gnutls28 3.3.15-2ubuntu1 source package in Ubuntu

Changelog

gnutls28 (3.3.15-2ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Make gnutls28 default.
  * Dropped patches included in new version:
    - debian/patches/CVE-2015-0294.patch
    - debian/patches/CVE-2014-8564.patch

gnutls28 (3.3.15-2) unstable; urgency=medium

  * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
    fixing a testsuite error on kfreebsd-*.

gnutls28 (3.3.15-1) unstable; urgency=medium

  * New upstream stable release.
    + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].

gnutls28 (3.3.14-2) unstable; urgency=medium

  * Upload to unstable.
  * Sync version of Depends and Build-Depends on libtasn1-6-dev.

gnutls28 (3.3.14-1) experimental; urgency=medium

  * New upstream version.
    + Bump libtasn b-d to >= 4.3.

gnutls28 (3.3.13-1) experimental; urgency=medium

  * New upstream version.
    + Includes fix for CVE-2015-0294, a certificate algorithm consistency
      checking issue.

gnutls28 (3.3.12-1) experimental; urgency=medium

  * New upstream version.
    + gnutls-cli-debug STARTTLS is working. Closes: #467022

gnutls28 (3.3.11-1) experimental; urgency=medium

  * New upstream version.
    + Includes fix for OCSP response parsing issue. Closes: #772055

gnutls28 (3.3.10-2) experimental; urgency=medium

  * Remove SSL 3.0 from default priorities list.
    Closes: #769904

gnutls28 (3.3.10-1) experimental; urgency=medium

  * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
    manpages.
  * New upstream version.
    + Includes fix for a denial of service issue CVE-2014-8564 /
      GNUTLS-SA-2014-5.
    + When gnutls_global_init() is called for a second time, it will check
      whether the /dev/urandom fd kept is still open and matches the original
      one. That behavior works around issues with servers that close all file
      descriptors. This should take care of #760476.

gnutls28 (3.3.9-1) experimental; urgency=medium

  * New upstream version.
    + Unfuzz 20_debian_specific_soname.diff.
    + Drop 31_fallback_to_RUSAGE_SELF.diff.
    + Bump private symbol dependency info.
    + Bump dependency version of gnutls_certificate_get_issuer() and
      gnutls_x509_trust_list_get_issuer() because of newly added
      GNUTLS_TL_GET_COPY flag.

gnutls28 (3.3.8-7) unstable; urgency=medium

  * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
    Pull two patches from upstream to a use-after-free flaw in
    gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
    Closes: #782776

gnutls28 (3.3.8-6) unstable; urgency=medium

  * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
    6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
    certificate import check whether the two signature algorithms match.
    CVE-2015-0294. Closes: #779428

gnutls28 (3.3.8-5) unstable; urgency=medium

  * Remove SSL 3.0 from default priorities list.
    Closes: #769904

gnutls28 (3.3.8-4) unstable; urgency=high

  * Drop 31_fallback_to_RUSAGE_SELF.diff.
  * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
    from the application check the urandom fd for validity. Closes: #768841
    and takes care of #760476.
  * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
    session deinit. It is already being refreshed during the session lifetime.
  * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
    format, perform additional sanity checks on input.
    CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
  * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
    uses a cert in binary der-format which is not representable in a quilt
    patches and we want to limit debian.tar.xz to modify stuff in debian/ we
    have some special handling in debian/rules.)

 -- Marc Deslauriers <email address hidden>  Thu, 21 May 2015 08:47:19 -0400