Package: gnutls28 / 3.3.8-6

Metadata

Package Version Patches format
gnutls28 3.3.8-6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
14_version_gettextcat.diff | (download)

po/Makevars | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 version filename of locale data (gnutls28.mo instead of
 gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
 co-installable.
20_debian_specific_soname.diff | (download)

lib/Makefile.am | 1 1 + 0 - 0 !
lib/libgnutls.map | 26 13 + 13 - 0 !
2 files changed, 14 insertions(+), 13 deletions(-)

 bump soname and symbol-versioning.
30_guile snarf.diff | (download)

guile/src/Makefile.am | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 work around guile-snarf hardcoding the at-build default compiler
 which breaks when it changes ion Debian.
35_recheck_urandom_fd.diff | (download)

doc/cha-gtls-app.texi | 8 6 + 2 - 0 !
lib/crypto-backend.h | 1 1 + 0 - 0 !
lib/gnutls_global.c | 10 10 + 0 - 0 !
lib/nettle/rnd-common.c | 60 46 + 14 - 0 !
lib/nettle/rnd-common.h | 1 1 + 0 - 0 !
lib/nettle/rnd.c | 10 10 + 0 - 0 !
lib/random.h | 9 9 + 0 - 0 !
tests/Makefile.am | 2 1 + 1 - 0 !
tests/init_fds.c | 80 80 + 0 - 0 !
9 files changed, 164 insertions(+), 17 deletions(-)

 when gnutls_global_init() is called manually from the application
 check the urandom fd for validity.
 .
 That addresses the issue where a server closes all open file descriptors
 and then calls gnutls_global_init().
 .
 This patch cherrypicks the following changes from 3.3.10:
 692a140b56027937ac517484b8a95fcae16a8f73
 3d112d4d2c32fecc80b7beff14717a2713052de5
 ca1d1efdf6767a00ccefd4e0c7d573d27e563592
 ecd9d7cfe7fb93945fb5605979e690da1791a63a
 684b825f5f78cc7ad1f61be232fd20ee0bc5b56f
 c999b03d66bbde418f533ade319178451ae27e79
 25d7fab329afd72979fc9aa2a258438ae498da01
 e8ffb7944037a45e6f2436a3906ce37e5ea97e3e
 c6b5716491f93881cde540b9fc3b8c00bc85278c
 1424a2fd977f6b6373c9ca7f76b715acedb21902
36_less_refresh rnd state.diff | (download)

lib/gnutls_state.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 [patch] do not explicitly refresh rnd state on session deinit

It is already being refreshed during the session lifetime.

37_X9.63_sanity_check.diff | (download)

lib/gnutls_ecc.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 [patch 1/2] when exporting curve coordinates to x9.63 format, perform
 additional sanity checks on input

Reported by Sean Burford.

38_testforsanitycheck.diff | (download)

configure.ac | 1 1 + 0 - 0 !
tests/cert-tests/Makefile.am | 8 6 + 2 - 0 !
tests/cert-tests/crq | 41 41 + 0 - 0 !
3 files changed, 48 insertions(+), 2 deletions(-)

 added check with the invalid crq sent by sean burford
 .
 This is 0964ed7b45ef593f1e118abb0e742e093a5f7987 converted to quilt format.
39_check whether the two signatur.patch | (download)

lib/x509/x509.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 [patch] on certificate import check whether the two signature
 algorithms match
 .
 Manually unfuzzed for 3.3.8.


40_no_more_ssl3.diff | (download)

doc/cha-gtls-app.texi | 12 6 + 6 - 0 !
lib/gnutls_priority.c | 1 0 + 1 - 0 !
2 files changed, 6 insertions(+), 7 deletions(-)

 remove ssl 3.0 from default priorities list.
 .
 This cherry-picks 0e75ac18627f8e92a2186cc7769df4851415ae4f (code change)
 and ee83078f806d5ca6eccdbfd84371179589a37570 (doc update) from upstream
 master branch.
 .
 Requested by Debian security for consistency with OpenSSL in jessie.