Package: gnutls26 / 2.12.20-8+deb7u5

Metadata

Package Version Patches format
gnutls26 2.12.20-8+deb7u5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
14_version_gettextcat.diff | (download)

lib/po/Makevars | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
---
16_unnecessarydep.diff | (download)

configure | 2 1 + 1 - 0 !
lib/configure | 2 1 + 1 - 0 !
libextra/configure | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 3 deletions(-)

 
---
17_ignoretestsuitteerrors.diff | (download)

tests/dsa/testdsa | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 
 ignore two testsuite errors
18_gpgerrorinpkgconfig.diff | (download)

lib/gnutls.pc.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [pkg-config] add libgpg-error to gnutls' libs.private.
20_tests select.diff | (download)

gl/tests/Makefile.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 disable gnulib test-select test
 This test fails on kfreebsd-i386. As the code this test is supposed to
 test has not changed and as select() is only used by the command-line
 utilities but not the library stop running the test.
Bug-Debian: http://bugs.debian.org/648247
30_strlen_on_null.diff | (download)

lib/x509/privkey_pkcs8.c | 13 11 + 2 - 0 !
1 file changed, 11 insertions(+), 2 deletions(-)

 
 prevent segfault on strlen(null)
 already fixed in GnuTLS 3 at 95a922c2a8b75e6eddbcc688c0d719d0b07ee395
Bug-Debian: http://bugs.debian.org/647747
31_allow_key_usage_violation.diff | (download)

lib/gnutls_sig.c | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 
  
 ** libgnutls: Always tolerate key usage violation errors from the side
 of the peer, but also notify via an audit message.
. 
 Pulled from uptream GIT, combining
 http://gitorious.org/gnutls/gnutls/commit/afd6b636d1d9b079699afb0c3b20692edcf5b262
 and
 http://gitorious.org/gnutls/gnutls/commit/dbc72ae47b16c6718cb5e53d4a31205bc45d3742
32_record padding parsing.patch | (download)

lib/gnutls_cipher.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 [patch 07/11] corrected bugs in record padding parsing.

libgnutls: Fixed record padding parsing issue. Reported by Kenny
Patterson and Nadhem Alfardan.
http://gitorious.org/gnutls/gnutls/commit/7b65049a81ea02a92fef934318a680afd55e98d2
33_stricter_rsa_pkcs_1.5.diff | (download)

lib/gcrypt/pk.c | 16 14 + 2 - 0 !
1 file changed, 14 insertions(+), 2 deletions(-)

 
 [patch 11/11] libgcrypt code updated with similar checks to nettle
 code

This is the gcrypt counterpart to
http://gitorious.org/gnutls/gnutls/commit/9709393ac263d7fbd9f790c884b7b8141c6f4b13
Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
by Kikuchi Masashi.
http://lists.gnutls.org/pipermail/gnutls-devel/2012-December/006016.html
34_pkcs11_memleak.diff | (download)

lib/pkcs11.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
 [patch 1/6] free allocated module name. reported by sam varshavchik.

This is the same fix from the 3.0 branch as:

 ce7caadb  "free allocated module name. Reported by Sam Varshavchik."

** libgnutls: Eliminated memory leak in PCKS #11 initialization.
Report and fix by Sam Varshavchik.
35_TLS CBC_timing attack.diff | (download)

lib/gnutls_cipher.c | 95 62 + 33 - 0 !
lib/gnutls_hash_int.h | 21 21 + 0 - 0 !
2 files changed, 83 insertions(+), 33 deletions(-)

 
 avoid a timing attack in tls cbc record parsing.
  http://www.gnutls.org/security.html#GNUTLS-SA-2013-1
  http://www.isg.rhul.ac.uk/tls/
36_sanitycheck.diff | (download)

lib/gnutls_cipher.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 [patch 3/3] re-applied sanity check patch
37_fix_rejection of v1 intermedi.diff | (download)

lib/x509/verify.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 
 fix rejection of v1 intermediate ca
 Fix bug that prevented the rejection of v1 intermediate CA
 certificates.
 Reported by Suman Jana.
 This is b1abfe3d182d68539900092eb42fc62cf1bb7e7c from upstream git,
 unfuzzed for 2.12.x by Andreas Metzler.
38_CVE 2014 0092.diff | (download)

lib/x509/verify.c | 16 10 + 6 - 0 !
1 file changed, 10 insertions(+), 6 deletions(-)

 
 [patch 1/3] corrected return codes
39_Prevent memory corruption.diff | (download)

lib/gnutls_handshake.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.
40_CVE 2015 0294.diff | (download)

lib/x509/x509.c | 34 33 + 1 - 0 !
1 file changed, 33 insertions(+), 1 deletion(-)

 
 [patch] added fix for certificate algorithm consistency check
41_CVE 2015 0282.diff | (download)

lib/gnutls_algorithms.c | 8 8 + 0 - 0 !
lib/gnutls_algorithms.h | 1 1 + 0 - 0 !
lib/gnutls_pubkey.c | 4 2 + 2 - 0 !
lib/gnutls_sig.c | 14 8 + 6 - 0 !
lib/x509/common.h | 2 1 + 1 - 0 !
lib/x509/crq.c | 49 48 + 1 - 0 !
lib/x509/privkey.c | 3 2 + 1 - 0 !
lib/x509/verify.c | 77 51 + 26 - 0 !
lib/x509/x509.c | 4 2 + 2 - 0 !
lib/x509/x509_int.h | 7 4 + 3 - 0 !
10 files changed, 127 insertions(+), 42 deletions(-)

 
 [patch] added fix for gnutls-sa-2015-1
42_CVE 2015 8313.diff | (download)

lib/gnutls_cipher.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix off by one issue in padding check (cve-2015-8313)
43_CVE 2015 7575.diff | (download)

lib/ext_signature.c | 17 1 + 16 - 0 !
1 file changed, 1 insertion(+), 16 deletions(-)

 
 [patch] _gnutls_session_sign_algo_enabled: do not consider any values
 from the extension data to decide acceptable algorithms