:21 +0100
gnutls11 (1.0.16-12) unstable; urgency=high
* Fixed a segfault in certtool. Closes: #278361.
-- Matthias Urlichs <smurf@debian.org> Thu, 11 Nov 2004 09:40:02 +0100
gnutls11 (1.0.16-11) unstable; urgency=medium
* Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken.
-- Matthias Urlichs <smurf@debian.org> Sat, 6 Nov 2004 13:11:03 +0100
gnutls11 (1.0.16-10) unstable; urgency=high
* Fixed one instance of uninitialized memory usage.
-- Matthias Urlichs <smurf@debian.org> Thu, 21 Oct 2004 06:07:53 +0200
gnutls11 (1.0.16-9) unstable; urgency=high
* Pulled from Upstream CVS:
- Fix two memory leaks.
- Fix NULL dereference.
-- Matthias Urlichs <smurf@debian.org> Fri, 8 Oct 2004 10:43:20 +0200
gnutls11 (1.0.16-8) unstable; urgency=high
* Pulled these changes from Upstream CVS:
- Added default limits in the verification of certificate chains,
to avoid denial of service attacks.
- Added gnutls_certificate_set_verify_limits() to override them.
- Added gnutls_certificate_verify_peers2().
-- Matthias Urlichs <smurf@debian.org> Sun, 12 Sep 2004 02:05:25 +0200
gnutls11 (1.0.16-7) unstable; urgency=low
* Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
Thanks to joeyh@debian.org for reporting this problem.
-- Matthias Urlichs <smurf@debian.org> Sat, 14 Aug 2004 11:22:51 +0200
gnutls11 (1.0.16-6) unstable; urgency=medium
* Memory leak, found by Modestas Vainius <geromanas@mailas.com>. - Closes: #264420
-- Matthias Urlichs <smurf@debian.org> Sun, 8 Aug 2004 22:21:01 +0200
gnutls11 (1.0.16-5) unstable; urgency=low
* Depend on current libtasn1-2 (>= 0.2.10).
- Closes: #264198.
* Fixed maintainer email to point to Debian address.
-- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:44:38 +0200
gnutls11 (1.0.16-4) unstable; urgency=low
* The OpenSSL compatibility library has been linked incorrectly
(-ltasn1 was missing).
* Need to build-depend on current opencdk8 and libtasn1-2 version.
-- Matthias Urlichs <smurf@debian.org> Sat, 7 Aug 2004 19:29:32 +0200
gnutls11 (1.0.16-3) unstable; urgency=high
* Documentation no longer includes LaTeX-produced output
(the source contains latex2html-specific features, which is non-free).
* Urgency: High because of pending base freeze.
-- Matthias Urlichs <smurf@debian.org> Mon, 26 Jul 2004 11:18:20 +0200
gnutls11 (1.0.16-2) unstable; urgency=high
* Actually enable debug symbols :-/ * Urgency: High for speedy inclusion in d-i
-- Matthias Urlichs <smurf@debian.org> Fri, 23 Jul 2004 22:38:07 +0200
gnutls11 (1.0.16-1) experimental; urgency=low
* Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html.
-- Matthias Urlichs <smurf@debian.org> Wed, 21 Jul 2004 16:58:26 +0200
gnutls10 (1.0.4-4) unstable; urgency=low
* New maintainer.
* Run autotools at source package build time.
- Closes: #257237: FTBFS (i386/sid): aclocal failed
* Remove "package is still changed upstream" warning.
* Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.
-- Matthias Urlichs <smurf@debian.org> Fri, 16 Jul 2004 02:09:36 +0200
gnutls10 (1.0.4-3) unstable; urgency=low
* control: Changed the build dependency and the dependency of
libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
could cause linking against two versions of libgcrypt.
-- Ivo Timmermans <ivo@debian.org> Sat, 24 Jan 2004 15:32:22 +0100
gnutls10 (1.0.4-2) unstable; urgency=low
* libgnutls-doc.doc-base: Removed HTML manual listing.
* control: Removed Jordi Mallach from the list of Uploaders. Thanks,
Jordi :)
-- Ivo Timmermans <ivo@debian.org> Wed, 14 Jan 2004 13:35:42 +0100
gnutls10 (1.0.4-1) unstable; urgency=low
* New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream.
-- Ivo Timmermans <ivo@debian.org> Tue, 13 Jan 2004 23:57:16 +0100
2003
gnutls10 (1.0.0-1) unstable; urgency=low
* New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list.
-- Ivo Timmermans <ivo@debian.org> Mon, 29 Dec 2003 23:23:08 +0100
gnutls8 (0.9.99-1) experimental; urgency=low
* New upstream release. * Included upstream GPG signature in .orig.tar.gz.
-- Ivo Timmermans <ivo@debian.org> Wed, 3 Dec 2003 22:33:52 +0100
gnutls8 (0.9.98-1) experimental; urgency=low
* New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch].
-- Ivo Timmermans <ivo@debian.org> Sun, 23 Nov 2003 15:44:38 +0100
gnutls8 (0.9.95-1) experimental; urgency=low
* New upstream version.
-- Ivo Timmermans <ivo@debian.org> Fri, 7 Nov 2003 19:50:22 +0100
gnutls8 (0.9.94-1) experimental; urgency=low
* New upstream version; package based on gnutls7 0.8.12-2.
* debian/control:
* Build-depend on libgcrypt7-dev (>= 1.1.44-0).
* debian/rules: Run auto* after the patches have been applied.
-- Ivo Timmermans <ivo@debian.org> Fri, 31 Oct 2003 18:47:09 +0100