debian/0000775000000000000000000000000012305152007007163 5ustar debian/control0000664000000000000000000001726712303600173010603 0ustar Source: gnutls26 Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian GnuTLS Maintainers Uploaders: Andreas Metzler , Eric Dorland , James Westby , Simon Josefsson Build-Depends: debhelper (>= 9), libgcrypt11-dev (>= 1.4.0), zlib1g-dev, cdbs (>= 0.4.93), gtk-doc-tools, texinfo (>= 4.8), libtasn1-6-dev, autotools-dev, datefudge, libp11-kit-dev (>= 0.11) [!or1k], pkg-config, chrpath Build-Conflicts: libgnutls-dev Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/pkg-gnutls/gnutls.git -b gnutls26-master Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnutls/gnutls.git;a=shortlog;h=refs/heads/gnutls26-master Homepage: http://www.gnutls.org/ Package: libgnutls-dev Section: libdevel Architecture: any Provides: gnutls-dev, libgnutls-openssl-dev Depends: libgnutls26 (= ${binary:Version}), libgnutlsxx27 (= ${binary:Version}),libgnutls-openssl27 (= ${binary:Version}), libgcrypt11-dev (>= 1.4.0), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev, libp11-kit-dev (>= 0.4) [!or1k], ${misc:Depends} Suggests: gnutls26-doc, gnutls-bin Conflicts: gnutls-dev Replaces: gnutls-dev Description: GNU TLS library - development files GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the GnuTLS development files. Package: libgnutls26 Priority: standard Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: gnutls0, gnutls3, gnutls0.4 Conflicts: gnutls0, gnutls0.4 Pre-Depends: ${misc:Pre-Depends} # libsoup* Bug 587755. - This could be removed after a libgnutls soname bump. # The others are using the gnutls openssl wrapper. Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1), ccbuild (<= 2.0.1-1), csync2 (<= 1.34-2.2), freewheeling (<= 0.6-1.1), gkrellm (<= 2.3.4-1), macopix-gtk2 (<= 1.7.4-3), pokerth (<= 0.8.3-3+b1), pokerth-server (<= 0.8.3-3+b1), sipsak (<= 0.9.6-2.1), slrn (<= 1.0.0~pre18-1.1), slrnpull (<= 1.0.0~pre18-1.1), snowdrop (<= 0.02b-9), ssmtp (<= 2.64-4), tf5 (<= 5.0beta8-4), wput (<= 0.6.2-2), zoneminder (<= 1.24.4-1) Suggests: gnutls-bin Multi-Arch: same Description: GNU TLS library - runtime library GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the runtime libraries. Package: libgnutls26-dbg Priority: extra Architecture: any Section: debug Depends: libgnutls26 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} Conflicts: libgnutls13-dbg, libgnutls28-dbg Multi-Arch: same Description: GNU TLS library - debugger symbols GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . This package contains the debugger symbols and commandline utilities. Package: gnutls-bin Architecture: any Section: net Depends: ${shlibs:Depends}, ${misc:Depends} Multi-Arch: foreign Description: GNU TLS library - commandline utilities GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains a commandline interface to the GNU TLS library, which can be used to set up secure connections from e.g. shell scripts, debugging connection issues or managing certificates. Package: gnutls26-doc Architecture: all Section: doc Depends: ${misc:Depends} Multi-Arch: foreign Description: GNU TLS library 2.x - documentation and examples GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the documentation for the GnuTLS 2.x legacy version. Package: libgnutlsxx27 Priority: extra Architecture: any Depends: libgnutls26 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: GNU TLS library - C++ runtime library GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the C++ runtime libraries. Package: libgnutls-openssl27 Priority: standard Architecture: any Depends: libgnutls26 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: GNU TLS library - OpenSSL wrapper GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the runtime library of the GnuTLS OpenSSL wrapper. debian/gnutls26-doc.docs0000664000000000000000000000001712246674133012277 0ustar doc/gnutls.pdf debian/README.source0000664000000000000000000000020612246673460011357 0ustar Rebuilding PDF documentation: apt-get install texlive-latex-base texlive-fonts-recommended \ texlive-generic-recommended make pdf debian/gnutls26-doc.doc-base.apireference0000664000000000000000000000042112246674133015452 0ustar Document: gnutls26-api Title: GnuTLS 2.x API Reference Manual Author: Simon Josefsson Abstract: GNU TLS API Reference Manual Section: Programming/C Format: HTML Index: /usr/share/doc/gnutls26-doc/api-reference/index.html Files: /usr/share/doc/gnutls26-doc/api-reference/* debian/changelog0000664000000000000000000020201712305152007011037 0ustar gnutls26 (2.12.23-12ubuntu2) trusty; urgency=medium * SECURITY UPDATE: certificate validation bypass - debian/patches/CVE-2014-0092.patch: correct return codes in lib/x509/verify.c. - CVE-2014-0092 -- Marc Deslauriers Mon, 03 Mar 2014 14:10:30 -0500 gnutls26 (2.12.23-12ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. - Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. - Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. - debian/patches/99_update-libtool.patch: Update libtool.m4 - debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. -- Matthias Klose Thu, 27 Feb 2014 09:58:58 +0100 gnutls26 (2.12.23-12) unstable; urgency=high * 26_fix_rejection-of-v1-intermedi.diff pulled and unfuzzed from GIT 3.x: A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior). CVE-2014-1959 / GNUTLS-SA-2014-1 -- Andreas Metzler Sat, 15 Feb 2014 16:37:36 +0100 gnutls26 (2.12.23-11) unstable; urgency=medium * (Build-)Depend on libtasn1-6-dev instead of on transitional libtasn1-3-dev package. -- Andreas Metzler Sat, 08 Feb 2014 15:29:24 +0100 gnutls26 (2.12.23-10) unstable; urgency=medium * Point vcs* to git. * Fix build on or1k (OpenRISC), thanks to Christian Svensson. Closes: #736750 + Drop (build-)depends on libp11-kit-dev on or1k which is lacking libffi currently. + Do not use chrpath if we are cross compiling. -- Andreas Metzler Mon, 27 Jan 2014 13:37:21 +0100 gnutls26 (2.12.23-9) experimental; urgency=low * Upload to experimental. * Built against libtasn1-6. -- Andreas Metzler Sat, 30 Nov 2013 12:57:27 +0100 gnutls26 (2.12.23-8) unstable; urgency=low * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless transition to gnutls28. -- Andreas Metzler Sun, 06 Oct 2013 13:49:36 +0200 gnutls26 (2.12.23-7) unstable; urgency=medium * Upload to unstable, built against libtasn1-3. * 25_updatedgdocfrommaster.diff - Update gdoc script from gnutls master to fix spurious build failure with perl 5.18. Closes: #724167 -- Andreas Metzler Wed, 25 Sep 2013 19:25:23 +0200 gnutls26 (2.12.23-6) experimental; urgency=low * Upload to experimental. * Let's try libtasn1-6 again, gcr in unstable should now be able to handle it. * Use debhelper v9, make libgnutls26-dbg Multi-arch: same. * Fix vcs-field-not-canonical lintian error by using anonscm instead of svn.debian.org. * Delete rpath in gnutls-binaries shipped in libgnutls26-dbg. -- Andreas Metzler Sat, 29 Jun 2013 13:29:55 +0200 gnutls26 (2.12.23-5) unstable; urgency=high * [21_sanitycheck.diff] Fix out of bounds data access. Closes: #709301 (CVE-2013-2116, DSA 2697-1) -- Andreas Metzler Thu, 23 May 2013 19:04:28 +0200 gnutls26 (2.12.23-4) unstable; urgency=low * Build against libtasn1-3 again. -- Andreas Metzler Sat, 18 May 2013 17:44:46 +0200 gnutls26 (2.12.23-3) unstable; urgency=low * Upload to unstable, 2.12.20 FTBFS with libc 2.17 due to removal of gets. * Import 2.12.20-* changelog entries. -- Andreas Metzler Thu, 09 May 2013 13:50:33 +0200 gnutls26 (2.12.23-2) experimental; urgency=low * Build against libtasn1-6. -- Andreas Metzler Mon, 06 May 2013 18:47:37 +0200 gnutls26 (2.12.23-1ubuntu5) trusty; urgency=low * 25_updatedgdocfrommaster.diff - Update gdoc script from gnutls master to fix spurious build failure with perl 5.18. Closes: #724167 * debian/patches/99_update-libtool.patch: Update libtool.m4 * debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. -- Adam Conrad Wed, 04 Dec 2013 23:23:10 -0700 gnutls26 (2.12.23-1ubuntu4) saucy; urgency=low * Link test-lock and test-thread_create with -Wl,--no-as-needed; see https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. Based on a similar change by Matthias Klose in libidn. -- Colin Watson Mon, 07 Oct 2013 15:51:16 +0100 gnutls26 (2.12.23-1ubuntu3) saucy; urgency=low * Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is sufficient for Ubuntu. The former versioning rendered sipsak uninstallable. -- Colin Watson Sat, 05 Oct 2013 00:00:39 +0100 gnutls26 (2.12.23-1ubuntu2) saucy; urgency=low * SECURITY UPDATE: denial of service via incorrect pad - debian/patches/CVE-2013-2116.patch: added sanity check in lib/gnutls_cipher.c. - CVE-2013-2116 -- Marc Deslauriers Mon, 27 May 2013 08:34:01 -0400 gnutls26 (2.12.23-1ubuntu1) raring; urgency=low * Merge from debian-experimental, remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. * Drop gnulib-gets.diff: upstream. -- Timo Aaltonen Thu, 07 Mar 2013 12:47:58 +0200 gnutls26 (2.12.23-1) experimental; urgency=low * New upstream version. + Includes fix for lucky thirteen TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619 GNUTLS-SA-2013-1 -- Andreas Metzler Wed, 06 Feb 2013 14:11:02 +0100 gnutls26 (2.12.22-1) experimental; urgency=low * Update watchfile, based on Bart Martens version from q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 2.x versions. * New upstream version. + Drop 30_strlen_on_null.diff. -- Andreas Metzler Sun, 06 Jan 2013 09:27:43 +0100 gnutls26 (2.12.21-4) experimental; urgency=low * 30_strlen_on_null.diff: Pulled from upstream git. Fix segfault caused by running strlen() on NULL. Closes: #647747 -- Andreas Metzler Sun, 18 Nov 2012 14:48:57 +0100 gnutls26 (2.12.21-3) experimental; urgency=low * Build with -sa. -- Andreas Metzler Sun, 11 Nov 2012 09:50:41 +0100 gnutls26 (2.12.21-2) experimental; urgency=low * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x packages. Add a new gnutls26-doc package which drops manpages and info format documentation in favour of being is co-installable with gnutls-doc. -- Andreas Metzler Sun, 11 Nov 2012 09:23:27 +0100 gnutls26 (2.12.21-1) experimental; urgency=low * New upstream release. + Works with libtasn1 3.0, requires at least libtasn1 2.14. Bump b-d. -- Andreas Metzler Sat, 10 Nov 2012 19:05:36 +0100 gnutls26 (2.12.20-6) unstable; urgency=low * For wheezy build gnutls-bin and guile-gnutls from this source package rather than from gnutls28. gnutls28 is a leaf-package in wheezy. Not shipping would mean a lot less work for the security team if there was a GnuTLS vulnerability. If wanted, it can be re-introduced via backports. The versioning trick has been copied from Ubuntu. * Since guile support would require building with --disable-largefile on armel armhf mipsel we do not provide the package there. -- Andreas Metzler Thu, 04 Apr 2013 18:34:25 +0200 gnutls26 (2.12.20-5) unstable; urgency=low * Testbuild gnutls guile bindings, binary packages unchanged. -- Andreas Metzler Fri, 22 Mar 2013 18:58:28 +0100 gnutls26 (2.12.20-4) unstable; urgency=high * Pull fixes from 2.12.23: + 34_pkcs11_memleak.diff Eliminated memory leak in PCKS #11 initialization. + 35_TLS-CBC_timing-attack.diff (GNUTLS-SA-2013-1) TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619 -- Andreas Metzler Mon, 04 Feb 2013 19:35:29 +0100 gnutls26 (2.12.20-3) unstable; urgency=low * Pull fixes from 2.12.22: +31_allow_key_usage_violation.diff: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. +32_record-padding-parsing.patch: Fix record padding parsing issue. +33_stricter_rsa_pkcs_1.5.diff: Fixes random handshake failures with non-GnuTLS implementations. This brings us up to GnuTLS 2.12.22, except for these differences: - The equivalent change of 33_stricter_rsa_pkcs_1.5.diff for the nettle code is not included as it is not relevant for Debian's binary packages. - 0b9d8d6f21dad85038c6de36d8fbd56271263f64 Corrected bug in PGP subpacket encoding. - Compatibility with libtasn1 3.x, which would require libtasn1 >=2.14. - Updated gnulib. * Update watchfile, based on Bart Martens version from q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 2.x versions. -- Andreas Metzler Sun, 06 Jan 2013 10:56:57 +0100 gnutls26 (2.12.20-2ubuntu1) raring; urgency=low * Resynchronise with Debian. Remaining changes: - Build gnutls-bin from this source package rather than from gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. * Avoid assuming that gets is declared. -- Colin Watson Thu, 06 Dec 2012 18:29:32 +0000 gnutls26 (2.12.20-2) unstable; urgency=low * 30_strlen_on_null.diff: Fix segfault caused by running strlen() on NULL. Closes: #647747 * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x packages. Add a new gnutls26-doc package which drops manpages and info format documentation in favour of being co-installable with gnutls-doc. -- Andreas Metzler Tue, 13 Nov 2012 19:21:25 +0100 gnutls26 (2.12.20-1) unstable; urgency=low * New upstream release. * Drop 25_nssldapsfix.diff (already included). -- Andreas Metzler Sun, 10 Jun 2012 16:53:50 +0200 gnutls26 (2.12.19-2) unstable; urgency=low * Pull debian/patches/25_nssldapsfix.diff from upstream git. (LP: #1003841) -- Andreas Metzler Thu, 07 Jun 2012 19:17:07 +0200 gnutls26 (2.12.19-1) unstable; urgency=low * New upstream release. -- Andreas Metzler Sat, 05 May 2012 20:02:34 +0200 gnutls26 (2.12.18-1) unstable; urgency=low * New upstream release. -- Andreas Metzler Fri, 16 Mar 2012 19:34:18 +0100 gnutls26 (2.12.17-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sat, 10 Mar 2012 16:07:43 +0100 gnutls26 (2.12.17-1) experimental; urgency=low * New upstream release. + Unfuzz 20_tests-select.diff. + Bump libp11-kit-dev build-dep. + Bump shlibs. + Includes fix for CVE-2012-1573. -- Andreas Metzler Sat, 03 Mar 2012 18:17:30 +0100 gnutls26 (2.12.16-1) unstable; urgency=low * New upstream release. -- Andreas Metzler Sat, 07 Jan 2012 13:20:09 +0100 gnutls26 (2.12.14-5ubuntu4) quantal; urgency=low * Apply upstream patch to fix validation of certificates when more than one with the same short hash exists in the CA bundle (LP: #1003841). -- Thorsten Glaser Thu, 24 May 2012 11:19:12 +0200 gnutls26 (2.12.14-5ubuntu3) precise; urgency=low * SECURITY UPDATE: Denial of service via crafted TLS record (LP: #978661) - debian/patches/CVE-2012-1573.patch: Validate the size of a GenericBlockCipher structure as it is processed. Based on upstream patch. - CVE-2012-1573 -- Tyler Hicks Wed, 11 Apr 2012 02:52:23 -0500 gnutls26 (2.12.14-5ubuntu2) precise; urgency=low * Bump the version of gnutls-doc too, for the same reason as gnutls-bin. -- Colin Watson Tue, 24 Jan 2012 20:05:00 +0000 gnutls26 (2.12.14-5ubuntu1) precise; urgency=low * Start building gnutls-bin from this source package again, superseding the version in gnutls28: gnutls28's licensing is currently too strict for many of the free software packages built against it in Ubuntu main and we only want to support a single version. Bump its version to achieve this. -- Colin Watson Tue, 24 Jan 2012 18:18:46 +0000 gnutls26 (2.12.14-5) unstable; urgency=low * Disable gnutls-guile package, let it be provided by gnutls28. -- Andreas Metzler Sat, 17 Dec 2011 12:05:34 +0100 gnutls26 (2.12.14-4) unstable; urgency=low * Prepare for uploading gnutls28 to unstable. + Drop gnutls-bin package, it is going to be provided by gnutls28. + Binaries are still useful for debugging, ship them with libgnutls-dbg in LIBDIR/libgnutls26. -- Andreas Metzler Sat, 03 Dec 2011 09:39:54 +0100 gnutls26 (2.12.14-3) unstable; urgency=low * [20_tests-select.diff] Do not run gnulib test-select test anymore. The test fails on kfreebsd-i386, the gnutls library does not use select(). Closes: #648247 -- Andreas Metzler Tue, 15 Nov 2011 19:10:06 +0100 gnutls26 (2.12.14-2) unstable; urgency=low * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix FTBFS on these architectures. See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html -- Andreas Metzler Sat, 12 Nov 2011 09:30:42 +0100 gnutls26 (2.12.14-1) unstable; urgency=medium * Simplify dependencies: + libgnutls-dev Provides/Conflicts/Replaces gnutls-dev (which is also provided by gnutls28' libgnutls*-dev). + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0), libgnutls11-dev. * New upstream bugfix release. + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 Closes: #648441 -- Andreas Metzler Tue, 08 Nov 2011 19:34:28 +0100 gnutls26 (2.12.12-1) unstable; urgency=low * New upstream version. * Drop -mlong-double-64 on powerpc, updated gnulib should fix this issue and the build-failure on powerpc64. Closes: #644944 * Delete superfluous info from debian/README.source. * Drop 20_guiledocstring, included upstream. -- Andreas Metzler Fri, 21 Oct 2011 19:33:04 +0200 gnutls26 (2.12.11-1) unstable; urgency=low * New upstream version. + Allow CA importing of 0 certificates to succeed. Closes: #640639 * Add libp11-kit-dev to libgnutls-dev dependencies. (see #643811) * [20_guiledocstring.diff] guile: Fix docstring extraction with CPP 4.5+. -- Andreas Metzler Sat, 01 Oct 2011 15:28:13 +0200 gnutls26 (2.12.10-2) unstable; urgency=low * Add -mlong-double-64 to CFLAGS on powerpc to work around gnulib testsuite error (test-float). See http://savannah.gnu.org/bugs/?33710 and http://mid.gmane.org/relbj8-8jh.ln1%40argenau.downhill.at.eu.org -- Andreas Metzler Sun, 11 Sep 2011 08:23:54 +0200 gnutls26 (2.12.10-1) unstable; urgency=low * New upstream version. + Uses p11-kit instead of forked pakchois for PKCS#11. Update build-depends (libp11-kit-dev and pkg-config) and debian/copyright. * Drop superfluous patches (20_gcrypt15compat.diff, 21_gnutls-cli.man.diff 22_export_gnutls_openpgp_privkey_sign_hash.diff 23_deinit_privkey.diff 24_XmppAddr-UTF8String.diff). * Fix binary-control-field-duplicates-source lintian warnings. -- Andreas Metzler Sat, 03 Sep 2011 14:40:36 +0200 gnutls26 (2.12.7-8) unstable; urgency=high * Since libgnutls*-dbg contains debugging symbols of helper applications libgnutls26-dbg and libgnutls28-dbg are not co-installable. Add Conflicts. * [24_XmppAddr-UTF8String.diff] Correct parsing of XMPP subject alternative names. Closes: #638586 * [23_deinit_privkey.diff] gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure. Closes: #638595 * Upload with urgency=high, 638595 breaks wwwoffle's TLS support. -- Andreas Metzler Sun, 28 Aug 2011 08:54:26 +0200 gnutls26 (2.12.7-7) unstable; urgency=high * 21_gnutls-cli.man.diff pulled from upstream git: Formatting fix for gnutls-cli manpage. Closes: #637551 * 22_export_gnutls_openpgp_privkey_sign_hash.diff. Fix ABI breakage, export_gnutls_openpgp_privkey_sign_hash() used to be present in 2.10.x was accidentally dropped from the symbol list. (Thanks, Jakub Wilk) Closes: #638801 -- Andreas Metzler Mon, 22 Aug 2011 19:24:08 +0200 gnutls26 (2.12.7-6) unstable; urgency=low * Use common-install-arch instead of common-install-prehook-arch to delete rpath. -- Andreas Metzler Fri, 12 Aug 2011 20:26:22 +0200 gnutls26 (2.12.7-5) unstable; urgency=low * libgnutls26 Breaks sipsak (<= 0.9.6-2.1+b1) [sparc armhf]. Closes: #637520 * Delete unneccessary rpath entries. -- Andreas Metzler Fri, 12 Aug 2011 16:55:24 +0200 gnutls26 (2.12.7-4) unstable; urgency=low * Upload to unstable. * Point watch file to stable release directory. * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config Libs.private. Closes: #632891 * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) -- Andreas Metzler Sun, 07 Aug 2011 09:58:28 +0200 gnutls26 (2.12.7-3) experimental; urgency=low [ Simon Josefsson ] * Fix Debian BTS URL in --with-packager-bug-reports option. [ Andreas Metzler ] * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Andreas Metzler Mon, 25 Jul 2011 19:59:36 +0200 gnutls26 (2.12.7-2) experimental; urgency=low * Stop shipping libtool la files. * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime libraries and guile-wrapper are Multi-Arch: same with Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are Multi-Arch: foreign, -dev and -dbg remain unchanged. + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not co-installable with itself. -- Andreas Metzler Sun, 26 Jun 2011 15:01:58 +0200 gnutls26 (2.12.7-1) experimental; urgency=low * New upstream version. * Update 17_ignoretestsuitteerrors.diff. * A new version of pokerth has been uploaded to sid, update libgnutls26 Breaks accordingly. -- Andreas Metzler Sun, 19 Jun 2011 08:49:01 +0200 gnutls26 (2.12.6.1-1) experimental; urgency=low * New upstream version. * Bump shlibs, global_set_time_function() was added. * Stop setting CFLAGS += -Wall, it is set by default again. * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite errors. -- Andreas Metzler Sun, 05 Jun 2011 13:18:50 +0200 gnutls26 (2.12.5-1) experimental; urgency=low * New upstream version. * Bump shlibs, gnutls_x509_crq_verify() was added. -- Andreas Metzler Sat, 14 May 2011 13:21:12 +0200 gnutls26 (2.12.4-1) experimental; urgency=low * New upstream version. * Bump shlibs. (gnutls_certificate_get_issuer() added). -- Andreas Metzler Sun, 08 May 2011 15:19:18 +0200 gnutls26 (2.12.3-1) experimental; urgency=low * New upstream version. * Drop patches included upstream: [18_restoreHMAC-MD5.diff] -- Andreas Metzler Fri, 22 Apr 2011 18:26:11 +0200 gnutls26 (2.12.2-2) experimental; urgency=low * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 for compatibility. Closes: #623001 -- Andreas Metzler Sun, 17 Apr 2011 15:44:30 +0200 gnutls26 (2.12.2-1) experimental; urgency=low * New upstream version. * [lintian] Drop article from short package descriptions. -- Andreas Metzler Fri, 08 Apr 2011 19:36:27 +0200 gnutls26 (2.12.1-1) experimental; urgency=low * New upstream version. + certtool: Generated certificate request with stricter permissions. Closes: #619746 * Drop superfluous patches: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will need a binNMU when gnutls 2.12.x uploaded to unstable. -- Andreas Metzler Sat, 02 Apr 2011 15:22:46 +0200 gnutls26 (2.12.0-1) experimental; urgency=low * New upstream stable release. + Drop superceded patches 17_goldhotfix.patch 18_libgnutls-openssl_soname.diff. * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff -- Andreas Metzler Sun, 27 Mar 2011 10:23:11 +0200 gnutls26 (2.11.7-2) experimental; urgency=low * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool versioning: 27:0:0). * Split off libgnutls-openssl to a separate package, since the sonames are not in sync anymore. -- Andreas Metzler Fri, 11 Mar 2011 17:48:47 +0100 gnutls26 (2.11.7-1) experimental; urgency=low * New upstream version (rc for 2.12) + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + Bump shlibs. * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. -- Andreas Metzler Thu, 10 Mar 2011 12:12:01 +0100 gnutls26 (2.11.6-2) experimental; urgency=low * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) on big endian architectures. -- Andreas Metzler Wed, 23 Feb 2011 19:20:40 +0100 gnutls26 (2.11.6-1) experimental; urgency=low * Development release. * Continue building against libgcrypt, run configure with --with-libgcrypt. * Refresh patches/15_fixgnutlspc.diff. * Set --with-packager* options. * Install newly available p11tool binary. * Bump libgcrypt11-dev Build-Depends. * C++ wrapper soname bump, change package name accordingly. * Bump shlibs. * Update debian/copyright. * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Sat, 19 Feb 2011 15:29:43 +0100 gnutls26 (2.10.5-3) unstable; urgency=medium * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Andreas Metzler Mon, 25 Jul 2011 19:26:34 +0200 gnutls26 (2.10.5-2) unstable; urgency=low * Stop shipping libtool la files. -- Andreas Metzler Sat, 25 Jun 2011 18:13:38 +0200 gnutls26 (2.10.5-1) unstable; urgency=low * New upstream bugfix release. + Drop 15_fixgnutlspc.diff, included upstream. * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Mon, 28 Feb 2011 18:52:57 +0100 gnutls26 (2.10.4-2) unstable; urgency=low * Use debhelper compatibility level 7. * Merge in changes from 2.8.6-1: + Use dh_lintian. + Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. + hotfix pkg-config files (proper fix to be included upstream). + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff Closes: #405239 * Upload to unstable. -- Andreas Metzler Sun, 06 Feb 2011 16:44:09 +0100 gnutls26 (2.10.4-1) experimental; urgency=low * New upstream release. V1 CAs are trusted by default. -- Andreas Metzler Mon, 06 Dec 2010 19:13:48 +0100 gnutls26 (2.10.3-1) experimental; urgency=low * Drop workaround for 519006, binutils is fixed even in squeeze. * New upstream bugfix release. -- Andreas Metzler Fri, 19 Nov 2010 19:19:26 +0100 gnutls26 (2.10.2-1) experimental; urgency=low * New upstream version. + Fix asynchronous API handling. Closes: #588187 + certtool does not crash on reading from /dev/null anymore. Closes: #588029 * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. -- Andreas Metzler Thu, 30 Sep 2010 19:10:31 +0200 gnutls26 (2.10.1-1) experimental; urgency=low * Update package descriptions. Closes: #588067 * New upstream version. -- Andreas Metzler Sun, 25 Jul 2010 14:56:45 +0200 gnutls26 (2.10.0-2) experimental; urgency=low * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental (2.31.2-1) not yet. Closes: #587755 -- Andreas Metzler Sat, 03 Jul 2010 08:58:57 +0200 gnutls26 (2.10.0-1) experimental; urgency=low * New upstream stable release. * Point watchfile to stable releases. -- Andreas Metzler Sat, 26 Jun 2010 14:48:40 +0200 gnutls26 (2.9.12-2) experimental; urgency=low * Work around gcc-4.4 bug by building without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a useless and almost empty package on these archs.) * Drop ancient workaround for gcc bug on hppa. http://bugs.debian.org/128036 -- Andreas Metzler Sat, 19 Jun 2010 14:38:22 +0200 gnutls26 (2.9.12-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Thu, 17 Jun 2010 19:20:04 +0200 gnutls26 (2.9.11-1) experimental; urgency=low * New upstream version. * Drop 15_gnutlspriority.diff, superseded. -- Andreas Metzler Mon, 07 Jun 2010 19:36:33 +0200 gnutls26 (2.9.10-2) experimental; urgency=low * [15_gnutlspriority.diff] Restore compatibility with programs using gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. Closes: #579831 -- Andreas Metzler Thu, 27 May 2010 18:40:53 +0200 gnutls26 (2.9.10-1) experimental; urgency=low * New upstream version. * New functions added, bump shlibs. -- Andreas Metzler Thu, 22 Apr 2010 19:29:52 +0200 gnutls26 (2.9.9-1) experimental; urgency=low * Package upstream development branch for experimental. * Track development versions in watchfile. * Package C++ wrapper again. Closes: #548637 -- Andreas Metzler Sun, 20 Dec 2009 11:31:33 +0100 gnutls26 (2.8.6-1) unstable; urgency=low * Use dh_lintian. * Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. * hotfix pkg-config files (proper fix to be included upstream). * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff -- Andreas Metzler Sat, 20 Mar 2010 15:53:35 +0100 gnutls26 (2.8.5-2) unstable; urgency=low * Add a huge bunch of lintian overrides for the guile stuff to make dak happy. -- Andreas Metzler Fri, 13 Nov 2009 19:53:04 +0100 gnutls26 (2.8.5-1) unstable; urgency=low * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) * Switch to '3.0 (quilt)' source format, allowing us to use upstreams orig.tar.bz2 without repacking it to gz. * New upstream version. + Drop patches/20_fixtimebomb.diff. -- Andreas Metzler Thu, 12 Nov 2009 19:57:08 +0100 gnutls26 (2.8.4-2) unstable; urgency=high * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 -- Andreas Metzler Sun, 01 Nov 2009 13:21:27 +0100 gnutls26 (2.8.4-1) unstable; urgency=low * New upstream version. + Drop debian/patches/15_openpgp.diff. * Sync priorities with override file, libgnutls26 has been bumped from important to standard. -- Andreas Metzler Sat, 26 Sep 2009 10:33:52 +0200 gnutls26 (2.8.3-3) unstable; urgency=low * Empty dependency_libs in la-files. (Squeeze release goal.) -- Andreas Metzler Sat, 05 Sep 2009 09:09:22 +0200 gnutls26 (2.8.3-2) unstable; urgency=low * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke openpgp connections. -- Andreas Metzler Sat, 22 Aug 2009 14:14:48 +0200 gnutls26 (2.8.3-1) unstable; urgency=high * New upstream version. + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it was built against. Closes: #540449 + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html * Drop 15_chainverify_expiredcert.diff, included upstream. * Urgency high, since 541439 applies to testing, too. -- Andreas Metzler Fri, 14 Aug 2009 19:14:29 +0200 gnutls26 (2.8.1-2) unstable; urgency=low [ Simon Josefsson ] * Remove cruft in rules file. * Remove patches/15_tasn1inpc.diff, not needed. [ Andreas Metzler ] * Finally add an entry to the NEWS.Debian file concerning the deprecation of RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 * Upload to unstable. * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. Fix testsuite error caused by expired certificate. -- Andreas Metzler Thu, 06 Aug 2009 19:12:51 +0200 gnutls26 (2.8.1-1) experimental; urgency=low * New upstream stable release. -- Andreas Metzler Thu, 11 Jun 2009 09:15:28 +0200 gnutls26 (2.7.14-1) experimental; urgency=low * [debian/control] set section setting of source package to libs instead of devel. * New upstream version. + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + Bump shlibs, new symbols added. -- Andreas Metzler Tue, 26 May 2009 19:51:41 +0200 gnutls26 (2.7.12-1) experimental; urgency=low * Fix typo in changelog. Closes: #526427 * New upstream release. + Does not ship the scripts libgnutls-extra-config and libgnutls-config and the .m4 snippet to use it anymore. Please switch to pkg-config or standard autoconf test. Drop manpages and both patches/13_lessdeps_gnutls-config.diff and patches/13_lessdeps_gnutls-config.diff from the debian diff. + Update remaining patches. + Bump shlibs, new symbols added. * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of GNUTLS_2_8. * New upstream uses separate ./configure scripts for the different libraries. Invoke the main ./configure script with --cache-file=$(CURDIR)/config.cache to speed things up. -- Andreas Metzler Thu, 21 May 2009 11:18:35 +0200 gnutls26 (2.6.6-1) unstable; urgency=high * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. * New upstream security release. + libgnutls: Corrected double free on signature verification failure. GNUTLS-SA-2009-1 CVE-2009-1415 + libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. GNUTLS-SA-2009-2 CVE-2009-1416 + libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. GNUTLS-SA-2009-3 CVE-2009-1417 * The former two issues only apply to gnutls 2.6.x. The latter is a behavior change, add a NEWS.Debian file to document it. -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 gnutls26 (2.6.5-1) unstable; urgency=low * Sync sections in debian/control with override file. libgnutls26-dbg is section debug, guile-gnutls is section lisp. * New upstream version. (Needed for Libtasn1-3 2.0) * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. * Standards-Version: 3.8.1, no changes required. -- Andreas Metzler Tue, 14 Apr 2009 14:23:19 +0200 gnutls26 (2.6.4-2) unstable; urgency=low * Upload to unstable. * Merge changelog entries from unstable and experimental. -- Andreas Metzler Mon, 16 Feb 2009 16:43:37 +0100 gnutls26 (2.6.4-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 07 Feb 2009 14:32:57 +0100 gnutls26 (2.6.3-1) experimental; urgency=low * New upstream version. + Corrects bug gnutls-cli which caused a rehandshake request to be ignored. Closes: #396867 * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) -- Andreas Metzler Sun, 21 Dec 2008 10:46:38 +0100 gnutls26 (2.6.2-2) experimental; urgency=low * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 * [lintian] Add ${misc:Depends} to multiple dendency lines. -- Andreas Metzler Sat, 06 Dec 2008 13:31:58 +0100 gnutls26 (2.6.2-1) experimental; urgency=low * New upstream version. + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + Drop 20_fix_501077.diff. * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper there. * Add Simon Josefsson to uploaders. -- Andreas Metzler Thu, 13 Nov 2008 19:30:06 +0100 gnutls26 (2.6.0-1) experimental; urgency=low * New upstream stable release. * Add debian/patches/20_fix_501077.diff to fix an out of bound access in gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 -- Andreas Metzler Sat, 25 Oct 2008 09:59:03 +0200 gnutls26 (2.5.9-1) experimental; urgency=low * New upstream development version. * Bump shlibs. -- Andreas Metzler Sat, 04 Oct 2008 12:40:01 +0200 gnutls26 (2.4.2-6) unstable; urgency=medium * New patches, syncing with 2.4.3 upstream oldstable release: + 24_intermedcertificate.patch If a non-root certificate ist trusted gnutls certificateificate verification stops there instead of checking up to the root of the certificate chain. + 22_whitespace.patch - Whitespace only changes, to make it possible to apply upstream fixes without manual changes. + 25_bufferoverrun.patch. Fix buffer overrun bug in gnutls_x509_crt_list_import. http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 gnutls26 (2.4.2-5) unstable; urgency=low * Pull two patches from upstream stable branch to make gnutls behavior match documentation: + patch 23_permit_v1_CA.diff:Accept v1 x509 CA certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. CVE-2009-2409 -- Andreas Metzler Sat, 31 Jan 2009 16:26:52 +0100 gnutls26 (2.4.2-4) unstable; urgency=medium * Add Simon Josefsson to uploaders. * Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 -- Andreas Metzler Sat, 06 Dec 2008 12:09:33 +0100 gnutls26 (2.4.2-3) unstable; urgency=low * Fix a crash on trying to verify self-signed certificates introduced by the patch for CVE-2008-4989. Closes: #505279 -- Andreas Metzler Wed, 12 Nov 2008 19:23:23 +0100 gnutls26 (2.4.2-2) unstable; urgency=medium * [CVE-2008-4989.diff] Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3 -- Andreas Metzler Mon, 10 Nov 2008 19:42:54 +0100 gnutls26 (2.4.2-1) unstable; urgency=low * New upstream bugfix release. * Up to date gnutls-cli manpage. Closes: #492775 -- Andreas Metzler Sun, 21 Sep 2008 10:35:16 +0200 gnutls26 (2.4.1-1) unstable; urgency=medium * New upstream version, fixing a local denial of service vulnerability only present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 -- Andreas Metzler Tue, 01 Jul 2008 19:35:51 +0200 gnutls26 (2.4.0-2) unstable; urgency=low * Standards version 3.8.0. Rename README.source_and_patches to README.source. * Upload to unstable. * Point watchfile to stable releases again. * Merge experimental and unstable changelog. -- Andreas Metzler Tue, 24 Jun 2008 19:13:25 +0200 gnutls26 (2.4.0-1) experimental; urgency=low * New upstream stable release. * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. -- Andreas Metzler Wed, 18 Jun 2008 19:40:38 +0200 gnutls26 (2.3.15-1) experimental; urgency=low * New upstream version. (rc4) Disables 'openpgp-certs' tests. Closes: #486269 -- Andreas Metzler Mon, 16 Jun 2008 19:08:24 +0200 gnutls26 (2.3.14-1) experimental; urgency=low * New upstream version. (rc3) -- Andreas Metzler Wed, 11 Jun 2008 19:16:18 +0200 gnutls26 (2.3.13-1) experimental; urgency=low * New upstream version. 2nd rc for 2.4.0. * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. -- Andreas Metzler Sun, 08 Jun 2008 18:00:51 +0200 gnutls26 (2.3.12-1) experimental; urgency=low * New upstream version. Bump shlibs. * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite failure on sparc. -- Andreas Metzler Thu, 05 Jun 2008 19:08:29 +0200 gnutls26 (2.3.11-1) experimental; urgency=low * New upstream version. + Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See . CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + Fixes subjectAltName wildcard matching. Closes: #479174 + certtool now writes keyfiles with 0600 permissions. Closes: #373169 -- Andreas Metzler Sat, 24 May 2008 08:25:36 +0200 gnutls26 (2.2.5-1) unstable; urgency=high * New upstream version. Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See . CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 -- Andreas Metzler Tue, 20 May 2008 19:19:55 +0200 gnutls26 (2.3.9-1) experimental; urgency=low * New upstream development version. - OpenPGP support merged into libgnutls and is now licensed under LGPL. The included copy of OpenCDK has been stripped down and re-licensed under the LGPL. Using the external OpenCDK is not supported anymore, the external library will not be maintained anymore. Drop respective (build-)depends. - API extended, bump shlibs. - certtool asks for password confirmation. Closes: #364287 - performance enhancements for gnutls_certificate_set_x509_trust_file. Closes: #400448 - gnutls-cli: exits when hostname doesn't match certificate. Use --insecure to avoid hostname comparison. * For paranoia sake build with -D_REENTRANT even if upstream has stopped doing so. * [debian/copyright] : update, and stop including a GFDL copy. * Point watchfile to development versions. -- Andreas Metzler Sat, 17 May 2008 16:56:04 +0200 gnutls26 (2.2.3-1) unstable; urgency=low * New upstream stable release. - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 -- Andreas Metzler Mon, 12 May 2008 18:29:12 +0200 gnutls26 (2.2.3~rc-1) unstable; urgency=low * New upstream version. Release candidate for 2.2.3. + Increase default handshake packet size limit to 48kb. Closes: #478191 * remove unsupported .l command from debian/libgnutls-config.1 * Use Programming/C as doc-base section. -- Andreas Metzler Thu, 01 May 2008 13:09:49 +0200 gnutls26 (2.2.2-1) unstable; urgency=low * New upstream version. Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. corrected string handling in parse_general_name. Closes: #465197 * Point watchfile to ftp.gnutls.org. * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. -- Andreas Metzler Fri, 22 Feb 2008 19:08:36 +0100 gnutls26 (2.2.1-3) unstable; urgency=low * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build gnutls guile wrapper on ia64. -- Andreas Metzler Mon, 04 Feb 2008 19:14:03 +0100 gnutls26 (2.2.1-2) unstable; urgency=low * Add Vcs-Svn: and Vcs-Browser control fields. * Upload to unstable. -- Andreas Metzler Sun, 03 Feb 2008 18:14:21 +0100 gnutls26 (2.2.1-1) experimental; urgency=low * New upstream version. * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper there. * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both packages contain gnutls-bin debugging symbols. Closes: #459295. -- Andreas Metzler Sun, 20 Jan 2008 18:27:33 +0100 gnutls26 (2.2.0-1) experimental; urgency=low * New upstream version. License change! Main library stays LGPLv2.1+ but libgnutls-extra, libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is updated. * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older versions were GPLv2+) and this license is not compatible with GPLv3+. * Non packaged 2.1.8 introduced new symbol gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for DSA2 support. Closes: #455513 * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. -- Andreas Metzler Sat, 15 Dec 2007 16:41:54 +0100 gnutls26 (2.1.7-1) experimental; urgency=low * New upstream version. - Another soname bump. Packages renamed. * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since dak does not allow that yet. * Add Build-Conflicts: libgnutls-dev to stop libtool from linking libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 -- Andreas Metzler Sat, 1 Dec 2007 10:40:17 +0100 gnutls25 (2.1.6-2) experimental; urgency=low * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make experimental buildds happy. -- Andreas Metzler Mon, 19 Nov 2007 18:58:48 +0100 gnutls25 (2.1.6-1) experimental; urgency=low * New upstream version. API changes! Please consult /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, removed (mainly *_authz_*) and changed interfaces. This is the first release canddate for 2.2. The deprecation of gnutls_set_default_priority() is supposed to be undone before the final stable release. * Bump build-depends. * Stop building and shipping the C++ library, since nobody is using it. I will happly re-add it if requested. * Add Homepage field to debian/control. * Build and ship Guile bindings. Requested by Ludovic Courtès who also provided the initial patch. (On a sidenote I think guile generally does not do the right thing by throwing dlopened modules into /usr/lib/.) * Update debian/copyright. -- Andreas Metzler Sat, 17 Nov 2007 16:42:01 +0100 gnutls13 (2.0.1-1) unstable; urgency=low * New upstream version. * Remove doc/*.info* on clean to allow building thrice in a row. (Closes: #441740) -- Andreas Metzler Sat, 29 Sep 2007 11:29:22 +0200 gnutls13 (1.7.19-1) unstable; urgency=low * New upstream version 1.7.19. - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. This takes of care of the mutt breakage. Closes: #439640 -- Andreas Metzler Mon, 27 Aug 2007 19:36:23 +0200 gnutls13 (1.7.18-2) unstable; urgency=low * Upload to unstable -- Andreas Metzler Sat, 25 Aug 2007 09:27:18 +0200 gnutls13 (1.7.18-1) experimental; urgency=low * New upstream version 1.7.18, release candidate for 2.0. * Bump shlibs, since functions have been added. * Image files renamed upstream with gnutls- prefix and symlinked to /usr/share/info/ in Debian package. Closes: #423577 -- Andreas Metzler Sat, 18 Aug 2007 09:06:11 +0200 gnutls13 (1.7.16-1) experimental; urgency=low * New upstream version 1.7.16. -- Andreas Metzler Sat, 11 Aug 2007 10:50:21 +0200 gnutls13 (1.7.14-1) experimental; urgency=low * New upstream version - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 -- Andreas Metzler Sat, 30 Jun 2007 09:06:35 +0200 gnutls13 (1.7.12-1) experimental; urgency=low * New upstream version 1.7.12 - Fixes memory errors in certificate parsing. Closes: #333050 * Bump shlibs, due to API extensions in 1.7.10. * Rebuilding of docs simpified, strip debian/README.source_and_patches to reflect that. -- Andreas Metzler Sat, 23 Jun 2007 11:14:26 +0200 gnutls13 (1.7.9-1) experimental; urgency=low * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) * New upstream version. - Uses opencdk10 (0.6.x). - Improved gnutls_set_default_priority() priorities, with matching correct docs. (Closes: #422024) - bumped shlibs. * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage twice in a row on the same sourcetree. (Closes: #424357) Document what is needed to rebuild doc/gnutls.pdf in README.source_and_patches. -- Andreas Metzler Mon, 28 May 2007 08:36:42 +0200 gnutls13 (1.7.7-1) experimental; urgency=low * New development upstream version 1.7.7. - Point watchfile to development versions. - Bump shlibs for added APIs. - Includes German translation. (Closes: #392857) -- Andreas Metzler Sun, 15 Apr 2007 10:11:21 +0200 gnutls13 (1.6.3-1) unstable; urgency=low * New upstream version, pulling selected fixes and features from 1.7.x. * Bump shlibs. -- Andreas Metzler Sun, 27 May 2007 09:26:14 +0200 gnutls13 (1.6.2-2) unstable; urgency=low * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) -- Andreas Metzler Sun, 13 May 2007 09:48:31 +0200 gnutls13 (1.6.2-1) unstable; urgency=low * New upstream version - Really Closes: #403887 libgnutls failes to parse OpenSSL generated certificates, since it contains a regenerated pkix_asn1_tab.c. - Ship German translation. Closes: #392857 -- Andreas Metzler Sat, 21 Apr 2007 10:57:02 +0200 gnutls13 (1.6.1-2) unstable; urgency=low * [gnutls-bin.install] Ship psktool. * Ship gettext translations in deb package, but as gnutls13.mo instead of gnutls.mo. * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* changelog entries after branchoff. Point watchfile to stable upstream versions again. * Drop dependency of libgnutls13-dbg on libgnutlsxx13. -- Andreas Metzler Sat, 3 Feb 2007 13:49:48 +0100 gnutls13 (1.6.1-1) experimental; urgency=low [ James Westby ] * New upstream release. -- Andreas Metzler Sat, 3 Feb 2007 13:18:03 +0100 gnutls13 (1.6.0-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 18 Nov 2006 13:21:56 +0100 gnutls13 (1.5.3-1) experimental; urgency=low [ Andreas Metzler ] * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. * New upstream version 1.5.3. * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. * Drop code for re-libtoolizing and running auto* from debian/rules, it is unused and would not work anymore. (We can later grab the from SVN and update it to make work if we ever need it.) -- Andreas Metzler Sat, 28 Oct 2006 12:56:46 +0200 gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low [ Andreas Metzler ] * Add a watchfile. * New upstream development version. - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was broken. - Drop unneeded patches/16_libs.private_gnutls.diff patches/16_libs.private_gnutls-extra.diff - Point watchfile to development versions. - Builds a C++ library. * Switch to debhelper v5 mode to be able to ship debug symbols of libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. * Branched off from 1.4.4-1. -- Andreas Metzler Sat, 30 Sep 2006 09:54:38 +0200 gnutls13 (1.4.4-3) unstable; urgency=low * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS version, try to negotiate the highest version support by the GnuTLS server, instead of the lowest. -- Andreas Metzler Sat, 11 Nov 2006 10:35:29 +0100 gnutls13 (1.4.4-2) unstable; urgency=low [ Andreas Metzler ] * Add a watchfile. * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. -- Andreas Metzler Tue, 12 Sep 2006 19:57:49 +0200 gnutls13 (1.4.4-1) unstable; urgency=high [ Andreas Metzler ] * New upstream version 1.4.4 - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't crash mutt. (closes: #386725) GNUTLS-SA-2006-4 is CVE-2006-4790. -- Andreas Metzler Tue, 12 Sep 2006 19:09:47 +0200 gnutls13 (1.4.3-2) unstable; urgency=low * the lesser of two weevils release. [ Andreas Metzler ] * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in various programs, including mutt. (closes: #386680) -- Andreas Metzler Sat, 9 Sep 2006 19:29:52 +0200 gnutls13 (1.4.3-1) unstable; urgency=high [ Andreas Metzler ] * New upstream version 1.4.3. - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. GNUTLS-SA-2006-4 - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. GNUTLS-SA-2006-3 - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. -- Andreas Metzler Fri, 8 Sep 2006 19:12:33 +0200 gnutls13 (1.4.2-1) unstable; urgency=medium [ Andreas Metzler ] * New upstream bugfix release. - Fixes a crash in the certificate verification logic. -- Andreas Metzler Sat, 12 Aug 2006 10:44:16 +0200 gnutls13 (1.4.1-1) unstable; urgency=low [ James Westby ] * New upstream release. * Remove the following patches as they are now included upstream: - 10_certtoolmanpage.diff - 15_fixcompilewarning.diff - 30_man_hyphen_*.patch * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than gnutls-api so that devhelp can find it. -- Andreas Metzler Sat, 15 Jul 2006 11:11:08 +0200 gnutls13 (1.4.0-3) unstable; urgency=low [ Andreas Metzler ] * Strip "libgnutls-config --libs"' output to only list stuff required for dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's README.Debian. * Pull patches/16_libs.private_gnutls.diff and debian/patches/16_libs.private_gnutls-extra.diff from upstream to make pkg-config usable for static linking. -- Andreas Metzler Sun, 2 Jul 2006 12:10:56 +0200 gnutls13 (1.4.0-2) unstable; urgency=low [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) * Also ship css-, devhelp- and sgml files in gnutls-doc. * patches/15_fixcompilewarning.diff correct order of funtion arguments. [ James Westby ] * This release allows the port to be specified as the name of the service when using gnutls-cli (closes: #342891) -- Andreas Metzler Sat, 17 Jun 2006 20:44:09 +0200 gnutls13 (1.4.0-1) experimental; urgency=low * New maintainer team. Thanks, Matthias for all the work you did. * Re-add gnutls-doc package, featuring api-reference as manual pages and html, and reference manual in html and pdf format. (closes: #368185,#368449) * Fix reference to gnutls0.4-doc package in debian/copyright. Update debian/copyright and include actual copyright statements. (closes: #369071) * Bump shlibs because of changes to extra.h * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will generate the necessary directories. * Drop debian/NEWS.Debian as it only talks about the move of the (since purged) gnutls-doc package to contrib a long time ago. (Thanks Simon Josefsson, for these suggestions.) * new upstream version. (closes: #368323) * clean packaging against upstream tarball. - Drop all patches, except for fixing error in certtool.1 and setting gnutls_libs=-lgnutls-extra in libgnutls-extra-config. - Add --enable-ld-version-script to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of patching ./configure.in. (closes: #367358) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Build against external libtasn1-3. (closes: #363294) * Standards-Version: 3.7.2, no changes required. * debian/control and override file are in sync with respect to Priority and Section, everthing except libgnutls13-dbg already was. (closes: #366956) * acknowledge my own NMU. (closes: #367065) * libgnutls13-dbg is nonempty (closes: #367056) -- Andreas Metzler Sat, 20 May 2006 11:22:36 +0000 gnutls13 (1.3.5-1.1) unstable; urgency=low * NMU * Invoke ./configure with --with-included-libtasn1 to prevent accidental linking against the broken 0.3.1-1 upload of libtasn1-2-dev which contained libtasn1.so.3 and force gnutls13 to use the internal version of libtasn instead until libtasn1-3-dev is uploaded. Drop broken Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead of --dbg-package=libgnutls12. (closes: #367056) -- Andreas Metzler Sat, 13 May 2006 07:45:32 +0000 gnutls13 (1.3.5-1) unstable; urgency=low * New Upstream version. - Security fix. - Yet another ABI change. * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 * Let -dev package depend on liblzo-dev (closes:#347438) * Fix certtool help output (closes:#338623) -- Matthias Urlichs Sat, 18 Mar 2006 22:46:25 +0100 gnutls12 (1.2.9-2) unstable; urgency=low * Install /usr/lib/pkgconfig/*.pc files. * Depend on texinfo (>= 4.8, for the @euro{} sign). -- Matthias Urlichs Tue, 15 Nov 2005 19:26:02 +0100 gnutls12 (1.2.9-1) unstable; urgency=low * New Upstream version. -- Matthias Urlichs Fri, 11 Nov 2005 18:51:28 +0100 gnutls12 (1.2.8-1) unstable; urgency=low * New Upstream version. - depends on libgcrypt11 1.2.2 * Bumped shlibs version, just to be on the safe side. -- Matthias Urlichs Wed, 19 Oct 2005 12:05:14 +0200 gnutls12 (1.2.6-1) unstable; urgency=low * New Upstream version. * Remove Provides: on libgnutls11-dev. Hopefully this will be temporary (pending discussion with Upstream). -- Matthias Urlichs Thu, 11 Aug 2005 12:21:36 +0200 gnutls12 (1.2.5-3) unstable; urgency=high * Updated libgnutls12.shlibs file. Thanks to Mike Paul . Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks dependencies on this library -- Matthias Urlichs Thu, 21 Jul 2005 13:19:25 +0200 gnutls12 (1.2.5-2) unstable; urgency=medium * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. Added an explicit dependency as a stopgap fix. -- Matthias Urlichs Thu, 21 Jul 2005 08:27:22 +0200 gnutls12 (1.2.5-1) unstable; urgency=low * Merged with the latest stable release. * Renamed to gnutls12. - Changed the library version strings to GNUTLS_1_2. - Renamed the development package back to "libgnutls-dev". -- Matthias Urlichs Tue, 5 Jul 2005 10:35:56 +0200 gnutls11 (1.0.19-1) experimental; urgency=low * Merged with the latest stable release. -- Matthias Urlichs Sun, 26 Dec 2004 13:28:45 +0100 gnutls11 (1.0.16-13) unstable; urgency=high * Fixed an ASN.1 extraction error. Found by Pelle Johansson . -- Matthias Urlichs Mon, 29 Nov 2004 10:16:21 +0100 gnutls11 (1.0.16-12) unstable; urgency=high * Fixed a segfault in certtool. Closes: #278361. -- Matthias Urlichs Thu, 11 Nov 2004 09:40:02 +0100 gnutls11 (1.0.16-11) unstable; urgency=medium * Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken. -- Matthias Urlichs Sat, 6 Nov 2004 13:11:03 +0100 gnutls11 (1.0.16-10) unstable; urgency=high * Fixed one instance of uninitialized memory usage. -- Matthias Urlichs Thu, 21 Oct 2004 06:07:53 +0200 gnutls11 (1.0.16-9) unstable; urgency=high * Pulled from Upstream CVS: - Fix two memory leaks. - Fix NULL dereference. -- Matthias Urlichs Fri, 8 Oct 2004 10:43:20 +0200 gnutls11 (1.0.16-8) unstable; urgency=high * Pulled these changes from Upstream CVS: - Added default limits in the verification of certificate chains, to avoid denial of service attacks. - Added gnutls_certificate_set_verify_limits() to override them. - Added gnutls_certificate_verify_peers2(). -- Matthias Urlichs Sun, 12 Sep 2004 02:05:25 +0200 gnutls11 (1.0.16-7) unstable; urgency=low * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. Thanks to joeyh@debian.org for reporting this problem. -- Matthias Urlichs Sat, 14 Aug 2004 11:22:51 +0200 gnutls11 (1.0.16-6) unstable; urgency=medium * Memory leak, found by Modestas Vainius . - Closes: #264420 -- Matthias Urlichs Sun, 8 Aug 2004 22:21:01 +0200 gnutls11 (1.0.16-5) unstable; urgency=low * Depend on current libtasn1-2 (>= 0.2.10). - Closes: #264198. * Fixed maintainer email to point to Debian address. -- Matthias Urlichs Sat, 7 Aug 2004 19:44:38 +0200 gnutls11 (1.0.16-4) unstable; urgency=low * The OpenSSL compatibility library has been linked incorrectly (-ltasn1 was missing). * Need to build-depend on current opencdk8 and libtasn1-2 version. -- Matthias Urlichs Sat, 7 Aug 2004 19:29:32 +0200 gnutls11 (1.0.16-3) unstable; urgency=high * Documentation no longer includes LaTeX-produced output (the source contains latex2html-specific features, which is non-free). * Urgency: High because of pending base freeze. -- Matthias Urlichs Mon, 26 Jul 2004 11:18:20 +0200 gnutls11 (1.0.16-2) unstable; urgency=high * Actually *enable* debug symbols :-/ * Urgency: High for speedy inclusion in d-i -- Matthias Urlichs Fri, 23 Jul 2004 22:38:07 +0200 gnutls11 (1.0.16-1) experimental; urgency=low * Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html. -- Matthias Urlichs Wed, 21 Jul 2004 16:58:26 +0200 gnutls10 (1.0.4-4) unstable; urgency=low * New maintainer. * Run autotools at source package build time. - Closes: #257237: FTBFS (i386/sid): aclocal failed * Remove "package is still changed upstream" warning. * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. -- Matthias Urlichs Fri, 16 Jul 2004 02:09:36 +0200 gnutls10 (1.0.4-3) unstable; urgency=low * control: Changed the build dependency and the dependency of libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which could cause linking against two versions of libgcrypt. -- Ivo Timmermans Sat, 24 Jan 2004 15:32:22 +0100 gnutls10 (1.0.4-2) unstable; urgency=low * libgnutls-doc.doc-base: Removed HTML manual listing. * control: Removed Jordi Mallach from the list of Uploaders. Thanks, Jordi :) -- Ivo Timmermans Wed, 14 Jan 2004 13:35:42 +0100 gnutls10 (1.0.4-1) unstable; urgency=low * New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream. -- Ivo Timmermans Tue, 13 Jan 2004 23:57:16 +0100 gnutls10 (1.0.0-1) unstable; urgency=low * New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list. -- Ivo Timmermans Mon, 29 Dec 2003 23:23:08 +0100 gnutls8 (0.9.99-1) experimental; urgency=low * New upstream release. * Included upstream GPG signature in .orig.tar.gz. -- Ivo Timmermans Wed, 3 Dec 2003 22:33:52 +0100 gnutls8 (0.9.98-1) experimental; urgency=low * New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch]. -- Ivo Timmermans Sun, 23 Nov 2003 15:44:38 +0100 gnutls8 (0.9.95-1) experimental; urgency=low * New upstream version. -- Ivo Timmermans Fri, 7 Nov 2003 19:50:22 +0100 gnutls8 (0.9.94-1) experimental; urgency=low * New upstream version; package based on gnutls7 0.8.12-2. * debian/control: * Build-depend on libgcrypt7-dev (>= 1.1.44-0). * debian/rules: Run auto* after the patches have been applied. -- Ivo Timmermans Fri, 31 Oct 2003 18:47:09 +0100 debian/libgnutls26.install0000664000000000000000000000015112246674133012740 0ustar debian/tmp/usr/lib/*/libgnutls.so.* debian/tmp/usr/lib/*/libgnutls-e*.so.* debian/tmp/usr/share/locale/* debian/gnutls-bin.examples0000664000000000000000000000002112303600173012776 0ustar doc/certtool.cfg debian/libgnutls26.NEWS0000664000000000000000000000426612246674133012061 0ustar gnutls26 (2.6.6-1) unstable; urgency=high libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. We have realized that many applications that use libgnutls, including gnutls-cli, fail to perform proper checks. Implementing similar logic in all applications leads to code duplication. Hence, we decided to check whether the current time (as reported by the time function) is within the activation/expiration period of certificates when verifying untrusted certificates. This changes the semantics of gnutls_x509_crt_list_verify, which in turn is used by gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. We add two new gnutls_certificate_status_t codes for reporting the new error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also add a new gnutls_certificate_verify_flags flag, GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new behaviour. GNUTLS-SA-2009-3 CVE-2009-1417 http://www.gnu.org/software/gnutls/security.html -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 gnutls26 (2.4.2-5) unstable; urgency=medium * The gnutls certificate verification code has been changed to stop trusting some weak algoritms. Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. See , and "certtool -i < signature.pem" will inform about the algoritm used for signing (Search for "Signature Algorithm" in its output.). The proper fix is to re-issue the certificates with a more secure algoritm. As a hotfix the respective certicate itself can be added to the list of trusted certificates. Obviously this should only be done after verifying the certificate by different means than relying on the weak signature. -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 debian/source/0000775000000000000000000000000012246674133010500 5ustar debian/source/format0000664000000000000000000000001412246673460011710 0ustar 3.0 (quilt) debian/gnutls26-doc.doc-base0000664000000000000000000000044612246674133013032 0ustar Document: gnutls26 Title: GnuTLS 2.x Manual Author: Simon Josefsson Abstract: GnuTLS 2.x library manual Section: Programming/C Format: HTML Index: /usr/share/doc/gnutls26-doc/html/gnutls.html Files: /usr/share/doc/gnutls26-doc/html/* Format: PDF Files: /usr/share/doc/gnutls26-doc/gnutls.pdf debian/compat0000664000000000000000000000000212246673460010400 0ustar 9 debian/gnutls26-doc.install0000664000000000000000000000053512246674133013022 0ustar doc/reference/html/*html usr/share/doc/gnutls26-doc/api-reference doc/reference/html/*png usr/share/doc/gnutls26-doc/api-reference doc/reference/html/*.css usr/share/doc/gnutls26-doc/api-reference doc/reference/html/*.sgml usr/share/doc/gnutls26-doc/api-reference doc/*.html usr/share/doc/gnutls26-doc/html doc/*.png usr/share/doc/gnutls26-doc/html debian/libgnutlsxx27.install0000664000000000000000000000004612246674133013324 0ustar debian/tmp/usr/lib/*/libgnutlsxx.so.* debian/gnutls26-doc.examples0000664000000000000000000000002112246674133013160 0ustar doc/examples/*.c debian/patches/0000775000000000000000000000000012305151641010615 5ustar debian/patches/18_gpgerrorinpkgconfig.diff0000664000000000000000000000143512246674133016042 0ustar Description: [pkg-config] Add libgpg-error to gnutls' Libs.private. Author: Andreas Metzler Bug-Debian: http://bugs.debian.org/632891 Forwarded: no (Upstream has switched to nettle as crypto backend) diff -NurBbp gnutls-2.12.9/lib/gnutls.pc.in b/lib/gnutls.pc.in --- gnutls-2.12.9/lib/gnutls.pc.in 2011-07-27 16:03:24.000000000 +0200 +++ b/lib/gnutls.pc.in 2011-08-28 18:09:22.000000000 +0200 @@ -20,6 +20,6 @@ Description: Transport Security Layer im URL: http://www.gnu.org/software/gnutls/ Version: @VERSION@ Libs: -L${libdir} -lgnutls -Libs.private: @LTLIBGCRYPT@ @LTLIBNETTLE@ @NETTLE_LIBS@ @GNUTLS_ZLIB_LIBS_PRIVATE@ +Libs.private: @LTLIBGCRYPT@ @LTLIBNETTLE@ @NETTLE_LIBS@ -lgpg-error @GNUTLS_ZLIB_LIBS_PRIVATE@ @GNUTLS_REQUIRES_PRIVATE@ Cflags: -I${includedir} debian/patches/21_sanitycheck.diff0000664000000000000000000000151512246674133014272 0ustar From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 23 May 2013 09:54:37 +0200 Subject: [PATCH 3/3] re-applied sanity check patch --- lib/gnutls_cipher.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 2835121..71f5a98 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, return GNUTLS_E_DECRYPTION_FAILED; } pad = ciphertext.data[ciphertext.size - 1]; /* pad */ + if (pad+1 > ciphertext.size-hash_size) + pad_failed = GNUTLS_E_DECRYPTION_FAILED; /* Check the pading bytes (TLS 1.x). * Note that we access all 256 bytes of ciphertext for padding check -- 1.7.10.4 debian/patches/16_unnecessarydep.diff0000664000000000000000000000257612246674133015031 0ustar diff -NurBbp gnutls-2.8.6.orig/configure gnutls-2.8.6/configure --- gnutls-2.8.6.orig/configure 2010-03-15 11:29:16.000000000 +0100 +++ gnutls-2.8.6/configure 2010-03-20 16:01:07.000000000 +0100 @@ -7026,7 +7026,7 @@ fi rpathdirs= ltrpathdirs= names_already_handled= - names_next_round='gcrypt gpg-error' + names_next_round='gcrypt' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= diff -NurBbp gnutls-2.8.6.orig/lib/configure gnutls-2.8.6/lib/configure --- gnutls-2.8.6.orig/lib/configure 2010-03-15 11:28:38.000000000 +0100 +++ gnutls-2.8.6/lib/configure 2010-03-20 16:00:59.000000000 +0100 @@ -12102,7 +12102,7 @@ fi rpathdirs= ltrpathdirs= names_already_handled= - names_next_round='gcrypt gpg-error' + names_next_round='gcrypt' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= diff -NurBbp gnutls-2.8.6.orig/libextra/configure gnutls-2.8.6/libextra/configure --- gnutls-2.8.6.orig/libextra/configure 2010-03-15 11:28:58.000000000 +0100 +++ gnutls-2.8.6/libextra/configure 2010-03-20 16:00:53.000000000 +0100 @@ -11509,7 +11509,7 @@ fi rpathdirs= ltrpathdirs= names_already_handled= - names_next_round='gcrypt gpg-error' + names_next_round='gcrypt' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= debian/patches/20_tests-select.diff0000664000000000000000000000200012246674133014371 0ustar Description: Disable gnulib test-select test This test fails on kfreebsd-i386. As the code this test is supposed to test has not changed and as select() is only used by the command-line utilities but not the library stop running the test. Bug-Debian: http://bugs.debian.org/648247 Forwarded: http://article.gmane.org/gmane.comp.lib.gnulib.bugs/29018 Last-Update: 2012-03-03 diff -NurBbp a/gl/tests/Makefile.in b/gl/tests/Makefile.in --- a/gl/tests/Makefile.in 2012-03-01 17:53:07.000000000 +0100 +++ b/gl/tests/Makefile.in 2012-03-03 17:13:45.000000000 +0100 @@ -80,7 +80,7 @@ TESTS = test-accept$(EXEEXT) test-alloca test-open$(EXEEXT) test-pathmax$(EXEEXT) test-perror.sh \ test-perror2$(EXEEXT) test-pipe$(EXEEXT) \ test-read-file$(EXEEXT) test-recv$(EXEEXT) \ - test-select$(EXEEXT) test-select-in.sh test-select-out.sh \ + test-select-in.sh test-select-out.sh \ test-send$(EXEEXT) test-setsockopt$(EXEEXT) \ test-shutdown$(EXEEXT) test-signal-h$(EXEEXT) \ test-snprintf$(EXEEXT) test-sockets$(EXEEXT) \ debian/patches/25_updatedgdocfrommaster.diff0000664000000000000000000004451512246674133016363 0ustar Description: Update gdoc script from gnutls master. This includes bef38b98c0536d81c0e4b2e78a9182e1df1d451c among other fixes: . [PATCH] Avoid depending on hash order in gdoc. . Previously, gdoc had a hash of regexp replacements for each output format, and applied the replacements in the order that "keys" returned for the hash. However, not all orders are safe -- and now that Perl 5.18 randomises hash order per-process, it only worked sometimes! Origin: upstream Bug-Debian: http://bugs.debian.org/724167 Forwarded: not-needed --- gnutls26-2.12.23.orig/doc/scripts/gdoc +++ gnutls26-2.12.23/doc/scripts/gdoc @@ -1,4 +1,6 @@ -#!/usr/bin/perl +eval '(exit $?0)' && eval 'exec perl "$0" ${1+"$@"}' + & eval 'exec perl "$0" $argv:q' + if 0; ## Copyright (c) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Simon Josefsson ## added -texinfo, -listfunc, -pkg-name @@ -7,6 +9,8 @@ ## Copyright (c) 2001, 2002 Nikos Mavrogiannopoulos ## added -tex ## Copyright (c) 1998 Michael Zucchi +## Copyright (c) 2013 Adam Sampson +## made highlighting not depend on hash order, for Perl 5.18 # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -132,57 +136,59 @@ use POSIX qw(strftime); # match expressions used to find embedded type information -$type_constant = "((?\$2", - $type_func, "\$1", - $type_struct, "\$1", - $type_param, "\$1" ); +@highlights_html = ( [$type_constant, '"$1"'], + [$type_func, '"$1"'], + [$type_struct, '"$1"'], + [$type_param, '" $1 "'] ); $blankline_html = "

"; -%highlights_texinfo = ( $type_constant, "\\\@code{\$2}", - $type_func, "\\\@code{\$1}", - $type_struct, "\\\@code{\$1}", - $type_param, "\\\@code{\$1}" ); +@highlights_texinfo = ( [$type_param, '" \@code{$1} "'], + [$type_constant, '"\@code{$1} "'], + [$type_func, '"\@code{$1} "'], + [$type_struct, '"\@code{$1} "'], + ); $blankline_texinfo = ""; -%highlights_tex = ( $type_constant, "{\\\\it \$2}", - $type_func, "{\\\\bf \$1}", - $type_struct, "{\\\\it \$1}", - $type_param, "{\\\\bf \$1}" ); +@highlights_tex = ( [$type_param, '" {\\\bf $1} "'], + [$type_constant, '"{\\\it $1}"'], + [$type_func, '"{\\\bf $1}"'], + [$type_struct, '"{\\\it $1}"'], + ); $blankline_tex = "\\\\"; # sgml, docbook format -%highlights_sgml = ( $type_constant, "\$2", - $type_func, "\$1", - $type_struct, "\$1", - $type_env, "\$1", - $type_param, "\$1" ); +@highlights_sgml = ( [$type_constant, '"$1"'], + [$type_func, '"$1"'], + [$type_struct, '"$1"'], + [$type_env, '"$1"'], + [$type_param, '" $1 "'] ); $blankline_sgml = "\n"; # these are pretty rough -%highlights_man = ( $type_constant, "\\\\fB\$2\\\\fP", - $type_func, "\\\\fB\$1\\\\fP", - $type_struct, "\\\\fB\$1\\\\fP", - $type_param, "\\\\fI\$1\\\\fP" ); +@highlights_man = ( [$type_constant, '"\\\fB$1\\\fP"'], + [$type_func, '"\\\fB$1\\\fP"'], + [$type_struct, '"\\\fB$1\\\fP"'], + [$type_param, '" \\\fI$1\\\fP "'] ); $blankline_man = ""; # text-mode -%highlights_text = ( $type_constant, "\$2", - $type_func, "\$1", - $type_struct, "\$1", - $type_param, "\$1" ); +@highlights_text = ( [$type_constant, '"$1"'], + [$type_func, '"$1"'], + [$type_struct, '"$1"'], + [$type_param, '"$1 "'] ); $blankline_text = ""; - +my $lineprefix = ""; sub usage { print "Usage: $0 [ -v ] [ -docbook | -html | -text | -man | -tex | -texinfo -listfunc ]\n"; @@ -201,7 +207,7 @@ if ($#ARGV==-1) { $verbose = 0; $output_mode = "man"; -%highlights = %highlights_man; +@highlights = @highlights_man; $blankline = $blankline_man; $modulename = "API Documentation"; $sourceversion = strftime "%Y-%m-%d", localtime; @@ -210,27 +216,27 @@ while ($ARGV[0] =~ m/^-(.*)/) { $cmd = shift @ARGV; if ($cmd eq "-html") { $output_mode = "html"; - %highlights = %highlights_html; + @highlights = @highlights_html; $blankline = $blankline_html; } elsif ($cmd eq "-man") { $output_mode = "man"; - %highlights = %highlights_man; + @highlights = @highlights_man; $blankline = $blankline_man; } elsif ($cmd eq "-tex") { $output_mode = "tex"; - %highlights = %highlights_tex; + @highlights = @highlights_tex; $blankline = $blankline_tex; } elsif ($cmd eq "-texinfo") { $output_mode = "texinfo"; - %highlights = %highlights_texinfo; + @highlights = @highlights_texinfo; $blankline = $blankline_texinfo; } elsif ($cmd eq "-text") { $output_mode = "text"; - %highlights = %highlights_text; + @highlights = @highlights_text; $blankline = $blankline_text; } elsif ($cmd eq "-docbook") { $output_mode = "sgml"; - %highlights = %highlights_sgml; + @highlights = @highlights_sgml; $blankline = $blankline_sgml; } elsif ($cmd eq "-listfunc") { $output_mode = "listfunc"; @@ -270,6 +276,8 @@ sub dump_section { my $name = shift @_; my $contents = join "\n", @_; + $name = " $name"; + if ($name =~ m/$type_constant/) { $name = $1; # print STDERR "constant section '$1' = '$contents'\n"; @@ -280,6 +288,7 @@ sub dump_section { $parameters{$name} = $contents; } else { # print STDERR "other section '$name' = '$contents'\n"; + $name =~ tr/ //d; $sections{$name} = $contents; push @sectionlist, $name; } @@ -296,35 +305,15 @@ sub dump_section { # sections => %descriont descriptions # -sub repstr { - $pattern = shift; - $repl = shift; - $match1 = shift; - $match2 = shift; - $match3 = shift; - $match4 = shift; - - $output = $repl; - $output =~ s,\$1,$match1,g; - $output =~ s,\$2,$match2,g; - $output =~ s,\$3,$match3,g; - $output =~ s,\$4,$match4,g; - - eval "\$return = qq/$output/"; - -# print "pattern $pattern matched 1=$match1 2=$match2 3=$match3 4=$match4 replace $repl yielded $output interpolated $return\n"; - - $return; -} - sub just_highlight { my $contents = join "\n", @_; my $line; my $ret = ""; - foreach $pattern (keys %highlights) { -# print "scanning pattern $pattern ($highlights{$pattern})\n"; - $contents =~ s:$pattern:repstr($pattern, $highlights{$pattern}, $1, $2, $3, $4):gse; + foreach $highlight (@highlights) { + my ($pattern, $replace) = @$highlight; + #print "scanning pattern $pattern ($replace)\n"; + $contents =~ s/$pattern/$replace/gees; } foreach $line (split "\n", $contents) { if ($line eq ""){ @@ -370,13 +359,45 @@ sub output_texinfo { } } foreach $section (@{$args{'sectionlist'}}) { + $section =~ s/\@//g; print "\n\@strong{$section:} " if $section ne $section_default; - $args{'sections'}{$section} =~ s:([{}]):\@\1:gs; + $args{'sections'}{$section} =~ s:([{}]):\@$1:gs; output_highlight($args{'sections'}{$section}); } print "\@end deftypefun\n\n"; } +sub output_enum_texinfo { + my %args = %{$_[0]}; + my ($parameter, $section); + my $count; + my $name = $args{'enum'}; + my $param; + my $param2; + my $sec; + my $check; + my $type; + + print "\n\@c $name\n"; + print "\@table \@code\n"; + + $check=0; + foreach $parameter (@{$args{'parameterlist'}}) { + $param1 = $parameter; + $param1 =~ s/_/_\@-/g; + + $check = 1; + print "\@item ".$param1."\n"; +# print "\n"; + + $param2 = $args{'parameters'}{$parameter}; + $out = just_highlight($param2); + chomp $out; + print $out . "\n"; + } + print "\@end table\n"; +} + # output in html sub output_html { my %args = %{$_[0]}; @@ -428,7 +449,9 @@ sub output_tex { $func =~ s/_/\\_/g; - print "\n\n\\subsection{". $func . "}\n\\label{" . $args{'function'} . "}\n"; + print "\n\n\\begin{function}\n"; + print "\\functionTitle{". $func . "}\n"; + print "\\index{". $func . "}\n"; $type = $args{'functiontype'}; $type =~ s/_/\\_/g; @@ -451,9 +474,8 @@ sub output_tex { } print ")\n"; - print "\n{\\large{Arguments}}\n"; + print "\n\\begin{functionArguments}\n"; - print "\\begin{itemize}\n"; $check=0; foreach $parameter (@{$args{'parameterlist'}}) { $param1 = $args{'parametertypes'}{$parameter}; @@ -462,11 +484,12 @@ sub output_tex { $param2 =~ s/_/\\_/g; $check = 1; - print "\\item {\\it ".$param1."} {\\bf ".$param2."}: \n"; + print "\\functionArgument {\\it ".$param1."} {\\bf ".$param2."}: \n"; # print "\n"; $param3 = $args{'parameters'}{$parameter}; - $param3 =~ s/#([a-zA-Z\_]+)/{\\it \1}/g; + $param3 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g; + $param3 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g; $out = just_highlight($param3); $out =~ s/_/\\_/g; @@ -475,31 +498,72 @@ sub output_tex { if ($check==0) { print "\\item void\n"; } - print "\\end{itemize}\n"; + print "\\end{functionArguments}\n"; foreach $section (@{$args{'sectionlist'}}) { $sec = $section; $sec =~ s/_/\\_/g; - $sec =~ s/#([a-zA-Z\_]+)/{\\it \1}/g; + $sec =~ s/#([a-zA-Z\_]+)/{\\it $1}/g; - print "\n{\\large{$sec}}\\\\\n"; - print "\\begin{rmfamily}\n"; + print "\n\\begin{function${sec}}\n"; + $out = $args{'sections'}{$section}; - $sec = $args{'sections'}{$section}; - $sec =~ s/\\:/:/g; - $sec =~ s/#([a-zA-Z\_]+)/{\\it \1}/g; - $sec =~ s/->/\$\\rightarrow\$/g; - $sec =~ s/([0-9]+)\^([0-9]+)/\$\{\1\}\^\{\2\}\$/g; - - $out = just_highlight($sec); - $out =~ s/_/\\_/g; + $out =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g; + $out =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g; + $out =~ s/\@([a-zA-Z\_]+)/{\\bf $1}/g; + $out =~ s/_/\\_\\-/g; + $out =~ s/\$/\\\$/g; + $out =~ s/#/\\#/g; + $out =~ s/\n\n/\n/g; + $out =~ s/\\:/:/g; + $out =~ s/\-\>/\$\\rightarrow\$/g; + $out =~ s/([0-9]+)\^([0-9]+)/\$\{$1\}\^\{$2\}\$/g; print $out; - print "\\end{rmfamily}\n"; + print "\\end{function${sec}}\n"; } - print "\n"; + print "\\end{function}\n\n"; } +sub output_enum_tex { + my %args = %{$_[0]}; + my ($parameter, $section); + my $count; + my $name = $args{'enum'}; + my $param; + my $param2; + my $sec; + my $check; + my $type; + + print "\n\n\\begin{enum}\n"; + $name =~ s/_/\\_/g; + print "\\enumTitle{". $name . "}\n"; + print "\\index{". $name . "}\n"; + + print "\n\\begin{enumList}\n"; + + $check=0; + foreach $parameter (@{$args{'parameterlist'}}) { + $param1 = $parameter; + $param1 =~ s/_/\\_\\-/g; + + $check = 1; + print "\\enumElement{".$param1."}{"; +# print "\n"; + + $param2 = $args{'parameters'}{$parameter}; + $param2 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g; + $param2 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g; + $out = just_highlight($param2); + $out =~ s/_/\\_/g; + chomp $out; + print $out . "}\n"; + } + print "\\end{enumList}\n"; + + print "\\end{enum}\n\n"; +} # output in sgml DocBook sub output_sgml { @@ -639,11 +703,14 @@ sub output_man { if ($args{'bugsto'}) { print ".SH \"REPORTING BUGS\"\n"; print "Report bugs to <". $args{'bugsto'} . ">.\n"; + print ".br\n"; + print "General guidelines for reporting bugs: http://www.gnu.org/gethelp/\n"; + print ".br\n"; if ($args{'pkgname'}) { print $args{'pkgname'} . " home page: " . "http://www.gnu.org/software/" . $args{'module'} . "/\n"; } - print "General help using GNU software: http://www.gnu.org/gethelp/\n"; + print "\n"; } if ($args{'copyright'}) { @@ -670,6 +737,10 @@ sub output_man { print ".B info " . $args{'seeinfo'} . "\n"; print ".PP\n"; print "should give you access to the complete manual.\n"; + print "As an alternative you may obtain the manual from:\n"; + print ".IP\n"; + print ".B http://www.gnu.org/software/" . $args{'module'} . "/manual/\n"; + print ".PP\n"; } } @@ -705,6 +776,10 @@ sub output_function { eval "output_".$output_mode."(\@_);"; } +sub output_enum { + eval "output_enum_".$output_mode."(\@_);"; +} + ## # takes a function prototype and spits out all the details @@ -744,7 +819,7 @@ sub dump_function { # print STDERR " :> @args\n"; $type = join " ", @args; - if ($parameters{$param} eq "" && $param != "void") { + if ((!defined($parameters{$param}) || $parameters{$param} eq "") && $param ne "void") { $parameters{$param} = "-- undescribed --"; print STDERR "warning: $lineno: Function parameter '$param' not described in '$function_name'\n"; } @@ -781,6 +856,56 @@ sub dump_function { } } +sub dump_enum { + my $prototype = shift @_; + + if (($prototype =~ m/^\s*typedef\s+enum\s*[a-zA-Z0-9_~:]*\s*\{([\-a-zA-Z0-9_~=,:\s\(\)\<]+)\s*\}\s*([a-zA-Z0-9_]+);.*/)) { +# || $prototype =~ m/^\s*enum\s+([a-zA-Z0-9_~:]+).*/) { + $args = $1; + $name = $2; + + foreach $arg (split ',', $args) { + # strip leading/trailing spaces + $arg =~ s/^\s*//; + $arg =~ s/\s*$//; + $arg =~ s/([A-Za-z0-9_]+)\s*=.*/$1/g; +# print STDERR "SCAN ARG: '$arg'\n"; + + next if $arg eq ''; + if ((!defined($parameters{$arg}) || $parameters{$arg} eq "")) { + $parameters{$arg} = "-- undescribed --"; + print STDERR "warning: $lineno: Enumeration parameter '$arg' not described in '$name'\n"; + } + + push @parameterlist, $arg; + +# print STDERR "param = '$arg'\n"; + } + } else { +# print STDERR "warning: $lineno: Cannot understand enumeration: '$prototype'\n"; + return; + } + + output_enum({'enum' => $name, + 'module' => $modulename, + 'sourceversion' => $sourceversion, + 'include' => $include, + 'includefuncprefix' => $includefuncprefix, + 'bugsto' => $bugsto, + 'pkgname' => $pkgname, + 'copyright' => $copyright, + 'verbatimcopying' => $verbatimcopying, + 'seeinfo' => $seeinfo, + 'functiontype' => $return_type, + 'parameterlist' => \@parameterlist, + 'parameters' => \%parameters, + 'parametertypes' => \%parametertypes, + 'sectionlist' => \@sectionlist, + 'sections' => \%sections, + 'purpose' => $function_purpose + }); +} + ###################################################################### # main # states @@ -797,7 +922,7 @@ $doc_start = "^/\\*\\*\$"; $doc_end = "\\*/"; $doc_com = "\\s*\\*\\s*"; $doc_func = $doc_com."(\\w+):?"; -$doc_sect = $doc_com."([".$doc_special."[:upper:]][\\w ]+):\\s*(.*)"; +$doc_sect = $doc_com."([".$doc_special."[:upper:]][\\w]+):\\s*(.*)"; $doc_content = $doc_com."(.*)"; %constants = (); @@ -809,6 +934,7 @@ $doc_content = $doc_com."(.*)"; $contents = ""; $section_default = "Description"; # default section $section = $section_default; +$enum = 0; $lineno = 0; foreach $file (@ARGV) { @@ -816,18 +942,21 @@ foreach $file (@ARGV) { print STDERR "Error: Cannot open file $file\n"; next; } - while () { + while ($line = ) { $lineno++; if ($state == 0) { - if (/$doc_start/o) { + if ($line =~ /$doc_start/o) { $state = 1; # next line is always the function name +# print STDERR "XXX: start of doc comment\n"; } } elsif ($state == 1) { # this line is the function name (always) - if (/$doc_func/o) { + if ($line =~ /$doc_func/o) { $function = $1; $state = 2; - if (/-\s*(.*)/) { +# print STDERR "XXX: start of doc comment, looking for prototype\n"; + + if ($line =~ /-\s*(.*)/) { $function_purpose = $1; } else { $function_purpose = ""; @@ -841,11 +970,11 @@ foreach $file (@ARGV) { $state = 0; } } elsif ($state == 2) { # look for head: lines, and include content - if (/$doc_sect/o) { + if ($line =~ /$doc_sect/o) { $newsection = $1; $newcontents = $2; - if ($contents ne "") { + if ($contents ne '') { dump_section($section, $contents); $section = $section_default; } @@ -855,7 +984,7 @@ foreach $file (@ARGV) { $contents .= "\n"; } $section = $newsection; - } elsif (/$doc_end/) { + } elsif ($line =~ /$doc_end/) { if ($contents ne "") { dump_section($section, $contents); @@ -863,13 +992,12 @@ foreach $file (@ARGV) { $contents = ""; } -# print STDERR "end of doc comment, looking for prototype\n"; $prototype = ""; $state = 3; - } elsif (/$doc_content/) { + } elsif ($line =~ /$doc_content/) { # miguel-style comment kludge, look for blank lines after # @parameter line to signify start of description - if ($1 eq "" && $section =~ m/^@/) { + if ($1 eq '' && $section =~ m/^@/) { dump_section($section, $contents); $section = $section_default; $contents = ""; @@ -881,13 +1009,16 @@ foreach $file (@ARGV) { print STDERR "warning: $lineno: Bad line: $_"; } } elsif ($state == 3) { # scanning for function { (end of prototype) - if (m#\s*/\*\s+MACDOC\s*#io) { + if ($line =~ m#\s*/\*\s+MACDOC\s*#io) { # do nothing } - elsif (/([^\{]*)/) { + elsif ($enum == 1 && $line =~ /(^\s*\{).*/) { + $prototype .= "{"; + } + elsif ($line =~ /([^\{]*)/) { $prototype .= $1; } - if (/\{/) { + if ($enum == 0 && $line =~ /\{/) { $prototype =~ s@/\*.*?\*/@@gos; # strip comments. $prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's. $prototype =~ s@^ +@@gos; # strip leading spaces @@ -901,9 +1032,32 @@ foreach $file (@ARGV) { %sections = (); @sectionlist = (); $prototype = ""; + $enum = 0; $state = 0; } + elsif ($enum == 1 && $line =~ /\}/) { + $prototype =~ s@/\*.*?\*/@@gos; # strip comments. + $prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's. + $prototype =~ s@^ +@@gos; # strip leading spaces + dump_enum($prototype); + + $function = ""; + %constants = (); + %parameters = (); + %parametertypes = (); + @parameterlist = (); + %sections = (); + @sectionlist = (); + $prototype = ""; + $enum = 0; + + $state = 0; + } + elsif ($line =~ /([a-zA-Z\s]+)enum(.*)$/) { + $enum = 1; + } + } } } debian/patches/CVE-2014-0092.patch0000664000000000000000000000466012305151641013235 0ustar From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 27 Feb 2014 19:42:26 +0100 Subject: [PATCH] corrected return codes --- lib/x509/verify.c | 16 ++++++++++------ 1 files changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/x509/verify.c b/lib/x509/verify.c index c9a6b0d..eef85a8 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } /* If the subject certificate is the same as the issuer @@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, else gnutls_assert (); +fail: result = 0; cleanup: @@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; gnutls_x509_crt_t issuer = NULL; - int issuer_version, result; + int issuer_version, result = 0; if (output) *output = 0; @@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (issuer_version < 0) { gnutls_assert (); - return issuer_version; + return 0; } if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && @@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, else if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } -- 1.7.1 debian/patches/17_ignoretestsuitteerrors.diff0000664000000000000000000000177612246674133016661 0ustar Description: Ignore two testsuite errors Author: Andreas Metzler Forwarded: https://lists.gnu.org/archive/html/gnutls-devel/2011-06/msg00009.html Last-Update: 2011-06-19 --- gnutls26-2.12.7.orig/tests/dsa/testdsa +++ gnutls26-2.12.7/tests/dsa/testdsa @@ -118,7 +118,8 @@ trap "kill $PID" 1 15 2 sleep 2 $CLI $DEBUG -p $PORT 127.0.0.1 --insecure /dev/null 2>&1 && \ - fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" + echo fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" && \ + echo error ignored 1>&2 kill $PID wait @@ -150,7 +151,8 @@ trap "kill $PID" 1 15 2 sleep 2 $CLI $DEBUG -p $PORT 127.0.0.1 --insecure /dev/null 2>&1 && \ - fail "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!" + echo fail "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!" && \ + echo error ignored 1>&2 kill $PID wait debian/patches/series0000664000000000000000000000043012305151641012027 0ustar 14_version_gettextcat.diff 16_unnecessarydep.diff 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff 20_tests-select.diff 21_sanitycheck.diff 25_updatedgdocfrommaster.diff 26_fix_rejection-of-v1-intermedi.diff link-pthread.diff 99_update-libtool.patch CVE-2014-0092.patch debian/patches/link-pthread.diff0000664000000000000000000000770512303600173014037 0ustar Description: Link test-lock and test-thread_create with -Wl,--no-as-needed See discussion in https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html. Author: Colin Watson Forwarded: no Last-Update: 2013-10-07 Index: b/gl/tests/Makefile.am =================================================================== --- a/gl/tests/Makefile.am +++ b/gl/tests/Makefile.am @@ -510,6 +510,7 @@ TESTS += test-lock check_PROGRAMS += test-lock +test_lock_LDFLAGS = -Wl,--no-as-needed test_lock_LDADD = $(LDADD) @LIBMULTITHREAD@ @YIELD_LIB@ EXTRA_DIST += test-lock.c @@ -1005,6 +1006,7 @@ TESTS += test-thread_self test-thread_create check_PROGRAMS += test-thread_self test-thread_create test_thread_self_LDADD = $(LDADD) @LIBTHREAD@ +test_thread_create_LDFLAGS = -Wl,--no-as-needed test_thread_create_LDADD = $(LDADD) @LIBMULTITHREAD@ EXTRA_DIST += test-thread_self.c test-thread_create.c macros.h Index: b/gl/tests/Makefile.in =================================================================== --- a/gl/tests/Makefile.in +++ b/gl/tests/Makefile.in @@ -461,6 +461,9 @@ test_lock_SOURCES = test-lock.c test_lock_OBJECTS = test-lock.$(OBJEXT) test_lock_DEPENDENCIES = $(am__DEPENDENCIES_2) +test_lock_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(test_lock_LDFLAGS) $(LDFLAGS) -o $@ test_lseek_SOURCES = test-lseek.c test_lseek_OBJECTS = test-lseek.$(OBJEXT) test_lseek_LDADD = $(LDADD) @@ -641,6 +644,10 @@ test_thread_create_SOURCES = test-thread_create.c test_thread_create_OBJECTS = test-thread_create.$(OBJEXT) test_thread_create_DEPENDENCIES = $(am__DEPENDENCIES_2) +test_thread_create_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(test_thread_create_LDFLAGS) \ + $(LDFLAGS) -o $@ test_thread_self_SOURCES = test-thread_self.c test_thread_self_OBJECTS = test-thread_self.$(OBJEXT) test_thread_self_DEPENDENCIES = $(am__DEPENDENCIES_2) @@ -1799,6 +1806,7 @@ test_inet_ntop_LDADD = $(LDADD) @INET_NTOP_LIB@ test_inet_pton_LDADD = $(LDADD) @INET_PTON_LIB@ test_listen_LDADD = $(LDADD) @LIBSOCKET@ +test_lock_LDFLAGS = -Wl,--no-as-needed test_lock_LDADD = $(LDADD) @LIBMULTITHREAD@ @YIELD_LIB@ test_recv_LDADD = $(LDADD) @LIBSOCKET@ test_select_LDADD = $(LDADD) @LIB_SELECT@ @LIBSOCKET@ $(INET_PTON_LIB) @@ -1818,6 +1826,7 @@ test_sockets_LDADD = $(LDADD) @LIBSOCKET@ test_stat_LDADD = $(LDADD) $(LIBINTL) test_thread_self_LDADD = $(LDADD) @LIBTHREAD@ +test_thread_create_LDFLAGS = -Wl,--no-as-needed test_thread_create_LDADD = $(LDADD) @LIBMULTITHREAD@ test_version_etc_LDADD = $(LDADD) @LIBINTL@ all: $(BUILT_SOURCES) @@ -2013,7 +2022,7 @@ $(AM_V_CCLD)$(LINK) $(test_listen_OBJECTS) $(test_listen_LDADD) $(LIBS) test-lock$(EXEEXT): $(test_lock_OBJECTS) $(test_lock_DEPENDENCIES) $(EXTRA_test_lock_DEPENDENCIES) @rm -f test-lock$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(test_lock_OBJECTS) $(test_lock_LDADD) $(LIBS) + $(AM_V_CCLD)$(test_lock_LINK) $(test_lock_OBJECTS) $(test_lock_LDADD) $(LIBS) test-lseek$(EXEEXT): $(test_lseek_OBJECTS) $(test_lseek_DEPENDENCIES) $(EXTRA_test_lseek_DEPENDENCIES) @rm -f test-lseek$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_lseek_OBJECTS) $(test_lseek_LDADD) $(LIBS) @@ -2133,7 +2142,7 @@ $(AM_V_CCLD)$(LINK) $(test_sys_uio_OBJECTS) $(test_sys_uio_LDADD) $(LIBS) test-thread_create$(EXEEXT): $(test_thread_create_OBJECTS) $(test_thread_create_DEPENDENCIES) $(EXTRA_test_thread_create_DEPENDENCIES) @rm -f test-thread_create$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(test_thread_create_OBJECTS) $(test_thread_create_LDADD) $(LIBS) + $(AM_V_CCLD)$(test_thread_create_LINK) $(test_thread_create_OBJECTS) $(test_thread_create_LDADD) $(LIBS) test-thread_self$(EXEEXT): $(test_thread_self_OBJECTS) $(test_thread_self_DEPENDENCIES) $(EXTRA_test_thread_self_DEPENDENCIES) @rm -f test-thread_self$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_thread_self_OBJECTS) $(test_thread_self_LDADD) $(LIBS) debian/patches/26_fix_rejection-of-v1-intermedi.diff0000664000000000000000000000256112277700272017526 0ustar From b1abfe3d182d68539900092eb42fc62cf1bb7e7c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 12 Feb 2014 16:11:58 +0100 Subject: [PATCH] Fix bug that prevented the rejection of v1 intermediate CA certificates. Reported by Suman Jana. Description: fix rejection of v1 intermediate CA Fix bug that prevented the rejection of v1 intermediate CA certificates. Reported by Suman Jana. This is b1abfe3d182d68539900092eb42fc62cf1bb7e7c from upstream git, unfuzzed for 2.12.x by Andreas Metzler. Author: Nikos Mavrogiannopoulos Origin: upstream Bug: http://www.gnutls.org/security.html#GNUTLS-SA-2014-1 Forwarded: not-needed Last-Update: 2014-02-15 --- gnutls26-2.12.23.orig/lib/x509/verify.c +++ gnutls26-2.12.23/lib/x509/verify.c @@ -644,8 +644,10 @@ _gnutls_x509_verify_certificate (const g /* note that here we disable this V1 CA flag. So that no version 1 * certificates can exist in a supplied chain. */ - if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) + if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) { flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT; + } if ((ret = _gnutls_verify_certificate2 (certificate_list[i - 1], &certificate_list[i], 1, flags, debian/patches/14_version_gettextcat.diff0000664000000000000000000000076412246674133015715 0ustar diff -NurbB gnutls-2.7.10.orig/lib/po/Makevars gnutls-2.7.10/lib/po/Makevars --- gnutls-2.7.10.orig/lib/po/Makevars 2009-05-11 18:15:43.000000000 +0200 +++ gnutls-2.7.10/lib/po/Makevars 2009-05-14 19:29:24.000000000 +0200 @@ -1,7 +1,7 @@ # Makefile variables for PO directory in any package using GNU gettext. # Usually the message domain is the same as the package name. -DOMAIN = $(PACKAGE) +DOMAIN = $(PACKAGE)26 # These two variables depend on the location of this directory. subdir = po debian/patches/99_update-libtool.patch0000664000000000000000000001155112303600173015103 0ustar Description: Update libtool.m4 Author: Adam Conrad --- gnutls26-2.12.23.orig/lib/m4/libtool.m4 +++ gnutls26-2.12.23/lib/m4/libtool.m4 @@ -1312,7 +1312,7 @@ ia64-*-hpux*) rm -rf conftest* ;; -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext @@ -1324,9 +1324,19 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux* LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) - LD="${LD-ld} -m elf_i386" + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1345,7 +1355,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux* x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -1688,7 +1701,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [d ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len"; then + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else --- gnutls26-2.12.23.orig/libextra/m4/libtool.m4 +++ gnutls26-2.12.23/libextra/m4/libtool.m4 @@ -1312,7 +1312,7 @@ ia64-*-hpux*) rm -rf conftest* ;; -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext @@ -1324,9 +1324,19 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux* LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) - LD="${LD-ld} -m elf_i386" + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1345,7 +1355,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux* x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -1688,7 +1701,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [d ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len"; then + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else --- gnutls26-2.12.23.orig/m4/libtool.m4 +++ gnutls26-2.12.23/m4/libtool.m4 @@ -1312,7 +1312,7 @@ ia64-*-hpux*) rm -rf conftest* ;; -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext @@ -1324,9 +1324,19 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux* LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) - LD="${LD-ld} -m elf_i386" + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1345,7 +1355,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux* x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -1688,7 +1701,8 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [d ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len"; then + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else debian/libgnutls-openssl27.install0000664000000000000000000000005412246673460014426 0ustar debian/tmp/usr/lib/*/libgnutls-openssl.so.* debian/gnutls-bin.install0000664000000000000000000000003512303600173012633 0ustar debian/tmp/usr/bin/* usr/bin debian/copyright0000664000000000000000000001303112246674133011131 0ustar This package was debianized by Ivo Timmermans on Fri, 3 Aug 2001 10:00:42 +0200. It was later taken over by Matthias Urlichs and is now maintained by Andreas Metzler Eric Dorland , James Westby It was downloaded from ftp://gnutls.hellug.gr/pub/gnutls Upstream Authors: Nikos Mavroyanopoulos Fabio Fiorina Simon Josefsson Timo Schulz Andrew McDonald Ludovic Courtes Mario Lenz Howard Chu Ivo Timmermans Stefan Walter Yoshisato YANAGISAWA Emile Van Bergen Joe Orton Daniel Kahn Gillmor David Marín Carreño Daiki Ueno Brad Hards Boyan Kasarov Steve Dispensa Jonathan Bastien-Filiatrault License: The main library is licensed under GNU Lesser General Public License (LGPL) version 2.1+, Gnutls Extra (i.e. openssl wrapper library, and library for code for "GnuTLS Inner Application" support) build system, testsuite and commandline utilities are licenced under the GNU General Public License version 3+. The Guile bindings use the same license as the respective underlying library, i.e. LGPLv2.1+ for the main library and GPLv3+ for Gnutls extra. Copyright: -------------------- * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 * 2010 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * * This file is part of GNUTLS. * * The GNUTLS library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA -------------------- /* * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free * Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS-EXTRA. * * GnuTLS-extra is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 3 of the * License, or (at your option) any later version. * * GnuTLS-extra is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GnuTLS-EXTRA; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. -------------------- The documentation is distributed under the terms of the GNU Free Documentation License (FDL): -------------------- Copyright @copyright{} 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. @quotation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled ``GNU Free Documentation License''. @end quotation -------------------- On Debian GNU/Linux systems, the complete text of the latest version of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL' v2.1 of the license in `/usr/share/common-licenses/LGPL-2.1'; the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. The GNU Free Documentation License is available under /usr/share/common-licenses/GFDL-1.3. Excerpt from upstream's README: LICENSE ISSUES -------------- Since the 0.4.2 version the gnutls library is covered under the GNU Lesser GPL. Previously released versions were licensed under the GNU GPL. We changed the license for most of GNUTLS because other free libraries already exist that do the same jobs and have lax licenses. We want GNUTLS to be usable in all the same places as those other libraries. We kept some parts of GNUTLS under the GPL because they are unique, and with the GPL they provide free software projects (which deserve our help) an advantage over non-free projects (which do not deserve our help, since they refuse to share with us). For more explanation, see http://www.gnu.org/philosophy/why-not-lgpl.html. The GNU Lesser GPL license applies to the main gnutls library, while the gnutls-extra library is under the GPL. The gnutls-extra library contains the code for "GnuTLS Inner Application" support and the OpenSSL compatibility layer. The gnutls library is located in the lib/ directory, while the gnutls-extra library is at libextra/. debian/libgnutls-dev.install0000664000000000000000000000026612246674133013353 0ustar debian/tmp/usr/include/* debian/tmp/usr/lib/*/libgnutls*.so debian/tmp/usr/lib/*/libgnutls*.a debian/tmp/usr/lib/*/pkgconfig/gnutls.pc debian/tmp/usr/lib/*/pkgconfig/gnutls-extra.pc debian/watch0000664000000000000000000000022712246674133010232 0ustar version=3 opts=uversionmangle=s/(.*\d)(pre\d*)$/$1~$2/ \ ftp://ftp.gnutls.org/gcrypt/gnutls/v2.(\d\d)/gnutls-(2\.\d.*)\.(?:tgz|zip|tar\.(?:gz|bz2|xz)) debian/gnutls-bin.manpages0000664000000000000000000000003712303600173012762 0ustar debian/tmp/usr/share/man/*/*.1 debian/rules0000775000000000000000000000434012303600173010244 0ustar #! /usr/bin/make -f # Build the gnutls package for Debian. include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script --enable-cxx \ --without-lzo --disable-guile \ --cache-file=$(CURDIR)/config.cache --with-libgcrypt \ --with-packager=Debian \ --with-packager-bug-reports=http://bugs.debian.org/ \ --with-packager-version="$(DEB_VERSION)" \ --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) DEB_CONFIGURE_EXTRA_FLAGS += CC=$(DEB_HOST_GNU_TYPE)-gcc endif DEB_MAKE_CHECK_TARGET = check DEB_DH_MAKESHLIBS_ARGS_libgnutls26 := -V 'libgnutls26 (>= 2.12.17-0)' DEB_DH_MAKESHLIBS_ARGS_libgnutlsxx27 := -V 'libgnutlsxx27 (>= 2.12.17-0)' DEB_COMPRESS_EXCLUDE := gnutls.pdf # If the architecture does not have libffi then p11-kit will not be # available either. p11_no_cpus := or1k ifneq (,$(findstring $(DEB_HOST_ARCH_CPU),$(p11_no_cpus))) DEB_CONFIGURE_EXTRA_FLAGS += --without-p11-kit endif # pre-clean rule: save gnutls.pdf since it is expensive to regenerate. # See README.source cleanbuilddir/gnutls26-doc:: if [ -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi # additional commands for clean clean:: mkdir -p m4 -rm -rf autom4te.cache -rm -f tests/stamp-tests # stupid conflicts -rm -f doc/*.info* lib/po/libgnutls26.pot # restore gnutls.pdf if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi # additional comands for build rule build/gnutls26-doc:: $(MAKE) html common-install-arch:: printenv ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) find debian/tmp/usr/lib/* -name '*.so.*.*' -type f -exec \ chrpath -d {} + find debian/tmp/usr/bin/ -type f -exec \ chrpath -d {} + endif # gnutls-bin was built from gnutls28 for a while, but we no longer want this # to be the case at least for Ubuntu 12.04 LTS, because gnutls28's licensing # is too strict for many of the free software packages built against it in # Ubuntu main and we only want to support a single version. Bump its # version to supersede the gnutls28 version. binary-makedeb/gnutls-bin:: DEB_DH_GENCONTROL_ARGS := -- -v3.0.11+really$(DEB_VERSION)