[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[sarge] Fixing #325971 in gnutls11

Hej,
http://lists.debian.org/debian-devel/2006/04/msg00610.html

#325971 is still open in sarge, Matthias tried to fix it in
1.0.16-13.1sarge1 but the upload was rejected for 3.1r1 because the
diff was not clean.

I have rectified this and produced 1.0.16-13.2sarge1 based on the
security upload 1.0.16-13.2. Patch attached. - Would it be ok for me
to upload this?

thanks, cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde

diff -u gnutls11-1.0.16/debian/changelog gnutls11-1.0.16/debian/changelog
--- gnutls11-1.0.16/debian/changelog
+++ gnutls11-1.0.16/debian/changelog
@@ -1,3 +1,9 @@
+gnutls11 (1.0.16-13.2sarge1) stable; urgency=low
+
+  * Fix occasional SSL connection setup error. Closes:#325971
+
+ -- Andreas Metzler <ametzler@debian.org>  Mon,  5 Jun 2006 12:28:19 +0200
+
 gnutls11 (1.0.16-13.2) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- gnutls11-1.0.16.orig/lib/gnutls_pk.c
+++ gnutls11-1.0.16/lib/gnutls_pk.c
@@ -95,33 +95,15 @@
 			gnutls_afree(edata);
 			return ret;
 		}
-		for (i = 0; i < psize; i++) {
-			opaque rnd[3];
-
-			/* Read three random bytes that will be
-			 * used to replace the zeros.
-			 */
-			if ( (ret=_gnutls_get_random( rnd, 3, GNUTLS_STRONG_RANDOM)) < 0) {
-				gnutls_assert();
-				gnutls_afree(edata);
-				return ret;
-			}
-			/* use non zero values for 
-			 * the first two.
-			 */
-			if (rnd[0]==0) rnd[0] = 0xaf;
-			if (rnd[1]==0) rnd[1] = 0xae;
-
-			if (ps[i] == 0) {
-				/* If the first one is zero then set it to rnd[0].
-				 * If the second one is zero then set it to rnd[1].
-				 * Otherwise add (mod 256) the two previous ones plus rnd[2], or use
-				 * rnd[1] if the value == 0.
-				 */
-				if (i<2) ps[i] = rnd[i];
-				else ps[i] = GMAX( rnd[2] + ps[i-1] + ps[i-2], rnd[1]);
-			}
-		}
+		for (i = 0; i < psize; i++)
+		  while (ps[i] == 0) {
+		    if ((ret =
+			 _gnutls_get_random(&ps[i], 1, GNUTLS_STRONG_RANDOM)) < 0) {
+		      gnutls_assert();
+		      gnutls_afree(edata);
+		      return ret;
+		    }
+		  }
 		break;
 	case 1:
 		/* using private key */
Reply to: