Ubuntu
gnutls13 package

lp://staging/ubuntu/hardy-proposed/gnutls13

Hardy (8.04)
hardy-proposed

Created by James Westby on 2009-07-08 and last modified on 2012-05-31

Get this branch:: bzr branch lp://staging/ubuntu/hardy-proposed/gnutls13

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Status:: Mature

Recent revisions

19. By Thorsten Glaser on 2012-05-31: Apply upstream patch to fix validation of certificates when more than
one with the same short hash exists in the CA bundle (LP: #1003841).
18. By Jamie Strandboge on 2009-02-20: * Fix for certificate chain regressions introduced by fixes for
  CVE-2008-4989
* debian/patches/91_CVE-2008-4989.diff: updated to upstream's final
  2.4.2 - 2.4.3 patchset for lib/x509/verify.c to fix CVE-2008-4989 and
  address all known regressions. To summarize from upstream:
  - Fix X.509 certificate chain validation error (CVE-2008-4989)
  - Fix chain verification for chains that end with RSA-MD2 CAs (LP: #305264)
  - Deprecate X.509 validation chains using MD5 and MD2 signatures
  - Accept chains where intermediary certs are trusted (LP: #305264)
17. By Kees Cook on 2009-01-13: Bump up maximum handshake packet size. Some clients needs this,
especially when talking to some Intrepid services (LP: #292604).
16. By Jamie Strandboge on 2008-12-05: * Fix for regression where some valid certificate chains would be untrusted
  - Update debian/patches/91_CVE-2008-4989.diff to check if last certificate
    is self-signed and prevent verifying self-signed certificates against
    themselves. Patch from upstream.
  - http://lists.gnu.org/archive/html/gnutls-devel/2008-12/msg00008.html
  - LP: #305264
15. By Jamie Strandboge on 2008-11-25: * SECURITY UPDATE: Fix for man-in-the-middle attack in certificate
  validation
  - debian/patches/91_CVE-2008-4989.diff: don't remove the last certificate
    if it is self-signed in lib/x509/verify.c
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
  - http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248
  - CVE-2008-4989
14. By Kees Cook on 2008-05-20: * SECURITY UPDATE: multiple remote denial of service.
* debian/patches/90_GNUTLS-SA-2008-1.diff: upstream fixes, thanks to Debian.
* References
GNUTLS-SA-2008-1
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
13. By Steve Langasek on 2008-02-22: * Pulled from upstream, by way of Debian:
  + debian/patches/20_nulltermfix_465197.diff
    Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
    et al. to not null terminate binary strings and return the proper
    size.
  + debian/patches/21_nulltermfix_465197_part2.diff
    corrected string handling in parse_general_name.
12. By Martin Pitt on 2007-12-03: * Merge from debian unstable, remaining changes:
- debian/rules: Use clean-la.mk.
11. By Martin Pitt on 2007-11-06: Use clean-la.mk to remove the dependencies from the .la files.
10. By Andreas Metzler <email address hidden> on 2007-09-29: * New upstream version.
* Remove doc/*.info* on clean to allow building thrice in a row.
(Closes: #441740)

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntugnutls13 package