Created by Ubuntu Package Importer on 2012-04-10 and last modified on 2012-04-10
Get this branch:
bzr branch lp:ubuntu/maverick-updates/gnutls26
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

22. By Tyler Hicks on 2012-04-04

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
  - CVE-2012-1573

21. By Andreas Metzler <email address hidden> on 2010-03-20

* Use dh_lintian.
* Use dh_makeshlibs for the guile stuff, too. This gets us
  a) ldconfig in postinst. Closes: #553109
  b) a shlibs file.
  However the shared objects /usr/lib/libguile-gnutls*so* are still not
  designed to be used as libraries (linking) but are dlopened. guile-1.10
  will address this issue by keeping this stuff in a private directory.
* hotfix pkg-config files (proper fix to be included upstream).
* Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff

20. By Andreas Metzler <email address hidden> on 2009-11-13

Add a huge bunch of lintian overrides for the guile stuff to make dak

19. By Andreas Metzler <email address hidden> on 2009-11-01

[20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

18. By Andreas Metzler <email address hidden> on 2009-09-26

* New upstream version.
  + Drop debian/patches/15_openpgp.diff.
* Sync priorities with override file, libgnutls26 has been bumped from
  important to standard.

17. By Andreas Metzler <email address hidden> on 2009-08-22

[ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
openpgp connections.

16. By Andreas Metzler <email address hidden> on 2009-08-14

* New upstream version.
  + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
    was built against. Closes: #540449
  + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
    certificate name fields. Closes: #541439 GNUTLS-SA-2009-4
* Drop 15_chainverify_expiredcert.diff, included upstream.
* Urgency high, since 541439 applies to testing, too.

15. By Jamie Strandboge on 2009-08-14

* SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
  Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
  - debian/patches/16_CVE-2009-2730.diff: verify length of CN and SAN
    are what we expect and error out if either contains an embedded \0
  - CVE-2009-2730

14. By Andreas Metzler <email address hidden> on 2009-04-30

* use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
  way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
* New upstream security release.
  + libgnutls: Corrected double free on signature verification failure.
    GNUTLS-SA-2009-1 CVE-2009-1415
  + libgnutls: Fix DSA key generation. Noticed when investigating the
    previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
    2.6.x are corrupt. See the advisory for more details.
    GNUTLS-SA-2009-2 CVE-2009-1416
  + libgnutls: Check expiration/activation time on untrusted certificates.
    Before the library did not check activation/expiration times on
    certificates, and was documented as not doing so.
    GNUTLS-SA-2009-3 CVE-2009-1417
 * The former two issues only apply to gnutls 2.6.x. The latter is a
   brehavior change, add a NEWS.Debian file to document it.

13. By Andreas Metzler <email address hidden> on 2009-04-14

* Sync sections in debian/control with override file. libgnutls26-dbg is
  section debug, guile-gnutls is section lisp.
* New upstream version. (Needed for Libtasn1-3 2.0)
* New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
* Standards-Version: 3.8.1, no changes required.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.