Several bugfixes have been pulled from Upstream. Please apply.
gnutls11: 1.0.16-7 ==> 1.0.16-9:
+ - Fixed memory leaks.
+ - Fixed a NULL dereference.
+ - Added default limits in the verification of certificate chains,
+ to avoid denial of service attacks.
+ - Added gnutls_certificate_set_verify_limits() to override them.
+ - Added gnutls_certificate_verify_peers2().
- Added an error code to report reaching the DoS limit.
- Updated dh_makeshlibs call: depend on >= 1.0.16-8
- Minor documentation fixes
libgcrypt11: 1.2.0-4 ==> 1.2.0-10:
+ - Revert accidental version number change in configure.ac.
(One package [gnunet] actually depended on this and subsequently
became uninstallable in Sarge: fixed in sid.)
+ - Let libgcrypt11-doc conflicts+replaces libgcrypt-doc
+ - build-dep on binutils (>= 2.14.90.0.7)
+ - Include the debugging package.
+ - Revert hppa assembly code to old version;
+ Upstream's new code isn't relocatable on Linux.
+ (This change was included in the manually-built 1.2.0-4 on hppa.)
+ - Merged several Upstream maintainance changes:
- Fixed some memory leaks.
- Fixed some NULL dereferences.
- Removed many no-longer-necessary #include <assert.h>
- updated some returned error codes to bette reflect reality.
- Removed spurious logging.
- Fixed zero-byte avoidance code (cipher/pubkey.c).
- Split initialization to allow usage without randomness pool.
- Mix the pid into he randomness pool to randomize it after forking.
- Minor documentation fixes
- Updated Rijndael code to not depend on GCC.
- Updated Serpent code to not depend on 32-bit architccture.
- Several documentation fixes.
- Try locking the memory pool into core even if !root; it still might work.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de
Attachment:
signature.asc
Description: Digital signature