gnutls28 3.5.8-5ubuntu1 source package in Ubuntu

Changelog

gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium

  * Merge with Debian. Remaining changes:
    - debian/patches/disable_global_init_override_test.patch: disable
      failing test.
    - debian/patches/add-openssl-test-link.patch: add link for libssl

gnutls28 (3.5.8-5) unstable; urgency=medium

  * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
    in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
  * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
    Addressed large allocation in OpenPGP certificate parsing, that could lead
    in out-of-memory condition. Issue found using oss-fuzz project, and was
    fixed by Alex Gaynor.
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
    [GNUTLS-SA-2017-3C]

gnutls28 (3.5.8-4) unstable; urgency=medium

  * More upstream fixes from gnutls_3_5_x branch:
    + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
      overflow resulting to invalid memory write in OpenPGP certificate
      parsing.  Issue found using oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
      [GNUTLS-SA-2017-3A]
    + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
      1 byte past the end of buffer in OpenPGP certificate parsing. Issue
      found using oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
    + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
      Addressed crashes in OpenPGP certificate parsing, related to private key
      parser. No longer allow OpenPGP certificates (public keys) to contain
      private key sub-packets. Issue found using oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
      [GNUTLS-SA-2017-3B]

gnutls28 (3.5.8-3) unstable; urgency=high

  * Another two bugfixes from upstream.
   + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
     Address test suite failure due to timezone differences.
     Closes: #853732
   + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
     When returning success, but no elements
     gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
     elements with a pointer that was uninitialized.

gnutls28 (3.5.8-2) unstable; urgency=medium

  * Pull two fixes from upstream GIT gnutls_3_5_x branch
    35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
    35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.

gnutls28 (3.5.8-1) unstable; urgency=medium

  * New upstream release.
  * Upload to unstable.

gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium

  * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
    upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
    tests/key-tests/key-invalid.)
    + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
      35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
    + libgnutls: Fix double free in certificate information printing. If the
      PKIX extension proxy was set with a policy language set but no policy
      specified, that could lead to a double free. GNUTLS-SA-2017-1
      CVE-2017-5334
    + libgnutls: Addressed invalid memory accesses in OpenPGP certificate
      parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
      CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337

gnutls28 (3.5.7-3) unstable; urgency=medium

  * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
    35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
    upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
    by PKCS#8 decryption functions when an invalid key is provided. This
    addresses regression on decrypting certain PKCS#8 keys.
    Closes: #848905

gnutls28 (3.5.7-2) unstable; urgency=medium

  * Upload to unstable.

gnutls28 (3.5.7-1) experimental; urgency=low

  * New upstream version.
  * Drop unneeded patches.
    40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
    40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
    41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
    41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
    41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
    41_04_cleanups-in-_gnutls_buffer_to_datum.patch
    41_05_x509-output-use-the-new-functions-for-DN-output.patch
    41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
    41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
  * Add missing dependency of libgnutls28-dev on libgnutls-dane0.
  * Update symbol file. (Add new symbols, bump dependency on functions that
    might return new error codes.)
  * Build with --with-included-unistring, Debian's libunistring package is
    too old (non dual-licensed).

gnutls28 (3.5.6-7) unstable; urgency=low

  * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
    for dns-root-data to libgnutls-dane0.
  * Upload to unstable.

gnutls28 (3.5.6-6) experimental; urgency=medium

  * Pull a patch set from upstream GIT which reverts the DN sorting change in
    3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
    Closes: #844539
    41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
    41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
    41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
    41_04_cleanups-in-_gnutls_buffer_to_datum.patch
    41_05_x509-output-use-the-new-functions-for-DN-output.patch
    41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
    41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
  * Update symbol file.

gnutls28 (3.5.6-5) experimental; urgency=low

  * Merge changes from unstable.

 -- Marc Deslauriers <email address hidden>  Wed, 03 May 2017 10:00:32 -0400