diff -Nru gnutls26-2.10.5/debian/changelog gnutls26-2.10.5/debian/changelog
--- gnutls26-2.10.5/debian/changelog	2012-04-04 18:13:22.000000000 +0200
+++ gnutls26-2.10.5/debian/changelog	2012-05-24 11:11:59.000000000 +0200
@@ -1,3 +1,10 @@
+gnutls26 (2.10.5-1ubuntu3.2) oneiric; urgency=low
+
+  * Apply upstream patch to fix validation of certificates when more than
+    one with the same short hash exists in the CA bundle (LP: #1003841).
+
+ -- Thorsten Glaser <tg@mirbsd.de>  Thu, 24 May 2012 11:10:16 +0200
+
 gnutls26 (2.10.5-1ubuntu3.1) oneiric-security; urgency=low
 
   * SECURITY UPDATE: Denial of service in client application
diff -Nru gnutls26-2.10.5/debian/patches/certhash.diff gnutls26-2.10.5/debian/patches/certhash.diff
--- gnutls26-2.10.5/debian/patches/certhash.diff	1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.10.5/debian/patches/certhash.diff	2012-05-24 11:09:25.000000000 +0200
@@ -0,0 +1,65 @@
+Index: gnutls26-2.10.5/lib/x509/verify.c
+===================================================================
+--- gnutls26-2.10.5.orig/lib/x509/verify.c	2010-12-06 14:04:44.000000000 +0100
++++ gnutls26-2.10.5/lib/x509/verify.c	2012-05-24 11:09:19.798606211 +0200
+@@ -202,9 +202,12 @@
+ static int
+ is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert)
+ {
+-  gnutls_datum_t dn1 = { NULL, 0 }, dn2 =
+-  {
+-  NULL, 0};
++  gnutls_datum_t dn1 = { NULL, 0 }, 
++                 dn2 = { NULL, 0};
++  uint8_t id1[512];
++  uint8_t id2[512];
++  size_t id1_size;
++  size_t id2_size;
+   int ret;
+ 
+   ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1);
+@@ -222,6 +225,34 @@
+     }
+ 
+   ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
++  
++  if (ret != 0)
++    {
++      /* check if the authority key identifier matches the subject key identifier
++       * of the isser */
++       id1_size = sizeof(id1);
++       
++       ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
++       if (ret < 0)
++         {
++           ret = 1;
++           goto cleanup;
++         }
++
++       id2_size = sizeof(id2);
++       ret = gnutls_x509_crt_get_subject_key_id(issuer_cert, id2, &id2_size, NULL);
++       if (ret < 0)
++         {
++           ret = 1;
++           gnutls_assert();
++           goto cleanup;
++         }
++    
++       if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
++         ret = 1;
++       else
++         ret = 0;
++    }
+ 
+ cleanup:
+   _gnutls_free_datum (&dn1);
+@@ -391,7 +422,8 @@
+  * @issuer: is the certificate of a possible issuer
+  *
+  * This function will check if the given certificate was issued by the
+- * given issuer.
++ * given issuer. It checks the DN fields and the authority
++ * key identifier and subject key identifier fields match.
+  *
+  * Returns: It will return true (1) if the given certificate is issued
+  *   by the given issuer, and false (0) if not.  A negative value is
diff -Nru gnutls26-2.10.5/debian/patches/series gnutls26-2.10.5/debian/patches/series
--- gnutls26-2.10.5/debian/patches/series	2012-04-04 20:15:23.000000000 +0200
+++ gnutls26-2.10.5/debian/patches/series	2012-05-24 11:08:56.000000000 +0200
@@ -4,3 +4,4 @@
 20_gcrypt15compat.diff
 CVE-2011-4128.patch
 CVE-2012-1573.patch
+certhash.diff