Created by James Westby on 2009-10-30 and last modified on 2009-11-13
Get this branch:
bzr branch lp:ubuntu/lucid/gnutls26
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

20. By Andreas Metzler <email address hidden> on 2009-11-13

Add a huge bunch of lintian overrides for the guile stuff to make dak

19. By Andreas Metzler <email address hidden> on 2009-11-01

[20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

18. By Andreas Metzler <email address hidden> on 2009-09-26

* New upstream version.
  + Drop debian/patches/15_openpgp.diff.
* Sync priorities with override file, libgnutls26 has been bumped from
  important to standard.

17. By Andreas Metzler <email address hidden> on 2009-08-22

[ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
openpgp connections.

16. By Andreas Metzler <email address hidden> on 2009-08-14

* New upstream version.
  + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
    was built against. Closes: #540449
  + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
    certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
* Drop 15_chainverify_expiredcert.diff, included upstream.
* Urgency high, since 541439 applies to testing, too.

15. By Jamie Strandboge on 2009-08-14

* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
  Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
  - debian/patches/16_CVE-2009-2730.diff: verify length of CN and SAN
    are what we expect and error out if either contains an embedded \0
  - CVE-2009-2730

14. By Andreas Metzler <email address hidden> on 2009-04-30

* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
  way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
  + libgnutls: Corrected double free on signature verification failure.
    GNUTLS-SA-2009-1 CVE-2009-1415
  + libgnutls: Fix DSA key generation. Noticed when investigating the
    previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
    2.6.x are corrupt. See the advisory for more details.
    GNUTLS-SA-2009-2 CVE-2009-1416
  + libgnutls: Check expiration/activation time on untrusted certificates.
    Before the library did not check activation/expiration times on
    certificates, and was documented as not doing so.
    GNUTLS-SA-2009-3 CVE-2009-1417
 * The former two issues only apply to gnutls 2.6.x. The latter is a
   brehavior change, add a NEWS.Debian file to document it.

13. By Andreas Metzler <email address hidden> on 2009-04-14

* Sync sections in debian/control with override file. libgnutls26-dbg is
  section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required.

12. By Andreas Metzler <email address hidden> on 2009-02-07

* New patches, syncing with 2.4.3 upstream oldstable release:
  + 24_intermedcertificate.patch If a non-root certificate ist trusted
    gnutls certificateificate verification stops there instead of checking
    up to the root of the certificate chain.
  + 22_whitespace.patch - Whitespace only changes, to make it possible to
    apply upstream fixes without manual changes.
  + 25_bufferoverrun.patch. Fix buffer overrun bug in

11. By Andreas Metzler <email address hidden> on 2009-01-31

* Pull two patches from upstream stable branch to make gnutls behavior
  match documentation:
 + patch 23_permit_v1_CA.diff:Accept v1 x509 CA
   certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
   GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Closes: #509593
 + 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
   certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
   GNUTLS_CERT_INSECURE_ALGORITHM verification output.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.