| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 14_version_gettextcat.diff | Version filename of locale data (gnutls30.mo instead of gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28 co-installable. |
Andreas Metzler <ametzler@debian.org> | no | 2020-09-06 | ||
| 30_guile-snarf.diff | Work around guile-snarf hardcoding the at-build default compiler which breaks when it changes ion Debian. | Andreas Metzler <ametzler@debian.org> | no | debian | vendor | 2014-08-24 |
| 40_srptest_doubletimeout.diff | Increase timeout for srp test, fixing build error on mipsel | Andreas Metzler <ametzler@debian.org> | yes | upstream | vendor | 2022-04-13 |
| 50_Fix-removal-of-duplicate-certs-during-verification.patch | [PATCH] Fix removal of duplicate certs during verification | Zoltan Fridrich <zfridric@redhat.com> | no | 2022-10-17 | ||
| 51_add-gnulib-linkedhash-list-module.diff | Result of rebootstrapping with linkedhash-list module Needed for 50_Fix-removal-of-duplicate-certs-during-verification.patch . Add linkedhash-list to gnulib_modules= in bootstrap.conf and run ./bootstrap |
Andreas Metzler <ametzler@debian.org> | not-needed | vendor | 2022-10-31 | |
| 60-auth-rsa_psk-side-step-potential-side-channel.patch | [PATCH] auth/rsa_psk: side-step potential side-channel This removes branching that depends on secret data, porting changes for regular RSA key exchange from 4804febddc2ed958e5ae774de2a8f85edeeff538 and 80a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the allow_wrong_pms as it was used sorely to control debug output depending on the branching. |
Daiki Ueno <ueno@gnu.org> | no | 2023-10-23 | ||
| 61-x509-detect-loop-in-certificate-chain.patch | [PATCH 1/2] x509: detect loop in certificate chain There can be a loop in a certificate chain, when multiple CA certificates are cross-signed with each other, such as A B, B C, and C A. Previously, the verification logic was not capable of handling this scenario while sorting the certificates in the chain in _gnutls_sort_clist, resulting in an assertion failure. This patch properly detects such loop and aborts further processing in a graceful manner. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-11 | ||
| 62-rsa-psk-minimize-branching-after-decryption.patch | [PATCH 2/2] rsa-psk: minimize branching after decryption This moves any non-trivial code between gnutls_privkey_decrypt_data2 and the function return in _gnutls_proc_rsa_psk_client_kx up until the decryption. This also avoids an extra memcpy to session->key.key. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-10 |