Created by James Westby on 2009-07-08 and last modified on 2009-07-08
Get this branch:
bzr branch lp:ubuntu/gutsy-proposed/gnutls13
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

13. By Jamie Strandboge on 2009-02-20

* Fix for certificate chain regressions introduced by fixes for
* debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
  2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
  address all known regressions. To summarize from upstream:
  - Fix X.509 certificate chain validation error (CVE-2008-4989)
  - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
  - Deprecate X.509 validation chains using MD5 and MD2 signatures
  - Accept chains where intermediary certs are trusted (LP: #305264)

12. By Jamie Strandboge on 2008-12-05

* Fix for regression where some valid certificate chains would be untrusted
  - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
    is self-signed and prevent verifying self-signed certificates against
    themselves. Patch from upstream.
  - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
  - LP: #305264

11. By Jamie Strandboge on 2008-11-25

* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
  - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
    if it is self-signed in lib/x509/verify.c
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
  - CVE-2008-4989

10. By Kees Cook on 2008-05-20

* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
  CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

9. By LaMont Jones on 2007-10-02

Trigger rebuild for hppa.

8. By Andreas Metzler <email address hidden> on 2007-05-27

* New upstream version, pulling selected fixes and features from 1.7.x.
* Bump shlibs.

7. By Andreas Metzler <email address hidden> on 2007-05-13

Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)

6. By Andreas Metzler <email address hidden> on 2007-04-21

* New upstream version
  - Really Closes: #403887 libgnutls failes to parse OpenSSL generated
    certificates, since it contains a regenerated pkix_asn1_tab.c.
  - Ship German translation. Closes: #392857

5. By Matthias Klose on 2007-03-05

Rebuild for changes in the amd64 toolchain.

4. By Andreas Metzler <email address hidden> on 2006-11-11

Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
version, try to negotiate the highest version support by the GnuTLS
server, instead of the lowest.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.