[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#789393: marked as done (jessie-pu: package gnutls28/3.3.8-6+deb8u3)

Your message dated Sat, 05 Sep 2015 14:31:07 +0100
with message-id <1441459867.2151.32.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for 8.2
has caused the Debian Bug report #789393,
regarding jessie-pu: package gnutls28/3.3.8-6+deb8u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
789393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789393
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

I would like two fix two issues in jessie:

#788704 VIA PadLock accelerated AES-CBC segfaults
This pretty much breaks gnutls on VIA processors.

GNUTLS-SA-2015-2. This might allow MD5 signatures, although they are
disabled by default. (Detailed info in the security tracker)

cu Andreas

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second .changes but not in first
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/19/9507b75b771cb8812cfc5c8cf71dafdca1df5b.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/2a/a4cffaae3da79a8a598d38c390d3680ed8d4e0.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/3a/de719f2cb8de710a6e76c760ae6f5dd075bb50.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/6a/132f304c835850511dd42e554102c87a2d0a7d.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/6c/3d041458d07b8453df429e0402181a7bd2e028.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/83/ab48a29622fb1eaf335e14e6f56d383c5a9c61.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/9f/818d387ca338b648a60f366308fcf64b28df00.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/a5/5c0ed6fe07f50a219891a2c7ae208841c43058.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b2/b41fd24df64b4ea7a1d88e14a37214fb80ef9d.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/ba/5cae3e35a26a050d0cfccbc80b81a8a37558e9.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/c4/4292da922a90ca6a10a2a537a255ee3811d410.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/dc/8d343feb72ecaff4fd8d36f4d5d16a4ce61ab4.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e5/d51af6b35bc09447a83ce5502142d51015ead9.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e6/0658b27cba00eeff605e9b5f946bbfb34280e8.debug

Files in first .changes but not in second
-----------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/10/71641470893eedfb2ae95761f7a2831487578d.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/3c/00675566a5e060c9ab422431b1f6ace9e3d641.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/40/f65be6b49ba1dd1642c3a70301392728b0fa87.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/59/c0c76a47a76592ba690534af3dd8ed20716910.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/5c/15ca854181b7052a65e0e3c6bb62621e8a4796.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/86/5ba1447f92d3238aaeab5c35384f8d4ddc19f8.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/99/7b28d24819d51167eb04275b0e7781a0553677.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/ad/926b5ff6550801a0e64d7feb12bebb4f19f71b.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/b8/f5d939008965aa0fec40eb47dea7fbd36412e2.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/c4/edae6e65800cadeb0413c787c930f525569125.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/d5/6fdefdf070278c961828fef13aa01e98b0ff68.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/d8/2b478365792d82cde3c23dbba294f2f73aa6bd.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/fc/4f758dce13ac4fe7dadc3dc350d84cbe9bfad6.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/fe/3a9f524b65ebc37a28595af328de4bb9557359.debug

Control files of package gnutls-bin: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-891-] {+892+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package gnutls-doc: lines which differ (wdiff format)
----------------------------------------------------------------------
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package guile-gnutls: lines which differ (wdiff format)
------------------------------------------------------------------------
Installed-Size: [-357-] {+358+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package libgnutls-deb0-28: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package libgnutls-openssl27: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} libc6 (>= 2.4)
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package libgnutls28-dbg: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1)-] {+3.3.8-6+deb8u2)+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package libgnutls28-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} libgnutlsxx28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev (>= 3.9), libp11-kit-dev, libgnutls-openssl27 (= [-3.3.8-6+deb8u1)-] {+3.3.8-6+deb8u2)+}
Installed-Size: [-2447-] {+2448+}
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}

Control files of package libgnutlsxx28: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libgnutls-deb0-28 (= [-3.3.8-6+deb8u1),-] {+3.3.8-6+deb8u2),+} libc6 (>= 2.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1)
Version: [-3.3.8-6+deb8u1-] {+3.3.8-6+deb8u2+}
diff -Nru gnutls28-3.3.8/debian/changelog gnutls28-3.3.8/debian/changelog
--- gnutls28-3.3.8/debian/changelog	2015-04-27 19:40:34.000000000 +0200
+++ gnutls28-3.3.8/debian/changelog	2015-06-20 15:46:27.000000000 +0200
@@ -1,3 +1,19 @@
+gnutls28 (3.3.8-6+deb8u2) jessie; urgency=medium
+
+  * Pull 50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch from
+    upstream version 3.3.12 to fix a crash in VIA PadLock asm. (Thanks, Peter
+    Lebbing). Closes: #788704
+  * Pull 51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
+    51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
+    51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch (the
+    latter unfuzzed) from GnuTLS 3.3.15 to fix GNUTLS-SA-2015-2. - A
+    ServerKeyExchange signature sent by the server was not verified to be in
+    the acceptable by the client set of algorithms. That had the effect of
+    allowing MD5 signatures (which are disabled by default) in the
+    ServerKeyExchange message.
+
+ -- Andreas Metzler <ametzler@debian.org>  Sat, 20 Jun 2015 15:46:15 +0200
+
 gnutls28 (3.3.8-6+deb8u1) jessie; urgency=medium
 
   * Reupload 3.3.8-7 unchanged for first point release:
diff -Nru gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch
--- gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch	2015-06-20 12:14:07.000000000 +0200
@@ -0,0 +1,59 @@
+From 023156ae2504c1911f8f2e66a0ebde316931671c Mon Sep 17 00:00:00 2001
+From: Matthias-Christian Ott <ott@mirix.org>
+Date: Tue, 30 Dec 2014 11:57:36 +0200
+Subject: [PATCH 1/2] Handle zero length plaintext for VIA PadLock functions
+
+If the plaintext is shorter than the block size of the used cipher,
+_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
+textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the
+plaintext length (last parameter) is greater than zero and segfault
+otherwise. The assembler code for both functions is automatically
+generated and imported from OpenSSL, so to ease maintenance the length
+should be validated in the functions that call padlock_ecb_encrypt or
+padlock_cbc_encrypt.
+---
+ lib/accelerated/x86/aes-gcm-padlock.c | 3 ++-
+ lib/accelerated/x86/aes-padlock.c     | 6 ++++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c
+index e1ad566..9e92292 100644
+--- a/lib/accelerated/x86/aes-gcm-padlock.c
++++ b/lib/accelerated/x86/aes-gcm-padlock.c
+@@ -54,7 +54,8 @@ static void padlock_aes_encrypt(void *_ctx,
+ 
+ 	pce = ALIGN16(&ctx->expanded_key);
+ 
+-	padlock_ecb_encrypt(dst, src, pce, length);
++	if (length > 0)
++		padlock_ecb_encrypt(dst, src, pce, length);
+ }
+ 
+ static void padlock_aes_set_encrypt_key(struct padlock_ctx *_ctx,
+diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
+index bccbd10..8ed10d8 100644
+--- a/lib/accelerated/x86/aes-padlock.c
++++ b/lib/accelerated/x86/aes-padlock.c
+@@ -132,7 +132,8 @@ padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size,
+ 
+ 	pce = ALIGN16(&ctx->expanded_key);
+ 
+-	padlock_cbc_encrypt(dst, src, pce, src_size);
++	if (src_size > 0)
++		padlock_cbc_encrypt(dst, src, pce, src_size);
+ 
+ 	return 0;
+ }
+@@ -147,7 +148,8 @@ padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size,
+ 
+ 	pcd = ALIGN16(&ctx->expanded_key);
+ 
+-	padlock_cbc_encrypt(dst, src, pcd, src_size);
++	if (src_size > 0)
++		padlock_cbc_encrypt(dst, src, pcd, src_size);
+ 
+ 	return 0;
+ }
+-- 
+2.1.4
+
diff -Nru gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
--- gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch	2015-06-20 12:13:31.000000000 +0200
@@ -0,0 +1,47 @@
+From 1e013f4c660fa79c2398dbcfd4f0e054c724c5ec Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 25 Apr 2015 19:14:07 +0200
+Subject: [PATCH 1/3] _gnutls_session_sign_algo_enabled: do not consider any
+ values from the extension data to decide acceptable algorithms
+
+---
+ lib/ext/signature.c | 18 +-----------------
+ 1 file changed, 1 insertion(+), 17 deletions(-)
+
+diff --git a/lib/ext/signature.c b/lib/ext/signature.c
+index fb971f5..6f3066e 100644
+--- a/lib/ext/signature.c
++++ b/lib/ext/signature.c
+@@ -313,28 +313,12 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session,
+ 				  gnutls_sign_algorithm_t sig)
+ {
+ 	unsigned i;
+-	int ret;
+ 	const version_entry_st *ver = get_version(session);
+-	sig_ext_st *priv;
+-	extension_priv_data_t epriv;
+ 
+ 	if (unlikely(ver == NULL))
+ 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ 
+-	ret =
+-	    _gnutls_ext_get_session_data(session,
+-					 GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+-					 &epriv);
+-	if (ret < 0) {
+-		gnutls_assert();
+-		return 0;
+-	}
+-	priv = epriv.ptr;
+-
+-	if (!_gnutls_version_has_selectable_sighash(ver)
+-	    || priv->sign_algorithms_size == 0)
+-		/* none set, allow all */
+-	{
++	if (!_gnutls_version_has_selectable_sighash(ver)) {
+ 		return 0;
+ 	}
+ 
+-- 
+2.1.4
+
diff -Nru gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
--- gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch	2015-06-20 12:13:31.000000000 +0200
@@ -0,0 +1,37 @@
+From a8076fa599f0a37f8e12e30eeadd50a0ea3c67b7 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 25 Apr 2015 19:34:34 +0200
+Subject: [PATCH 2/3] before falling back to SHA1 as signature algorithm in TLS
+ 1.2 check if it is enabled
+
+---
+ lib/ext/signature.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ext/signature.c b/lib/ext/signature.c
+index 6f3066e..5ecc76a 100644
+--- a/lib/ext/signature.c
++++ b/lib/ext/signature.c
+@@ -282,7 +282,10 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
+ 	    || priv->sign_algorithms_size == 0)
+ 		/* none set, allow SHA-1 only */
+ 	{
+-		return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
++		ret = gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
++		if (_gnutls_session_sign_algo_enabled(session, ret) < 0)
++			goto fail;
++		return ret;
+ 	}
+ 
+ 	for (i = 0; i < priv->sign_algorithms_size; i++) {
+@@ -301,6 +304,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session,
+ 		}
+ 	}
+ 
++ fail:
+ 	return GNUTLS_SIGN_UNKNOWN;
+ }
+ 
+-- 
+2.1.4
+
diff -Nru gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch
--- gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.3.8/debian/patches/51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch	2015-06-20 13:15:33.000000000 +0200
@@ -0,0 +1,395 @@
+From 3d333e59621f6cf9381c846c405b23d79020d031 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 25 Apr 2015 20:00:04 +0200
+Subject: [PATCH 3/3] tests: added reproducer for the MD5 acceptance issue
+
+Reported by Karthikeyan Bhargavan.
+http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
+
+Conflicts:
+	tests/Makefile.am
+---
+ tests/Makefile.am    |   2 +-
+ tests/sign-md5-rep.c | 365 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 366 insertions(+), 1 deletion(-)
+ create mode 100644 tests/sign-md5-rep.c
+
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -84,7 +84,7 @@ ctests = mini-record-2 simple gc set_pkc
+ 	 mini-cert-status mini-rsa-psk global-init sec-params \
+ 	 fips-test mini-global-load name-constraints x509-extensions \
+ 	 long-session-id mini-x509-callbacks-intr \
+-	 crlverify init_fds
++	 crlverify init_fds sign-md5-rep
+ 
+ if ENABLE_OCSP
+ ctests += ocsp
+--- /dev/null
++++ b/tests/sign-md5-rep.c
+@@ -0,0 +1,365 @@
++/*
++ * Copyright (C) 2015 Nikos Mavrogiannopoulos
++ *
++ * Author: Nikos Mavrogiannopoulos
++ *
++ * This file is part of GnuTLS.
++ *
++ * GnuTLS is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuTLS is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GnuTLS; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++
++#if defined(_WIN32)
++
++int main()
++{
++	exit(77);
++}
++
++#else
++
++#include <string.h>
++#include <sys/types.h>
++#include <netinet/in.h>
++#include <sys/socket.h>
++#include <sys/wait.h>
++#include <arpa/inet.h>
++#include <unistd.h>
++#include <gnutls/gnutls.h>
++#include <gnutls/dtls.h>
++#include <signal.h>
++
++#include "utils.h"
++
++static void terminate(void);
++
++/* This program tests whether EtM is negotiated as expected.
++ */
++
++static void server_log_func(int level, const char *str)
++{
++	fprintf(stderr, "server|<%d>| %s", level, str);
++}
++
++static void client_log_func(int level, const char *str)
++{
++	fprintf(stderr, "client|<%d>| %s", level, str);
++}
++
++static unsigned char server_cert_pem[] =
++    "-----BEGIN CERTIFICATE-----\n"
++    "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
++    "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
++    "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
++    "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
++    "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
++    "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
++    "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
++    "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
++    "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
++    "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
++    "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
++    "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
++    "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
++
++const gnutls_datum_t server_cert = { server_cert_pem,
++	sizeof(server_cert_pem)
++};
++
++static unsigned char server_key_pem[] =
++    "-----BEGIN RSA PRIVATE KEY-----\n"
++    "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
++    "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
++    "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
++    "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
++    "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
++    "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
++    "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
++    "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
++    "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
++    "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
++    "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
++    "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
++    "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
++    "-----END RSA PRIVATE KEY-----\n";
++
++const gnutls_datum_t server_key = { server_key_pem,
++	sizeof(server_key_pem)
++};
++
++
++static int handshake_callback(gnutls_session_t session, unsigned int htype,
++	unsigned post, unsigned int incoming, const gnutls_datum_t *msg)
++{
++	gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL);
++	return 0;
++}
++	
++
++/* A very basic TLS client, with anonymous authentication.
++ */
++
++#define MAX_BUF 1024
++
++static void client(int fd)
++{
++	int ret;
++	char buffer[MAX_BUF + 1];
++	gnutls_certificate_credentials_t x509_cred;
++	gnutls_session_t session;
++	/* Need to enable anonymous KX specifically. */
++
++	global_init();
++
++	if (debug) {
++		gnutls_global_set_log_function(client_log_func);
++		gnutls_global_set_log_level(7);
++	}
++
++	gnutls_certificate_allocate_credentials(&x509_cred);
++
++	/* Initialize TLS session
++	 */
++	gnutls_init(&session, GNUTLS_CLIENT);
++
++	/* Use default priorities */
++	gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL);
++
++	/* put the anonymous credentials to the current session
++	 */
++	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
++
++	gnutls_transport_set_int(session, fd);
++	gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
++					   GNUTLS_HOOK_PRE,
++					   handshake_callback);
++
++	/* Perform the TLS handshake
++	 */
++	do {
++		ret = gnutls_handshake(session);
++	}
++	while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
++
++	if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) {
++		/* success */
++		goto end;
++	}
++
++	if (ret < 0) {
++		fail("client: Handshake failed: %s\n", gnutls_strerror(ret));
++		exit(1);
++	} else {
++		if (debug)
++			success("client: Handshake was completed\n");
++	}
++
++	if (gnutls_sign_algorithm_get(session) == GNUTLS_SIGN_RSA_MD5) {
++		fail("client: MD5 was negotiated\n");
++		exit(1);
++	}
++	success("client: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session)));
++
++	if (debug)
++		success("client: TLS version is: %s\n",
++			gnutls_protocol_get_name
++			(gnutls_protocol_get_version(session)));
++
++	do {
++		do {
++			ret = gnutls_record_recv(session, buffer, MAX_BUF);
++		} while (ret == GNUTLS_E_AGAIN
++			 || ret == GNUTLS_E_INTERRUPTED);
++	} while (ret > 0);
++
++	if (ret == 0) {
++		if (debug)
++			success
++			    ("client: Peer has closed the TLS connection\n");
++		goto end;
++	} else if (ret < 0) {
++		if (ret != 0) {
++			fail("client: Error: %s\n", gnutls_strerror(ret));
++			exit(1);
++		}
++	}
++
++	gnutls_bye(session, GNUTLS_SHUT_WR);
++
++      end:
++
++	close(fd);
++
++	gnutls_deinit(session);
++
++	gnutls_certificate_free_credentials(x509_cred);
++
++	gnutls_global_deinit();
++}
++
++
++/* These are global */
++pid_t child;
++
++static void terminate(void)
++{
++	kill(child, SIGTERM);
++	exit(1);
++}
++
++static void server(int fd)
++{
++	int ret;
++	char buffer[MAX_BUF + 1];
++	gnutls_session_t session;
++	gnutls_certificate_credentials_t x509_cred;
++	unsigned to_send = sizeof(buffer)/4;
++
++	/* this must be called once in the program
++	 */
++	global_init();
++	memset(buffer, 0, sizeof(buffer));
++
++	if (debug) {
++		gnutls_global_set_log_function(server_log_func);
++		gnutls_global_set_log_level(4711);
++	}
++
++	gnutls_certificate_allocate_credentials(&x509_cred);
++	gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
++					    &server_key,
++					    GNUTLS_X509_FMT_PEM);
++
++	gnutls_init(&session, GNUTLS_SERVER);
++
++	/* avoid calling all the priority functions, since the defaults
++	 * are adequate.
++	 */
++	gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL);
++
++	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
++
++	gnutls_transport_set_int(session, fd);
++
++	do {
++		ret = gnutls_handshake(session);
++	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
++	if (ret < 0) {
++		close(fd);
++		gnutls_deinit(session);
++		fail("server: Handshake has failed (%s)\n\n",
++		     gnutls_strerror(ret));
++		terminate();
++	}
++
++
++	if (debug) {
++		success("server: Handshake was completed\n");
++		success("server: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session)));
++	}
++
++	if (debug)
++		success("server: TLS version is: %s\n",
++			gnutls_protocol_get_name
++			(gnutls_protocol_get_version(session)));
++
++	do {
++		do {
++			ret =
++			    gnutls_record_send(session, buffer,
++					       sizeof(buffer));
++		} while (ret == GNUTLS_E_AGAIN
++			 || ret == GNUTLS_E_INTERRUPTED);
++
++		if (ret < 0) {
++			fail("Error sending %d byte packet: %s\n", to_send,
++			     gnutls_strerror(ret));
++			terminate();
++		}
++		to_send++;
++	}
++	while (to_send < 64);
++
++	to_send = -1;
++	/* do not wait for the peer to close the connection.
++	 */
++	gnutls_bye(session, GNUTLS_SHUT_WR);
++
++	close(fd);
++	gnutls_deinit(session);
++
++	gnutls_certificate_free_credentials(x509_cred);
++
++	gnutls_global_deinit();
++
++	if (debug)
++		success("server: finished\n");
++}
++
++static void ch_handler(int sig)
++{
++	int status;
++	wait(&status);
++	if (WEXITSTATUS(status) != 0 ||
++	    (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
++		if (WIFSIGNALED(status))
++			fail("Child died with sigsegv\n");
++		else
++			fail("Child died with status %d\n",
++			     WEXITSTATUS(status));
++		terminate();
++	}
++	return;
++}
++
++void doit(void)
++{
++	int fd[2];
++	int ret;
++
++	signal(SIGCHLD, ch_handler);
++
++	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
++	if (ret < 0) {
++		perror("socketpair");
++		exit(1);
++	}
++
++	child = fork();
++	if (child < 0) {
++		perror("fork");
++		fail("fork");
++		exit(1);
++	}
++
++	if (child) {
++		/* parent */
++		close(fd[1]);
++		client(fd[0]);
++		kill(child, SIGTERM);
++	} else {
++		close(fd[0]);
++		server(fd[1]);
++		exit(0);
++	}
++}
++
++#endif				/* _WIN32 */
diff -Nru gnutls28-3.3.8/debian/patches/series gnutls28-3.3.8/debian/patches/series
--- gnutls28-3.3.8/debian/patches/series	2015-04-27 19:34:44.000000000 +0200
+++ gnutls28-3.3.8/debian/patches/series	2015-06-20 13:41:02.000000000 +0200
@@ -9,3 +9,7 @@
 40_no_more_ssl3.diff
 45_eliminated-double-free.diff
 46_Better-fix-for-the-double-free.diff
+50_Handle-zero-length-plaintext-for-VIA-PadLock-functio.patch
+51_0001__gnutls_session_sign_algo_enabled-do-not-consider-an.patch
+51_0002_before-falling-back-to-SHA1-as-signature-algorithm-i.patch
+51_0003_tests-added-reproducer-for-the-MD5-acceptance-issue.patch

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Version: 8.2

Hi,

These bugs correspond to updates which were included in the 8.2 point
release.

Regards,

Adam

--- End Message ---
Reply to: