[urgency:low] Please unblock gnutls13 1.4.4-3

To: debian-release@lists.debian.org
Subject: [urgency:low] Please unblock gnutls13 1.4.4-3
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sat, 9 Dec 2006 16:32:11 +0100
Message-id: <[🔎] 20061209153211.GD4267@downhill.g.la>
Mail-followup-to: debian-release@lists.debian.org

Hello,
gnutls13 1.4.5 features a bugfix I'd like to have in etch:

-------------------------------
diff -u gnutls13-1.4.4/debian/changelog gnutls13-1.4.4/debian/changelog
--- gnutls13-1.4.4/debian/changelog
+++ gnutls13-1.4.4/debian/changelog
@@ -1,3 +1,12 @@
+gnutls13 (1.4.4-3) unstable; urgency=low
+
+  * Pulled /patches/18_negotiate_cypher.diff from 1.4.5:
+       When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+       version, try to negotiate the highest version support by the GnuTLS
+       server, instead of the lowest.
+
+ -- Andreas Metzler <ametzler@debian.org>  Sat, 11 Nov 2006 10:35:29 +0100
+
 gnutls13 (1.4.4-2) unstable; urgency=low
 
   [ Andreas Metzler ]
only in patch2:
unchanged:
--- gnutls13-1.4.4.orig/debian/patches/18_negotiate_cypher.diff
+++ gnutls13-1.4.4/debian/patches/18_negotiate_cypher.diff
@@ -0,0 +1,40 @@
+Pulled from gnutls 1.4.5:
+ 
+ ** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+ ** version, try to negotiate the highest version support by the GnuTLS server,
+ ** instead of the lowest.
+ 
+ Reported by <Pasi.Eronen@nokia.com>.
+--- gnutls-1.4.4/lib/gnutls_v2_compat.c	2006-03-08 11:44:59.000000000 +0100
++++ gnutls-1.4.5/lib/gnutls_v2_compat.c	2006-11-06 12:18:25.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2001, 2004, 2005 Free Software Foundation
++ * Copyright (C) 2001, 2004, 2005, 2006 Free Software Foundation
+  *
+  * Author: Nikos Mavroyanopoulos
+  *
+@@ -117,11 +117,21 @@
+ 
+   version = _gnutls_version_get (data[pos], data[pos + 1]);
+ 
+-  /* if we do not support that version  
++  /* if we do not support that version
+    */
+   if (_gnutls_version_is_supported (session, version) == 0)
+     {
+-      ver = _gnutls_version_lowest (session);
++      /* If he requested something we do not support
++       * then we send him the highest we support.
++       */
++      ver = _gnutls_version_max (session);
++      if (ver == GNUTLS_VERSION_UNKNOWN)
++	{
++	  /* this check is not really needed.
++	   */
++	  gnutls_assert ();
++	  return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
++	}
+     }
+   else
+     {
-------------------------------

gnutls13 1.4.4-3 is already 27 days old.
thanks, cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde

Reply to:

Follow-Ups:
- Re: [urgency:low] Please unblock gnutls13 1.4.4-3
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Re: gnupg
Next by Date: Re: [urgency:low] Please unblock gnutls13 1.4.4-3
Previous by thread: Re: gnupg
Next by thread: Re: [urgency:low] Please unblock gnutls13 1.4.4-3
Index(es):
- Date
- Thread