diffstat for gnutls28-3.5.8 gnutls28-3.5.8 changelog | 96 ++++++++++ control | 3 patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch | 52 +++++ patches/38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch | 51 +++++ patches/38_02-OCSP-find_signercert-improved-DER-length-calculation.patch | 72 +++++++ patches/add-openssl-test-link.patch | 16 + patches/disable_global_init_override_test.patch | 17 + patches/series | 6 patches/use_normal_priority_for_openssl_sslv23.diff | 30 +++ 9 files changed, 342 insertions(+), 1 deletion(-) diff -Nru gnutls28-3.5.8/debian/changelog gnutls28-3.5.8/debian/changelog --- gnutls28-3.5.8/debian/changelog 2017-06-11 08:44:33.000000000 +0000 +++ gnutls28-3.5.8/debian/changelog 2017-09-02 14:15:34.000000000 +0000 @@ -1,3 +1,33 @@ +gnutls28 (3.5.8-6ubuntu3) artful; urgency=medium + + * Cherry pick several fixes from Debian 3.5.8-5+deb9u3: + - 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch + 38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from + gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa + signatures. LP: #1714506 + - 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from + upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and + decryption on aarch64. LP: #1707172 + + -- Julian Andres Klode Sat, 02 Sep 2017 16:12:49 +0200 + +gnutls28 (3.5.8-6ubuntu2) artful; urgency=medium + + * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler: + OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority, + which includes TLS1.2 support. (LP: #1709193) + + -- Simon Deziel Thu, 10 Aug 2017 00:34:06 +0000 + +gnutls28 (3.5.8-6ubuntu1) artful; urgency=medium + + * Merge with Debian. Remaining changes: + - debian/patches/disable_global_init_override_test.patch: disable + failing test. + - debian/patches/add-openssl-test-link.patch: add link for libssl + + -- Marc Deslauriers Tue, 13 Jun 2017 13:19:05 -0400 + gnutls28 (3.5.8-6) unstable; urgency=high * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving @@ -6,6 +36,15 @@ -- Andreas Metzler Sun, 11 Jun 2017 10:44:33 +0200 +gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium + + * Merge with Debian. Remaining changes: + - debian/patches/disable_global_init_override_test.patch: disable + failing test. + - debian/patches/add-openssl-test-link.patch: add link for libssl + + -- Marc Deslauriers Wed, 03 May 2017 10:00:32 -0400 + gnutls28 (3.5.8-5) unstable; urgency=medium * 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo @@ -154,6 +193,54 @@ -- Andreas Metzler Sun, 13 Nov 2016 19:09:55 +0100 +gnutls28 (3.5.6-4ubuntu4) zesty; urgency=medium + + * Fix FTBFS because of failing test (LP: #1679868) + - debian/patches/fix_tests_timezone.patch: address test suite failure + due to timezone differences in tests/cert-tests/pkcs7. + + -- Marc Deslauriers Wed, 05 Apr 2017 10:06:24 -0400 + +gnutls28 (3.5.6-4ubuntu3) zesty; urgency=medium + + * SECURITY UPDATE: double-free when reading proxy language + - debian/patches/CVE-2017-5334.patch: fix double-free in + lib/x509/x509_ext.c. + - CVE-2017-5334 + * SECURITY UPDATE: out of memory error in stream reading functions + - debian/patches/CVE-2017-5335.patch: add error checking to + lib/opencdk/read-packet.c. + - CVE-2017-5335 + * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid + - debian/patches/CVE-2017-5336.patch: check return code in + lib/opencdk/pubkey.c. + - CVE-2017-5336 + * SECURITY UPDATE: heap read overflow when reading streams + - debian/patches/CVE-2017-5337.patch: add more precise checks to + lib/opencdk/read-packet.c. + - CVE-2017-5337 + + -- Marc Deslauriers Wed, 01 Feb 2017 14:21:40 -0500 + +gnutls28 (3.5.6-4ubuntu2) zesty; urgency=medium + + * d/p/dname-api-*.patch fix gnutls api breakage on dname order in + gnutls 3.5.6 (LP: #1641615) + - d/libgnutls30.symbols add new symbols added by the upstream fix + + -- Christian Ehrhardt Thu, 17 Nov 2016 08:39:43 +0100 + +gnutls28 (3.5.6-4ubuntu1) zesty; urgency=medium + + * Merge with Debian. Remaining changes: + - debian/patches/disable_global_init_override_test.patch: disable failing + test. + - debian/patches/add-openssl-test-link.patch: add link for libssl + * New upstream version avoids getrandom() at initialization which caused + NetworkManager to hang at boot. (LP: #1622893) + + -- Martin Pitt Mon, 14 Nov 2016 12:47:23 +0100 + gnutls28 (3.5.6-4) unstable; urgency=medium * Pull 40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch @@ -259,6 +346,15 @@ -- Andreas Metzler Sat, 10 Sep 2016 14:45:06 +0200 +gnutls28 (3.5.3-5ubuntu1) yakkety; urgency=medium + + * Merge with Debian (LP: #1624856). Remaining changes: + - debian/patches/disable_global_init_override_test.patch: disable failing + test. + - debian/patches/add-openssl-test-link.patch: add link for libssl + + -- Anders Kaseorg Sun, 18 Sep 2016 08:03:47 -0400 + gnutls28 (3.5.3-5) experimental; urgency=medium * Pull DTLS fixes from upstream GIT master. diff -Nru gnutls28-3.5.8/debian/control gnutls28-3.5.8/debian/control --- gnutls28-3.5.8/debian/control 2017-06-11 08:38:12.000000000 +0000 +++ gnutls28-3.5.8/debian/control 2017-06-13 17:19:05.000000000 +0000 @@ -1,7 +1,8 @@ Source: gnutls28 Section: libs Priority: optional -Maintainer: Debian GnuTLS Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GnuTLS Maintainers Uploaders: Andreas Metzler , Eric Dorland , James Westby , diff -Nru gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch --- gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch 1970-01-01 00:00:00.000000000 +0000 +++ gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch 2017-09-02 14:11:43.000000000 +0000 @@ -0,0 +1,52 @@ +From 864e8d4e3ba87f53df7bdef695661415ed60a018 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Mon, 22 May 2017 14:41:56 +0200 +Subject: [PATCH] aarch64: fix AES-GCM in-place encryption and decryption + +Resolves #204 + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/accelerated/aarch64/aes-gcm-aarch64.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c ++++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c +@@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const + } + + static void ++ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ const unsigned char ivec[16]) ++{ ++ unsigned i; ++ uint8_t ctr[16]; ++ uint8_t tmp[16]; ++ ++ memcpy(ctr, ivec, 16); ++ ++ for (i=0;i +Date: Fri, 30 Jun 2017 10:04:01 +0200 +Subject: [PATCH 1/2] OCSP: check the subject public key identifier field to + figure issuer + +Normally when attempting to match the 'Responder Key ID' in an OCSP response +against the issuer certificate we check (according to RFC6960) against the +hash of the SPKI field. However, in few certificates (see commit: +"added ECDSA OCSP response verification"), that may not be the case. In that +certificate, that value matches the Subject Public Key identifier field +but not the hash. + +To account for these certificates, we enhance the matching to also consider +the Subject Public Key identifier field. + +Relates: #223 + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/x509/ocsp.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +--- a/lib/x509/ocsp.c ++++ b/lib/x509/ocsp.c +@@ -1920,9 +1920,24 @@ static gnutls_x509_crt_t find_signercert + + for (i = 0; i < ncerts; i++) { + if (keyid.data != NULL) { +- uint8_t digest[20]; ++ uint8_t digest[128]; /* to support longer key IDs */ + gnutls_datum_t spki; ++ size_t digest_size = sizeof(digest); + ++ _gnutls_debug_log("checking key ID against SPK identifier\n"); ++ ++ /* check subject key identifier as well, some certificates ++ * match that, but not the hash */ ++ rc = gnutls_x509_crt_get_subject_key_id(certs[i], digest, &digest_size, NULL); ++ if (rc >= 0 && digest_size == keyid.size && ++ memcmp(keyid.data, digest, digest_size) == 0) { ++ signercert = certs[i]; ++ goto quit; ++ } ++ ++ _gnutls_debug_log("checking key ID against SPKI hash\n"); ++ ++ /* continue with checking the hash */ + rc = _gnutls_x509_get_raw_field2(certs[i]->cert, &certs[i]->der, + "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", + &spki); diff -Nru gnutls28-3.5.8/debian/patches/38_02-OCSP-find_signercert-improved-DER-length-calculation.patch gnutls28-3.5.8/debian/patches/38_02-OCSP-find_signercert-improved-DER-length-calculation.patch --- gnutls28-3.5.8/debian/patches/38_02-OCSP-find_signercert-improved-DER-length-calculation.patch 1970-01-01 00:00:00.000000000 +0000 +++ gnutls28-3.5.8/debian/patches/38_02-OCSP-find_signercert-improved-DER-length-calculation.patch 2017-09-02 14:11:41.000000000 +0000 @@ -0,0 +1,72 @@ +From 3c36d980d447251b34677c21bd4a141829c045f6 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sat, 1 Jul 2017 10:50:57 +0200 +Subject: [PATCH 2/2] OCSP: find_signercert: improved DER length calculation + +Previously we were assuming a fixed amount of length bytes which +is not correct for all possible lengths. Use libtasn1 to decode +the length field. + +Resolves: #223 + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/x509/ocsp.c | 30 ++++++++++++++++++++++++------ + 1 file changed, 24 insertions(+), 6 deletions(-) + +--- a/lib/x509/ocsp.c ++++ b/lib/x509/ocsp.c +@@ -1920,9 +1920,10 @@ static gnutls_x509_crt_t find_signercert + + for (i = 0; i < ncerts; i++) { + if (keyid.data != NULL) { +- uint8_t digest[128]; /* to support longer key IDs */ ++ uint8_t digest[64]; /* to support longer key IDs */ + gnutls_datum_t spki; + size_t digest_size = sizeof(digest); ++ int len; + + _gnutls_debug_log("checking key ID against SPK identifier\n"); + +@@ -1943,19 +1944,36 @@ static gnutls_x509_crt_t find_signercert + &spki); + if (rc < 0 || spki.size < 6) { + signercert = NULL; +- goto quit; ++ continue; + } + + /* For some reason the protocol requires we skip the + * tag, length and number of unused bits. + */ +- spki.data += 5; +- spki.size -= 5; +- rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, spki.data, spki.size, digest); ++ if (spki.data[0] != 0x03) { /* bit string */ ++ gnutls_assert(); ++ signercert = NULL; ++ continue; ++ } ++ ++ rc = asn1_get_length_der(spki.data+1, spki.size-1, &len); ++ if (rc <= 0) { ++ gnutls_assert(); ++ signercert = NULL; ++ continue; ++ } ++ len += 1+1; /* skip unused bits as well */ ++ if (len >= (int)spki.size) { ++ gnutls_assert(); ++ signercert = NULL; ++ continue; ++ } ++ ++ rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, spki.data+len, spki.size-len, digest); + if (rc < 0) { + gnutls_assert(); + signercert = NULL; +- goto quit; ++ continue; + } + + if ((20 == keyid.size) && diff -Nru gnutls28-3.5.8/debian/patches/add-openssl-test-link.patch gnutls28-3.5.8/debian/patches/add-openssl-test-link.patch --- gnutls28-3.5.8/debian/patches/add-openssl-test-link.patch 1970-01-01 00:00:00.000000000 +0000 +++ gnutls28-3.5.8/debian/patches/add-openssl-test-link.patch 2017-06-13 17:19:05.000000000 +0000 @@ -0,0 +1,16 @@ +Description: avoid link failure because of missing ssl +Author: Gianfranco Costamagna + +Index: gnutls28-3.5.8/tests/slow/Makefile.am +=================================================================== +--- gnutls28-3.5.8.orig/tests/slow/Makefile.am 2017-05-03 10:03:42.631135766 -0400 ++++ gnutls28-3.5.8/tests/slow/Makefile.am 2017-05-03 10:03:42.623135666 -0400 +@@ -57,7 +57,7 @@ check_PROGRAMS = $(ctests) cipher-test c + TESTS = $(ctests) test-ciphers.sh override-ciphers test-hash-large + + if HAVE_LIBCRYPTO +-cipher_openssl_compat_LDFLAGS = $(LDADD) $(LIBCRYPTO) ++cipher_openssl_compat_LDADD = $(LDADD) $(LIBCRYPTO) + + dist_check_SCRIPTS += test-ciphers-openssl.sh + check_PROGRAMS += cipher-openssl-compat diff -Nru gnutls28-3.5.8/debian/patches/disable_global_init_override_test.patch gnutls28-3.5.8/debian/patches/disable_global_init_override_test.patch --- gnutls28-3.5.8/debian/patches/disable_global_init_override_test.patch 1970-01-01 00:00:00.000000000 +0000 +++ gnutls28-3.5.8/debian/patches/disable_global_init_override_test.patch 2017-06-13 17:19:05.000000000 +0000 @@ -0,0 +1,17 @@ +Description: disable failing test +Author: Marc Deslauriers +Forwarded: no + +Index: gnutls28-3.5.8/tests/Makefile.am +=================================================================== +--- gnutls28-3.5.8.orig/tests/Makefile.am 2017-05-03 10:03:39.591097702 -0400 ++++ gnutls28-3.5.8/tests/Makefile.am 2017-05-03 10:03:39.591097702 -0400 +@@ -97,7 +97,7 @@ ctests = mini-record-2 simple gc set_pkc + fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \ + key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \ + record-timeouts mini-dtls-hello-verify-48 mini-x509-default-prio \ +- mini-x509-dual global-init-override tlsext-decoding \ ++ mini-x509-dual tlsext-decoding \ + rehandshake-switch-cert rehandshake-switch-cert-allow rehandshake-switch-cert-client \ + rehandshake-switch-cert-client-allow handshake-versions dtls-handshake-versions \ + dtls-max-record tls-max-record alpn-server-prec ocsp-filename-memleak \ diff -Nru gnutls28-3.5.8/debian/patches/series gnutls28-3.5.8/debian/patches/series --- gnutls28-3.5.8/debian/patches/series 2017-06-11 08:40:05.000000000 +0000 +++ gnutls28-3.5.8/debian/patches/series 2017-09-02 14:12:19.000000000 +0000 @@ -12,3 +12,9 @@ 36_CVE-2017-7507_1-ext-status_request-ensure-response-IDs-are-properly-.patch 36_CVE-2017-7507_2-ext-status_request-Removed-the-parsing-of-responder-.patch 36_CVE-2017-7507_3-gnutls_ocsp_status_request_enable_client-documented-.patch +37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch +38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch +38_02-OCSP-find_signercert-improved-DER-length-calculation.patch +disable_global_init_override_test.patch +add-openssl-test-link.patch +use_normal_priority_for_openssl_sslv23.diff diff -Nru gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff --- gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff 1970-01-01 00:00:00.000000000 +0000 +++ gnutls28-3.5.8/debian/patches/use_normal_priority_for_openssl_sslv23.diff 2017-08-10 00:34:06.000000000 +0000 @@ -0,0 +1,30 @@ +Backport of: + +From 363056f7db6f61f818523888085638e85c6a81f7 Apr, 2 2017 +Description: Use NORMAL priority for SSLv23_*_method. Instead of + enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for SSLv23_*_methods. +Author: Andreas Metzler +Last-Update: 2017-04-02 +Bug-Ubuntu: https://launchpad.net/bugs/1709193 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857436 + +--- gnutls28-3.5.8.orig/extra/gnutls_openssl.c ++++ gnutls28-3.5.8/extra/gnutls_openssl.c +@@ -483,7 +483,7 @@ SSL_METHOD *SSLv23_client_method(void) + return NULL; + + strcpy(m->priority_string, +- "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL"); ++ "NORMAL"); + + m->connend = GNUTLS_CLIENT; + +@@ -498,7 +498,7 @@ SSL_METHOD *SSLv23_server_method(void) + return NULL; + + strcpy(m->priority_string, +- "NONE:+VERS-TLS1.0:+VERS-SSL3.0:+CIPHER-ALL:+COMP-ALL:+RSA:+DHE-RSA:+DHE-DSS:+MAC-ALL"); ++ "NORMAL"); + m->connend = GNUTLS_SERVER; + + return m;