gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: OCSP validation issue
    - debian/patches/CVE-2016-7444.patch: correctly verify the serial
      length in lib/x509/ocsp.c.
    - CVE-2016-7444
  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
      lib/gnutls_state.c.
    - CVE-2016-8610
  * SECURITY UPDATE: double-free when reading proxy language
    - debian/patches/CVE-2017-5334.patch: fix double-free in
      lib/x509/x509_ext.c.
    - CVE-2017-5334
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337
  * debian/patches/fix_expired_certs.patch: use datefudge to fix test with
    expired certs.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 26 Jan 2017 10:14:03 -0500

gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium

  * SRU: LP: #1592693.
  * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools
    in xenial.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 15 Jun 2016 10:00:17 +0200

gnutls28 (3.4.10-4ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    - Make gnutls28 default.
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.

 -- Matthias Klose <doko@ubuntu.com>  Mon, 21 Mar 2016 14:53:18 +0100

gnutls28 (3.4.10-4) unstable; urgency=medium

  * 43_fix_cpucapoverride.diff by Nikos Mavrogiannopoulos: Fix
    GNUTLS_CPUID_OVERRIDE function, stopping it from enabling SSE3 when it is
    unavailable. Closes: #818341

 -- Andreas Metzler <ametzler@debian.org>  Thu, 17 Mar 2016 19:41:22 +0100

gnutls28 (3.4.10-3) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Mon, 14 Mar 2016 18:29:53 +0100

gnutls28 (3.4.10-2) experimental; urgency=medium

  * Simplify override_dh_auto_test target. (Thanks, Steven Chamberlain)
  * Add debian/patches/42_mini-loss-time-improved-timeout-detection.patch,
    another try for Closes: #813598

 -- Andreas Metzler <ametzler@debian.org>  Mon, 07 Mar 2016 19:22:57 +0100

gnutls28 (3.4.10-1) experimental; urgency=medium

  * Pull 40_src-added-systemkey-args-to-BUILT_SOURCES.patch from upstream GIT
    master to fix FTBFS with parallel builds. Closes: #816148
  * New upstream version.
  * Pull 41_tests-mini-loss-time-ensure-client-timeouts.diff from upstream
    master branch to fix occasional testsuite error. Closes: #813598

 -- Andreas Metzler <ametzler@debian.org>  Sat, 05 Mar 2016 08:45:52 +0100

gnutls28 (3.4.9-2ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    - Make gnutls28 default.
    - debian/patches/disable_global_init_override_test.patch: disable failing
      test.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 20:47:48 +0100

gnutls28 (3.4.9-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <ametzler@debian.org>  Sun, 07 Feb 2016 15:18:46 +0100

gnutls28 (3.4.9-1) experimental; urgency=medium

  * New upstream version.
  * Drop 35_Revert-Fix-out-of-bounds-read-in-gnutls_x509_ext_exp.patch and
    36_Revert-tests-updated-to-account-for-cert-generation.patch.

 -- Andreas Metzler <ametzler@debian.org>  Sat, 06 Feb 2016 15:57:24 +0100

# For older changelog entries, run 'apt-get changelog libgnutls30'