[ubuntu/hirsute-proposed] gnutls28 3.7.1-3ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Thu Apr 15 06:41:07 UTC 2021 

gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).
  * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
  * Merge CVE fixes CVE-2021-20231 CVE-2021-20232

gnutls28 (3.7.1-3) unstable; urgency=low

  * Rename/refetch
    *build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has
    been merged into upstream GIT.
  * Upload to unstable.

gnutls28 (3.7.1-2) experimental; urgency=medium

  * Also run ocsptool tests in autopkgtest.
  * Add CVE numbers to previous changelog entry.
  * Pull selected fixes from upstream GIT:
    + 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
    + 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
    + 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch
    + 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch
    + 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch
    + 56_04-examples-avoid-memory-leak-in-tlsproxy.patch
    + 56_05-examples-avoid-memory-leak-in-ex-verify.patch
  * 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch
    Ship missing image file. (Thanks, lintian)

gnutls28 (3.7.1-1) unstable; urgency=medium

  * New upstream version
    Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
    extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
  * Upload to unstable.

gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium

  * Fix autopkgtest skiplist.

gnutls28 (3.7.0+git20210306-1) experimental; urgency=low

  * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
    + Drop cherry-picked patches {48,49,50}_*.
    + Update copyright file.

gnutls28 (3.7.0-7) unstable; urgency=medium

  * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
    50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
    50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
    master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
    (Thanks to Tim Kosse for the pointer) Closes: #980119

gnutls28 (3.7.0-6) unstable; urgency=medium

  * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
    with merged version from upstream GIT master. Features a fix for an assert
    on connection to servers which send a duplicate chain including the
    self-signed CA. Closes: #980513

Date: Wed, 14 Apr 2021 15:44:37 +0100
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.7.1-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 14 Apr 2021 15:44:37 +0100
Source: gnutls28
Architecture: source
Version: 3.7.1-3ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Closes: 980119 980513
Launchpad-Bugs-Fixed: 1922004
Changes:
 gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium
 .
   * Merge from Debian unstable.  Remaining changes:
     - Enable CET.
     - Set default priority string to only allow TLS1.2, DTLS1.2, and
     TLS1.3 with medium security profile (2048 RSA keys minimum, and
     similar).
   * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
   * Merge CVE fixes CVE-2021-20231 CVE-2021-20232
 .
 gnutls28 (3.7.1-3) unstable; urgency=low
 .
   * Rename/refetch
     *build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has
     been merged into upstream GIT.
   * Upload to unstable.
 .
 gnutls28 (3.7.1-2) experimental; urgency=medium
 .
   * Also run ocsptool tests in autopkgtest.
   * Add CVE numbers to previous changelog entry.
   * Pull selected fixes from upstream GIT:
     + 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
     + 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
     + 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch
     + 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch
     + 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch
     + 56_04-examples-avoid-memory-leak-in-tlsproxy.patch
     + 56_05-examples-avoid-memory-leak-in-ex-verify.patch
   * 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch
     Ship missing image file. (Thanks, lintian)
 .
 gnutls28 (3.7.1-1) unstable; urgency=medium
 .
   * New upstream version
     Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
     extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
   * Upload to unstable.
 .
 gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
 .
   * Fix autopkgtest skiplist.
 .
 gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
 .
   * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
     + Drop cherry-picked patches {48,49,50}_*.
     + Update copyright file.
 .
 gnutls28 (3.7.0-7) unstable; urgency=medium
 .
   * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
     50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
     50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
     master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
     (Thanks to Tim Kosse for the pointer) Closes: #980119
 .
 gnutls28 (3.7.0-6) unstable; urgency=medium
 .
   * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
     with merged version from upstream GIT master. Features a fix for an assert
     on connection to servers which send a duplicate chain including the
     self-signed CA. Closes: #980513
Checksums-Sha1:
 06f4798416390263a4d2caef29157dc79bbca038 3587 gnutls28_3.7.1-3ubuntu1.dsc
 5de5d25534ee5910ea9ee6aaeeb6af1af4350c1e 6038388 gnutls28_3.7.1.orig.tar.xz
 8c2c3aabe289987bbe51ddc1ad4a42558683ca66 854 gnutls28_3.7.1.orig.tar.xz.asc
 809feeb6264bfb169152de23279dcf8fbf91d80a 69920 gnutls28_3.7.1-3ubuntu1.debian.tar.xz
 43acbb397db3dc7df518037c79b6198195a7bfa6 9077 gnutls28_3.7.1-3ubuntu1_source.buildinfo
Checksums-Sha256:
 ae584e6e4bb8f348b8a1037943c1fbed2f60b6acc710fb7c9e2344a2a70a313c 3587 gnutls28_3.7.1-3ubuntu1.dsc
 3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f 6038388 gnutls28_3.7.1.orig.tar.xz
 13a683b12602c169a7ad7827ab0e3f35c8fa1f98675d0073cf7d54a8cd635582 854 gnutls28_3.7.1.orig.tar.xz.asc
 ffe429bd5f55d80249eb1afe4421c8462c5ec5df66777c566755628f7b00749b 69920 gnutls28_3.7.1-3ubuntu1.debian.tar.xz
 16a225ed78086f9ad9db40f6106884d89e5fbfccac58cd819aa5bf2fcdfcad07 9077 gnutls28_3.7.1-3ubuntu1_source.buildinfo
Files:
 82aceab8ab5aea2de452a28c1a40995a 3587 libs optional gnutls28_3.7.1-3ubuntu1.dsc
 278e1f50d79cd13727733adbf01fde8f 6038388 libs optional gnutls28_3.7.1.orig.tar.xz
 590c9d64f7d8ee77671cdb9547f5edaf 854 libs optional gnutls28_3.7.1.orig.tar.xz.asc
 687758118d42fbf509b3e26050975262 69920 libs optional gnutls28_3.7.1-3ubuntu1.debian.tar.xz
 9ab57ab1d14527fdf42d6a194d41cfa9 9077 libs optional gnutls28_3.7.1-3ubuntu1_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>

More information about the Hirsute-changes mailing list