lp:ubuntu/trusty-security/gnutls26
- Get this branch:
- bzr branch lp:ubuntu/trusty-security/gnutls26
Branch merges
Branch information
Recent revisions
- 49. By Marc Deslauriers
-
debian/
patches/ compare_ ca_name_ and_key. patch: when comparing a CA
certificate with the trusted list compare the name and key. This will
allow the future removal of 1024-bit RSA keys from the ca-certificates
package. - 48. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
- debian/patches/ CVE-2015- 7575.patch: do not consider any values from
the extension data to decide acceptable algorithms in
lib/ext_signature. c.
- CVE-2015-7575 - 47. By Bryan Quigley
-
* SECURITY UPDATE: Poodle TLS issue
- debian/patches/ fix_tls_ poodle. patch: fixes off by one
issue in padding check.
Patch created by Hanno Boeck (https://hboeck. de/)
(LP: #1510163) - 46. By Marc Deslauriers
-
* SECURITY UPDATE: signature forgery issue
- debian/patches/ CVE-2015- 0282.patch: make sure the signature
algorithms match in lib/gnutls_algorithms. c, lib/gnutls_ algorithms. h,
lib/gnutls_ pubkey. c, lib/gnutls_sig.c, lib/x509/common.h,
lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c,
lib/x509/x509. c, lib/x509/ x509_int. h.
- CVE-2015-0282
* SECURITY UPDATE: certificate algorithm consistency issue
- debian/patches/ CVE-2015- 0294.patch: make sure the two signature
algorithms match on cert import in lib/x509/x509.c.
- CVE-2015-0294 - 45. By Marc Deslauriers
-
* SECURITY UPDATE: memory corruption due to server hello parsing
- debian/patches/ CVE-2014- 3466.patch: validate session_id_len in
lib/gnutls_ handshake. c.
- CVE-2014-3466 - 44. By Marc Deslauriers
-
* SECURITY UPDATE: certificate validation bypass
- debian/patches/ CVE-2014- 0092.patch: correct return codes in
lib/x509/verify. c.
- CVE-2014-0092 - 43. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Build gnutls-bin from this source package rather than from gnutls28:
gnutls28's licensing is currently too strict for many of the free
software packages built against it in Ubuntu main and we only want to
support a single version. Bump its version to achieve this.
- Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is
sufficient for Ubuntu. The former versioning rendered sipsak
uninstallable.
- Link test-lock and test-thread_create with -Wl,--no-as-needed; see
https://lists. gnu.org/ archive/ html/bug- gnulib/ 2013-10/ msg00017. html.
- debian/patches/ 99_update- libtool. patch: Update libtool.m4
- debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. - 42. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect v1 intermediate cert handling
- debian/patches/ CVE-2014- 1959.patch: don't consider a v1 intermediate
cert to be a valid CA by default in lib/x509/verify.c.
- CVE-2014-1959 - 41. By Adam Conrad
-
* 25_updatedgdocf
rommaster. diff - Update gdoc script from gnutls master to
fix spurious build failure with perl 5.18. Closes: #724167
* debian/patches/ 99_update- libtool. patch: Update libtool.m4
* debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind. - 40. By Colin Watson
-
Link test-lock and test-thread_create with -Wl,--no-as-needed; see
https://lists. gnu.org/ archive/ html/bug- gnulib/ 2013-10/ msg00017. html.
Based on a similar change by Matthias Klose in libidn.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/utopic/gnutls26