Debian Patches
Status for gnutls28/3.7.9-2+deb12u5
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 63_01-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch | [PATCH 1/5] gnutls_x509_trust_list_verify_crt2: remove length limit of input Previously, if cert_list_size exceeded DEFAULT_MAX_VERIFY_DEPTH, the chain verification logic crashed with assertion failure. This patch removes the restriction while keeping the maximum number of retrieved certificates being DEFAULT_MAX_VERIFY_DEPTH. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-29 | ||
| 63_02-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch | [PATCH 2/5] nettle: avoid normalization of mpz_t in deterministic ECDSA This removes function calls that potentially leak bit-length of a private key used to calculate a nonce in deterministic ECDSA. Namely: - _gnutls_dsa_compute_k has been rewritten to work on always zero-padded mp_limb_t arrays instead of mpz_t - rnd_mpz_func has been replaced with rnd_datum_func, which is backed by a byte array instead of an mpz_t value |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-12 | ||
| 63_03-serv-fix-memleak-when-a-connected-client-disappears.patch | [PATCH 3/5] serv: fix memleak when a connected client disappears Reported by Hubert Kario. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-27 | ||
| 69_0002-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch | [PATCH 2/6] psk: fix read buffer overrun in the "pre_shared_key" extension While processing the "pre_shared_key" extension in TLS 1.3, if there are certain malformed data in the extension headers, then the code may read uninitialized memory (2 bytes) beyond the received TLS extension buffer. Spotted by oss-fuzz at: https://issues.oss-fuzz.com/issues/42513990 |
Andrew Hamilton <adhamilt@gmail.com> | no | 2025-07-07 | ||
| 69_0003-x509-reject-zero-length-version-in-certificate-reque.patch | [PATCH 3/6] x509: reject zero-length version in certificate request Ensure zero size asn1 values are considered invalid in gnutls_x509_crq_get_version, this ensures crq version is not used uninitialized. Spotted by oss-fuzz at: https://issues.oss-fuzz.com/issues/42536706 |
Andrew Hamilton <adhamilt@gmail.com> | no | 2025-07-07 | ||
| 69_0004-x509-avoid-double-free-when-exporting-othernames-in-.patch | [PATCH 4/6] x509: avoid double free when exporting othernames in SAN Previously, the _gnutls_write_new_othername function, called by gnutls_x509_ext_export_subject_alt_names to export "otherName" in a certificate's SAN extension, freed the caller allocated ASN.1 structure upon error, resulting in a potential double-free. Reported by OpenAI Security Research Team. |
Daiki Ueno <ueno@gnu.org> | no | 2025-07-07 | ||
| 69_0005-certtool-avoid-1-byte-write-buffer-overrun-when-pars.patch | [PATCH 5/6] certtool: avoid 1-byte write buffer overrun when parsing template Previously, when parsing a template file with a number of key value pairs, certtool could write a NUL byte after the heap buffer, causing a memory corruption. This fixes the issue by allocating the NUL byte. Reported by David Aitel. |
Daiki Ueno <ueno@gnu.org> | no | 2025-07-07 | ||
| 14_version_gettextcat.diff | Version filename of locale data (gnutls30.mo instead of gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28 co-installable. |
Andreas Metzler <ametzler@debian.org> | no | 2020-09-06 | ||
| 30_guile-snarf.diff | Work around guile-snarf hardcoding the at-build default compiler which breaks when it changes ion Debian. | Andreas Metzler <ametzler@debian.org> | no | debian | vendor | 2014-08-24 |
| 40_srptest_doubletimeout.diff | Increase timeout for srp test, fixing build error on mipsel | Andreas Metzler <ametzler@debian.org> | yes | upstream | vendor | 2022-04-13 |
| 50_Fix-removal-of-duplicate-certs-during-verification.patch | [PATCH] Fix removal of duplicate certs during verification | Zoltan Fridrich <zfridric@redhat.com> | no | 2022-10-17 | ||
| 51_add-gnulib-linkedhash-list-module.diff | Result of rebootstrapping with linkedhash-list module Needed for 50_Fix-removal-of-duplicate-certs-during-verification.patch . Add linkedhash-list to gnulib_modules= in bootstrap.conf and run ./bootstrap |
Andreas Metzler <ametzler@debian.org> | not-needed | vendor | 2022-10-31 | |
| 53-fips-fix-checking-on-hash-algorithm-used-in-ECDSA.patch | [PATCH 08/29] fips: fix checking on hash algorithm used in ECDSA Previously we checked against the "preferred" hash algorithm based on the curve, instead of the one actually used. |
Daiki Ueno <ueno@gnu.org> | no | 2022-09-20 | ||
| 54-fips-mark-composite-signature-API-not-approved.patch | [PATCH 09/29] fips: mark composite signature API not-approved This makes the FIPS service indicator to transit to not-approved when gnutls_privkey_sign_hash* is used. In FIPS, single-shot API (gnutls_privkey_sign_data*) is preferred over composite API. |
Daiki Ueno <ueno@gnu.org> | no | 2022-09-29 | ||
| 60-auth-rsa_psk-side-step-potential-side-channel.patch | [PATCH 11/29] auth/rsa_psk: side-step potential side-channel This removes branching that depends on secret data, porting changes for regular RSA key exchange from 4804febddc2ed958e5ae774de2a8f85edeeff538 and 80a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the allow_wrong_pms as it was used sorely to control debug output depending on the branching. |
Daiki Ueno <ueno@gnu.org> | no | 2023-10-23 | ||
| 61-x509-detect-loop-in-certificate-chain.patch | [PATCH 12/29] x509: detect loop in certificate chain There can be a loop in a certificate chain, when multiple CA certificates are cross-signed with each other, such as A → B, B → C, and C → A. Previously, the verification logic was not capable of handling this scenario while sorting the certificates in the chain in _gnutls_sort_clist, resulting in an assertion failure. This patch properly detects such loop and aborts further processing in a graceful manner. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-11 | ||
| 62-rsa-psk-minimize-branching-after-decryption.patch | [PATCH 13/29] rsa-psk: minimize branching after decryption This moves any non-trivial code between gnutls_privkey_decrypt_data2 and the function return in _gnutls_proc_rsa_psk_client_kx up until the decryption. This also avoids an extra memcpy to session->key.key. |
Daiki Ueno <ueno@gnu.org> | no | 2024-01-10 | ||
| 63_04-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch | [PATCH 4/5] lib: fix a segfault in _gnutls13_recv_end_of_early_data A crash occur in my app that uses gnutls13 early data, stack trace: #0 free (libc.so.6 + 0x97bf0) #1 _gnutls_buffer_clear (libgnutls.so.30 + 0x77c8c) #2 _gnutls13_recv_end_of_early_data (libgnutls.so.30 + 0xaf308) #3 _gnutls13_handshake_server (libgnutls.so.30 + 0x42d6c) #4 handshake_server (libgnutls.so.30 + 0x4ff6c) The root cause is that _gnutls_buffer_clear() was trying to free 'buf' that is not initialized or set if GNUTLS_NO_END_OF_EARLY_DATA flag is set on server side. This patch fixes it by simply initializing buf at the begginning of _gnutls13_recv_end_of_early_data(). |
Xin Long <lucien.xin@gmail.com> | no | 2024-02-01 | ||
| 63_05-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch | [PATCH 5/5] lib: fix a potential segfault in _gnutls13_recv_finished In _gnutls13_recv_finished(), 'buf' is not initialized or set when _gnutls13_compute_finished() returns an err, and goto cleanup may cause a segfault crash as it frees the uninitialized buf.allocd in _gnutls_buffer_clear(). So fix it by return if _gnutls13_compute_finished() returns an err in _gnutls13_recv_finished(). |
Xin Long <lucien.xin@gmail.com> | no | 2024-02-01 | ||
| 65-x509-optimize-name-constraints-processing.patch | [PATCH] x509: optimize name constraints processing This switches the representation name constraints from linked lists to array lists to optimize the lookup performance from O(n) to O(1), also enforces a limit of name constraint checks against subject alternative names. |
Daiki Ueno <ueno@gnu.org> | no | 2024-11-18 | ||
| 67_lib-x509-x509_ext.c-Add-gnutls_free-to-avoid-memory-.patch | [PATCH] lib/x509/x509_ext.c: Add gnutls_free() to avoid memory leak Add gnutls_free() to free ooc if subject_alt_names_set() fails to avoid memory leak. |
Jiasheng Jiang <jian1000@purdue.edu> | no | 2025-07-05 | ||
| 68_lib-hello_ext.c-Add-gnutls_free-to-avoid-memory-leak.patch | [PATCH] lib/hello_ext.c: Add gnutls_free() to avoid memory leak Add gnutls_free() to free tmp_mod.name in the error handling to avoid memory leak. |
Jiasheng Jiang <jian1000@purdue.edu> | no | 2025-07-05 | ||
| 69_0001-x509-fix-read-buffer-overrun-in-SCT-timestamps.patch | [PATCH 1/6] x509: fix read buffer overrun in SCT timestamps Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct when processing x509 Signed Certificate Timestamps with certain malformed data. Spotted by oss-fuzz at: https://issues.oss-fuzz.com/issues/42530513 |
Andrew Hamilton <adhamilt@gmail.com> | no | 2025-07-07 | ||
| 69_0006-handshake-clear-HSK_PSK_SELECTED-is-when-resetting-b.patch | [PATCH 6/6] handshake: clear HSK_PSK_SELECTED is when resetting binders When a TLS 1.3 handshake involves HRR and resumption or PSK, and the second Client Hello omits PSK, the server would result in a NULL pointer dereference as the PSK binder information is cleared while the HSK_PSK_SELECTED flag is still set. This makes sure that HSK_PSK_SELECTED flag is always cleared when the PSK binders are reset. This also makes it clear the HSK_PSK_SELECTED flag is valid only during a handshake; after that, whether PSK is used can be checked with gnutls_auth_client_get_type. Reported by Stefan Bühler. |
Daiki Ueno <ueno@gnu.org> | no | 2025-07-07 |
All known versions for source package 'gnutls28'
- 3.8.10-2 (sid)
- 3.8.9-3 (trixie, forky)
- 3.7.9-2+deb12u5 (bookworm-security, bookworm)