Created by James Westby on 2009-07-08 and last modified on 2012-05-31
Get this branch:
bzr branch lp:ubuntu/hardy-proposed/gnutls13
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

19. By Thorsten Glaser on 2012-05-31

Apply upstream patch to fix validation of certificates when more than
one with the same short hash exists in the CA bundle (LP: #1003841).

18. By Jamie Strandboge on 2009-02-20

* Fix for certificate chain regressions introduced by fixes for
* debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
  2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
  address all known regressions. To summarize from upstream:
  - Fix X.509 certificate chain validation error (CVE-2008-4989)
  - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
  - Deprecate X.509 validation chains using MD5 and MD2 signatures
  - Accept chains where intermediary certs are trusted (LP: #305264)

17. By Kees Cook on 2009-01-13

Bump up maximum handshake packet size. Some clients needs this,
especially when talking to some Intrepid services (LP: #292604).

16. By Jamie Strandboge on 2008-12-05

* Fix for regression where some valid certificate chains would be untrusted
  - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
    is self-signed and prevent verifying self-signed certificates against
    themselves. Patch from upstream.
  - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
  - LP: #305264

15. By Jamie Strandboge on 2008-11-25

* SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
  - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
    if it is self-signed in lib/x509/verify.c
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
  - CVE-2008-4989

14. By Kees Cook on 2008-05-20

* SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
  CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

13. By Steve Langasek on 2008-02-22

* Pulled from upstream, by way of Debian:
  + debian/patches/20_nulltermfix_465197.diff
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    et al. to not null terminate binary strings and return the proper
  + debian/patches/21_nulltermfix_465197_part2.diff
    corrected string handling in parse_general_name.

12. By Martin Pitt on 2007-12-03

* Merge from debian unstable, remaining changes:
  - debian/rules: Use clean-la.mk.

11. By Martin Pitt on 2007-11-06

Use clean-la.mk to remove the dependencies from the .la files.

10. By Andreas Metzler <email address hidden> on 2007-09-29

* New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
  (Closes: #441740)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.