Package: gnutls28 / 3.3.8-6+deb8u7

Metadata

Package Version Patches format
gnutls28 3.3.8-6+deb8u7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
14_version_gettextcat.diff | (download)

po/Makevars | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 version filename of locale data (gnutls28.mo instead of
 gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
 co-installable.
20_debian_specific_soname.diff | (download)

lib/Makefile.am | 1 1 + 0 - 0 !
lib/libgnutls.map | 26 13 + 13 - 0 !
2 files changed, 14 insertions(+), 13 deletions(-)

 bump soname and symbol-versioning.
30_guile snarf.diff | (download)

guile/src/Makefile.am | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 work around guile-snarf hardcoding the at-build default compiler
 which breaks when it changes ion Debian.
35_recheck_urandom_fd.diff | (download)

doc/cha-gtls-app.texi | 8 6 + 2 - 0 !
lib/crypto-backend.h | 1 1 + 0 - 0 !
lib/gnutls_global.c | 10 10 + 0 - 0 !
lib/nettle/rnd-common.c | 60 46 + 14 - 0 !
lib/nettle/rnd-common.h | 1 1 + 0 - 0 !
lib/nettle/rnd.c | 10 10 + 0 - 0 !
lib/random.h | 9 9 + 0 - 0 !
tests/Makefile.am | 2 1 + 1 - 0 !
tests/init_fds.c | 80 80 + 0 - 0 !
9 files changed, 164 insertions(+), 17 deletions(-)

 when gnutls_global_init() is called manually from the application
 check the urandom fd for validity.
 .
 That addresses the issue where a server closes all open file descriptors
 and then calls gnutls_global_init().
 .
 This patch cherrypicks the following changes from 3.3.10:
 692a140b56027937ac517484b8a95fcae16a8f73
 3d112d4d2c32fecc80b7beff14717a2713052de5
 ca1d1efdf6767a00ccefd4e0c7d573d27e563592
 ecd9d7cfe7fb93945fb5605979e690da1791a63a
 684b825f5f78cc7ad1f61be232fd20ee0bc5b56f
 c999b03d66bbde418f533ade319178451ae27e79
 25d7fab329afd72979fc9aa2a258438ae498da01
 e8ffb7944037a45e6f2436a3906ce37e5ea97e3e
 c6b5716491f93881cde540b9fc3b8c00bc85278c
 1424a2fd977f6b6373c9ca7f76b715acedb21902
36_less_refresh rnd state.diff | (download)

lib/gnutls_state.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 [patch] do not explicitly refresh rnd state on session deinit

It is already being refreshed during the session lifetime.

37_X9.63_sanity_check.diff | (download)

lib/gnutls_ecc.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 [patch 1/2] when exporting curve coordinates to x9.63 format, perform
 additional sanity checks on input

Reported by Sean Burford.

38_testforsanitycheck.diff | (download)

configure.ac | 1 1 + 0 - 0 !
tests/cert-tests/Makefile.am | 8 6 + 2 - 0 !
tests/cert-tests/crq | 41 41 + 0 - 0 !
3 files changed, 48 insertions(+), 2 deletions(-)

 added check with the invalid crq sent by sean burford
 .
 This is 0964ed7b45ef593f1e118abb0e742e093a5f7987 converted to quilt format.
39_check whether the two signatur.patch | (download)

lib/x509/x509.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 [patch] on certificate import check whether the two signature
 algorithms match
 .
 Manually unfuzzed for 3.3.8.


40_no_more_ssl3.diff | (download)

doc/cha-gtls-app.texi | 12 6 + 6 - 0 !
lib/gnutls_priority.c | 1 0 + 1 - 0 !
2 files changed, 6 insertions(+), 7 deletions(-)

 remove ssl 3.0 from default priorities list.
 .
 This cherry-picks 0e75ac18627f8e92a2186cc7769df4851415ae4f (code change)
 and ee83078f806d5ca6eccdbfd84371179589a37570 (doc update) from upstream
 master branch.
 .
 Requested by Debian security for consistency with OpenSSL in jessie.
45_eliminated double free.diff | (download)

lib/x509/x509_ext.c | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [patch] eliminated double-free in the parsing of dist points
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Robert Święcki.

46_Better fix for the double free.diff | (download)

lib/x509/x509_ext.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 [patch] better fix for the double free in dist point parsing


47_GNUTLS SA 2015 3.patch | (download)

lib/x509/common.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] reset the output value on error in _gnutls_x509_dn_to_string()


50_Handle zero length plaintext for VIA PadLock functio.patch | (download)

lib/accelerated/x86/aes-gcm-padlock.c | 3 2 + 1 - 0 !
lib/accelerated/x86/aes-padlock.c | 6 4 + 2 - 0 !
2 files changed, 6 insertions(+), 3 deletions(-)

 [patch 1/2] handle zero length plaintext for via padlock functions

If the plaintext is shorter than the block size of the used cipher,
_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the
plaintext length (last parameter) is greater than zero and segfault
otherwise. The assembler code for both functions is automatically
generated and imported from OpenSSL, so to ease maintenance the length
should be validated in the functions that call padlock_ecb_encrypt or
padlock_cbc_encrypt.

51_0001__gnutls_session_sign_algo_enabled do not consider an.patch | (download)

lib/ext/signature.c | 18 1 + 17 - 0 !
1 file changed, 1 insertion(+), 17 deletions(-)

 [patch 1/3] _gnutls_session_sign_algo_enabled: do not consider any
 values from the extension data to decide acceptable algorithms


51_0002_before falling back to SHA1 as signature algorithm i.patch | (download)

lib/ext/signature.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch 2/3] before falling back to sha1 as signature algorithm in tls
 1.2 check if it is enabled


51_0003_tests added reproducer for the MD5 acceptance issue.patch | (download)

tests/Makefile.am | 2 1 + 1 - 0 !
tests/sign-md5-rep.c | 365 365 + 0 - 0 !
2 files changed, 366 insertions(+), 1 deletion(-)

 [patch 3/3] tests: added reproducer for the md5 acceptance issue

Reported by Karthikeyan Bhargavan.
http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html

Conflicts:
	tests/Makefile.am

52_CVE 2016 7444_ocsp corrected the comparison of the serial size in .patch | (download)

lib/x509/ocsp.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] ocsp: corrected the comparison of the serial size in ocsp
 response

Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.

Reported by Stefan Buehler.

53_nettle use rsa_ _key_prepare on key import.patch | (download)

lib/nettle/pk.c | 62 52 + 10 - 0 !
1 file changed, 52 insertions(+), 10 deletions(-)

 [patch] nettle: use rsa_*_key_prepare on key import

Previously we calculated the size of the key directly, but
by using the rsa_*_key_prepare we benefit from any checks that
may be introduced in the future. Specifically any checks for invalid
public keys (e.g., keys that may crash the underlying gmp functions).

This patch avoids calling rsa_private_key_prepare every time we construct
a nettle private key struct, because this function requires a bigint
multiplication. We call that function once on private key import.

55_00_pkcs12 fixed the calculation of p_size.patch | (download)

lib/x509/pkcs12_encr.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] pkcs12: fixed the calculation of p_size

That affects passwords which exceed 32 characters.

55_01_gnutls_x509_ext_import_proxy fix issue reading the p.patch | (download)

lib/x509/x509_ext.c | 22 11 + 11 - 0 !
1 file changed, 11 insertions(+), 11 deletions(-)

 [patch] gnutls_x509_ext_import_proxy: fix issue reading the policy
 language

If the language was set but the policy wasn't, that could lead to
a double free, as the value returned to the user was freed.

55_02_auth rsa eliminated memory leak on pkcs 1 formatting.patch | (download)

lib/auth/rsa.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [patch] auth rsa: eliminated memory leak on pkcs-1 formatting attack
 path

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_03_opencdk Fixes to prevent undefined behavior found wi.patch | (download)

lib/opencdk/misc.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 1/8] opencdk: fixes to prevent undefined behavior (found with
 libubsan)


55_04_Do not infinite loop if an EOF occurs while skipping.patch | (download)

lib/opencdk/read-packet.c | 21 16 + 5 - 0 !
1 file changed, 16 insertions(+), 5 deletions(-)

 [patch 2/8] do not infinite loop if an eof occurs while skipping a
 PGP packet

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

55_05_Attempt to fix a leak in OpenPGP cert parsing.patch | (download)

lib/opencdk/read-packet.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 [patch 3/8] attempt to fix a leak in openpgp cert parsing.


55_06_Corrected a leak in OpenPGP sub packet parsing.patch | (download)

lib/opencdk/read-packet.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 [patch 4/8] corrected a leak in openpgp sub-packet parsing.

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

55_07_opencdk read_attribute added more precise checks whe.patch | (download)

lib/opencdk/read-packet.c | 40 29 + 11 - 0 !
1 file changed, 29 insertions(+), 11 deletions(-)

 [patch 5/8] opencdk: read_attribute: added more precise checks when
 reading stream

That addresses heap read overflows found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_08_opencdk cdk_pk_get_keyid fix stack overflow.patch | (download)

lib/opencdk/pubkey.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch 6/8] opencdk: cdk_pk_get_keyid: fix stack overflow

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_09_opencdk added error checking in the stream reading f.patch | (download)

lib/opencdk/read-packet.c | 40 35 + 5 - 0 !
1 file changed, 35 insertions(+), 5 deletions(-)

 [patch 7/8] opencdk: added error checking in the stream reading
 functions

This addresses an out of memory error. Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_10_opencdk improved error code checking in the stream r.patch | (download)

lib/opencdk/read-packet.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 [patch] opencdk: improved error code checking in the stream reading
 functions

This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_11_opencdk read packet.c corrected typo in type cast.patch | (download)

lib/opencdk/read-packet.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] opencdk/read-packet.c: corrected typo in type cast

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_12_gnutls_pkcs11_obj_list_import_url2 Always return an .patch | (download)

lib/pkcs11.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] gnutls_pkcs11_obj_list_import_url2: always return an
 initialized pointer

When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
could have returned zero number of elements with a pointer that was uninitialized.
Ensure that an initialized (i.e., null in that case), pointer is always returned.
Reported by Jeremy Harris.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_13_cdk_pkt_read enforce packet limits.patch | (download)

lib/opencdk/read-packet.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 [patch] cdk_pkt_read: enforce packet limits

That ensures that there are no overflows in the subsequent
calculations.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420

Relates: #159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_14_opencdk read_attribute account buffer size.patch | (download)

lib/opencdk/read-packet.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] opencdk: read_attribute: account buffer size

That ensures that there is no read past the end of buffer.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

Relates: #159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

55_15_opencdk do not parse any secret keys in packet when .patch | (download)

lib/opencdk/kbnode.c | 6 4 + 2 - 0 !
lib/opencdk/keydb.c | 14 7 + 7 - 0 !
lib/opencdk/literal.c | 2 1 + 1 - 0 !
lib/opencdk/opencdk.h | 7 4 + 3 - 0 !
lib/opencdk/read-packet.c | 10 9 + 1 - 0 !
lib/openpgp/gnutls_openpgp.c | 2 1 + 1 - 0 !
lib/openpgp/pgp.c | 2 1 + 1 - 0 !
lib/openpgp/privkey.c | 2 1 + 1 - 0 !
8 files changed, 28 insertions(+), 17 deletions(-)

 [patch] opencdk: do not parse any secret keys in packet when reading
 a certificate

This reduces the attack surface on the parsers, and prevents any bugs
in the secret key parser to be exploitable by inserting secret key
sub-packets into an openpgp certificate.

This addresses:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

55_16_Enforce the max packet length for OpenPGP subpackets.patch | (download)

lib/opencdk/read-packet.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 [patch] enforce the max packet length for openpgp subpackets as well

This addresses:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

56_CVE 2017 7507_1 ext status_request ensure response IDs are pro.patch | (download)

lib/ext/status_request.c | 17 11 + 6 - 0 !
1 file changed, 11 insertions(+), 6 deletions(-)

 [patch 1/3] ext/status_request: ensure response ids are properly
 deinitialized

That is, do not attempt to loop through the array if there is no array
allocated.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

56_CVE 2017 7507_2 ext status_request Removed the parsing of resp.patch | (download)

lib/ext/status_request.c | 67 16 + 51 - 0 !
1 file changed, 16 insertions(+), 51 deletions(-)

 [patch 2/3] ext/status_request: removed the parsing of responder ids
 from client extension

These values were never used by gnutls, nor were accessible to applications,
and as such there is not reason to parse them.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

56_CVE 2017 7507_3 gnutls_ocsp_status_request_enable_client docum.patch | (download)

lib/ext/status_request.c | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

 [patch 3/3] gnutls_ocsp_status_request_enable_client: documented
 requirements for parameters

That is, the fact that extensions and responder_id parameters must be
allocated, and are assigned to the session.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

57_urandom use st_ino and st_rdev to determine device u.patch | (download)

lib/nettle/rnd-common.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 [patch] urandom: use st_ino and st_rdev to determine device
 uniqueness