Package: gnutls28 / 3.5.8-5+deb9u5

Metadata

Package Version Patches format
gnutls28 3.5.8-5+deb9u5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
14_version_gettextcat.diff | (download)

po/Makevars | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 version filename of locale data (gnutls28.mo instead of
 gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
 co-installable.
30_guile snarf.diff | (download)

guile/src/Makefile.am | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 work around guile-snarf hardcoding the at-build default compiler
 which breaks when it changes ion Debian.
35_01_opencdk improved error code checking in the stream r.patch | (download)

lib/opencdk/read-packet.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 [patch] opencdk: improved error code checking in the stream reading
 functions

This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

35_01_z_opencdk read packet.c corrected typo in type cast.patch | (download)

lib/opencdk/read-packet.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] opencdk/read-packet.c: corrected typo in type cast

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

35_02_Disable AVX support when it is not supported by the .patch | (download)

lib/accelerated/x86/x86-common.c | 33 31 + 2 - 0 !
1 file changed, 31 insertions(+), 2 deletions(-)

 [patch] disable avx support when it is not supported by the cpu

This mostly affects virtual systems. Reported by Frank Chen.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

35_03_Address test suite failure due to timezone differenc.patch | (download)

tests/cert-tests/pkcs7 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] address test suite failure due to timezone differences.

Reported by Thorsten Glaser and Andreas Metzler.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

35_04_gnutls_pkcs11_obj_list_import_url4 always return an .patch | (download)

lib/pkcs11.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] gnutls_pkcs11_obj_list_import_url4: always return an
 initialized pointer

When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4,
could have returned zero number of elements with a pointer that was uninitialized.
Ensure that an initialized (i.e., null in that case), pointer is always returned.
Reported by Jeremy Harris.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

35_05_cdk_pkt_read enforce packet limits.patch | (download)

lib/opencdk/read-packet.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 [patch] cdk_pkt_read: enforce packet limits

That ensures that there are no overflows in the subsequent
calculations.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420

Relates: #159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

35_05_opencdk read_attribute account buffer size.patch | (download)

lib/opencdk/read-packet.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] opencdk: read_attribute: account buffer size

That ensures that there is no read past the end of buffer.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

Relates: #159

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

35_06_opencdk do not parse any secret keys in packet when .patch | (download)

lib/opencdk/kbnode.c | 6 4 + 2 - 0 !
lib/opencdk/keydb.c | 14 7 + 7 - 0 !
lib/opencdk/literal.c | 2 1 + 1 - 0 !
lib/opencdk/opencdk.h | 7 4 + 3 - 0 !
lib/opencdk/read-packet.c | 10 9 + 1 - 0 !
lib/openpgp/openpgp.c | 2 1 + 1 - 0 !
lib/openpgp/pgp.c | 2 1 + 1 - 0 !
lib/openpgp/privkey.c | 2 1 + 1 - 0 !
8 files changed, 28 insertions(+), 17 deletions(-)

 [patch] opencdk: do not parse any secret keys in packet when reading
 a certificate

This reduces the attack surface on the parsers, and prevents any bugs
in the secret key parser to be exploitable by inserting secret key
sub-packets into an openpgp certificate.

This addresses:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

35_07_Enforce the max packet length for OpenPGP subpackets.patch | (download)

lib/opencdk/read-packet.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 [patch] enforce the max packet length for openpgp subpackets as well

This addresses:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

36_CVE 2017 7507_1 ext status_request ensure response IDs are properly .patch | (download)

lib/ext/status_request.c | 17 11 + 6 - 0 !
1 file changed, 11 insertions(+), 6 deletions(-)

 [patch 1/3] ext/status_request: ensure response ids are properly
 deinitialized

That is, do not attempt to loop through the array if there is no array
allocated.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

36_CVE 2017 7507_2 ext status_request Removed the parsing of responder .patch | (download)

lib/ext/status_request.c | 68 16 + 52 - 0 !
1 file changed, 16 insertions(+), 52 deletions(-)

 [patch 2/3] ext/status_request: removed the parsing of responder ids
 from client extension

These values were never used by gnutls, nor were accessible to applications,
and as such there is not reason to parse them.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

36_CVE 2017 7507_3 gnutls_ocsp_status_request_enable_client documented .patch | (download)

lib/ext/status_request.c | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

 [patch 3/3] gnutls_ocsp_status_request_enable_client: documented
 requirements for parameters

That is, the fact that extensions and responder_id parameters must be
allocated, and are assigned to the session.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

37_aarch64 fix AES GCM in place encryption and decrypti.patch | (download)

lib/accelerated/aarch64/aes-gcm-aarch64.c | 24 24 + 0 - 0 !
1 file changed, 24 insertions(+)

 [patch] aarch64: fix aes-gcm in-place encryption and decryption

Resolves #204

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

38_01 OCSP check the subject public key identifier field t.patch | (download)

lib/x509/ocsp.c | 17 16 + 1 - 0 !
1 file changed, 16 insertions(+), 1 deletion(-)

 [patch 1/2] ocsp: check the subject public key identifier field to
 figure issuer

Normally when attempting to match the 'Responder Key ID' in an OCSP response
against the issuer certificate we check (according to RFC6960) against the
hash of the SPKI field. However, in few certificates (see commit:
"added ECDSA OCSP response verification"), that may not be the case. In that
certificate, that value matches the Subject Public Key identifier field
but not the hash.

To account for these certificates, we enhance the matching to also consider
the Subject Public Key identifier field.

Relates: #223

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

38_02 OCSP find_signercert improved DER length calculation.patch | (download)

lib/x509/ocsp.c | 30 24 + 6 - 0 !
1 file changed, 24 insertions(+), 6 deletions(-)

 [patch 2/2] ocsp: find_signercert: improved der length calculation

Previously we were assuming a fixed amount of length bytes which
is not correct for all possible lengths. Use libtasn1 to decode
the length field.

Resolves: #223

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

39_01 dummy_wait correctly account the length field in SHA.patch | (download)

lib/algorithms/mac.c | 4 2 + 2 - 0 !
lib/cipher.c | 24 11 + 13 - 0 !
2 files changed, 13 insertions(+), 15 deletions(-)

 [patch 1/5] dummy_wait: correctly account the length field in sha384
 HMAC

The existing lucky13 attack count-measures did not work correctly for
SHA384 HMAC.

The overall impact of that should not be significant as SHA384 is prioritized
lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a
client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both
cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported
by the peer.

Relates #455

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

39_02 dummy_wait always hash the same amount of blocks tha.patch | (download)

lib/cipher.c | 63 33 + 30 - 0 !
1 file changed, 33 insertions(+), 30 deletions(-)

 [patch 2/5] dummy_wait: always hash the same amount of blocks that
 would have been on minimum pad

This improves protection against lucky13-type of attacks when
encrypt-then-mac is not in use.

Resolves #456

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

39_03 cbc_mac_verify require minimum padding under SSL3.0.patch | (download)

lib/cipher.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [patch 3/5] cbc_mac_verify: require minimum padding under ssl3.0

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

39_04 hmac sha384 and sha256 ciphersuites were removed fro.patch | (download)

lib/priority.c | 8 0 + 8 - 0 !
tests/dtls1-2-mtu-check.c | 2 1 + 1 - 0 !
tests/priorities.c | 12 6 + 6 - 0 !
3 files changed, 7 insertions(+), 15 deletions(-)

 [patch 4/5] hmac-sha384 and sha256 ciphersuites were removed from
 defaults

These ciphersuites are deprecated since the introduction of AEAD
ciphersuites, and are only necessary for compatibility with older
servers. Since older servers already support hmac-sha1 there is
no reason to keep these ciphersuites enabled by default, as they
increase our attack surface.

Relates #456

## Unfuzzed for Debian 3.5.8.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

39_05 tests pkcs12_encode fix test for SHA512.patch | (download)

tests/pkcs12_encode.c | 12 0 + 12 - 0 !
1 file changed, 12 deletions(-)

 [patch 5/5] tests: pkcs12_encode: fix test for sha512

We don't support SHA512 in the 3.5.x branch.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

40_casts_related_to_fix_CVE 2019 3829.patch | (download)

lib/extensions.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix casts used in gnutls_free
  Pulled from Ubuntu 3.5.18-1ubuntu1.1
40_rel3.6.7_01 Automatically NULLify after gnutls_free.patch | (download)

lib/includes/gnutls/gnutls.h.in | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch 1/3] automatically nullify after gnutls_free()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This method prevents direct use-after-free and
double-free issues.

Signed-off-by: Tim Rhsen <tim.ruehsen@gmx.de>

40_rel3.6.7_01 fuzz added fuzzer for certificate verification.patch | (download)

tests/cert-tests/Makefile.am | 1 1 + 0 - 0 !
tests/cert-tests/data/cve-2019-3829.pem | 66 66 + 0 - 0 !
tests/cert-tests/invalid-sig | 14 14 + 0 - 0 !
3 files changed, 81 insertions(+)

 [patch] fuzz: added fuzzer for certificate verification

This also adds a reproducer for CVE-2019-3829.

Resolves: #694

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

41_use_datefudge_to_trigger_CVE 2019 3829_testcase.diff | (download)

tests/cert-tests/invalid-sig | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 use datefudge to make test work.
 The test cert has experid and does not trigger the error anymore
43_rel3.6.13_10 session_pack fix leak in error path.patch | (download)

lib/session_pack.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] session_pack: fix leak in error path

If called at the wrong time, it allocates the buffer sb and forgets to
clear it.

Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>

44_rel3.6.14_10 Update session_ticket.c to add support for zero leng.patch | (download)

lib/ext/session_ticket.c | 16 9 + 7 - 0 !
1 file changed, 9 insertions(+), 7 deletions(-)

 [patch] update session_ticket.c to add support for zero length
 session tickets returned from the server

check that ticket_len > 0 prior to calling gnutls_realloc_fast

Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>