Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
14_version_gettextcat.diff | Version filename of locale data (gnutls30.mo instead of gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28 co-installable. |
Andreas Metzler <ametzler@debian.org> | no | 2020-09-06 | ||
30_guile-snarf.diff | Work around guile-snarf hardcoding the at-build default compiler which breaks when it changes ion Debian. | Andreas Metzler <ametzler@debian.org> | no | debian | vendor | 2014-08-24 |
55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch | [PATCH 1/2] _gnutls_buffer_resize: account for unused area if AGGRESSIVE_REALLOC | Daiki Ueno <ueno@gnu.org> | no | 2021-03-10 | ||
55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch | [PATCH 2/2] str: suppress -Wunused-function if AGGRESSIVE_REALLOC is defined | Daiki Ueno <ueno@gnu.org> | no | 2021-03-10 | ||
56_01-srptool-avoid-FILE-pointer-leak-on-error.patch | [PATCH 1/5] srptool: avoid FILE pointer leak on error | Daiki Ueno <ueno@gnu.org> | no | 2021-03-15 | ||
56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch | [PATCH 2/5] gnutls-cli-debug: avoid resource leak in saving DHE params | Daiki Ueno <ueno@gnu.org> | no | 2021-03-15 | ||
56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch | [PATCH 3/5] src: avoid file descriptor leak in socket_open2 | Daiki Ueno <ueno@gnu.org> | no | 2021-03-15 | ||
56_04-examples-avoid-memory-leak-in-tlsproxy.patch | [PATCH 4/5] examples: avoid memory leak in tlsproxy | Daiki Ueno <ueno@gnu.org> | no | 2021-03-15 | ||
56_05-examples-avoid-memory-leak-in-ex-verify.patch | [PATCH 5/5] examples: avoid memory leak in ex-verify | Daiki Ueno <ueno@gnu.org> | no | 2021-03-15 | ||
56_10-build-doc-install-missing-image-file-gnutls-crypto-l.patch | [PATCH] build: doc: install missing image file gnutls-crypto-layers.png | Andreas Metzler <ametzler@bebt.de> | no | 2021-03-20 | ||
56_15-mem-add-_gnutls_reallocarray-and-_gnutls_reallocarra.patch | [PATCH 1/5] mem: add _gnutls_reallocarray and _gnutls_reallocarray_fast | Daiki Ueno <ueno@gnu.org> | no | 2021-02-21 | ||
56_16-pkcs11x-find_ext_cb-fix-error-propagation.patch | [PATCH 2/5] pkcs11x: find_ext_cb: fix error propagation Use explicit error value, as rv is not set in this code path. |
Daiki Ueno <ueno@gnu.org> | no | 2021-03-29 | ||
56_17-build-avoid-potential-integer-overflow-in-array-allo.patch | [PATCH 3/5] build: avoid potential integer overflow in array allocation This relies on _gnutls_reallocarray for all occasions of array allocations, so that they can benefit from the built-in overflow checks. |
Daiki Ueno <ueno@gnu.org> | no | 2021-02-21 | ||
56_18-build-avoid-integer-overflow-in-additions.patch | [PATCH 4/5] build: avoid integer overflow in additions | Daiki Ueno <ueno@gnu.org> | no | 2021-03-29 | ||
56_19-_gnutls_calloc-remove-unused-function.patch | [PATCH 5/5] _gnutls_calloc: remove unused function | Daiki Ueno <ueno@gnu.org> | no | 2021-03-30 | ||
56_20-priority-add-option-to-disable-TLS-1.3-middlebox-com.patch | [PATCH] priority: add option to disable TLS 1.3 middlebox compatibility mode This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3 compatibility mode at run-time. |
Daiki Ueno <ueno@gnu.org> | no | 2021-04-16 | ||
56_24-handshake-don-t-regenerate-legacy_session_id-in-seco.patch | [PATCH] handshake: don't regenerate legacy_session_id in second CH after HRR According to RFC 8446 4.1.2, the client must send the same Client Hello after Hello Retry Request, except for the certain extensions, and thus legacy_session_id must be preserved. |
Daiki Ueno <ueno@gnu.org> | no | 2021-04-22 | ||
56_28-handshake-fix-timing-of-sending-early-data.patch | [PATCH] handshake: fix timing of sending early data Previously, the client was sending early data after receiving a Server Hello message, which not only negates the benefit of 0-RTT, but also was a logic error as it can only be decrypted by the server when the initial handshake and the resuming handshake agree on the same ciphersuites. This fixes that behavior in the following ways: - extend the session data format to include the selected ciphersuites, even in TLS 1.3 - setup the epoch for early data, right before the client sending early data (also right after the server deciding to accept early data). - extend the test case to use different ciphersuites in the initial and resuming handshakes |
Daiki Ueno <ueno@gnu.org> | no | 2021-04-23 | ||
56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch | [PATCH 47/94] x509/verify: treat SHA-1 signed CA in the trusted set differently Suppose there is a certificate chain ending with an intermediate CA: EE → ICA1 → ICA2. If the system trust store contains a root CA generated with the same key as ICA2 but signed with a prohibited algorithm, such as SHA-1, the library previously reported a verification failure, though the situation is not uncommon during a transition period of root CA. This changes the library behavior such that the check on signature algorithm will be skipped when examining the trusted root CA. |
Daiki Ueno <ueno@gnu.org> | no | 2021-05-03 | ||
56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch | [PATCH 74/94] serv: stop setting AI_ADDRCONFIG on getaddrinfo AI_ADDRCONFIG is only useful when the NODE argument is given in the getaddrinfo call, as described in RFC 3493 6.1. Suggested by Andreas Metzler in: https://gitlab.com/gnutls/gnutls/-/issues/1007#note_356637206 |
Daiki Ueno <ueno@gnu.org> | no | 2021-05-14 | ||
56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch | [PATCH] fix SSSE3 SHA384 to work more than once The output function called sha512_digest() instead of sha384_digest(), which caused the hash context to be reinitialized for SHA512 instead of SHA384 and all following digests using the hash handle were wrong. |
Miroslav Lichvar <mlichvar@redhat.com> | no | 2021-09-01 | ||
56_45-wrap_nettle_hash_fast-avoid-calling-_update-with-zer.patch | [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length input As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. |
Daiki Ueno <ueno@gnu.org> | no | 2021-12-22 | ||
60-Fix-double-free-during-gnutls_pkcs7_verify.patch | Fix double free during gnutls_pkcs7_verify | Zoltan Fridrich <zfridric@redhat.com> | yes | upstream | https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 | 2022-07-22 |
61_01-auth-rsa-side-step-potential-side-channel.patc | [PATCH 1/3] auth/rsa: side-step potential side-channel Remove branching that depends on secret data. |
Alexander Sosedkin <asosedkin@redhat.com> | no | 2022-08-09 | ||
61_02-rsa-remove-dead-code.patch | [PATCH 2/3] rsa: remove dead code since the `ok` variable isn't used any more, we can remove all code used to calculate it |
Hubert Kario <hkario@redhat.com> | no | 2023-02-08 | ||
62-auth-rsa_psk-side-step-potential-side-channel.patch | [PATCH] auth/rsa_psk: side-step potential side-channel This removes branching that depends on secret data, porting changes for regular RSA key exchange from 4804febddc2ed958e5ae774de2a8f85edeeff538 and 80a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the allow_wrong_pms as it was used sorely to control debug output depending on the branching. |
Daiki Ueno <ueno@gnu.org> | no | 2023-10-23 | ||
63-x509-detect-loop-in-certificate-chain.patch | [PATCH 1/2] x509: detect loop in certificate chain There can be a loop in a certificate chain, when multiple CA certificates are cross-signed with each other, such as A → B, B → C, and C → A. Previously, the verification logic was not capable of handling this scenario while sorting the certificates in the chain in _gnutls_sort_clist, resulting in an assertion failure. This patch properly detects such loop and aborts further processing in a graceful manner. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-11 | ||
64-rsa-psk-minimize-branching-after-decryption.patch | [PATCH 2/2] rsa-psk: minimize branching after decryption This moves any non-trivial code between gnutls_privkey_decrypt_data2 and the function return in _gnutls_proc_rsa_psk_client_kx up until the decryption. This also avoids an extra memcpy to session->key.key. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-10 | ||
CVE-2024-28835.patch | gnutls_x509_trust_list_verify_crt2: remove length limit of input Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the chain verification logic crashed with assertion failure. This patch removes the restriction while keeping the maximum number of retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH. |
Daiki Ueno <ueno@gnu.org> | yes | debian upstream | https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d | 2024-01-29 |
CVE-2024-28834.patch | nettle: avoid normalization of mpz_t in deterministic ECDSA This removes function calls that potentially leak bit-length of a private key used to calculate a nonce in deterministic ECDSA. Namely: - _gnutls_dsa_compute_k has been rewritten to work on always zero-padded mp_limb_t arrays instead of mpz_t - rnd_mpz_func has been replaced with rnd_datum_func, which is backed by a byte array instead of an mpz_t value |
Daiki Ueno <ueno@gnu.org> | yes | debian upstream | https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5 | 2024-01-12 |
0031-serv-fix-memleak-when-a-connected-client-disappears.patch | serv: fix memleak when a connected client disappears Reported by Hubert Kario. |
Daiki Ueno <ueno@gnu.org> | no | https://gitlab.com/gnutls/gnutls/-/commit/b5faada34e63ca14657e72bebfa4a71f52000116 | 2024-01-27 | |
0032-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch | lib: fix a segfault in _gnutls13_recv_end_of_early_data A crash occur in my app that uses gnutls13 early data, stack trace: #0 free (libc.so.6 + 0x97bf0) #1 _gnutls_buffer_clear (libgnutls.so.30 + 0x77c8c) #2 _gnutls13_recv_end_of_early_data (libgnutls.so.30 + 0xaf308) #3 _gnutls13_handshake_server (libgnutls.so.30 + 0x42d6c) #4 handshake_server (libgnutls.so.30 + 0x4ff6c) The root cause is that _gnutls_buffer_clear() was trying to free 'buf' that is not initialized or set if GNUTLS_NO_END_OF_EARLY_DATA flag is set on server side. This patch fixes it by simply initializing buf at the begginning of _gnutls13_recv_end_of_early_data(). |
Xin Long <lucien.xin@gmail.com> | no | https://gitlab.com/gnutls/gnutls/-/commit/f979aa3d0fcf1c79accc038b6599382efc6e64da | 2024-02-01 | |
0033-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch | lib: fix a potential segfault in _gnutls13_recv_finished In _gnutls13_recv_finished(), 'buf' is not initialized or set when _gnutls13_compute_finished() returns an err, and goto cleanup may cause a segfault crash as it frees the uninitialized buf.allocd in _gnutls_buffer_clear(). So fix it by return if _gnutls13_compute_finished() returns an err in _gnutls13_recv_finished(). |
Xin Long <lucien.xin@gmail.com> | no | https://gitlab.com/gnutls/gnutls/-/commit/b7cd1e93d900675a80fe0701475a3f947bc4039e | 2024-02-01 |