Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-proposed/gnutls13
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

19. By Thorsten Glaser

Apply upstream patch to fix validation of certificates when more than
one with the same short hash exists in the CA bundle (LP: #1003841).

18. By Jamie Strandboge

* Fix for certificate chain regressions introduced by fixes for
* debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
  2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
  address all known regressions. To summarize from upstream:
  - Fix X.509 certificate chain validation error (CVE-2008-4989)
  - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
  - Deprecate X.509 validation chains using MD5 and MD2 signatures
  - Accept chains where intermediary certs are trusted (LP: #305264)

17. By Kees Cook

Bump up maximum handshake packet size. Some clients needs this,
especially when talking to some Intrepid services (LP: #292604).

16. By Jamie Strandboge

* Fix for regression where some valid certificate chains would be untrusted
  - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
    is self-signed and prevent verifying self-signed certificates against
    themselves. Patch from upstream.
  - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
  - LP: #305264

15. By Jamie Strandboge

* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
  - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
    if it is self-signed in lib/x509/verify.c
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
  - CVE-2008-4989

14. By Kees Cook

* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
  CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

13. By Steve Langasek

* Pulled from upstream, by way of Debian:
  + debian/patches/20_nulltermfix_465197.diff
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    et al. to not null terminate binary strings and return the proper
  + debian/patches/21_nulltermfix_465197_part2.diff
    corrected string handling in parse_general_name.

12. By Martin Pitt

* Merge from debian unstable, remaining changes:
  - debian/rules: Use clean-la.mk.

11. By Martin Pitt

Use clean-la.mk to remove the dependencies from the .la files.

10. By Andreas Metzler <email address hidden>

* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
  (Closes: #441740)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.