Your message dated Sat, 08 Feb 2020 14:21:36 +0000 with message-id <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk> and subject line Closing requests included in 10.3 point release has caused the Debian Bug report #945925, regarding buster-pu: package gnutls28/3.6.7-4+deb10u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 945925: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945925 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package gnutls28/3.6.7-4+deb10u1
- From: Andreas Metzler <ametzler@bebt.de>
- Date: Sun, 1 Dec 2019 07:27:43 +0100
- Message-id: <20191201062743.GA93001@argenau.bebt.de>
Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu Good morning, I would like to see #933538 fixed in buster, which is a interoperability problem with old (2.x, that is wheezy) versions of gnutls. cu Andreas[The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .changes but not in first ----------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/1a/591272a07d9e6d0140db75455b9b4bcc8eeddd.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/1c/a9574531f2bffce01464c8a654b2e0c2ed894b.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/5e/61e31c2ae39982eeb14ae1c8f66aff43e1083a.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/74/0d1a42bc21c173d6a991375b0d8ddb934ec0bd.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/8b/c687d446ade64a2f7c29950e17eda1a2e91e11.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/b1/7a60f0701c7de3d7e5e921305846b5efbc3c91.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/b8/bd0e5aecb48c352850674891129476d08d016a.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/be/692a24b17141539bbe9fe246bbde637669ecff.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/c0/fe9421f82709abe4e7d487af28fd7402ffbb53.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/cb/6160515c1e9b0c02a1d6751325e360b590b83e.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/f3/e7c24dbf4184d814468b89270b4c40cb205b8c.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/f8/818eb8e83e9bd9a3c0cfb9b9cbb656bd1f288b.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/fa/92b545084722f485080b95a6eca92571ece25f.debug Files in first .changes but not in second ----------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/0f/f0796530c37d210935e7808160fd89b3303092.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/11/06d4483482f51e9f04c4fffbf164e0348ba5d3.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/13/874b86eafc2b2965ff1853c87ee6df7987c581.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/4d/66d28cd2e7537e1e1d2905595b260226b22ad2.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/55/58da73c3d0c1fae464c8c1c206dea6279aa5b2.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/70/0562a775625daa6f3892bbd4bfdf2478537723.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/b2/ada5bc7ee4fc083e4a45bd6b2b2b2c5257e68e.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/b4/d85fa0bcde4dd34ea2de34f8bac96e9244b058.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/c4/444a7b5a7906fc1eeca540d1d91064c4a92a3e.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/d1/9c1bb870c8ec979ea276b8f584cddc80e2da61.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/d3/28298de34135fca5f236357f2f2dd56cb109f3.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/d7/52158b357b5875ebc8680001b57a886b94a1a4.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/fe/4c3c0c38af44779c38ae5d1e187b6250f7afe0.debug Control files of package gnutls-bin: lines which differ (wdiff format) ---------------------------------------------------------------------- Installed-Size: [-1587-] {+1588+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package gnutls-bin-dbgsym: lines which differ (wdiff format) ----------------------------------------------------------------------------- Build-Ids: [-0ff0796530c37d210935e7808160fd89b3303092 1106d4483482f51e9f04c4fffbf164e0348ba5d3 13874b86eafc2b2965ff1853c87ee6df7987c581 5558da73c3d0c1fae464c8c1c206dea6279aa5b2 700562a775625daa6f3892bbd4bfdf2478537723 b2ada5bc7ee4fc083e4a45bd6b2b2b2c5257e68e b4d85fa0bcde4dd34ea2de34f8bac96e9244b058 c4444a7b5a7906fc1eeca540d1d91064c4a92a3e d19c1bb870c8ec979ea276b8f584cddc80e2da61-] {+1a591272a07d9e6d0140db75455b9b4bcc8eeddd 740d1a42bc21c173d6a991375b0d8ddb934ec0bd 8bc687d446ade64a2f7c29950e17eda1a2e91e11 be692a24b17141539bbe9fe246bbde637669ecff c0fe9421f82709abe4e7d487af28fd7402ffbb53 cb6160515c1e9b0c02a1d6751325e360b590b83e f3e7c24dbf4184d814468b89270b4c40cb205b8c f8818eb8e83e9bd9a3c0cfb9b9cbb656bd1f288b fa92b545084722f485080b95a6eca92571ece25f+} Depends: gnutls-bin (= [-3.6.7-4)-] {+3.6.7-4+deb10u1)+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package gnutls-doc: lines which differ (wdiff format) ---------------------------------------------------------------------- Installed-Size: [-7334-] {+7335+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls-dane0: lines which differ (wdiff format) --------------------------------------------------------------------------- Depends: libgnutls30 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libc6 (>= 2.14), libunbound8 (>= 1.8.0) Installed-Size: [-369-] {+370+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls-dane0-dbgsym: lines which differ (wdiff format) ---------------------------------------------------------------------------------- Build-Ids: [-d328298de34135fca5f236357f2f2dd56cb109f3-] {+b17a60f0701c7de3d7e5e921305846b5efbc3c91+} Depends: libgnutls-dane0 (= [-3.6.7-4)-] {+3.6.7-4+deb10u1)+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls-openssl27: lines which differ (wdiff format) ------------------------------------------------------------------------------- Depends: libgnutls30 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libc6 (>= 2.14) Installed-Size: [-372-] {+373+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls-openssl27-dbgsym: lines which differ (wdiff format) -------------------------------------------------------------------------------------- Build-Ids: [-fe4c3c0c38af44779c38ae5d1e187b6250f7afe0-] {+5e61e31c2ae39982eeb14ae1c8f66aff43e1083a+} Depends: libgnutls-openssl27 (= [-3.6.7-4)-] {+3.6.7-4+deb10u1)+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls28-dev: lines which differ (wdiff format) --------------------------------------------------------------------------- Depends: libc6-dev | libc-dev, libgnutls-dane0 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libgnutls-openssl27 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libgnutls30 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libgnutlsxx28 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libidn2-dev, libp11-kit-dev (>= 0.23.10), libtasn1-6-dev, nettle-dev (>= 3.4.1~rc1) Installed-Size: [-4313-] {+4314+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls30: lines which differ (wdiff format) ----------------------------------------------------------------------- Installed-Size: [-2643-] {+2644+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutls30-dbgsym: lines which differ (wdiff format) ------------------------------------------------------------------------------ Build-Ids: [-4d66d28cd2e7537e1e1d2905595b260226b22ad2-] {+1ca9574531f2bffce01464c8a654b2e0c2ed894b+} Depends: libgnutls30 (= [-3.6.7-4)-] {+3.6.7-4+deb10u1)+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutlsxx28: lines which differ (wdiff format) ------------------------------------------------------------------------- Depends: libgnutls30 (= [-3.6.7-4),-] {+3.6.7-4+deb10u1),+} libc6 (>= 2.14), libgcc1 (>= 1:3.0), libstdc++6 (>= 5) Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} Control files of package libgnutlsxx28-dbgsym: lines which differ (wdiff format) -------------------------------------------------------------------------------- Build-Ids: [-d752158b357b5875ebc8680001b57a886b94a1a4-] {+b8bd0e5aecb48c352850674891129476d08d016a+} Depends: libgnutlsxx28 (= [-3.6.7-4)-] {+3.6.7-4+deb10u1)+} Version: [-3.6.7-4-] {+3.6.7-4+deb10u1+} diff -Nru gnutls28-3.6.7/debian/changelog gnutls28-3.6.7/debian/changelog --- gnutls28-3.6.7/debian/changelog 2019-06-12 19:21:23.000000000 +0200 +++ gnutls28-3.6.7/debian/changelog 2019-11-30 13:41:59.000000000 +0100 @@ -1,3 +1,11 @@ +gnutls28 (3.6.7-4+deb10u1) buster; urgency=medium + + * 42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch + from 3.6.10: Fix interop problems with gnutls 2.x. Closes: #933538 + (Thanks, Hanno Stock!) + + -- Andreas Metzler <ametzler@debian.org> Sat, 30 Nov 2019 13:41:59 +0100 + gnutls28 (3.6.7-4) unstable; urgency=medium * Cherry-pick important bug-fixes from 3.6.8: diff -Nru gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch --- gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch 2019-11-30 13:41:59.000000000 +0100 @@ -0,0 +1,63 @@ +From daa49b9e455d262a1a2bc1b641e72dc004e2cb3e Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Sat, 3 Aug 2019 21:51:58 +0200 +Subject: [PATCH] _gnutls_epoch_set_keys: do not forbid random padding in + TLS1.x CBC ciphersuites + +Since some point in 3.6.x we updated the calculation of maximum record size, +however that did not include the possibility of random record padding available +for CBC ciphersuites which exceeds the maximum. This commit allows for larger +sizes for these ciphersuites to account for random padding as applied by +gnutls 2.12.x. + +Resolves: #811 + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> +--- + NEWS | 4 ++++ + lib/constate.c | 11 +++++++++-- + lib/record.c | 4 ++-- + 3 files changed, 15 insertions(+), 4 deletions(-) + +diff --git a/lib/constate.c b/lib/constate.c +index 51a4eca30..4c6ca0fd0 100644 +--- a/lib/constate.c ++++ b/lib/constate.c +@@ -707,10 +707,17 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch, hs_stage_t + return gnutls_assert_val(ret); + } + +- if (ver->tls13_sem) { ++ /* The TLS1.3 limit of 256 additional bytes is also enforced under CBC ++ * ciphers to ensure we interoperate with gnutls 2.12.x which could add padding ++ * data exceeding the maximum. */ ++ if (ver->tls13_sem || _gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) { + session->internals.max_recv_size = 256; + } else { +- session->internals.max_recv_size = _gnutls_record_overhead(ver, params->cipher, params->mac, 1); ++ session->internals.max_recv_size = 0; ++ } ++ ++ if (!ver->tls13_sem) { ++ session->internals.max_recv_size += _gnutls_record_overhead(ver, params->cipher, params->mac, 1); + if (session->internals.allow_large_records != 0) + session->internals.max_recv_size += EXTRA_COMP_SIZE; + } +diff --git a/lib/record.c b/lib/record.c +index 39d2a16be..7c7e36561 100644 +--- a/lib/record.c ++++ b/lib/record.c +@@ -1219,8 +1219,8 @@ static int recv_headers(gnutls_session_t session, + + if (record->length == 0 || record->length > max_record_recv_size(session)) { + _gnutls_audit_log +- (session, "Received packet with illegal length: %u\n", +- (unsigned int) record->length); ++ (session, "Received packet with illegal length: %u (max: %u)\n", ++ (unsigned int) record->length, (unsigned)max_record_recv_size(session)); + + if (record->length == 0) { + /* Empty, unencrypted records are always unexpected. */ +-- +2.24.0 + diff -Nru gnutls28-3.6.7/debian/patches/series gnutls28-3.6.7/debian/patches/series --- gnutls28-3.6.7/debian/patches/series 2019-06-12 19:21:15.000000000 +0200 +++ gnutls28-3.6.7/debian/patches/series 2019-11-30 13:41:59.000000000 +0100 @@ -5,3 +5,4 @@ 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch +42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patchAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 939036-done@bugs.debian.org, 939802-done@bugs.debian.org, 940647-done@bugs.debian.org, 941365-done@bugs.debian.org, 941713-done@bugs.debian.org, 942575-done@bugs.debian.org, 944294-done@bugs.debian.org, 944348-done@bugs.debian.org, 944856-done@bugs.debian.org, 944865-done@bugs.debian.org, 945518-done@bugs.debian.org, 945845-done@bugs.debian.org, 945896-done@bugs.debian.org, 945925-done@bugs.debian.org, 945965-done@bugs.debian.org, 946032-done@bugs.debian.org, 946033-done@bugs.debian.org, 946083-done@bugs.debian.org, 946175-done@bugs.debian.org, 946184-done@bugs.debian.org, 946402-done@bugs.debian.org, 946557-done@bugs.debian.org, 946559-done@bugs.debian.org, 946651-done@bugs.debian.org, 946705-done@bugs.debian.org, 946819-done@bugs.debian.org, 946822-done@bugs.debian.org, 946831-done@bugs.debian.org, 946841-done@bugs.debian.org, 946864-done@bugs.debian.org, 946901-done@bugs.debian.org, 946960-done@bugs.debian.org, 947038-done@bugs.debian.org, 947125-done@bugs.debian.org, 947201-done@bugs.debian.org, 947254-done@bugs.debian.org, 947321-done@bugs.debian.org, 947331-done@bugs.debian.org, 947832-done@bugs.debian.org, 948104-done@bugs.debian.org, 948203-done@bugs.debian.org, 948205-done@bugs.debian.org, 948290-done@bugs.debian.org, 948363-done@bugs.debian.org, 948390-done@bugs.debian.org, 948400-done@bugs.debian.org, 948464-done@bugs.debian.org, 948472-done@bugs.debian.org, 948485-done@bugs.debian.org, 948544-done@bugs.debian.org, 948545-done@bugs.debian.org, 948550-done@bugs.debian.org, 948601-done@bugs.debian.org, 948609-done@bugs.debian.org, 948695-done@bugs.debian.org, 948796-done@bugs.debian.org, 948826-done@bugs.debian.org, 948850-done@bugs.debian.org, 948854-done@bugs.debian.org, 948857-done@bugs.debian.org, 948899-done@bugs.debian.org, 948904-done@bugs.debian.org, 948910-done@bugs.debian.org, 948979-done@bugs.debian.org, 948988-done@bugs.debian.org, 948991-done@bugs.debian.org, 949120-done@bugs.debian.org, 949121-done@bugs.debian.org, 949310-done@bugs.debian.org, 949541-done@bugs.debian.org, 949704-done@bugs.debian.org, 949728-done@bugs.debian.org, 949842-done@bugs.debian.org, 949852-done@bugs.debian.org, 949895-done@bugs.debian.org, 949898-done@bugs.debian.org, 949899-done@bugs.debian.org, 949904-done@bugs.debian.org, 949906-done@bugs.debian.org, 949908-done@bugs.debian.org, 949957-done@bugs.debian.org, 950018-done@bugs.debian.org, 950139-done@bugs.debian.org, 950166-done@bugs.debian.org, 950257-done@bugs.debian.org, 950272-done@bugs.debian.org, 950280-done@bugs.debian.org, 950369-done@bugs.debian.org, 950466-done@bugs.debian.org
- Subject: Closing requests included in 10.3 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 08 Feb 2020 14:21:36 +0000
- Message-id: <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 10.3 Hi, Each of the uploads referred to by these bugs was included in today's stable point release. Regards, Adam
--- End Message ---