File: changelog

package info (click to toggle)
gnutls28 3.5.8-5+deb9u4
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 61,836 kB
  • sloc: ansic: 252,935; asm: 69,023; sh: 10,249; makefile: 6,192; yacc: 1,791; lisp: 1,492; cpp: 1,155; perl: 935; sed: 16
file content (3174 lines) | stat: -rw-r--r-- 117,587 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
gnutls28 (3.5.8-5+deb9u4) stretch; urgency=medium

  * Pull fixes for CVE-2018-10844 and CVE-2018-10845 from gnutls 3.5.19
    + 39_01-dummy_wait-correctly-account-the-length-field-in-SHA.patch
    + 39_02-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
    + 39_03-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
    + 39_04-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
    + 39_05-tests-pkcs12_encode-fix-test-for-SHA512.patch

 -- Andreas Metzler <ametzler@debian.org>  Sat, 06 Oct 2018 14:06:18 +0200

gnutls28 (3.5.8-5+deb9u3) stretch; urgency=medium

  * 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch
    38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from
    gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa
    signatures.
    https://gitlab.com/gnutls/gnutls/issues/223
    Thanks to Nikos Mavrogiannopoulos for the suggestion.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 23 Jul 2017 14:28:37 +0200

gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium

  * 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
    upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
    decryption on aarch64. Closes: #867581

 -- Andreas Metzler <ametzler@debian.org>  Sat, 08 Jul 2017 10:29:05 +0200

gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high

  * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
    well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
    Closes: #864560
  * Upload is identical to 3.5.8-6 except for the version number.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 16 Jun 2017 07:47:11 +0200

gnutls28 (3.5.8-5) unstable; urgency=medium

  * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
    in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
  * 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
    Addressed large allocation in OpenPGP certificate parsing, that could lead
    in out-of-memory condition. Issue found using oss-fuzz project, and was
    fixed by Alex Gaynor.
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
    [GNUTLS-SA-2017-3C]

 -- Andreas Metzler <ametzler@debian.org>  Tue, 07 Mar 2017 19:07:31 +0100

gnutls28 (3.5.8-4) unstable; urgency=medium

  * More upstream fixes from gnutls_3_5_x branch:
    + 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
      overflow resulting to invalid memory write in OpenPGP certificate
      parsing.  Issue found using oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
      [GNUTLS-SA-2017-3A]
    + 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
      1 byte past the end of buffer in OpenPGP certificate parsing. Issue
      found using oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
    + 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
      Addressed crashes in OpenPGP certificate parsing, related to private key
      parser. No longer allow OpenPGP certificates (public keys) to contain
      private key sub-packets. Issue found using oss-fuzz project:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
      [GNUTLS-SA-2017-3B]

 -- Andreas Metzler <ametzler@debian.org>  Sat, 04 Mar 2017 16:23:15 +0100

gnutls28 (3.5.8-3) unstable; urgency=high

  * Another two bugfixes from upstream.
   + 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch 
     Address test suite failure due to timezone differences.
     Closes: #853732
   + 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
     When returning success, but no elements
     gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
     elements with a pointer that was uninitialized.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 04 Feb 2017 12:58:45 +0100

gnutls28 (3.5.8-2) unstable; urgency=medium

  * Pull two fixes from upstream GIT gnutls_3_5_x branch
    35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
    35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 28 Jan 2017 15:32:40 +0100

gnutls28 (3.5.8-1) unstable; urgency=medium

  * New upstream release.
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 09 Jan 2017 18:50:17 +0100

gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium

  * New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
    upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
    tests/key-tests/key-invalid.)
    + Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
      35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
    + libgnutls: Fix double free in certificate information printing. If the
      PKIX extension proxy was set with a policy language set but no policy
      specified, that could lead to a double free. GNUTLS-SA-2017-1
      CVE-2017-5334
    + libgnutls: Addressed invalid memory accesses in OpenPGP certificate
      parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
      CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337

 -- Andreas Metzler <ametzler@debian.org>  Sun, 08 Jan 2017 15:54:37 +0100

gnutls28 (3.5.7-3) unstable; urgency=medium

  * 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
    35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
    upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
    by PKCS#8 decryption functions when an invalid key is provided. This
    addresses regression on decrypting certain PKCS#8 keys.
    Closes: #848905

 -- Andreas Metzler <ametzler@debian.org>  Tue, 20 Dec 2016 18:47:13 +0100

gnutls28 (3.5.7-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 09 Dec 2016 18:10:53 +0100

gnutls28 (3.5.7-1) experimental; urgency=low

  * New upstream version.
  * Drop unneeded patches.
    40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
    40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
    41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
    41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
    41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
    41_04_cleanups-in-_gnutls_buffer_to_datum.patch
    41_05_x509-output-use-the-new-functions-for-DN-output.patch
    41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
    41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
  * Add missing dependency of libgnutls28-dev on libgnutls-dane0.
  * Update symbol file. (Add new symbols, bump dependency on functions that
    might return new error codes.)
  * Build with --with-included-unistring, Debian's libunistring package is
    too old (non dual-licensed).

 -- Andreas Metzler <ametzler@debian.org>  Thu, 08 Dec 2016 14:03:16 +0100

gnutls28 (3.5.6-7) unstable; urgency=low

  * Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
    for dns-root-data to libgnutls-dane0.
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 19 Nov 2016 19:42:02 +0100

gnutls28 (3.5.6-6) experimental; urgency=medium

  * Pull a patch set from upstream GIT which reverts the DN sorting change in
    3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
    Closes: #844539
    41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
    41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
    41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
    41_04_cleanups-in-_gnutls_buffer_to_datum.patch
    41_05_x509-output-use-the-new-functions-for-DN-output.patch
    41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
    41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
  * Update symbol file.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 17 Nov 2016 19:15:20 +0100

gnutls28 (3.5.6-5) experimental; urgency=low

  * Merge changes from unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 13 Nov 2016 19:09:55 +0100

gnutls28 (3.5.6-4) unstable; urgency=medium

  * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
   40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch from
   upstream git master. The latter fixes a gnutls-cli-debug segfault.
   Closes: #844061

 -- Andreas Metzler <ametzler@debian.org>  Sun, 13 Nov 2016 18:40:05 +0100

gnutls28 (3.5.6-3) experimental; urgency=low

  * Package libgnutls-dane, as libunbound is now built against nettle instead
    of OpenSSL. Closes: #733295

 -- Andreas Metzler <ametzler@debian.org>  Sun, 13 Nov 2016 14:02:00 +0100

gnutls28 (3.5.6-2) unstable; urgency=low

  * Upload to unstable.
  * Bump libtasn1-6-dev b-d to >= 4.9 to support OIDs with elements that are
    longer than 32-bits. (Upstream GIT commit
    fcdb461e935dbdc0892241a35be7499116f22a67).

 -- Andreas Metzler <ametzler@debian.org>  Thu, 10 Nov 2016 18:28:02 +0100

gnutls28 (3.5.6-1) experimental; urgency=low

  * New upstream version.
    + Drop superfluous patches (40_gnutls_certificate_set_key_apifixup.diff
      41_Reverted-the-behavior-of-sending-a-status-request-ex.patch).
    + Update symbol file.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 08 Nov 2016 19:31:31 +0100

gnutls28 (3.5.5-6) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 31 Oct 2016 19:00:47 +0100

gnutls28 (3.5.5-5) experimental; urgency=medium

  * 41_Reverted-the-behavior-of-sending-a-status-request-ex.patch from
    https://gitlab.com/gnutls/gnutls/merge_requests/128 - Fix compatibility
    issue with GnuTLS 3.3 clients. Closes: #841723
  * Bump symbol dependency info for multiple
    gnutls_certificate_(set|get)_*_key* functions. If
    %GNUTLS_CERTIFICATE_API_V2 is set these functions will return a
    non-negative return code on success instead of 0 for success and negative
    numbers for failure.
  * Add b-d on openssl (for testsuite).

 -- Andreas Metzler <ametzler@debian.org>  Sat, 29 Oct 2016 18:03:49 +0200

gnutls28 (3.5.5-4) unstable; urgency=medium

  * Upload to unstable.
  * Refresh 40_gnutls_certificate_set_key_apifixup.diff from master branch.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 25 Oct 2016 19:19:25 +0200

gnutls28 (3.5.5-3) experimental; urgency=medium

  * 40_gnutls_certificate_set_key_apifixup.diff: Fix ABI breakage introduced
    in 3.5.5.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 23 Oct 2016 15:51:58 +0200

gnutls28 (3.5.5-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 15 Oct 2016 13:49:51 +0200

gnutls28 (3.5.5-1) experimental; urgency=medium

  * New upstream version.
    + Update symbol file.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 11 Oct 2016 19:19:42 +0200

gnutls28 (3.5.4-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 11 Sep 2016 13:14:49 +0200

gnutls28 (3.5.4-1) experimental; urgency=medium

  * New upstream version.
    + Drop superfluous patches:
      35_gnutls-cli-print-Handshake-was-completed.patch
      36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
      37_openssl-format-fix-from-openconnect.patch
      39_ocsptool-corrected-bug-in-session-establishment.patch
      40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch
      45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
      45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
      45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
      45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
    + Update symbol file.
  * Add b-d on softhsm2 for pkcs11 tests.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 10 Sep 2016 14:45:06 +0200

gnutls28 (3.5.3-5) experimental; urgency=medium

  * Pull DTLS fixes from upstream GIT master.
    45_01-tests-enhance-the-DTLS-window-unit-test-to-account-f.patch
    45_02-dtls-ensure-that-the-DTLS-window-doesn-t-get-stalled.patch
    45_03-tests-mini-dtls-record-modified-expected-order-to-ac.patch
    45_04-Import-DTLS-sliding-window-validation-from-OpenConne.patch
    Closes: #835587

 -- Andreas Metzler <ametzler@debian.org>  Wed, 07 Sep 2016 19:56:58 +0200

gnutls28 (3.5.3-4) unstable; urgency=high

  * 39_ocsptool-corrected-bug-in-session-establishment.patch: Fix segfault of
    ocsptool --ask ... Closes: #836371
  * 40_ocsp-corrected-the-comparison-of-the-serial-size-in-.patch: OCSP
    certificate check doesn't actually verify the serial length and might
    succeed when it shouldn't. CVE-2016-7444

 -- Andreas Metzler <ametzler@debian.org>  Sat, 03 Sep 2016 14:00:22 +0200

gnutls28 (3.5.3-3) unstable; urgency=medium

  * 35_gnutls-cli-print-Handshake-was-completed.patch: Again print 'Handshake
    was completed', fixing emacs' lisp/net/tls.el. Closes: #834516
  * 36_gnutls-cli-fixed-the-behavior-when-starttls-or-start.patch
    gnutls-cli STARTTLS support was broken in 3.5.3.
  * 37_openssl-format-fix-from-openconnect.patch: Fix GnuTLS handling of
    OpenSSL encrypted PEM files.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 24 Aug 2016 19:27:04 +0200

gnutls28 (3.5.3-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 15 Aug 2016 13:06:28 +0200

gnutls28 (3.5.3-1) experimental; urgency=medium

  * New upstream version.
    + Update libgnutls30.symbols.
    + Drop 31_nettle-use-rsa_-_key_prepare-on-key-import.patch (forgot to
      apply it in the previous upload anyway.)
    + Add b-d on libcmocka-dev (marked with <!nocheck>).

 -- Andreas Metzler <ametzler@debian.org>  Wed, 10 Aug 2016 19:14:22 +0200

gnutls28 (3.5.2-3) experimental; urgency=medium

  * Cherry pick 31_nettle-use-rsa_-_key_prepare-on-key-import.patch
    from upstream GIT, which should allow gnutls continue to work with
    CVE-2016-6489-patched nettle.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 08 Aug 2016 19:41:41 +0200

gnutls28 (3.5.2-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 27 Jul 2016 19:05:04 +0200

gnutls28 (3.5.2-1) experimental; urgency=low

  * New upstream version.
  * Add libssl-dev b-d (marked with <!nocheck>), which can be used in
    testsuite.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 10 Jul 2016 06:51:39 +0200

gnutls28 (3.5.1-1) experimental; urgency=medium

  * Merge from unstable:
    + Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
      have been dropped with the soname bump from libgnutls-deb0-28 to
      libgnutls30 in the first place. (Thanks, Andreas Beckmann)
      Closes: #825645
    + 3.5.1 testsuite also requires netstat, add b-d, marked as optional via
      the <!nocheck> profile.
  * New upstream version.
    + Drop 40_openssl_compat-removed-unneeded-headers.patch.
    + Install README.md instead of README.
    + Update symbol file.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 18 Jun 2016 17:34:44 +0200

gnutls28 (3.5.0-1) experimental; urgency=medium

  * New upstream release.
    + Drop unneeded patches:
      40_src-added-systemkey-args-to-BUILT_SOURCES.patch
      45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
      45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
      45_03_configure-corrected-regression-which-prevented-the-b.patch
      45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch
   * Pull 40_openssl_compat-removed-unneeded-headers.patch from upstream GIT
     to fix FTBFS in openssl wrapper.
   * crywrap is not shipped with GnuTLS anymore.
   * Update copyright info, ship copy of the GNU Affero General Public
     License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files of
     the testsuite use this license.
   * Update symbol file:
     + Add new functions.
     + Multiple core enums (including gnutls_init_flags_t) have been extended,
       and most gnutls users will invoke at least one function affected by
       this change. Bump symbol dependency info to >= 3.5.0 for all symbols,
       because we would end up with this dependency anyway.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 17 May 2016 19:17:13 +0200

gnutls28 (3.4.14-1) unstable; urgency=medium

  * Also mark b-d on net-tools/freebsd-net-tools as optional via the
    <!nocheck> profile. (Thanks, Steven Chamberlain for bug-report and
    patch). Closes: #826693
  * New upstream bugfix release. This includes the following fix:
    + libgnutls: Address issue when utilizing the p11-kit trust store
      for certificate verification (GNUTLS-SA-2016-2).
    The issue is not relevant for the Debian binary packages, since we do not
    build with --with-default-trust-store-pkcs11=.


 -- Andreas Metzler <ametzler@debian.org>  Sat, 09 Jul 2016 14:01:05 +0200

gnutls28 (3.4.13-1) unstable; urgency=high

  * New upstream bugfix release.
    + Fixes GNUTLS-SA-2016-1 (File overwrite by setuid programs), which was 
      introduced in 3.4.12.
    + Testsuite requires netstat, add b-d.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 06 Jun 2016 20:05:42 +0200

gnutls28 (3.4.12-2) unstable; urgency=medium

  * Drop libgnutls30 Conflicts with libnettle4, libhogweed2. - These should
    have been dropped with the soname bump from libgnutls-deb0-28 to
    libgnutls30 in the first place. (Thanks, Andreas Beckmann)
    Closes: #825645

 -- Andreas Metzler <ametzler@debian.org>  Sat, 28 May 2016 16:13:39 +0200

gnutls28 (3.4.12-1) unstable; urgency=medium

  * New upstream version.
    + Drop superfluous patches.
      (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
      45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
      45_03_configure-corrected-regression-which-prevented-the-b.patch
      45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)
    + Update copyright info, ship copy of the GNU Affero General Public
      License v3 in /usr/share/doc/libgnutls30/AGPLv3.license, two files
      of the testsuite use this license.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 21 May 2016 08:15:15 +0200

gnutls28 (3.4.11-4) unstable; urgency=medium

  * Drop guile-gnutls package, testsuite errors have stayed unfixed too long.
    Closes: #821457, #805863

 -- Andreas Metzler <ametzler@debian.org>  Tue, 26 Apr 2016 18:45:45 +0200

gnutls28 (3.4.11-3) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 17 Apr 2016 12:54:35 +0200

gnutls28 (3.4.11-2) experimental; urgency=medium

  * Pull post-release fixes from upstream gnutls_3_4_x branch.
    (45_01_gnutls_ocsp_resp_get_single-fail-if-thisUpdate-is-no.patch
    45_02_gnutls_packet_get-avoid-null-pointer-dereference-on-.patch
    45_03_configure-corrected-regression-which-prevented-the-b.patch
    45_04_handshake-do-not-overwrite-the-server-s-signature-al.patch)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 16 Apr 2016 11:59:38 +0200

gnutls28 (3.4.11-1) experimental; urgency=medium

  * New upstream version.
    + Drop superfluous patches.
      (41_tests-mini-loss-time-ensure-client-timeouts.diff
      42_mini-loss-time-improved-timeout-detection.patch
      43_fix_cpucapoverride.diff)
  * Due to changes in gtk-doc or its dependencies api-reference/index.sgml is
    not installed/built anymore. Update gnutls-doc file list.
  * Enable hardening=+bindnow.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 12 Apr 2016 19:14:07 +0200

gnutls28 (3.4.10-4) unstable; urgency=medium

  * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
    GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
    unavailable. Closes: #818341

 -- Andreas Metzler <ametzler@debian.org>  Thu, 17 Mar 2016 19:41:22 +0100

gnutls28 (3.4.10-3) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 14 Mar 2016 18:29:53 +0100

gnutls28 (3.4.10-2) experimental; urgency=medium

  * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
  * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
    another try for Closes: #813598

 -- Andreas Metzler <ametzler@debian.org>  Mon, 07 Mar 2016 19:22:57 +0100

gnutls28 (3.4.10-1) experimental; urgency=medium

  * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
    master to fix FTBFS with parallel builds. Closes: #816148
  * New upstream version.
  * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
    master branch to fix occasional testsuite error. Closes: #813598

 -- Andreas Metzler <ametzler@debian.org>  Sat, 05 Mar 2016 08:45:52 +0100

gnutls28 (3.4.9-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 07 Feb 2016 15:18:46 +0100

gnutls28 (3.4.9-1) experimental; urgency=medium

  * New upstream version.
  * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
    36_Revert-tests-updated-to-account-for-cert-generation.patch.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 06 Feb 2016 15:57:24 +0100

gnutls28 (3.4.8-3) unstable; urgency=medium

  * Pull 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
    36_Revert-tests-updated-to-account-for-cert-generation.patch
    from upstream GIT. Closes: #813243

 -- Andreas Metzler <ametzler@debian.org>  Sun, 31 Jan 2016 17:28:05 +0100

gnutls28 (3.4.8-2) unstable; urgency=medium

  * Merge master branch into experimental.
    + Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.
    + libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2.
      This is a kludge and technically wrong, but will prevent partial
      upgrades from stable. See: #788735
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 21 Jan 2016 15:45:49 +0100

gnutls28 (3.4.8-1) experimental; urgency=medium

  * Migrate from libgnutls30-dbg to ddebs. dh_strip's --ddeb-migration
    option was added to debhelper/unstable with version 9.20150628, bump
    build-dependency accordingly.
  * autoreconf requires automake 1.12.2, add build-dependency.
  * New upstream version.
    + Update symbol file.
  * Move Vcs-* from git/http to https.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 08 Jan 2016 19:30:07 +0100

gnutls28 (3.4.7-1) experimental; urgency=medium

  * New upstream version.
    + Update symbol file.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 22 Nov 2015 15:29:19 +0100

gnutls28 (3.4.6-1) experimental; urgency=medium

  * Make use of autogen's MAN_PAGE_DATE (available in version 5.18.6 and
    later) to improve reproducibility of build.
  * New upstream version.
    + Update symbol file.
  * Bump debhelper build-dependency to >= 9.20141010 and add b-d on dpkg-dev
    (>= 1.17.14). Both are required for build-profile support added in
    previous upload. (Thanks, lintian.)

 -- Andreas Metzler <ametzler@debian.org>  Tue, 20 Oct 2015 20:00:55 +0200

gnutls28 (3.4.5-1) experimental; urgency=medium

  [ Helmut Grohne ]
  * Turn Build-Depends: datefudge optional via <!nocheck> profile.
    Closes: #797544

  [ Andreas Metzler ]
  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 26 Sep 2015 13:48:12 +0200

gnutls28 (3.4.4.1-1) experimental; urgency=medium

  * New upstream version.
    + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
      bump dependency info for functions taking it as argument or returning it.
    + Bump dependency info on private symbols.
    + Update debian/copyright.
    + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
      CVE-2015-6251

 -- Andreas Metzler <ametzler@debian.org>  Tue, 11 Aug 2015 20:12:46 +0200

gnutls28 (3.4.3-1) experimental; urgency=medium

  * Re-enable libidn-support, use versioned b-d on libidn11-dev >= 1.31.
  * New upstream version.
    + Bump dependency info on gnutls_pkcs11_token_get_info due to changed enum
      gnutls_pkcs11_token_info_t.
    + Add dependency info for new symbols, bump private symbol dependency.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 12 Jul 2015 20:01:09 +0200

gnutls28 (3.4.2-2) experimental; urgency=medium

  * Disable libidn support because CVE-2015-2059 is still not fixed. See
    <https://gitlab.com/gnutls/gnutls/issues/10>. This also disables building
    of crywrap.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 05 Jul 2015 14:18:06 +0200

gnutls28 (3.4.2-1) experimental; urgency=medium

  * New upstream version.
    + Drop 50_updated-sign-md5-rep-to-reduce-false-failures.patch.
    + Update libgnutls30.symbols. (Add new fuctions, bump private symbol
      version, bump gnutls_init() due to newly added GNUTLS_NO_SIGNAL flag.)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 20 Jun 2015 08:45:14 +0200

gnutls28 (3.4.1-1) experimental; urgency=medium

  * New upstream version.
    + Bump (build)-depends on nettle and p11-kit.
    + Drop 20_debian_specific_soname.diff, 40_no_more_ssl3.diff and
      55_nettle3.patch.
    + Update 14_version_gettextcat.diff.
    + Soname bump, library package renamed from libgnutls-deb0-28 to
      libgnutls30.
    + OpenSSL compat layer is not built by default anymore, pass
      --enable-openssl-compatibility to ./configure.
    + Update symbol file.
    + libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
      restricted to the corresponding protocols only, and the VERS-ALL
      string is introduced to catch all possible protocols. Closes: #773145
    + Since the pkg-config file gnutls.pc now lists libidn in Requires.private
      "pkg-config --exists gnutls" will fail if libidn.pc is not present. Add
      dependency on libidn11-dev to libgnutls28-dev.
  * Fix typo in debian/rules
    (s/-disable-silent-rules/--disable-silent-rules).

 -- Andreas Metzler <ametzler@debian.org>  Fri, 05 Jun 2015 11:39:19 +0200

gnutls28 (3.3.20-1) unstable; urgency=medium

  * autoreconf requires automake 1.12.2, add build-dependency.
  * New upstream version.
  * Move Vcs-* from git/http to https.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 08 Jan 2016 18:57:41 +0100

gnutls28 (3.3.19-1) unstable; urgency=medium

  * New upstream version.
   + Refresh 20_debian_specific_soname.diff.
   + Update symbol file.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 22 Nov 2015 17:48:27 +0100

gnutls28 (3.3.18-1) unstable; urgency=medium

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 30 Sep 2015 18:49:13 +0200

gnutls28 (3.3.17-1) unstable; urgency=medium

  * New upstream version.
   + Drop superfluous patches.
    (45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch,
     46_safe-renegotiation-handle-case-where-client-didn-t-s.patch,
     47_safe-renegotiation-simulate-receiving-the-extension-.patch)
   + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY added to gnutls_pkcs11_obj_flags,
     bump dependency info for functions taking it as argument or returning it.
   + Bump dependency info on private symbols.
   + Fixes double free in DN decoding [GNUTLS-SA-2015-3]. Closes: #795068
     CVE-2015-6251

 -- Andreas Metzler <ametzler@debian.org>  Mon, 10 Aug 2015 19:48:11 +0200

gnutls28 (3.3.16-2) unstable; urgency=medium

  * Refresh 40_no_more_ssl3.diff.
  * 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch
    46_safe-renegotiation-handle-case-where-client-didn-t-s.patch
    47_safe-renegotiation-simulate-receiving-the-extension-.patch
    Pull three patches from upstream GIT to fix issue with server side sending
    the status request extension even when not requested.
    <http://article.gmane.org/gmane.network.gnutls.general/3929>

 -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Aug 2015 11:30:17 +0200

gnutls28 (3.3.16-1) unstable; urgency=medium

  * Limit watchfile to 3.3.x versions.
  * New upstream version.
    + Drop superfluous patches
      (50_updated-sign-md5-rep-to-reduce-false-failures.patch,
      55_nettle3.patch,
      56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch)
    + Bump private symbol versioning.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 12 Jul 2015 19:00:04 +0200

gnutls28 (3.3.15-7) unstable; urgency=medium

  * libgnutls-deb0-28 temporarily Conflicts with libnettle4, libhogweed2. This
    is a kludge and technically wrong, but will prevent partial upgrades from
    stable. Closes: #788735
  * Drop ancient Conflicts/Replaces: gnutls0, gnutls0.4.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 16 Jun 2015 19:06:09 +0200

gnutls28 (3.3.15-6) unstable; urgency=high

  * Pull 56_Corrected-camellia256-set-key-in-nettle3-compat-mode.patch
    Closes: #788011

 -- Andreas Metzler <ametzler@debian.org>  Fri, 12 Jun 2015 19:10:33 +0200

gnutls28 (3.3.15-5) unstable; urgency=medium

  * Upload to unstable.
  * Downgrade nettle-dev b-d to 2.7, this upload should build correctly
    against both 2.7 and 3.x.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 02 Jun 2015 19:21:57 +0200

gnutls28 (3.3.15-4) experimental; urgency=medium

  * 55_nettle3.patch: Use version from GnuTLS GIT gnutls_3_3_x branch, it
    allows compilation against both nettle 2.7 and 3.x.
  * Drop >= version requirements of libgnutls28-dev dependencies on nettle-dev
    and libtasn1-6-dev, the =${binary:Version} dependency of the development
    packages on the respective library packages should make this superfluous.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 16 May 2015 12:45:19 +0200

gnutls28 (3.3.15-3) experimental; urgency=medium

  * Add 55_nettle3.patch from
    http://pkgs.fedoraproject.org/cgit/compat-gnutls28.git/ to allow building
    against nettle3.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 13 May 2015 19:20:07 +0200

gnutls28 (3.3.15-2) unstable; urgency=medium

  * 50_updated-sign-md5-rep-to-reduce-false-failures.patch from upstream GIT,
    fixing a testsuite error on kfreebsd-*.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 06 May 2015 19:06:03 +0200

gnutls28 (3.3.15-1) unstable; urgency=medium

  * New upstream stable release.
    + Fix for MD5 downgrade in TLS 1.2 signatures. [GNUTLS-SA-2015-2].

 -- Andreas Metzler <ametzler@debian.org>  Mon, 04 May 2015 19:24:42 +0200

gnutls28 (3.3.14-3) experimental; urgency=medium

  * 50_nettle3_*.patch: Update to head of upstream gnutls_3_3_x branch.
  * (Build-)depend on nettle-dev >= 3.0.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 01 May 2015 11:49:04 +0200

gnutls28 (3.3.14-2) unstable; urgency=medium

  * Upload to unstable.
  * Sync version of Depends and Build-Depends on libtasn1-6-dev.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 27 Apr 2015 09:27:50 +0200

gnutls28 (3.3.14-1) experimental; urgency=medium

  * New upstream version.
    + Bump libtasn b-d to >= 4.3.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 31 Mar 2015 18:29:42 +0200

gnutls28 (3.3.13-1) experimental; urgency=medium

  * New upstream version.
    + Includes fix for CVE-2015-0294, a certificate algorithm consistency
      checking issue.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 28 Feb 2015 08:27:10 +0100

gnutls28 (3.3.12-1) experimental; urgency=medium

  * New upstream version.
    + gnutls-cli-debug STARTTLS is working. Closes: #467022

 -- Andreas Metzler <ametzler@debian.org>  Sat, 17 Jan 2015 12:42:06 +0100

gnutls28 (3.3.11-1) experimental; urgency=medium

  * New upstream version.
    + Includes fix for OCSP response parsing issue. Closes: #772055

 -- Andreas Metzler <ametzler@debian.org>  Thu, 11 Dec 2014 19:07:23 +0100

gnutls28 (3.3.10-2) experimental; urgency=medium

  * Remove SSL 3.0 from default priorities list.
    Closes: #769904

 -- Andreas Metzler <ametzler@debian.org>  Wed, 19 Nov 2014 19:33:23 +0100

gnutls28 (3.3.10-1) experimental; urgency=medium

  * debian/rules: fix pattern for removal (and re-generation) of autogen-ed
    manpages.
  * New upstream version.
    + Includes fix for a denial of service issue CVE-2014-8564 /
      GNUTLS-SA-2014-5.
    + When gnutls_global_init() is called for a second time, it will check
      whether the /dev/urandom fd kept is still open and matches the original
      one. That behavior works around issues with servers that close all file
      descriptors. This should take care of #760476.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 10 Nov 2014 19:29:30 +0100

gnutls28 (3.3.9-1) experimental; urgency=medium

  * New upstream version.
    + Unfuzz 20_debian_specific_soname.diff.
    + Drop 31_fallback_to_RUSAGE_SELF.diff.
    + Bump private symbol dependency info.
    + Bump dependency version of gnutls_certificate_get_issuer() and
      gnutls_x509_trust_list_get_issuer() because of newly added
      GNUTLS_TL_GET_COPY flag.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 13 Oct 2014 20:08:58 +0200

gnutls28 (3.3.8-7) unstable; urgency=medium

  * 45_eliminated-double-free.diff 46_Better-fix-for-the-double-free.diff:
    Pull two patches from upstream to a use-after-free flaw in
    gnutls_x509_ext_import_crl_dist_points(). CVE-2015-3308
    Closes: #782776

 -- Andreas Metzler <ametzler@debian.org>  Sat, 18 Apr 2015 19:11:01 +0200

gnutls28 (3.3.8-6) unstable; urgency=medium

  * 39_check-whether-the-two-signatur.patch: Pull and unfuzz
    6e76e9b9fa845b76b0b9a45f05f4b54a052578ff from upstream GIT: On
    certificate import check whether the two signature algorithms match.
    CVE-2015-0294. Closes: #779428

 -- Andreas Metzler <ametzler@debian.org>  Sat, 28 Feb 2015 14:17:21 +0100

gnutls28 (3.3.8-5) unstable; urgency=medium

  * Remove SSL 3.0 from default priorities list.
    Closes: #769904

 -- Andreas Metzler <ametzler@debian.org>  Thu, 20 Nov 2014 19:25:20 +0100

gnutls28 (3.3.8-4) unstable; urgency=high

  * Drop 31_fallback_to_RUSAGE_SELF.diff.
  * 35_recheck_urandom_fd.diff:  When gnutls_global_init() is called manually
    from the application check the urandom fd for validity. Closes: #768841
    and takes care of #760476.
  * 36_less_refresh-rnd-state.diff: do not explicitly refresh rnd state on
    session deinit. It is already being refreshed during the session lifetime.
  * 37_X9.63_sanity_check.diff: when exporting curve coordinates to X9.63
    format, perform additional sanity checks on input.
    CVE-2014-8564 / GNUTLS-SA-2014-5. Closes: #769154
  * 38_testforsanitycheck.diff adds a test for CVE-2014-8564. (As the test
    uses a cert in binary der-format which is not representable in a quilt
    patches and we want to limit debian.tar.xz to modify stuff in debian/ we
    have some special handling in debian/rules.)

 -- Andreas Metzler <ametzler@debian.org>  Wed, 12 Nov 2014 19:31:07 +0100

gnutls28 (3.3.8-3) unstable; urgency=high

  [ Daniel Kahn Gillmor ]
  * Add list of executables to gnutls-bin package description.
    Closes: #763671

  [ Andreas Metzler ]
  * 31_fallback_to_RUSAGE_SELF.diff from upstream GIT: if RUSAGE_THREAD fails
    try RUSAGE_SELF, which should fix a crash in cups. (Thanks, Nikos
    Mavrogiannopoulos!) Closes: #760476

 -- Andreas Metzler <ametzler@debian.org>  Sat, 11 Oct 2014 16:16:00 +0200

gnutls28 (3.3.8-2) unstable; urgency=medium

  * Correct libtasn1-6-dev (build-)dependency version requirement, GnuTLS
    3.3.8 requires libtasn1 >= 3.9.
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 21 Sep 2014 11:52:40 +0200

gnutls28 (3.3.8-1) experimental; urgency=medium

  * New upstream version.
    + Refresh 20_debian_specific_soname.diff.
    + Bump libp11-kit-dev b-d to >= 0.20.7, add (temporary) build-conflicts
      with old experimental upload 0.21.2-1
    + Add newly added symbols to libgnutls-deb0-28.symbols, bump version of
      some functions in the gnutls_pkcs11_* family due to new members in enums
      gnutls_pkcs11_obj_type_t and gnutls_pkcs11_obj_flags, bump private
      symbol dependency info, and bump shlibs.
  * Drop version from libgnutls28-dev's dependency on libp11-kit-dev.
    The GnuTLS library package automatically gets a dependency on libp11-kit0
    (>= the-version-in-build-depends). OTOH libp11-kit-dev depends on
    libp11-kit0 (= ${binary:Version}). Therefore these dependencies already
    enforce a version on libp11-kit-dev and we do not need to duplicate the
    info.
  * Add explicit build-dependency on libopts25-dev. Closes: #761618

 -- Andreas Metzler <ametzler@debian.org>  Sat, 20 Sep 2014 12:11:01 +0200

gnutls28 (3.3.7-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 30 Aug 2014 08:01:51 +0200

gnutls28 (3.3.7-1) experimental; urgency=medium

  * New upstream release.
    + Refresh 20_debian_specific_soname.diff.
    + Add newly added symbols to libgnutls-deb0-28.symbols, bump private
      symbol dependency info, and bump shlibs.
    + New member in gnutls_pkcs11_obj_attr_t, bump version of
      gnutls_pkcs11_obj_list_import_url*.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 24 Aug 2014 13:35:44 +0200

gnutls28 (3.3.6-2) unstable; urgency=medium

  * Upload to unstable. We want 3.3 in jessie, as it is (going to be) GnuTLS
    lastest stable at freeze time.
  * 30_guile-snarf.diff: Work around #759096 (guile-snarf hard-codes the
    at-build-time-default-compiler) by exporting @CPP@.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 24 Aug 2014 09:32:36 +0200

gnutls28 (3.3.6-1) experimental; urgency=medium

  * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
    with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
  * New upstream release.
    + Refresh 20_debian_specific_soname.diff.
    + Add newly added symbols to libgnutls-deb0-28.symbols and bump private
      symbol dependency info.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 24 Jul 2014 08:50:01 +0200

gnutls28 (3.3.5-1) experimental; urgency=medium

  * New upstream version.
  * Refresh patches/20_debian_specific_soname.diff.
  * Drop 30_Updated-asm-sources.patch.
  * Add new public symbols to symbol file, bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 28 Jun 2014 13:53:06 +0200

gnutls28 (3.3.3-1) experimental; urgency=medium

  * New upstream version, including a fix for GNUTLS-SA-2014-3
    CVE-2014-3466.
  * Refresh 20_debian_specific_soname.diff.
  * 30_Updated-asm-sources.patch: Updated asm code pulled from upstream git.
  * New symbol gnutls_credentials_get, update symbol file and bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 31 May 2014 07:58:37 +0200

gnutls28 (3.3.2-2) experimental; urgency=high

  * Fix crashes due to symbol clashes when a binary ends up being linked
    against GnuTLS v2 and v3 by bumping library symbol-versioning (and
    therefore also the soname) in a Debian specific way, to make sure there is
    no conflict with future:
    + 20_debian_specific_soname.diff
      - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
      - Add "-release deb0" to libtool link command.
    + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
    + Adapt symbol file accordingly.
    + Change 14_version_gettextcat.diff, too.
      Closes: #748742
   * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
     These have been unnecessary since we started using dh compat v9, where
     debugging symbols are installed to /usr/lib/debug/.build-id.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 24 May 2014 19:27:01 +0200

gnutls28 (3.3.2-1) experimental; urgency=medium

  * Do not build-depend on guile-2.0 on m68k. Closes: #745461
  * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
    enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
    corresponding versioned build-dependency, to prevent building of
    uninstallable packages.
  * New upstream version. Drop 20_guile_no_override_allocation.diff and
    21_Treat-othername-as-printable.diff.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 08 May 2014 19:47:09 +0200

gnutls28 (3.3.1-1) experimental; urgency=medium

  * New upstream version.
    + Drop 20_sparc_chainverify_buserror.diff.
    + Pull 20_guile_no_override_allocation.diff and
      21_Treat-othername-as-printable.diff from upstream GIT.
    + Drop gnutls_secure_calloc@GNUTLS_1_4 from symbol file. It was dropped
      upstream since it was never exported in a public header and is not
      used according to codesearch.d.o.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 19 Apr 2014 19:25:11 +0200

gnutls28 (3.3.0-2) experimental; urgency=medium

  * Drop last remains of -xssl from debian/.
  * Add debian/libgnutls28.symbols.
  * 20_sparc_chainverify_buserror.diff from upstream GIT: In chainverify test
    increase the space available for certificates to fix sparc testsuite
    error.
  * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
    libgnutls28-dev.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 17 Apr 2014 19:53:30 +0200

gnutls28 (3.3.0-1) experimental; urgency=medium

  * New upstream version.
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 12 Apr 2014 07:49:11 +0200

gnutls28 (3.3.0~pre0-1) experimental; urgency=medium

  * Also version the p11-kit dependency.
  * New upstream version.
    + Set --enable-static, as only shared libs are built by default.
    + libgnutls-xssl is no more.
    + Bump shlibs.
  * Upload to experimental.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 29 Mar 2014 19:19:37 +0100

gnutls28 (3.2.16-1) unstable; urgency=medium

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 23 Jul 2014 12:36:32 +0200

gnutls28 (3.2.15-3) unstable; urgency=medium

  * [debian/copright]: Replace reference to GPLv2.1 (which does not exist)
    with one to GPLv2. (Thanks, Jakub Wilk) Closes: #754160
  * Stop shipping libgnutls-xssl0, it has been removed in upstream's 3.3
    series.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 12 Jul 2014 13:55:48 +0200

gnutls28 (3.2.15-2) unstable; urgency=high

  * Fix crashes due to symbol clashes when a binary ends up being linked
    against GnuTLS v2 and v3 by bumping library symbol-versioning (and
    therefore also the soname) in a Debian specific way, to make sure there is
    no conflict with future:
    + 20_debian_specific_soname.diff
      - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
      - Add "-release deb0" to libtool link command.
    + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
    + Change 14_version_gettextcat.diff, too.
    Closes: #74874
  * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
    These have been unnecessary since we started using dh compat v9, where
    debugging symbols are installed to /usr/lib/debug/.build-id.
  * debian/copyright: Add info about GPLv2 compatibility.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 05 Jun 2014 18:56:03 +0200

gnutls28 (3.2.15-1) unstable; urgency=high

  * New upstream version.
    + Includes a fix for GNUTLS-SA-2014-3 / CVE-2014-3466.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 31 May 2014 08:37:00 +0200

gnutls28 (3.2.14-1) unstable; urgency=medium

  * Do not build-depend on guile-2.0 on m68k. Closes: #745461
  * New upstream version.
  * Manually version libgnutls28's dependency on libgmp10 as (>= 2:6), to
    enforce a dual-licensed (GPLv2+/LGPLv2.1+) version of GMP. Also add a
    corresponding versioned build-dependency, to prevent building of
    uninstallable packages.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 07 May 2014 19:29:26 +0200

gnutls28 (3.2.13-2) unstable; urgency=medium

  * Build OpenSSL wrapper from gnutls28, provide libgnutls-openssl-dev from
    libgnutls28-dev.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 16 Apr 2014 19:24:25 +0200

gnutls28 (3.2.13-1) unstable; urgency=medium

  * Also version the p11-kit dependency.
  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 10 Apr 2014 19:08:40 +0200

gnutls28 (3.2.12.1-2) unstable; urgency=medium

  * Upload to unstable.
  * Sync from Ubuntu (Colin Watson):
    + Add arm64 and ppc64el to the list of non-ia64 architectures on which
      guile-gnutls is built.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 12 Mar 2014 17:50:43 +0100

gnutls28 (3.2.12.1-1) experimental; urgency=medium

  * New upstream version.
    + Drop superfluous patches: 
      20_bug-in-gnutls_pcert_list_import_x509_raw.patch
      20_CVE-2014-0092.diff

 -- Andreas Metzler <ametzler@debian.org>  Wed, 05 Mar 2014 19:40:42 +0100

gnutls28 (3.2.11-2) unstable; urgency=high

  * Bump version of Build-Depends on libp11-kit-dev, as required by 3.2.11.
  * 20_CVE-2014-0092.diff by Nikos Mavrogiannopoulos: Fix certificate
    validation issue. CVE-2014-0092

 -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Mar 2014 08:48:21 +0100

gnutls28 (3.2.11-1) unstable; urgency=high

  * New upstream version. (Closes CVE-2014-1959 / GNUTLS-SA-2014-1)
  * Pull 20_bug-in-gnutls_pcert_list_import_x509_raw.patch from upstream git.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 15 Feb 2014 14:38:52 +0100

gnutls28 (3.2.10-2) unstable; urgency=high

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 02 Feb 2014 12:10:16 +0100

gnutls28 (3.2.10-1) experimental; urgency=high

  * New upstream version.
  * New symbols exported, bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Feb 2014 09:22:36 +0100

gnutls28 (3.2.9-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 29 Jan 2014 19:05:05 +0100

gnutls28 (3.2.9-1) experimental; urgency=medium

  * New upstream version.
    + %COMPAT implies %DUMBFW. (See #733039)
  * Drop 40_guilenoparallel.diff, which did not have any effect after enabling
    dh_autoreconf.
  * Stop dh_clean from removing *.bak, upstream tarball actually contains
    files named such in src/ subdirectory.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 25 Jan 2014 19:00:11 +0100

gnutls28 (3.2.8.1-3) unstable; urgency=medium

  * Correct c'n'p error in Vcs-Git field.
  * Update debian/copyright from upstream's README. (Thanks, Kurt Roeckx)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 19 Jan 2014 13:23:46 +0100

gnutls28 (3.2.8.1-2) unstable; urgency=low

  * Upload to unstable, without libgnutls-openssl27.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 27 Dec 2013 15:45:39 +0100

gnutls28 (3.2.8.1-1) experimental; urgency=low

  * New upstream version.
    + Drop debian/patches/45_add_strerror-module.patch, which was pulled from
      upstream.
    + Bump shlibs.
  * Add debian/upstream-signing-key.pgp (listed in
    debian/source/include-binaries) and update watchfile to check
    upstream signature.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 21 Dec 2013 16:59:19 +0100

gnutls28 (3.2.7-4) experimental; urgency=low

  * Upload to experimental, with libgnutls-openssl27.
  * Version libgnutls-openssl27 shlibs. (Mainly to identify rebuilt packages.)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 08 Dec 2013 18:43:16 +0100

gnutls28 (3.2.7-3) unstable; urgency=low

  * Point vcs* to git.
  * Upload to unstable, without libgnutls-openssl27.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 08 Dec 2013 18:15:43 +0100

gnutls28 (3.2.7-2) experimental; urgency=low

  * Fix kfreebsd FTBFS.
    + 45_add_strerror-module.patch add gnulib strerror module.
    + Use dh_autoreconf.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 29 Nov 2013 19:10:39 +0100

gnutls28 (3.2.7-1) experimental; urgency=low

  * New upstream version.
    + Add b-d on bison.
    + Bump shlibs.
    + Drop 30_forcesystemlibopts.diff 50_Ignore-SIGPIPE.patch.
    + Simplify debian/rules, stop removing autogened files.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 27 Nov 2013 19:30:00 +0100

gnutls28 (3.2.6-2) experimental; urgency=low

  * Print out test-suite.log on test-suite-error. (Thanks, Steven Chamberlain
    for the hint.)
  * 50_Ignore-SIGPIPE.patch - fix spurious FTBFS due to race condition.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 10 Nov 2013 13:54:49 +0100

gnutls28 (3.2.6-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 05 Nov 2013 19:25:51 +0100

gnutls28 (3.2.5-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.
  * Ship examples/examples.h which is needed for building examples/*.c. Also
    add ex-cxx.cpp, while we are at it. (Thanks, Daniel Kahn Gillmor)
    Closes: #726971

 -- Andreas Metzler <ametzler@debian.org>  Sat, 26 Oct 2013 14:40:05 +0200

gnutls28 (3.2.4-5) experimental; urgency=low

  * Re-enable building of libgnutls-openssl27 binary package.
  * Let libgnutls-dev provide libgnutls-openssl-dev to prepare a seamless
    transition to gnutls28.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 06 Oct 2013 19:10:06 +0200

gnutls28 (3.2.4-4) unstable; urgency=low

  * 40_guilenoparallel.diff: Disable parallel build in
    guile/modules/.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 09 Sep 2013 19:48:04 +0200

gnutls28 (3.2.4-3) unstable; urgency=low

  * Looks like "Architecture" in debian/control cannot be folded, unfold the
    respective entry for guile-gnutls.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 08 Sep 2013 08:03:27 +0200

gnutls28 (3.2.4-2) unstable; urgency=low

  * Manpages were missing on binary-only builds. Closes: #721725
  * Build with
    --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt since
    ca-certificates not pulled in by build-dependencies anymore.
    Closes: #721726
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 07 Sep 2013 08:10:17 +0200

gnutls28 (3.2.4-1) experimental; urgency=low

  * New upstream release.
    + Drop 40_Clean-up-after-test.patch.
  * Fix path to png files in info files with sed instead of symlinking images.
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 31 Aug 2013 19:02:33 +0200

gnutls28 (3.2.3-3) experimental; urgency=low

  * Switch to dh, to easily allow us to move gtk-doc-tools to
    Build-Depends-Indep. Closes: #682596

 -- Andreas Metzler <ametzler@debian.org>  Sun, 25 Aug 2013 10:25:52 +0200

gnutls28 (3.2.3-2) experimental; urgency=low

  * Build gnutls-guile against guile-2.0.
    + Drop --disable-largefile on armel armhf mipsel.
    + ia64 does not build guile-2.0, disable guile-support there.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 04 Aug 2013 13:28:13 +0200

gnutls28 (3.2.3-1) unstable; urgency=low

  * New upstream release.
  * Drop superfluous patches. (35_gnutls-priority-string.diff
    36_avoid-leaking-a-buffer-element.diff)
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 30 Jul 2013 19:45:28 +0200

gnutls28 (3.2.2-2) unstable; urgency=low

  * Pull two patches from upstream:
    +35_gnutls-priority-string.diff Fix priority string parsing broken in
     3.2.2 Closes: #717314
    +36_avoid-leaking-a-buffer-element.diff 

 -- Andreas Metzler <ametzler@debian.org>  Sun, 21 Jul 2013 18:08:42 +0200

gnutls28 (3.2.2-1) unstable; urgency=low

  * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
    Closes: #678070
  * New upstream version.
  * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 15 Jul 2013 11:41:50 +0200

gnutls28 (3.2.1-2) unstable; urgency=low

  * Upload to unstable.
  * Do not link everything against nettle on mips(el), the issue being worked
    around was fixed by the latest eglibc upload.
  * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
    same.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 23 Jun 2013 16:55:09 +0200

gnutls28 (3.2.1-1) experimental; urgency=low

  * New upstream version.
    + Bump nettle build-dep to >= 2.7.
    + Bump shlibs.
    + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
      whether it still fails on kfreebsd-i386.
    + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
      false positive error in 32-bit systems.
    + [32_linkagainstgmp.diff] Link libgnutls against gmp.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 09 Jun 2013 20:08:29 +0200

gnutls28 (3.1.12-2) unstable; urgency=low

  * Upload to unstable.
  * Fix vcs-field-not-canonical lintian error by using anonscm instead of
    svn.debian.org.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 08 Jun 2013 14:41:39 +0200

gnutls28 (3.1.12-1) experimental; urgency=low

  * Use rm -f on clean, fixing an issue with building twice in row.
  * New upstream version.
  * On mips/mipsel link everything and the kitchen-sink against nettle to work
    around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").

 -- Andreas Metzler <ametzler@debian.org>  Sun, 02 Jun 2013 07:58:55 +0200

gnutls28 (3.1.11-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 10 May 2013 16:39:17 +0200

gnutls28 (3.1.10-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 23 Mar 2013 16:21:30 +0100

gnutls28 (3.1.9.1-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs.
  * Force re-generation of autogen-ed manpages.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 03 Mar 2013 17:06:05 +0100

gnutls28 (3.1.8-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 10 Feb 2013 13:35:32 +0100

gnutls28 (3.1.7-1) experimental; urgency=low

  * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
    the build-depency. (Thanks, Daniel Kahn Gillmor)
  * New upstream version.
    + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
      CVE-2013-0169 CVE-2013-1619.
    + New symbols added, bump shlibs.
    + Ship newly available libgnutls-xssl0 library in a separate package.
  * Disable Heart Beat (RFC6520) support.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 05 Feb 2013 14:58:31 +0100

gnutls28 (3.1.6-1) experimental; urgency=low

  * Update watchfile, based on Bart Martens version for gnutls26 on 
    q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
    3.x versions.
  * New upstream version.
    + requires libtasn1 >= 3.1, bump build-depends.
    + requires a a newer version of autogen, bump build-depends.
    + update debian/copyright to reflect the fact that GnuTLS authors have
      stopped assigning copyright to FSF. 

 -- Andreas Metzler <ametzler@debian.org>  Sat, 05 Jan 2013 09:38:41 +0100

gnutls28 (3.1.5-1) experimental; urgency=low

  * New upstream version.
    + Drop 40_danetestfail.diff
    + Unfuzz 20_test-select.diff
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 28 Nov 2012 19:23:10 +0100

gnutls28 (3.1.4-1) experimental; urgency=low

  * New upstream release.
    + Drop 40_fixtypo.diff.
    + debian/copyright: update upstream author list.
    + New symbols added, bump shlibs.
  * 40_danetestfail.diff - Do not try to run dane test without dane support.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 10 Nov 2012 09:21:41 +0100

gnutls28 (3.1.3-1) experimental; urgency=low

  * New upstream release.
  * Explicitly set --disable-libdane --without-tpm.
  * Bump shlibs.
  * 40_fixtypo.diff pulled from upstream git.
  * Update debian/copyright from AUTHORS.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 13 Oct 2012 15:52:09 +0200

gnutls28 (3.1.2-1) experimental; urgency=low

  * New upstream release.
    + Requires libtasn1-3 2.14, bump (b-)d.
    + New symbols added, bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 29 Sep 2012 08:13:47 +0200

gnutls28 (3.1.1-1) experimental; urgency=low

  * New upstream release.
    + Includes patch by Bernhard R. Link for gnutls-serv listening on ipv6.
      Closes: #686242
    + Drop superfluous patches. (40_debugtestsuite 41_use-errno.diff
      42_dump-the-errno.diff 43_possiblefix.diff)
    + Bump shlibs.
  * Sync version of libgnutls-dev dependency on nettle-dev with the
    build-dependency.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 04 Sep 2012 19:28:08 +0200

gnutls28 (3.1.0-5) experimental; urgency=low

  * 43_possiblefix.diff might fix the test suite error.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 02 Sep 2012 16:05:34 +0200

gnutls28 (3.1.0-4) experimental; urgency=low

  * 41_use-errno.diff 42_dump-the-errno.diff: Get more info for debugging the
    testsuite error.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 02 Sep 2012 13:28:55 +0200

gnutls28 (3.1.0-3) experimental; urgency=low

  * [40_debugtestsuite] Debug the correct test, mini-handshake-timeout.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Sep 2012 10:02:54 +0200

gnutls28 (3.1.0-2) experimental; urgency=low

  * Mention abbreviation "DTLS" in package description.
  * [40_debugtestsuite] Enable verbose execution of mini-emsgsize-dtls test,
    it spuriously fails on about half of the buildds.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Sep 2012 08:41:11 +0200

gnutls28 (3.1.0-1) experimental; urgency=low

  * New upstream release.
    + Bump nettle build-dep to >= 2.5.
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 26 Aug 2012 13:40:15 +0200

gnutls28 (3.0.22-2) unstable; urgency=low

  * Upload to unstable. This is a leaf-package, experimental should get
    3.1.0.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 25 Aug 2012 09:22:37 +0200

gnutls28 (3.0.22-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 05 Aug 2012 08:29:14 +0200

gnutls28 (3.0.21-1) experimental; urgency=low

  * New upstream version.
    + Drop 35_s390buildfix.diff.
  * Bump shlibs (new functions added.)

 -- Andreas Metzler <ametzler@debian.org>  Tue, 03 Jul 2012 19:50:14 +0200

gnutls28 (3.0.20-3) unstable; urgency=low

  * 35_s390buildfix.diff - Fixes test-suite error on s390x.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 21 Jun 2012 19:52:47 +0200

gnutls28 (3.0.20-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 16 Jun 2012 16:20:01 +0200

gnutls28 (3.0.20-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs (new functions added.)
  * Drop 25_disabledtls_kFreeBSD.diff, kFreeBSD has support for
    CLOCK_MONOTONIC now. #662018

 -- Andreas Metzler <ametzler@debian.org>  Wed, 06 Jun 2012 20:46:11 +0200

gnutls28 (3.0.19-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 22 Apr 2012 18:42:46 +0200

gnutls28 (3.0.19-1) experimental; urgency=low

  * New upstream version.
    + libgnutls: When decoding a PKCS #11 URL the pin-source field
      is assumed to be a file that stores the pin. (LP: #929108)
    + Drop 31_killchild.diff, included upstream.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 22 Apr 2012 18:14:41 +0200

gnutls28 (3.0.18-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 14 Apr 2012 16:34:15 +0200

gnutls28 (3.0.18-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.
  * patches/31_killchild.diff: Revert upstream change which caused tee-ing a
    build to hang.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 07 Apr 2012 09:11:39 +0200

gnutls28 (3.0.17-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 20 Mar 2012 19:19:31 +0100

gnutls28 (3.0.17-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 17 Mar 2012 15:59:17 +0100

gnutls28 (3.0.15-2) experimental; urgency=low

  * 25_disabledtls_kFreeBSD.diff: Skip dtls-stress on kFreeBSD-* since
    support for CLOCK_MONOTONIC is missing there. (See #662018.)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 11 Mar 2012 10:24:39 +0100

gnutls28 (3.0.15-1) experimental; urgency=low

  * New upstream version.
    + Drop superfluous patches (30_microseconds-does-not-overflow.patch, 
      31_provide-accurate-value-to-select.patch)
    + Includes fix for CVE-2012-1573.
  * 30_forcesystemlibopts.diff: Force linkage against Debian's libopts.
  * Bump libgnutls-dev dependency on libp11-kit-dev.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 04 Mar 2012 15:58:38 +0100

gnutls28 (3.0.14-1) experimental; urgency=low

  * New upstream version.
    + Drop 30_force-kill-of-child.diff.
  * Pull 30_microseconds-does-not-overflow.patch and
    31_provide-accurate-value-to-select.patch from GIT head, fixing testsuite
    error (tests/mini-loss) on kfreebsd-*.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 25 Feb 2012 15:24:39 +0100

gnutls28 (3.0.13-1) experimental; urgency=low

  * New upstream version.
    + bump libp11-kit-dev build-dep. to >= 0.11.
    + drop 30_guilegnutlserrorcodes.diff.
  * Drop debian/ocsptool.1 use, newly available upstream manpage instead.
  * Use and link against Debian's packaged version of autogen/libopts.
    + B-d on autogen.
    + remove autogen-generated files (*.c, *.h) on clean. autogen requires
      that the system headers are at least of the same version as the
      one which was used to generate the files from their respective .def
      sources.
  * 30_force-kill-of-child.diff: Kill child process in mini-loss-time test.
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 20 Feb 2012 19:30:16 +0100

gnutls28 (3.0.12-2) unstable; urgency=low

  * De-multiarch guile-gnutls. Closes: #658110

 -- Andreas Metzler <ametzler@debian.org>  Sat, 04 Feb 2012 14:34:48 +0100

gnutls28 (3.0.12-1) unstable; urgency=low

  * New upstream version.
  * [30_guilegnutlserrorcodes.diff] (pulled from git head): fixes guile
    testsuite error.
  * Update debian/copyright.
  * Bump shlibs. (OCSP support)
  * Add trivial ocsptool manpage.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 21 Jan 2012 10:38:44 +0100

gnutls28 (3.0.11-1) unstable; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 07 Jan 2012 12:55:33 +0100

gnutls28 (3.0.10-1) unstable; urgency=low

  * Drop guile-gnutls.README.Debian - binary guile modules are no longer
    directly installed in $libdir.
  * New upstream version.
    + Drop patches/30_correctly-set-the-odd-bits.patch.
    + gnutls_random_art() added. Update copyright, bump shlibs.
    + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
      Closes: #652552

 -- Andreas Metzler <ametzler@debian.org>  Fri, 06 Jan 2012 08:52:19 +0100

gnutls28 (3.0.9-2) unstable; urgency=low

  * [20_test-select.diff] Do not run gnulib test-select test anymore. The
    test fails on kfreebsd-i386, the gnutls library does not use select().
  * [30_correctly-set-the-odd-bits.patch] Post release fix from GIT head.
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 17 Dec 2011 11:41:19 +0100

gnutls28 (3.0.9-1) experimental; urgency=low

  * New upstream version.
  * Include guile-gnutls package.
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 14 Dec 2011 19:54:20 +0100

gnutls28 (3.0.8-2) unstable; urgency=low

  * First upload to unstable.
    + Disable openssl-wrapper package, let it be provided by gnutls26 until
      gnutls28 is in testing.
    + Disable gnutls-guile package, let it be provided by gnutls26 until
      gnutls28 is in testing.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 03 Dec 2011 10:30:04 +0100

gnutls28 (3.0.8-1) experimental; urgency=low

  * Build gnutls with --disable-largefile on armel, armhf and mipsel to fix
    guile related FTBFS on these architectures.
    See http://lists.gnu.org/archive/html/gnutls-devel/2011-10/msg00075.html
  * New upstream version.
    + Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 12 Nov 2011 17:05:25 +0100

gnutls28 (3.0.7-1) experimental; urgency=low

  * New upstream version.
    + Fixes GNUTLS-SA-2011-2 CVE-2011-4128 #648441
  * Drop 20_addGNU-stack.diff, included upstream.
  * loadable Guile module no longer installed directly to $libdir but to
    $libdir/guile/X.Y/. Drop nunnecessary lintian overrides and
    Pre-Depends: ${misc:Pre-Depends} from guile-gnutls. Also modify     
    DEB_DH_MAKESHLIBS_ARGS_guile-gnutls to ignore the binary module.
  * gnutls-extra is removed upstream, there is no need anymore to manually
    remove the bits and pieces in debian/rules.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 10 Nov 2011 19:35:30 +0100

gnutls28 (3.0.4-2) experimental; urgency=low

  * Drop libgnutls-dev.README.Debian, the information provided there stopped
    being relevant in 2.7.12.
  * Delete superfluous info from debian/README.source.
  * Rename libgnutls-dev to libgnutls28-dev. A big quick transition does not
    seem to be possible.
    http://lists.debian.org/debian-devel/2011/10/msg00332.html
  * Simplify dependencies:
    + libgnutls28-dev Provides/Conflicts/Replaces gnutls-dev (which is
      also provided by gnutls26' libgnutls-dev).
    + Drop *ancient* Conflicts/Replaces against libgnutls5-dev, gnutls0.4-dev,
      gnutls-dev (<< 0.4.0-0), libgnutls11-dev.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 23 Oct 2011 17:41:27 +0200

gnutls28 (3.0.4-1) experimental; urgency=low

  * New upstream version.
    + bump shlibs.
    + bump nettle build-dependency to >= 2.4. (Required for ripemd-160).
  * Add libp11-kit-dev to libgnutls-dev dependencies. Closes: #643811
  * [20_addGNU-stack.diff] Add GNU-stack note to newly added
    padlock-common.s.
  * Stop shipping libgnutls-extra.so. It is an empty shell currently and will
    be packaged for Debian again when it provides functionality.
  * Update debian/copyright, accelerated assembly code is non-FSF copyright.
  * Add crywrap.8 manpage.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 15 Oct 2011 13:37:39 +0200

gnutls28 (3.0.3-1) experimental; urgency=low

  * New upstream version. (Includes a fix for #640639)
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 20 Sep 2011 19:37:06 +0200

gnutls28 (3.0.2-1) experimental; urgency=low

  * Update debian/copyright for crywrap.
  * Since libgnutls*-dbg contains debugging symbols of helper applications
    libgnutls26-dbg and libgnutls28-dbg are not co-installable. Update
    Conflicts.
  * New upstream version. It also includes the fixes for #638586 (Correct
    parsing of XMPP subject alternative names) and #638595
    (gnutls_certificate_set_x509_key() and
    gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
    release of the private key during the lifetime of the certificate
    structure.)
  * Configure with --enable-gtk-doc, the included API reference is incomplete
    in the tarball.
  * [lintian] Get rid of binary-control-field-duplicates-source field
    warnings.
  * [lintian] Add description header to 14_version_gettextcat.diff
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 03 Sep 2011 13:18:17 +0200

gnutls28 (3.0.1-1) experimental; urgency=low

  * Update Vcs-Svn and Vcs-Browser for new source package name.
  * New upstream version.
    + corrects formatting of gnutls-cli(1) manpage. Closes: #637551
  * Bump build-dependency on libp11-kit-dev to (>= 0.4).
  * Drop 20_executablestack.diff, included upstream.
  * Includes crywrap(8), an application that proxies TLS session to a port
    using a plaintext service. 
  * Add build-dependency on libidn11-dev, needed for newly added crywrap tool.
  * Bump shlibs. (New flags).

 -- Andreas Metzler <ametzler@debian.org>  Sun, 21 Aug 2011 14:54:23 +0200

gnutls28 (3.0.0-2) experimental; urgency=low

  * Add missing b-d on chrpath.
  * Search for .xz instead of .bz2 in watchfile.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 16 Aug 2011 13:57:22 +0200

gnutls28 (3.0.0-1) experimental; urgency=low

  * Drop gcrypt related patches (16_unnecessarydep.diff
    17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff
    20_gcrypt15compat.diff), update remaining one
    (14_version_gettextcat.diff).
  * Build against nettle and p11-kit.
    + Update DEB_CONFIGURE_EXTRA_FLAGS.
    + Update (Build-)Depends. (Add pkg-config, it is used for locating
      p11-kit.)
  * Changed sonames: libgnutlsxx27 -> libgnutlsxx28, libgnutls26 ->
    libgnutls28.
  * Drop libgnutls Breaks, they are superfluous after the soname change.
  * Delete config.log on clean.
  * [20_executablestack] pulled from upstream GIT. Adds GNU-stack note to
    assembly files.
  * Delete unneccessary rpath entries.
  * Update debian/copyright. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. Add a
    NEWS entry for this license change.
  * Move gnutls-extra library to separate package.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 14 Aug 2011 16:44:11 +0200

gnutls26 (2.12.7-4) unstable; urgency=low

  * Upload to unstable.
  * Point watch file to stable release directory.
  * 18_gpgerrorinpkgconfig.diff: Add libgpg-error to pkg-config
    Libs.private. Closes: #632891
  * Update libgnutls26 Breaks (snowdrop and zoneminder versions.)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 07 Aug 2011 09:58:28 +0200

gnutls26 (2.12.7-3) experimental; urgency=low

  [ Simon Josefsson ]
  * Fix Debian BTS URL in --with-packager-bug-reports option.

  [ Andreas Metzler ]
  * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 25 Jul 2011 19:59:36 +0200

gnutls26 (2.12.7-2) experimental; urgency=low

  * Stop shipping libtool la files.
  * Convert to multi-arch. (Partial merge from Ubuntu 2.10.5-1ubuntu2):
    + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update
      *.install accordingly.
    + Bump cdbs Build-Depends to 0.4.93 (required for expanding
      $(DEB_HOST_MULTIARCH)).
    + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
    + runtime libraries and guile-wrapper are Multi-Arch: same with 
      Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) and -doc are 
      Multi-Arch: foreign, -dev and -dbg remain unchanged.
    + Diverge from Ubuntu patch  by not settting Multi-Arch: same on -dbg
      package. It contains debugging symbols for both library and helper
      binaries ( e.g. /usr/lib/debug/usr/bin/gnutls-cli) and is therefore not
      co-installable with itself.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 26 Jun 2011 15:01:58 +0200

gnutls26 (2.12.7-1) experimental; urgency=low

  * New upstream version.
  * Update 17_ignoretestsuitteerrors.diff.
  * A new version of pokerth has been uploaded to sid, update libgnutls26
    Breaks accordingly.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 19 Jun 2011 08:49:01 +0200

gnutls26 (2.12.6.1-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs, global_set_time_function() was added.
  * Stop setting CFLAGS += -Wall, it is set by default again.
  * [17_ignoretestsuitteerrors.diff] Ignore two (not serious) testsuite
    errors.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 05 Jun 2011 13:18:50 +0200

gnutls26 (2.12.5-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs, gnutls_x509_crq_verify() was added.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 14 May 2011 13:21:12 +0200

gnutls26 (2.12.4-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs. (gnutls_certificate_get_issuer() added).

 -- Andreas Metzler <ametzler@debian.org>  Sun, 08 May 2011 15:19:18 +0200

gnutls26 (2.12.3-1) experimental; urgency=low

  * New upstream version.
  * Drop patches included upstream: [18_restoreHMAC-MD5.diff]

 -- Andreas Metzler <ametzler@debian.org>  Fri, 22 Apr 2011 18:26:11 +0200

gnutls26 (2.12.2-2) experimental; urgency=low

  * [18_restoreHMAC-MD5.diff], pulled from upstream git, restore HMAC-MD5
    for compatibility. Closes: #623001

 -- Andreas Metzler <ametzler@debian.org>  Sun, 17 Apr 2011 15:44:30 +0200

gnutls26 (2.12.2-1) experimental; urgency=low

  * New upstream version.
  * [lintian] Drop article from short package descriptions.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 08 Apr 2011 19:36:27 +0200

gnutls26 (2.12.1-1) experimental; urgency=low

  * New upstream version.
    + certtool: Generated certificate request with stricter permissions.
      Closes: #619746
  * Drop superfluous patches:
    17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
    19_uninitializedvar.diff 20_access_freedmemory.diff
  * Add Breaks for all packages using the GnuTLS OpenSSL wrapper. They will
    need a binNMU when gnutls 2.12.x uploaded to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 02 Apr 2011 15:22:46 +0200

gnutls26 (2.12.0-1) experimental; urgency=low

  * New upstream stable release.
    + Drop superceded patches 17_goldhotfix.patch
      18_libgnutls-openssl_soname.diff.
  * Pull a couple of post release fixes from upstream gnutls_2_12_x branch:
    17_sizeof_gnutls_openpgp_keyid_t.diff 18_ext_mod_iadef.diff
    19_uninitializedvar.diff 20_access_freedmemory.diff

 -- Andreas Metzler <ametzler@debian.org>  Sun, 27 Mar 2011 10:23:11 +0200

gnutls26 (2.11.7-2) experimental; urgency=low

  * 18_libgnutls-openssl_soname.diff. Bump libgnutls-openssl soname (libtool
    versioning: 27:0:0).
  * Split off libgnutls-openssl to a separate package, since the sonames are
    not in sync anymore.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 11 Mar 2011 17:48:47 +0100

gnutls26 (2.11.7-1) experimental; urgency=low

  * New upstream version (rc for 2.12)
    + Drop superfluous patches (15_fixgnutlspc.diff 17_endian.diff)
    + Bump shlibs.
  * debian/patches/17_goldhotfix.patch Link gnutls-extra gainst gcrypt.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 10 Mar 2011 12:12:01 +0100

gnutls26 (2.11.6-2) experimental; urgency=low

  * 17_endian.diff - Pulled from upstream. Fix testsuite error (./tests/resume)
    on big endian architectures.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 23 Feb 2011 19:20:40 +0100

gnutls26 (2.11.6-1) experimental; urgency=low

  * Development release.
  * Continue building against libgcrypt, run configure with --with-libgcrypt.
  * Refresh patches/15_fixgnutlspc.diff.
  * Set --with-packager* options.
  * Install newly available p11tool binary.
  * Bump libgcrypt11-dev Build-Depends.
  * C++ wrapper soname bump, change package name accordingly.
  * Bump shlibs.
  * Update debian/copyright.
  * Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
    seem to set it by default.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 19 Feb 2011 15:29:43 +0100

gnutls26 (2.10.5-3) unstable; urgency=medium

  * [20_gcrypt15compat.diff] Fix compatibility with gcrypt 1.5.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 25 Jul 2011 19:26:34 +0200

gnutls26 (2.10.5-2) unstable; urgency=low

  * Stop shipping libtool la files.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 25 Jun 2011 18:13:38 +0200

gnutls26 (2.10.5-1) unstable; urgency=low

  * New upstream bugfix release.
    + Drop 15_fixgnutlspc.diff, included upstream.
  * Set C(XX)FLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
    seem to set it by default.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 28 Feb 2011 18:52:57 +0100

gnutls26 (2.10.4-2) unstable; urgency=low

  * Use debhelper compatibility level 7.
  * Merge in changes from 2.8.6-1:
    + Use dh_lintian.
    + Use dh_makeshlibs for the guile stuff, too. This gets us 
      a) ldconfig in postinst. Closes: #553109
      and
      b) a shlibs file.
      However the shared objects /usr/lib/libguile-gnutls*so* are still not
      designed to be used as libraries (linking) but are dlopened. guile-1.10
      will address this issue by keeping this stuff in a private directory.
    + hotfix pkg-config files (proper fix to be included upstream).
    + Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff
      Closes: #405239
   * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 06 Feb 2011 16:44:09 +0100

gnutls26 (2.10.4-1) experimental; urgency=low

  * New upstream release. V1 CAs are trusted by default.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 06 Dec 2010 19:13:48 +0100

gnutls26 (2.10.3-1) experimental; urgency=low

  * Drop workaround for 519006, binutils is fixed even in squeeze.
  * New upstream bugfix release.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 19 Nov 2010 19:19:26 +0100

gnutls26 (2.10.2-1) experimental; urgency=low

  * New upstream version.
    + Fix asynchronous API handling. Closes: #588187
    + certtool does not crash on reading from /dev/null anymore.
      Closes: #588029
  * Standards-Version 3.9.1 -Stop building with -D_REENTRANT.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 30 Sep 2010 19:10:31 +0200

gnutls26 (2.10.1-1) experimental; urgency=low

  * Update package descriptions. Closes: #588067
  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 25 Jul 2010 14:56:45 +0200

gnutls26 (2.10.0-2) experimental; urgency=low

  * libgnutls26 now Breaks: libsoup2.4-1 (<= 2.30.1-1), 
    libsoup2.4-1 (= 2.31.2-1). The problem is caused by addition of TLS1.2
    support in GnuTLS. Sid (2.30.2-1) is already fixed, experimental
    (2.31.2-1) not yet. Closes: #587755

 -- Andreas Metzler <ametzler@debian.org>  Sat, 03 Jul 2010 08:58:57 +0200

gnutls26 (2.10.0-1) experimental; urgency=low

  * New upstream stable release.
  * Point watchfile to stable releases.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 26 Jun 2010 14:48:40 +0200

gnutls26 (2.9.12-2) experimental; urgency=low

  * Work around gcc-4.4 bug <http://bugs.debian.org/519006> by building
    without -g on mips/mipsel. (As a side effect this makes libgnutls26-dbg a
    useless and almost empty package on these archs.)
  * Drop ancient workaround for gcc bug on hppa.
    http://bugs.debian.org/128036

 -- Andreas Metzler <ametzler@debian.org>  Sat, 19 Jun 2010 14:38:22 +0200

gnutls26 (2.9.12-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 17 Jun 2010 19:20:04 +0200

gnutls26 (2.9.11-1) experimental; urgency=low

  * New upstream version.
  * Drop 15_gnutlspriority.diff, superseded.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 07 Jun 2010 19:36:33 +0200

gnutls26 (2.9.10-2) experimental; urgency=low

  * [15_gnutlspriority.diff] Restore compatibility with programs using 
    gnutls_*_set_priority() instead of gnutls_priority_*(), e.g. exim.
    Closes: #579831

 -- Andreas Metzler <ametzler@debian.org>  Thu, 27 May 2010 18:40:53 +0200

gnutls26 (2.9.10-1) experimental; urgency=low

  * New upstream version.
  * New functions added, bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 22 Apr 2010 19:29:52 +0200

gnutls26 (2.9.9-1) experimental; urgency=low

  * Package upstream development branch for experimental.
  * Track development versions in watchfile.
  * Package C++ wrapper again. Closes: #548637

 -- Andreas Metzler <ametzler@debian.org>  Sun, 20 Dec 2009 11:31:33 +0100

gnutls26 (2.8.6-1) unstable; urgency=low

  * Use dh_lintian.
  * Use dh_makeshlibs for the guile stuff, too. This gets us 
    a) ldconfig in postinst. Closes: #553109
    and
    b) a shlibs file.
    However the shared objects /usr/lib/libguile-gnutls*so* are still not
    designed to be used as libraries (linking) but are dlopened. guile-1.10
    will address this issue by keeping this stuff in a private directory.
  * hotfix pkg-config files (proper fix to be included upstream).
  * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff

 -- Andreas Metzler <ametzler@debian.org>  Sat, 20 Mar 2010 15:53:35 +0100

gnutls26 (2.8.5-2) unstable; urgency=low

  * Add a huge bunch of lintian overrides for the guile stuff to make dak
    happy.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 13 Nov 2009 19:53:04 +0100

gnutls26 (2.8.5-1) unstable; urgency=low

  * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
  * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
    orig.tar.bz2 without repacking it to gz.
  * New upstream version.
    + Drop patches/20_fixtimebomb.diff.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 12 Nov 2009 19:57:08 +0100

gnutls26 (2.8.4-2) unstable; urgency=high

  * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

 -- Andreas Metzler <ametzler@debian.org>  Sun, 01 Nov 2009 13:21:27 +0100

gnutls26 (2.8.4-1) unstable; urgency=low

  * New upstream version.
    + Drop debian/patches/15_openpgp.diff.
  * Sync priorities with override file, libgnutls26 has been bumped from
    important to standard.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 26 Sep 2009 10:33:52 +0200

gnutls26 (2.8.3-3) unstable; urgency=low

  * Empty dependency_libs in la-files. (Squeeze release goal.)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 05 Sep 2009 09:09:22 +0200

gnutls26 (2.8.3-2) unstable; urgency=low

  * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
    openpgp connections.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 22 Aug 2009 14:14:48 +0200

gnutls26 (2.8.3-1) unstable; urgency=high

  * New upstream version.
    + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
      was built against. Closes: #540449
    + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
      certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
      http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
  * Drop 15_chainverify_expiredcert.diff, included upstream.
  * Urgency high, since 541439 applies to testing, too.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 14 Aug 2009 19:14:29 +0200

gnutls26 (2.8.1-2) unstable; urgency=low

  [ Simon Josefsson ]
  * Remove cruft in rules file.
  * Remove patches/15_tasn1inpc.diff, not needed.

  [ Andreas Metzler ]
  * Finally add an entry to the NEWS.Debian file concerning the deprecation of
    RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
  * Upload to unstable.
  * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
    Fix testsuite error caused by expired certificate.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 06 Aug 2009 19:12:51 +0200

gnutls26 (2.8.1-1) experimental; urgency=low

  * New upstream stable release.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 11 Jun 2009 09:15:28 +0200

gnutls26 (2.7.14-1) experimental; urgency=low

  * [debian/control] set section setting of source package to libs instead of
    devel.
  * New upstream version.
    + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
    + Bump shlibs, new symbols added.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 26 May 2009 19:51:41 +0200

gnutls26 (2.7.12-1) experimental; urgency=low

  * Fix typo in changelog. Closes: #526427
  * New upstream release.
    + Does not ship the scripts libgnutls-extra-config and libgnutls-config
      and the .m4 snippet to use it anymore. Please switch to pkg-config or
      standard autoconf test. Drop manpages and
      both patches/13_lessdeps_gnutls-config.diff and
      patches/13_lessdeps_gnutls-config.diff from the debian diff.
    + Update remaining patches.
    + Bump shlibs, new symbols added.
  * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
    already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
    GNUTLS_2_8.
  * New upstream uses separate ./configure scripts for the different
    libraries. Invoke the main ./configure script with
    --cache-file=$(CURDIR)/config.cache to speed things up.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 21 May 2009 11:18:35 +0200

gnutls26 (2.6.6-1) unstable; urgency=high

  * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
    way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
  * New upstream security release.
    + libgnutls: Corrected double free on signature verification failure.
      GNUTLS-SA-2009-1 CVE-2009-1415
    + libgnutls: Fix DSA key generation. Noticed when investigating the
      previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
      2.6.x are corrupt.  See the advisory for more details.
      GNUTLS-SA-2009-2 CVE-2009-1416
    + libgnutls: Check expiration/activation time on untrusted certificates.
      Before the library did not check activation/expiration times on
      certificates, and was documented as not doing so.
      GNUTLS-SA-2009-3 CVE-2009-1417
   * The former two issues only apply to gnutls 2.6.x. The latter is a
     behavior change, add a NEWS.Debian file to document it.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 30 Apr 2009 19:00:21 +0200

gnutls26 (2.6.5-1) unstable; urgency=low

  * Sync sections in debian/control with override file. libgnutls26-dbg is
    section debug, guile-gnutls is section lisp.
  * New upstream version. (Needed for Libtasn1-3 2.0)
  * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
  * Standards-Version: 3.8.1, no changes required.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 14 Apr 2009 14:23:19 +0200

gnutls26 (2.6.4-2) unstable; urgency=low

  * Upload to unstable.
  * Merge changelog entries from unstable and experimental.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 16 Feb 2009 16:43:37 +0100

gnutls26 (2.6.4-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 07 Feb 2009 14:32:57 +0100

gnutls26 (2.6.3-1) experimental; urgency=low

  * New upstream version.
    + Corrects bug gnutls-cli which caused a rehandshake request
      to be ignored. Closes: #396867
  * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 21 Dec 2008 10:46:38 +0100

gnutls26 (2.6.2-2) experimental; urgency=low
 
  * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
    correct certificate chains were not recognized as verified.
    Closes: #507633
  * [lintian] Add ${misc:Depends} to multiple dendency lines.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 06 Dec 2008 13:31:58 +0100

gnutls26 (2.6.2-1) experimental; urgency=low

  * New upstream version.
    + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
    + Drop 20_fix_501077.diff.
  * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
    there.
  * Add Simon Josefsson to uploaders.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 13 Nov 2008 19:30:06 +0100

gnutls26 (2.6.0-1) experimental; urgency=low

  * New upstream stable release.
  * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
    gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077

 -- Andreas Metzler <ametzler@debian.org>  Sat, 25 Oct 2008 09:59:03 +0200

gnutls26 (2.5.9-1) experimental; urgency=low

  * New upstream development version.
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 04 Oct 2008 12:40:01 +0200

gnutls26 (2.4.2-6) unstable; urgency=medium

  * New patches, syncing with 2.4.3 upstream oldstable release:
    + 24_intermedcertificate.patch If a non-root certificate ist trusted
      gnutls certificateificate verification stops there instead of checking
      up to the root of the certificate chain.
    + 22_whitespace.patch - Whitespace only changes, to make it possible to
      apply upstream fixes without manual changes. 
    + 25_bufferoverrun.patch. Fix buffer overrun bug in
      gnutls_x509_crt_list_import.
      http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e

 -- Andreas Metzler <ametzler@debian.org>  Sat, 07 Feb 2009 12:58:51 +0100

gnutls26 (2.4.2-5) unstable; urgency=low

  * Pull two patches from upstream stable branch to make gnutls behavior
    match documentation:
   + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
     certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
     GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
   + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
     certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
     GNUTLS_CERT_INSECURE_ALGORITHM verification output.
     CVE-2009-2409

 -- Andreas Metzler <ametzler@debian.org>  Sat, 31 Jan 2009 16:26:52 +0100

gnutls26 (2.4.2-4) unstable; urgency=medium

  * Add Simon Josefsson to uploaders.
  * Another fix for the verification fix. Some correct certificate chains were
    not recognized as verified. Closes: #507633

 -- Andreas Metzler <ametzler@debian.org>  Sat, 06 Dec 2008 12:09:33 +0100

gnutls26 (2.4.2-3) unstable; urgency=low

  * Fix a crash on trying to verify self-signed certificates introduced by the
    patch for CVE-2008-4989. Closes: #505279

 -- Andreas Metzler <ametzler@debian.org>  Wed, 12 Nov 2008 19:23:23 +0100

gnutls26 (2.4.2-2) unstable; urgency=medium

  * [CVE-2008-4989.diff] Fix man in the middle attack for certificate
    verification. CVE-2008-4989 GNUTLS-SA-2008-3

 -- Andreas Metzler <ametzler@debian.org>  Mon, 10 Nov 2008 19:42:54 +0100

gnutls26 (2.4.2-1) unstable; urgency=low

  * New upstream bugfix release.
  * Up to date gnutls-cli manpage. Closes: #492775

 -- Andreas Metzler <ametzler@debian.org>  Sun, 21 Sep 2008 10:35:16 +0200

gnutls26 (2.4.1-1) unstable; urgency=medium

  * New upstream version, fixing a local denial of service vulnerability only
    present in >= 2.3.5. GNUTLS-SA-2008-2  CVE-2008-2377

 -- Andreas Metzler <ametzler@debian.org>  Tue, 01 Jul 2008 19:35:51 +0200

gnutls26 (2.4.0-2) unstable; urgency=low

  * Standards version 3.8.0. Rename README.source_and_patches to README.source.
  * Upload to unstable.
  * Point watchfile to stable releases again.
  * Merge experimental and unstable changelog.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 24 Jun 2008 19:13:25 +0200

gnutls26 (2.4.0-1) experimental; urgency=low

  * New upstream stable release.
  * New APIs to retrieve fingerprint from OpenPGP subkeys. Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Wed, 18 Jun 2008 19:40:38 +0200

gnutls26 (2.3.15-1) experimental; urgency=low

  * New upstream version. (rc4)
    Disables 'openpgp-certs' tests. Closes: #486269

 -- Andreas Metzler <ametzler@debian.org>  Mon, 16 Jun 2008 19:08:24 +0200

gnutls26 (2.3.14-1) experimental; urgency=low

  * New upstream version. (rc3)

 -- Andreas Metzler <ametzler@debian.org>  Wed, 11 Jun 2008 19:16:18 +0200

gnutls26 (2.3.13-1) experimental; urgency=low

  * New upstream version. 2nd rc for 2.4.0.
  * Drop debian/patches/15_gnutls-pgpself.diff, included upstream.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 08 Jun 2008 18:00:51 +0200

gnutls26 (2.3.12-1) experimental; urgency=low

  * New upstream version. Bump shlibs.
  * Ship doc/certtool.cfg in /usr/share/doc/gnutls-bin/examples. Closes: #483798
  * Add 15_gnutls-pgpself.diff (Pulled from upstream GIT), fixing testsuite
    failure on sparc.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 05 Jun 2008 19:08:29 +0200

gnutls26 (2.3.11-1) experimental; urgency=low

  * New upstream version.
    + Fixes three security vulnerabilities.
      [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
      <http://www.gnu.org/software/gnutls/security.html>.
      CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1
    + Fixes subjectAltName wildcard matching. Closes: #479174
    + certtool now writes keyfiles with 0600 permissions. Closes: #373169

 -- Andreas Metzler <ametzler@debian.org>  Sat, 24 May 2008 08:25:36 +0200

gnutls26 (2.2.5-1) unstable; urgency=high

  * New upstream version.
    Fixes three security vulnerabilities.
    [GNUTLS-SA-2008-1-1] [GNUTLS-SA-2008-1-2] [GNUTLS-SA-2008-1-3]. See
    <http://www.gnu.org/software/gnutls/security.html>.
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950. DSA-1581-1

 -- Andreas Metzler <ametzler@debian.org>  Tue, 20 May 2008 19:19:55 +0200

gnutls26 (2.3.9-1) experimental; urgency=low

  * New upstream development version.
    - OpenPGP support merged into libgnutls and is now licensed under LGPL.
      The included copy of OpenCDK has been stripped down and re-licensed
      under the LGPL. Using the external OpenCDK is not supported anymore, the
      external library will not be maintained anymore. Drop respective
      (build-)depends.
    - API extended, bump shlibs.
    - certtool asks for password confirmation. Closes: #364287
    - performance enhancements for gnutls_certificate_set_x509_trust_file.
      Closes: #400448
    - gnutls-cli: exits when hostname doesn't match certificate.
      Use --insecure to avoid hostname comparison.
  * For paranoia sake build with -D_REENTRANT even if upstream has stopped
    doing so.
  * [debian/copyright] : update, and stop including a GFDL copy.
  * Point watchfile to development versions.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 17 May 2008 16:56:04 +0200

gnutls26 (2.2.3-1) unstable; urgency=low

  * New upstream stable release.
    - --priority is documented in gnutls-cli(1) manpage. Closes: #467051

 -- Andreas Metzler <ametzler@debian.org>  Mon, 12 May 2008 18:29:12 +0200

gnutls26 (2.2.3~rc-1) unstable; urgency=low

  * New upstream version. Release candidate for 2.2.3.
    + Increase default handshake packet size limit to 48kb. Closes: #478191
  * remove unsupported .l command from debian/libgnutls-config.1
  * Use Programming/C as doc-base section.

 -- Andreas Metzler <ametzler@debian.org>  Thu, 01 May 2008 13:09:49 +0200

gnutls26 (2.2.2-1) unstable; urgency=low

  * New upstream version.
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
    strings and return the proper size.
    corrected string handling in parse_general_name.
    Closes: #465197
  * Point watchfile to ftp.gnutls.org.
  * Downgrade libtasn build-dep from 0.3.4-1 to 0.3.4-0.

 -- Andreas Metzler <ametzler@debian.org>  Fri, 22 Feb 2008 19:08:36 +0100

gnutls26 (2.2.1-3) unstable; urgency=low

  * Resurrect accidentally reverted fix for ftbfs on ia64. Do not try to build
    gnutls guile wrapper on ia64.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 04 Feb 2008 19:14:03 +0100

gnutls26 (2.2.1-2) unstable; urgency=low

  * Add Vcs-Svn: and Vcs-Browser control fields.
  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 03 Feb 2008 18:14:21 +0100

gnutls26 (2.2.1-1) experimental; urgency=low

  * New upstream version.
  * guile-1.8 does not build on ia64. Stop trying to build the gnutls wrapper
    there.
  * libgnutls26-dbg needs to conflict with libgnutls13-dbg, since both
    packages contain gnutls-bin debugging symbols. Closes: #459295.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 20 Jan 2008 18:27:33 +0100

gnutls26 (2.2.0-1) experimental; urgency=low

  * New upstream version.
    License change! Main library stays LGPLv2.1+ but libgnutls-extra,
    libgnutls-openssl and the binaries are GPLv3+ now. debian/copyright is
    updated.
  * Stop linking agains liblzo2. Version 2.02 of this library if GPLv2 (older
    versions were GPLv2+) and this license is not compatible with GPLv3+.
  * Non packaged 2.1.8 introduced new symbol
    gnutls_x509_crt_get_subject_alt_name2(), bump shlibs.
  * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}.
  * Bump build-depends to libgcrypt11-dev >= 1.3.2, since it is needed for
    DSA2 support. Closes: #455513
  * Drop erraneous libgcrypt11 (>= 1.3.0) from b-d.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 15 Dec 2007 16:41:54 +0100

gnutls26 (2.1.7-1) experimental; urgency=low

  * New upstream version.
    - Another soname bump. Packages renamed.
  * Continue using a repacked orig.tar.gz, instead of upstream's tar.bz2 since
    dak does not allow that yet.
  * Add Build-Conflicts: libgnutls-dev to stop libtool from linking
    libgnutls-extra against libgnutls.so in /usr/lib/. Closes: #453035

 -- Andreas Metzler <ametzler@debian.org>  Sat,  1 Dec 2007 10:40:17 +0100

gnutls25 (2.1.6-2) experimental; urgency=low

  * Temporarily add libgcrypt11 (>= 1.3.0) to build-depends, to make
    experimental buildds happy.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 19 Nov 2007 18:58:48 +0100

gnutls25 (2.1.6-1) experimental; urgency=low

  * New upstream version. API changes! Please consult
    /usr/share/doc/libgnutls-dev/NEWS.gz for the detailed list of deprecated,
    removed (mainly *_authz_*) and changed interfaces.
    This is the first release canddate for 2.2. The deprecation of
    gnutls_set_default_priority() is supposed to be undone before the final
    stable release.
  * Bump build-depends.
  * Stop building and shipping the C++ library, since nobody is using it. I
    will happly re-add it if requested.
  * Add Homepage field to debian/control.
  * Build and ship Guile bindings. Requested by Ludovic Court├Ęs who also
    provided the initial patch. (On a sidenote I think guile generally does
    not do the right thing by throwing dlopened modules into /usr/lib/.)
  * Update debian/copyright.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 17 Nov 2007 16:42:01 +0100

gnutls13 (2.0.1-1) unstable; urgency=low

  * New upstream version.
  * Remove doc/*.info* on clean to allow building thrice in a row.
    (Closes: #441740)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 29 Sep 2007 11:29:22 +0200

gnutls13 (1.7.19-1) unstable; urgency=low

  * New upstream version 1.7.19.
    - Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
      This takes of care of the mutt breakage. Closes: #439640

 -- Andreas Metzler <ametzler@debian.org>  Mon, 27 Aug 2007 19:36:23 +0200

gnutls13 (1.7.18-2) unstable; urgency=low

  * Upload to unstable

 -- Andreas Metzler <ametzler@debian.org>  Sat, 25 Aug 2007 09:27:18 +0200

gnutls13 (1.7.18-1) experimental; urgency=low

  * New upstream version 1.7.18, release candidate for 2.0.
  * Bump shlibs, since functions have been added.
  * Image files renamed upstream with gnutls- prefix and symlinked to
    /usr/share/info/ in Debian package. Closes: #423577

 -- Andreas Metzler <ametzler@debian.org>  Sat, 18 Aug 2007 09:06:11 +0200

gnutls13 (1.7.16-1) experimental; urgency=low

  * New upstream version 1.7.16.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 11 Aug 2007 10:50:21 +0200

gnutls13 (1.7.14-1) experimental; urgency=low

  * New upstream version
    - fixes crash in gnutls-cli when TLS handshake fails. Closes: #429183

 -- Andreas Metzler <ametzler@debian.org>  Sat, 30 Jun 2007 09:06:35 +0200

gnutls13 (1.7.12-1) experimental; urgency=low

  * New upstream version 1.7.12
    - Fixes memory errors in certificate parsing. Closes: #333050
  * Bump shlibs, due to API extensions in 1.7.10.
  * Rebuilding of docs simpified, strip debian/README.source_and_patches to
    reflect that.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 23 Jun 2007 11:14:26 +0200

gnutls13 (1.7.9-1) experimental; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
  * New upstream version.
    - Uses opencdk10 (0.6.x).
    - Improved gnutls_set_default_priority() priorities, with matching correct
      docs. (Closes: #422024)
    - bumped shlibs.
  * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
    twice in a row on the same sourcetree. (Closes: #424357) Document what is
    needed to rebuild doc/gnutls.pdf in README.source_and_patches.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 28 May 2007 08:36:42 +0200

gnutls13 (1.7.7-1) experimental; urgency=low

  * New development upstream version 1.7.7.
    - Point watchfile to development versions.
    - Bump shlibs for added APIs.
    - Includes German translation. (Closes: #392857)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 15 Apr 2007 10:11:21 +0200

gnutls13 (1.6.3-1) unstable; urgency=low

  * New upstream version, pulling selected fixes and features from 1.7.x.
  * Bump shlibs.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 27 May 2007 09:26:14 +0200

gnutls13 (1.6.2-2) unstable; urgency=low

  * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)

 -- Andreas Metzler <ametzler@debian.org>  Sun, 13 May 2007 09:48:31 +0200

gnutls13 (1.6.2-1) unstable; urgency=low

  * New upstream version
    - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
      certificates, since it contains a regenerated pkix_asn1_tab.c.
    - Ship German translation. Closes: #392857

 -- Andreas Metzler <ametzler@debian.org>  Sat, 21 Apr 2007 10:57:02 +0200

gnutls13 (1.6.1-2) unstable; urgency=low

  * [gnutls-bin.install] Ship psktool.
  * Ship gettext translations in deb package, but as gnutls13.mo instead of
    gnutls.mo.
  * Upload to unstable. Merge branch1.5.x.EXP to svn trunk. Include 1.4.4-*
    changelog entries after branchoff. Point watchfile to stable upstream
    versions again.
  * Drop dependency of libgnutls13-dbg on libgnutlsxx13.

 -- Andreas Metzler <ametzler@debian.org>  Sat,  3 Feb 2007 13:49:48 +0100

gnutls13 (1.6.1-1) experimental; urgency=low

  [ James Westby ]
  * New upstream release.

 -- Andreas Metzler <ametzler@debian.org>  Sat,  3 Feb 2007 13:18:03 +0100

gnutls13 (1.6.0-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 18 Nov 2006 13:21:56 +0100

gnutls13 (1.5.3-1) experimental; urgency=low

  [ Andreas Metzler ]
  * Fix debian/copyright.
    - Do not use "copyright" as title of a paragraph listing licenses.
      (Closes: #290194)
    - Add a copy of the FDL 1.2 to debian/copyright.
  * New upstream version 1.5.3.
  * Bump shlibs to get rid of reference to ugly 1.5.1.cvs2006093.
  * Drop code for re-libtoolizing and running auto* from debian/rules, it is
    unused and would not work anymore. (We can later grab the from SVN and
    update it to make work if we ever need it.)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 28 Oct 2006 12:56:46 +0200

gnutls13 (1.5.1.cvs20060930-1) experimental; urgency=low

  [ Andreas Metzler ]
  * Add a watchfile.
  * New upstream development version.
    - Pulled from http://josefsson.org/daily/gnutls/gnutls-20060930.tar.gz
    - Using a cvs snapshot instead of 1.5.1 because the soname in 1.5.1 was
      broken.
    - Drop unneeded patches/16_libs.private_gnutls.diff
      patches/16_libs.private_gnutls-extra.diff
    - Point watchfile to development versions.
    - Builds a C++ library.
  * Switch to debhelper v5 mode to be able to ship debug symbols of
    libgnutls13 and libgnutlsxx13 in a common libgnutls13-dbg package.
  * Branched off from 1.4.4-1.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 30 Sep 2006 09:54:38 +0200

gnutls13 (1.4.4-3) unstable; urgency=low

  * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
       When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
       version, try to negotiate the highest version support by the GnuTLS
       server, instead of the lowest.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 11 Nov 2006 10:35:29 +0100

gnutls13 (1.4.4-2) unstable; urgency=low

  [ Andreas Metzler ]
  * Add a watchfile.
  * Fix debian/copyright.
    - Do not use "copyright" as title of a paragraph listing licenses.
      (Closes: #290194)
    - Add a copy of the FDL 1.2 to debian/copyright.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 12 Sep 2006 19:57:49 +0200

gnutls13 (1.4.4-1) unstable; urgency=high

  [ Andreas Metzler ]
  * New upstream version 1.4.4
    - Updated fix for GNUTLS-SA-2006-4, that is not too strict and doesn't
      crash mutt. (closes: #386725)
      GNUTLS-SA-2006-4 is CVE-2006-4790.

 -- Andreas Metzler <ametzler@debian.org>  Tue, 12 Sep 2006 19:09:47 +0200

gnutls13 (1.4.3-2) unstable; urgency=low

  * the lesser of two weevils release.
  [ Andreas Metzler ]
  * Revert patch for GNUTLS-SA-2006-4 as it caused segmentation faults in
    various programs, including mutt. (closes: #386680)

 -- Andreas Metzler <ametzler@debian.org>  Sat,  9 Sep 2006 19:29:52 +0200

gnutls13 (1.4.3-1) unstable; urgency=high

  [ Andreas Metzler ]
  * New upstream version 1.4.3.
    - Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06
      rump session attack. GNUTLS-SA-2006-4
    - Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack..
      GNUTLS-SA-2006-3
    - Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.

 -- Andreas Metzler <ametzler@debian.org>  Fri,  8 Sep 2006 19:12:33 +0200

gnutls13 (1.4.2-1) unstable; urgency=medium

  [ Andreas Metzler ]
  * New upstream bugfix release.
    - Fixes a crash in the certificate verification logic.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 12 Aug 2006 10:44:16 +0200

gnutls13 (1.4.1-1) unstable; urgency=low

  [ James Westby ]
  * New upstream release.
  * Remove the following patches as they are now included upstream:
    - 10_certtoolmanpage.diff
    - 15_fixcompilewarning.diff
    - 30_man_hyphen_*.patch
  * Link the API reference in /usr/share/gtk-doc/html as gnutls rather than
    gnutls-api so that devhelp can find it.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 15 Jul 2006 11:11:08 +0200

gnutls13 (1.4.0-3) unstable; urgency=low

  [ Andreas Metzler ]
  * Strip "libgnutls-config --libs"' output to only list stuff required for
    dynamic linking. (Closes: #375815). Document this in "libgnutls-dev's
    README.Debian.
  * Pull patches/16_libs.private_gnutls.diff and
    debian/patches/16_libs.private_gnutls-extra.diff from upstream to make
    pkg-config usable for static linking.

 -- Andreas Metzler <ametzler@debian.org>  Sun,  2 Jul 2006 12:10:56 +0200

gnutls13 (1.4.0-2) unstable; urgency=low

  [ Andreas Metzler ]
  * Set maintainer to alioth mailinglist.
  * Drop code for updating config.guess/config.sub from debian/rules, as cdbs
    handles this. Build-Depend on autotools-dev.
  * Drop build-dependency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6.
  * Use cdbs' simple-patchsys.mk.
    - add debian/README.source_and_patches
    - add patches/10_certtoolmanpage.diff  patches/12_lessdeps.diff
  * Fix libgnutls-dev's Suggests to point to existing package. (gnutls-doc)
  * Also ship css-, devhelp- and sgml files in gnutls-doc.
  * patches/15_fixcompilewarning.diff correct order of funtion arguments.

  [ James Westby ]
  * This release allows the port to be specified as the name of the service
    when using gnutls-cli (closes: #342891)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 17 Jun 2006 20:44:09 +0200

gnutls13 (1.4.0-1) experimental; urgency=low

  * New maintainer team. Thanks, Matthias for all the work you did.
  * Re-add gnutls-doc package, featuring api-reference as manual pages and
    html, and reference manual in html and pdf format.
    (closes: #368185,#368449)
  * Fix reference to gnutls0.4-doc package in debian/copyright. Update
    debian/copyright and include actual copyright statements.
    (closes: #369071)
  * Bump shlibs because of changes to extra.h
  * Drop debian/libgnutls13.dirs and debian/libgnutls-dev.dirs. dh_* will
    generate the necessary directories.
  * Drop debian/NEWS.Debian as it only talks about the move of the (since
    purged) gnutls-doc package to contrib a long time ago.
    (Thanks Simon Josefsson, for these suggestions.)
  * new upstream version. (closes: #368323)
  * clean packaging against upstream tarball.
    - Drop all patches, except for fixing error in certtool.1 and setting
      gnutls_libs=-lgnutls-extra in libgnutls-extra-config.
    - Add  --enable-ld-version-script
      to DEB_CONFIGURE_EXTRA_FLAGS to force versioning of symbols, instead of
      patching ./configure.in.
    (closes: #367358)
  * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite.
  * Build against external libtasn1-3. (closes: #363294)
  * Standards-Version: 3.7.2, no changes required.
  * debian/control and override file are in sync with respect to Priority and
    Section, everthing except libgnutls13-dbg already was. (closes: #366956)
  * acknowledge my own NMU. (closes: #367065)
  * libgnutls13-dbg is nonempty (closes: #367056)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 20 May 2006 11:22:36 +0000

gnutls13 (1.3.5-1.1) unstable; urgency=low

  * NMU
  * Invoke ./configure with --with-included-libtasn1 to prevent accidental
    linking against the broken 0.3.1-1 upload of libtasn1-2-dev which
    contained libtasn1.so.3 and force gnutls13 to use the internal version of
    libtasn instead until libtasn1-3-dev is uploaded. Drop broken
    Build-Depency on libtasn1-2-dev (>= 0.3.1).  (closes: #363294)
  * Make libgnutls13-dbg nonempty by using --dbg-package=libgnutls13 instead
    of --dbg-package=libgnutls12. (closes: #367056)

 -- Andreas Metzler <ametzler@debian.org>  Sat, 13 May 2006 07:45:32 +0000

gnutls13 (1.3.5-1) unstable; urgency=low

  * New Upstream version.
    - Security fix.
    - Yet another ABI change.
  * Depends on libgcrypt 1.2.2, thus should close:#330019,#355272
  * Let -dev package depend on liblzo-dev (closes:#347438)
  * Fix certtool help output (closes:#338623)

 -- Matthias Urlichs <smurf@debian.org>  Sat, 18 Mar 2006 22:46:25 +0100

gnutls12 (1.2.9-2) unstable; urgency=low

  * Install /usr/lib/pkgconfig/*.pc files.
  * Depend on texinfo (>= 4.8, for the @euro{} sign).

 -- Matthias Urlichs <smurf@debian.org>  Tue, 15 Nov 2005 19:26:02 +0100

gnutls12 (1.2.9-1) unstable; urgency=low

  * New Upstream version.

 -- Matthias Urlichs <smurf@debian.org>  Fri, 11 Nov 2005 18:51:28 +0100

gnutls12 (1.2.8-1) unstable; urgency=low

  * New Upstream version.
    - depends on libgcrypt11 1.2.2
  * Bumped shlibs version, just to be on the safe side.

 -- Matthias Urlichs <smurf@debian.org>  Wed, 19 Oct 2005 12:05:14 +0200

gnutls12 (1.2.6-1) unstable; urgency=low

  * New Upstream version.
  * Remove Provides: on libgnutls11-dev.
    Hopefully this will be temporary (pending discussion with Upstream).

 -- Matthias Urlichs <smurf@debian.org>  Thu, 11 Aug 2005 12:21:36 +0200

gnutls12 (1.2.5-3) unstable; urgency=high

  * Updated libgnutls12.shlibs file.
    Thanks to Mike Paul <w5ydkaz02@sneakemail.com>.
    Closes: #319291: libgnutls12: Wrong soversion in shlibs file; breaks
                                  dependencies on this library

 -- Matthias Urlichs <smurf@debian.org>  Thu, 21 Jul 2005 13:19:25 +0200

gnutls12 (1.2.5-2) unstable; urgency=medium

  * Did not depend on libgnutls12 -- not picked up by dh_shlibdeps.
    Added an explicit dependency as a stopgap fix.

 -- Matthias Urlichs <smurf@debian.org>  Thu, 21 Jul 2005 08:27:22 +0200

gnutls12 (1.2.5-1) unstable; urgency=low

  * Merged with the latest stable release.
  * Renamed to gnutls12.
    - Changed the library version strings to GNUTLS_1_2.
    - Renamed the development package back to "libgnutls-dev".

 -- Matthias Urlichs <smurf@debian.org>  Tue,  5 Jul 2005 10:35:56 +0200

gnutls11 (1.0.19-1) experimental; urgency=low

  * Merged with the latest stable release.

 -- Matthias Urlichs <smurf@debian.org>  Sun, 26 Dec 2004 13:28:45 +0100

gnutls11 (1.0.16-13) unstable; urgency=high

  * Fixed an ASN.1 extraction error.
    Found by Pelle Johansson <morth@morth.org>.

 -- Matthias Urlichs <smurf@debian.org>  Mon, 29 Nov 2004 10:16:21 +0100

gnutls11 (1.0.16-12) unstable; urgency=high

  * Fixed a segfault in certtool. Closes: #278361.

 -- Matthias Urlichs <smurf@debian.org>  Thu, 11 Nov 2004 09:40:02 +0100

gnutls11 (1.0.16-11) unstable; urgency=medium

  * Merged binary (non-UF8) string printing code from Upstream.
  * Password code in certtool was somewhat broken.

 -- Matthias Urlichs <smurf@debian.org>  Sat,  6 Nov 2004 13:11:03 +0100

gnutls11 (1.0.16-10) unstable; urgency=high

  * Fixed one instance of uninitialized memory usage.

 -- Matthias Urlichs <smurf@debian.org>  Thu, 21 Oct 2004 06:07:53 +0200

gnutls11 (1.0.16-9) unstable; urgency=high

  * Pulled from Upstream CVS:
    - Fix two memory leaks.
    - Fix NULL dereference.

 -- Matthias Urlichs <smurf@debian.org>  Fri,  8 Oct 2004 10:43:20 +0200

gnutls11 (1.0.16-8) unstable; urgency=high

  * Pulled these changes from Upstream CVS:
    - Added default limits in the verification of certificate chains,
      to avoid denial of service attacks.
    - Added gnutls_certificate_set_verify_limits() to override them.
    - Added gnutls_certificate_verify_peers2().

 -- Matthias Urlichs <smurf@debian.org>  Sun, 12 Sep 2004 02:05:25 +0200

gnutls11 (1.0.16-7) unstable; urgency=low

  * Removed superfluous -lFOO entries from libgnutls{,-extra}-config output.
    Thanks to joeyh@debian.org for reporting this problem.

 -- Matthias Urlichs <smurf@debian.org>  Sat, 14 Aug 2004 11:22:51 +0200

gnutls11 (1.0.16-6) unstable; urgency=medium

  * Memory leak, found by Modestas Vainius <geromanas@mailas.com>.
    - Closes: #264420

 -- Matthias Urlichs <smurf@debian.org>  Sun,  8 Aug 2004 22:21:01 +0200

gnutls11 (1.0.16-5) unstable; urgency=low

  * Depend on current libtasn1-2 (>= 0.2.10).
    - Closes: #264198.
  * Fixed maintainer email to point to Debian address.

 -- Matthias Urlichs <smurf@debian.org>  Sat,  7 Aug 2004 19:44:38 +0200

gnutls11 (1.0.16-4) unstable; urgency=low

  * The OpenSSL compatibility library has been linked incorrectly
    (-ltasn1 was missing).
  * Need to build-depend on current opencdk8 and libtasn1-2 version.

 -- Matthias Urlichs <smurf@debian.org>  Sat,  7 Aug 2004 19:29:32 +0200

gnutls11 (1.0.16-3) unstable; urgency=high

  * Documentation no longer includes LaTeX-produced output
    (the source contains latex2html-specific features, which is non-free).
  * Urgency: High because of pending base freeze.

 -- Matthias Urlichs <smurf@debian.org>  Mon, 26 Jul 2004 11:18:20 +0200

gnutls11 (1.0.16-2) unstable; urgency=high

  * Actually *enable* debug symbols :-/
  * Urgency: High for speedy inclusion in d-i

 -- Matthias Urlichs <smurf@debian.org>  Fri, 23 Jul 2004 22:38:07 +0200

gnutls11 (1.0.16-1) experimental; urgency=low

  * Update to latest Upstream version.
  * now depends on libgcrypt11
  * Include debugging package
  * Use hevea, not latex2html.

 -- Matthias Urlichs <smurf@debian.org>  Wed, 21 Jul 2004 16:58:26 +0200

gnutls10 (1.0.4-4) unstable; urgency=low

  * New maintainer.
  * Run autotools at source package build time.
    - Closes: #257237: FTBFS (i386/sid): aclocal failed
  * Remove "package is still changed upstream" warning.
  * Build-Depend on debhelper 4.1 (cdbs), versioned libgcrypt7.

 -- Matthias Urlichs <smurf@debian.org>  Fri, 16 Jul 2004 02:09:36 +0200

gnutls10 (1.0.4-3) unstable; urgency=low

  * control: Changed the build dependency and the dependency of
    libgnutls10-dev to be versioned on libopencdk8-dev >= 0.5.3;
    libopencdk8-dev 0.5.1 had an invalid dependency on libgcrypt-dev which
    could cause linking against two versions of libgcrypt.

 -- Ivo Timmermans <ivo@debian.org>  Sat, 24 Jan 2004 15:32:22 +0100

gnutls10 (1.0.4-2) unstable; urgency=low

  * libgnutls-doc.doc-base: Removed HTML manual listing.
  * control: Removed Jordi Mallach from the list of Uploaders.  Thanks,
    Jordi :)

 -- Ivo Timmermans <ivo@debian.org>  Wed, 14 Jan 2004 13:35:42 +0100

gnutls10 (1.0.4-1) unstable; urgency=low

  * New upstream release  (Closes: #227527)
      * The new documentation in libgnutls-doc fixes several typo's and
        style glitches:  
        Closes: #215772: inconsistent auth method list in manual
        Closes: #215775: dangling footnote on page 14 of manual
        Closes: #215777: bad sentence on page 18 of manual
        Closes: #215780: incorrect info about ldaps/imaps in manual
  * rules:
      * Use --add-missing instead of --force in the call to automake.
      * Don't build gnutls.ps, use the upstream version.
        (Closes: #224846)
  * gnutls-bin.manpages: Use glob to find manpages.
  * patches/008_manpages.diff: Removed; included upstream.

 -- Ivo Timmermans <ivo@debian.org>  Tue, 13 Jan 2004 23:57:16 +0100

gnutls10 (1.0.0-1) unstable; urgency=low

  * New upstream release.
  * Major soversion changed to 10.
  * control: Changed build dependencies of libtasn1-dev.
  * libgnutls10.shlibs: Added libgnutls-openssl to the list.

 -- Ivo Timmermans <ivo@debian.org>  Mon, 29 Dec 2003 23:23:08 +0100

gnutls8 (0.9.99-1) experimental; urgency=low

  * New upstream release.
  * Included upstream GPG signature in .orig.tar.gz.

 -- Ivo Timmermans <ivo@debian.org>  Wed,  3 Dec 2003 22:33:52 +0100

gnutls8 (0.9.98-1) experimental; urgency=low

  * New upstream release.
  * debian/control: libgnutls8-dev depends on libopencdk8-dev.
  * debian/libgnutls-doc.examples: Install src/*.[ch].

 -- Ivo Timmermans <ivo@debian.org>  Sun, 23 Nov 2003 15:44:38 +0100

gnutls8 (0.9.95-1) experimental; urgency=low

  * New upstream version.

 -- Ivo Timmermans <ivo@debian.org>  Fri,  7 Nov 2003 19:50:22 +0100

gnutls8 (0.9.94-1) experimental; urgency=low

  * New upstream version; package based on gnutls7 0.8.12-2.
  * debian/control:
      * Build-depend on libgcrypt7-dev (>= 1.1.44-0).
  * debian/rules: Run auto* after the patches have been applied.

 -- Ivo Timmermans <ivo@debian.org>  Fri, 31 Oct 2003 18:47:09 +0100