Ubuntu
gnutls28 package

Change logs for gnutls28 source package in Groovy

  1. Groovy (20.10)
  2. Change log 
  • gnutls28 (3.6.15-4ubuntu2.1) groovy; urgency=medium

  * testpkcs11: use datefudge to allow testing with expired certificates.
    (LP: #1910255)

 -- Brian Murray <email address hidden>  Fri, 26 Feb 2021 16:23:02 -0800
  • gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low

  * Merge from Debian unstable LP: #1893924.  Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).
  * Add patch to fix ftbfs gnulib with new glibc.

gnutls28 (3.6.15-4) unstable; urgency=medium

  * autopkgtest: Require build-essential.
  * autopkgtest: respect dpkg-buildflags for helper-binary build.

gnutls28 (3.6.15-3) unstable; urgency=medium

  * More autopkgtest hotfixes.

gnutls28 (3.6.15-2) unstable; urgency=medium

  * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
    installed gnutls-bin.
  * In autopkgtest set top_builddir and builddir, ignore
    tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.

gnutls28 (3.6.15-1) unstable; urgency=low

  * New upstream version.
    + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
      unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
      Closes: #969547
    + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
      50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
    + Fix build error due to outdated gettext in Debian by removing newer
      gettext m4 macros from m4/.

gnutls28 (3.6.14-2) unstable; urgency=medium

  * Pull selected patches from upstream GIT:
    + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
      Fixes difference in generated docs on 32 and 64 bit archs.
    + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      Fix memleak in gnutls_aead_cipher_init() with keys having invalid
      length. (Broken since 3.6.3)
    + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
      Closes: #962467

gnutls28 (3.6.14-1) unstable; urgency=high

  * Drop debugging code added in -4, fixes nocheck profile build error.
    Closes: #962199
  * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
    debian/upstream/signing-key.asc.
  * New upstream version.
    + Fixes insecure session ticket key construction.
      [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
    + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
      51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
      51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
      51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
  * Drop guile-gnutls.lintian-overrides.
  * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
    AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
    IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
    Hopefully Closes: #962218

 -- Dimitri John Ledkov <email address hidden>  Thu, 24 Sep 2020 12:03:44 +0100
  • gnutls28 (3.6.15-4ubuntu1) groovy; urgency=low

  * Merge from Debian unstable LP: #1893924.  Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).

gnutls28 (3.6.15-4) unstable; urgency=medium

  * autopkgtest: Require build-essential.
  * autopkgtest: respect dpkg-buildflags for helper-binary build.

gnutls28 (3.6.15-3) unstable; urgency=medium

  * More autopkgtest hotfixes.

gnutls28 (3.6.15-2) unstable; urgency=medium

  * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
    installed gnutls-bin.
  * In autopkgtest set top_builddir and builddir, ignore
    tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.

gnutls28 (3.6.15-1) unstable; urgency=low

  * New upstream version.
    + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
      unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
      Closes: #969547
    + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
      50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
    + Fix build error due to outdated gettext in Debian by removing newer
      gettext m4 macros from m4/.

gnutls28 (3.6.14-2) unstable; urgency=medium

  * Pull selected patches from upstream GIT:
    + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
      Fixes difference in generated docs on 32 and 64 bit archs.
    + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      Fix memleak in gnutls_aead_cipher_init() with keys having invalid
      length. (Broken since 3.6.3)
    + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
      Closes: #962467

gnutls28 (3.6.14-1) unstable; urgency=high

  * Drop debugging code added in -4, fixes nocheck profile build error.
    Closes: #962199
  * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
    debian/upstream/signing-key.asc.
  * New upstream version.
    + Fixes insecure session ticket key construction.
      [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
    + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
      51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
      51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
      51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
  * Drop guile-gnutls.lintian-overrides.
  * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
    AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
    IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
    Hopefully Closes: #962218

 -- Dimitri John Ledkov <email address hidden>  Thu, 24 Sep 2020 12:03:44 +0100
  • gnutls28 (3.6.13-4ubuntu5) groovy; urgency=medium

  * SECURITY UPDATE: null pointer deref via no_renegotiation alert
    - debian/patches/CVE-2020-24659.patch: reject no_renegotiation alert if
      handshake is incomplete in lib/gnutls_int.h, lib/handshake.c.
    - CVE-2020-24659

 -- Marc Deslauriers <email address hidden>  Tue, 08 Sep 2020 10:09:39 -0400
  • gnutls28 (3.6.13-4ubuntu4) groovy; urgency=medium

  * No change rebuild against new libnettle8 and libhogweed6 ABI.

 -- Dimitri John Ledkov <email address hidden>  Mon, 29 Jun 2020 22:24:52 +0100
  • gnutls28 (3.6.13-4ubuntu3) groovy; urgency=medium

  * Enable CET.

 -- Dimitri John Ledkov <email address hidden>  Sun, 28 Jun 2020 23:48:44 +0100
  • gnutls28 (3.6.13-4ubuntu2) groovy; urgency=medium

  * SECURITY UPDATE: flaw in TLS session ticket key construction
    - debian/patches/CVE-2020-13777.patch: differentiate initial state from
      valid time window of TOTP in lib/stek.c,
      tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
    - CVE-2020-13777

 -- Marc Deslauriers <email address hidden>  Fri, 05 Jun 2020 13:12:39 -0400
  • gnutls28 (3.6.13-4ubuntu1) groovy; urgency=medium

  * Resynchronize with Debian; remaining changes:
    Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3
    with medium security profile (2048 RSA keys minimum, and similar).

gnutls28 (3.6.13-4) unstable; urgency=medium

  * Output some network related debugging from debian/rules.
  * Fix verification error with alternate chains. Closes: #961889

gnutls28 (3.6.13-3) unstable; urgency=medium

  * 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS
    master: Handle zero length session tickets, fixing connection errors on
    TLS1.2 sessions to some big hosting providers. (See LP 1876286)

 -- Sebastien Bacher <email address hidden>  Fri, 05 Jun 2020 15:12:03 +0200
  • gnutls28 (3.6.13-2ubuntu1) focal; urgency=medium

  * Merge with Debian; remaining changes:
    - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3
      with medium security profile (2048 RSA keys minimum, and similar).

gnutls28 (3.6.13-2) unstable; urgency=high

  * Upload to unstable.

gnutls28 (3.6.13-1) experimental; urgency=low

  * New upstream version.
    + libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
      support), since 3.6.3. The DTLS client would not contribute any
      randomness to the DTLS negotiation, breaking the security
      guarantees of the DTLS protocol
      GNUTLS-SA-2020-03-31 Closes: #955556
  * Fix guile lintian override for shared-lib-without-dependency-information.

gnutls28 (3.6.12-2) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.6.12-1) experimental; urgency=low

  [ Debian Janitor ]
  * Drop unnecessary dh arguments: --parallel

  [ Andreas Metzler ]
  * Fix bindtextdomain() call and dgettext() invocations to search for the
    correct filename. (Thanks, Laurent Bigonville for report and diagnosis.)
    Closes: #949151
  * [lintian] Drop superfluous debian/source/include-binaries.
  * New upstream version.
    + Update symbol file.
    + Drop workaround for #658110, install guile shared objects to multi-arch
      paths.

 -- Matthias Klose <email address hidden>  Sun, 05 Apr 2020 20:44:49 +0200