-
gnutls28 (3.3.8-3ubuntu3.2) vivid-security; urgency=medium
* SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
- debian/patches/CVE-2015-7575.patch: properly set value in
auth/cert.c, do not consider any values from the extension data to
decide acceptable algorithms in lib/ext/signature.c, added test to
tests/Makefile.am, tests/sign-md5-rep.c.
- CVE-2015-7575
-- Marc Deslauriers <email address hidden> Thu, 07 Jan 2016 10:34:56 -0500
-
gnutls28 (3.3.8-3ubuntu3.1) vivid-security; urgency=medium
* SECURITY UPDATE: Double free in parsing of dist points
- debian/patches/CVE-2015-3308.patch: clear san.data and san.size in
lib/x509/x509_ext.c.
- CVE-2015-3308
* SECURITY UPDATE: Double free in certificate DN decoding
- debian/patches/CVE-2015-6251.patch: Reset the output value on error
in lib/x509/common.c.
- CVE-2015-6251
-- Marc Deslauriers <email address hidden> Mon, 31 Aug 2015 14:49:12 -0400
-
gnutls28 (3.3.8-3ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: certificate algorithm consistency issue
- debian/patches/CVE-2015-0294.patch: make sure the two signature
algorithms match on cert import in lib/x509/x509.c.
- CVE-2015-0294
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 08:16:02 -0400
-
gnutls28 (3.3.8-3ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
elliptic curves parameter printing
- debian/patches/CVE-2014-8564.patch: add more sanity checks in
lib/gnutls_ecc.c.
- CVE-2014-8564
-- Marc Deslauriers <email address hidden> Mon, 10 Nov 2014 15:18:59 -0500
-
gnutls28 (3.3.8-3ubuntu1) vivid; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make gnutls28 default.
gnutls28 (3.3.8-3) unstable; urgency=high
[ Daniel Kahn Gillmor ]
* Add list of executables to gnutls-bin package description.
Closes: #763671
[ Andreas Metzler ]
* 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
Mavrogiannopoulos!) Closes: #760476
gnutls28 (3.3.8-2) unstable; urgency=medium
* Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
3.3.8 requires libtasn1 >= 3.9.
* Upload to unstable.
gnutls28 (3.3.8-1) experimental; urgency=medium
* New upstream version.
+ Refresh 20_debian_specific_soname.diff.
+ Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
with old experimental upload 0.21.2-1
+ Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
some functions in the gnutls_pkcs11_* family due to new members in enums
gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
symbol dependency info, and bump shlibs.
* Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
The GnuTLS library package automatically gets a dependency on libp11-kit0
(>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
enforce a version on libp11-kit-dev and we do not need to duplicate the
info.
* Add explicit build-dependency on libopts25-dev. Closes: #761618
gnutls28 (3.3.7-2) unstable; urgency=medium
* Upload to unstable.
gnutls28 (3.3.7-1) experimental; urgency=medium
* New upstream release.
+ Refresh 20_debian_specific_soname.diff.
+ Add newly added symbols to libgnutls-deb0-28.symbols, bump private
symbol dependency info, and bump shlibs.
+ New member in gnutls_pkcs11_obj_attr_t, bump version of
gnutls_pkcs11_obj_list_import_url*.
gnutls28 (3.3.6-2) unstable; urgency=medium
* Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
lastest stable at freeze time.
* 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
at-build-time-default-compiler) by exporting @CPP@.
gnutls28 (3.3.6-1) experimental; urgency=medium
* [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
* New upstream release.
+ Refresh 20_debian_specific_soname.diff.
+ Add newly added symbols to libgnutls-deb0-28.symbols and bump private
symbol dependency info.
gnutls28 (3.3.5-1) experimental; urgency=medium
* New upstream version.
* Refresh patches/20_debian_specific_soname.diff.
* Drop 30_Updated-asm-sources.patch.
* Add new public symbols to symbol file, bump shlibs.
gnutls28 (3.3.3-1) experimental; urgency=medium
* New upstream version, including a fix for GNUTLS-SA-2014-3
CVE-2014-3466.
* Refresh 20_debian_specific_soname.diff.
* 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
* New symbol gnutls_credentials_get, update symbol file and bump shlibs.
gnutls28 (3.3.2-2) experimental; urgency=high
* Fix crashes due to symbol clashes when a binary ends up being linked
against GnuTLS v2 and v3 by bumping library symbol-versioning (and
therefore also the soname) in a Debian specific way, to make sure there is
no conflict with future:
+ 20_debian_specific_soname.diff
- Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
- Add "-release deb0" to libtool link command.
+ Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
+ Adapt symbol file accordingly.
+ Change 14_version_gettextcat.diff, too.
Closes: #748742
* Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
These have been unnecessary since we started using dh compat v9, where
debugging symbols are installed to /usr/lib/debug/.build-id.
gnutls28 (3.3.2-1) experimental; urgency=medium
* Do not build-depend on guile-2.0 on m68k. Closes: #745461
* Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
corresponding versioned build-dependency, to prevent building of
uninstallable packages.
* New upstream version. Drop 20_guile_no_override_allocation.diff and
21_Treat-othername-as-printable.diff.
gnutls28 (3.3.1-1) experimental; urgency=medium
* New upstream version.
+ Drop 20_sparc_chainverify_buserror.diff.
+ Pull 20_guile_no_override_allocation.diff and
21_Treat-othername-as-printable.diff from upstream GIT.
+ Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
upstream since it was never exported in a public header and is not
used according to codesearch.d.o.
gnutls28 (3.3.0-2) experimental; urgency=medium
* Drop last remains of -xssl from debian/.
* Add debian/libgnutls28.symbols.
* 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
increase the space available for certificates to fix sparc testsuite
error.
* Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
libgnutls28-dev.
gnutls28 (3.3.0-1) experimental; urgency=medium
* New upstream version.
+ Bump shlibs.
gnutls28 (3.3.0~pre0-1) experimental; urgency=medium
* Also version the p11-kit dependency.
* New upstream version.
+ Set --enable-static, as only shared libs are built by default.
+ libgnutls-xssl is no more.
+ Bump shlibs.
* Upload to experimental.
-- Michael Vogt <email address hidden> Thu, 30 Oct 2014 15:21:33 +0100
-
gnutls28 (3.2.16-1ubuntu2) utopic; urgency=medium
* No-change rebuild to get debug symbols on all architectures.
-- Brian Murray <email address hidden> Tue, 21 Oct 2014 14:15:57 -0700