diffstat for gnutls28-3.6.5 gnutls28-3.6.5

 changelog                                       |  125 ++++++++++++++++++++++++
 control                                         |    3 
 patches/add-openssl-test-link.patch             |   14 ++
 patches/disable_global_init_override_test.patch |   15 ++
 patches/series                                  |    2 
 5 files changed, 158 insertions(+), 1 deletion(-)

diff -Nru gnutls28-3.6.5/debian/changelog gnutls28-3.6.5/debian/changelog
--- gnutls28-3.6.5/debian/changelog	2018-12-16 12:56:19.000000000 +0000
+++ gnutls28-3.6.5/debian/changelog	2018-12-18 16:24:06.000000000 +0000
@@ -1,3 +1,13 @@
+gnutls28 (3.6.5-2ubuntu1) disco; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/patches/disable_global_init_override_test.patch: disable
+      failing test.
+    - debian/patches/add-openssl-test-link.patch: add link for libssl
+  * this is a new upstream release including a fix for LP: #1804673
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Tue, 18 Dec 2018 17:24:06 +0100
+
 gnutls28 (3.6.5-2) unstable; urgency=low
 
   * Upload to unstable.
@@ -19,6 +29,24 @@
 
  -- Andreas Metzler <ametzler@debian.org>  Wed, 05 Dec 2018 19:11:28 +0100
 
+gnutls28 (3.6.4-2ubuntu2) disco; urgency=medium
+
+  * No-change rebuild against libunbound8
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 11 Nov 2018 09:01:12 +0000
+
+gnutls28 (3.6.4-2ubuntu1) cosmic; urgency=medium
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/patches/disable_global_init_override_test.patch: disable
+      failing test.
+    - debian/patches/add-openssl-test-link.patch: add link for libssl
+  * 0001-Skip-tests-tls13-prf.c-if-visibility-protected-doesn.patch:
+    cherrypick upstream patch to fix test-suite with symbolic-functions
+  * This upstream release includes TLS 1.3 support.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 05 Oct 2018 17:12:04 +0100
+
 gnutls28 (3.6.4-2) experimental; urgency=medium
 
   * Delete 50_fedora_gnutls-3.6.3-rollback-fix.patch.
@@ -339,6 +367,36 @@
 
  -- Andreas Metzler <ametzler@debian.org>  Sun, 12 Feb 2017 19:37:32 +0100
 
+gnutls28 (3.5.8-6ubuntu3) artful; urgency=medium
+
+  * Cherry pick several fixes from Debian 3.5.8-5+deb9u3:
+    - 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch                             
+      38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from                        
+      gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa                           
+      signatures. LP: #1714506
+    - 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from                           
+      upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and                       
+      decryption on aarch64. LP: #1707172
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Sat, 02 Sep 2017 16:12:49 +0200
+
+gnutls28 (3.5.8-6ubuntu2) artful; urgency=medium
+
+  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
+    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
+    which includes TLS1.2 support. (LP: #1709193)
+
+ -- Simon Deziel <simon.deziel@gmail.com>  Thu, 10 Aug 2017 00:34:06 +0000
+
+gnutls28 (3.5.8-6ubuntu1) artful; urgency=medium
+
+  * Merge with Debian. Remaining changes:
+    - debian/patches/disable_global_init_override_test.patch: disable
+      failing test.
+    - debian/patches/add-openssl-test-link.patch: add link for libssl
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 13 Jun 2017 13:19:05 -0400
+
 gnutls28 (3.5.8-6) unstable; urgency=high
 
   * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
@@ -347,6 +405,15 @@
 
  -- Andreas Metzler <ametzler@debian.org>  Sun, 11 Jun 2017 10:44:33 +0200
 
+gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium
+
+  * Merge with Debian. Remaining changes:
+    - debian/patches/disable_global_init_override_test.patch: disable
+      failing test.
+    - debian/patches/add-openssl-test-link.patch: add link for libssl
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 03 May 2017 10:00:32 -0400
+
 gnutls28 (3.5.8-5) unstable; urgency=medium
 
   * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
@@ -495,6 +562,54 @@
 
  -- Andreas Metzler <ametzler@debian.org>  Sun, 13 Nov 2016 19:09:55 +0100
 
+gnutls28 (3.5.6-4ubuntu4) zesty; urgency=medium
+
+  * Fix FTBFS because of failing test (LP: #1679868)
+    - debian/patches/fix_tests_timezone.patch: address test suite failure
+      due to timezone differences in tests/cert-tests/pkcs7.
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 05 Apr 2017 10:06:24 -0400
+
+gnutls28 (3.5.6-4ubuntu3) zesty; urgency=medium
+
+  * SECURITY UPDATE: double-free when reading proxy language
+    - debian/patches/CVE-2017-5334.patch: fix double-free in
+      lib/x509/x509_ext.c.
+    - CVE-2017-5334
+  * SECURITY UPDATE: out of memory error in stream reading functions
+    - debian/patches/CVE-2017-5335.patch: add error checking to
+      lib/opencdk/read-packet.c.
+    - CVE-2017-5335
+  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
+    - debian/patches/CVE-2017-5336.patch: check return code in
+      lib/opencdk/pubkey.c.
+    - CVE-2017-5336
+  * SECURITY UPDATE: heap read overflow when reading streams
+    - debian/patches/CVE-2017-5337.patch: add more precise checks to
+      lib/opencdk/read-packet.c.
+    - CVE-2017-5337
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 01 Feb 2017 14:21:40 -0500
+
+gnutls28 (3.5.6-4ubuntu2) zesty; urgency=medium
+
+  * d/p/dname-api-*.patch fix gnutls api breakage on dname order in
+    gnutls 3.5.6 (LP: #1641615)
+    - d/libgnutls30.symbols add new symbols added by the upstream fix
+
+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Nov 2016 08:39:43 +0100
+
+gnutls28 (3.5.6-4ubuntu1) zesty; urgency=medium
+
+  * Merge with Debian.  Remaining changes:
+    - debian/patches/disable_global_init_override_test.patch: disable failing
+      test.
+    - debian/patches/add-openssl-test-link.patch: add link for libssl
+  * New upstream version avoids getrandom() at initialization which caused
+    NetworkManager to hang at boot. (LP: #1622893)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 14 Nov 2016 12:47:23 +0100
+
 gnutls28 (3.5.6-4) unstable; urgency=medium
 
   * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
@@ -600,6 +715,15 @@
 
  -- Andreas Metzler <ametzler@debian.org>  Sat, 10 Sep 2016 14:45:06 +0200
 
+gnutls28 (3.5.3-5ubuntu1) yakkety; urgency=medium
+
+  * Merge with Debian (LP: #1624856).  Remaining changes:
+    - debian/patches/disable_global_init_override_test.patch: disable failing
+      test.
+    - debian/patches/add-openssl-test-link.patch: add link for libssl
+
+ -- Anders Kaseorg <andersk@mit.edu>  Sun, 18 Sep 2016 08:03:47 -0400
+
 gnutls28 (3.5.3-5) experimental; urgency=medium
 
   * Pull DTLS fixes from upstream GIT master.
@@ -3480,3 +3604,4 @@
   * debian/rules: Run auto* after the patches have been applied.
 
  -- Ivo Timmermans <ivo@debian.org>  Fri, 31 Oct 2003 18:47:09 +0100
+
diff -Nru gnutls28-3.6.5/debian/control gnutls28-3.6.5/debian/control
--- gnutls28-3.6.5/debian/control	2018-12-16 10:24:01.000000000 +0000
+++ gnutls28-3.6.5/debian/control	2018-12-18 16:24:06.000000000 +0000
@@ -1,7 +1,8 @@
 Source: gnutls28
 Section: libs
 Priority: optional
-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
 Uploaders:
  Andreas Metzler <ametzler@debian.org>,
  Eric Dorland <eric@debian.org>,
diff -Nru gnutls28-3.6.5/debian/patches/add-openssl-test-link.patch gnutls28-3.6.5/debian/patches/add-openssl-test-link.patch
--- gnutls28-3.6.5/debian/patches/add-openssl-test-link.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnutls28-3.6.5/debian/patches/add-openssl-test-link.patch	2018-10-05 16:12:04.000000000 +0000
@@ -0,0 +1,14 @@
+Description: avoid link failure because of missing ssl
+Author: Gianfranco Costamagna <locutusofborg@debian.org>
+
+--- a/tests/slow/Makefile.am
++++ b/tests/slow/Makefile.am
+@@ -53,7 +53,7 @@
+ TESTS = $(ctests) test-ciphers.sh override-ciphers test-hash-large.sh crypto test-ciphers-api.sh
+ 
+ if HAVE_LIBCRYPTO
+-cipher_openssl_compat_LDFLAGS = $(LDADD) $(LIBCRYPTO)
++cipher_openssl_compat_LDADD = $(LDADD) $(LIBCRYPTO)
+ 
+ dist_check_SCRIPTS += test-ciphers-openssl.sh
+ check_PROGRAMS += cipher-openssl-compat
diff -Nru gnutls28-3.6.5/debian/patches/disable_global_init_override_test.patch gnutls28-3.6.5/debian/patches/disable_global_init_override_test.patch
--- gnutls28-3.6.5/debian/patches/disable_global_init_override_test.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnutls28-3.6.5/debian/patches/disable_global_init_override_test.patch	2018-10-05 16:12:04.000000000 +0000
@@ -0,0 +1,15 @@
+Description: disable failing test
+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
+Forwarded: no
+
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -172,7 +172,7 @@
+ 	 fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \
+ 	 key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \
+ 	 record-timeouts mini-dtls-hello-verify-48 set-default-prio \
+-	 tls12-anon-upgrade global-init-override tlsext-decoding rsa-psk-cb \
++	 tls12-anon-upgrade tlsext-decoding rsa-psk-cb \
+ 	 rehandshake-switch-cert rehandshake-switch-cert-allow rehandshake-switch-cert-client \
+ 	 rehandshake-switch-cert-client-allow handshake-versions dtls-handshake-versions \
+ 	 dtls-max-record tls12-max-record alpn-server-prec ocsp-filename-memleak \
diff -Nru gnutls28-3.6.5/debian/patches/series gnutls28-3.6.5/debian/patches/series
--- gnutls28-3.6.5/debian/patches/series	2018-12-16 10:24:01.000000000 +0000
+++ gnutls28-3.6.5/debian/patches/series	2018-12-18 16:22:58.000000000 +0000
@@ -1,3 +1,5 @@
 14_version_gettextcat.diff
 30_guile-snarf.diff
 40_add_missingm4.diff
+add-openssl-test-link.patch
+disable_global_init_override_test.patch