debian/0000775000000000000000000000000012536326316007177 5ustar debian/changelog0000664000000000000000000022112112536326207011047 0ustar gnutls28 (3.2.11-2ubuntu1.1) trusty-security; urgency=medium [ Gianfranco Costamagna ] * SECURITY UPDATE: Denial of service and possible remote arbitrary code execution via crafted ServerHello message - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for session id size. Based on upstream patch. (LP: #1326779) [ Tyler Hicks ] * debian/patches/21_CVE-2014-3466.patch: Fold in the test for CVE-2014-3466's fix. Based on upstream patch. -- Tyler Hicks Thu, 11 Jun 2015 10:42:35 -0500 gnutls28 (3.2.11-2ubuntu1) trusty; urgency=medium * Resynchronise with Debian. Remaining changes: - Drop gnutls-bin and -doc since we want to use the versions in gnutls26 as the defaults instead. * Add arm64 and ppc64el to the list of non-ia64 architectures on which guile-gnutls is built. -- Colin Watson Wed, 05 Mar 2014 10:31:28 +0000 gnutls28 (3.2.11-2) unstable; urgency=high * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11. * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate validation issue. CVE-2014-0092 -- Andreas Metzler Sat, 01 Mar 2014 08:48:21 +0100 gnutls28 (3.2.11-1) unstable; urgency=high * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1) * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git. -- Andreas Metzler Sat, 15 Feb 2014 14:38:52 +0100 gnutls28 (3.2.10-2) unstable; urgency=high * Upload to unstable. -- Andreas Metzler Sun, 02 Feb 2014 12:10:16 +0100 gnutls28 (3.2.10-1) experimental; urgency=high * New upstream version. * New symbols exported, bump shlibs. -- Andreas Metzler Sat, 01 Feb 2014 09:22:36 +0100 gnutls28 (3.2.9-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Wed, 29 Jan 2014 19:05:05 +0100 gnutls28 (3.2.9-1) experimental; urgency=medium * New upstream version. + %COMPAT implies %DUMBFW. (See #733039) * Drop 40_guilenoparallel.diff, which did not have any effect after enabling dh_autoreconf. * Stop dh_clean from removing *.bak, upstream tarball actually contains files named such in src/ subdirectory. -- Andreas Metzler Sat, 25 Jan 2014 19:00:11 +0100 gnutls28 (3.2.8.1-3) unstable; urgency=medium * Correct c'n'p error in Vcs-Git field. * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx) -- Andreas Metzler Sun, 19 Jan 2014 13:23:46 +0100 gnutls28 (3.2.8.1-2) unstable; urgency=low * Upload to unstable, without libgnutls-openssl27. -- Andreas Metzler Fri, 27 Dec 2013 15:45:39 +0100 gnutls28 (3.2.8.1-1) experimental; urgency=low * New upstream version. + Drop debian/patches/45_add_strerror-module.patch, which was pulled from upstream. + Bump shlibs. * Add debian/upstream-signing-key.pgp (listed in debian/source/include-binaries) and update watchfile to check upstream signature. -- Andreas Metzler Sat, 21 Dec 2013 16:59:19 +0100 gnutls28 (3.2.7-4) experimental; urgency=low * Upload to experimental, with libgnutls-openssl27. * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.) -- Andreas Metzler Sun, 08 Dec 2013 18:43:16 +0100 gnutls28 (3.2.7-3) unstable; urgency=low * Point vcs* to git. * Upload to unstable, without libgnutls-openssl27. -- Andreas Metzler Sun, 08 Dec 2013 18:15:43 +0100 gnutls28 (3.2.7-2) experimental; urgency=low * Fix kfreebsd FTBFS. + 45_add_strerror-module.patch add gnulib strerror module. + Use dh_autoreconf. -- Andreas Metzler Fri, 29 Nov 2013 19:10:39 +0100 gnutls28 (3.2.7-1) experimental; urgency=low * New upstream version. + Add b-d on bison. + Bump shlibs. + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch. + Simplify debian/rules, stop removing autogened files. -- Andreas Metzler Wed, 27 Nov 2013 19:30:00 +0100 gnutls28 (3.2.6-2) experimental; urgency=low * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain for the hint.) * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition. -- Andreas Metzler Sun, 10 Nov 2013 13:54:49 +0100 gnutls28 (3.2.6-1) experimental; urgency=low * New upstream version. + Bump shlibs. -- Andreas Metzler Tue, 05 Nov 2013 19:25:51 +0100 gnutls28 (3.2.5-1) experimental; urgency=low * New upstream version. + Bump shlibs. * Ship examples/examples.h which is needed for building examples/*.c. Also add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor) Closes: #726971 -- Andreas Metzler Sat, 26 Oct 2013 14:40:05 +0200 gnutls28 (3.2.4-5) experimental; urgency=low * Re-enable building of libgnutls-openssl27 binary package. * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless transition to gnutls28. -- Andreas Metzler Sun, 06 Oct 2013 19:10:06 +0200 gnutls28 (3.2.4-4) unstable; urgency=low * 40_guilenoparallel.diff: Disable parallel build in guile/modules/. -- Andreas Metzler Mon, 09 Sep 2013 19:48:04 +0200 gnutls28 (3.2.4-3) unstable; urgency=low * Looks like "Architecture" in debian/control cannot be folded, unfold the respective entry for guile-gnutls. -- Andreas Metzler Sun, 08 Sep 2013 08:03:27 +0200 gnutls28 (3.2.4-2) unstable; urgency=low * Manpages were missing on binary-only builds. Closes: #721725 * Build with --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since ca-certificates not pulled in by build-dependencies anymore. Closes: #721726 * Upload to unstable. -- Andreas Metzler Sat, 07 Sep 2013 08:10:17 +0200 gnutls28 (3.2.4-1) experimental; urgency=low * New upstream release. + Drop 40_Clean-up-after-test.patch. * Fix path to png files in info files with sed instead of symlinking images. * Bump shlibs. -- Andreas Metzler Sat, 31 Aug 2013 19:02:33 +0200 gnutls28 (3.2.3-3) experimental; urgency=low * Switch to dh, to easily allow us to move gtk-doc-tools to Build-Depends-Indep. Closes: #682596 -- Andreas Metzler Sun, 25 Aug 2013 10:25:52 +0200 gnutls28 (3.2.3-2) experimental; urgency=low * Build gnutls-guile against guile-2.0. + Drop --disable-largefile on armel armhf mipsel. + ia64 does not build guile-2.0, disable guile-support there. -- Andreas Metzler Sun, 04 Aug 2013 13:28:13 +0200 gnutls28 (3.2.3-1ubuntu2) trusty; urgency=medium * Fix detection of floating point endianness. * Use dh-autoreconf to update libtool.m4 for new ports. -- Colin Watson Wed, 05 Feb 2014 05:17:52 +0000 gnutls28 (3.2.3-1ubuntu1) saucy; urgency=low * Sync with Debian (LP: #1068029). Remaining change: - Drop gnutls-bin and -doc since we want to use the versions in gnutls26 as the defaults instead -- Jeremy Bicha Tue, 30 Jul 2013 21:40:07 -0400 gnutls28 (3.2.3-1) unstable; urgency=low * New upstream release. * Drop superfluous patches. (35_gnutls-priority-string.diff 36_avoid-leaking-a-buffer-element.diff) * Bump shlibs. -- Andreas Metzler Tue, 30 Jul 2013 19:45:28 +0200 gnutls28 (3.2.2-2) unstable; urgency=low * Pull two patches from upstream: +35_gnutls-priority-string.diff Fix priority string parsing broken in 3.2.2 Closes: #717314 +36_avoid-leaking-a-buffer-element.diff -- Andreas Metzler Sun, 21 Jul 2013 18:08:42 +0200 gnutls28 (3.2.2-1) unstable; urgency=low * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam) Closes: #678070 * New upstream version. * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff * Bump shlibs. -- Andreas Metzler Mon, 15 Jul 2013 11:41:50 +0200 gnutls28 (3.2.1-2) unstable; urgency=low * Upload to unstable. * Do not link everything against nettle on mips(el), the issue being worked around was fixed by the latest eglibc upload. * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch: same. -- Andreas Metzler Sun, 23 Jun 2013 16:55:09 +0200 gnutls28 (3.2.1-1) experimental; urgency=low * New upstream version. + Bump nettle build-dep to >= 2.7. + Bump shlibs. + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check whether it still fails on kfreebsd-i386. + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent false positive error in 32-bit systems. + [32_linkagainstgmp.diff] Link libgnutls against gmp. -- Andreas Metzler Sun, 09 Jun 2013 20:08:29 +0200 gnutls28 (3.1.12-2) unstable; urgency=low * Upload to unstable. * Fix vcs-field-not-canonical lintian error by using anonscm instead of svn.debian.org. -- Andreas Metzler Sat, 08 Jun 2013 14:41:39 +0200 gnutls28 (3.1.12-1) experimental; urgency=low * Use rm -f on clean, fixing an issue with building twice in row. * New upstream version. * On mips/mipsel link everything and the kitchen-sink against nettle to work around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'"). -- Andreas Metzler Sun, 02 Jun 2013 07:58:55 +0200 gnutls28 (3.1.11-1) experimental; urgency=low * New upstream version. + Bump shlibs. -- Andreas Metzler Fri, 10 May 2013 16:39:17 +0200 gnutls28 (3.1.10-1) experimental; urgency=low * New upstream version. * Bump shlibs. -- Andreas Metzler Sat, 23 Mar 2013 16:21:30 +0100 gnutls28 (3.1.9.1-1) experimental; urgency=low * New upstream version. * Bump shlibs. * Force re-generation of autogen-ed manpages. -- Andreas Metzler Sun, 03 Mar 2013 17:06:05 +0100 gnutls28 (3.1.8-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sun, 10 Feb 2013 13:35:32 +0100 gnutls28 (3.1.7-1) experimental; urgency=low * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching the build-depency. (Thanks, Daniel Kahn Gillmor) * New upstream version. + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack. CVE-2013-0169 CVE-2013-1619. + New symbols added, bump shlibs. + Ship newly available libgnutls-xssl0 library in a separate package. * Disable Heart Beat (RFC6520) support. -- Andreas Metzler Tue, 05 Feb 2013 14:58:31 +0100 gnutls28 (3.1.6-1) experimental; urgency=low * Update watchfile, based on Bart Martens version for gnutls26 on q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to 3.x versions. * New upstream version. + requires libtasn1 >= 3.1, bump build-depends. + requires a a newer version of autogen, bump build-depends. + update debian/copyright to reflect the fact that GnuTLS authors have stopped assigning copyright to FSF. -- Andreas Metzler Sat, 05 Jan 2013 09:38:41 +0100 gnutls28 (3.1.5-1) experimental; urgency=low * New upstream version. + Drop 40_danetestfail.diff + Unfuzz 20_test-select.diff + Bump shlibs. -- Andreas Metzler Wed, 28 Nov 2012 19:23:10 +0100 gnutls28 (3.1.4-1) experimental; urgency=low * New upstream release. + Drop 40_fixtypo.diff. + debian/copyright: update upstream author list. + New symbols added, bump shlibs. * 40_danetestfail.diff - Do not try to run dane test without dane support. -- Andreas Metzler Sat, 10 Nov 2012 09:21:41 +0100 gnutls28 (3.1.3-1) experimental; urgency=low * New upstream release. * Explicitly set --disable-libdane --without-tpm. * Bump shlibs. * 40_fixtypo.diff pulled from upstream git. * Update debian/copyright from AUTHORS. -- Andreas Metzler Sat, 13 Oct 2012 15:52:09 +0200 gnutls28 (3.1.2-1) experimental; urgency=low * New upstream release. + Requires libtasn1-3 2.14, bump (b-)d. + New symbols added, bump shlibs. -- Andreas Metzler Sat, 29 Sep 2012 08:13:47 +0200 gnutls28 (3.1.1-1) experimental; urgency=low * New upstream release. + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6. Closes: #686242 + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff 42_dump-the-errno.diff 43_possiblefix.diff) + Bump shlibs. * Sync version of libgnutls-dev dependency on nettle-dev with the build-dependency. -- Andreas Metzler Tue, 04 Sep 2012 19:28:08 +0200 gnutls28 (3.1.0-5) experimental; urgency=low * 43_possiblefix.diff might fix the test suite error. -- Andreas Metzler Sun, 02 Sep 2012 16:05:34 +0200 gnutls28 (3.1.0-4) experimental; urgency=low * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the testsuite error. -- Andreas Metzler Sun, 02 Sep 2012 13:28:55 +0200 gnutls28 (3.1.0-3) experimental; urgency=low * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout. -- Andreas Metzler Sat, 01 Sep 2012 10:02:54 +0200 gnutls28 (3.1.0-2) experimental; urgency=low * Mention abbreviation "DTLS" in package description. * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test, it spuriously fails on about half of the buildds. -- Andreas Metzler Sat, 01 Sep 2012 08:41:11 +0200 gnutls28 (3.1.0-1) experimental; urgency=low * New upstream release. + Bump nettle build-dep to >= 2.5. + Bump shlibs. -- Andreas Metzler Sun, 26 Aug 2012 13:40:15 +0200 gnutls28 (3.0.22-2) unstable; urgency=low * Upload to unstable. This is a leaf-package, experimental should get 3.1.0. -- Andreas Metzler Sat, 25 Aug 2012 09:22:37 +0200 gnutls28 (3.0.22-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sun, 05 Aug 2012 08:29:14 +0200 gnutls28 (3.0.21-1) experimental; urgency=low * New upstream version. + Drop 35_s390buildfix.diff. * Bump shlibs (new functions added.) -- Andreas Metzler Tue, 03 Jul 2012 19:50:14 +0200 gnutls28 (3.0.20-3) unstable; urgency=low * 35_s390buildfix.diff - Fixes test-suite error on s390x. -- Andreas Metzler Thu, 21 Jun 2012 19:52:47 +0200 gnutls28 (3.0.20-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sat, 16 Jun 2012 16:20:01 +0200 gnutls28 (3.0.20-1) experimental; urgency=low * New upstream version. * Bump shlibs (new functions added.) * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for CLOCK_MONOTONIC now. #662018 -- Andreas Metzler Wed, 06 Jun 2012 20:46:11 +0200 gnutls28 (3.0.19-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sun, 22 Apr 2012 18:42:46 +0200 gnutls28 (3.0.19-1) experimental; urgency=low * New upstream version. + libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be a file that stores the pin. (LP: #929108) + Drop 31_killchild.diff, included upstream. -- Andreas Metzler Sun, 22 Apr 2012 18:14:41 +0200 gnutls28 (3.0.18-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sat, 14 Apr 2012 16:34:15 +0200 gnutls28 (3.0.18-1) experimental; urgency=low * New upstream version. + Bump shlibs. * patches/31_killchild.diff: Revert upstream change which caused tee-ing a build to hang. -- Andreas Metzler Sat, 07 Apr 2012 09:11:39 +0200 gnutls28 (3.0.17-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Tue, 20 Mar 2012 19:19:31 +0100 gnutls28 (3.0.17-1) experimental; urgency=low * New upstream version. + Bump shlibs. -- Andreas Metzler Sat, 17 Mar 2012 15:59:17 +0100 gnutls28 (3.0.15-2) experimental; urgency=low * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since support for CLOCK_MONOTONIC is missing there. (See #662018.) -- Andreas Metzler Sun, 11 Mar 2012 10:24:39 +0100 gnutls28 (3.0.15-1) experimental; urgency=low * New upstream version. + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 31_provide-accurate-value-to-select.patch) + Includes fix for CVE-2012-1573. * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts. * Bump libgnutls-dev dependency on libp11-kit-dev. -- Andreas Metzler Sun, 04 Mar 2012 15:58:38 +0100 gnutls28 (3.0.14-1) experimental; urgency=low * New upstream version. + Drop 30_force-kill-of-child.diff. * Pull 30_microseconds-does-not-overflow.patch and 31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite error (tests/mini-loss) on kfreebsd-*. -- Andreas Metzler Sat, 25 Feb 2012 15:24:39 +0100 gnutls28 (3.0.13-1) experimental; urgency=low * New upstream version. + bump libp11-kit-dev build-dep. to >= 0.11. + drop 30_guilegnutlserrorcodes.diff. * Drop debian/ocsptool.1 use, newly available upstream manpage instead. * Use and link against Debian's packaged version of autogen/libopts. + B-d on autogen. + remove autogen-generated files (*.c, *.h) on clean. autogen requires that the system headers are at least of the same version as the one which was used to generate the files from their respective .def sources. * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test. * Bump shlibs. -- Andreas Metzler Mon, 20 Feb 2012 19:30:16 +0100 gnutls28 (3.0.12-2) unstable; urgency=low * De-multiarch guile-gnutls. Closes: #658110 -- Andreas Metzler Sat, 04 Feb 2012 14:34:48 +0100 gnutls28 (3.0.12-1) unstable; urgency=low * New upstream version. * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile testsuite error. * Update debian/copyright. * Bump shlibs. (OCSP support) * Add trivial ocsptool manpage. -- Andreas Metzler Sat, 21 Jan 2012 10:38:44 +0100 gnutls28 (3.0.11-1) unstable; urgency=low * New upstream version. -- Andreas Metzler Sat, 07 Jan 2012 12:55:33 +0100 gnutls28 (3.0.10-1) unstable; urgency=low * Drop guile-gnutls.README.Debian - binary guile modules are no longer directly installed in $libdir. * New upstream version. + Drop patches/30_correctly-set-the-odd-bits.patch. + gnutls_random_art() added. Update copyright, bump shlibs. + src/serv.c: Only use configured interfaces. Patch by Pino Toscano. Closes: #652552 -- Andreas Metzler Fri, 06 Jan 2012 08:52:19 +0100 gnutls28 (3.0.9-2) unstable; urgency=low * [20_test-select.diff] Do not run gnulib test-select test anymore. The test fails on kfreebsd-i386, the gnutls library does not use select(). * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head. * Upload to unstable. -- Andreas Metzler Sat, 17 Dec 2011 11:41:19 +0100 gnutls28 (3.0.9-1) experimental; urgency=low * New upstream version. * Include guile-gnutls package. * Bump shlibs. -- Andreas Metzler Wed, 14 Dec 2011 19:54:20 +0100 gnutls28 (3.0.8-2) unstable; urgency=low * First upload to unstable. + Disable openssl-wrapper package, let it be provided by gnutls26 until gnutls28 is in testing. + Disable gnutls-guile package, let it be provided by gnutls26 until gnutls28 is in testing. -- Andreas Metzler Sat, 03 Dec 2011 10:30:04 +0100 gnutls28 (3.0.8-1) experimental; urgency=low * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix guile related FTBFS on these architectures. See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html * New upstream version. + Bump shlibs. -- Andreas Metzler Sat, 12 Nov 2011 17:05:25 +0100 gnutls28 (3.0.7-1) experimental; urgency=low * New upstream version. + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441 * Drop 20_addGNU-stack.diff, included upstream. * loadable Guile module no longer installed directly to $libdir but to $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module. * gnutls-extra is removed upstream, there is no need anymore to manually remove the bits and pieces in debian/rules. -- Andreas Metzler Thu, 10 Nov 2011 19:35:30 +0100 gnutls28 (3.0.4-2) experimental; urgency=low * Drop libgnutls-dev.README.Debian, the information provided there stopped being relevant in 2.7.12. * Delete superfluous info from debian/README.source. * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not seem to be possible. http://lists.debian.org/debian-devel/2011/10/msg00332.html * Simplify dependencies: + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is also provided by gnutls26' libgnutls-dev). + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev, gnutls-dev (<< 0.4.0-0), libgnutls11-dev. -- Andreas Metzler Sun, 23 Oct 2011 17:41:27 +0200 gnutls28 (3.0.4-1) experimental; urgency=low * New upstream version. + bump shlibs. + bump nettle build-dependency to >= 2.4. (Required for ripemd-160). * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811 * [20_addGNU-stack.diff] Add GNU-stack note to newly added padlock-common.s. * Stop shipping libgnutls-extra.so. It is an empty shell currently and will be packaged for Debian again when it provides functionality. * Update debian/copyright, accelerated assembly code is non-FSF copyright. * Add crywrap.8 manpage. -- Andreas Metzler Sat, 15 Oct 2011 13:37:39 +0200 gnutls28 (3.0.3-1) experimental; urgency=low * New upstream version. (Includes a fix for #640639) * Bump shlibs. -- Andreas Metzler Tue, 20 Sep 2011 19:37:06 +0200 gnutls28 (3.0.2-1) experimental; urgency=low * Update debian/copyright for crywrap. * Since libgnutls*-dbg contains debugging symbols of helper applications libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update Conflicts. * New upstream version. It also includes the fixes for #638586 (Correct parsing of XMPP subject alternative names) and #638595 (gnutls_certificate_set_x509_key() and gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the release of the private key during the lifetime of the certificate structure.) * Configure with --enable-gtk-doc, the included API reference is incomplete in the tarball. * [lintian] Get rid of binary-control-field-duplicates-source field warnings. * [lintian] Add description header to 14_version_gettextcat.diff * Bump shlibs. -- Andreas Metzler Sat, 03 Sep 2011 13:18:17 +0200 gnutls28 (3.0.1-1) experimental; urgency=low * Update Vcs-Svn and Vcs-Browser for new source package name. * New upstream version. + corrects formatting of gnutls-cli(1) manpage. Closes: #637551 * Bump build-dependency on libp11-kit-dev to (>= 0.4). * Drop 20_executablestack.diff, included upstream. * Includes crywrap(8), an application that proxies TLS session to a port using a plaintext service. * Add build-dependency on libidn11-dev, needed for newly added crywrap tool. * Bump shlibs. (New flags). -- Andreas Metzler Sun, 21 Aug 2011 14:54:23 +0200 gnutls28 (3.0.0-2) experimental; urgency=low * Add missing b-d on chrpath. * Search for .xz instead of .bz2 in watchfile. -- Andreas Metzler Tue, 16 Aug 2011 13:57:22 +0200 gnutls28 (3.0.0-1) experimental; urgency=low * Drop gcrypt related patches (16_unnecessarydep.diff 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff 20_gcrypt15compat.diff), update remaining one (14_version_gettextcat.diff). * Build against nettle and p11-kit. + Update DEB_CONFIGURE_EXTRA_FLAGS. + Update (Build-)Depends. (Add pkg-config, it is used for locating p11-kit.) * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 -> libgnutls28. * Drop libgnutls Breaks, they are superfluous after the soname change. * Delete config.log on clean. * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to assembly files. * Delete unneccessary rpath entries. * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a NEWS entry for this license change. * Move gnutls-extra library to separate package. -- Andreas Metzler Sun, 14 Aug 2011 16:44:11 +0200 gnutls26 (2.12.7-4) unstable; urgency=low * Upload to unstable. * Point watch file to stable release directory. * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config Libs.private. Closes: #632891 * Update libgnutls26 Breaks (snowdrop and zoneminder versions.) -- Andreas Metzler Sun, 07 Aug 2011 09:58:28 +0200 gnutls26 (2.12.7-3) experimental; urgency=low [ Simon Josefsson ] * Fix Debian BTS URL in --with-packager-bug-reports option. [ Andreas Metzler ] * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Andreas Metzler Mon, 25 Jul 2011 19:59:36 +0200 gnutls26 (2.12.7-2) experimental; urgency=low * Stop shipping libtool la files. * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime libraries and guile-wrapper are Multi-Arch: same with Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are Multi-Arch: foreign, -dev and -dbg remain unchanged. + Diverge from Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not co-installable with itself. -- Andreas Metzler Sun, 26 Jun 2011 15:01:58 +0200 gnutls26 (2.12.7-1) experimental; urgency=low * New upstream version. * Update 17_ignoretestsuitteerrors.diff. * A new version of pokerth has been uploaded to sid, update libgnutls26 Breaks accordingly. -- Andreas Metzler Sun, 19 Jun 2011 08:49:01 +0200 gnutls26 (2.12.6.1-1) experimental; urgency=low * New upstream version. * Bump shlibs, global_set_time_function() was added. * Stop setting CFLAGS += -Wall, it is set by default again. * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite errors. -- Andreas Metzler Sun, 05 Jun 2011 13:18:50 +0200 gnutls26 (2.12.5-1) experimental; urgency=low * New upstream version. * Bump shlibs, gnutls_x509_crq_verify() was added. -- Andreas Metzler Sat, 14 May 2011 13:21:12 +0200 gnutls26 (2.12.4-1) experimental; urgency=low * New upstream version. * Bump shlibs. (gnutls_certificate_get_issuer() added). -- Andreas Metzler Sun, 08 May 2011 15:19:18 +0200 gnutls26 (2.12.3-1) experimental; urgency=low * New upstream version. * Drop patches included upstream: [18_restoreHMAC-MD5.diff] -- Andreas Metzler Fri, 22 Apr 2011 18:26:11 +0200 gnutls26 (2.12.2-2) experimental; urgency=low * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5 for compatibility. Closes: #623001 -- Andreas Metzler Sun, 17 Apr 2011 15:44:30 +0200 gnutls26 (2.12.2-1) experimental; urgency=low * New upstream version. * [lintian] Drop article from short package descriptions. -- Andreas Metzler Fri, 08 Apr 2011 19:36:27 +0200 gnutls26 (2.12.1-1) experimental; urgency=low * New upstream version. + certtool: Generated certificate request with stricter permissions. Closes: #619746 * Drop superfluous patches: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will need a binNMU when gnutls 2.12.x uploaded to unstable. -- Andreas Metzler Sat, 02 Apr 2011 15:22:46 +0200 gnutls26 (2.12.0-1) experimental; urgency=low * New upstream stable release. + Drop superceded patches 17_goldhotfix.patch 18_libgnutls-openssl_soname.diff. * Pull a couple of post release fixes from upstream gnutls_2_12_x branch: 17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff 19_uninitializedvar.diff 20_access_freedmemory.diff -- Andreas Metzler Sun, 27 Mar 2011 10:23:11 +0200 gnutls26 (2.11.7-2) experimental; urgency=low * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool versioning: 27:0:0). * Split off libgnutls-openssl to a separate package, since the sonames are not in sync anymore. -- Andreas Metzler Fri, 11 Mar 2011 17:48:47 +0100 gnutls26 (2.11.7-1) experimental; urgency=low * New upstream version (rc for 2.12) + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff) + Bump shlibs. * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt. -- Andreas Metzler Thu, 10 Mar 2011 12:12:01 +0100 gnutls26 (2.11.6-2) experimental; urgency=low * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume) on big endian architectures. -- Andreas Metzler Wed, 23 Feb 2011 19:20:40 +0100 gnutls26 (2.11.6-1) experimental; urgency=low * Development release. * Continue building against libgcrypt, run configure with --with-libgcrypt. * Refresh patches/15_fixgnutlspc.diff. * Set --with-packager* options. * Install newly available p11tool binary. * Bump libgcrypt11-dev Build-Depends. * C++ wrapper soname bump, change package name accordingly. * Bump shlibs. * Update debian/copyright. * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Sat, 19 Feb 2011 15:29:43 +0100 gnutls26 (2.10.5-3) unstable; urgency=medium * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5. -- Andreas Metzler Mon, 25 Jul 2011 19:26:34 +0200 gnutls26 (2.10.5-2) unstable; urgency=low * Stop shipping libtool la files. -- Andreas Metzler Sat, 25 Jun 2011 18:13:38 +0200 gnutls26 (2.10.5-1) unstable; urgency=low * New upstream bugfix release. + Drop 15_fixgnutlspc.diff, included upstream. * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Mon, 28 Feb 2011 18:52:57 +0100 gnutls26 (2.10.4-2) unstable; urgency=low * Use debhelper compatibility level 7. * Merge in changes from 2.8.6-1: + Use dh_lintian. + Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. + hotfix pkg-config files (proper fix to be included upstream). + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff Closes: #405239 * Upload to unstable. -- Andreas Metzler Sun, 06 Feb 2011 16:44:09 +0100 gnutls26 (2.10.4-1) experimental; urgency=low * New upstream release. V1 CAs are trusted by default. -- Andreas Metzler Mon, 06 Dec 2010 19:13:48 +0100 gnutls26 (2.10.3-1) experimental; urgency=low * Drop workaround for 519006, binutils is fixed even in squeeze. * New upstream bugfix release. -- Andreas Metzler Fri, 19 Nov 2010 19:19:26 +0100 gnutls26 (2.10.2-1) experimental; urgency=low * New upstream version. + Fix asynchronous API handling. Closes: #588187 + certtool does not crash on reading from /dev/null anymore. Closes: #588029 * Standards-Version 3.9.1 -Stop building with -D_REENTRANT. -- Andreas Metzler Thu, 30 Sep 2010 19:10:31 +0200 gnutls26 (2.10.1-1) experimental; urgency=low * Update package descriptions. Closes: #588067 * New upstream version. -- Andreas Metzler Sun, 25 Jul 2010 14:56:45 +0200 gnutls26 (2.10.0-2) experimental; urgency=low * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2 support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental (2.31.2-1) not yet. Closes: #587755 -- Andreas Metzler Sat, 03 Jul 2010 08:58:57 +0200 gnutls26 (2.10.0-1) experimental; urgency=low * New upstream stable release. * Point watchfile to stable releases. -- Andreas Metzler Sat, 26 Jun 2010 14:48:40 +0200 gnutls26 (2.9.12-2) experimental; urgency=low * Work around gcc-4.4 bug by building without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a useless and almost empty package on these archs.) * Drop ancient workaround for gcc bug on hppa. http://bugs.debian.org/128036 -- Andreas Metzler Sat, 19 Jun 2010 14:38:22 +0200 gnutls26 (2.9.12-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Thu, 17 Jun 2010 19:20:04 +0200 gnutls26 (2.9.11-1) experimental; urgency=low * New upstream version. * Drop 15_gnutlspriority.diff, superseded. -- Andreas Metzler Mon, 07 Jun 2010 19:36:33 +0200 gnutls26 (2.9.10-2) experimental; urgency=low * [15_gnutlspriority.diff] Restore compatibility with programs using gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim. Closes: #579831 -- Andreas Metzler Thu, 27 May 2010 18:40:53 +0200 gnutls26 (2.9.10-1) experimental; urgency=low * New upstream version. * New functions added, bump shlibs. -- Andreas Metzler Thu, 22 Apr 2010 19:29:52 +0200 gnutls26 (2.9.9-1) experimental; urgency=low * Package upstream development branch for experimental. * Track development versions in watchfile. * Package C++ wrapper again. Closes: #548637 -- Andreas Metzler Sun, 20 Dec 2009 11:31:33 +0100 gnutls26 (2.8.6-1) unstable; urgency=low * Use dh_lintian. * Use dh_makeshlibs for the guile stuff, too. This gets us a) ldconfig in postinst. Closes: #553109 and b) a shlibs file. However the shared objects /usr/lib/libguile-gnutls*so* are still not designed to be used as libraries (linking) but are dlopened. guile-1.10 will address this issue by keeping this stuff in a private directory. * hotfix pkg-config files (proper fix to be included upstream). * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff -- Andreas Metzler Sat, 20 Mar 2010 15:53:35 +0100 gnutls26 (2.8.5-2) unstable; urgency=low * Add a huge bunch of lintian overrides for the guile stuff to make dak happy. -- Andreas Metzler Fri, 13 Nov 2009 19:53:04 +0100 gnutls26 (2.8.5-1) unstable; urgency=low * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.) * Switch to '3.0 (quilt)' source format, allowing us to use upstreams orig.tar.bz2 without repacking it to gz. * New upstream version. + Drop patches/20_fixtimebomb.diff. -- Andreas Metzler Thu, 12 Nov 2009 19:57:08 +0100 gnutls26 (2.8.4-2) unstable; urgency=high * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920 -- Andreas Metzler Sun, 01 Nov 2009 13:21:27 +0100 gnutls26 (2.8.4-1) unstable; urgency=low * New upstream version. + Drop debian/patches/15_openpgp.diff. * Sync priorities with override file, libgnutls26 has been bumped from important to standard. -- Andreas Metzler Sat, 26 Sep 2009 10:33:52 +0200 gnutls26 (2.8.3-3) unstable; urgency=low * Empty dependency_libs in la-files. (Squeeze release goal.) -- Andreas Metzler Sat, 05 Sep 2009 09:09:22 +0200 gnutls26 (2.8.3-2) unstable; urgency=low * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke openpgp connections. -- Andreas Metzler Sat, 22 Aug 2009 14:14:48 +0200 gnutls26 (2.8.3-1) unstable; urgency=high * New upstream version. + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it was built against. Closes: #540449 + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509 certificate name fields. Closes: #541439 GNUTLS-SA-2009-4 http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html * Drop 15_chainverify_expiredcert.diff, included upstream. * Urgency high, since 541439 applies to testing, too. -- Andreas Metzler Fri, 14 Aug 2009 19:14:29 +0200 gnutls26 (2.8.1-2) unstable; urgency=low [ Simon Josefsson ] * Remove cruft in rules file. * Remove patches/15_tasn1inpc.diff, not needed. [ Andreas Metzler ] * Finally add an entry to the NEWS.Debian file concerning the deprecation of RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578 * Upload to unstable. * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT. Fix testsuite error caused by expired certificate. -- Andreas Metzler Thu, 06 Aug 2009 19:12:51 +0200 gnutls26 (2.8.1-1) experimental; urgency=low * New upstream stable release. -- Andreas Metzler Thu, 11 Jun 2009 09:15:28 +0200 gnutls26 (2.7.14-1) experimental; urgency=low * [debian/control] set section setting of source package to libs instead of devel. * New upstream version. + Drop debian/patches/16_symbolversioning_fix.diff, included upstream. + Bump shlibs, new symbols added. -- Andreas Metzler Tue, 26 May 2009 19:51:41 +0200 gnutls26 (2.7.12-1) experimental; urgency=low * Fix typo in changelog. Closes: #526427 * New upstream release. + Does not ship the scripts libgnutls-extra-config and libgnutls-config and the .m4 snippet to use it anymore. Please switch to pkg-config or standard autoconf test. Drop manpages and both patches/13_lessdeps_gnutls-config.diff and patches/13_lessdeps_gnutls-config.diff from the debian diff. + Update remaining patches. + Bump shlibs, new symbols added. * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of GNUTLS_2_8. * New upstream uses separate ./configure scripts for the different libraries. Invoke the main ./configure script with --cache-file=$(CURDIR)/config.cache to speed things up. -- Andreas Metzler Thu, 21 May 2009 11:18:35 +0200 gnutls26 (2.6.6-1) unstable; urgency=high * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so. * New upstream security release. + libgnutls: Corrected double free on signature verification failure. GNUTLS-SA-2009-1 CVE-2009-1415 + libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. GNUTLS-SA-2009-2 CVE-2009-1416 + libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. GNUTLS-SA-2009-3 CVE-2009-1417 * The former two issues only apply to gnutls 2.6.x. The latter is a behavior change, add a NEWS.Debian file to document it. -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 gnutls26 (2.6.5-1) unstable; urgency=low * Sync sections in debian/control with override file. libgnutls26-dbg is section debug, guile-gnutls is section lisp. * New upstream version. (Needed for Libtasn1-3 2.0) * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private. * Standards-Version: 3.8.1, no changes required. -- Andreas Metzler Tue, 14 Apr 2009 14:23:19 +0200 gnutls26 (2.6.4-2) unstable; urgency=low * Upload to unstable. * Merge changelog entries from unstable and experimental. -- Andreas Metzler Mon, 16 Feb 2009 16:43:37 +0100 gnutls26 (2.6.4-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 07 Feb 2009 14:32:57 +0100 gnutls26 (2.6.3-1) experimental; urgency=low * New upstream version. + Corrects bug gnutls-cli which caused a rehandshake request to be ignored. Closes: #396867 * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream) -- Andreas Metzler Sun, 21 Dec 2008 10:46:38 +0100 gnutls26 (2.6.2-2) experimental; urgency=low * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 * [lintian] Add ${misc:Depends} to multiple dendency lines. -- Andreas Metzler Sat, 06 Dec 2008 13:31:58 +0100 gnutls26 (2.6.2-1) experimental; urgency=low * New upstream version. + Fixes certification verifaction error CVE-2008-4989. Closes: #505360 + Drop 20_fix_501077.diff. * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper there. * Add Simon Josefsson to uploaders. -- Andreas Metzler Thu, 13 Nov 2008 19:30:06 +0100 gnutls26 (2.6.0-1) experimental; urgency=low * New upstream stable release. * Add debian/patches/20_fix_501077.diff to fix an out of bound access in gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077 -- Andreas Metzler Sat, 25 Oct 2008 09:59:03 +0200 gnutls26 (2.5.9-1) experimental; urgency=low * New upstream development version. * Bump shlibs. -- Andreas Metzler Sat, 04 Oct 2008 12:40:01 +0200 gnutls26 (2.4.2-6) unstable; urgency=medium * New patches, syncing with 2.4.3 upstream oldstable release: + 24_intermedcertificate.patch If a non-root certificate ist trusted gnutls certificateificate verification stops there instead of checking up to the root of the certificate chain. + 22_whitespace.patch - Whitespace only changes, to make it possible to apply upstream fixes without manual changes. + 25_bufferoverrun.patch. Fix buffer overrun bug in gnutls_x509_crt_list_import. http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 gnutls26 (2.4.2-5) unstable; urgency=low * Pull two patches from upstream stable branch to make gnutls behavior match documentation: + patch 23_permit_v1_CA.diff:Accept v1 x509 CA certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593 + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. CVE-2009-2409 -- Andreas Metzler Sat, 31 Jan 2009 16:26:52 +0100 gnutls26 (2.4.2-4) unstable; urgency=medium * Add Simon Josefsson to uploaders. * Another fix for the verification fix. Some correct certificate chains were not recognized as verified. Closes: #507633 -- Andreas Metzler Sat, 06 Dec 2008 12:09:33 +0100 gnutls26 (2.4.2-3) unstable; urgency=low * Fix a crash on trying to verify self-signed certificates introduced by the patch for CVE-2008-4989. Closes: #505279 -- Andreas Metzler Wed, 12 Nov 2008 19:23:23 +0100 gnutls26 (2.4.2-2) unstable; urgency=medium * [CVE-2008-4989.diff] Fix man in the middle attack for certificate verification. CVE-2008-4989 GNUTLS-SA-2008-3 -- Andreas Metzler Mon, 10 Nov 2008 19:42:54 +0100 gnutls26 (2.4.2-1) unstable; urgency=low * New upstream bugfix release. * Up to date gnutls-cli manpage. Closes: #492775 -- Andreas Metzler Sun, 21 Sep 2008 10:35:16 +0200 gnutls26 (2.4.1-1) unstable; urgency=medium * New upstream version, fixing a local denial of service vulnerability only present in >= 2.3.5. GNUTLS-SA-2008-2 CVE-2008-2377 -- Andreas Metzler Tue, 01 Jul 2008 19:35:51 +0200 gnutls26 (2.4.0-2) unstable; urgency=low * Standards version 3.8.0. Rename README.source_and_patches to README.source. * Upload to unstable. * Point watchfile to stable releases again. * Merge experimental and unstable changelog. -- Andreas Metzler Tue, 24 Jun 2008 19:13:25 +0200 gnutls26 (2.4.0-1) experimental; urgency=low * New upstream stable release. * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs. -- Andreas Metzler Wed, 18 Jun 2008 19:40:38 +0200 gnutls26 (2.3.15-1) experimental; urgency=low * New upstream version. (rc4) Disables 'openpgp-certs' tests. Closes: #486269 -- Andreas Metzler Mon, 16 Jun 2008 19:08:24 +0200 gnutls26 (2.3.14-1) experimental; urgency=low * New upstream version. (rc3) -- Andreas Metzler Wed, 11 Jun 2008 19:16:18 +0200 gnutls26 (2.3.13-1) experimental; urgency=low * New upstream version. 2nd rc for 2.4.0. * Drop debian/patches/15_gnutls-pgpself.diff, included upstream. -- Andreas Metzler Sun, 08 Jun 2008 18:00:51 +0200 gnutls26 (2.3.12-1) experimental; urgency=low * New upstream version. Bump shlibs. * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798 * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite failure on sparc. -- Andreas Metzler Thu, 05 Jun 2008 19:08:29 +0200 gnutls26 (2.3.11-1) experimental; urgency=low * New upstream version. + Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See . CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 + Fixes subjectAltName wildcard matching. Closes: #479174 + certtool now writes keyfiles with 0600 permissions. Closes: #373169 -- Andreas Metzler Sat, 24 May 2008 08:25:36 +0200 gnutls26 (2.2.5-1) unstable; urgency=high * New upstream version. Fixes three security vulnerabilities. [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See . CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1 -- Andreas Metzler Tue, 20 May 2008 19:19:55 +0200 gnutls26 (2.3.9-1) experimental; urgency=low * New upstream development version. - OpenPGP support merged into libgnutls and is now licensed under LGPL. The included copy of OpenCDK has been stripped down and re-licensed under the LGPL. Using the external OpenCDK is not supported anymore, the external library will not be maintained anymore. Drop respective (build-)depends. - API extended, bump shlibs. - certtool asks for password confirmation. Closes: #364287 - performance enhancements for gnutls_certificate_set_x509_trust_file. Closes: #400448 - gnutls-cli: exits when hostname doesn't match certificate. Use --insecure to avoid hostname comparison. * For paranoia sake build with -D_REENTRANT even if upstream has stopped doing so. * [debian/copyright] : update, and stop including a GFDL copy. * Point watchfile to development versions. -- Andreas Metzler Sat, 17 May 2008 16:56:04 +0200 gnutls26 (2.2.3-1) unstable; urgency=low * New upstream stable release. - --priority is documented in gnutls-cli(1) manpage. Closes: #467051 -- Andreas Metzler Mon, 12 May 2008 18:29:12 +0200 gnutls26 (2.2.3~rc-1) unstable; urgency=low * New upstream version. Release candidate for 2.2.3. + Increase default handshake packet size limit to 48kb. Closes: #478191 * remove unsupported .l command from debian/libgnutls-config.1 * Use Programming/C as doc-base section. -- Andreas Metzler Thu, 01 May 2008 13:09:49 +0200 gnutls26 (2.2.2-1) unstable; urgency=low * New upstream version. Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. corrected string handling in parse_general_name. Closes: #465197 * Point watchfile to ftp.gnutls.org. * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0. -- Andreas Metzler Fri, 22 Feb 2008 19:08:36 +0100 gnutls26 (2.2.1-3) unstable; urgency=low * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build gnutls guile wrapper on ia64. -- Andreas Metzler Mon, 04 Feb 2008 19:14:03 +0100 gnutls26 (2.2.1-2) unstable; urgency=low * Add Vcs-Svn: and Vcs-Browser control fields. * Upload to unstable. -- Andreas Metzler Sun, 03 Feb 2008 18:14:21 +0100 gnutls26 (2.2.1-1) experimental; urgency=low * New upstream version. * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper there. * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both packages contain gnutls-bin debugging symbols. Closes: #459295. -- Andreas Metzler Sun, 20 Jan 2008 18:27:33 +0100 gnutls26 (2.2.0-1) experimental; urgency=low * New upstream version. License change! Main library stays LGPLv2.1+ but libgnutls-extra, libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is updated. * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older versions were GPLv2+) and this license is not compatible with GPLv3+. * Non packaged 2.1.8 introduced new symbol gnutls_x509_crt_get_subject_alt_name2(), bump shlibs. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for DSA2 support. Closes: #455513 * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d. -- Andreas Metzler Sat, 15 Dec 2007 16:41:54 +0100 gnutls26 (2.1.7-1) experimental; urgency=low * New upstream version. - Another soname bump. Packages renamed. * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since dak does not allow that yet. * Add Build-Conflicts: libgnutls-dev to stop libtool from linking libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035 -- Andreas Metzler Sat, 1 Dec 2007 10:40:17 +0100 gnutls25 (2.1.6-2) experimental; urgency=low * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make experimental buildds happy. -- Andreas Metzler Mon, 19 Nov 2007 18:58:48 +0100 gnutls25 (2.1.6-1) experimental; urgency=low * New upstream version. API changes! Please consult /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated, removed (mainly *_authz_*) and changed interfaces. This is the first release canddate for 2.2. The deprecation of gnutls_set_default_priority() is supposed to be undone before the final stable release. * Bump build-depends. * Stop building and shipping the C++ library, since nobody is using it. I will happly re-add it if requested. * Add Homepage field to debian/control. * Build and ship Guile bindings. Requested by Ludovic Courtès who also provided the initial patch. (On a sidenote I think guile generally does not do the right thing by throwing dlopened modules into /usr/lib/.) * Update debian/copyright. -- Andreas Metzler Sat, 17 Nov 2007 16:42:01 +0100 gnutls13 (2.0.1-1) unstable; urgency=low * New upstream version. * Remove doc/*.info* on clean to allow building thrice in a row. (Closes: #441740) -- Andreas Metzler Sat, 29 Sep 2007 11:29:22 +0200 gnutls13 (1.7.19-1) unstable; urgency=low * New upstream version 1.7.19. - Fix gnutls_error_is_fatal so that positive "errors" are non-critical. This takes of care of the mutt breakage. Closes: #439640 -- Andreas Metzler Mon, 27 Aug 2007 19:36:23 +0200 gnutls13 (1.7.18-2) unstable; urgency=low * Upload to unstable -- Andreas Metzler Sat, 25 Aug 2007 09:27:18 +0200 gnutls13 (1.7.18-1) experimental; urgency=low * New upstream version 1.7.18, release candidate for 2.0. * Bump shlibs, since functions have been added. * Image files renamed upstream with gnutls- prefix and symlinked to /usr/share/info/ in Debian package. Closes: #423577 -- Andreas Metzler Sat, 18 Aug 2007 09:06:11 +0200 gnutls13 (1.7.16-1) experimental; urgency=low * New upstream version 1.7.16. -- Andreas Metzler Sat, 11 Aug 2007 10:50:21 +0200 gnutls13 (1.7.14-1) experimental; urgency=low * New upstream version - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183 -- Andreas Metzler Sat, 30 Jun 2007 09:06:35 +0200 gnutls13 (1.7.12-1) experimental; urgency=low * New upstream version 1.7.12 - Fixes memory errors in certificate parsing. Closes: #333050 * Bump shlibs, due to API extensions in 1.7.10. * Rebuilding of docs simpified, strip debian/README.source_and_patches to reflect that. -- Andreas Metzler Sat, 23 Jun 2007 11:14:26 +0200 gnutls13 (1.7.9-1) experimental; urgency=low * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) * New upstream version. - Uses opencdk10 (0.6.x). - Improved gnutls_set_default_priority() priorities, with matching correct docs. (Closes: #422024) - bumped shlibs. * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage twice in a row on the same sourcetree. (Closes: #424357) Document what is needed to rebuild doc/gnutls.pdf in README.source_and_patches. -- Andreas Metzler Mon, 28 May 2007 08:36:42 +0200 gnutls13 (1.7.7-1) experimental; urgency=low * New development upstream version 1.7.7. - Point watchfile to development versions. - Bump shlibs for added APIs. - Includes German translation. (Closes: #392857) -- Andreas Metzler Sun, 15 Apr 2007 10:11:21 +0200 gnutls13 (1.6.3-1) unstable; urgency=low * New upstream version, pulling selected fixes and features from 1.7.x. * Bump shlibs. -- Andreas Metzler Sun, 27 May 2007 09:26:14 +0200 gnutls13 (1.6.2-2) unstable; urgency=low * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332) -- Andreas Metzler Sun, 13 May 2007 09:48:31 +0200 gnutls13 (1.6.2-1) unstable; urgency=low * New upstream version - Really Closes: #403887 libgnutls failes to parse OpenSSL generated certificates, since it contains a regenerated pkix_asn1_tab.c. - Ship German translation. Closes: #392857 -- Andreas Metzler Sat, 21 Apr 2007 10:57:02 +0200 gnutls13 (1.6.1-2) unstable; urgency=low * [gnutls-bin.install] Ship psktool. * Ship gettext translations in deb package, but as gnutls13.mo instead of gnutls.mo. * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-* changelog entries after branchoff. Point watchfile to stable upstream versions again. * Drop dependency of libgnutls13-dbg on libgnutlsxx13. -- Andreas Metzler Sat, 3 Feb 2007 13:49:48 +0100 gnutls13 (1.6.1-1) experimental; urgency=low [ James Westby ] * New upstream release. -- Andreas Metzler Sat, 3 Feb 2007 13:18:03 +0100 gnutls13 (1.6.0-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 18 Nov 2006 13:21:56 +0100 gnutls13 (1.5.3-1) experimental; urgency=low [ Andreas Metzler ] * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. * New upstream version 1.5.3. * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093. * Drop code for re-libtoolizing and running auto* from debian/rules, it is unused and would not work anymore. (We can later grab the from SVN and update it to make work if we ever need it.) -- Andreas Metzler Sat, 28 Oct 2006 12:56:46 +0200 gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low [ Andreas Metzler ] * Add a watchfile. * New upstream development version. - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was broken. - Drop unneeded patches/16_libs.private_gnutls.diff patches/16_libs.private_gnutls-extra.diff - Point watchfile to development versions. - Builds a C++ library. * Switch to debhelper v5 mode to be able to ship debug symbols of libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package. * Branched off from 1.4.4-1. -- Andreas Metzler Sat, 30 Sep 2006 09:54:38 +0200 gnutls13 (1.4.4-3) unstable; urgency=low * Pulled /patches/18_negotiate_cypher.diff from 1.4.5: When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS version, try to negotiate the highest version support by the GnuTLS server, instead of the lowest. -- Andreas Metzler Sat, 11 Nov 2006 10:35:29 +0100 gnutls13 (1.4.4-2) unstable; urgency=low [ Andreas Metzler ] * Add a watchfile. * Fix debian/copyright. - Do not use "copyright" as title of a paragraph listing licenses. (Closes: #290194) - Add a copy of the FDL 1.2 to debian/copyright. -- Andreas Metzler Tue, 12 Sep 2006 19:57:49 +0200 gnutls13 (1.4.4-1) unstable; urgency=high [ Andreas Metzler ] * New upstream version 1.4.4 - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't crash mutt. (closes: #386725) GNUTLS-SA-2006-4 is CVE-2006-4790. -- Andreas Metzler Tue, 12 Sep 2006 19:09:47 +0200 gnutls13 (1.4.3-2) unstable; urgency=low * the lesser of two weevils release. [ Andreas Metzler ] * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in various programs, including mutt. (closes: #386680) -- Andreas Metzler Sat, 9 Sep 2006 19:29:52 +0200 gnutls13 (1.4.3-1) unstable; urgency=high [ Andreas Metzler ] * New upstream version 1.4.3. - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. GNUTLS-SA-2006-4 - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.. GNUTLS-SA-2006-3 - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. -- Andreas Metzler Fri, 8 Sep 2006 19:12:33 +0200 gnutls13 (1.4.2-1) unstable; urgency=medium [ Andreas Metzler ] * New upstream bugfix release. - Fixes a crash in the certificate verification logic. -- Andreas Metzler Sat, 12 Aug 2006 10:44:16 +0200 gnutls13 (1.4.1-1) unstable; urgency=low [ James Westby ] * New upstream release. * Remove the following patches as they are now included upstream: - 10_certtoolmanpage.diff - 15_fixcompilewarning.diff - 30_man_hyphen_*.patch * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than gnutls-api so that devhelp can find it. -- Andreas Metzler Sat, 15 Jul 2006 11:11:08 +0200 gnutls13 (1.4.0-3) unstable; urgency=low [ Andreas Metzler ] * Strip "libgnutls-config --libs"' output to only list stuff required for dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's README.Debian. * Pull patches/16_libs.private_gnutls.diff and debian/patches/16_libs.private_gnutls-extra.diff from upstream to make pkg-config usable for static linking. -- Andreas Metzler Sun, 2 Jul 2006 12:10:56 +0200 gnutls13 (1.4.0-2) unstable; urgency=low [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/10_certtoolmanpage.diff patches/12_lessdeps.diff * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc) * Also ship css-, devhelp- and sgml files in gnutls-doc. * patches/15_fixcompilewarning.diff correct order of funtion arguments. [ James Westby ] * This release allows the port to be specified as the name of the service when using gnutls-cli (closes: #342891) -- Andreas Metzler Sat, 17 Jun 2006 20:44:09 +0200 gnutls13 (1.4.0-1) experimental; urgency=low * New maintainer team. Thanks, Matthias for all the work you did. * Re-add gnutls-doc package, featuring api-reference as manual pages and html, and reference manual in html and pdf format. (closes: #368185,#368449) * Fix reference to gnutls0.4-doc package in debian/copyright. Update debian/copyright and include actual copyright statements. (closes: #369071) * Bump shlibs because of changes to extra.h * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will generate the necessary directories. * Drop debian/NEWS.Debian as it only talks about the move of the (since purged) gnutls-doc package to contrib a long time ago. (Thanks Simon Josefsson, for these suggestions.) * new upstream version. (closes: #368323) * clean packaging against upstream tarball. - Drop all patches, except for fixing error in certtool.1 and setting gnutls_libs=-lgnutls-extra in libgnutls-extra-config. - Add --enable-ld-version-script to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of patching ./configure.in. (closes: #367358) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Build against external libtasn1-3. (closes: #363294) * Standards-Version: 3.7.2, no changes required. * debian/control and override file are in sync with respect to Priority and Section, everthing except libgnutls13-dbg already was. (closes: #366956) * acknowledge my own NMU. (closes: #367065) * libgnutls13-dbg is nonempty (closes: #367056) -- Andreas Metzler Sat, 20 May 2006 11:22:36 +0000 gnutls13 (1.3.5-1.1) unstable; urgency=low * NMU * Invoke ./configure with --with-included-libtasn1 to prevent accidental linking against the broken 0.3.1-1 upload of libtasn1-2-dev which contained libtasn1.so.3 and force gnutls13 to use the internal version of libtasn instead until libtasn1-3-dev is uploaded. Drop broken Build-Depency on libtasn1-2-dev (>= 0.3.1). (closes: #363294) * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead of --dbg-package=libgnutls12. (closes: #367056) -- Andreas Metzler Sat, 13 May 2006 07:45:32 +0000 gnutls13 (1.3.5-1) unstable; urgency=low * New Upstream version. - Security fix. - Yet another ABI change. * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272 * Let -dev package depend on liblzo-dev (closes:#347438) * Fix certtool help output (closes:#338623) -- Matthias Urlichs Sat, 18 Mar 2006 22:46:25 +0100 gnutls12 (1.2.9-2) unstable; urgency=low * Install /usr/lib/pkgconfig/*.pc files. * Depend on texinfo (>= 4.8, for the @euro{} sign). -- Matthias Urlichs Tue, 15 Nov 2005 19:26:02 +0100 gnutls12 (1.2.9-1) unstable; urgency=low * New Upstream version. -- Matthias Urlichs Fri, 11 Nov 2005 18:51:28 +0100 gnutls12 (1.2.8-1) unstable; urgency=low * New Upstream version. - depends on libgcrypt11 1.2.2 * Bumped shlibs version, just to be on the safe side. -- Matthias Urlichs Wed, 19 Oct 2005 12:05:14 +0200 gnutls12 (1.2.6-1) unstable; urgency=low * New Upstream version. * Remove Provides: on libgnutls11-dev. Hopefully this will be temporary (pending discussion with Upstream). -- Matthias Urlichs Thu, 11 Aug 2005 12:21:36 +0200 gnutls12 (1.2.5-3) unstable; urgency=high * Updated libgnutls12.shlibs file. Thanks to Mike Paul . Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks dependencies on this library -- Matthias Urlichs Thu, 21 Jul 2005 13:19:25 +0200 gnutls12 (1.2.5-2) unstable; urgency=medium * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps. Added an explicit dependency as a stopgap fix. -- Matthias Urlichs Thu, 21 Jul 2005 08:27:22 +0200 gnutls12 (1.2.5-1) unstable; urgency=low * Merged with the latest stable release. * Renamed to gnutls12. - Changed the library version strings to GNUTLS_1_2. - Renamed the development package back to "libgnutls-dev". -- Matthias Urlichs Tue, 5 Jul 2005 10:35:56 +0200 gnutls11 (1.0.19-1) experimental; urgency=low * Merged with the latest stable release. -- Matthias Urlichs Sun, 26 Dec 2004 13:28:45 +0100 gnutls11 (1.0.16-13) unstable; urgency=high * Fixed an ASN.1 extraction error. Found by Pelle Johansson . -- Matthias Urlichs Mon, 29 Nov 2004 10:16:21 +0100 gnutls11 (1.0.16-12) unstable; urgency=high * Fixed a segfault in certtool. Closes: #278361. -- Matthias Urlichs Thu, 11 Nov 2004 09:40:02 +0100 gnutls11 (1.0.16-11) unstable; urgency=medium * Merged binary (non-UF8) string printing code from Upstream. * Password code in certtool was somewhat broken. -- Matthias Urlichs Sat, 6 Nov 2004 13:11:03 +0100 gnutls11 (1.0.16-10) unstable; urgency=high * Fixed one instance of uninitialized memory usage. -- Matthias Urlichs Thu, 21 Oct 2004 06:07:53 +0200 gnutls11 (1.0.16-9) unstable; urgency=high * Pulled from Upstream CVS: - Fix two memory leaks. - Fix NULL dereference. -- Matthias Urlichs Fri, 8 Oct 2004 10:43:20 +0200 gnutls11 (1.0.16-8) unstable; urgency=high * Pulled these changes from Upstream CVS: - Added default limits in the verification of certificate chains, to avoid denial of service attacks. - Added gnutls_certificate_set_verify_limits() to override them. - Added gnutls_certificate_verify_peers2(). -- Matthias Urlichs Sun, 12 Sep 2004 02:05:25 +0200 gnutls11 (1.0.16-7) unstable; urgency=low * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output. Thanks to joeyh@debian.org for reporting this problem. -- Matthias Urlichs Sat, 14 Aug 2004 11:22:51 +0200 gnutls11 (1.0.16-6) unstable; urgency=medium * Memory leak, found by Modestas Vainius . - Closes: #264420 -- Matthias Urlichs Sun, 8 Aug 2004 22:21:01 +0200 gnutls11 (1.0.16-5) unstable; urgency=low * Depend on current libtasn1-2 (>= 0.2.10). - Closes: #264198. * Fixed maintainer email to point to Debian address. -- Matthias Urlichs Sat, 7 Aug 2004 19:44:38 +0200 gnutls11 (1.0.16-4) unstable; urgency=low * The OpenSSL compatibility library has been linked incorrectly (-ltasn1 was missing). * Need to build-depend on current opencdk8 and libtasn1-2 version. -- Matthias Urlichs Sat, 7 Aug 2004 19:29:32 +0200 gnutls11 (1.0.16-3) unstable; urgency=high * Documentation no longer includes LaTeX-produced output (the source contains latex2html-specific features, which is non-free). * Urgency: High because of pending base freeze. -- Matthias Urlichs Mon, 26 Jul 2004 11:18:20 +0200 gnutls11 (1.0.16-2) unstable; urgency=high * Actually *enable* debug symbols :-/ * Urgency: High for speedy inclusion in d-i -- Matthias Urlichs Fri, 23 Jul 2004 22:38:07 +0200 gnutls11 (1.0.16-1) experimental; urgency=low * Update to latest Upstream version. * now depends on libgcrypt11 * Include debugging package * Use hevea, not latex2html. -- Matthias Urlichs Wed, 21 Jul 2004 16:58:26 +0200 gnutls10 (1.0.4-4) unstable; urgency=low * New maintainer. * Run autotools at source package build time. - Closes: #257237: FTBFS (i386/sid): aclocal failed * Remove "package is still changed upstream" warning. * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7. -- Matthias Urlichs Fri, 16 Jul 2004 02:09:36 +0200 gnutls10 (1.0.4-3) unstable; urgency=low * control: Changed the build dependency and the dependency of libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3; libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which could cause linking against two versions of libgcrypt. -- Ivo Timmermans Sat, 24 Jan 2004 15:32:22 +0100 gnutls10 (1.0.4-2) unstable; urgency=low * libgnutls-doc.doc-base: Removed HTML manual listing. * control: Removed Jordi Mallach from the list of Uploaders. Thanks, Jordi :) -- Ivo Timmermans Wed, 14 Jan 2004 13:35:42 +0100 gnutls10 (1.0.4-1) unstable; urgency=low * New upstream release (Closes: #227527) * The new documentation in libgnutls-doc fixes several typo's and style glitches: Closes: #215772: inconsistent auth method list in manual Closes: #215775: dangling footnote on page 14 of manual Closes: #215777: bad sentence on page 18 of manual Closes: #215780: incorrect info about ldaps/imaps in manual * rules: * Use --add-missing instead of --force in the call to automake. * Don't build gnutls.ps, use the upstream version. (Closes: #224846) * gnutls-bin.manpages: Use glob to find manpages. * patches/008_manpages.diff: Removed; included upstream. -- Ivo Timmermans Tue, 13 Jan 2004 23:57:16 +0100 gnutls10 (1.0.0-1) unstable; urgency=low * New upstream release. * Major soversion changed to 10. * control: Changed build dependencies of libtasn1-dev. * libgnutls10.shlibs: Added libgnutls-openssl to the list. -- Ivo Timmermans Mon, 29 Dec 2003 23:23:08 +0100 gnutls8 (0.9.99-1) experimental; urgency=low * New upstream release. * Included upstream GPG signature in .orig.tar.gz. -- Ivo Timmermans Wed, 3 Dec 2003 22:33:52 +0100 gnutls8 (0.9.98-1) experimental; urgency=low * New upstream release. * debian/control: libgnutls8-dev depends on libopencdk8-dev. * debian/libgnutls-doc.examples: Install src/*.[ch]. -- Ivo Timmermans Sun, 23 Nov 2003 15:44:38 +0100 gnutls8 (0.9.95-1) experimental; urgency=low * New upstream version. -- Ivo Timmermans Fri, 7 Nov 2003 19:50:22 +0100 gnutls8 (0.9.94-1) experimental; urgency=low * New upstream version; package based on gnutls7 0.8.12-2. * debian/control: * Build-depend on libgcrypt7-dev (>= 1.1.44-0). * debian/rules: Run auto* after the patches have been applied. -- Ivo Timmermans Fri, 31 Oct 2003 18:47:09 +0100 debian/gnutls-doc.doc-base0000664000000000000000000000055612246673427012671 0ustar Document: gnutls Title: GnuTLS Manual Author: Simon Josefsson Abstract: GnuTLS library manual Section: Programming/C Format: HTML Index: /usr/share/doc/gnutls-doc/html/gnutls.html Files: /usr/share/doc/gnutls-doc/html/* Format: PDF Files: /usr/share/doc/gnutls-doc/gnutls.pdf Format: info Index: /usr/share/info/gnutls.info.gz Files: /usr/share/info/gnutls.info* debian/gnutls-doc.info0000664000000000000000000000004712246673427012142 0ustar debian/tmp/usr/share/info/gnutls.info* debian/control0000664000000000000000000002224312305576336010610 0ustar Source: gnutls28 Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian GnuTLS Maintainers Uploaders: Andreas Metzler , Eric Dorland , James Westby , Simon Josefsson Build-Depends: debhelper (>= 9), nettle-dev (>= 2.7), zlib1g-dev, libtasn1-6-dev (>= 3.1), autotools-dev, guile-2.0-dev [!ia64], datefudge, libp11-kit-dev (>= 0.20), pkg-config, chrpath, libidn11-dev, autogen (>= 1:5.16-0), bison, dh-autoreconf Build-Depends-Indep: gtk-doc-tools, texinfo (>= 4.8) Build-Conflicts: libgnutls-dev Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/pkg-gnutls/gnutls.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnutls/gnutls.git Homepage: http://www.gnutls.org/ Package: libgnutls28-dev Section: libdevel Architecture: any Provides: gnutls-dev Depends: libgnutls28 (= ${binary:Version}), libgnutlsxx28 (= ${binary:Version}), libgnutls-xssl0 (= ${binary:Version}), nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev (>= 3.1), libp11-kit-dev (>= 0.11), ${misc:Depends} # libgnutls-openssl27 (= ${binary:Version}), Suggests: gnutls-doc, gnutls-bin, guile-gnutls Conflicts: gnutls-dev Replaces: gnutls-dev Multi-Arch: same Description: GNU TLS library - development files GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the GnuTLS development files. Package: libgnutls28 Priority: standard Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: gnutls0, gnutls3, gnutls0.4 Conflicts: gnutls0, gnutls0.4 Pre-Depends: ${misc:Pre-Depends} Suggests: gnutls-bin Multi-Arch: same Description: GNU TLS library - main runtime library GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the main runtime library. Package: libgnutls28-dbg Priority: extra Architecture: any Section: debug Depends: libgnutls28 (= ${binary:Version}), ${misc:Depends} Conflicts: libgnutls13-dbg, libgnutls26-dbg Multi-Arch: same Description: GNU TLS library - debugger symbols GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. . This package contains the debugger symbols. #Package: gnutls-bin #Architecture: any #Section: net #Depends: ${shlibs:Depends}, ${misc:Depends} #Multi-Arch: foreign #Description: GNU TLS library - commandline utilities # GnuTLS is a portable library which implements the Transport Layer # Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram # Transport Layer Security (DTLS 1.0, 1.2) protocols. # . # GnuTLS features support for: # - TLS extensions: server name indication, max record size, opaque PRF # input, etc. # - authentication using the SRP protocol. # - authentication using both X.509 certificates and OpenPGP keys. # - TLS Pre-Shared-Keys (PSK) extension. # - Inner Application (TLS/IA) extension. # - X.509 and OpenPGP certificate handling. # - X.509 Proxy Certificates (RFC 3820). # - all the strong encryption algorithms (including SHA-256/384/512 and # Camellia (RFC 4132)). # . # This package contains a commandline interface to the GNU TLS library, which # can be used to set up secure connections from e.g. shell scripts, debugging # connection issues or managing certificates. #Package: gnutls-doc #Architecture: all #Section: doc #Depends: ${misc:Depends} #Multi-Arch: foreign #Description: GNU TLS library - documentation and examples # GnuTLS is a portable library which implements the Transport Layer # Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram # Transport Layer Security (DTLS 1.0, 1.2) protocols. # . # GnuTLS features support for: # - TLS extensions: server name indication, max record size, opaque PRF # input, etc. # - authentication using the SRP protocol. # - authentication using both X.509 certificates and OpenPGP keys. # - TLS Pre-Shared-Keys (PSK) extension. # - Inner Application (TLS/IA) extension. # - X.509 and OpenPGP certificate handling. # - X.509 Proxy Certificates (RFC 3820). # - all the strong encryption algorithms (including SHA-256/384/512 and # Camellia (RFC 4132)). # . # This package contains all the GnuTLS documentation. Package: guile-gnutls # everything except ia64 - Field must be single line, unfolded! Architecture: amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64el s390 s390x sparc hurd-i386 Section: lisp Depends: ${misc:Depends},${shlibs:Depends}, guile-2.0 Description: GNU TLS library - GNU Guile bindings GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the GNU Guile 2.0 modules. Package: libgnutlsxx28 Priority: extra Architecture: any Depends: libgnutls28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: GNU TLS library - C++ runtime library GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. . GnuTLS features support for: - TLS extensions: server name indication, max record size, opaque PRF input, etc. - authentication using the SRP protocol. - authentication using both X.509 certificates and OpenPGP keys. - TLS Pre-Shared-Keys (PSK) extension. - Inner Application (TLS/IA) extension. - X.509 and OpenPGP certificate handling. - X.509 Proxy Certificates (RFC 3820). - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . This package contains the C++ runtime libraries. Package: libgnutls-xssl0 Priority: extra Architecture: any Depends: libgnutls28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: GNU TLS library - XSSL API runtime library GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram Transport Layer Security (DTLS 1.0, 1.2) protocols. . GnuTLS offers a simplified high-level API to GnuTLS. This API is currently marked experimental. #Package: libgnutls-openssl27 #Priority: standard #Architecture: any #Depends: libgnutls28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} #Pre-Depends: ${misc:Pre-Depends} #Multi-Arch: same #Description: GNU TLS library - OpenSSL wrapper # GnuTLS is a portable library which implements the Transport Layer # Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram # Transport Layer Security (DTLS 1.0, 1.2) protocols. # . # GnuTLS features support for: # - TLS extensions: server name indication, max record size, opaque PRF # input, etc. # - authentication using the SRP protocol. # - authentication using both X.509 certificates and OpenPGP keys. # - TLS Pre-Shared-Keys (PSK) extension. # - Inner Application (TLS/IA) extension. # - X.509 and OpenPGP certificate handling. # - X.509 Proxy Certificates (RFC 3820). # - all the strong encryption algorithms (including SHA-256/384/512 and # Camellia (RFC 4132)). # . # This package contains the runtime library of the GnuTLS OpenSSL wrapper. debian/gnutls-bin.manpages0000664000000000000000000000011712246673427013003 0ustar debian/tmp/usr/share/man/*/*.1 debian/tmp/usr/share/man/*/*.8 debian/crywrap.8 debian/gnutls-doc.docs0000664000000000000000000000001712246673427012134 0ustar doc/gnutls.pdf debian/README.source0000664000000000000000000000020612246673427011362 0ustar Rebuilding PDF documentation: apt-get install texlive-latex-base texlive-fonts-recommended \ texlive-generic-recommended make pdf debian/compat0000664000000000000000000000000212246673427010403 0ustar 9 debian/libgnutls28-dev.install0000664000000000000000000000020712246673427013525 0ustar debian/tmp/usr/include/* debian/tmp/usr/lib/*/libgnutls*.so debian/tmp/usr/lib/*/libgnutls*.a debian/tmp/usr/lib/*/pkgconfig/gnutls.pc debian/gnutls-bin.examples0000664000000000000000000000002112246673427013020 0ustar doc/certtool.cfg debian/libgnutls28.NEWS0000664000000000000000000000513012246673427012057 0ustar gnutls28 (3.0.0-1) experimental; urgency=low GnuTLS is now using nettle instead of libgcrypt as crypto backend. Related to this change (nettle uses LGPLv3+ licensed GMP) the licensing has change. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. GnuTLS can therefore not be used by projects using GPLv2 without the "or later" clause. -- Andreas Metzler Sun, 14 Aug 2011 14:27:12 +0200 gnutls26 (2.6.6-1) unstable; urgency=high libgnutls: Check expiration/activation time on untrusted certificates. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. We have realized that many applications that use libgnutls, including gnutls-cli, fail to perform proper checks. Implementing similar logic in all applications leads to code duplication. Hence, we decided to check whether the current time (as reported by the time function) is within the activation/expiration period of certificates when verifying untrusted certificates. This changes the semantics of gnutls_x509_crt_list_verify, which in turn is used by gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. We add two new gnutls_certificate_status_t codes for reporting the new error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also add a new gnutls_certificate_verify_flags flag, GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new behaviour. GNUTLS-SA-2009-3 CVE-2009-1417 http://www.gnu.org/software/gnutls/security.html -- Andreas Metzler Thu, 30 Apr 2009 19:00:21 +0200 gnutls26 (2.4.2-5) unstable; urgency=medium * The gnutls certificate verification code has been changed to stop trusting some weak algoritms. Verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. See , and "certtool -i < signature.pem" will inform about the algoritm used for signing (Search for "Signature Algorithm" in its output.). The proper fix is to re-issue the certificates with a more secure algoritm. As a hotfix the respective certicate itself can be added to the list of trusted certificates. Obviously this should only be done after verifying the certificate by different means than relying on the weak signature. -- Andreas Metzler Sat, 07 Feb 2009 12:58:51 +0100 debian/gnutls-doc.install0000664000000000000000000000062612246673427012660 0ustar doc/reference/html/*html usr/share/doc/gnutls-doc/api-reference doc/reference/html/*png usr/share/doc/gnutls-doc/api-reference doc/reference/html/*.css usr/share/doc/gnutls-doc/api-reference doc/reference/html/*.sgml usr/share/doc/gnutls-doc/api-reference doc/reference/html/*.devhelp* usr/share/doc/gnutls-doc/api-reference doc/*.html usr/share/doc/gnutls-doc/html doc/*.png usr/share/doc/gnutls-doc/html debian/guile-gnutls.install0000664000000000000000000000011712246673427013213 0ustar debian/tmp/usr/lib/*/guile/*/guile-gnutls*.so* debian/tmp/usr/share/guile/site debian/gnutls-doc.doc-base.apireference0000664000000000000000000000041012246673427015305 0ustar Document: gnutls-api Title: GNU TLS API Reference Manual Author: Simon Josefsson Abstract: GNU TLS API Reference Manual Section: Programming/C Format: HTML Index: /usr/share/doc/gnutls-doc/api-reference/index.html Files: /usr/share/doc/gnutls-doc/api-reference/* debian/upstream-signing-key.pgp0000664000000000000000000014211512257276700013776 0ustar H 6uC\‡U-HRK _iצC!eTл $P H,*QKvڃYو9(yf/Daˏ~2<4<̓WWzרK dA67Kd1Hm_ ͸fbQHI6jqxT =¦R qg !x^9KhÝZ p]o 8-mО` %)Nikos Mavrogiannopoulos FH ]W\7ud9bf+6V' u{MFH~ J "9pzP aQm4ak&^"r&H %  )XQq V4Np6nn$ 掠Tv6W$ <k!@],ZcK޲ 1eL n۳){UJ_ߡ#N\Fm:$&Z6Mm`ę^z4@icHh\)[ieTs,?Y:>;k~jX5Ҷھ*f$'" [zv.M1;Ij|=W}{UKahT4iXylt-%5c:avK\Rçnxx% /zd +S*&4q>TCxgAŝ{ngL|$j37nnw T0>8󮷗'Ak"{Ur7HӉ) % Hΰ )XQq" /4q&bAL&ޣ:I9,a( .'p;ǵ6Gt̹7NWOQU&cҔ:`wB!ɰofYP[!+PI ] 5"W3umQϋ<BbLwaW}V2)<tw .>#˿kYڽdf)tޔYHaf߶Gb?٥l[Dgƕy~Q;rl4|ZQm}%sտgi2  Vvt4_9o/50}H"eU+ b ߲V αHFM!הDNmzZ(ouӠj.6@FM^Z {'eT _r~[;'1\FbNY]N0w,u'xFMN ibvOŞDvdKXejO+W~g= FMO I6 ;d6fzN.\rx:dN{ozYzFMO 1帡iE\n#,9MF^^SD*և:m{֘FMP |zarF2Fuy:GiԹ2FMP{, 0$H]FMR sS/zn$UNy#tk<'1ǏjCM8R}r"FMS m :@X7tD'U6m}V_4w*Ejڐ2옏a-FסFMS -ߟw6{šԓd;ss#uWPpFMT|) /s)<T:~9@atdkc|ckn6G^FMU. n,*} m׸-P amWx,$fv>Z!CX|rv݈FMWê rN1$xhI!Ťz!'bjdRf8~FMX> ݪ6g 5j/rgf;fh:!7۵/z{BeOvqфFMX> / xANl֧ -M2T1I[0={-jzI;MYkS20>GYְ_ڊge%MVĸhttp://www.gothgoose.net/pgp/ u)9tRQUkOV^_Ox,HN droe%MVĻhttp://www.gothgoose.net/pgp/ ֠P.)-ӚakOpֽ@ PHDQΈt4MO]-http://www.a2x.ch/de/kontakt/pgp-policy.html qmD="-NB1xzv Ź__NuIN:20z.㹈t4MOo-http://www.a2x.ch/de/kontakt/pgp-policy.html V)>zT\tԉFN|ZVjԧ l3Xwb[MPD }&r$/K4Rs9q/p{K7d 3*~!|N_;;Jz&+<0'roGڣ?EO/22٢<.q^Oƭ{mZ`Sr&lIh;J*B9 P Z;%LYRks- oV:.`~gbWe7 ڧ ίHʿVZ<^Y`}G c|P8]fg]{\Օ這Fa~/%v. Z'` hݹ0Js#{w6#ϝ3kiSori39a'I!T8qq+TTD1EZU+FHV܄`DQ8߁.aG] GrY:6)|a9v|Os6NQ/}.Ie>>A{WT,xpq%3MQ ZA6>US>{&>ȵ#LtچGS,?y 9T1bգ#8r Ÿ!t s0$F{}%D.!zeV/q?璴p7UZ;Wu2;pkW_G8@G4)2Tߟ^]k6ˇ 5[# ']cryqݟQrG >]It%]N^QJq u0MO 8Շ& 7 W-oRRyMkRS*`S]1c2RJ*h=k:6ΆH-T\vYgE4Nhɢ)% n \`,tPҧUhז^(F/g/'kdq2;c:vxhݯP.1άriRW܃g R7A z~zM=Aa@6vtt8wΌH 4N#CGa+\F>*;6=kP)`\i,6X.C~`yvtm_;0#ocb`@#V?c+6c@;K䲏h|&V'yf !1D*ȁە2SrD91=yn_DdTwIHJ{q W;| ;K__DeGtCȦץ;8EqU?xLvApk;T%nWd5hgHx'vt5mvT780,{xQ? iliJrAMN gfZCU.! C+%/6"qR$)ǩ H +P|vZZY }#*SBj=['zwhhGsa'"-Q),61 R]lKL%]' =\YoB`{L?RGF?h.k8s.HI?lR\) m4t{ntve'-0͜ȮlI?;pMO: ~* zzX8=wgq o"_yrРZGj(7,;;UXl_$\F Qg{ӑ2gz;s70?+g!4Xce uN|% ?-{< z˿I6&W_m_ kwd9aA{npm{'bgSslMa#/7qn]{r9o]aI0/Ro*.;cQ7FDGt@ohgw:J"y wAqjH*מ 5*efT)T(j5jm٧]I^+KG+[9Ō' Fa#N^Ź9- i?dCYhhn!6{"]ܿ/Q>I98oR;OgX:ЊOitʭ7 dl Vi86"Ư(RmĢ7|?UAcB˻II`.|r(IVưl O@}}^Y`9y$k.L5esi =znVDsH4'^W>¥Q5T$責,6mPk_^]")ďD\p6Qj4.ă,Ɩm$Q94&d'=*vnʵ5c^AA`+N{5hL_ɺ6Q.8> Zcwt2FYq@%fy{QU!cɽ*d[>:JL]LΤx=!Uq&֥]sc&m3C箳o1 >UNJ#0e]-(L_5I[e)-p`GMQ /@~)?j.!]19Dy_Gi`ZxEn\_Hch^5k0m@;e#!MEz%&nَf~NuX#gU"05BCZp$= {j4kQ*MIgMBƀyU؅: #O9@fZks Ǧ5Z]d6GCOF\I)*zg<8-JZZ1&yR 5 Kl꤅NSGBV޾9K/~d4X0>ka, CЦyDc(rtWe+{SmV G DQgXB{OP^y2JU}I1c۫Ev pE BeAU̟aF9 xʕ:**c]k[~zaCNٱ80S2ĀKӏb?ş/JLxwR,txMRo *2Aњ64/3y֋~Y9x}.DYa o+ϰ.?BHR &oi3+Yj䥈Y/}+" Oo%`EOTR`j\~gC`-%MN #+KKv!=ܵ2ÐFIBy0?r2AGCE9H {"#)R2ƣiߤ526 * $W+ĸ;b {AN+ci`'gN;M!\,BܩeE6fW0}3s+%J 9GwvTZJ)%K[-_q]i>-@`7ͷs0#EQ @a~y'?,U2Z>6Tg{pn'ȷ՞Zlt+Fd^Ӱ= y.l+=', ꥴ͸5/ MR' d]*E6 q(:l,=ϒ&i4Xv|Rcj*xa"d=Bj0Uu{¬Rz=+&Š V-c8/9tD}Izи{2G(!gR_I6kt™;/i))Łv$- W֎/鈞CDXhW* A"sVySy?U\řZ9jHC[I rD1%Dkk}~i VGh;3GӺ9vS7uH o+z%2wAx2cN ӾN$z`Q|W8σЃQmwWV{Bn!({;l&Wٲ=p@>wTḆٗDHmtJbm,qc~G+9ɵE$tܝ1Eu:I[Sk&D%i>iNI-io%בGw~T=.sÀ4(n| lj, MS$ ،y"b3,8W䐤14R^<>p991y!34o 98ιsЧj}to7F>moF2d(53cG Fu# 7o,-r<7",i(W3q?jaoԠPo>l Y)KF~ $h$mJs=;\kz?fxy4{uZ'KY TjLA_㡶=IrM$c)s܅ȴ)PLD51x`uU/!A{J] _q$"%1.TM3mрcK@'No]|$XZ6/*Η"$= PAe놖{yf>|z05Խ0pjl^w=9Z_F5iYQT+KguiK޳0Fs-yFMEe9){w3Ov~H2ɞVM^ s$x2 shl&4S]22?6SPrm$g2p?6ޏJ(QhwdwTPybG{宓o/D텭{}$No(ٝ=>*(tice#E$,ŒEiGlUwN!irVWj^(=:Ǵ[;v]@V-@?v\=Bl<fPnbn04$]y(w˰#dlÖ'?Uw`Sٓ3`eTXl!7QosW:Iݸ-`[ʝ~,;0"vVFЍ3|ackgSh%Mkn=\渶b!-66C>+6ا&)“C'?G>͒%40 ٽM~y6SU"~AcP`M 66Sޓ,k #vLJ;oĉ3b)f&-3#%M_ R%1[:_[c?}."Ȇ3=Zu Meo?OT* R݂AwlJ JAN{HMo*Q!s>p{] 65!"8ȿD mƕ`W-0}$w%C@q"(z5ڠ HXTzY mgG(<Ժp:N'`4-7έԡvțUM*!DP⯄m_ɜ̠UÑ'uEQUg*/@@ҧ~!f]}zϚfpF(/,zOړkBJM jr89XE?r t-,Ka? &jk3tW"R V"ekmsaA(Vt'zZ_K|Kq} ;)"֑+DMO "Ѽen,DgwBN) G2Q{iHME갶Q(9vN#!Qo*{8*'wl-+uICNkB׮-'zsJi=/٣0+?]|]E}FP+ CM'Z~]Z[u-A167tH܇ΣxIR`(>1 Sz3+=61&r["fDP\=^,r*>=Ca;WM״ ( }Dhs:h8qT|#'+\86TmHAX34лc2gOznj/bރN"x}Ꞧ t ^?g H-TdtV"KN֍E_}ĂTMtzXyTܷnUS4ю{6˪?^+Z^:\Nvy/+JXVAEyJvKi' OǟMP /p3ȟn)*k+; YjϪfr=óPn(*+I"( n+j؟#s:kO*y*8qUַK8_VJu 3nQX"m3Eo|Ы7oEILxdbĮ͜}n50FtKi,xG81H4lw~؊ Wd7Ny~p#4d/ڹcYptbXy5ri$ˍA<',sVG+X3MY o^:h%_1[/&{9r o 3y_6u,nzj5֖OSk`2P>M#>xt#*f$o4nR%=/,$P^G~juٟ͜7LZZטF}TzwF'Yi)8=K|׽%Ē iO}LbmjB۴A5?Vb!}QmJҟ#LDi FujW*B~<l;lOIoS~N樂q1ItDA?:Q#<FxPq}Yx Ccȧ7JzwVWҚ[^4:B'b5Ú;Z+q6W,,&o5}b;}ocg `"a.!ڂ(ȯVz,ƕnVI+?:q Jbg~B["H؉ MWx &uD  @@hB'ǧ /u={kb^˒dML;p5ƟTSn،` MiX[eS^J1r9erތY>Qa@}.spڻp(^y\ #k Om#n?18D7 MW @]79Ȅ<.u%+?y I#)%qSw2J֑" ɐo˪wlfam&3gA"\ {a?w>J7H.4D1s HނGg̈M W@pN\@IhW|"H#jiigkXҋu4D#an |'Y `x~`!>( lS1"2YA:S{$P ujzN- LHC%]Usf Ylq4IIR ,Ro`t%Sֻxk= MDz`$:@E*ÍU;MT ׵*&xIC"S4+q<^8R*@l/VYj?NþhZ^XRѵ/#JKJlS߈ucH0`}ysGjϺfg1pTia^cq翳[+ bkxyXm\@8ax㕨O,>X_ u+NZ ,7 |q,lQ߈c{Y\%3ꠇ)v>Ğ[GdKΒ@ƒ5r쁿 ?h@HWoqllGY[ $[ߑE~Rr 9+^n, 92903]tt޾D3X˧%GHs>CZ< ɧ7K$mu_>Hx|۫IRv BT0Ti\)p\3:jb]e՗QKrdONYag v8Jei7mGMNY ە ׋Xϣ쾏QRF.yГ|gpSf9NZAbam䯐.{wAi2c ɸβ3CW}ajPh,F%yrم<$0Wp$7 {ܗr$Q:c}gn>|+L^t&ш~s86Z:AkTd#25S}"\ V%팸^CQ.6m#fcZ f<y@a!ۮsE` )ET% ZjEf?X$~u͠" 41^bϘ(080;zfɥp OQ{hf<d6#7VRigu d|{Œpϟ/Ƞ ĕ2tX7?q6ųF*XRi!]]/*Ρ#p,5Q]\4h&Vx |<)O0Q%^숣 n8HFE-:d%ALMO, %,(~OU6Ί418CR8='۱5A(l#d&1GuG^K.OD-|=} z.?Nn;M%D6C:k{Y4+%DQ$+ ʷ!ˉf.hw\7ȻDb}Hp)zG][rS]^`U uQHw -{&I…WQ$ǮzWiKv!"P BreO2OhDMj>}}Χ1FN>B }+]`ep9y:=LP7[i*lZgǀ%:dѤFN55KwY !Y) Zj_S({#/l(6M@98 ŸVd:A,ڧ56mPJ)*60|9(MPgl 0U)[7~4Q;p9wQҼ$xRCL EFUUE0G.91&`dRmrA βږKʷB?Y r5dT0J3I\T|!BX7op.hEE=oA}nd; iC>=( L"|5ujpB(QQ`S9v(ԕ=*"(. o-+rU.7vTn;cqB,KTSmՙ&1(@ D.+GV>NRcqwK^F9Lo~-M@ש }vޟkD xۦI*iĴ8*;2RPDX:D4enc?45EFR@۠-~ѱc=d8o jZ)ׁ9Y϶%kӉMS ~U{ zKd4JRyEA5e3lH_ҒkČ,=u it*g!]Q֓d@&> vۢx|`S>Hah頃h87 Ǒb+b:xP4>U㑲\zӋ淧/gjːȰ"E/AWP0imt II&nA!#?Q>6{URX+ԗ~3 Vz {T^YNn|vWo7ŃW Liđk~AԿ<-e}}8dgZ{PbweILk6ka`+ˏ3}ȯPic39=ZfY ɲrY|qQhi"Iͥ`uIqO>Xgr=0q[wx(e 9cu'Ŧja" \`a?3D_ ''xrxg ;MO Ax4| Fփۧq<Nϸ0;'xdPɎ(k|WB1Bw'|o)L>)~Z v{{H(b4ϳdr>Wq w7]'P̩N?*/dPX\4oprǢ&@#iA9Nș9cC#u8Ui!s֠9IyM=oƖ599]J&Wͳߕy Ջd4G;1,oN uΩggCE0],QQ?` <*`ɻ`|IGX%Et[fFdyJ1k ЊN2o/)`|nO MT ` T{. ct͛I 8#4zQV9*EfPMg+( "BHj#d>+B5̟(@;w+.>6$ʘuMRm3F MNB "㊸&şf[1m|^x,zZ} {|w }ۯACr8t,9 ^4J+NȓHo5~ 7j3.( IBOgfKCǀɓR6ֻ6},J_DG~D-MZ>r* Syh}.Pž /i 4ts?Oώ]:.{s숿zf9H?q>"ZXM~1wը|(>aWh#=ELk${7(1P3~,:r_f l |W*ADѶ'DNo;E\[b  MOx ɑ٫E~^ Ny54'9֧QήngT5DRyj~7}or?HjP7MؑC/t+4j;37fk@qb2y~R8 #̄B3_{SpTlhg\$:ϘZMuWaX~ʕT~DT8A%p*6͏^Y0hEcUbVE9D^Ɔl)*qg)j埑L@.Yڳ!Q ,5&3A)do"nQ#e}7A/,G4Au52˕, Nֽw:ako ] ByI&5 ЙnTX,j2e%wIV[[PJB.@TLsƩ8fCu?PBqppTM)׎eLTX* GKAKMw"K> QaEBtz4@;%MVĿhttp://www.gothgoose.net/pgp/ zBB8#gzy ?g'uJO R,7t /H,UTYGe2E*N{{{Ⱦ!WzITel/bc;_Țr`λǪ$7S}o_mH^}v_k%oK}q(tf Q{ˏ6M6[ۡ#w"$$N-KAIZ"D-Q Yz-BVF+X2 ۦDGӬb.bE3BBS,fENe \/"7 DZ~fsòʮZTiG %8 ?Nt{Rud}ulY 0XL(.}҉zAa0ݱ[09!0*-"IMeK׺VyBi%VF2/ZD.Acݻ3 ͝ '܉ch3iSmjIFuc75D*aK]M 3ukUV>yaDZNƜ͆7 g_uh!@mp8)k3ъpLh@}I34;8eKe]ĎPo,oB/da!S|a%B4E\=)\~8&7g^.z XL?kۘ ٢{TeFNz * Mk$O4|de[Ֆߌ6^g`鳐f=˫%9"OfU6չdAeG4]*Lм@Hyo;o{0:}Ef`Y.`^,}x$~ aj0 [zsAcyh.5'UrxƯ D_ 5 SDHӊW^F˴xD2d+EV_e5ANՉMw 2WU[g%> `ΠVjO=V0) sb+i?䖥8o o[=gj#U` yc=@Q%*KO8$\A@='.iV:\Ĥ3*mzj*;R,kU׎4ȅU?p lGv)4یyj|EX M3> Z cU #4mq 4-Xgz(5%59]clc8+`'/Is r˒CRndjpObo2f|FtH6Np TO!NOFn [vNBoєH.}s-=g4.7De2/@1vը<(óg/;V]'|SWrmշk5- sF݆&|k#ã a%~)x.h7*̳Ð;mx;F{ 8jv^*+*t9djd6{HE \l|,FD%rK<& n4"ǹ9LCxiȈTU/eiR J8sT? 'ur+ 9]t,l"A@ȤKdӐGj|d Y _`m}LPeYLVo #bak߽izd֯FO* V(@pZ!t,fkݶPfEE{󏂑@FO* cBZp@b㈩*neU^&4jx\G+NnR_$UO* grQ[?R+pM1 $/A) .ݎ}-H3C.& âWc:Hk2?RB1Fz.8V }ʴ>Oуs(6+Ғ"}NN4:\" H5K{ǼxXOadddn<1|9/2aO8AUV*_5ǂR<#R̶DUEESb". Ϫ<8nXO'~≍FO* ( o:[`q|ǔޖQ]y r1(J vZ-V&U:/8 _3gZAtrI#95MK1}햮~\L3)O*Nq)ȕcdGYd7qwHLJ E]U0P_{_CkxqvXń"]b:0zt,? 9ZOTy1Q;{mN$*{(>&ߠCp$7Nikos Mavrogiannopoulos FH ]W\7FSX= 8}ERà<§%;FH~ J 暲,In~{_zO;@-`Y`&s_?z&H %  )XQq &smJw+RD(XgԪX`yeC$d_;LW>W=,&@lT` Bo},T`)+¬̋?o)sq݋&ĝX% }P9KrI}ei<`~p;Irf,hR| ꇆP6GףCպe# '{buSA!(7wl[ A4A}bܵT+E{nbڵD޺Soc;w_ޠF=LXTVVDyg-:ke4VN+ \L/xp} U*cJu&# .X\%,Xg3߈.e=FM^Z {'eʀy r֋,@l4|2CQmFMN ibvOŞDp"VkK ~_0bm+&|'*aiFMO I6 ;d}CHʣB]t=: oB f+WFMO 1帡iSJ˼_x#NBn۝ϟ xcX Ut8H+ FMP +:BmUrzU4fCf3rVnrFMP{, 0$Hluzt>z/*OUNK6/:o΁̗x$FMR sS/Q0ܾ?!-95 k7^H$5>PtFMS m :@X7> AA6!Psm386LzƖUFaۧFMS -ߟ#<.sy΃M\Z^R).Lf\ހM2jpeUVFMT|) /s)<Rf5kV"e.\ f^o=C.[&hʌ;)U{FMU. n,*} `y7Z6waO$쳌zMq!oOBFMWê rK\ZF|䜃AG~źY}j0`sKjxbLFMX> ݪ6g 5jc1@ ^ lRiP“_4_,•6h3FMX> / x79Χ%)܊8a9+]O#p`/F+FFMZ q3_jbh7(+dҒFOKuuFM[y  Z?RK Xv2РzĞػ?EVBXFMP~U сzlBr Cb3_?.uhp),YF6FMO ݇AZ"V8PT;e.s15gY$ gX:)Ν rFMQ_f #;W_C5 $1zͰLz]}1ֹ̣FMR Vb8 3^q1U#vl`kHNC8ڻged Y鯠2vCFMXW 8zv~u )XX"E\!KaVEѬx09FM]Z b?chK"d tyAl\H4U(^MO5 Bv603kʊiM:n ?'ݽƒfs|*eQL;~P@7΁Wm}^MTR 6=8iU2eM/FlgҭէI"97p\Lz![#kB;(EG1HAc5e%MVĸhttp://www.gothgoose.net/pgp/ u)\& :YHd.k@3 D7IB?yڈe%MVĻhttp://www.gothgoose.net/pgp/ ֠P.{O}cepWV.Ñ۪SMbTt4MO]-http://www.a2x.ch/de/kontakt/pgp-policy.html qmD="-s:~ o/.cTkTM[7ַMrgLjt4MOo-http://www.a2x.ch/de/kontakt/pgp-policy.html V)>zTGݵ<7ױݿMC[~Fiyz!rMPD }&rR5ޘ|L~ֽB 3eї$j;k .ޫoQ4A::1=2hO$ƍsʼKyKYV>@YdFf( ڶ䄃,d,‹ZöѤ{їiBcL(޳~KRr1(KpGO ><{vٱ,@D_-|Jn$s2yknrnHMp\|݊<vRťBj`=MQ VtoZDU宐xPGG4qKvܺFboNZB68A-]yk)D + b}6 [N2ڊ܂-Q(W[ii]B>Mk"Yo E ܞIdNJ1{ NP[4wT8*߈C(i#I,%72"t zw8isGrvC6 %4%j VdoGBbx @MMQ ZA6LC~ DVT!ŀa`+IGL ] ߅϶Q~PT%]e?ky0d.ˢp8<1jH*~#0o2Rv[.vow],ҟV@c|&n5W[ApEt:aCl}qR!8oq)2#xN4bC/I$:5*m3etA@Ju?kzxxжy5UMO 8Շ ?0s {][+ztujhRf(.g_41$>k|E ަJU_y҅ &s^8<|SbGObs ;dQ~҆~A$d  ޥH/W^F11i3uߝ}lMYoqEk|0'oJ}HYnU<>H}hZr+~;k1-02}auU=@Ҁ_ ĨSqYV\!-)O}>FKRdҢ 9BYF Hܘ|x s4VԣMPe 8ՇE X ZT2͢ڨQiZcGpʼsH*V )r@$C+A sO7'6EلHP_;c`,Ҭ-֦pKf)>-y+sc}q:իk0@(XB 6X (&*"JGf:5}'~TT`V4^%>ZXpz˰4\ۚ?qw_\ '*ju065h$W66KBK>uA },cI&.罁u2{msNqEU.}=yq=0c \}"sDbGsVxMN gfZCeU\s/) Q4HbA.+:Zzenb8ҵ~Khw; 2qFS;9,Vhʜmְ#%+O@zu PZ<t){*2]_i&촩ӫiT)2#Z,[> ?iQ=ls?ʤ+ Y#օT@Yk5+ 4^Ӌa(PT҆{;9%B*< 9d$^>۽0 S9׾k/c(Hf⸪kY'wԃe3_ _: (:4XVbQװ%=SabLj{bڸ(͙ Xk_NOD;1?g*F7)OZIgurlꨖtp}: m] ##j"3w; GCOI[H4b'}/ ks累zKv:lSkrr5Jg>eXb?ό1U%݊s#+&vnټЖh$kkK|#pxLjI+0nr`A]fa5MP[@ a/1bmQWfj? W".~}R CiCڬyv%[]kpdȶqbN/?dKa־dc)HO 9n9Md0R< y&w.#%WWSؖGzAOo@?ƵvD U'9ÓOU@fyKi_(b/>04YH OnϔjMQ ^>@Ju4sb;}%aʄrj6穋6t}.a7<_:l8xIR|){ʔ*wg{<(wkҨ5-`%l}-qWtFcֿBNM"440X{4Qcop7*Z?;r"ڭ Á.`qSe`Frd0"{[{o p-p XMV ٺ}ľttoܴF#7]MI2 ~p&0(7e6YO4`p@'tEd [D%HMA0xT3r EM=5(!kE?nƧrÿN$sY|4A4$R7˄(b|.(0gs|P /R% MQ /@~54|MI2x)Gl`Cʌ% |/㘯.HWU8,øm{słV  J|rx:A .쌷I KcB֥0_Yy_ow)k}3/+ļYÔv7F > ̔oxr0'CDŌ ?ܨ*b,>.?w<#~dRz-La]SM>W%f(+&C}NT-ԁ!Νf,le,Apwd5E ˼V\5]jYC&]95P\7ɐIVɷbO45׶l;GLN~APn\*m$$WoJp} %,6]V̇$J o`Za1@FCDLQ|R,,^r`6`+)NY6MRo *X(Fc]C3,+*Y" hc)OUK#ʐ'S qKm> oiUd9n@jЈ d A@;4c+'n=LCgF;մΆhc(p09p}zމϗΒԞ+YErF~rN#-N/RsJCYig]>Z5Ksf0. y}u#Q>K`u7?ԕP=eff~PHioxB^Ԃ1X- m|l It!L۝IZbANj6yAcހӽ]/2WY3R"ɳ]xqO .'}B^:+<1*v]/ zq0J&M~ E lgHǹZ?!qEՁHm['kd4ނUJ;yKUhHX$T GvFjd팴#.)%u<x>Sl[g0:pFwLkH T,`V34m|/ܤ\zIuT:${s4;aC0*Rl+W,e<L*JI17;)SC'&uA!LfqLȦsljMS lӮ:`Ƅެ}zk&ghY(\58h==\?,&9 Th,w!%IVWa{IN0]ftDⓟ\~|ܰ5Hbp֭V b,~`CKj4Ea.pHst棋[+ˌF衟*aTz؍c Ä$XKsk#S*Pzv ז.=;ȬY+}SrM(S6R$K]N"5aY$3ě›i C_zhbbdU < Pd3\ v`KcS >~^ϵjiNX~cҮ!?)RՕd,;rAU ~Es>]6g{j;u/Y#do&q̶Ds-;ڱ].ș 3 (*] FZw+ޭuHYIw 񐿋(($7!gzNMS$ ،y_5jlW ;74*RDkDkI qb46IK'nb5j2jD0R KWz2@~d.Pn7 c&#+Fi7]ǜLMX߼x3Q !EX&+ Z/PlXOGPGiQ[j|f0;3Zl& x( Ke/Mj)bZXЁ‰`zC=88i]c+TIz4jX0]-7.VڰG~:N%Gsl1m$#|x( Tw\S.U-1UI(./;S}0c :wa8ɩ0Ew6ĄlmNUކ*:%yQ0n/n/Ew,d|#_c̗P8M GN0Iw.M]D r$P٠дedM}~]}Qm5R/ril#@SfM$ufg.op&v+9590Ϡ=:@H6p߼F!& !0lPpE IE㫜yDaP%r7Oy-=Gs"/r,G *eŽٵj^zSA{3\E)l^\sCyR? /E$pr@UYa ijaLzxrJvqWm*pcGA+u o;z;x5 RD  T~ZH;5c'QŤh0!V֓tG`]M@S:pS]'.f\ eM#1z6qdpHw:Ev%mĺNC\ Veъ7esM^ s$x2 xGtL|V J-(KQ}gvMEDlx tN-"?ꐑ¥`%E( G o7  *zA5x5-BW ר+dVܸLj^D)!?f)v!l9:%Z$ ovB?1}ٞxK9`|//&vAiuj w.)AĢrxMɔ]W=ء;Ѥީp.NXY팶! pmY3[<-8K&SjG jzD%dS.2h# TMq皴ƞ~ony%J{W t<햇|쳥T<%dfAqý{Bcqpr@jMO "ѼeES;+7[PRKf[v wr[)Y i(,D8.#uy#qkQɘٓ2S[^nq===K~V8D!HUU,&T#1bFt<~qFFFU/sĖ(9愉%ִ'2WgW.ΰt,tTZN R"X~ۛ69Ø%c\܃$?oia+/@K=C )N(kTY}טKzQkr"opg;k2jBոĹVR2};eIgy];;<ŃBEu/l59|CfOQqk}Z.HZx'llY6(A~<'xnq; NFr9>FB!t1y(G4c+nmo=XfQAks3べL,R-y.jdS!~j7;q}79ľE5چ`wsRG<]8Zϑ-(Pj UpP͊Ǭk IcNaM@K˒#=#`ߧGh&%;?\3b<-+arXau.L SlW9o'U!VяN&|J >LDp3=(54-[;PX06땵B=8`UD5Q1")rdvenx?%aSlIVi-YHP}e 慄"ͺw5}A( eFÖO}h<?n;2zw!'  ׷xj-,3R\{- =uϦe{B  MWx &uD 2w',捠k^a]M#̾ ww"'XvI#'<-#ȏb )4$n cRr ^:6a)0[S.i#fQ.} kO.t[#VN /$"T̈n[۷TD+cy1W,0pc @;{FHi YN8`0>Gw2Ldi)*N7x2ɠX+Rg.0ڡ؆{Ol2"]FQc\lۏizY?'nVucaWxBфf-s{8zwȃ=P(Th| JL;ACm;N&2!S/NOYR_2r6E]:?44W̝yP^F Aj2`@ ϬtN5*NG,^zx86{7f#`=EX MW @]7<$b~T(㭗ْ'|@ַr_-l̅9G\&:30˹>E 9(!?! 6Vtb]v3w.˥, Mgoojۧ=NDJsTn&5hbu7ߦވV'Q]&=wyspӷ`Kx` crPEj+.[nxUoO {4~Ѡc0f$9PfN5:ʂ@XYcR%I $Nk2 M-,mj_T uzP[2x tJ'׬Z{+TӠfC\43앯o ˰2R} 9iUa6uł fRx?)fjf߱HwUOOMF9٘ ۑiu)wvIf&~0d=ihk7yVKNXy%$%NMQ_c Zgэ&yW&?fq{&Ֆ Bc#Ȝ;=\!Gs4Bx5yYI?FIb[ ~P/HCEŁ+k@-ڹj 4PǦ :Ba~H' O Zh,;ChlvY's]>As@~AQpId/`Ş_h Kڇb>EIզ m6DX*TblS]6*Q8+,'Yˎ;Ml1RZY64ՍJ)"d~:VGPQ RnIكs5k!ErNwڶS߾-MCSz>vi|7/CTE=t{Ѫ9~'$v>/UWӲ_֟L#7Urq;HD jo[n*%^=e,4hvZ4l ʆ^=]Bґo8j_QZqf8pS*Tt]uN5&;4MN\ ە |p l+6""\+iD4C!}:_ƒ)(8PSx LEnM/A Mk8%]AL}D@~5Ia@HG($aYAom?`kowS %EU>]&e܀a6L|6NrM`Ԝ*Vt36YIy2,Wgг̟R n7m J 9l*W&-%ΔBq7Se'YY{Vk ]S".I˪xW=X!/.V|ᆄisMM_ýl?&s_0xzAv_Ogeb>+wj$0] խO.L`"5۞~A@!|DNo:7M>vRfsq[ +b@DKEMO, %,'mxKb>?Eu!NNۯECXHbnM{Ϡ4 2kO̝$>:r}Sd A5fK` B3R,t0σRW|'z60xͣtr1azH*ɜ?D*RwzU@QH[g'3z8SgU>i"Rp5%y:ydy4̘'Ө3Mߗ@Š&i8e@32b.=E<:FgfGmS bTy*(&γ~ c<GҚ]%!>!5Ԟ+qduUBUSٴw}V1Ldsf)GvKV> ROU2!2 to0}yõNL߽P\ؙKZ=ps=tMPgl 0Uy|F_X q-IĝGN4ks1ZDWl~>8Y&G4 54ޘ;F$;QZ.a0ԩMWNAԕm,'S*R#w)'?'9-n(bRE1UTKFr6Y\WM1\?$˽7L6mZOi_XwC;/yeHiQ=y#Mv݌ڧ мCf#nXVԊ/dMf%EVE=ƭ`HuuK~^!['~p<7|mɴ^wnbic<#I |vl]2G!rrSL,΁W!xM?3欁04[MS ~U{ }n_3YM֨%)łpjO15kCdXW=W<6PB(-ѝ[ASHK4 u?hc7||0Gq9=qWwfi|SLѵ.J 'HNNmS4ΛB&瘞y`Jg1 쏀e}'kq9Y9ԛ ?sI-UҦ0%Pʱ_4W|#׻ \ȆswNwLL@6shՑ<ҞxW["K/ aHHbXr\UaKI~$zŤJ~̺N7#>gpv ero8q9M;}c= 腆8l&6glMs}x jz$"ޠ4E#~p E&tI#z }.l `ɬc4rN֥;yƉMO Ax4| ?r]\ 3 D_|5w"6T2sɩnr=}hB (-5.b܉Oj"txb钒B3PUYO{ޑUA43Vlӑ]DRZT9G/i8h  UIK]bpy[+|H{J3 !rzޔh> zt-ϺZ*"c6|6Z wcI%:dt*6A2h{V!ɏ|BJ'ݣÙe4iA*])A̐)RE”O`=0,1&xl!M XYMOcwݍ[l%(_J:Dmx"},dtjыs1Vi5F8& UZԯ);^uyx9V&Q=@MU?R pľ!4ȗ7=.-2MQo }ƞIN[a+fK;ӘmM7nOTM iUN!by<ثdH*&G X%d$ 77nZHîο+<|cB=.҉#I;,CY<=/nU^,F |e7pFG:f $=\ f)~o5k* 0 N:O J-?g7](tMGLb6FlnS8j!( npV r ʰ( b+&j@HB_TrXC@#VHJA7PB?cܒ7o d4jdM#~K/f$d77lPzg2"@ZP|b ֙O,Ӗ|ueJ *RK0-W`KbzB_}|A՚xR˛h>W9qɉ MOx ɑ٫E~?GTFx 龊7nψ'iuʀXN1jA0o{J[lc{i/zԑhvEAwHpzu[RWP;C|vwęgEx[6Khth3D5%rjIAH}1sĤJ3Ch <ۍr?-kL .dy6OC2#B}CȰK gaYZSoq}>_z+ BίB| WDD6V}#hXn 蕁tSgU>J[ђ%z ҮQtY _JF6}u&k?,n.Tʂoc YN^n, ;Nzpj ߼h2%d|2%;ͼ^)~VRfC8K#Im gȗA(qa?`I>'CP f*wu &ΟWOܮyZ =%lzv}Ƙ(\B zx JR8qH).ܑ,C].r`;5+FM Kñ̇B-Y&ʫJ|W(4 Ve˱S"+OFM2 Q xW;Ba\0ԗS醆jl T;#T+Isb}=M`^2http://www.nic-nac-project.org/~blaap/policy.htmlx rPe'G`M< '.˰A0(#ҹt0i(FO* V(@|*q :mF`)^st=/gmŘſuFO* cBZd޾24@=(=]lO#!O* grQ<nn 3_UsV0J!K\1``$w[4ID|{!` pIeSp <%j=N3QAԤ͆e4fM=YÞgQL*[M1kn{_ϱDb!L} 0dF`BLPM8Ȣ.R[]e-G7S9 A.~.g^tDuypX Cn{G%EVr65ɧZ7k!+qmAj1+}97o̰~D0nٲ. sβC[$KIӇz8Nn'>@ #· D}ER0%ph5{=47Ң# A"&🜯7@vP){v%{55_0$u}y+H};;؜$3C[җA2;3<-r5ħ .TW>f2jcc,Pݎi쵉E]dHM: 6EJ;2qfI\cce~MNxiqCqU%T4"u4Y]duyKӴl460lZj=?sˮtNI>I !j Mz_R;;#1 %E*M/P4ۡ[oz+n8I& NQϙ90dTFU"%`˵Dܨj6KuT |ΘJn YPrIo%j!g.ɬ^U(k*06075+QX i(kcx-5/4wmwUT~mW=oѐ0:'2mK{<­z;BR O;Q6%Zڄa2q[zEyy;qSlS(NocYte|i4}bM;BI;($>qϑ ևTcitj5Pd!,xZ'(}pPIf/M婏&P U 3C{r*s<5T+V0{E~.%+_iVrGFa6(_A#dƊ:5u<BPN=.U"8@TuQ.“=""j7w*߈&UےJ7$jdb։ M3> ZEX ٩CN1]M\65nRn~w("2Yq>B8&R<f;҂78 0$dͯDUH\fQ{o,0 QQGx'%aFA@\An#Sv@Dp({3Mupmg '@:=~ 1T'kYXxM+*Lt&m1EG(4\`9`ʕg= zcF,(+s X '|ZI-k d`aFe!G1)9r-v,uƣ(Oouěj' hJ awj6sfU9=KóKC/`AҰ3n:E_=qpǻPSG"󎾷iZ%hڌv`@A9;\tzbOy%Iuz0[:U 9ܴ+Nikos Mavrogiannopoulos (Q+ %   )XQqH 29]U":-sb#D{ww CY>~+* u&DpG6$ڣ~@颂7Nf̬M=%dtJZ#!7%EX ̮u\.~cK^P r_<ݺ{5.('M`e$*2P=۾Sҷh:)<~Ior-Βr>KǴKH- ) )XQq] H. ^B1HflyBkNAlBl?DN>9sJ5TZJYvO7[MQL/~1&_. /Y ԛ'V雡p wMi'Xk`eEbL5iM},*6`KV=JV3q&tBz'PF)'H5BUn]mV[NWfO4 ;d3:N >kВ-f)N3uU>:Y8Aim{LۅLwbܙ︫ga-H791_9ͬt>hb$\/oxe uiy74N2RvSVCqWIW#w A@L׷ Xf҆}Me"ĊV=B&T[}PqݫN'O&^Kv'\P:"f/:Bhѳq3gx/ĖqZz-t?;ڏGcE[ on Fri, 3 Aug 2001 10:00:42 +0200. It was later taken over by Matthias Urlichs and is now maintained by Andreas Metzler Eric Dorland , James Westby It was downloaded from ftp://ftp.gnutls.org/gcrypt/gnutls/ Upstream Authors: Simon Josefsson *simon [at] josefsson.org* Current maintainer; draft TLS 1.2 support. Nikos Mavrogiannopoulos *nmav [at] gnutls.org* Original author and maintainer of GnuTLS. Fabio Fiorina *Fabio.Fiorina [at] alcatel.it* ASN.1 structures parser library (libtasn1). Timo Schulz *twoaday [at] freakmail.de* OpenPGP support (OpenCDK library). Andrew McDonald *andrew [at] mcdonald.org.uk* OpenSSL compatible interface. Ludovic Courtes *ludo [at] gnu.org* Guile bindings, OpenPGP bug fixes. Mario Lenz *m [at] riolenz.de* Fixes to OpenCDK. Howard Chu *hyc [at] symas.com* APIs to extract X.500 DN's from Certificates. Ivo Timmermans *ivo [at] o2w.nl* Man pages, OpenCDK, fixes. Stefan Walter *stef [at] memberwebs.com* PKCS8 fix, PKCS #11 backend move to p11-kit. Yoshisato YANAGISAWA *yanagisawa [at] csg.is.titech.ac.jp* Camellia support. Emile Van Bergen *emile [at] e-advies.nl* TLS/IA fixes. Joe Orton *jorton [at] redhat.com* Certificate name import/export, build fixes, test vectors. Daniel Kahn Gillmor *dkg-debian.org [at] fifthhorseman.net* OpenPGP discussion and improvements. David Marín Carreño *davefx [at] gmail.com* Added gnutls_x509_crq_get_key_id. Daiki Ueno *ueno [at] unixuser.org* Added TLS Session Ticket (RFC 5077) support, finished client-side TLS 1.2 support. Brad Hards *bradh [at] frogmouth.net* Add X.509 Issuer Alternative Name functions. Boyan Kasarov *bkasarov [at] gmail.com* C++ fixes. Steve Dispensa *dispensa [at] phonefactor.com* Initial TLS safe renegotiation patch. Jonathan Bastien-Filiatrault *joe [at] x2a.org* Fix TLS-version checks. Redesign and implementation of the buffering layer. Initial DTLS implementation. Ruslan Ijbulatov (LRN) *lrn1986 [at] gmail.com* Win32 patches. Andy Polyakov *appro [at] openssl.org* AES-NI and Padlock assembler code (at lib/accelerated/intel/asm/) David Woodhouse *dwmw2 [at] infradead.org* DTLS 0.9 implementation. Olga Smolenchuk *olyasib12 [at] gmail.com* DTLS/TLS heartbeat implementation. Ilya Tumaykin *itumaykin [at] gmail.com* Elliptic curve support improvements (wmNAF implementation and others). Martin Storjo *martin [at] martin.st* DTLS-SRTP support. License: The main library and gnutls-xssl are licensed under GNU Lesser General Public License (LGPL) version 2.1+, Gnutls Extra (which is currently just the openssl wrapper library), build system, testsuite and commandline utilities are licenced under the GNU General Public License version 3+. The Guile bindings use the same license as the respective underlying library, i.e. LGPLv2.1+ for the main library and GPLv3+ for Gnutls extra. However to be able to use and link against libgnutls a program needs to be available under a license compatible with LGPLv3+ since GnuTLS requires nettle which requires GMP. GMP was re-licensed to LGPLv3+ a couple of years ago. Copyright: -------------------- /* -*- c -*- * Copyright (C) 2000-2012 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * The GnuTLS is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see * */ -------------------- /* * Copyright (C) 2004-2012 Free Software Foundation, Inc. * Copyright (c) 2002 Andrew McDonald * * This file is part of GnuTLS-EXTRA. * * GnuTLS-extra is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * GnuTLS-extra is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ -------------------- The documentation is distributed under the terms of the GNU Free Documentation License (FDL): -------------------- Copyright (C) 2001-2012 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". -------------------- -------------------- From December 2012 onwards FSF is not the sole copyright holder of GnuTLS anymore (See ), the headers currently also list these authors:: * Nikos Mavrogiannopoulos * KU Leuven * INRIA Paris-Rocquencourt * Lucas Fisher * Sean Buckheister * Frank Morgner * Bardenheuer GmbH, Munich and Bundesdruckerei GmbH, Berlin * Adam Sampson * Christian Grothoff -------------------- On Debian GNU/Linux systems, the complete text of the latest version of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL' v3 of the license in `/usr/share/common-licenses/LGPL-3'; the GNU General Public License can be found in `/usr/share/common-licenses/GPL' (version 3 in /usr/share/common-licenses/GPL-3) The GNU Free Documentation License is available under /usr/share/common-licenses/GFDL-1.3. ============================================ Excerpt from upstream's README: LICENSING --------- Since GnuTLS version 3.1.10, the core library has been released under the GNU Lesser General Public License (LGPL) version 2.1 or later. Note, however, that new versions of the gmplib library used by GnuTLS are distributed under LGPLv3, and as such binaries of this library need to be distributed under LGPLv3. If this is undesirable older versions of the gmplib which are under LGPLv2.1 (e.g., version 4.2.1) may be used instead. The GNU LGPL applies to the main GnuTLS library, while the included applications as well as gnutls-openssl library are under the GNU GPL version 3. The gnutls library is located in the lib/ directory, while the applications in src/ and gnutls-openssl library is at extra/. For any copyright year range specified as YYYY-ZZZZ in this package note that the range specifies every single year in that closed interval. ============================================ ============================================ Non FSF code ============================================ crywrap is shipped with GnuTLS. Upstream Authors: Gergely Nagy Nikos Mavrogiannopoulos License: GPLv3+ Copyright: -------------------- * Copyright (C) 2003, 2004 Gergely Nagy * Copyright (C) 2011 Nikos Mavrogiannopoulos * * This file is part of CryWrap. * * CryWrap is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * CryWrap is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . -------------------- crywrap documentation (manpage): Upstream Author: Gergely Nagy License: nonstandard, see below Copyright: -------------------- .\" This manual is for CRYWrap .\" .\" Copyright (C) 2003 Gergely Nagy .\" .\" Permission is granted to make and distribute verbatim copies of this .\" manual provided the copyright notice and this permission notice are .\" preserved on all copies. .\" .\" Permission is granted to copy and distribute modified versions of this .\" manual under the conditions for verbatim copying, provided that the .\" entire resulting derived work is distributed under the terms of a .\" permission notice identical to this one. .\" .\" Permission is granted to copy and distribute translations of this .\" manual into another language, under the above conditions for modified .\" versions, except that this permission notice may be stated in a .\" translation approved by the Author. -------------------- ============================================ lib/accelerated/x86 contains code by Andy Polyakov , copyright is not assigned to the FSF. The code is licensed under the CRYPTOGAMS license. -------------------- # Copyright (c) 2011-2013, Andy Polyakov by # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # * Redistributions of source code must retain copyright notices, # this list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials # provided with the distribution. # # * Neither the name of the Andy Polyakov nor the names of its # copyright holder and contributors may be used to endorse or # promote products derived from this software without specific # prior written permission. # # ALTERNATIVELY, provided that this notice is retained in full, this # product may be distributed under the terms of the GNU General Public # License (GPL), in which case the provisions of the GPL apply INSTEAD OF # those given above. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------- ============================================ lib/extras/randomart.* Upstream Authors: Markus Friedl Alexander von Gernler Copyright: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. License: * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ============================================ lib/accelerated/x86/elf/aes-ssse3-x86.s lib/accelerated/x86/macosx/aes-ssse3-x86.s Upstream Authors: Mike Hamburg (Stanford University) Copyright: * Mike Hamburg (Stanford University), 2009. License: Public domain. debian/libgnutls-openssl27.install0000664000000000000000000000005412246673427014431 0ustar debian/tmp/usr/lib/*/libgnutls-openssl.so.* debian/gnutls-doc.examples0000664000000000000000000000006512251123753013011 0ustar doc/examples/*.c doc/examples/*.cpp doc/examples/*.h debian/libgnutls28.install0000664000000000000000000000010212246673427012743 0ustar debian/tmp/usr/lib/*/libgnutls.so.* debian/tmp/usr/share/locale/* debian/libgnutlsxx28.install0000664000000000000000000000004612246673427013332 0ustar debian/tmp/usr/lib/*/libgnutlsxx.so.* debian/gnutls-doc.links0000664000000000000000000000010712246673427012324 0ustar /usr/share/doc/gnutls-doc/api-reference /usr/share/gtk-doc/html/gnutls debian/source/0000775000000000000000000000000012257276700010500 5ustar debian/source/options0000664000000000000000000000011212246673427012115 0ustar # Don't store changes on autogenerated files extend-diff-ignore = "po/.*" debian/source/include-binaries0000664000000000000000000000004012257276700013632 0ustar debian/upstream-signing-key.pgp debian/source/format0000664000000000000000000000001412246673427011713 0ustar 3.0 (quilt) debian/gnutls-doc.dirs0000664000000000000000000000002012246673427012137 0ustar /usr/share/info debian/crywrap.80000664000000000000000000000675512246673427011002 0ustar .\" -*- nroff -*- .\" This manual is for CRYWrap .\" .\" Copyright (C) 2003 Gergely Nagy .\" .\" Permission is granted to make and distribute verbatim copies of this .\" manual provided the copyright notice and this permission notice are .\" preserved on all copies. .\" .\" Permission is granted to copy and distribute modified versions of this .\" manual under the conditions for verbatim copying, provided that the .\" entire resulting derived work is distributed under the terms of a .\" permission notice identical to this one. .\" .\" Permission is granted to copy and distribute translations of this .\" manual into another language, under the above conditions for modified .\" versions, except that this permission notice may be stated in a .\" translation approved by the Author. .TH CRYWRAP 8 "03 May 2003" "CryWrap" "CryWrap" .SH "NAME" CryWrap \- Simple TCP/IP service encryption using TLS/SSL .SH "SYNOPSIS" .BI "crywrap \-\-listen " HOST / PORT " \-\-destination " HOST / PORT .BI [ options ] .SH "DESCRIPTION" .B CryWrap is a simple wrapper that waits for TLS/SSL connections, and proxies them to an unencrypted location. .SH "OPTIONS" .B CryWrap takes the following options: .SS "Required options" .TP .BI "\-\-destionation (\-d) " HOST / PORT The destionation host and address, where CryWrap should connect to. Both arguments are required. .SS "TLS options" .TP .B \-\-anon (\-a) Enables Anon-DH mode. If enabled, no certificate will be sent to the client, and only anonymous sessions will be enabled. .br Default is \fBoff\fR. .TP .BI "\-\-cert (\-c) " PATH .TP .BI "\-\-key (\-k) " PATH .br The public certificate to send to clients, and the private server key. .br Default is \fB/etc/crywrap/server.pem\fR, unless \fB--anon\fR is also specified, in which case no certificate will be used. .BI "\-\-ca (\-z) " PATH .br A Certificate Authority certificate to be used for verification of client certificates. .TP .BI "\-\-verify (\-v) [" LEVEL ] Set the level of client certificate verification. Level one simply logs the result, level two and above abort if the certificate could not be verified. .br Default is \fB0\fR. .SS "Miscellaneous options" .TP .B \-\-inetd (\-i) Enable inetd-mode. Use this if you want to run CryWrap from inetd. If this option is not enabled, then \fB\-\-listen\fR is a required option. .br Default is \fBoff\fR. .TP .BI "\-\-listen (\-l) " HOST / PORT The host and port CryWrap should listen on. \fIHOST\fR can be an IPv4 or IPv6 address, or a hostname, and is optional \- if unspecified, CryWrap will listen on all available addresses. \fIPORT\fR is mandatory. .br This option is required, unless CryWrap was put into inetd mode. .TP .BI "\-\-pidfile (\-P) " PIDFILE Write the pid thy runs with to .IR PIDFILE . .br Default is .BR /var/run/crywrap.pid . .TP .BI "\-\-user (\-u) " UID .I UID is the numerical user id of the user thy should run as. .br Default is .BR 65534 . .TP .B \-\-version (\-V) Print the version number and exit. .TP .B \-\-help (\-?) Print a verbose help screen and exit. .TP .B \-\-usage Print a short summary of options. .SH "EXAMPLES" .SS "Setting up pop3s" .nf crywrap \-\-listen /995 \-\-destination localhost/110 .fi .SS "Setting up imaps with a different certificate" .nf crywrap \-\-listen /993 \-\-destination localhost/143 \\ \-\-pem /etc/ssl/certs/imap.pem .fi .SH "FILES" .TP .I /etc/crywrap/ .RS This directory contains the default server key and certificate. .RE .SH "BUGS" Probably many. .SH "AUTHOR" Gergely Nagy debian/libgnutls-xssl0.install0000664000000000000000000000005112246673427013643 0ustar debian/tmp/usr/lib/*/libgnutls-xssl.so.* debian/gnutls-bin.install0000664000000000000000000000003512246673427012655 0ustar debian/tmp/usr/bin/* usr/bin debian/gnutls-doc.manpages0000664000000000000000000000004012246673427012773 0ustar debian/tmp/usr/share/man/man3/* debian/patches/0000775000000000000000000000000012536325264010627 5ustar debian/patches/21_CVE-2014-3466.patch0000664000000000000000000002227612536325264013564 0ustar From 688ea6428a432c39203d00acd1af0e7684e5ddfd Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 23 May 2014 19:50:31 +0200 Subject: [PATCH] Prevent memory corruption due to server hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon. origin: upstream, https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd origin: backport, https://www.gitorious.org/gnutls/gnutls/commit/a7be326f0e33cf7ce52b36474c157f782d9ca977 --- lib/gnutls_handshake.c | 2 tests/Makefile.am | 2 tests/long-session-id.c | 274 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 276 insertions(+), 2 deletions(-) Index: gnutls28-3.2.11/lib/gnutls_handshake.c =================================================================== --- gnutls28-3.2.11.orig/lib/gnutls_handshake.c 2015-06-11 10:33:52.965385966 -0500 +++ gnutls28-3.2.11/lib/gnutls_handshake.c 2015-06-11 10:33:52.961385985 -0500 @@ -1744,7 +1744,7 @@ _gnutls_read_server_hello(gnutls_session DECR_LEN(len, 1); session_id_len = data[pos++]; - if (len < session_id_len) { + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) { gnutls_assert(); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } Index: gnutls28-3.2.11/tests/long-session-id.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ gnutls28-3.2.11/tests/long-session-id.c 2015-06-11 10:33:52.961385985 -0500 @@ -0,0 +1,274 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static int debug = 0; +static void terminate(int); + +/* This program tests the robustness of record + * decoding. + */ + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + gnutls_global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (gnutls_ecc_curve_get(session) == 0xffffffff) { + fprintf(stderr, "memory was overwritten\n"); + kill(getpid(), SIGSEGV); + } + + if (ret < 0) { + fprintf(stderr, "client: Handshake failed (expected)\n"); + gnutls_perror(ret); + exit(0); + } else { + if (debug) + fprintf(stderr, "client: Handshake was completed\n"); + } + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(int ret) +{ + kill(child, SIGTERM); + exit(ret); +} + +static void server(int fd, const char *prio) +{ + int ret; + uint8_t id[255]; + uint8_t buffer[] = "\x16\x03\x00\x01\x25" + "\x02\x00\x01\x21" + "\x03\x00"/*Server Version */ + /*Random*/"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00" + /*SessionID*/"\xfe"; + + ret = read(fd, id, sizeof(id)); + if (ret < 0) { + abort(); + } + + ret = write(fd, buffer, sizeof(buffer)); + if (ret < 0) { + return; + } + + memset(id, 0xff, sizeof(id)); + ret = write(fd, id, sizeof(id)); + if (ret < 0) { + return; + } + + memset(id, 0xff, sizeof(id)); + ret = write(fd, id, sizeof(id)); + if (ret < 0) { + return; + } + sleep(3); + + return; +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status, ret = 0; + wait(&status); + if (WEXITSTATUS(status) != 0 || + (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { + if (WIFSIGNALED(status)) { + fprintf(stderr, "Child died with sigsegv\n"); + ret = 1; + } else { + fprintf(stderr, "Child died with status %d\n", + WEXITSTATUS(status)); + } + terminate(ret); + } + return; +} + +int main(int argc, char **argv) +{ + signal(SIGCHLD, ch_handler); + + if (argc > 1) + debug = 1; + + start("NORMAL"); + return 0; +} + +#endif /* _WIN32 */ Index: gnutls28-3.2.11/tests/Makefile.am =================================================================== --- gnutls28-3.2.11.orig/tests/Makefile.am 2015-06-11 10:33:52.965385966 -0500 +++ gnutls28-3.2.11/tests/Makefile.am 2015-06-11 10:33:52.961385985 -0500 @@ -73,7 +73,7 @@ ctests = simple gc set_pkcs12_cred certd mini-dtls-heartbeat mini-x509-callbacks key-openssl priorities \ mini-dtls-srtp mini-xssl rsa-encrypt-decrypt mini-loss-time \ mini-record mini-dtls-record mini-handshake-timeout mini-record-range \ - mini-cert-status mini-rsa-psk mini-record-2 + mini-cert-status mini-rsa-psk mini-record-2 long-session-id if ENABLE_OCSP ctests += ocsp debian/patches/20_bug-in-gnutls_pcert_list_import_x509_raw.patch0000664000000000000000000000230212277666671022135 0ustar From ae867867ae6c8268efd4c1c80144eabed0342337 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 15 Feb 2014 10:06:21 +0100 Subject: [PATCH] Corrected bug in gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if gnutls_x509_crt_list_import() would fail with the provided data. Reported by Dmitriy Anisimkov. --- lib/gnutls_pcert.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/gnutls_pcert.c b/lib/gnutls_pcert.c index 56c2d6f..344b3e9 100644 --- a/lib/gnutls_pcert.c +++ b/lib/gnutls_pcert.c @@ -124,7 +124,7 @@ gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts, flags); if (ret < 0) { ret = gnutls_assert_val(ret); - goto cleanup; + goto cleanup_crt; } for (i = 0; i < *pcert_max; i++) { @@ -138,14 +138,15 @@ gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts, ret = 0; goto cleanup; - cleanup_pcert: + cleanup_pcert: for (j = 0; j < i; j++) gnutls_pcert_deinit(&pcerts[j]); - cleanup: + cleanup: for (i = 0; i < *pcert_max; i++) gnutls_x509_crt_deinit(crt[i]); - + + cleanup_crt: gnutls_free(crt); return ret; -- 1.7.10.4 debian/patches/series0000664000000000000000000000017212536324417012043 0ustar 14_version_gettextcat.diff 20_bug-in-gnutls_pcert_list_import_x509_raw.patch 20_CVE-2014-0092.diff 21_CVE-2014-3466.patch debian/patches/14_version_gettextcat.diff0000664000000000000000000000116712246673427015720 0ustar Description: Version filename of locale data (gnutls28.mo instead of gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28 co-installable. Author: Andreas Metzler diff -NurBbp a/po/Makevars b/po/Makevars --- a/po/Makevars 2011-04-08 12:43:00.000000000 +0200 +++ b/po/Makevars 2011-08-07 19:42:39.000000000 +0200 @@ -1,7 +1,7 @@ # Makefile variables for PO directory in any package using GNU gettext. # Usually the message domain is the same as the package name. -DOMAIN = $(PACKAGE) +DOMAIN = $(PACKAGE)28 # These two variables depend on the location of this directory. subdir = po debian/patches/20_CVE-2014-0092.diff0000664000000000000000000001037612304310253013343 0ustar From bc307b69d8580911a8b409c2a360f3b655a6d743 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 19 Feb 2014 11:08:54 +0100 Subject: [PATCH] corrected return codes. --- lib/x509/verify.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/lib/x509/verify.c b/lib/x509/verify.c index bc0d560..8cd4e2a 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -129,7 +129,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, &issuer_signed_data); if (result < 0) { gnutls_assert(); - goto cleanup; + goto fail; } result = @@ -137,7 +137,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, &cert_signed_data); if (result < 0) { gnutls_assert(); - goto cleanup; + goto fail; } result = @@ -145,7 +145,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, &issuer_signature); if (result < 0) { gnutls_assert(); - goto cleanup; + goto fail; } result = @@ -153,7 +153,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, &cert_signature); if (result < 0) { gnutls_assert(); - goto cleanup; + goto fail; } /* If the subject certificate is the same as the issuer @@ -206,9 +206,10 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, } else gnutls_assert(); + fail: result = 0; - cleanup: + cleanup: _gnutls_free_datum(&cert_signed_data); _gnutls_free_datum(&issuer_signed_data); _gnutls_free_datum(&cert_signature); @@ -390,8 +391,9 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; gnutls_x509_crt_t issuer = NULL; - int issuer_version, result, hash_algo; + int issuer_version, result = 0, hash_algo; unsigned int out = 0, usage; + const mac_entry_st * me; if (output) *output = 0; @@ -429,13 +431,14 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, issuer_version = gnutls_x509_crt_get_version(issuer); if (issuer_version < 0) { gnutls_assert(); - return issuer_version; + result = 0; + goto cleanup; } if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) || issuer_version != 1)) { - if (check_if_ca(cert, issuer, max_path, flags) == 0) { + if (check_if_ca(cert, issuer, max_path, flags) != 1) { gnutls_assert(); out = GNUTLS_CERT_SIGNER_NOT_CA | @@ -467,6 +470,7 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, &cert_signed_data); if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } @@ -475,6 +479,7 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, &cert_signature); if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } @@ -483,13 +488,20 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, "signatureAlgorithm.algorithm"); if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } hash_algo = gnutls_sign_get_hash_algorithm(result); + me = mac_to_entry(hash_algo); + if (me == NULL) { + gnutls_assert(); + result = 0; + goto cleanup; + } result = - _gnutls_x509_verify_data(mac_to_entry(hash_algo), + _gnutls_x509_verify_data(me, &cert_signed_data, &cert_signature, issuer); if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) { @@ -501,6 +513,7 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, result = 0; } else if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } @@ -672,7 +685,7 @@ _gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list, trusted_cas, tcas_size, flags, &output, &issuer, now, &max_path, func); - if (ret == 0) { + if (ret != 1) { /* if the last certificate in the certificate * list is invalid, then the certificate is not * trusted. @@ -701,7 +714,7 @@ _gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list, _gnutls_verify_certificate2(certificate_list[i - 1], &certificate_list[i], 1, flags, &output, NULL, now, - &max_path, func)) == 0) { + &max_path, func)) != 1) { status |= output; status |= GNUTLS_CERT_INVALID; return status; -- 1.8.5.3 debian/libgnutls28.docs0000664000000000000000000000003312246673427012230 0ustar AUTHORS NEWS README THANKS debian/rules0000775000000000000000000000720612273127400010253 0ustar #! /usr/bin/make -f # Build the gnutls package for Debian. export DEB_CFLAGS_MAINT_APPEND := -Wall export DEB_CXXFLAGS_MAINT_APPEND := -Wall AMCONFBUILDINDEP := $(shell if dh_listpackages | grep -q gnutls-doc ; \ then echo "--enable-gtk-doc" ; \ else echo "--disable-gtk-doc --disable-doc"; fi) AMCONFBUILDGUILE := $(shell if dh_listpackages | grep -q guile-gnutls ; \ then \ echo " --enable-guile --with-guile-site-dir=/usr/share/guile/site" ;\ else echo " --disable-guile" ; fi) override_dh_auto_configure: dh_auto_configure --verbose -- \ --enable-ld-version-script --enable-cxx \ --without-lzo \ --disable-libdane --without-tpm \ --disable-heartbeat-support \ -disable-silent-rules \ --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt \ --with-packager=Debian \ --with-packager-bug-reports=http://bugs.debian.org/ \ --with-packager-version=$(shell dpkg-parsechangelog | sed -n '/^Version: /s/^Version: //p') \ $(AMCONFBUILDINDEP) \ $(AMCONFBUILDGUILE) override_dh_makeshlibs: dh_makeshlibs -p libgnutlsxx28 -V 'libgnutlsxx28 (>= 3.2.10-0)' dh_makeshlibs -p libgnutls28 -V 'libgnutls28 (>= 3.2.10-0)' # dh_makeshlibs -p libgnutls-openssl27 -V 'libgnutls-openssl27 (>= 3.0-0)' dh_makeshlibs --remaining-packages -Xguile/2.0/guile-gnutls-v-2.so # pre-clean rule: save gnutls.pdf since it is expensive to regenerate. # See README.source override_dh_auto_clean: if [ -e doc/gnutls.pdf ] ; then \ mv -v doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi if test -e Makefile ; then $(MAKE) distclean ; fi #dh_auto_clean --verbose # restore gnutls.pdf if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; \ then mv -v doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi rm -fv `grep -l 'has been AutoGen-ed ' doc/manpages/*.?` override_dh_auto_build: dh_auto_build --verbose --parallel ifeq ($(filter --disable-doc,$(AMCONFBUILDINDEP)),) $(MAKE) html else $(MAKE) -C doc/manpages endif override_dh_auto_install: dh_auto_install --verbose ifneq ($(filter --disable-doc,$(AMCONFBUILDINDEP)),) $(MAKE) -C doc/manpages DESTDIR=`pwd`/debian/tmp install endif find debian/*/usr/lib/* -name '*.so.*.*' -type f -exec \ chrpath -d {} + rm -vf debian/*/usr/lib/*/libgnutls-openssl* override_dh_installinfo: dh_installinfo if test -e debian/gnutls-doc ; then \ cd debian/gnutls-doc/usr/share/info && \ sed -i -e 's:image src="\([^"]*.png"\):image src="/usr/share/doc/gnutls-doc/html/\1:g' *.info* ; \ fi override_dh_install: dh_install # See #658110 if [ "" != `ls debian/guile-gnutls/usr/lib/*/guile` ] ; then \ mv -v debian/guile-gnutls/usr/lib/*/guile debian/guile-gnutls/usr/lib \ &&\ rmdir -v --ignore-fail-on-non-empty \ debian/guile-gnutls/usr/lib/*-* ; \ sed -i -e 's_usr/lib/[^/]*/guile/_usr/lib/guile/_' \ debian/guile-gnutls/usr/share/guile/site/gnutls.scm ;\ else echo "Debian build DEBUG: no guile files found" ;\ fi override_dh_installchangelogs: dh_installchangelogs rm -vrf debian/libgnutlsxx28/usr/share/doc/libgnutlsxx28 dh_link -plibgnutlsxx28 usr/share/doc/libgnutls28 \ usr/share/doc/libgnutlsxx28 rm -vrf debian/libgnutls-xssl0/usr/share/doc/libgnutls-xssl0 dh_link -plibgnutls-xssl0 usr/share/doc/libgnutls28 \ usr/share/doc/libgnutls-xssl0 override_dh_compress: dh_compress -X.pdf override_dh_strip: dh_strip --dbg-package=libgnutls28-dbg override_dh_auto_test: dh_auto_test -O--parallel || touch dh_auto_test.fail @if test -e dh_auto_test.fail ; then \ find -name test-suite.log | \ while read i ; do \ echo "----dh_auto_test.fail" ; echo $$i ; echo ---- ; \ cat $$i ; echo ; done ; rm -f dh_auto_test.fail; false; fi override_dh_clean: dh_clean -X.bak %: dh $@ --parallel --with autoreconf debian/watch0000664000000000000000000000026012257276700010227 0ustar version=3 opts=uversionmangle=s/(.*\d)(pre\d*)$/$1~$2/,pgpsigurlmangle=s/$/.sig/ \ ftp://ftp.gnutls.org/gcrypt/gnutls/v3.(\d+)/gnutls-(3\.\d.*)\.(?:tgz|zip|tar\.(?:gz|bz2|xz))