Debian Patches

Status for gnutls28/3.7.1-5+deb11u6

Patch Description Author Forwarded Bugs Origin Last update
14_version_gettextcat.diff Version filename of locale data (gnutls30.mo instead of gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
co-installable.
Andreas Metzler <ametzler@debian.org> no 2020-09-06
30_guile-snarf.diff Work around guile-snarf hardcoding the at-build default compiler which breaks when it changes ion Debian. Andreas Metzler <ametzler@debian.org> no debian vendor 2014-08-24
55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch [PATCH 1/2] _gnutls_buffer_resize: account for unused area if AGGRESSIVE_REALLOC Daiki Ueno <ueno@gnu.org> no 2021-03-10
55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch [PATCH 2/2] str: suppress -Wunused-function if AGGRESSIVE_REALLOC is defined Daiki Ueno <ueno@gnu.org> no 2021-03-10
56_01-srptool-avoid-FILE-pointer-leak-on-error.patch [PATCH 1/5] srptool: avoid FILE pointer leak on error Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch [PATCH 2/5] gnutls-cli-debug: avoid resource leak in saving DHE params Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch [PATCH 3/5] src: avoid file descriptor leak in socket_open2 Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_04-examples-avoid-memory-leak-in-tlsproxy.patch [PATCH 4/5] examples: avoid memory leak in tlsproxy Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_05-examples-avoid-memory-leak-in-ex-verify.patch [PATCH 5/5] examples: avoid memory leak in ex-verify Daiki Ueno <ueno@gnu.org> no 2021-03-15
56_10-build-doc-install-missing-image-file-gnutls-crypto-l.patch [PATCH] build: doc: install missing image file gnutls-crypto-layers.png Andreas Metzler <ametzler@bebt.de> no 2021-03-20
56_15-mem-add-_gnutls_reallocarray-and-_gnutls_reallocarra.patch [PATCH 1/5] mem: add _gnutls_reallocarray and _gnutls_reallocarray_fast Daiki Ueno <ueno@gnu.org> no 2021-02-21
56_16-pkcs11x-find_ext_cb-fix-error-propagation.patch [PATCH 2/5] pkcs11x: find_ext_cb: fix error propagation
Use explicit error value, as rv is not set in this code path.
Daiki Ueno <ueno@gnu.org> no 2021-03-29
56_17-build-avoid-potential-integer-overflow-in-array-allo.patch [PATCH 3/5] build: avoid potential integer overflow in array allocation

This relies on _gnutls_reallocarray for all occasions of array
allocations, so that they can benefit from the built-in overflow
checks.
Daiki Ueno <ueno@gnu.org> no 2021-02-21
56_18-build-avoid-integer-overflow-in-additions.patch [PATCH 4/5] build: avoid integer overflow in additions Daiki Ueno <ueno@gnu.org> no 2021-03-29
56_19-_gnutls_calloc-remove-unused-function.patch [PATCH 5/5] _gnutls_calloc: remove unused function Daiki Ueno <ueno@gnu.org> no 2021-03-30
56_20-priority-add-option-to-disable-TLS-1.3-middlebox-com.patch [PATCH] priority: add option to disable TLS 1.3 middlebox compatibility mode

This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3
compatibility mode at run-time.
Daiki Ueno <ueno@gnu.org> no 2021-04-16
56_24-handshake-don-t-regenerate-legacy_session_id-in-seco.patch [PATCH] handshake: don't regenerate legacy_session_id in second CH after HRR

According to RFC 8446 4.1.2, the client must send the same Client
Hello after Hello Retry Request, except for the certain extensions,
and thus legacy_session_id must be preserved.
Daiki Ueno <ueno@gnu.org> no 2021-04-22
56_28-handshake-fix-timing-of-sending-early-data.patch [PATCH] handshake: fix timing of sending early data
Previously, the client was sending early data after receiving a Server
Hello message, which not only negates the benefit of 0-RTT, but also
was a logic error as it can only be decrypted by the server when the
initial handshake and the resuming handshake agree on the same
ciphersuites. This fixes that behavior in the following ways:

- extend the session data format to include the selected ciphersuites,
even in TLS 1.3
- setup the epoch for early data, right before the client sending
early data (also right after the server deciding to accept early
data).
- extend the test case to use different ciphersuites in the initial
and resuming handshakes
Daiki Ueno <ueno@gnu.org> no 2021-04-23
56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch [PATCH 47/94] x509/verify: treat SHA-1 signed CA in the trusted set differently

Suppose there is a certificate chain ending with an intermediate CA:
EE → ICA1 → ICA2. If the system trust store contains a root CA
generated with the same key as ICA2 but signed with a prohibited
algorithm, such as SHA-1, the library previously reported a
verification failure, though the situation is not uncommon during a
transition period of root CA.

This changes the library behavior such that the check on signature
algorithm will be skipped when examining the trusted root CA.
Daiki Ueno <ueno@gnu.org> no 2021-05-03
56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch [PATCH 74/94] serv: stop setting AI_ADDRCONFIG on getaddrinfo
AI_ADDRCONFIG is only useful when the NODE argument is given in the
getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas
Metzler in:
https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206
Daiki Ueno <ueno@gnu.org> no 2021-05-14
56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch [PATCH] fix SSSE3 SHA384 to work more than once
The output function called sha512_digest() instead of sha384_digest(),
which caused the hash context to be reinitialized for SHA512 instead of
SHA384 and all following digests using the hash handle were wrong.
Miroslav Lichvar <mlichvar@redhat.com> no 2021-09-01
56_45-wrap_nettle_hash_fast-avoid-calling-_update-with-zer.patch [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length input

As Nettle's hash update functions internally call memcpy, providing
zero-length input may cause undefined behavior.
Daiki Ueno <ueno@gnu.org> no 2021-12-22
60-Fix-double-free-during-gnutls_pkcs7_verify.patch Fix double free during gnutls_pkcs7_verify Zoltan Fridrich <zfridric@redhat.com> yes upstream https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 2022-07-22
61_01-auth-rsa-side-step-potential-side-channel.patc [PATCH 1/3] auth/rsa: side-step potential side-channel
Remove branching that depends on secret data.
Alexander Sosedkin <asosedkin@redhat.com> no 2022-08-09
61_02-rsa-remove-dead-code.patch [PATCH 2/3] rsa: remove dead code
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
Hubert Kario <hkario@redhat.com> no 2023-02-08
62-auth-rsa_psk-side-step-potential-side-channel.patch [PATCH] auth/rsa_psk: side-step potential side-channel
This removes branching that depends on secret data, porting changes
for regular RSA key exchange from
4804febddc2ed958e5ae774de2a8f85edeeff538 and
80a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the
allow_wrong_pms as it was used sorely to control debug output
depending on the branching.
Daiki Ueno <ueno@gnu.org> no 2023-10-23
63-x509-detect-loop-in-certificate-chain.patch [PATCH 1/2] x509: detect loop in certificate chain
There can be a loop in a certificate chain, when multiple CA
certificates are cross-signed with each other, such as A → B, B → C,
and C → A. Previously, the verification logic was not capable of
handling this scenario while sorting the certificates in the chain in
_gnutls_sort_clist, resulting in an assertion failure. This patch
properly detects such loop and aborts further processing in a graceful
manner.
Daiki Ueno <ueno@gnu.org> no 2024-01-11
64-rsa-psk-minimize-branching-after-decryption.patch [PATCH 2/2] rsa-psk: minimize branching after decryption
This moves any non-trivial code between gnutls_privkey_decrypt_data2
and the function return in _gnutls_proc_rsa_psk_client_kx up until the
decryption. This also avoids an extra memcpy to session->key.key.
Daiki Ueno <ueno@gnu.org> no 2024-01-10
CVE-2024-28835.patch gnutls_x509_trust_list_verify_crt2: remove length limit of input
Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the
chain verification logic crashed with assertion failure. This patch
removes the restriction while keeping the maximum number of
retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH.
Daiki Ueno <ueno@gnu.org> yes debian upstream https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d 2024-01-29
CVE-2024-28834.patch nettle: avoid normalization of mpz_t in deterministic ECDSA
This removes function calls that potentially leak bit-length of a
private key used to calculate a nonce in deterministic ECDSA. Namely:

- _gnutls_dsa_compute_k has been rewritten to work on always
zero-padded mp_limb_t arrays instead of mpz_t
- rnd_mpz_func has been replaced with rnd_datum_func, which is backed
by a byte array instead of an mpz_t value
Daiki Ueno <ueno@gnu.org> yes debian upstream https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5 2024-01-12
0031-serv-fix-memleak-when-a-connected-client-disappears.patch serv: fix memleak when a connected client disappears
Reported by Hubert Kario.
Daiki Ueno <ueno@gnu.org> no https://gitlab.com/gnutls/gnutls/-/commit/b5faada34e63ca14657e72bebfa4a71f52000116 2024-01-27
0032-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch lib: fix a segfault in _gnutls13_recv_end_of_early_data
A crash occur in my app that uses gnutls13 early data, stack trace:

#0 free (libc.so.6 + 0x97bf0)
#1 _gnutls_buffer_clear (libgnutls.so.30 + 0x77c8c)
#2 _gnutls13_recv_end_of_early_data (libgnutls.so.30 + 0xaf308)
#3 _gnutls13_handshake_server (libgnutls.so.30 + 0x42d6c)
#4 handshake_server (libgnutls.so.30 + 0x4ff6c)

The root cause is that _gnutls_buffer_clear() was trying to free
'buf' that is not initialized or set if GNUTLS_NO_END_OF_EARLY_DATA
flag is set on server side.

This patch fixes it by simply initializing buf at the begginning of
_gnutls13_recv_end_of_early_data().
Xin Long <lucien.xin@gmail.com> no https://gitlab.com/gnutls/gnutls/-/commit/f979aa3d0fcf1c79accc038b6599382efc6e64da 2024-02-01
0033-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch lib: fix a potential segfault in _gnutls13_recv_finished
In _gnutls13_recv_finished(), 'buf' is not initialized or set when
_gnutls13_compute_finished() returns an err, and goto cleanup may
cause a segfault crash as it frees the uninitialized buf.allocd in
_gnutls_buffer_clear().

So fix it by return if _gnutls13_compute_finished() returns an err
in _gnutls13_recv_finished().
Xin Long <lucien.xin@gmail.com> no https://gitlab.com/gnutls/gnutls/-/commit/b7cd1e93d900675a80fe0701475a3f947bc4039e 2024-02-01

All known versions for source package 'gnutls28'

Links