[Pkg-gnutls-commits] r1763 - /packages/gnutls26/trunk/debian/changelog

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Thu May 9 12:06:39 UTC 2013 

Author: ametzler
Date: Thu May  9 12:06:38 2013
New Revision: 1763

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1763
Log:
Upload to unstable, 2.12.20 FTBFS with libc 2.17 due to removal of gets.
Import 2.12.20-* changelog entries.

Modified:
    packages/gnutls26/trunk/debian/changelog

Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=1763&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Thu May  9 12:06:38 2013
@@ -1,8 +1,9 @@
-gnutls26 (2.12.23-3) UNRELEASED; urgency=low
-
-  * UNRELEASED
-
- -- Andreas Metzler <ametzler at debian.org>  Mon, 06 May 2013 19:20:26 +0200
+gnutls26 (2.12.23-3) unstable; urgency=low
+
+  * Upload to unstable, 2.12.20 FTBFS with libc 2.17 due to removal of gets.
+  * Import 2.12.20-* changelog entries.
+
+ -- Andreas Metzler <ametzler at debian.org>  Thu, 09 May 2013 13:50:33 +0200
 
 gnutls26 (2.12.23-2) experimental; urgency=low
 
@@ -55,6 +56,54 @@
     + Works with libtasn1 3.0, requires at least libtasn1 2.14. Bump b-d.
 
  -- Andreas Metzler <ametzler at debian.org>  Sat, 10 Nov 2012 19:05:36 +0100
+
+gnutls26 (2.12.20-6) unstable; urgency=low
+
+  * For wheezy build gnutls-bin and guile-gnutls from this source package 
+    rather than from gnutls28. gnutls28 is a leaf-package in wheezy. Not
+    shipping would mean a lot less work for the security team if there was a
+    GnuTLS vulnerability. If wanted, it can be re-introduced via backports.
+    The versioning trick has been copied from Ubuntu.
+  * Since guile support would require building with --disable-largefile on
+    armel armhf mipsel we do not provide the package there.
+
+ -- Andreas Metzler <ametzler at debian.org>  Thu, 04 Apr 2013 18:34:25 +0200
+
+gnutls26 (2.12.20-5) unstable; urgency=low
+
+  * Testbuild gnutls guile bindings, binary packages unchanged.
+
+ -- Andreas Metzler <ametzler at debian.org>  Fri, 22 Mar 2013 18:58:28 +0100
+
+gnutls26 (2.12.20-4) unstable; urgency=high
+
+  * Pull fixes from 2.12.23:
+    + 34_pkcs11_memleak.diff Eliminated memory leak in PCKS #11
+      initialization.
+    + 35_TLS-CBC_timing-attack.diff (GNUTLS-SA-2013-1) TLS CBC padding timing
+      attack. CVE-2013-0169 CVE-2013-1619
+
+ -- Andreas Metzler <ametzler at debian.org>  Mon, 04 Feb 2013 19:35:29 +0100
+
+gnutls26 (2.12.20-3) unstable; urgency=low
+
+  * Pull fixes from 2.12.22:
+    +31_allow_key_usage_violation.diff: Always tolerate key usage violation
+     errors from the side of the peer, but also notify via an audit message.
+    +32_record-padding-parsing.patch: Fix record padding parsing issue.
+    +33_stricter_rsa_pkcs_1.5.diff: Fixes random handshake failures with
+     non-GnuTLS implementations.
+    This brings us up to GnuTLS 2.12.22, except for these differences:
+    - The equivalent change of 33_stricter_rsa_pkcs_1.5.diff for the nettle
+      code is not included as it is not relevant for Debian's binary packages.
+    - 0b9d8d6f21dad85038c6de36d8fbd56271263f64 Corrected bug in PGP subpacket
+      encoding.
+    - Compatibility with libtasn1 3.x, which would require libtasn1 >=2.14.
+    - Updated gnulib.
+  * Update watchfile, based on Bart Martens version from q.d.o, but use a)
+    ftp.gnutls.org as mirror and b) limit the the match to 2.x versions.
+
+ -- Andreas Metzler <ametzler at debian.org>  Sun, 06 Jan 2013 10:56:57 +0100
 
 gnutls26 (2.12.20-2) unstable; urgency=low

More information about the Pkg-gnutls-commits mailing list