ubuntu/+source/gnutls26:ubuntu/intrepid-updates

Last commit made on 2009-08-19
Get this branch:
git clone -b ubuntu/intrepid-updates https://git.launchpad.net/ubuntu/+source/gnutls26
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/intrepid-updates
Repository:
lp:ubuntu/+source/gnutls26

Recent commits

76fe999... by Jamie Strandboge on 2009-08-14

Import patches-unapplied version 2.4.1-1ubuntu0.4 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f66e8af631d4c62be1b180200c7f7eebdfda8b9e

New changelog entries:
  * SECURITY UPDATE: fix improper handling of '\0' in Common Name (CN) and
    Subject Alternative Name (SAN) in X.509 certificates (LP: #413136)
    - debian/patches/21_CVE-2009-2730.diff: verify length of CN and SAN
      are what we expect and error out if either contains an embedded \0
    - CVE-2009-2730

f66e8af... by Jamie Strandboge on 2009-02-20

Import patches-unapplied version 2.4.1-1ubuntu0.3 to ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: 31b2d8586606d9084f15f86a8d899ae602f41fcc

New changelog entries:
  * Fix for certificate chain regressions introduced by fixes for
    CVE-2008-4989
  * debian/patches/20_CVE-2008-4989.diff: updated to upstream's final
    2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
    address all known regressions. To summarize from upstream:
    - Fix X.509 certificate chain validation error (CVE-2008-4989)
    - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
    - Deprecate X.509 validation chains using MD5 and MD2 signatures
    - Accept chains where intermediary certs are trusted (LP: #305264)

31b2d85... by Jamie Strandboge on 2008-12-05

Import patches-unapplied version 2.4.1-1ubuntu0.2 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: afaf84d8f5615c1200aeffdc4d30f9673666a92d

New changelog entries:
  * Fix for regression where some valid certificate chains would be untrusted
    - Update debian/patches/20_CVE-2008-4989.diff to check if last certificate
      is self-signed and prevent verifying self-signed certificates against
      themselves. Patch from upstream.
    - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
    - LP: #305264

afaf84d... by Jamie Strandboge on 2008-11-25

Import patches-unapplied version 2.4.1-1ubuntu0.1 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: cd25621cb80510592ba91bf52847b005f8e36eb2

New changelog entries:
  * SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
    validation
    - debian/patches/20_CVE-2008-4989.diff: don't remove the last certificate
      if it is self-signed in lib/x509/verify.c
    - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
    - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
    - CVE-2008-4989

cd25621... by Martin Pitt on 2008-08-06

Import patches-unapplied version 2.4.1-1build1 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 6ff7d79365d6491a13463bc82183d417eae63830

New changelog entries:
  * Rebuild against thread-enabled guile-1.8.

6ff7d79... by Andreas Metzler <email address hidden> on 2008-07-01

Import patches-unapplied version 2.4.1-1 to debian/lenny

Imported using git-ubuntu import.