gnutls28 3.0.9-2 source package in Ubuntu

Changelog

gnutls28 (3.0.9-2) unstable; urgency=low

  * [20_test-select.diff] Do not run gnulib test-select test anymore. The
    test fails on kfreebsd-i386, the gnutls library does not use select().
  * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
  * Upload to unstable.

gnutls28 (3.0.9-1) experimental; urgency=low

  * New upstream version.
  * Include guile-gnutls package.
  * Bump shlibs.

gnutls28 (3.0.8-2) unstable; urgency=low

  * First upload to unstable.
    + Disable openssl-wrapper package, let it be provided by gnutls26 until
      gnutls28 is in testing.
    + Disable gnutls-guile package, let it be provided by gnutls26 until
      gnutls28 is in testing.

gnutls28 (3.0.8-1) experimental; urgency=low

  * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
    guile related FTBFS on these architectures.
    See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
  * New upstream version.
    + Bump shlibs.

gnutls28 (3.0.7-1) experimental; urgency=low

  * New upstream version.
    + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
  * Drop 20_addGNU-stack.diff, included upstream.
  * loadable Guile module no longer installed directly to $libdir but to
    $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
    Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
    DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
  * gnutls-extra is removed upstream, there is no need anymore to manually
    remove the bits and pieces in debian/rules.

gnutls28 (3.0.4-2) experimental; urgency=low

  * Drop libgnutls-dev.README.Debian, the information provided there stopped
    being relevant in 2.7.12.
  * Delete superfluous info from debian/README.source.
  * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
    seem to be possible.
    http://lists.debian.org/debian-devel/2011/10/msg00332.html
  * Simplify dependencies:
    + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
      also provided by gnutls26' libgnutls-dev).
    + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
      gnutls-dev (<< 0.4.0-0), libgnutls11-dev.

gnutls28 (3.0.4-1) experimental; urgency=low

  * New upstream version.
    + bump shlibs.
    + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
  * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
  * [20_addGNU-stack.diff] Add GNU-stack note to newly added
    padlock-common.s.
  * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
    be packaged for Debian again when it provides functionality.
  * Update debian/copyright, accelerated assembly code is non-FSF copyright.
  * Add crywrap.8 manpage.

gnutls28 (3.0.3-1) experimental; urgency=low

  * New upstream version. (Includes a fix for #640639)
  * Bump shlibs.

gnutls28 (3.0.2-1) experimental; urgency=low

  * Update debian/copyright for crywrap.
  * Since libgnutls*-dbg contains debugging symbols of helper applications
    libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
    Conflicts.
  * New upstream version. It also includes the fixes for #638586 (Correct
    parsing of XMPP subject alternative names) and #638595
    (gnutls_certificate_set_x509_key() and
    gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
    release of the private key during the lifetime of the certificate
    structure.)
  * Configure with --enable-gtk-doc, the included API reference is incomplete
    in the tarball.
  * [lintian] Get rid of binary-control-field-duplicates-source field
    warnings.
  * [lintian] Add description header to 14_version_gettextcat.diff
  * Bump shlibs.

gnutls28 (3.0.1-1) experimental; urgency=low

  * Update Vcs-Svn and Vcs-Browser for new source package name.
  * New upstream version.
    + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
  * Bump build-dependency on libp11-kit-dev to (>= 0.4).
  * Drop 20_executablestack.diff, included upstream.
  * Includes crywrap(8), an application that proxies TLS session to a port
    using a plaintext service. 
  * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
  * Bump shlibs. (New flags).

gnutls28 (3.0.0-2) experimental; urgency=low

  * Add missing b-d on chrpath.
  * Search for .xz instead of .bz2 in watchfile.

gnutls28 (3.0.0-1) experimental; urgency=low

  * Drop gcrypt related patches (16_unnecessarydep.diff
    17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
    20_gcrypt15compat.diff), update remaining one
    (14_version_gettextcat.diff).
  * Build against nettle and p11-kit.
    + Update DEB_CONFIGURE_EXTRA_FLAGS.
    + Update (Build-)Depends. (Add pkg-config, it is used for locating
      p11-kit.)
  * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
    libgnutls28.
  * Drop libgnutls Breaks, they are superfluous after the soname change.
  * Delete config.log on clean.
  * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
    assembly files.
  * Delete unneccessary rpath entries.
  * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
    NEWS entry for this license change.
  * Move gnutls-extra library to separate package.

gnutls26 (2.12.7-4) unstable; urgency=low

  * Upload to unstable.
  * Point watch file to stable release directory.
  * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
    Libs.private. Closes: #632891
  * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)

gnutls26 (2.12.7-3) experimental; urgency=low

  [ Simon Josefsson ]
  * Fix Debian BTS URL in --with-packager-bug-reports option.

  [ Andreas Metzler ]
  * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.

gnutls26 (2.12.7-2) experimental; urgency=low

  * Stop shipping libtool la files.
  * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
    + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
      *.install accordingly.
    + Bump cdbs Build-Depends to 0.4.93 (required for expanding
      $(DEB_HOST_MULTIARCH)).
    + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
    + runtime libraries and guile-wrapper are Multi-Arch: same with 
      Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
      Multi-Arch: foreign, -dev and -dbg remain unchanged.
    + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
      package. It contains debugging symbols for both library and helper
      binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
      co-installable with itself.

gnutls26 (2.12.7-1) experimental; urgency=low

  * New upstream version.
  * Update 17_ignoretestsuitteerrors.diff.
  * A new version of pokerth has been uploaded to sid, update libgnutls26
    Breaks accordingly.

gnutls26 (2.12.6.1-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs, global_set_time_function() was added.
  * Stop setting CFLAGS += -Wall, it is set by default again.
  * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
    errors.

gnutls26 (2.12.5-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs, gnutls_x509_crq_verify() was added.

gnutls26 (2.12.4-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs. (gnutls_certificate_get_issuer() added).

gnutls26 (2.12.3-1) experimental; urgency=low

  * New upstream version.
  * Drop patches included upstream: [18_restoreHMAC-MD5.diff]

gnutls26 (2.12.2-2) experimental; urgency=low

  * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
    for compatibility. Closes: #623001

gnutls26 (2.12.2-1) experimental; urgency=low

  * New upstream version.
  * [lintian] Drop article from short package descriptions.

gnutls26 (2.12.1-1) experimental; urgency=low

  * New upstream version.
    + certtool: Generated certificate request with stricter permissions.
      Closes: #619746
  * Drop superfluous patches:
    17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
    19_uninitializedvar.diff 20_access_freedmemory.diff
  * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
    need a binNMU when gnutls 2.12.x uploaded to unstable.

gnutls26 (2.12.0-1) experimental; urgency=low

  * New upstream stable release.
    + Drop superceded patches 17_goldhotfix.patch
      18_libgnutls-openssl_soname.diff.
  * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
    17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
    19_uninitializedvar.diff 20_access_freedmemory.diff

gnutls26 (2.11.7-2) experimental; urgency=low

  * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
    versioning: 27:0:0).
  * Split off libgnutls-openssl to a separate package, since the sonames are
    not in sync anymore.

gnutls26 (2.11.7-1) experimental; urgency=low

  * New upstream version (rc for 2.12)
    + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
    + Bump shlibs.
  * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.

gnutls26 (2.11.6-2) experimental; urgency=low

  * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
    on big endian architectures.

gnutls26 (2.11.6-1) experimental; urgency=low

  * Development release.
  * Continue building against libgcrypt, run configure with --with-libgcrypt.
  * Refresh patches/15_fixgnutlspc.diff.
  * Set --with-packager* options.
  * Install newly available p11tool binary.
  * Bump libgcrypt11-dev Build-Depends.
  * C++ wrapper soname bump, change package name accordingly.
  * Bump shlibs.
  * Update debian/copyright.
  * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
    seem to set it by default.

gnutls26 (2.10.5-3) unstable; urgency=medium

  * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.

gnutls26 (2.10.5-2) unstable; urgency=low

  * Stop shipping libtool la files.

gnutls26 (2.10.5-1) unstable; urgency=low

  * New upstream bugfix release.
    + Drop 15_fixgnutlspc.diff, included upstream.
  * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
    seem to set it by default.

gnutls26 (2.10.4-2) unstable; urgency=low

  * Use debhelper compatibility level 7.
  * Merge in changes from 2.8.6-1:
    + Use dh_lintian.
    + Use dh_makeshlibs for the guile stuff, too. This gets us 
      a) ldconfig in postinst. Closes: #553109
      and
      b) a shlibs file.
      However the shared objects /usr/lib/libguile-gnutls*so* are still not
      designed to be used as libraries (linking) but are dlopened. guile-1.10
      will address this issue by keeping this stuff in a private directory.
    + hotfix pkg-config files (proper fix to be included upstream).
    + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
      Closes: #405239
   * Upload to unstable.

gnutls26 (2.10.4-1) experimental; urgency=low

  * New upstream release. V1 CAs are trusted by default.

gnutls26 (2.10.3-1) experimental; urgency=low

  * Drop workaround for 519006, binutils is fixed even in squeeze.
  * New upstream bugfix release.

gnutls26 (2.10.2-1) experimental; urgency=low

  * New upstream version.
    + Fix asynchronous API handling. Closes: #588187
    + certtool does not crash on reading from /dev/null anymore.
      Closes: #588029
  * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.

gnutls26 (2.10.1-1) experimental; urgency=low

  * Update package descriptions. Closes: #588067
  * New upstream version.

gnutls26 (2.10.0-2) experimental; urgency=low

  * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
    libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
    support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
    (2.31.2-1) not yet. Closes: #587755

gnutls26 (2.10.0-1) experimental; urgency=low

  * New upstream stable release.
  * Point watchfile to stable releases.

gnutls26 (2.9.12-2) experimental; urgency=low

  * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
    without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
    useless and almost empty package on these archs.)
  * Drop ancient workaround for gcc bug on hppa.
    http://bugs.debian.org/128036

gnutls26 (2.9.12-1) experimental; urgency=low

  * New upstream version.

gnutls26 (2.9.11-1) experimental; urgency=low

  * New upstream version.
  * Drop 15_gnutlspriority.diff, superseded.

gnutls26 (2.9.10-2) experimental; urgency=low

  * [15_gnutlspriority.diff] Restore compatibility with programs using 
    gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
    Closes: #579831

gnutls26 (2.9.10-1) experimental; urgency=low

  * New upstream version.
  * New functions added, bump shlibs.

gnutls26 (2.9.9-1) experimental; urgency=low

  * Package upstream development branch for experimental.
  * Track development versions in watchfile.
  * Package C++ wrapper again. Closes: #548637

gnutls26 (2.8.6-1) unstable; urgency=low

  * Use dh_lintian.
  * Use dh_makeshlibs for the guile stuff, too. This gets us 
    a) ldconfig in postinst. Closes: #553109
    and
    b) a shlibs file.
    However the shared objects /usr/lib/libguile-gnutls*so* are still not
    designed to be used as libraries (linking) but are dlopened. guile-1.10
    will address this issue by keeping this stuff in a private directory.
  * hotfix pkg-config files (proper fix to be included upstream).
  * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff

gnutls26 (2.8.5-2) unstable; urgency=low

  * Add a huge bunch of lintian overrides for the guile stuff to make dak
    happy.

gnutls26 (2.8.5-1) unstable; urgency=low

  * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
  * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
    orig.tar.bz2 without repacking it to gz.
  * New upstream version.
    + Drop patches/20_fixtimebomb.diff.

gnutls26 (2.8.4-2) unstable; urgency=high

  * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

gnutls26 (2.8.4-1) unstable; urgency=low

  * New upstream version.
    + Drop debian/patches/15_openpgp.diff.
  * Sync priorities with override file, libgnutls26 has been bumped from
    important to standard.

gnutls26 (2.8.3-3) unstable; urgency=low

  * Empty dependency_libs in la-files. (Squeeze release goal.)

gnutls26 (2.8.3-2) unstable; urgency=low

  * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
    openpgp connections.

gnutls26 (2.8.3-1) unstable; urgency=high

  * New upstream version.
    + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
      was built against. Closes: #540449
    + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
      certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
      http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
  * Drop 15_chainverify_expiredcert.diff, included upstream.
  * Urgency high, since 541439 applies to testing, too.

gnutls26 (2.8.1-2) unstable; urgency=low

  [ Simon Josefsson ]
  * Remove cruft in rules file.
  * Remove patches/15_tasn1inpc.diff, not needed.

  [ Andreas Metzler ]
  * Finally add an entry to the NEWS.Debian file concerning the deprecation of
    RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
  * Upload to unstable.
  * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
    Fix testsuite error caused by expired certificate.

gnutls26 (2.8.1-1) experimental; urgency=low

  * New upstream stable release.

gnutls26 (2.7.14-1) experimental; urgency=low

  * [debian/control] set section setting of source package to libs instead of
    devel.
  * New upstream version.
    + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
    + Bump shlibs, new symbols added.

gnutls26 (2.7.12-1) experimental; urgency=low

  * Fix typo in changelog. Closes: #526427
  * New upstream release.
    + Does not ship the scripts libgnutls-extra-config and libgnutls-config
      and the .m4 snippet to use it anymore. Please switch to pkg-config or
      standard autoconf test. Drop manpages and
      both patches/13_lessdeps_gnutls-config.diff and
      patches/13_lessdeps_gnutls-config.diff from the debian diff.
    + Update remaining patches.
    + Bump shlibs, new symbols added.
  * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
    already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
    GNUTLS_2_8.
  * New upstream uses separate ./configure scripts for the different
    libraries. Invoke the main ./configure script with
    --cache-file=$(CURDIR)/config.cache to speed things up.

gnutls26 (2.6.6-1) unstable; urgency=high

  * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
    way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
  * New upstream security release.
    + libgnutls: Corrected double free on signature verification failure.
      GNUTLS-SA-2009-1 CVE-2009-1415
    + libgnutls: Fix DSA key generation. Noticed when investigating the
      previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
      2.6.x are corrupt.  See the advisory for more details.
      GNUTLS-SA-2009-2 CVE-2009-1416
    + libgnutls: Check expiration/activation time on untrusted certificates.
      Before the library did not check activation/expiration times on
      certificates, and was documented as not doing so.
      GNUTLS-SA-2009-3 CVE-2009-1417
   * The former two issues only apply to gnutls 2.6.x. The latter is a
     behavior change, add a NEWS.Debian file to document it.

gnutls26 (2.6.5-1) unstable; urgency=low

  * Sync sections in debian/control with override file. libgnutls26-dbg is
    section debug, guile-gnutls is section lisp.
  * New upstream version. (Needed for Libtasn1-3 2.0)
  * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
  * Standards-Version: 3.8.1, no changes required.

gnutls26 (2.6.4-2) unstable; urgency=low

  * Upload to unstable.
  * Merge changelog entries from unstable and experimental.

gnutls26 (2.6.4-1) experimental; urgency=low

  * New upstream version.

gnutls26 (2.6.3-1) experimental; urgency=low

  * New upstream version.
    + Corrects bug gnutls-cli which caused a rehandshake request
      to be ignored. Closes: #396867
  * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)

gnutls26 (2.6.2-2) experimental; urgency=low
 
  * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
    correct certificate chains were not recognized as verified.
    Closes: #507633
  * [lintian] Add ${misc:Depends} to multiple dendency lines.

gnutls26 (2.6.2-1) experimental; urgency=low

  * New upstream version.
    + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
    + Drop 20_fix_501077.diff.
  * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
    there.
  * Add Simon Josefsson to uploaders.

gnutls26 (2.6.0-1) experimental; urgency=low

  * New upstream stable release.
  * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
    gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077

gnutls26 (2.5.9-1) experimental; urgency=low

  * New upstream development version.
  * Bump shlibs.

gnutls26 (2.4.2-6) unstable; urgency=medium

  * New patches, syncing with 2.4.3 upstream oldstable release:
    + 24_intermedcertificate.patch If a non-root certificate ist trusted
      gnutls certificateificate verification stops there instead of checking
      up to the root of the certificate chain.
    + 22_whitespace.patch - Whitespace only changes, to make it possible to
      apply upstream fixes without manual changes. 
    + 25_bufferoverrun.patch. Fix buffer overrun bug in
      gnutls_x509_crt_list_import.
      http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e

gnutls26 (2.4.2-5) unstable; urgency=low

  * Pull two patches from upstream stable branch to make gnutls behavior
    match documentation:
   + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
     certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
     GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
   + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
     certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
     GNUTLS_CERT_INSECURE_ALGORITHM verification output.
     CVE-2009-2409

gnutls26 (2.4.2-4) unstable; urgency=medium

  * Add Simon Josefsson to uploaders.
  * Another fix for the verification fix. Some correct certificate chains were
    not recognized as verified. Closes: #507633

gnutls26 (2.4.2-3) unstable; urgency=low

  * Fix a crash on trying to verify self-signed certificates introduced by the
    patch for CVE-2008-4989. Closes: #505279

gnutls26 (2.4.2-2) unstable; urgency=medium

  * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
    verification. CVE-2008-4989 GNUTLS-SA-2008-3

gnutls26 (2.4.2-1) unstable; urgency=low

  * New upstream bugfix release.
  * Up to date gnutls-cli manpage. Closes: #492775

gnutls26 (2.4.1-1) unstable; urgency=medium

  * New upstream version, fixing a local denial of service vulnerability only
    present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377

gnutls26 (2.4.0-2) unstable; urgency=low

  * Standards version 3.8.0. Rename README.source_and_patches to README.source.
  * Upload to unstable.
  * Point watchfile to stable releases again.
  * Merge experimental and unstable changelog.

gnutls26 (2.4.0-1) experimental; urgency=low

  * New upstream stable release.
  * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.

gnutls26 (2.3.15-1) experimental; urgency=low

  * New upstream version. (rc4)
    Disables 'openpgp-certs' tests. Closes: #486269

gnutls26 (2.3.14-1) experimental; urgency=low

  * New upstream version. (rc3)

gnutls26 (2.3.13-1) experimental; urgency=low

  * New upstream version. 2nd rc for 2.4.0.
  * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.

gnutls26 (2.3.12-1) experimental; urgency=low

  * New upstream version. Bump shlibs.
  * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
  * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
    failure on sparc.

gnutls26 (2.3.11-1) experimental; urgency=low

  * New upstream version.
    + Fixes three security vulnerabilities.
      [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
      <http://www.gnu.org/software/gnutls/security.html>.
      CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    + Fixes subjectAltName wildcard matching. Closes: #479174
    + certtool now writes keyfiles with 0600 permissions. Closes: #373169

gnutls26 (2.2.5-1) unstable; urgency=high

  * New upstream version.
    Fixes three security vulnerabilities.
    [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
    <http://www.gnu.org/software/gnutls/security.html>.
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1

gnutls26 (2.3.9-1) experimental; urgency=low

  * New upstream development version.
    - OpenPGP support merged into libgnutls and is now licensed under LGPL.
      The included copy of OpenCDK has been stripped down and re-licensed
      under the LGPL. Using the external OpenCDK is not supported anymore, the
      external library will not be maintained anymore. Drop respective
      (build-)depends.
    - API extended, bump shlibs.
    - certtool asks for password confirmation. Closes: #364287
    - performance enhancements for gnutls_certificate_set_x509_trust_file.
      Closes: #400448
    - gnutls-cli: exits when hostname doesn't match certificate.
      Use --insecure to avoid hostname comparison.
  * For paranoia sake build with -D_REENTRANT even if upstream has stopped
    doing so.
  * [debian/copyright] : update, and stop including a GFDL copy.
  * Point watchfile to development versions.

gnutls26 (2.2.3-1) unstable; urgency=low

  * New upstream stable release.
    - --priority is documented in gnutls-cli(1) manpage. Closes: #467051

gnutls26 (2.2.3~rc-1) unstable; urgency=low

  * New upstream version. Release candidate for 2.2.3.
    + Increase default handshake packet size limit to 48kb. Closes: #478191
  * remove unsupported .l command from debian/libgnutls-config.1
  * Use Programming/C as doc-base section.

gnutls26 (2.2.2-1) unstable; urgency=low

  * New upstream version.
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
    strings and return the proper size.
    corrected string handling in parse_general_name.
    Closes: #465197
  * Point watchfile to ftp.gnutls.org.
  * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.

gnutls26 (2.2.1-3) unstable; urgency=low

  * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
    gnutls guile wrapper on ia64.

gnutls26 (2.2.1-2) unstable; urgency=low

  * Add Vcs-Svn: and Vcs-Browser control fields.
  * Upload to unstable.

gnutls26 (2.2.1-1) experimental; urgency=low

  * New upstream version.
  * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
    there.
  * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
    packages contain gnutls-bin debugging symbols. Closes: #459295.

gnutls26 (2.2.0-1) experimental; urgency=low

  * New upstream version.
    License change! Main library stays LGPLv2.1+ but libgnutls-extra,
    libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
    updated.
  * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
    versions were GPLv2+) and this license is not compatible with GPLv3+.
  * Non packaged 2.1.8 introduced new symbol
    gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
  * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
  * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
    DSA2 support. Closes: #455513
  * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.

gnutls26 (2.1.7-1) experimental; urgency=low

  * New upstream version.
    - Another soname bump. Packages renamed.
  * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
    dak does not allow that yet.
  * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
    libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035

gnutls25 (2.1.6-2) experimental; urgency=low

  * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
    experimental buildds happy.

gnutls25 (2.1.6-1) experimental; urgency=low

  * New upstream version. API changes! Please consult
    /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
    removed (mainly *_authz_*) and changed interfaces.
    This is the first release canddate for 2.2. The deprecation of
    gnutls_set_default_priority() is supposed to be undone before the final
    stable release.
  * Bump build-depends.
  * Stop building and shipping the C++ library, since nobody is using it. I
    will happly re-add it if requested.
  * Add Homepage field to debian/control.
  * Build and ship Guile bindings. Requested by Ludovic Courtès who also
    provided the initial patch. (On a sidenote I think guile generally does
    not do the right thing by throwing dlopened modules into /usr/lib/.)
  * Update debian/copyright.

gnutls13 (2.0.1-1) unstable; urgency=low

  * New upstream version.
  * Remove doc/*.info* on clean to allow building thrice in a row.
    (Closes: #441740)

gnutls13 (1.7.19-1) unstable; urgency=low

  * New upstream version 1.7.19.
    - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
      This takes of care of the mutt breakage. Closes: #439640

gnutls13 (1.7.18-2) unstable; urgency=low

  * Upload to unstable

gnutls13 (1.7.18-1) experimental; urgency=low

  * New upstream version 1.7.18, release candidate for 2.0.
  * Bump shlibs, since functions have been added.
  * Image files renamed upstream with gnutls- prefix and symlinked to
    /usr/share/info/ in Debian package. Closes: #423577

gnutls13 (1.7.16-1) experimental; urgency=low

  * New upstream version 1.7.16.

gnutls13 (1.7.14-1) experimental; urgency=low

  * New upstream version
    - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183

gnutls13 (1.7.12-1) experimental; urgency=low

  * New upstream version 1.7.12
    - Fixes memory errors in certificate parsing. Closes: #333050
  * Bump shlibs, due to API extensions in 1.7.10.
  * Rebuilding of docs simpified, strip debian/README.source_and_patches to
    reflect that.

gnutls13 (1.7.9-1) experimental; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
  * New upstream version.
    - Uses opencdk10 (0.6.x).
    - Improved gnutls_set_default_priority() priorities, with matching correct
      docs. (Closes: #422024)
    - bumped shlibs.
  * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
    twice in a row on the same sourcetree. (Closes: #424357) Document what is
    needed to rebuild doc/gnutls.pdf in README.source_and_patches.

gnutls13 (1.7.7-1) experimental; urgency=low

  * New development upstream version 1.7.7.
    - Point watchfile to development versions.
    - Bump shlibs for added APIs.
    - Includes German translation. (Closes: #392857)

gnutls13 (1.6.3-1) unstable; urgency=low

  * New upstream version, pulling selected fixes and features from 1.7.x.
  * Bump shlibs.

gnutls13 (1.6.2-2) unstable; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)

gnutls13 (1.6.2-1) unstable; urgency=low

  * New upstream version
    - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
      certificates, since it contains a regenerated pkix_asn1_tab.c.
    - Ship German translation. Closes: #392857

gnutls13 (1.6.1-2) unstable; urgency=low

  * [gnutls-bin.install] Ship psktool.
  * Ship gettext translations in deb package, but as gnutls13.mo instead of
    gnutls.mo.
  * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
    changelog entries after branchoff. Point watchfile to stable upstream
    versions again.
  * Drop dependency of libgnutls13-dbg on libgnutlsxx13.

gnutls13 (1.6.1-1) experimental; urgency=low

  [ James Westby ]
  * New upstream release.

gnutls13 (1.6.0-1) experimental; urgency=low

  * New upstream version.

gnutls13 (1.5.3-1) experimental; urgency=low

  [ Andreas Metzler ]
  * Fix debian/copyright.
    - Do not use "copyright" as title of a paragraph listing licenses.
      (Closes: #290194)
    - Add a copy of the FDL 1.2 to debian/copyright.
  * New upstream version 1.5.3.
  * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
  * Drop code for re-libtoolizing and running auto* from debian/rules, it is
    unused and would not work anymore. (We can later grab the from SVN and
    update it to make work if we ever need it.)

gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low

  [ Andreas Metzler ]
  * Add a watchfile.
  * New upstream development version.
    - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
    - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
      broken.
    - Drop unneeded patches/16_libs.private_gnutls.diff
      patches/16_libs.private_gnutls-extra.diff
    - Point watchfile to development versions.
    - Builds a C++ library.
  * Switch to debhelper v5 mode to be able to ship debug symbols of
    libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
  * Branched off from 1.4.4-1.

gnutls13 (1.4.4-3) unstable; urgency=low

  * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
       When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
       version, try to negotiate the highest version support by the GnuTLS
       server, instead of the lowest.

gnutls13 (1.4.4-2) unstable; urgency=low

  [ Andreas Metzler ]
  * Add a watchfile.
  * Fix debian/copyright.
    - Do not use "copyright" as title of a paragraph listing licenses.
      (Closes: #290194)
    - Add a copy of the FDL 1.2 to debian/copyright.

gnutls13 (1.4.4-1) unstable; urgency=high

  [ Andreas Metzler ]
  * New upstream version 1.4.4
    - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
      crash mutt. (closes: #386725)
      GNUTLS-SA-2006-4 is CVE-2006-4790.

gnutls13 (1.4.3-2) unstable; urgency=low

  * the lesser of two weevils release.
  [ Andreas Metzler ]
  * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
    various programs, including mutt. (closes: #386680)

gnutls13 (1.4.3-1) unstable; urgency=high

  [ Andreas Metzler ]
  * New upstream version 1.4.3.
    - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
      rump session attack. GNUTLS-SA-2006-4
    - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
      GNUTLS-SA-2006-3
    - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.

gnutls13 (1.4.2-1) unstable; urgency=medium

  [ Andreas Metzler ]
  * New upstream bugfix release.
    - Fixes a crash in the certificate verification logic.

gnutls13 (1.4.1-1) unstable; urgency=low

  [ James Westby ]
  * New upstream release.
  * Remove the following patches as they are now included upstream:
    - 10_certtoolmanpage.diff
    - 15_fixcompilewarning.diff
    - 30_man_hyphen_*.patch
  * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
    gnutls-api so that devhelp can find it.

gnutls13 (1.4.0-3) unstable; urgency=low

  [ Andreas Metzler ]
  * Strip "libgnutls-config --libs"' output to only list stuff required for
    dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
    README.Debian.
  * Pull patches/16_libs.private_gnutls.diff and
    debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
    pkg-config usable for static linking.

gnutls13 (1.4.0-2) unstable; urgency=low

  [ Andreas Metzler ]
  * Set maintainer to alioth mailinglist.
  * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
    handles this. Build-Depend on autotools-dev.
  * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
  * Use cdbs' simple-patchsys.mk.
    - add debian/README.source_and_patches
    - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
  * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
  * Also ship css-, devhelp- and sgml files in gnutls-doc.
  * patches/15_fixcompilewarning.diff correct order of funtion arguments.

  [ James Westby ]
  * This release allows the port to be specified as the name of the service
    when using gnutls-cli (closes: #342891)

gnutls13 (1.4.0-1) experimental; urgency=low

  * New maintainer team. Thanks, Matthias for all the work you did.
  * Re-add gnutls-doc package, featuring api-reference as manual pages and
    html, and reference manual in html and pdf format.
    (closes: #368185,#368449)
  * Fix reference to gnutls0.4-doc package in debian/copyright. Update
    debian/copyright and include actual copyright statements.
    (closes: #369071)
  * Bump shlibs because of changes to extra.h
  * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
    generate the necessary directories.
  * Drop debian/NEWS.Debian as it only talks about the move of the (since
    purged) gnutls-doc package to contrib a long time ago.
    (Thanks Simon Josefsson, for these suggestions.)
  * new upstream version. (closes: #368323)
  * clean packaging against upstream tarball.
    - Drop all patches, except for fixing error in certtool.1 and setting
      gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
    - Add  --enable-ld-version-script
      to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
      patching ./configure.in.
    (closes: #367358)
  * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
  * Build against external libtasn1-3. (closes: #363294)
  * Standards-Version: 3.7.2, no changes required.
  * debian/control and override file are in sync with respect to Priority and
    Section, everthing except libgnutls13-dbg already was. (closes: #366956)
  * acknowledge my own NMU. (closes: #367065)
  * libgnutls13-dbg is nonempty (closes: #367056)

gnutls13 (1.3.5-1.1) unstable; urgency=low

  * NMU
  * Invoke ./configure with --with-included-libtasn1 to prevent accidental
    linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
    contained libtasn1.so.3 and force gnutls13 to use the internal version of
    libtasn instead until libtasn1-3-dev is uploaded. Drop broken
    Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
  * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
    of --dbg-package=libgnutls12. (closes: #367056)

gnutls13 (1.3.5-1) unstable; urgency=low

  * New Upstream version.
    - Security fix.
    - Yet another ABI change.
  * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
  * Let -dev package depend on liblzo-dev (closes:#347438)
  * Fix certtool help output (closes:#338623)

gnutls12 (1.2.9-2) unstable; urgency=low

  * Install /usr/lib/pkgconfig/*.pc files.
  * Depend on texinfo (>= 4.8, for the @euro{} sign).

gnutls12 (1.2.9-1) unstable; urgency=low

  * New Upstream version.

gnutls12 (1.2.8-1) unstable; urgency=low

  * New Upstream version.
    - depends on libgcrypt11 1.2.2
  * Bumped shlibs version, just to be on the safe side.

gnutls12 (1.2.6-1) unstable; urgency=low

  * New Upstream version.
  * Remove Provides: on libgnutls11-dev.
    Hopefully this will be temporary (pending discussion with Upstream).

gnutls12 (1.2.5-3) unstable; urgency=high

  * Updated libgnutls12.shlibs file.
    Thanks to Mike Paul <email address hidden>.
    Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                  dependencies on this library

gnutls12 (1.2.5-2) unstable; urgency=medium

  * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
    Added an explicit dependency as a stopgap fix.

gnutls12 (1.2.5-1) unstable; urgency=low

  * Merged with the latest stable release.
  * Renamed to gnutls12.
    - Changed the library version strings to GNUTLS_1_2.
    - Renamed the development package back to "libgnutls-dev".

gnutls11 (1.0.19-1) experimental; urgency=low

  * Merged with the latest stable release.

gnutls11 (1.0.16-13) unstable; urgency=high

  * Fixed an ASN.1 extraction error.
    Found by Pelle Johansson <email address hidden>.

gnutls11 (1.0.16-12) unstable; urgency=high

  * Fixed a segfault in certtool. Closes: #278361.

gnutls11 (1.0.16-11) unstable; urgency=medium

  * Merged binary (non-UF8) string printing code from Upstream.
  * Password code in certtool was somewhat broken.

gnutls11 (1.0.16-10) unstable; urgency=high

  * Fixed one instance of uninitialized memory usage.

gnutls11 (1.0.16-9) unstable; urgency=high

  * Pulled from Upstream CVS:
    - Fix two memory leaks.
    - Fix NULL dereference.

gnutls11 (1.0.16-8) unstable; urgency=high

  * Pulled these changes from Upstream CVS:
    - Added default limits in the verification of certificate chains,
      to avoid denial of service attacks.
    - Added gnutls_certificate_set_verify_limits() to override them.
    - Added gnutls_certificate_verify_peers2().

gnutls11 (1.0.16-7) unstable; urgency=low

  * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
    Thanks to <email address hidden> for reporting this problem.

gnutls11 (1.0.16-6) unstable; urgency=medium

  * Memory leak, found by Modestas Vainius <email address hidden>.
    - Closes: #264420

gnutls11 (1.0.16-5) unstable; urgency=low

  * Depend on current libtasn1-2 (>= 0.2.10).
    - Closes: #264198.
  * Fixed maintainer email to point to Debian address.

gnutls11 (1.0.16-4) unstable; urgency=low

  * The OpenSSL compatibility library has been linked incorrectly
    (-ltasn1 was missing).
  * Need to build-depend on current opencdk8 and libtasn1-2 version.

gnutls11 (1.0.16-3) unstable; urgency=high

  * Documentation no longer includes LaTeX-produced output
    (the source contains latex2html-specific features, which is non-free).
  * Urgency: High because of pending base freeze.

gnutls11 (1.0.16-2) unstable; urgency=high

  * Actually *enable* debug symbols :-/
  * Urgency: High for speedy inclusion in d-i

gnutls11 (1.0.16-1) experimental; urgency=low

  * Update to latest Upstream version.
  * now depends on libgcrypt11
  * Include debugging package
  * Use hevea, not latex2html.

gnutls10 (1.0.4-4) unstable; urgency=low

  * New maintainer.
  * Run autotools at source package build time.
    - Closes: #257237: FTBFS (i386/sid): aclocal failed
  * Remove "package is still changed upstream" warning.
  * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.

gnutls10 (1.0.4-3) unstable; urgency=low

  * control: Changed the build dependency and the dependency of
    libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
    libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
    could cause linking against two versions of libgcrypt.

gnutls10 (1.0.4-2) unstable; urgency=low

  * libgnutls-doc.doc-base: Removed HTML manual listing.
  * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
    Jordi :)

gnutls10 (1.0.4-1) unstable; urgency=low

  * New upstream release  (Closes: #227527)
      * The new documentation in libgnutls-doc fixes several typo's and
        style glitches:  
        Closes: #215772: inconsistent auth method list in manual
        Closes: #215775: dangling footnote on page 14 of manual
        Closes: #215777: bad sentence on page 18 of manual
        Closes: #215780: incorrect info about ldaps/imaps in manual
  * rules:
      * Use --add-missing instead of --force in the call to automake.
      * Don't build gnutls.ps, use the upstream version.
        (Closes: #224846)
  * gnutls-bin.manpages: Use glob to find manpages.
  * patches/008_manpages.diff: Removed; included upstream.

gnutls10 (1.0.0-1) unstable; urgency=low

  * New upstream release.
  * Major soversion changed to 10.
  * control: Changed build dependencies of libtasn1-dev.
  * libgnutls10.shlibs: Added libgnutls-openssl to the list.

gnutls8 (0.9.99-1) experimental; urgency=low

  * New upstream release.
  * Included upstream GPG signature in .orig.tar.gz.

gnutls8 (0.9.98-1) experimental; urgency=low

  * New upstream release.
  * debian/control: libgnutls8-dev depends on libopencdk8-dev.
  * debian/libgnutls-doc.examples: Install src/*.[ch].

gnutls8 (0.9.95-1) experimental; urgency=low

  * New upstream version.

gnutls8 (0.9.94-1) experimental; urgency=low

  * New upstream version; package based on gnutls7 0.8.12-2.
  * debian/control:
      * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
  * debian/rules: Run auto* after the patches have been applied.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  03 Jan 2012 15:09:20 +0000