[ubuntu/groovy-proposed] gnutls28 3.6.15-4ubuntu2 (Accepted)
Dimitri John Ledkov
xnox at ubuntu.com
Thu Sep 24 11:58:14 UTC 2020
gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low
* Merge from Debian unstable LP: #1893924. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Add patch to fix ftbfs gnulib with new glibc.
gnutls28 (3.6.15-4) unstable; urgency=medium
* autopkgtest: Require build-essential.
* autopkgtest: respect dpkg-buildflags for helper-binary build.
gnutls28 (3.6.15-3) unstable; urgency=medium
* More autopkgtest hotfixes.
gnutls28 (3.6.15-2) unstable; urgency=medium
* 50_autopkgtestfixes.diff: Fix testsuite issues when running against
installed gnutls-bin.
* In autopkgtest set top_builddir and builddir, ignore
tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
gnutls28 (3.6.15-1) unstable; urgency=low
* New upstream version.
+ Fixes NULL pointer dereference if a no_renegotiation alert is sent with
unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
Closes: #969547
+ Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
+ Fix build error due to outdated gettext in Debian by removing newer
gettext m4 macros from m4/.
gnutls28 (3.6.14-2) unstable; urgency=medium
* Pull selected patches from upstream GIT:
+ 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
Fixes difference in generated docs on 32 and 64 bit archs.
+ 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
Fix memleak in gnutls_aead_cipher_init() with keys having invalid
length. (Broken since 3.6.3)
+ 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
Closes: #962467
gnutls28 (3.6.14-1) unstable; urgency=high
* Drop debugging code added in -4, fixes nocheck profile build error.
Closes: #962199
* Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
debian/upstream/signing-key.asc.
* New upstream version.
+ Fixes insecure session ticket key construction.
[GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
+ Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
* Drop guile-gnutls.lintian-overrides.
* 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
Hopefully Closes: #962218
Date: Thu, 24 Sep 2020 12:03:44 +0100
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.6.15-4ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Sep 2020 12:03:44 +0100
Source: gnutls28
Architecture: source
Version: 3.6.15-4ubuntu2
Distribution: groovy
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Closes: 962199 962218 962289 962467 969547
Launchpad-Bugs-Fixed: 1893924
Changes:
gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low
.
* Merge from Debian unstable LP: #1893924. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Add patch to fix ftbfs gnulib with new glibc.
.
gnutls28 (3.6.15-4) unstable; urgency=medium
.
* autopkgtest: Require build-essential.
* autopkgtest: respect dpkg-buildflags for helper-binary build.
.
gnutls28 (3.6.15-3) unstable; urgency=medium
.
* More autopkgtest hotfixes.
.
gnutls28 (3.6.15-2) unstable; urgency=medium
.
* 50_autopkgtestfixes.diff: Fix testsuite issues when running against
installed gnutls-bin.
* In autopkgtest set top_builddir and builddir, ignore
tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
.
gnutls28 (3.6.15-1) unstable; urgency=low
.
* New upstream version.
+ Fixes NULL pointer dereference if a no_renegotiation alert is sent with
unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
Closes: #969547
+ Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
+ Fix build error due to outdated gettext in Debian by removing newer
gettext m4 macros from m4/.
.
gnutls28 (3.6.14-2) unstable; urgency=medium
.
* Pull selected patches from upstream GIT:
+ 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
Fixes difference in generated docs on 32 and 64 bit archs.
+ 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
Fix memleak in gnutls_aead_cipher_init() with keys having invalid
length. (Broken since 3.6.3)
+ 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
Closes: #962467
.
gnutls28 (3.6.14-1) unstable; urgency=high
.
* Drop debugging code added in -4, fixes nocheck profile build error.
Closes: #962199
* Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
debian/upstream/signing-key.asc.
* New upstream version.
+ Fixes insecure session ticket key construction.
[GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
+ Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
* Drop guile-gnutls.lintian-overrides.
* 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
Hopefully Closes: #962218
Checksums-Sha1:
bd6fd9af402a57545f825b46f2a5f6202aa8bc09 3603 gnutls28_3.6.15-4ubuntu2.dsc
00ef7d93347df586c3d1a00f13c326706c0c59ba 6081656 gnutls28_3.6.15.orig.tar.xz
577ed6e4539bcbb0429578b5400289ec6afcd417 833 gnutls28_3.6.15.orig.tar.xz.asc
39b528b6a2a657de65f10e7aaf3c562b07b55966 66264 gnutls28_3.6.15-4ubuntu2.debian.tar.xz
c815c62c5f3c55b270de2fb5c461a732e37be13a 8378 gnutls28_3.6.15-4ubuntu2_source.buildinfo
Checksums-Sha256:
7d116fd08f5e3792cfe1fcd8ab13177b1bba7ee98695d0fa508d110d8e919083 3603 gnutls28_3.6.15-4ubuntu2.dsc
0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558 6081656 gnutls28_3.6.15.orig.tar.xz
49abc685c9504b4b4de7a0cd8075ee9a4c01f0a6e2b2c9b86a24c58b1e7ac7c5 833 gnutls28_3.6.15.orig.tar.xz.asc
36d36cbcc28f90940a21bde46f1a600926a0c5e14544fa945d831d5601eea451 66264 gnutls28_3.6.15-4ubuntu2.debian.tar.xz
620403338bf2148b5361a3c54a699090f52e90f74f71c9e9f90a65806677d92e 8378 gnutls28_3.6.15-4ubuntu2_source.buildinfo
Files:
0f5ff3fe6a5e0ee9db8767ffd96af3b0 3603 libs optional gnutls28_3.6.15-4ubuntu2.dsc
e80e0d20a8bb337a15fa63caa7f67006 6081656 libs optional gnutls28_3.6.15.orig.tar.xz
e5ca72bab65ef045a4622160c901f74c 833 libs optional gnutls28_3.6.15.orig.tar.xz.asc
442a10620dcc10081e6cb781c1c6b875 66264 libs optional gnutls28_3.6.15-4ubuntu2.debian.tar.xz
bded125348727d0d317643043152abc0 8378 libs optional gnutls28_3.6.15-4ubuntu2_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7iQKBSojGtiSWEHXm47ISdXvcO0FAl9siUoACgkQm47ISdXv
cO3t+w/+JFGnmrgCHDfYyUDpFKSmXozxC43u8SyVBzP01w77xXWrCmBemcc4+ZTB
RvK0JDKEfbVUbA1GPa6x9R5Aqy4bN4V6/79EhY1Ktl4CSnw/ye1iM7tRvyIXqWok
lFSyXnxCe+qQSXcBt45e1i4MJB80FIBs/cfCrK/KBIwRna2b9Uld5lOFmIt66UuX
nbLmKRXWwookLpDY4QFas/HrwmDq/hbiI3fhWrn55jzbCrwSrYFtA+1ZKr1zQQEp
zTSrdy8Hjb+GZwGuDVWCyfLd6Hh9Ijq7jRg/nRR4avYmjLBPF383+rd2y0r+hZNm
z30RrgwRUlKtCwtQii1mE28nBT+SIVnCcpm4ZwUB8jQMwP3LyrlHOFuGfqcDfL5d
2SKXuL0uA79362kXuGCKGZFTu4riP4ZFZyKVhDG91qTKIFx584oUwM/OqOBxXXCb
RmkKd/IPVdQtPHUiH5xu7H1u/NQazFJzZ3Wil5aEzqDG6A+UW8Wg+ltMywU9swgX
I3mf1cDyJHPEYAWX7lR9oYU3ERZ1j8EPuSSj9fNco/tBMKhXDVbsFNiEwpzwxsU/
Q99uBLZajr9D0IvDd9PY30ilWY1kBSbISum1mnxtZL9PZhujZyjbBQto6FF0Mn/r
p0I8EBHbp0qM/Hl5hn+Ntzs0RaaQHgdOFc4rtXlHMUY98AgdUYk=
=n6UA
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list