lp:ubuntu/maverick-updates/gnutls26

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

22. By Tyler Hicks on 2012-04-04

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
    patch.
  - CVE-2012-1573

21. By Andreas Metzler <email address hidden> on 2010-03-20

* Use dh_lintian.
* Use dh_makeshlibs for the guile stuff, too. This gets us
  a) ldconfig in postinst. Closes: #553109
  and
  b) a shlibs file.
  However the shared objects /usr/lib/libguile-gnutls*so* are still not
  designed to be used as libraries (linking) but are dlopened. guile-1.10
  will address this issue by keeping this stuff in a private directory.
* hotfix pkg-config files (proper fix to be included upstream).
* Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff

20. By Andreas Metzler <email address hidden> on 2009-11-13

Add a huge bunch of lintian overrides for the guile stuff to make dak
happy.

19. By Andreas Metzler <email address hidden> on 2009-11-01

[20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

18. By Andreas Metzler <email address hidden> on 2009-09-26

* New upstream version.
  + Drop debian/patches/15_openpgp.diff.
* Sync priorities with override file, libgnutls26 has been bumped from
  important to standard.

17. By Andreas Metzler <email address hidden> on 2009-08-22

[ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
openpgp connections.

16. By Andreas Metzler <email address hidden> on 2009-08-14

* New upstream version.
  + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
    was built against. Closes: #540449
  + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
    certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
    http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
* Drop 15_chainverify_expiredcert.diff, included upstream.
* Urgency high, since 541439 applies to testing, too.

15. By Jamie Strandboge on 2009-08-14

* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
  Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
  - debian/patches/16_CVE-2009-2730.diff: verify length of CN and SAN
    are what we expect and error out if either contains an embedded \0
  - CVE-2009-2730

14. By Andreas Metzler <email address hidden> on 2009-04-30

* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
  way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
  + libgnutls: Corrected double free on signature verification failure.
    GNUTLS-SA-2009-1 CVE-2009-1415
  + libgnutls: Fix DSA key generation. Noticed when investigating the
    previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
    2.6.x are corrupt. See the advisory for more details.
    GNUTLS-SA-2009-2 CVE-2009-1416
  + libgnutls: Check expiration/activation time on untrusted certificates.
    Before the library did not check activation/expiration times on
    certificates, and was documented as not doing so.
    GNUTLS-SA-2009-3 CVE-2009-1417
 * The former two issues only apply to gnutls 2.6.x. The latter is a
   brehavior change, add a NEWS.Debian file to document it.

13. By Andreas Metzler <email address hidden> on 2009-04-14

* Sync sections in debian/control with override file. libgnutls26-dbg is
  section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required.