On 2014-05-26 Julien Cristau <jcris...@debian.org> wrote:
> On Mon, May 26, 2014 at 20:29:18 +0200, Andreas Metzler wrote:
>> So now we need a libgnutls28 -> libgnutls-deb0-28 transition as a
>> first step. - How should I go about this, should a open a separate new
>> transition bug report?
> I think we can use this one.
Good morning,
Okay. So I have got gnutls28 (3.2.14-2) ready for upload (except for
dch -r) If you want to take a look at it the package is available on
people.debian.org in ~ametzler/GNUTLS/. (debdiff is also attached).
Could you please give me a heads-up when I may upload to unstable?
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Warning: these package names were in the second list but not in the first:
--------------------------------------------------------------------------
libgnutls-deb0-28
Warning: these package names were in the first list but not in the second:
--------------------------------------------------------------------------
libgnutls28
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files only in first set of .debs, found in package libgnutls-xssl0
------------------------------------------------------------------
lrwxrwxrwx root/root /usr/share/doc/libgnutls-xssl0 -> libgnutls28
Files only in first set of .debs, found in package libgnutls28
--------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/i386-linux-gnu/libgnutls.so.28.30.5
-rw-r--r-- root/root /usr/share/doc/libgnutls28/AUTHORS
-rw-r--r-- root/root /usr/share/doc/libgnutls28/NEWS.Debian.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls28/NEWS.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls28/README.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls28/THANKS.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls28/changelog.Debian.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls28/changelog.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls28/copyright
-rw-r--r-- root/root /usr/share/locale/cs/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/de/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/en@boldquot/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/en@quot/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/eo/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/fi/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/fr/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/it/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/ms/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/nl/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/pl/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/sv/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/uk/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/vi/LC_MESSAGES/gnutls28.mo
-rw-r--r-- root/root /usr/share/locale/zh_CN/LC_MESSAGES/gnutls28.mo
lrwxrwxrwx root/root /usr/lib/i386-linux-gnu/libgnutls.so.28 -> libgnutls.so.28.30.5
Files only in first set of .debs, found in package libgnutls28-dbg
------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/07/de1cc0c9079a51a3743463d9fccedc59bf98ba.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/0c/6011ad2a436bd7546a45525e6a4fc98a51f1d0.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/1c/13e071b79cb81d3a4f404602383448753f90d4.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/45/c50555b20b48657b0ae864537ecd953bfd3580.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/59/d443d1c09b70b0d4c7251c9c7141c0b1be2cfa.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/8b/25569aec6f31f9d4bd75431c2bc43ceb8cc891.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/90/672981f4ee0a7ebfcaa484641fa453ccb8ffd4.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/97/34be2ed4374e9945566a5366b807c28fd637b1.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/9d/8bd68888a9ecfe0792a140dc07918010150c9c.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/ba/7a91c27bc2c539eeb677d9b55e6ee561507328.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/cb/b7282a1d5a87f39dd521dae7e92b10a89918c9.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/db/9f3cee135d6fe3bc6811f79fcf4449912f0fdb.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/de/518716f12c6bc90bca89f9cb1f60e400ab0af3.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/e0/5c25777abf863448452bfc745342f62b8ec2cf.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/f7/baa2eae51b3d49d64792bfd65f8d51b418dccc.debug
Files only in first set of .debs, found in package libgnutls28-dev
------------------------------------------------------------------
lrwxrwxrwx root/root /usr/lib/i386-linux-gnu/libgnutls.so -> libgnutls.so.28.30.5
Files only in first set of .debs, found in package libgnutlsxx28
----------------------------------------------------------------
lrwxrwxrwx root/root /usr/share/doc/libgnutlsxx28 -> libgnutls28
New files in second set of .debs, found in package libgnutls-deb0-28
--------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/i386-linux-gnu/libgnutls-deb0.so.28.30.5
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/AUTHORS
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/NEWS.Debian.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/NEWS.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/README.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/THANKS.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/changelog.Debian.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/changelog.gz
-rw-r--r-- root/root /usr/share/doc/libgnutls-deb0-28/copyright
-rw-r--r-- root/root /usr/share/locale/cs/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/de/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/en@boldquot/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/en@quot/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/eo/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/fi/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/fr/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/it/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/ms/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/nl/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/pl/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/sv/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/uk/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/vi/LC_MESSAGES/gnutls-deb0-28.mo
-rw-r--r-- root/root /usr/share/locale/zh_CN/LC_MESSAGES/gnutls-deb0-28.mo
lrwxrwxrwx root/root /usr/lib/i386-linux-gnu/libgnutls-deb0.so.28 -> libgnutls-deb0.so.28.30.5
New files in second set of .debs, found in package libgnutls-xssl0
------------------------------------------------------------------
lrwxrwxrwx root/root /usr/share/doc/libgnutls-xssl0 -> libgnutls-deb0-28
New files in second set of .debs, found in package libgnutls28-dbg
------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/19/76b3c89d9479f14fda709e2f6f3290c6342851.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/31/73c69a0b67cc62a905ebdb243def054f6223b0.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/33/ceae9af2b94bb3d26bc2f2c50f755b73e446cb.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/36/fa17ee5f2071c5a1f0e014f6df8cacd0ab43ce.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/3d/bc2d546bbc71a72713621ad2bd3d1377a2903c.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/57/e49338b80786c0ec9ee2dcb664f89475907eeb.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/58/784c49e0d6956aa131af5810580c3868da7797.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/5d/029d9ab6122c701f01c532cbed4712e8eaa9c0.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/60/bf4cffbf9d79713c88d47ff33dd038e1528429.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/af/f27dbf418dfdab7a35ec593a80afd822e6c2d8.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bd/679b7a1a9003eb2482f4b7fde70b442fe80ac7.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/bf/4f0836a9c137026aaf8646ebc4fc69e8e4d796.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/c0/9eebee05f76c7afce39da84dba860e733ba168.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/d0/3daa2f1bad5a9614a9e952731c15d80e6cbb45.debug
-rw-r--r-- root/root /usr/lib/debug/.build-id/ec/b5ed57be3333d50eb7be65e35ca36c2cd3ac12.debug
New files in second set of .debs, found in package libgnutls28-dev
------------------------------------------------------------------
lrwxrwxrwx root/root /usr/lib/i386-linux-gnu/libgnutls.so -> libgnutls-deb0.so.28.30.5
New files in second set of .debs, found in package libgnutlsxx28
----------------------------------------------------------------
lrwxrwxrwx root/root /usr/share/doc/libgnutlsxx28 -> libgnutls-deb0-28
Files moved or copied from at least TWO packages or to at least TWO packages
----------------------------------------------------------------------------
-rw-r--r-- root/root DEBIAN/control
>From packages: libgnutls28-dev, libgnutls28, libgnutls28-dbg, gnutls-bin, gnutls-doc, guile-gnutls, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
To packages: libgnutls28-dev, libgnutls-deb0-28, libgnutls28-dbg, gnutls-bin, gnutls-doc, guile-gnutls, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
-rw-r--r-- root/root DEBIAN/md5sums
>From packages: libgnutls28-dev, libgnutls28, libgnutls28-dbg, gnutls-bin, gnutls-doc, guile-gnutls, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
To packages: libgnutls28-dev, libgnutls-deb0-28, libgnutls28-dbg, gnutls-bin, gnutls-doc, guile-gnutls, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
-rw-r--r-- root/root DEBIAN/shlibs
>From packages: libgnutls28, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
To packages: libgnutls-deb0-28, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
-rwxr-xr-x root/root DEBIAN/postinst
>From packages: libgnutls28, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
To packages: libgnutls-deb0-28, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
-rwxr-xr-x root/root DEBIAN/postrm
>From packages: libgnutls28, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
To packages: libgnutls-deb0-28, libgnutlsxx28, libgnutls-xssl0, libgnutls-openssl27
Control files of package gnutls-bin: lines which differ (wdiff format)
----------------------------------------------------------------------
Depends: libc6 (>= 2.17), libgmp10 (>= 2:6), [-libgnutls28-] {+libgnutls-deb0-28+} (>= 3.2.10-0), libhogweed2, libidn11 (>= 1.13), libnettle4, libopts25 (>= 1:5.18), libp11-kit0 (>= 0.20), libtasn1-6 (>= 3.4-0), zlib1g (>= 1:1.1.4)
Installed-Size: [-843-] {+844+}
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package gnutls-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-7253-] {+7252+}
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package guile-gnutls: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: guile-2.0-libs, libc6 (>= 2.4), libgc1c2 (>= 1:7.2d), [-libgnutls28-] {+libgnutls-deb0-28+} (>= 3.2.10-0), guile-2.0
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package libgnutls-openssl27: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: [-libgnutls28-] {+libgnutls-deb0-28+} (= [-3.2.14-1),-] {+3.2.14-2),+} libc6 (>= 2.4)
Installed-Size: [-219-] {+220+}
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package libgnutls-xssl0: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: [-libgnutls28-] {+libgnutls-deb0-28+} (= [-3.2.14-1),-] {+3.2.14-2),+} libc6 (>= 2.8)
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package libgnutls28-dbg: lines which differ (wdiff format)
---------------------------------------------------------------------------
[-Conflicts: libgnutls13-dbg, libgnutls26-dbg-]
Depends: [-libgnutls28-] {+libgnutls-deb0-28+} (= [-3.2.14-1)-] {+3.2.14-2)+}
Installed-Size: [-2583-] {+2597+}
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package libgnutls28-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: [-libgnutls28-] {+libgnutls-deb0-28+} (= [-3.2.14-1),-] {+3.2.14-2),+} libgnutlsxx28 (= [-3.2.14-1),-] {+3.2.14-2),+} libgnutls-xssl0 (= [-3.2.14-1),-] {+3.2.14-2),+} nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev (>= 3.1), libp11-kit-dev (>= 0.20), libgnutls-openssl27 (= [-3.2.14-1)-] {+3.2.14-2)+}
Version: [-3.2.14-1-] {+3.2.14-2+}
Control files of package libgnutlsxx28: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: [-libgnutls28-] {+libgnutls-deb0-28+} (= [-3.2.14-1),-] {+3.2.14-2),+} libc6 (>= 2.1.3), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1)
Installed-Size: [-87-] {+91+}
Version: [-3.2.14-1-] {+3.2.14-2+}
diff -Nru gnutls28-3.2.14/debian/changelog gnutls28-3.2.14/debian/changelog
--- gnutls28-3.2.14/debian/changelog 2014-05-07 19:30:44.000000000 +0200
+++ gnutls28-3.2.14/debian/changelog 2014-05-27 19:57:31.000000000 +0200
@@ -1,3 +1,22 @@
+gnutls28 (3.2.14-2) UNRELEASED; urgency=high
+
+ * Fix crashes due to symbol clashes when a binary ends up being linked
+ against GnuTLS v2 and v3 by bumping library symbol-versioning (and
+ therefore also the soname) in a Debian specific way, to make sure there is
+ no conflict with future:
+ + 20_debian_specific_soname.diff
+ - Symbol versions: GNUTLS_* -> GNUTLS_DEBIAN_0_*
+ - Add "-release deb0" to libtool link command.
+ + Rename libgnutls28 to libgnutls-deb0-28, matching the new soname.
+ + Change 14_version_gettextcat.diff, too.
+ Closes: #74874
+ * Drop libgnutls28-dbg Conflicts with libgnutls13-dbg, libgnutls26-dbg.
+ These have been unnecessary since we started using dh compat v9, where
+ debugging symbols are installed to /usr/lib/debug/.build-id.
+ * debian/copyright: Add info about GPLv2 compatibility.
+
+ -- Andreas Metzler <ametz...@debian.org> Sat, 24 May 2014 14:04:11 +0200
+
gnutls28 (3.2.14-1) unstable; urgency=medium
* Do not build-depend on guile-2.0 on m68k. Closes: #745461
diff -Nru gnutls28-3.2.14/debian/control gnutls28-3.2.14/debian/control
--- gnutls28-3.2.14/debian/control 2014-05-07 19:28:01.000000000 +0200
+++ gnutls28-3.2.14/debian/control 2014-05-27 19:28:24.000000000 +0200
@@ -25,7 +25,7 @@
Section: libdevel
Architecture: any
Provides: gnutls-dev, libgnutls-openssl-dev
-Depends: libgnutls28 (= ${binary:Version}),
+Depends: libgnutls-deb0-28 (= ${binary:Version}),
libgnutlsxx28 (= ${binary:Version}), libgnutls-xssl0 (= ${binary:Version}),
nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev,
libtasn1-6-dev (>= 3.1), libp11-kit-dev (>= 0.20), ${misc:Depends},
@@ -53,7 +53,7 @@
.
This package contains the GnuTLS development files.
-Package: libgnutls28
+Package: libgnutls-deb0-28
Priority: standard
Architecture: any
# GMP >= 6 is dual-licensed GPLv2+/LGPLv2.1+. Be nice to rdeps and
@@ -87,8 +87,7 @@
Priority: extra
Architecture: any
Section: debug
-Depends: libgnutls28 (= ${binary:Version}), ${misc:Depends}
-Conflicts: libgnutls13-dbg, libgnutls26-dbg
+Depends: libgnutls-deb0-28 (= ${binary:Version}), ${misc:Depends}
Multi-Arch: same
Description: GNU TLS library - debugger symbols
GnuTLS is a portable library which implements the Transport Layer
@@ -174,7 +173,7 @@
Package: libgnutlsxx28
Priority: extra
Architecture: any
-Depends: libgnutls28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: libgnutls-deb0-28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
Pre-Depends: ${misc:Pre-Depends}
Multi-Arch: same
Description: GNU TLS library - C++ runtime library
@@ -199,7 +198,7 @@
Package: libgnutls-xssl0
Priority: extra
Architecture: any
-Depends: libgnutls28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: libgnutls-deb0-28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
Pre-Depends: ${misc:Pre-Depends}
Multi-Arch: same
Description: GNU TLS library - XSSL API runtime library
@@ -213,7 +212,7 @@
Package: libgnutls-openssl27
Priority: standard
Architecture: any
-Depends: libgnutls28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: libgnutls-deb0-28 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
Pre-Depends: ${misc:Pre-Depends}
Multi-Arch: same
Description: GNU TLS library - OpenSSL wrapper
diff -Nru gnutls28-3.2.14/debian/copyright gnutls28-3.2.14/debian/copyright
--- gnutls28-3.2.14/debian/copyright 2014-04-26 13:17:14.000000000 +0200
+++ gnutls28-3.2.14/debian/copyright 2014-05-27 19:30:20.000000000 +0200
@@ -98,9 +98,9 @@
i.e. LGPLv2.1+ for the main library and GPLv3+ for Gnutls extra.
However to be able to use and link against libgnutls a program needs to be
-available under a license compatible with LGPLv3+ since GnuTLS
-requires nettle which requires GMP. GMP was re-licensed to LGPLv3+ a couple
-of years ago.
+available under a license compatible with LGPLv3+ or GPLv2.1+ since GnuTLS
+requires nettle which requires GMP. GMP (>= 6.0.0) is dual licensed
+LGPLv3+ or GPLv2.1+.
Copyright:
--------------------
diff -Nru gnutls28-3.2.14/debian/libgnutls28.docs gnutls28-3.2.14/debian/libgnutls28.docs
--- gnutls28-3.2.14/debian/libgnutls28.docs 2013-12-01 18:51:19.000000000 +0100
+++ gnutls28-3.2.14/debian/libgnutls28.docs 1970-01-01 01:00:00.000000000 +0100
@@ -1,4 +0,0 @@
-AUTHORS
-NEWS
-README
-THANKS
diff -Nru gnutls28-3.2.14/debian/libgnutls28.install gnutls28-3.2.14/debian/libgnutls28.install
--- gnutls28-3.2.14/debian/libgnutls28.install 2013-12-01 18:51:19.000000000 +0100
+++ gnutls28-3.2.14/debian/libgnutls28.install 1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-debian/tmp/usr/lib/*/libgnutls.so.*
-debian/tmp/usr/share/locale/*
diff -Nru gnutls28-3.2.14/debian/libgnutls28.NEWS gnutls28-3.2.14/debian/libgnutls28.NEWS
--- gnutls28-3.2.14/debian/libgnutls28.NEWS 2013-12-01 18:51:19.000000000 +0100
+++ gnutls28-3.2.14/debian/libgnutls28.NEWS 1970-01-01 01:00:00.000000000 +0100
@@ -1,55 +0,0 @@
-gnutls28 (3.0.0-1) experimental; urgency=low
-
- GnuTLS is now using nettle instead of libgcrypt as crypto backend.
-
- Related to this change (nettle uses LGPLv3+ licensed GMP) the licensing has
- change. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. GnuTLS can therefore not
- be used by projects using GPLv2 without the "or later" clause.
-
- -- Andreas Metzler <ametz...@downhill.g.la> Sun, 14 Aug 2011 14:27:12 +0200
-
-gnutls26 (2.6.6-1) unstable; urgency=high
-
- libgnutls: Check expiration/activation time on untrusted certificates.
- Before the library did not check activation/expiration times on
- certificates, and was documented as not doing so. We have realized that
- many applications that use libgnutls, including gnutls-cli, fail to
- perform proper checks. Implementing similar logic in all applications
- leads to code duplication. Hence, we decided to check whether the
- current time (as reported by the time function) is within the
- activation/expiration period of certificates when verifying untrusted
- certificates.
-
- This changes the semantics of gnutls_x509_crt_list_verify, which in
- turn is used by gnutls_certificate_verify_peers and
- gnutls_certificate_verify_peers2. We add two new
- gnutls_certificate_status_t codes for reporting the new error
- condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
- add a new gnutls_certificate_verify_flags flag,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
- behaviour.
- GNUTLS-SA-2009-3 CVE-2009-1417
- http://www.gnu.org/software/gnutls/security.html
-
- -- Andreas Metzler <ametz...@debian.org> Thu, 30 Apr 2009 19:00:21 +0200
-
-gnutls26 (2.4.2-5) unstable; urgency=medium
-
- * The gnutls certificate verification code has been changed to stop
- trusting some weak algoritms. Verifying untrusted X.509 certificates
- signed with RSA-MD2 or RSA-MD5 will now fail with a
- GNUTLS_CERT_INSECURE_ALGORITHM verification output.
-
- See <http://www.win.tue.nl/hashclash/rogue-ca/>,
- <http://bugs.debian.org/514578> and
- <http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures>
-
- "certtool -i < signature.pem" will inform about the algoritm used for
- signing (Search for "Signature Algorithm" in its output.). The proper
- fix is to re-issue the certificates with a more secure algoritm. As a
- hotfix the respective certicate itself can be added to the list of
- trusted certificates. Obviously this should only be done after
- verifying the certificate by different means than relying on the weak
- signature.
-
- -- Andreas Metzler <ametz...@debian.org> Sat, 07 Feb 2009 12:58:51 +0100
diff -Nru gnutls28-3.2.14/debian/libgnutls-deb0-28.docs gnutls28-3.2.14/debian/libgnutls-deb0-28.docs
--- gnutls28-3.2.14/debian/libgnutls-deb0-28.docs 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.2.14/debian/libgnutls-deb0-28.docs 2014-05-27 19:11:30.000000000 +0200
@@ -0,0 +1,4 @@
+AUTHORS
+NEWS
+README
+THANKS
diff -Nru gnutls28-3.2.14/debian/libgnutls-deb0-28.install gnutls28-3.2.14/debian/libgnutls-deb0-28.install
--- gnutls28-3.2.14/debian/libgnutls-deb0-28.install 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.2.14/debian/libgnutls-deb0-28.install 2014-05-27 19:11:30.000000000 +0200
@@ -0,0 +1,2 @@
+debian/tmp/usr/lib/*/libgnutls-deb0.so.*
+debian/tmp/usr/share/locale/*
diff -Nru gnutls28-3.2.14/debian/libgnutls-deb0-28.NEWS gnutls28-3.2.14/debian/libgnutls-deb0-28.NEWS
--- gnutls28-3.2.14/debian/libgnutls-deb0-28.NEWS 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.2.14/debian/libgnutls-deb0-28.NEWS 2014-05-27 19:11:30.000000000 +0200
@@ -0,0 +1,55 @@
+gnutls28 (3.0.0-1) experimental; urgency=low
+
+ GnuTLS is now using nettle instead of libgcrypt as crypto backend.
+
+ Related to this change (nettle uses LGPLv3+ licensed GMP) the licensing has
+ change. GnuTLS is LGPLv3+ now, GnuTLS-EXTRA GPLv3+. GnuTLS can therefore not
+ be used by projects using GPLv2 without the "or later" clause.
+
+ -- Andreas Metzler <ametz...@downhill.g.la> Sun, 14 Aug 2011 14:27:12 +0200
+
+gnutls26 (2.6.6-1) unstable; urgency=high
+
+ libgnutls: Check expiration/activation time on untrusted certificates.
+ Before the library did not check activation/expiration times on
+ certificates, and was documented as not doing so. We have realized that
+ many applications that use libgnutls, including gnutls-cli, fail to
+ perform proper checks. Implementing similar logic in all applications
+ leads to code duplication. Hence, we decided to check whether the
+ current time (as reported by the time function) is within the
+ activation/expiration period of certificates when verifying untrusted
+ certificates.
+
+ This changes the semantics of gnutls_x509_crt_list_verify, which in
+ turn is used by gnutls_certificate_verify_peers and
+ gnutls_certificate_verify_peers2. We add two new
+ gnutls_certificate_status_t codes for reporting the new error
+ condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
+ add a new gnutls_certificate_verify_flags flag,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
+ behaviour.
+ GNUTLS-SA-2009-3 CVE-2009-1417
+ http://www.gnu.org/software/gnutls/security.html
+
+ -- Andreas Metzler <ametz...@debian.org> Thu, 30 Apr 2009 19:00:21 +0200
+
+gnutls26 (2.4.2-5) unstable; urgency=medium
+
+ * The gnutls certificate verification code has been changed to stop
+ trusting some weak algoritms. Verifying untrusted X.509 certificates
+ signed with RSA-MD2 or RSA-MD5 will now fail with a
+ GNUTLS_CERT_INSECURE_ALGORITHM verification output.
+
+ See <http://www.win.tue.nl/hashclash/rogue-ca/>,
+ <http://bugs.debian.org/514578> and
+ <http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures>
+
+ "certtool -i < signature.pem" will inform about the algoritm used for
+ signing (Search for "Signature Algorithm" in its output.). The proper
+ fix is to re-issue the certificates with a more secure algoritm. As a
+ hotfix the respective certicate itself can be added to the list of
+ trusted certificates. Obviously this should only be done after
+ verifying the certificate by different means than relying on the weak
+ signature.
+
+ -- Andreas Metzler <ametz...@debian.org> Sat, 07 Feb 2009 12:58:51 +0100
diff -Nru gnutls28-3.2.14/debian/patches/14_version_gettextcat.diff gnutls28-3.2.14/debian/patches/14_version_gettextcat.diff
--- gnutls28-3.2.14/debian/patches/14_version_gettextcat.diff 2013-12-01 18:51:19.000000000 +0100
+++ gnutls28-3.2.14/debian/patches/14_version_gettextcat.diff 2014-05-27 19:27:18.000000000 +0200
@@ -2,16 +2,16 @@
gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
co-installable.
Author: Andreas Metzler <ametz...@debian.org>
+Last-Update: 2014-05-24
-diff -NurBbp a/po/Makevars b/po/Makevars
---- a/po/Makevars 2011-04-08 12:43:00.000000000 +0200
-+++ b/po/Makevars 2011-08-07 19:42:39.000000000 +0200
+--- gnutls28-3.3.2.orig/po/Makevars
++++ gnutls28-3.3.2/po/Makevars
@@ -1,7 +1,7 @@
# Makefile variables for PO directory in any package using GNU gettext.
# Usually the message domain is the same as the package name.
-DOMAIN = $(PACKAGE)
-+DOMAIN = $(PACKAGE)28
++DOMAIN = $(PACKAGE)-deb0-28
# These two variables depend on the location of this directory.
subdir = po
diff -Nru gnutls28-3.2.14/debian/patches/20_debian_specific_soname.diff gnutls28-3.2.14/debian/patches/20_debian_specific_soname.diff
--- gnutls28-3.2.14/debian/patches/20_debian_specific_soname.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.2.14/debian/patches/20_debian_specific_soname.diff 2014-05-27 19:17:46.000000000 +0200
@@ -0,0 +1,102 @@
+Description: Bump soname and symbol-versioning.
+ Fix the symbol versioning to use a different version than in gnutls26,
+ since this breaks the ABI also bump the soname.
+ Use a Debian specific soname and symbol-versioning tag, to make sure
+ that there is no conflict with future upstream versions.
+Author: Andreas Metzler <ametz...@debian.org>
+Bug-Debian: http://bugs.debian.org/7748742
+Origin: vendor
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Last-Update: <YYYY-MM-DD>
+
+
+--- gnutls28-3.2.14.orig/lib/Makefile.am
++++ gnutls28-3.2.14/lib/Makefile.am
+@@ -115,6 +115,7 @@ libgnutls_la_SOURCES = $(HFILES) $(COBJE
+ gnutls.asn pkix.asn libgnutls.map
+
+ libgnutls_la_LDFLAGS = -no-undefined \
++ -release deb0 \
+ -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+ libgnutls_la_LIBADD = ../gl/libgnu.la x509/libgnutls_x509.la \
+--- gnutls28-3.2.14.orig/lib/libgnutls.map
++++ gnutls28-3.2.14/lib/libgnutls.map
+@@ -18,7 +18,7 @@
+ # You should have received a copy of the GNU Lesser General Public License
+ # along with this program. If not, see <http://www.gnu.org/licenses/>
+
+-GNUTLS_1_4
++GNUTLS_DEBIAN_0_1_4
+ {
+ global:
+ gnutls_alert_get;
+@@ -502,7 +502,7 @@ GNUTLS_1_4
+ *;
+ };
+
+-GNUTLS_2_8
++GNUTLS_DEBIAN_0_2_8
+ {
+ global:
+ gnutls_certificate_set_x509_simple_pkcs12_mem;
+@@ -536,9 +536,9 @@ GNUTLS_2_8
+ gnutls_session_ticket_key_generate;
+ gnutls_session_ticket_enable_client;
+ gnutls_session_ticket_enable_server;
+-} GNUTLS_1_4;
++} GNUTLS_DEBIAN_0_1_4;
+
+-GNUTLS_2_10
++GNUTLS_DEBIAN_0_2_10
+ {
+ global:
+ gnutls_x509_crt_get_issuer_alt_name2;
+@@ -564,9 +564,9 @@ GNUTLS_2_10
+ gnutls_hmac_output;
+ gnutls_certificate_set_verify_function;
+ gnutls_safe_renegotiation_status;
+-} GNUTLS_2_8;
++} GNUTLS_DEBIAN_0_2_8;
+
+-GNUTLS_2_12
++GNUTLS_DEBIAN_0_2_12
+ {
+ global:
+ gnutls_certificate_set_retrieve_function;
+@@ -654,9 +654,9 @@ GNUTLS_2_12
+ gnutls_certificate_get_issuer;
+ gnutls_x509_crq_verify;
+ gnutls_global_set_time_function;
+-} GNUTLS_2_10;
++} GNUTLS_DEBIAN_0_2_10;
+
+-GNUTLS_3_0_0 {
++GNUTLS_DEBIAN_0_3_0_0 {
+ global:
+ gnutls_x509_trust_list_verify_crt;
+ gnutls_x509_trust_list_add_crls;
+@@ -777,9 +777,9 @@ GNUTLS_3_0_0 {
+ gnutls_certificate_set_x509_system_trust;
+ gnutls_session_set_premaster;
+ gnutls_ocsp_resp_check_crt;
+-} GNUTLS_2_12;
++} GNUTLS_DEBIAN_0_2_12;
+
+-GNUTLS_3_1_0 {
++GNUTLS_DEBIAN_0_3_1_0 {
+ global:
+ gnutls_pkcs11_get_pin_function;
+ gnutls_pkcs11_obj_list_import_url2;
+@@ -923,9 +923,9 @@ GNUTLS_3_1_0 {
+ gnutls_certificate_get_crt_raw;
+ gnutls_record_check_corked;
+ gnutls_db_get_default_cache_expiration;
+-} GNUTLS_3_0_0;
++} GNUTLS_DEBIAN_0_3_0_0;
+
+-GNUTLS_PRIVATE {
++GNUTLS_DEBIAN_0_PRIVATE {
+ global:
+ # Internal symbols needed by libgnutls-extra:
+ _gnutls_log_level;
diff -Nru gnutls28-3.2.14/debian/patches/series gnutls28-3.2.14/debian/patches/series
--- gnutls28-3.2.14/debian/patches/series 2014-04-26 13:17:14.000000000 +0200
+++ gnutls28-3.2.14/debian/patches/series 2014-05-27 19:11:30.000000000 +0200
@@ -1 +1,2 @@
14_version_gettextcat.diff
+20_debian_specific_soname.diff
diff -Nru gnutls28-3.2.14/debian/rules gnutls28-3.2.14/debian/rules
--- gnutls28-3.2.14/debian/rules 2014-04-26 13:17:15.000000000 +0200
+++ gnutls28-3.2.14/debian/rules 2014-05-27 19:13:34.000000000 +0200
@@ -29,7 +29,7 @@
override_dh_makeshlibs:
dh_makeshlibs -p libgnutlsxx28 -V 'libgnutlsxx28 (>= 3.2.10-0)'
- dh_makeshlibs -p libgnutls28 -V 'libgnutls28 (>= 3.2.10-0)'
+ dh_makeshlibs -p libgnutls-deb0-28 -V 'libgnutls-deb0-28 (>= 3.2.10-0)'
dh_makeshlibs -p libgnutls-openssl27 -V 'libgnutls-openssl27 (>= 3.0-0)'
dh_makeshlibs --remaining-packages -Xguile/2.0/guile-gnutls-v-2.so
@@ -85,10 +85,10 @@
override_dh_installchangelogs:
dh_installchangelogs
rm -vrf debian/libgnutlsxx28/usr/share/doc/libgnutlsxx28
- dh_link -plibgnutlsxx28 usr/share/doc/libgnutls28 \
+ dh_link -plibgnutlsxx28 usr/share/doc/libgnutls-deb0-28 \
usr/share/doc/libgnutlsxx28
rm -vrf debian/libgnutls-xssl0/usr/share/doc/libgnutls-xssl0
- dh_link -plibgnutls-xssl0 usr/share/doc/libgnutls28 \
+ dh_link -plibgnutls-xssl0 usr/share/doc/libgnutls-deb0-28 \
usr/share/doc/libgnutls-xssl0
override_dh_compress:
