-
gnutls26 (2.10.5-1ubuntu3.3) oneiric-security; urgency=low
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-1619.patch: avoid timing attacks in
lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
- CVE-2013-1619
-- Marc Deslauriers <email address hidden> Mon, 25 Feb 2013 11:52:02 -0500
-
gnutls26 (2.10.5-1ubuntu3.2) oneiric-proposed; urgency=low
* Apply upstream patch to fix validation of certificates when more than
one with the same short hash exists in the CA bundle (LP: #1003841).
-- Thorsten Glaser <email address hidden> Thu, 24 May 2012 11:10:16 +0200
-
gnutls26 (2.10.5-1ubuntu3.1) oneiric-security; urgency=low
* SECURITY UPDATE: Denial of service in client application
- debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
session data. Based on upstream patch.
- CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
- debian/patches/CVE-2012-1573.patch: Validate the size of a
GenericBlockCipher structure as it is processed. Based on upstream
patch.
- CVE-2012-1573
-- Tyler Hicks <email address hidden> Wed, 04 Apr 2012 11:13:02 -0500
-
gnutls26 (2.10.5-1ubuntu3) oneiric; urgency=low
* Backport from Debian (Andreas Metzler, LP: #829467):
- [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.
-- Colin Watson <email address hidden> Thu, 25 Aug 2011 17:23:22 +0100
-
gnutls26 (2.10.5-1ubuntu2) oneiric; urgency=low
* debian/libgnutlsxx26.install, debian/control: convert libgnutlsxx26
for multiarch as well.
-- Steve Langasek <email address hidden> Fri, 20 May 2011 14:26:01 -0700
-
gnutls26 (2.10.5-1ubuntu1) oneiric; urgency=low
* Merge from Debian unstable, remaining changes:
- Fix build failure with --no-add-needed.
- Build for multiarch.
gnutls26 (2.10.5-1) unstable; urgency=low
* New upstream bugfix release.
+ Drop 15_fixgnutlspc.diff, included upstream.
* Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
seem to set it by default.
gnutls26 (2.10.4-2) unstable; urgency=low
* Use debhelper compatibility level 7.
* Merge in changes from 2.8.6-1:
+ Use dh_lintian.
+ Use dh_makeshlibs for the guile stuff, too. This gets us
a) ldconfig in postinst. Closes: #553109
and
b) a shlibs file.
However the shared objects /usr/lib/libguile-gnutls*so* are still not
designed to be used as libraries (linking) but are dlopened. guile-1.10
will address this issue by keeping this stuff in a private directory.
+ hotfix pkg-config files (proper fix to be included upstream).
+ Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
Closes: #405239
* Upload to unstable.
gnutls26 (2.10.4-1) experimental; urgency=low
* New upstream release. V1 CAs are trusted by default.
gnutls26 (2.10.3-1) experimental; urgency=low
* Drop workaround for 519006, binutils is fixed even in squeeze.
* New upstream bugfix release.
gnutls26 (2.10.2-1) experimental; urgency=low
* New upstream version.
+ Fix asynchronous API handling. Closes: #588187
+ certtool does not crash on reading from /dev/null anymore.
Closes: #588029
* Standards-Version 3.9.1 -Stop building with -D_REENTRANT.
gnutls26 (2.10.1-1) experimental; urgency=low
* Update package descriptions. Closes: #588067
* New upstream version.
gnutls26 (2.10.0-2) experimental; urgency=low
* libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1),
libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
(2.31.2-1) not yet. Closes: #587755
gnutls26 (2.10.0-1) experimental; urgency=low
* New upstream stable release.
* Point watchfile to stable releases.
gnutls26 (2.9.12-2) experimental; urgency=low
* Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
useless and almost empty package on these archs.)
* Drop ancient workaround for gcc bug on hppa.
http://bugs.debian.org/128036
gnutls26 (2.9.12-1) experimental; urgency=low
* New upstream version.
gnutls26 (2.9.11-1) experimental; urgency=low
* New upstream version.
* Drop 15_gnutlspriority.diff, superseded.
gnutls26 (2.9.10-2) experimental; urgency=low
* [15_gnutlspriority.diff] Restore compatibility with programs using
gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
Closes: #579831
gnutls26 (2.9.10-1) experimental; urgency=low
* New upstream version.
* New functions added, bump shlibs.
gnutls26 (2.9.9-1) experimental; urgency=low
* Package upstream development branch for experimental.
* Track development versions in watchfile.
* Package C++ wrapper again. Closes: #548637
-- Steve Langasek <email address hidden> Fri, 20 May 2011 13:07:18 -0700
-
gnutls26 (2.8.6-1ubuntu2) natty; urgency=low
* FFe LP: #733501: Build for multiarch.
-- Steve Langasek <email address hidden> Mon, 21 Mar 2011 22:19:18 -0700
