Debian Patches

Status for gnutls28/3.7.1-5+deb11u5

Patch Description Author Forwarded Bugs Origin Last update
56_24-handshake-don-t-regenerate-legacy_session_id-in-seco.patch [PATCH] handshake: don't regenerate legacy_session_id in second CH after HRR

According to RFC 8446 4.1.2, the client must send the same Client
Hello after Hello Retry Request, except for the certain extensions,
and thus legacy_session_id must be preserved.
Daiki Ueno <ueno@gnu.org> no 2021-04-22
14_version_gettextcat.diff Version filename of locale data (gnutls30.mo instead of gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
co-installable.
Andreas Metzler <ametzler@debian.org> no 2020-09-06
30_guile-snarf.diff Work around guile-snarf hardcoding the at-build default compiler which breaks when it changes ion Debian. Andreas Metzler <ametzler@debian.org> no debian vendor 2014-08-24
55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch [PATCH 1/2] _gnutls_buffer_resize: account for unused area if AGGRESSIVE_REALLOC Daiki Ueno <ueno@gnu.org> no 2021-03-10
55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch [PATCH 2/2] str: suppress -Wunused-function if AGGRESSIVE_REALLOC is defined Daiki Ueno <ueno@gnu.org> no 2021-03-10
56_01-srptool-avoid-FILE-pointer-leak-on-error.patch [PATCH 1/5] srptool: avoid FILE pointer leak on error Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch [PATCH 2/5] gnutls-cli-debug: avoid resource leak in saving DHE params Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch [PATCH 3/5] src: avoid file descriptor leak in socket_open2 Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_04-examples-avoid-memory-leak-in-tlsproxy.patch [PATCH 4/5] examples: avoid memory leak in tlsproxy Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_05-examples-avoid-memory-leak-in-ex-verify.patch [PATCH 5/5] examples: avoid memory leak in ex-verify Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_10-build-doc-install-missing-image-file-gnutls-crypto-l.patch [PATCH] build: doc: install missing image file gnutls-crypto-layers.png Andreas Metzler <ametzler@bebt.de> no 2021-03-20
56_15-mem-add-_gnutls_reallocarray-and-_gnutls_reallocarra.patch [PATCH 1/5] mem: add _gnutls_reallocarray and _gnutls_reallocarray_fast Daiki Ueno <ueno@gnu.org> no 2021-02-21
56_16-pkcs11x-find_ext_cb-fix-error-propagation.patch [PATCH 2/5] pkcs11x: find_ext_cb: fix error propagation
Use explicit error value, as rv is not set in this code path.
Daiki Ueno <ueno@gnu.org> no 2021-03-29
56_17-build-avoid-potential-integer-overflow-in-array-allo.patch [PATCH 3/5] build: avoid potential integer overflow in array allocation

This relies on _gnutls_reallocarray for all occasions of array
allocations, so that they can benefit from the built-in overflow
checks.
Daiki Ueno <ueno@gnu.org> no 2021-02-21
56_18-build-avoid-integer-overflow-in-additions.patch [PATCH 4/5] build: avoid integer overflow in additions Daiki Ueno <ueno@gnu.org> no 2021-03-29
56_19-_gnutls_calloc-remove-unused-function.patch [PATCH 5/5] _gnutls_calloc: remove unused function Daiki Ueno <ueno@gnu.org> no 2021-03-30
56_20-priority-add-option-to-disable-TLS-1.3-middlebox-com.patch [PATCH] priority: add option to disable TLS 1.3 middlebox compatibility mode

This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3
compatibility mode at run-time.
Daiki Ueno <ueno@gnu.org> no 2021-04-16
56_28-handshake-fix-timing-of-sending-early-data.patch [PATCH] handshake: fix timing of sending early data
Previously, the client was sending early data after receiving a Server
Hello message, which not only negates the benefit of 0-RTT, but also
was a logic error as it can only be decrypted by the server when the
initial handshake and the resuming handshake agree on the same
ciphersuites. This fixes that behavior in the following ways:

- extend the session data format to include the selected ciphersuites,
even in TLS 1.3
- setup the epoch for early data, right before the client sending
early data (also right after the server deciding to accept early
data).
- extend the test case to use different ciphersuites in the initial
and resuming handshakes
Daiki Ueno <ueno@gnu.org> no 2021-04-23
56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch [PATCH 47/94] x509/verify: treat SHA-1 signed CA in the trusted set differently

Suppose there is a certificate chain ending with an intermediate CA:
EE → ICA1 → ICA2. If the system trust store contains a root CA
generated with the same key as ICA2 but signed with a prohibited
algorithm, such as SHA-1, the library previously reported a
verification failure, though the situation is not uncommon during a
transition period of root CA.

This changes the library behavior such that the check on signature
algorithm will be skipped when examining the trusted root CA.
Daiki Ueno <ueno@gnu.org> no 2021-05-03
56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch [PATCH 74/94] serv: stop setting AI_ADDRCONFIG on getaddrinfo
AI_ADDRCONFIG is only useful when the NODE argument is given in the
getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas
Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206
Daiki Ueno <ueno@gnu.org> no 2021-05-14
56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch [PATCH] fix SSSE3 SHA384 to work more than once
The output function called sha512_digest() instead of sha384_digest(),
which caused the hash context to be reinitialized for SHA512 instead of
SHA384 and all following digests using the hash handle were wrong.
Miroslav Lichvar <mlichvar@redhat.com> no 2021-09-01
56_45-wrap_nettle_hash_fast-avoid-calling-_update-with-zer.patch [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length input

As Nettle's hash update functions internally call memcpy, providing
zero-length input may cause undefined behavior.
Daiki Ueno <ueno@gnu.org> no 2021-12-22
60-Fix-double-free-during-gnutls_pkcs7_verify.patch Fix double free during gnutls_pkcs7_verify Zoltan Fridrich <zfridric@redhat.com> yes upstream https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 2022-07-22
61_01-auth-rsa-side-step-potential-side-channel.patc [PATCH 1/3] auth/rsa: side-step potential side-channel
Remove branching that depends on secret data.
Alexander Sosedkin <asosedkin@redhat.com> no 2022-08-09
61_02-rsa-remove-dead-code.patch [PATCH 2/3] rsa: remove dead code
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
Hubert Kario <hkario@redhat.com> no 2023-02-08
62-auth-rsa_psk-side-step-potential-side-channel.patch [PATCH] auth/rsa_psk: side-step potential side-channel
This removes branching that depends on secret data, porting changes
for regular RSA key exchange from
4804febddc2ed958e5ae774de2a8f85edeeff538 and
80a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the
allow_wrong_pms as it was used sorely to control debug output
depending on the branching.
Daiki Ueno <ueno@gnu.org> no 2023-10-23
63-x509-detect-loop-in-certificate-chain.patch [PATCH 1/2] x509: detect loop in certificate chain
There can be a loop in a certificate chain, when multiple CA
certificates are cross-signed with each other, such as A → B, B → C,
and C → A. Previously, the verification logic was not capable of
handling this scenario while sorting the certificates in the chain in
_gnutls_sort_clist, resulting in an assertion failure. This patch
properly detects such loop and aborts further processing in a graceful
manner.
Daiki Ueno <ueno@gnu.org> no 2024-01-11
64-rsa-psk-minimize-branching-after-decryption.patch [PATCH 2/2] rsa-psk: minimize branching after decryption
This moves any non-trivial code between gnutls_privkey_decrypt_data2
and the function return in _gnutls_proc_rsa_psk_client_kx up until the
decryption. This also avoids an extra memcpy to session->key.key.
Daiki Ueno <ueno@gnu.org> no 2024-01-10

All known versions for source package 'gnutls28'

Links