ubuntu/+source/gnutls26:ubuntu/trusty-updates

Last commit made on 2017-06-13
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/gnutls26
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/gnutls26

Recent commits

247ffea... by Marc Deslauriers on 2017-06-12

Import patches-unapplied version 2.12.23-12ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 4e3710f6fd3d779a39841db6b5711c77499d6eb0

New changelog entries:
  * SECURITY UPDATE: DoS and possible code execution via OpenPGP
    certificate decoding
    - debian/patches/CVE-2017-7869.patch: enforce packet limits in
      lib/opencdk/read-packet.c.
    - CVE-2017-7869

4e3710f... by Marc Deslauriers on 2017-03-15

Import patches-unapplied version 2.12.23-12ubuntu2.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9b72509136b109b74c2d356d2be4a4a57a57347a

New changelog entries:
  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
      lib/gnutls_state.c.
    - CVE-2016-8610

9b72509... by Marc Deslauriers on 2017-01-26

Import patches-unapplied version 2.12.23-12ubuntu2.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fbed9a2db87f68b877cd0cdaa66dc8f7274b747a

New changelog entries:
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337

fbed9a2... by Marc Deslauriers on 2016-02-05

Import patches-unapplied version 2.12.23-12ubuntu2.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 16d8cf25ea0fa32b6474848bef87365023b81c75

New changelog entries:
  * debian/patches/compare_ca_name_and_key.patch: when comparing a CA
    certificate with the trusted list compare the name and key. This will
    allow the future removal of 1024-bit RSA keys from the ca-certificates
    package.

16d8cf2... by Marc Deslauriers on 2016-01-07

Import patches-unapplied version 2.12.23-12ubuntu2.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3897c1f649c2f506ab2dbec3b54ccafa74f5dc0f

New changelog entries:
  * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: do not consider any values from
      the extension data to decide acceptable algorithms in
      lib/ext_signature.c.
    - CVE-2015-7575

3897c1f... by Bryan Quigley on 2015-11-25

Import patches-unapplied version 2.12.23-12ubuntu2.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: f039058ad540d19b913fe35db3ca050d787c3d24

New changelog entries:
  * SECURITY UPDATE: Poodle TLS issue
    - debian/patches/fix_tls_poodle.patch: fixes off by one
      issue in padding check.
      Patch created by Hanno Boeck (https://hboeck.de/)
    (LP: #1510163)

f039058... by Marc Deslauriers on 2015-03-20

Import patches-unapplied version 2.12.23-12ubuntu2.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b16ff6c9d3368e4e5b5d98fa885effb0ef1bfc73

New changelog entries:
  * SECURITY UPDATE: signature forgery issue
    - debian/patches/CVE-2015-0282.patch: make sure the signature
      algorithms match in lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
      lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/x509/common.h,
      lib/x509/crq.c, lib/x509/privkey.c, lib/x509/verify.c,
      lib/x509/x509.c, lib/x509/x509_int.h.
    - CVE-2015-0282
  * SECURITY UPDATE: certificate algorithm consistency issue
    - debian/patches/CVE-2015-0294.patch: make sure the two signature
      algorithms match on cert import in lib/x509/x509.c.
    - CVE-2015-0294

b16ff6c... by Marc Deslauriers on 2014-06-01

Import patches-unapplied version 2.12.23-12ubuntu2.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b8bb50dcba4f0b01604d9a269d95786b893ec057

New changelog entries:
  * SECURITY UPDATE: memory corruption due to server hello parsing
    - debian/patches/CVE-2014-3466.patch: validate session_id_len in
      lib/gnutls_handshake.c.
    - CVE-2014-3466

b8bb50d... by Marc Deslauriers on 2014-03-03

Import patches-unapplied version 2.12.23-12ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 6c61c756fe666ad65cabfe5b4c6d46bf62c61627

New changelog entries:
  * SECURITY UPDATE: certificate validation bypass
    - debian/patches/CVE-2014-0092.patch: correct return codes in
      lib/x509/verify.c.
    - CVE-2014-0092

6c61c75... by Matthias Klose on 2014-02-27

Import patches-unapplied version 2.12.23-12ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 9b49688af9e6dae7dc7ab8f9298b50ea91931ec3

New changelog entries:
  * Merge with Debian; remaining changes:
    - Build gnutls-bin from this source package rather than from gnutls28:
      gnutls28's licensing is currently too strict for many of the free
      software packages built against it in Ubuntu main and we only want to
      support a single version. Bump its version to achieve this.
    - Drop the sipsak Breaks on armhf back to (<= 0.9.6-2.1), which is
      sufficient for Ubuntu. The former versioning rendered sipsak
      uninstallable.
    - Link test-lock and test-thread_create with -Wl,--no-as-needed; see
      https://lists.gnu.org/archive/html/bug-gnulib/2013-10/msg00017.html.
    - debian/patches/99_update-libtool.patch: Update libtool.m4
    - debian/rules: Set CC on cross-builds, so autoconf doesn't lose its mind.