diffstat for gnutls28-3.0.11 gnutls28-3.0.11

 changelog                      |   23 ++++++++++++++++++
 control                        |   51 +----------------------------------------
 gnutls-bin.examples            |    1 
 gnutls-bin.install             |    1 
 gnutls-bin.manpages            |    3 --
 patches/21_CVE-2014-3466.patch |   24 +++++++++++++++++++
 patches/series                 |    1 
 7 files changed, 50 insertions(+), 54 deletions(-)

diff -Nru gnutls28-3.0.11/debian/changelog gnutls28-3.0.11/debian/changelog
--- gnutls28-3.0.11/debian/changelog	2012-01-07 11:55:38.000000000 +0000
+++ gnutls28-3.0.11/debian/changelog	2015-06-11 15:52:00.000000000 +0000
@@ -1,3 +1,26 @@
+gnutls28 (3.0.11-1ubuntu2.1) precise-security; urgency=medium
+
+  * SECURITY UPDATE: Denial of service and possible remote arbitrary code
+    execution via crafted ServerHello message
+    - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for
+      session id size. Based on upstream patch. (LP: #1326779)
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Thu, 11 Jun 2015 10:51:35 -0500
+
+gnutls28 (3.0.11-1ubuntu2) precise; urgency=low
+
+  * Drop gnutls-doc binary package, for the same reason as gnutls-bin.
+
+ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 24 Jan 2012 20:04:09 +0000
+
+gnutls28 (3.0.11-1ubuntu1) precise; urgency=low
+
+  * Drop gnutls-bin binary package.  This is now shipped from the gnutls26
+    source package instead, since we want to continue using that as the
+    default for at least Ubuntu 12.04 LTS.
+
+ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 24 Jan 2012 18:22:02 +0000
+
 gnutls28 (3.0.11-1) unstable; urgency=low
 
   * New upstream version.
diff -Nru gnutls28-3.0.11/debian/control gnutls28-3.0.11/debian/control
--- gnutls28-3.0.11/debian/control	2011-12-14 18:31:47.000000000 +0000
+++ gnutls28-3.0.11/debian/control	2012-01-24 20:03:57.000000000 +0000
@@ -1,7 +1,8 @@
 Source: gnutls28
 Section: libs
 Priority: optional
-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
 Uploaders: Andreas Metzler <ametzler@debian.org>,
  Eric Dorland <eric@debian.org>,
  James Westby <jw+debian@jameswestby.net>,
@@ -85,54 +86,6 @@
  .
  This package contains the debugger symbols.
 
-Package: gnutls-bin
-Architecture: any
-Section: net
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Multi-Arch: foreign
-Description: GNU TLS library - commandline utilities
- GnuTLS is a portable library which implements the Transport Layer
- Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
- .
- GnuTLS features support for:
-  - TLS extensions: server name indication, max record size, opaque PRF
-    input, etc.
-  - authentication using the SRP protocol.
-  - authentication using both X.509 certificates and OpenPGP keys.
-  - TLS Pre-Shared-Keys (PSK) extension.
-  - Inner Application (TLS/IA) extension.
-  - X.509 and OpenPGP certificate handling.
-  - X.509 Proxy Certificates (RFC 3820).
-  - all the strong encryption algorithms (including SHA-256/384/512 and
-    Camellia (RFC 4132)).
- .
- This package contains a commandline interface to the GNU TLS library, which
- can be used to set up secure connections from e.g. shell scripts, debugging
- connection issues or managing certificates.
-
-Package: gnutls-doc
-Architecture: all
-Section: doc
-Depends: ${misc:Depends}
-Multi-Arch: foreign
-Description: GNU TLS library - documentation and examples
- GnuTLS is a portable library which implements the Transport Layer
- Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
- .
- GnuTLS features support for:
-  - TLS extensions: server name indication, max record size, opaque PRF
-    input, etc.
-  - authentication using the SRP protocol.
-  - authentication using both X.509 certificates and OpenPGP keys.
-  - TLS Pre-Shared-Keys (PSK) extension.
-  - Inner Application (TLS/IA) extension.
-  - X.509 and OpenPGP certificate handling.
-  - X.509 Proxy Certificates (RFC 3820).
-  - all the strong encryption algorithms (including SHA-256/384/512 and
-    Camellia (RFC 4132)).
- .
- This package contains all the GnuTLS documentation.
-
 Package: guile-gnutls
 Architecture: any
 Section: lisp
diff -Nru gnutls28-3.0.11/debian/gnutls-bin.examples gnutls28-3.0.11/debian/gnutls-bin.examples
--- gnutls28-3.0.11/debian/gnutls-bin.examples	2011-08-07 17:32:35.000000000 +0000
+++ gnutls28-3.0.11/debian/gnutls-bin.examples	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-doc/certtool.cfg
diff -Nru gnutls28-3.0.11/debian/gnutls-bin.install gnutls28-3.0.11/debian/gnutls-bin.install
--- gnutls28-3.0.11/debian/gnutls-bin.install	2011-08-07 17:32:35.000000000 +0000
+++ gnutls28-3.0.11/debian/gnutls-bin.install	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-debian/tmp/usr/bin/* usr/bin
diff -Nru gnutls28-3.0.11/debian/gnutls-bin.manpages gnutls28-3.0.11/debian/gnutls-bin.manpages
--- gnutls28-3.0.11/debian/gnutls-bin.manpages	2011-10-15 11:25:09.000000000 +0000
+++ gnutls28-3.0.11/debian/gnutls-bin.manpages	1970-01-01 00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-debian/tmp/usr/share/man/*/*.1
-debian/tmp/usr/share/man/*/*.8
-debian/crywrap.8
diff -Nru gnutls28-3.0.11/debian/patches/21_CVE-2014-3466.patch gnutls28-3.0.11/debian/patches/21_CVE-2014-3466.patch
--- gnutls28-3.0.11/debian/patches/21_CVE-2014-3466.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnutls28-3.0.11/debian/patches/21_CVE-2014-3466.patch	2015-06-11 16:44:30.000000000 +0000
@@ -0,0 +1,24 @@
+From 688ea6428a432c39203d00acd1af0e7684e5ddfd Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Fri, 23 May 2014 19:50:31 +0200
+Subject: [PATCH] Prevent memory corruption due to server hello parsing.
+
+Issue discovered by Joonas Kuorilehto of Codenomicon.
+origin: backport, https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
+---
+ lib/gnutls_handshake.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: gnutls28-3.0.11/lib/gnutls_handshake.c
+===================================================================
+--- gnutls28-3.0.11.orig/lib/gnutls_handshake.c	2015-06-11 11:44:26.643140921 -0500
++++ gnutls28-3.0.11/lib/gnutls_handshake.c	2015-06-11 11:44:26.643140921 -0500
+@@ -1579,7 +1579,7 @@ _gnutls_read_server_hello (gnutls_sessio
+   DECR_LEN (len, 1);
+   session_id_len = data[pos++];
+ 
+-  if (len < session_id_len)
++  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
+     {
+       gnutls_assert ();
+       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
diff -Nru gnutls28-3.0.11/debian/patches/series gnutls28-3.0.11/debian/patches/series
--- gnutls28-3.0.11/debian/patches/series	2012-01-05 18:01:20.000000000 +0000
+++ gnutls28-3.0.11/debian/patches/series	2015-06-11 15:47:58.000000000 +0000
@@ -1,2 +1,3 @@
 14_version_gettextcat.diff
 20_test-select.diff
+21_CVE-2014-3466.patch