[ubuntu/groovy-proposed] gnutls28 3.6.15-4ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Thu Sep 24 11:05:20 UTC 2020 

gnutls28 (3.6.15-4ubuntu1) groovy; urgency=low

  * Merge from Debian unstable LP: #1893924.  Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).

gnutls28 (3.6.15-4) unstable; urgency=medium

  * autopkgtest: Require build-essential.
  * autopkgtest: respect dpkg-buildflags for helper-binary build.

gnutls28 (3.6.15-3) unstable; urgency=medium

  * More autopkgtest hotfixes.

gnutls28 (3.6.15-2) unstable; urgency=medium

  * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
    installed gnutls-bin.
  * In autopkgtest set top_builddir and builddir, ignore
    tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.

gnutls28 (3.6.15-1) unstable; urgency=low

  * New upstream version.
    + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
      unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
      Closes: #969547
    + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
      50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
    + Fix build error due to outdated gettext in Debian by removing newer
      gettext m4 macros from m4/.

gnutls28 (3.6.14-2) unstable; urgency=medium

  * Pull selected patches from upstream GIT:
    + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
      Fixes difference in generated docs on 32 and 64 bit archs.
    + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
      50_03-gnutls_cipher_init-fix-potential-memleak.patch
      Fix memleak in gnutls_aead_cipher_init() with keys having invalid
      length. (Broken since 3.6.3)
    + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
      Closes: #962467

gnutls28 (3.6.14-1) unstable; urgency=high

  * Drop debugging code added in -4, fixes nocheck profile build error.
    Closes: #962199
  * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
    debian/upstream/signing-key.asc.
  * New upstream version.
    + Fixes insecure session ticket key construction.
      [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
    + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
      51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
      51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
      51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
  * Drop guile-gnutls.lintian-overrides.
  * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
    AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
    IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
    Hopefully Closes: #962218

Date: Thu, 24 Sep 2020 12:03:44 +0100
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.6.15-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Sep 2020 12:03:44 +0100
Source: gnutls28
Architecture: source
Version: 3.6.15-4ubuntu1
Distribution: groovy
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Closes: 962199 962218 962289 962467 969547
Launchpad-Bugs-Fixed: 1893924
Changes:
 gnutls28 (3.6.15-4ubuntu1) groovy; urgency=low
 .
   * Merge from Debian unstable LP: #1893924.  Remaining changes:
     - Enable CET.
     - Set default priority string to only allow TLS1.2, DTLS1.2, and
     TLS1.3 with medium security profile (2048 RSA keys minimum, and
     similar).
 .
 gnutls28 (3.6.15-4) unstable; urgency=medium
 .
   * autopkgtest: Require build-essential.
   * autopkgtest: respect dpkg-buildflags for helper-binary build.
 .
 gnutls28 (3.6.15-3) unstable; urgency=medium
 .
   * More autopkgtest hotfixes.
 .
 gnutls28 (3.6.15-2) unstable; urgency=medium
 .
   * 50_autopkgtestfixes.diff: Fix testsuite issues when running against
     installed gnutls-bin.
   * In autopkgtest set top_builddir and builddir, ignore
     tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh.
 .
 gnutls28 (3.6.15-1) unstable; urgency=low
 .
   * New upstream version.
     + Fixes NULL pointer dereference if a no_renegotiation alert is sent with
       unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04
       Closes: #969547
     + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch
       50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
       50_03-gnutls_cipher_init-fix-potential-memleak.patch
       50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
     + Fix build error due to outdated gettext in Debian by removing newer
       gettext m4 macros from m4/.
 .
 gnutls28 (3.6.14-2) unstable; urgency=medium
 .
   * Pull selected patches from upstream GIT:
     + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
       Fixes difference in generated docs on 32 and 64 bit archs.
     + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
       50_03-gnutls_cipher_init-fix-potential-memleak.patch
       Fix memleak in gnutls_aead_cipher_init() with keys having invalid
       length. (Broken since 3.6.3)
     + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
       Closes: #962467
 .
 gnutls28 (3.6.14-1) unstable; urgency=high
 .
   * Drop debugging code added in -4, fixes nocheck profile build error.
     Closes: #962199
   * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
     debian/upstream/signing-key.asc.
   * New upstream version.
     + Fixes insecure session ticket key construction.
       [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
     + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
       51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
       51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
       51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
   * Drop guile-gnutls.lintian-overrides.
   * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
     AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
     IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
     Hopefully Closes: #962218
Checksums-Sha1:
 568fa45de243354043ef0e7d4fe7688f856e31cb 3603 gnutls28_3.6.15-4ubuntu1.dsc
 00ef7d93347df586c3d1a00f13c326706c0c59ba 6081656 gnutls28_3.6.15.orig.tar.xz
 577ed6e4539bcbb0429578b5400289ec6afcd417 833 gnutls28_3.6.15.orig.tar.xz.asc
 53d5809735ec3c3b332fc6388e5fa17d11a19503 65792 gnutls28_3.6.15-4ubuntu1.debian.tar.xz
 618f06df88deba62fa945c5018cd68818295ee74 8378 gnutls28_3.6.15-4ubuntu1_source.buildinfo
Checksums-Sha256:
 416313563c8fbf112aa817bd418b7c752b496f5d21f1ac38a8534009dc8d2f0f 3603 gnutls28_3.6.15-4ubuntu1.dsc
 0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558 6081656 gnutls28_3.6.15.orig.tar.xz
 49abc685c9504b4b4de7a0cd8075ee9a4c01f0a6e2b2c9b86a24c58b1e7ac7c5 833 gnutls28_3.6.15.orig.tar.xz.asc
 0b671893cde7cb7fb98fffcaf2935135b993624d098da0d83603c5458eac110b 65792 gnutls28_3.6.15-4ubuntu1.debian.tar.xz
 256683baf34e027cd969af91edaa04d723a8b2fd548084dc136cfd0cf25869e8 8378 gnutls28_3.6.15-4ubuntu1_source.buildinfo
Files:
 2b36c75323c3d053b0577ea72706d734 3603 libs optional gnutls28_3.6.15-4ubuntu1.dsc
 e80e0d20a8bb337a15fa63caa7f67006 6081656 libs optional gnutls28_3.6.15.orig.tar.xz
 e5ca72bab65ef045a4622160c901f74c 833 libs optional gnutls28_3.6.15.orig.tar.xz.asc
 600e0ebe0f890fb389699caf4d963c52 65792 libs optional gnutls28_3.6.15-4ubuntu1.debian.tar.xz
 bc37459f6ec17cbaf293eabf0d03aef7 8378 libs optional gnutls28_3.6.15-4ubuntu1_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7iQKBSojGtiSWEHXm47ISdXvcO0FAl9sfTUACgkQm47ISdXv
cO03jg//TxoI8LRPg3naOo26E2n+DqEFzG2W8/PdeaJByTArDZo7lo2CY3Y5+JFF
33cKjeodGSLxPJKq0ziAdpKZ4DvDjeQcQ3t38dpVHovIINcufWieaTIla/Ls8KqU
fzSbNKoixJSKTfFR5oWWn9BUta7xGJvyAowGytVV2QFtfRgx/GHtivOBWtdtjdQx
3lqGcN9XOyJtQ9Lgvwm/lRg3pV9US2zqrPsw2d5DScsPrDtFUcjaskueWoVU7mBR
qwf/37aKSrZHZepBfm57oUWQz5uFBi4sllLvXfMYaHSHCvX3gYzGaN+wjl4pI9Uv
551qnePDNBAjsG28tINIf1fngUrac5Z/y1CSJTsg67QH8rfFAo+yTRSHcqmStYhR
KODFjg1GDvr1w/28d5Y5a+wNQHimHah5jLwJrPeChY1K5jEyRexubn2llMX2zIWu
FhKFlxUGzl8TBtv2HkduN+4+h/Q2NYuN5ANNfmZR47KHqS+31ASiAUSM8XYgs3W9
PT/w5wuDlec0gA7zy86+Zl9gpJpB3iWsUxx6zZfTMTrQlelfwXAH0OuqWm/P8wpw
1RkOcjeUEeZu1WrOa0n8XzJb7kpe5JG3B/QubRgZKxvb8sn8aUEsFpM/Jkgs/jDL
vvkZGLjnHSKCa/AHT3n5t4VCC9U4GqYEdBnRA+wyJia4i8GURZA=
=HVSM
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list