Package: gnutls28 / 3.6.7-4

Metadata

Package Version Patches format
gnutls28 3.6.7-4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
14_version_gettextcat.diff | (download)

po/Makevars | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 version filename of locale data (gnutls28.mo instead of
 gnutls.mo) This is necessary to make e.g. libgnutls26 and libgnutls28
 co-installable.
30_guile snarf.diff | (download)

guile/src/Makefile.am | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 work around guile-snarf hardcoding the at-build default compiler
 which breaks when it changes ion Debian.
40_rel3.6.8_01 gnutls_srp_entry_free follow consistent behavior in.patch | (download)

NEWS | 3 3 + 0 - 0 !
lib/auth/srp_passwd.c | 12 8 + 4 - 0 !
2 files changed, 11 insertions(+), 4 deletions(-)

 [patch] _gnutls_srp_entry_free: follow consistent behavior in freeing
 data

_gnutls_srp_entry_free would previously not free any parameters that
were known to gnutls to account for documented behavior of
gnutls_srp_set_server_credentials_function(). This was not updated
when the newly added 8192 parameter was added to the library.

This introduces a safety check for generator parameters, even though
in practice they are the same pointer.

Resolves: #761

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

40_rel3.6.8_05 lib nettle fix carry flag in Streebog code.patch | (download)

NEWS | 3 3 + 0 - 0 !
lib/crypto-selftests.c | 16 16 + 0 - 0 !
lib/nettle/gost/streebog.c | 12 7 + 5 - 0 !
3 files changed, 26 insertions(+), 5 deletions(-)

 [patch] lib/nettle: fix carry flag in streebog code

Fix carry flag being calculated incorrectly in Streebog code.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

40_rel3.6.8_10 ext record_size_limit distinguish sending and receiv.patch | (download)

lib/constate.c | 10 4 + 6 - 0 !
lib/dtls.c | 4 2 + 2 - 0 !
lib/ext/max_record.c | 44 26 + 18 - 0 !
lib/ext/record_size_limit.c | 19 14 + 5 - 0 !
lib/gnutls_int.h | 20 13 + 7 - 0 !
lib/range.c | 4 2 + 2 - 0 !
lib/record.c | 2 1 + 1 - 0 !
lib/session_pack.c | 12 7 + 5 - 0 !
lib/state.c | 4 4 + 0 - 0 !
9 files changed, 73 insertions(+), 46 deletions(-)

 [patch] ext/record_size_limit: distinguish sending and receiving
 limits

The previous behavior was that both sending and receiving limits are
negotiated to be the same value.  It was problematic when:

- client sends a record_size_limit with a large value in CH
- server sends a record_size_limit with a smaller value in EE
- client updates the limit for both sending and receiving, upon
  receiving EE
- server sends a Certificate message larger than the limit

With this patch, each peer maintains the sending / receiving limits
separately so not to confuse with the contradicting settings.

Andreas Metzler for Debian upload:
Strip out addition of gnutls_record_set_max_recv_size() to the API from
this patchset.


40_rel3.6.8_15 Apply STD3 ASCII rules in gnutls_idna_map.patch | (download)

NEWS | 3 3 + 0 - 0 !
lib/str-idna.c | 10 7 + 3 - 0 !
tests/str-idna.c | 5 5 + 0 - 0 !
3 files changed, 15 insertions(+), 3 deletions(-)

 [patch] apply std3 ascii rules in gnutls_idna_map()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

40_rel3.6.8_20 pubkey remove deprecated TLS1_RSA flag check.patch | (download)

lib/pubkey.c | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 [patch 1/2] pubkey: remove deprecated tls1_rsa flag check

The gnutls_certificate_verify_flags comparisons against
OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.

Resolves: #754

Signed-off-by: Kenneth J. Miller <ken@miller.ec>