Control: tags -1 - moreinfo Control: retitle -1 buster-pu: package gnutls28/3.6.7-4+deb10u5 On 2020-05-26 Andreas Metzler <ametzler@bebt.de> wrote: > Control: tags 960836 + moreinfo > Please hold on approving this. I will probably need to add a fix for > https://gitlab.com/gnutls/gnutls/-/issues/997 Hello, find attached a new version rebased on the latests DSA and featuring these additional fixes: * 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS 3.6.14: Handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers. (See LP 1876286) * 44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch 44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch backported from GnuTLS 3.6.14: Fix verification error with alternate chains. Closes: #961889 TIA, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru gnutls28-3.6.7/debian/changelog gnutls28-3.6.7/debian/changelog
--- gnutls28-3.6.7/debian/changelog 2020-06-05 19:32:17.000000000 +0200
+++ gnutls28-3.6.7/debian/changelog 2020-06-07 07:45:55.000000000 +0200
@@ -1,3 +1,24 @@
+gnutls28 (3.6.7-4+deb10u5) buster; urgency=medium
+
+ * 42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch
+ from GNUTLS 3.6.11: Fix TL1.2 resumption errors. Closes: #956649
+ * 47_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch from GNUTLS
+ 3.6.14: One line fix for memory leak. Closes: #958704
+ * Rename
+ 44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch
+ (security upload) to 44_rel3.6.14_90_... to be able to pull earlier fixes
+ from 3.6.14 and have correct patch filename order.
+ * 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch
+ from GnuTLS 3.6.14: Handle zero length session tickets, fixing connection
+ errors on TLS1.2 sessions to some big hosting providers. (See LP 1876286)
+ * 44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
+ 44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch
+ 44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch
+ backported from GnuTLS 3.6.14: Fix verification error with alternate
+ chains. Closes: #961889
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 07 Jun 2020 07:45:55 +0200
+
gnutls28 (3.6.7-4+deb10u4) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru gnutls28-3.6.7/debian/patches/42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch gnutls28-3.6.7/debian/patches/42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch
--- gnutls28-3.6.7/debian/patches/42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch 2020-06-07 06:48:47.000000000 +0200
@@ -0,0 +1,610 @@
+From afa6e340c084542ef416afc9aaaa6dd0329f5507 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Tue, 8 Oct 2019 07:23:31 +0200
+Subject: [PATCH] session tickets: parse extension during session resumption on
+ client side
+
+It is possible for a server to send a new session ticket during
+TLS1.2 resumption. To be able to parse it as client we need to
+check the extension during resumption as well.
+
+Resolves: #841
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ NEWS | 3 +++
+ lib/ext/alpn.c | 3 ++-
+ lib/ext/client_cert_type.c | 3 ++-
+ lib/ext/cookie.c | 3 ++-
+ lib/ext/dumbfw.c | 3 ++-
+ lib/ext/early_data.c | 3 ++-
+ lib/ext/ec_point_formats.c | 3 ++-
+ lib/ext/etm.c | 3 ++-
+ lib/ext/ext_master_secret.c | 3 ++-
+ lib/ext/heartbeat.c | 3 ++-
+ lib/ext/key_share.c | 3 ++-
+ lib/ext/max_record.c | 3 ++-
+ lib/ext/post_handshake.c | 3 ++-
+ lib/ext/pre_shared_key.c | 3 ++-
+ lib/ext/psk_ke_modes.c | 3 ++-
+ lib/ext/record_size_limit.c | 3 ++-
+ lib/ext/safe_renegotiation.c | 3 ++-
+ lib/ext/server_cert_type.c | 3 ++-
+ lib/ext/server_name.c | 3 ++-
+ lib/ext/session_ticket.c | 7 ++++++-
+ lib/ext/signature.c | 3 ++-
+ lib/ext/srp.c | 3 ++-
+ lib/ext/srtp.c | 3 ++-
+ lib/ext/status_request.c | 3 ++-
+ lib/ext/supported_groups.c | 3 ++-
+ lib/ext/supported_versions.c | 3 ++-
+ lib/hello_ext.c | 36 ++++++++++++++++++---------------
+ lib/hello_ext.h | 3 ++-
+ lib/includes/gnutls/gnutls.h.in | 4 ++--
+ tests/gnutls-cli-resume.sh | 17 ++++++++++++++++
+ 30 files changed, 98 insertions(+), 44 deletions(-)
+
+
+diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c
+index b9991f0a1..7cc799756 100644
+--- a/lib/ext/alpn.c
++++ b/lib/ext/alpn.c
+@@ -39,7 +39,8 @@ const hello_ext_entry_st ext_mod_alpn = {
+ .tls_id = 16,
+ .gid = GNUTLS_EXTENSION_ALPN,
+ /* this extension must be parsed even on resumption */
+- .parse_type = GNUTLS_EXT_MANDATORY,
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ .server_parse_point = GNUTLS_EXT_MANDATORY,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_EE |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c
+index b627b71f9..34f4dcfa4 100644
+--- a/lib/ext/client_cert_type.c
++++ b/lib/ext/client_cert_type.c
+@@ -48,7 +48,8 @@ const hello_ext_entry_st ext_mod_client_cert_type = {
+ .name = "Client Certificate Type",
+ .tls_id = 19,
+ .gid = GNUTLS_EXTENSION_CLIENT_CERT_TYPE,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS |
+ GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO |
+diff --git a/lib/ext/cookie.c b/lib/ext/cookie.c
+index 0feb2f0e5..b4608f3a9 100644
+--- a/lib/ext/cookie.c
++++ b/lib/ext/cookie.c
+@@ -41,7 +41,8 @@ const hello_ext_entry_st ext_mod_cookie = {
+ .gid = GNUTLS_EXTENSION_COOKIE,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_HRR | GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST,
+- .parse_type = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
++ .client_parse_point = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
++ .server_parse_point = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
+ .recv_func = cookie_recv_params,
+ .send_func = cookie_send_params,
+ .pack_func = NULL,
+diff --git a/lib/ext/dumbfw.c b/lib/ext/dumbfw.c
+index 7ff013e8d..dfd2ee018 100644
+--- a/lib/ext/dumbfw.c
++++ b/lib/ext/dumbfw.c
+@@ -40,7 +40,8 @@ const hello_ext_entry_st ext_mod_dumbfw = {
+ .name = "ClientHello Padding",
+ .tls_id = 21,
+ .gid = GNUTLS_EXTENSION_DUMBFW,
+- .parse_type = GNUTLS_EXT_APPLICATION,
++ .client_parse_point = GNUTLS_EXT_APPLICATION,
++ .server_parse_point = GNUTLS_EXT_APPLICATION,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ .recv_func = NULL,
+ .send_func = _gnutls_dumbfw_send_params,
+diff --git a/lib/ext/early_data.c b/lib/ext/early_data.c
+index 4644f296a..8bb2c012c 100644
+--- a/lib/ext/early_data.c
++++ b/lib/ext/early_data.c
+@@ -40,7 +40,8 @@ const hello_ext_entry_st ext_mod_early_data = {
+ .tls_id = 42,
+ .gid = GNUTLS_EXTENSION_EARLY_DATA,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_EE,
+- .parse_type = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
++ .client_parse_point = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
++ .server_parse_point = GNUTLS_EXT_MANDATORY, /* force parsing prior to EXT_TLS extensions */
+ .recv_func = early_data_recv_params,
+ .send_func = early_data_send_params,
+ .pack_func = NULL,
+diff --git a/lib/ext/ec_point_formats.c b/lib/ext/ec_point_formats.c
+index c702d434c..d426580b1 100644
+--- a/lib/ext/ec_point_formats.c
++++ b/lib/ext/ec_point_formats.c
+@@ -41,7 +41,8 @@ const hello_ext_entry_st ext_mod_supported_ec_point_formats = {
+ .name = "Supported EC Point Formats",
+ .tls_id = 11,
+ .gid = GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_supported_ec_point_formats_recv_params,
+diff --git a/lib/ext/etm.c b/lib/ext/etm.c
+index ad335afd5..273a31a8b 100644
+--- a/lib/ext/etm.c
++++ b/lib/ext/etm.c
+@@ -39,7 +39,8 @@ const hello_ext_entry_st ext_mod_etm = {
+ .name = "Encrypt-then-MAC",
+ .tls_id = 22,
+ .gid = GNUTLS_EXTENSION_ETM,
+- .parse_type = GNUTLS_EXT_MANDATORY,
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ .server_parse_point = GNUTLS_EXT_MANDATORY,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_ext_etm_recv_params,
+diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c
+index ad040bccd..bc704e6b6 100644
+--- a/lib/ext/ext_master_secret.c
++++ b/lib/ext/ext_master_secret.c
+@@ -39,7 +39,8 @@ const hello_ext_entry_st ext_mod_ext_master_secret = {
+ .name = "Extended Master Secret",
+ .tls_id = 23,
+ .gid = GNUTLS_EXTENSION_EXT_MASTER_SECRET,
+- .parse_type = GNUTLS_EXT_MANDATORY,
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ .server_parse_point = GNUTLS_EXT_MANDATORY,
+ .validity = GNUTLS_EXT_FLAG_TLS|GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_ext_master_secret_recv_params,
+diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
+index e3fa602bf..5d9e9f4f8 100644
+--- a/lib/ext/heartbeat.c
++++ b/lib/ext/heartbeat.c
+@@ -526,7 +526,8 @@ const hello_ext_entry_st ext_mod_heartbeat = {
+ .name = "Heartbeat",
+ .tls_id = 15,
+ .gid = GNUTLS_EXTENSION_HEARTBEAT,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_heartbeat_recv_params,
+diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
+index 8f0912e69..4ae12c96b 100644
+--- a/lib/ext/key_share.c
++++ b/lib/ext/key_share.c
+@@ -47,7 +47,8 @@ const hello_ext_entry_st ext_mod_key_share = {
+ .name = "Key Share",
+ .tls_id = 51,
+ .gid = GNUTLS_EXTENSION_KEY_SHARE,
+- .parse_type = _GNUTLS_EXT_TLS_POST_CS,
++ .client_parse_point = _GNUTLS_EXT_TLS_POST_CS,
++ .server_parse_point = _GNUTLS_EXT_TLS_POST_CS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO |
+ GNUTLS_EXT_FLAG_HRR,
+ .recv_func = key_share_recv_params,
+diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c
+index 3cada69be..87302cbd4 100644
+--- a/lib/ext/max_record.c
++++ b/lib/ext/max_record.c
+@@ -46,7 +46,8 @@ const hello_ext_entry_st ext_mod_max_record_size = {
+ .name = "Maximum Record Size",
+ .tls_id = 1,
+ .gid = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_max_record_recv_params,
+diff --git a/lib/ext/post_handshake.c b/lib/ext/post_handshake.c
+index 73846db11..27fe1e734 100644
+--- a/lib/ext/post_handshake.c
++++ b/lib/ext/post_handshake.c
+@@ -40,7 +40,8 @@ const hello_ext_entry_st ext_mod_post_handshake = {
+ .name = "Post Handshake Auth",
+ .tls_id = 49,
+ .gid = GNUTLS_EXTENSION_POST_HANDSHAKE,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ .recv_func = _gnutls_post_handshake_recv_params,
+ .send_func = _gnutls_post_handshake_send_params,
+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
+index 436a426a8..d34492291 100644
+--- a/lib/ext/pre_shared_key.c
++++ b/lib/ext/pre_shared_key.c
+@@ -874,7 +874,8 @@ const hello_ext_entry_st ext_mod_pre_shared_key = {
+ .name = "Pre Shared Key",
+ .tls_id = PRE_SHARED_KEY_TLS_ID,
+ .gid = GNUTLS_EXTENSION_PRE_SHARED_KEY,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO,
+ .send_func = _gnutls_psk_send_params,
+ .recv_func = _gnutls_psk_recv_params
+diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c
+index 8d8effb43..b3d979cdf 100644
+--- a/lib/ext/psk_ke_modes.c
++++ b/lib/ext/psk_ke_modes.c
+@@ -197,7 +197,8 @@ const hello_ext_entry_st ext_mod_psk_ke_modes = {
+ .name = "PSK Key Exchange Modes",
+ .tls_id = 45,
+ .gid = GNUTLS_EXTENSION_PSK_KE_MODES,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO,
+ .send_func = psk_ke_modes_send_params,
+ .recv_func = psk_ke_modes_recv_params
+diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c
+index 0e94fece3..9398b1888 100644
+--- a/lib/ext/record_size_limit.c
++++ b/lib/ext/record_size_limit.c
+@@ -39,7 +39,8 @@ const hello_ext_entry_st ext_mod_record_size_limit = {
+ .name = "Record Size Limit",
+ .tls_id = 28,
+ .gid = GNUTLS_EXTENSION_RECORD_SIZE_LIMIT,
+- .parse_type = GNUTLS_EXT_MANDATORY,
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ .server_parse_point = GNUTLS_EXT_MANDATORY,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_record_size_limit_recv_params,
+diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
+index bb4a57e45..0b3d797bb 100644
+--- a/lib/ext/safe_renegotiation.c
++++ b/lib/ext/safe_renegotiation.c
+@@ -37,7 +37,8 @@ const hello_ext_entry_st ext_mod_sr = {
+ .gid = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+- .parse_type = GNUTLS_EXT_MANDATORY,
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ .server_parse_point = GNUTLS_EXT_MANDATORY,
+ .recv_func = _gnutls_sr_recv_params,
+ .send_func = _gnutls_sr_send_params,
+ .pack_func = NULL,
+diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c
+index 864a44bbc..81294961e 100644
+--- a/lib/ext/server_cert_type.c
++++ b/lib/ext/server_cert_type.c
+@@ -48,7 +48,8 @@ const hello_ext_entry_st ext_mod_server_cert_type = {
+ .name = "Server Certificate Type",
+ .tls_id = 20,
+ .gid = GNUTLS_EXTENSION_SERVER_CERT_TYPE,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS |
+ GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO |
+diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
+index 0c6331569..d52c8d074 100644
+--- a/lib/ext/server_name.c
++++ b/lib/ext/server_name.c
+@@ -46,7 +46,8 @@ const hello_ext_entry_st ext_mod_server_name = {
+ .gid = GNUTLS_EXTENSION_SERVER_NAME,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+- .parse_type = GNUTLS_EXT_MANDATORY,
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ .server_parse_point = GNUTLS_EXT_MANDATORY,
+ .recv_func = _gnutls_server_name_recv_params,
+ .send_func = _gnutls_server_name_send_params,
+ .pack_func = _gnutls_hello_ext_default_pack,
+diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
+index 263273fa2..c854d9c2a 100644
+--- a/lib/ext/session_ticket.c
++++ b/lib/ext/session_ticket.c
+@@ -54,7 +54,12 @@ const hello_ext_entry_st ext_mod_session_ticket = {
+ .gid = GNUTLS_EXTENSION_SESSION_TICKET,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+- .parse_type = GNUTLS_EXT_TLS,
++ /* This extension must be parsed on session resumption as well; see
++ * https://gitlab.com/gnutls/gnutls/issues/841 */
++ .client_parse_point = GNUTLS_EXT_MANDATORY,
++ /* on server side we want this parsed after normal handshake resumption
++ * actions are complete */
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .recv_func = session_ticket_recv_params,
+ .send_func = session_ticket_send_params,
+ .pack_func = session_ticket_pack,
+diff --git a/lib/ext/signature.c b/lib/ext/signature.c
+index a90f58d53..28d88c5bf 100644
+--- a/lib/ext/signature.c
++++ b/lib/ext/signature.c
+@@ -53,7 +53,8 @@ const hello_ext_entry_st ext_mod_sig = {
+ .tls_id = 13,
+ .gid = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .recv_func = _gnutls_signature_algorithm_recv_params,
+ .send_func = _gnutls_signature_algorithm_send_params,
+ .pack_func = signature_algorithms_pack,
+diff --git a/lib/ext/srp.c b/lib/ext/srp.c
+index 07f6e6883..26fa56e3a 100644
+--- a/lib/ext/srp.c
++++ b/lib/ext/srp.c
+@@ -46,7 +46,8 @@ const hello_ext_entry_st ext_mod_srp = {
+ .name = "SRP",
+ .tls_id = 12,
+ .gid = GNUTLS_EXTENSION_SRP,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ .recv_func = _gnutls_srp_recv_params,
+ .send_func = _gnutls_srp_send_params,
+diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
+index 412e26d45..b2e36b3a0 100644
+--- a/lib/ext/srtp.c
++++ b/lib/ext/srtp.c
+@@ -45,7 +45,8 @@ const hello_ext_entry_st ext_mod_srtp = {
+ .gid = GNUTLS_EXTENSION_SRTP,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+- .parse_type = GNUTLS_EXT_APPLICATION,
++ .client_parse_point = GNUTLS_EXT_APPLICATION,
++ .server_parse_point = GNUTLS_EXT_APPLICATION,
+ .recv_func = _gnutls_srtp_recv_params,
+ .send_func = _gnutls_srtp_send_params,
+ .pack_func = _gnutls_srtp_pack,
+diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
+index cf9d5bd03..2b36308b7 100644
+--- a/lib/ext/status_request.c
++++ b/lib/ext/status_request.c
+@@ -327,7 +327,8 @@ const hello_ext_entry_st ext_mod_status_request = {
+ .gid = GNUTLS_EXTENSION_STATUS_REQUEST,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+- .parse_type = _GNUTLS_EXT_TLS_POST_CS,
++ .client_parse_point = _GNUTLS_EXT_TLS_POST_CS,
++ .server_parse_point = _GNUTLS_EXT_TLS_POST_CS,
+ .recv_func = _gnutls_status_request_recv_params,
+ .send_func = _gnutls_status_request_send_params,
+ .deinit_func = _gnutls_status_request_deinit_data,
+diff --git a/lib/ext/supported_groups.c b/lib/ext/supported_groups.c
+index ef7859f73..6e7e86bbe 100644
+--- a/lib/ext/supported_groups.c
++++ b/lib/ext/supported_groups.c
+@@ -46,7 +46,8 @@ const hello_ext_entry_st ext_mod_supported_groups = {
+ .name = "Supported Groups",
+ .tls_id = 10,
+ .gid = GNUTLS_EXTENSION_SUPPORTED_GROUPS,
+- .parse_type = GNUTLS_EXT_TLS,
++ .client_parse_point = GNUTLS_EXT_TLS,
++ .server_parse_point = GNUTLS_EXT_TLS,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ .recv_func = _gnutls_supported_groups_recv_params,
+diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c
+index 1b9c29579..69193b60a 100644
+--- a/lib/ext/supported_versions.c
++++ b/lib/ext/supported_versions.c
+@@ -43,7 +43,8 @@ const hello_ext_entry_st ext_mod_supported_versions = {
+ .gid = GNUTLS_EXTENSION_SUPPORTED_VERSIONS,
+ .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO |
+ GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO | GNUTLS_EXT_FLAG_HRR|GNUTLS_EXT_FLAG_TLS,
+- .parse_type = GNUTLS_EXT_VERSION_NEG, /* force parsing prior to EXT_TLS extensions */
++ .client_parse_point = GNUTLS_EXT_VERSION_NEG, /* force parsing prior to EXT_TLS extensions */
++ .server_parse_point = GNUTLS_EXT_VERSION_NEG,
+ .recv_func = supported_versions_recv_params,
+ .send_func = supported_versions_send_params,
+ .pack_func = NULL,
+diff --git a/lib/hello_ext.c b/lib/hello_ext.c
+index 491b3c3eb..33eaa27b1 100644
+--- a/lib/hello_ext.c
++++ b/lib/hello_ext.c
+@@ -120,7 +120,7 @@ gid_to_ext_entry(gnutls_session_t session, extensions_t id)
+ }
+
+ static const hello_ext_entry_st *
+-tls_id_to_ext_entry(gnutls_session_t session, uint16_t tls_id, gnutls_ext_parse_type_t parse_type)
++tls_id_to_ext_entry(gnutls_session_t session, uint16_t tls_id, gnutls_ext_parse_type_t parse_point)
+ {
+ unsigned i;
+ const hello_ext_entry_st *e;
+@@ -144,7 +144,8 @@ tls_id_to_ext_entry(gnutls_session_t session, uint16_t tls_id, gnutls_ext_parse_
+
+ return NULL;
+ done:
+- if (parse_type == GNUTLS_EXT_ANY || e->parse_type == parse_type) {
++ if (parse_point == GNUTLS_EXT_ANY || (IS_SERVER(session) && e->server_parse_point == parse_point) ||
++ (!IS_SERVER(session) && e->client_parse_point == parse_point)) {
+ return e;
+ } else {
+ return NULL;
+@@ -201,7 +202,7 @@ static unsigned tls_id_to_gid(gnutls_session_t session, unsigned tls_id)
+ typedef struct hello_ext_ctx_st {
+ gnutls_session_t session;
+ gnutls_ext_flags_t msg;
+- gnutls_ext_parse_type_t parse_type;
++ gnutls_ext_parse_type_t parse_point;
+ const hello_ext_entry_st *ext; /* used during send */
+ unsigned seen_pre_shared_key;
+ } hello_ext_ctx_st;
+@@ -222,7 +223,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
+ return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ }
+
+- ext = tls_id_to_ext_entry(session, tls_id, ctx->parse_type);
++ ext = tls_id_to_ext_entry(session, tls_id, ctx->parse_point);
+ if (ext == NULL || ext->recv_func == NULL) {
+ goto ignore;
+ }
+@@ -288,7 +289,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
+ int
+ _gnutls_parse_hello_extensions(gnutls_session_t session,
+ gnutls_ext_flags_t msg,
+- gnutls_ext_parse_type_t parse_type,
++ gnutls_ext_parse_type_t parse_point,
+ const uint8_t * data, int data_size)
+ {
+ int ret;
+@@ -298,7 +299,7 @@ _gnutls_parse_hello_extensions(gnutls_session_t session,
+
+ ctx.session = session;
+ ctx.msg = msg;
+- ctx.parse_type = parse_type;
++ ctx.parse_point = parse_point;
+ ctx.seen_pre_shared_key = 0;
+
+ ret = _gnutls_extv_parse(&ctx, hello_ext_parse, data, data_size);
+@@ -321,8 +322,9 @@ int hello_ext_send(void *_ctx, gnutls_buffer_st *buf)
+ if (unlikely(p->send_func == NULL))
+ return 0;
+
+- if (ctx->parse_type != GNUTLS_EXT_ANY
+- && p->parse_type != ctx->parse_type) {
++ if (ctx->parse_point != GNUTLS_EXT_ANY &&
++ ((IS_SERVER(session) && p->server_parse_point != ctx->parse_point) ||
++ (!IS_SERVER(session) && p->client_parse_point != ctx->parse_point))) {
+ return 0;
+ }
+
+@@ -392,7 +394,7 @@ int
+ _gnutls_gen_hello_extensions(gnutls_session_t session,
+ gnutls_buffer_st * buf,
+ gnutls_ext_flags_t msg,
+- gnutls_ext_parse_type_t parse_type)
++ gnutls_ext_parse_type_t parse_point)
+ {
+ int pos, ret;
+ size_t i;
+@@ -402,7 +404,7 @@ _gnutls_gen_hello_extensions(gnutls_session_t session,
+
+ ctx.session = session;
+ ctx.msg = msg;
+- ctx.parse_type = parse_type;
++ ctx.parse_point = parse_point;
+
+ ret = _gnutls_extv_append_init(buf);
+ if (ret < 0)
+@@ -742,7 +744,7 @@ _gnutls_hello_ext_get_resumed_priv(gnutls_session_t session,
+ * gnutls_ext_register:
+ * @name: the name of the extension to register
+ * @id: the numeric TLS id of the extension
+- * @parse_type: the parse type of the extension (see gnutls_ext_parse_type_t)
++ * @parse_point: the parse type of the extension (see gnutls_ext_parse_type_t)
+ * @recv_func: a function to receive the data
+ * @send_func: a function to send the data
+ * @deinit_func: a function deinitialize any private data
+@@ -767,7 +769,7 @@ _gnutls_hello_ext_get_resumed_priv(gnutls_session_t session,
+ * Since: 3.4.0
+ **/
+ int
+-gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type,
++gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_point,
+ gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
+ gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
+ gnutls_ext_unpack_func unpack_func)
+@@ -798,7 +800,8 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type
+ tmp_mod->free_struct = 1;
+ tmp_mod->tls_id = id;
+ tmp_mod->gid = gid;
+- tmp_mod->parse_type = parse_type;
++ tmp_mod->client_parse_point = parse_point;
++ tmp_mod->server_parse_point = parse_point;
+ tmp_mod->recv_func = recv_func;
+ tmp_mod->send_func = send_func;
+ tmp_mod->deinit_func = deinit_func;
+@@ -822,7 +825,7 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type
+ * @session: the session for which this extension will be set
+ * @name: the name of the extension to register
+ * @id: the numeric id of the extension
+- * @parse_type: the parse type of the extension (see gnutls_ext_parse_type_t)
++ * @parse_point: the parse type of the extension (see gnutls_ext_parse_type_t)
+ * @recv_func: a function to receive the data
+ * @send_func: a function to send the data
+ * @deinit_func: a function deinitialize any private data
+@@ -853,7 +856,7 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type
+ **/
+ int
+ gnutls_session_ext_register(gnutls_session_t session,
+- const char *name, int id, gnutls_ext_parse_type_t parse_type,
++ const char *name, int id, gnutls_ext_parse_type_t parse_point,
+ gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
+ gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
+ gnutls_ext_unpack_func unpack_func, unsigned flags)
+@@ -898,7 +901,8 @@ gnutls_session_ext_register(gnutls_session_t session,
+ tmp_mod.free_struct = 1;
+ tmp_mod.tls_id = id;
+ tmp_mod.gid = gid;
+- tmp_mod.parse_type = parse_type;
++ tmp_mod.client_parse_point = parse_point;
++ tmp_mod.server_parse_point = parse_point;
+ tmp_mod.recv_func = recv_func;
+ tmp_mod.send_func = send_func;
+ tmp_mod.deinit_func = deinit_func;
+diff --git a/lib/hello_ext.h b/lib/hello_ext.h
+index f8570bb34..f2dfd7ff6 100644
+--- a/lib/hello_ext.h
++++ b/lib/hello_ext.h
+@@ -121,7 +121,8 @@ typedef struct hello_ext_entry_st {
+ uint16_t tls_id;
+ unsigned gid; /* gnutls internal ID */
+
+- gnutls_ext_parse_type_t parse_type;
++ gnutls_ext_parse_type_t client_parse_point;
++ gnutls_ext_parse_type_t server_parse_point;
+ unsigned validity; /* multiple items of gnutls_ext_flags_t */
+
+ /* this function must return 0 when Not Applicable
+diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
+index 6b35c4434..b4830cc8d 100644
+--- a/lib/includes/gnutls/gnutls.h.in
++++ b/lib/includes/gnutls/gnutls.h.in
+@@ -3023,12 +3023,12 @@ typedef enum {
+
+ /* Register a custom tls extension
+ */
+-int gnutls_ext_register(const char *name, int type, gnutls_ext_parse_type_t parse_type,
++int gnutls_ext_register(const char *name, int type, gnutls_ext_parse_type_t parse_point,
+ gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
+ gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
+ gnutls_ext_unpack_func unpack_func);
+
+-int gnutls_session_ext_register(gnutls_session_t, const char *name, int type, gnutls_ext_parse_type_t parse_type,
++int gnutls_session_ext_register(gnutls_session_t, const char *name, int type, gnutls_ext_parse_type_t parse_point,
+ gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
+ gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
+ gnutls_ext_unpack_func unpack_func, unsigned flags);
+diff --git a/tests/gnutls-cli-resume.sh b/tests/gnutls-cli-resume.sh
+index fe7ed1e02..38ac076ef 100755
+--- a/tests/gnutls-cli-resume.sh
++++ b/tests/gnutls-cli-resume.sh
+@@ -98,6 +98,23 @@ for i in "$WAITPID";do
+ test $? != 0 && exit 1
+ done
+
++echo "Checking whether session resumption works reliably under TLS1.2 (no tickets)"
++PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_TICKETS"
++WAITPID=""
++
++i=0
++while [ $i -lt 10 ]
++do
++ run_server_test "${PRIORITY}" $i &
++ WAITPID="$WAITPID $!"
++ i=`expr $i + 1`
++done
++
++for i in "$WAITPID";do
++ wait $i
++ test $? != 0 && exit 1
++done
++
+ kill ${PID}
+ wait
+
+--
+2.26.2
+
diff -Nru gnutls28-3.6.7/debian/patches/43_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch gnutls28-3.6.7/debian/patches/43_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch
--- gnutls28-3.6.7/debian/patches/43_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/43_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch 2020-06-07 07:07:37.000000000 +0200
@@ -0,0 +1,30 @@
+From 05ace838b3f67836a29a53282ec5a9b3cffd5680 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Sun, 2 Feb 2020 09:47:25 -0600
+Subject: [PATCH] session_pack: fix leak in error path
+
+If called at the wrong time, it allocates the buffer sb and forgets to
+clear it.
+
+Signed-off-by: Michael Catanzaro <mcatanzaro@gnome.org>
+---
+ lib/session_pack.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/session_pack.c b/lib/session_pack.c
+index b655b7128..e5c21f24b 100644
+--- a/lib/session_pack.c
++++ b/lib/session_pack.c
+@@ -143,7 +143,8 @@ _gnutls_session_pack(gnutls_session_t session,
+ }
+ break;
+ default:
+- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
++ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
++ goto fail;
+
+ }
+
+--
+2.26.2
+
diff -Nru gnutls28-3.6.7/debian/patches/44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch gnutls28-3.6.7/debian/patches/44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch
--- gnutls28-3.6.7/debian/patches/44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch 2020-06-05 19:32:17.000000000 +0200
+++ gnutls28-3.6.7/debian/patches/44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,72 +0,0 @@
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 2 Jun 2020 20:53:11 +0200
-Subject: stek: differentiate initial state from valid time window of
- TOTP
-Origin: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
-Bug: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
-Bug-Debian: https://bugs.debian.org/962289
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-13777
-Bug: https://gitlab.com/gnutls/gnutls/-/issues/1011
-
-There was a confusion in the TOTP implementation in stek.c. When the
-mechanism is initialized at the first time, it records the timestamp
-but doesn't initialize the key. This removes the timestamp recording
-at the initialization phase, so the key is properly set later.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
-[Salvatore Bonaccorso: Drop test changes in tests/tls13/prf-early.c
-which are not applicble in version 3.6.7]
----
- lib/stek.c | 17 +++++------------
- tests/resume-with-previous-stek.c | 4 ++--
- tests/tls13/prf-early.c | 8 ++++----
- 3 files changed, 11 insertions(+), 18 deletions(-)
-
-diff --git a/lib/stek.c b/lib/stek.c
-index 2f885cee372d..5ab9e7d2d1ce 100644
---- a/lib/stek.c
-+++ b/lib/stek.c
-@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
- if (unlikely(session == NULL || key == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
-- if (session->key.totp.last_result == 0) {
-- int64_t t;
-- memcpy(session->key.initial_stek, key->data, key->size);
-- t = totp_next(session);
-- if (t < 0)
-- return gnutls_assert_val(t);
-+ if (unlikely(session->key.totp.last_result != 0))
-+ return GNUTLS_E_INVALID_REQUEST;
-
-- session->key.totp.last_result = t;
-- session->key.totp.was_rotated = 0;
--
-- return GNUTLS_E_SUCCESS;
-- }
-+ memcpy(session->key.initial_stek, key->data, key->size);
-
-- return GNUTLS_E_INVALID_REQUEST;
-+ session->key.totp.was_rotated = 0;
-+ return 0;
- }
-
- /*
-diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
-index f212b188b9b6..05c1c90868db 100644
---- a/tests/resume-with-previous-stek.c
-+++ b/tests/resume-with-previous-stek.c
-@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
- serverx509cred = NULL;
- }
-
-- if (num_stek_rotations != 2)
-- fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
-+ if (num_stek_rotations != 3)
-+ fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
-
- if (serverx509cred)
- gnutls_certificate_free_credentials(serverx509cred);
---
-2.27.0
-
diff -Nru gnutls28-3.6.7/debian/patches/44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch gnutls28-3.6.7/debian/patches/44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch
--- gnutls28-3.6.7/debian/patches/44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch 2020-06-07 07:34:11.000000000 +0200
@@ -0,0 +1,46 @@
+From 1d4615aa650dad1c01452d46396c0307304b0245 Mon Sep 17 00:00:00 2001
+From: rrivers2 <5981058-rrivers2@users.noreply.gitlab.com>
+Date: Sun, 24 May 2020 23:11:01 +0000
+Subject: [PATCH] Update session_ticket.c to add support for zero length
+ session tickets returned from the server
+
+check that ticket_len > 0 prior to calling gnutls_realloc_fast
+
+Signed-off-by: Rod Rivers <5981058-rrivers2@users.noreply.gitlab.com>
+---
+ lib/ext/session_ticket.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
+index c854d9c2a..8d4595821 100644
+--- a/lib/ext/session_ticket.c
++++ b/lib/ext/session_ticket.c
+@@ -787,15 +787,17 @@ int _gnutls_recv_new_session_ticket(gnutls_session_t session)
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+- priv->session_ticket =
+- gnutls_realloc_fast(priv->session_ticket, ticket_len);
+- if (!priv->session_ticket) {
+- gnutls_free(priv);
+- gnutls_assert();
+- ret = GNUTLS_E_MEMORY_ERROR;
+- goto error;
++ if (ticket_len > 0) {
++ priv->session_ticket =
++ gnutls_realloc_fast(priv->session_ticket, ticket_len);
++ if (!priv->session_ticket) {
++ gnutls_free(priv);
++ gnutls_assert();
++ ret = GNUTLS_E_MEMORY_ERROR;
++ goto error;
++ }
++ memcpy(priv->session_ticket, p, ticket_len);
+ }
+- memcpy(priv->session_ticket, p, ticket_len);
+ priv->session_ticket_len = ticket_len;
+ epriv = priv;
+
+--
+2.26.2
+
diff -Nru gnutls28-3.6.7/debian/patches/44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch gnutls28-3.6.7/debian/patches/44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
--- gnutls28-3.6.7/debian/patches/44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 2020-06-07 07:34:11.000000000 +0200
@@ -0,0 +1,242 @@
+From 299bd4f113d0bd39fa1577a671a04ed7899eff3c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sun, 31 May 2020 12:39:14 +0200
+Subject: [PATCH 1/3] _gnutls_pkcs11_verify_crt_status: check validity against
+ system cert
+
+To verify a certificate chain, this function replaces known
+certificates with the ones in the system trust store if possible.
+
+However, if it is found, the function checks the validity of the
+original certificate rather than the certificate found in the trust
+store. That reveals a problem in a scenario that (1) a certificate is
+signed by multiple issuers and (2) one of the issuers' certificate has
+expired and included in the input chain.
+
+This patch makes it a little robuster by actually retrieving the
+certificate from the trust store and perform check against it.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/pkcs11.c | 98 +++++++++++++++++++++++++++++++++--------------
+ lib/pkcs11_int.h | 5 +++
+ lib/x509/verify.c | 7 +++-
+ 3 files changed, 80 insertions(+), 30 deletions(-)
+
+--- a/lib/pkcs11.c
++++ b/lib/pkcs11.c
+@@ -4507,38 +4507,14 @@ int gnutls_pkcs11_get_raw_issuer_by_subj
+ p11_kit_uri_free(info);
+
+ return ret;
+ }
+
+-/**
+- * gnutls_pkcs11_crt_is_known:
+- * @url: A PKCS 11 url identifying a token
+- * @cert: is the certificate to find issuer for
+- * @issuer: Will hold the issuer if any in an allocated buffer.
+- * @fmt: The format of the exported issuer.
+- * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
+- *
+- * This function will check whether the provided certificate is stored
+- * in the specified token. This is useful in combination with
+- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
+- * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
+- * to check whether a CA is present or a certificate is blacklisted in
+- * a trust PKCS #11 module.
+- *
+- * This function can be used with a @url of "pkcs11:", and in that case all modules
+- * will be searched. To restrict the modules to the marked as trusted in p11-kit
+- * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
+- *
+- * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
+- * specific to p11-kit trust modules.
+- *
+- * Returns: If the certificate exists non-zero is returned, otherwise zero.
+- *
+- * Since: 3.3.0
+- **/
+-unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
+- unsigned int flags)
++unsigned
++_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
++ unsigned int flags,
++ gnutls_x509_crt_t *trusted_cert)
+ {
+ int ret;
+ struct find_cert_st priv;
+ uint8_t serial[128];
+ size_t serial_size;
+@@ -4546,10 +4522,19 @@ unsigned gnutls_pkcs11_crt_is_known(cons
+
+ PKCS11_CHECK_INIT_FLAGS_RET(flags, 0);
+
+ memset(&priv, 0, sizeof(priv));
+
++ if (trusted_cert) {
++ ret = gnutls_pkcs11_obj_init(&priv.obj);
++ if (ret < 0) {
++ gnutls_assert();
++ goto cleanup;
++ }
++ priv.need_import = 1;
++ }
++
+ if (url == NULL || url[0] == 0) {
+ url = "pkcs11:";
+ }
+
+ ret = pkcs11_url_to_info(url, &info, 0);
+@@ -4592,12 +4577,22 @@ unsigned gnutls_pkcs11_crt_is_known(cons
+ NULL, pkcs11_obj_flags_to_int(flags));
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ _gnutls_debug_log("crt_is_known: did not find cert, using issuer DN + serial, using DN only\n");
+ /* attempt searching with the subject DN only */
+ gnutls_assert();
++ if (priv.obj)
++ gnutls_pkcs11_obj_deinit(priv.obj);
+ gnutls_free(priv.serial.data);
+ memset(&priv, 0, sizeof(priv));
++ if (trusted_cert) {
++ ret = gnutls_pkcs11_obj_init(&priv.obj);
++ if (ret < 0) {
++ gnutls_assert();
++ goto cleanup;
++ }
++ priv.need_import = 1;
++ }
+ priv.crt = cert;
+ priv.flags = flags;
+
+ priv.dn.data = cert->raw_dn.data;
+ priv.dn.size = cert->raw_dn.size;
+@@ -4610,21 +4605,68 @@ unsigned gnutls_pkcs11_crt_is_known(cons
+ _gnutls_debug_log("crt_is_known: did not find any cert\n");
+ ret = 0;
+ goto cleanup;
+ }
+
++ if (trusted_cert) {
++ ret = gnutls_x509_crt_init(trusted_cert);
++ if (ret < 0) {
++ gnutls_assert();
++ ret = 0;
++ goto cleanup;
++ }
++ ret = gnutls_x509_crt_import_pkcs11(*trusted_cert, priv.obj);
++ if (ret < 0) {
++ gnutls_assert();
++ gnutls_x509_crt_deinit(*trusted_cert);
++ ret = 0;
++ goto cleanup;
++ }
++ }
+ ret = 1;
+
+ cleanup:
++ if (priv.obj)
++ gnutls_pkcs11_obj_deinit(priv.obj);
+ if (info)
+ p11_kit_uri_free(info);
+ gnutls_free(priv.serial.data);
+
+ return ret;
+ }
+
+ /**
++ * gnutls_pkcs11_crt_is_known:
++ * @url: A PKCS 11 url identifying a token
++ * @cert: is the certificate to find issuer for
++ * @flags: Use zero or flags from %GNUTLS_PKCS11_OBJ_FLAG.
++ *
++ * This function will check whether the provided certificate is stored
++ * in the specified token. This is useful in combination with
++ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
++ * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,
++ * to check whether a CA is present or a certificate is blacklisted in
++ * a trust PKCS #11 module.
++ *
++ * This function can be used with a @url of "pkcs11:", and in that case all modules
++ * will be searched. To restrict the modules to the marked as trusted in p11-kit
++ * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
++ *
++ * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is
++ * specific to p11-kit trust modules.
++ *
++ * Returns: If the certificate exists non-zero is returned, otherwise zero.
++ *
++ * Since: 3.3.0
++ **/
++unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
++ unsigned int flags)
++{
++ return _gnutls_pkcs11_crt_is_known(url, cert, flags, NULL);
++}
++
++/**
+ * gnutls_pkcs11_obj_get_flags:
+ * @obj: The pkcs11 object
+ * @oflags: Will hold the output flags
+ *
+ * This function will return the flags of the object.
+--- a/lib/pkcs11_int.h
++++ b/lib/pkcs11_int.h
+@@ -458,8 +458,13 @@ inline static bool is_pkcs11_url_object(
+ if (strstr(url, "id=") != 0 || strstr(url, "object=") != 0)
+ return 1;
+ return 0;
+ }
+
++unsigned
++_gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
++ unsigned int flags,
++ gnutls_x509_crt_t *trusted_cert);
++
+ #endif /* ENABLE_PKCS11 */
+
+ #endif
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -32,10 +32,11 @@
+ #include <global.h>
+ #include <num.h> /* MAX */
+ #include <tls-sig.h>
+ #include <str.h>
+ #include <datum.h>
++#include <pkcs11_int.h>
+ #include <x509_int.h>
+ #include <common.h>
+ #include <pk.h>
+ #include "supported_exts.h"
+
+@@ -1149,24 +1150,27 @@ _gnutls_pkcs11_verify_crt_status(const c
+ else
+ i = 1; /* do not replace the first one */
+
+ for (; i < clist_size; i++) {
+ unsigned vflags;
++ gnutls_x509_crt_t trusted_cert;
+
+ if (i == 0) /* in the end certificate do full comparison */
+ vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
+ GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED;
+ else
+ vflags = GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|
+ GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED;
+
+- if (gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags) != 0) {
++ if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) {
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS) &&
+ !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) {
+ status |=
+- check_time_status(certificate_list[i], now);
++ check_time_status(trusted_cert, now);
++ gnutls_x509_crt_deinit(trusted_cert);
++
+ if (status != 0) {
+ if (func)
+ func(certificate_list[i], certificate_list[i], NULL, status);
+ return status;
+ }
diff -Nru gnutls28-3.6.7/debian/patches/44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch gnutls28-3.6.7/debian/patches/44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch
--- gnutls28-3.6.7/debian/patches/44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch 2020-06-07 07:34:11.000000000 +0200
@@ -0,0 +1,42 @@
+From cdf075e7f54cb77f046ef3e7c2147f159941faca Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sun, 31 May 2020 13:59:53 +0200
+Subject: [PATCH 2/3] x509: trigger fallback verification path when cert is
+ expired
+
+gnutls_x509_trust_list_verify_crt2 use the macro SIGNER_OLD_OR_UNKNOWN
+to trigger the fallback verification path if the signer of the last
+certificate is not in the trust store. Previously, it doesn't take
+into account of the condition where the certificate is expired.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/x509/verify-high.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
+index b1421ef17..40638ad3a 100644
+--- a/lib/x509/verify-high.c
++++ b/lib/x509/verify-high.c
+@@ -1192,11 +1192,13 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
+
+ #define LAST_DN cert_list[cert_list_size-1]->raw_dn
+ #define LAST_IDN cert_list[cert_list_size-1]->raw_issuer_dn
+-/* This macro is introduced to detect a verification output
+- * which indicates an unknown signer, or a signer which uses
+- * an insecure algorithm (e.g., sha1), something that indicates
+- * a superseded signer */
+-#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM))
++/* This macro is introduced to detect a verification output which
++ * indicates an unknown signer, a signer which uses an insecure
++ * algorithm (e.g., sha1), a signer has expired, or something that
++ * indicates a superseded signer */
++#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || \
++ (output & GNUTLS_CERT_EXPIRED) || \
++ (output & GNUTLS_CERT_INSECURE_ALGORITHM))
+ #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND))
+
+ /**
+--
+2.26.2
+
diff -Nru gnutls28-3.6.7/debian/patches/44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch gnutls28-3.6.7/debian/patches/44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch
--- gnutls28-3.6.7/debian/patches/44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch 2020-06-07 07:34:11.000000000 +0200
@@ -0,0 +1,123 @@
+From 9067bcbee8ff18badff1e829d22e63590dbd7a5c Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sun, 31 May 2020 14:28:48 +0200
+Subject: [PATCH 3/3] tests: add test case for certificate chain superseding
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ tests/test-chains.h | 97 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 97 insertions(+)
+
+--- a/tests/test-chains.h
++++ b/tests/test-chains.h
+@@ -3978,6 +3978,102 @@ static const char *gost12_512[] = {
+ };
+ #endif
+
++/* This contains an expired intermediate CA, which should be superseded. */
++static const char *superseding[] = {
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDrzCCAmegAwIBAgIUcozIBhMJvM/rd1PVI7LOq7Kscs8wDQYJKoZIhvcNAQEL"
++ "BQAwJjEkMCIGA1UEAxMbR251VExTIHRlc3QgaW50ZXJtZWRpYXRlIENBMCAXDTIw"
++ "MDUzMTEyMTczN1oYDzk5OTkxMjMxMjM1OTU5WjA3MRgwFgYDVQQDEw90ZXN0Lmdu"
++ "dXRscy5vcmcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCASAwCwYJKoZI"
++ "hvcNAQEKA4IBDwAwggEKAoIBAQCd2PBnWn+b0FsIMbG+f/K+og2iK/BoLCsJD3j9"
++ "yRNSHD6wTifYwNTbe1LF/8BzxcwVRCD0zpbpFQawbjxbmBSzrXqQlUFFG11DvNBa"
++ "w58rgHGo3TYCrtFIBfLbziyB1w/vWeX0xHvv8MMJ1iRSdY+7Y36a2cV+s85PdO4B"
++ "TpZlLfy8LPP6p6+dgVoC+9tTu2H1wARYOVog+jt9A3Hx0L1xxVWTedFoiK2sVouz"
++ "fLRjfp5cOwuRHSD2qbpGOAeNVVaOE88Bv3pIGPguMw0qAdEDo20hRYH23LIyvBwB"
++ "oCnyFNnAViMtLa2QlXSliV9a9BKOXYjWzAeso2SF4pdHcvd5AgMBAAGjgZMwgZAw"
++ "DAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg90ZXN0LmdudXRscy5vcmcwEwYDVR0l"
++ "BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUan6mlccq"
++ "Uy1Z64wvRv3xxg4h2ykwHwYDVR0jBBgwFoAUSCM0UwqJMThKWurKttKm3s4dKxgw"
++ "DQYJKoZIhvcNAQELBQADggExAKAOMyMLpk0u2UTwwFWtr1hfx7evo2J7dgco410I"
++ "DN/QWoe2Xlcxcp1h5R9rX1I3KU2WGFtdXqiMsllCLnrDEKZmlks0uz76bCpKmM99"
++ "/1MDlY7mGCr/2PPx53USK5J5JTiqgp6r7qAcDAnpYvrPH45kk7iqwh02DhAxRnGR"
++ "CW7KWK8h7uu0Az9iBT2YfV372g4fRDK3fqYzJofQwbhSiUuJ7wyZCRhGOoxMMmDb"
++ "KBbc1wAYXW+tlv2cSbfzRvSxMR+CzkyH2tGDxeN//aZUfGmQ8IzWUQ7UtK5z+Q0E"
++ "fL6fZtm2SdGabGpV1UYoGpwOtOngK+m0i9SqrMD7g5+SMhc1VuvVuTtxjr5Cha8l"
++ "X0HEZtxgFrkdfMD4yLAqiguaCBngtbRmELF5VpebmJbiLVU="
++ "-----END CERTIFICATE-----",
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDkTCCAkmgAwIBAgIUY9cJ4NLNFEaojJHdP1I4Q7OHNJwwDQYJKoZIhvcNAQEL"
++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMTgxMjMxMjMwMDAwWhcN"
++ "MjAwNTMwMjIwMDAwWjAmMSQwIgYDVQQDExtHbnVUTFMgdGVzdCBpbnRlcm1lZGlh"
++ "dGUgQ0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7K"
++ "sH702LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8W"
++ "yZdVNRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITc"
++ "lg6ybBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7"
++ "oc0lYpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLy"
++ "rXPlGQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+"
++ "G+3ro22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjeh"
++ "KZ+Aeap1AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE"
++ "ADAdBgNVHQ4EFgQUSCM0UwqJMThKWurKttKm3s4dKxgwHwYDVR0jBBgwFoAUHncj"
++ "bWcxH5EHm5Yv7PzIRv6M4QMwDQYJKoZIhvcNAQELBQADggExAHP1UAQ/nvuQtRZF"
++ "Q4b96yxVwCjMjn7knLyLNtyYGE3466xvE/ofvx5lgaR06ez/G17XP+Ok5SLJNUVc"
++ "mplTERCv5CgnX7R5VdGJkkD1repaYxaTtwyJz0AfYEMRUj3jfaeLaiUKJvEW5RRs"
++ "I3solY18sy/m/xGrH2X0GTNfKM9BURENABsppt07jxH719nF9m9SynV/Z2hE5hlv"
++ "5e5vyPt4wyRPIJLUI3TKAlvb1s40zz3ua7ZTgQL/cOxfY4f9pRKW9CMB3uF69OP9"
++ "COAxrmHVZsImmDZ6qO1qQrbY1KN/cX5kG4pKg7Ium723aOlwcWzEDXKumD960fN1"
++ "5g+HrjNs6kW+r9Q5QS8qV5s8maZNcxTrMvQ1fF2AKBNI3Z3U7vmtrSeqxIXp3rGH"
++ "iJwOKIk="
++ "-----END CERTIFICATE-----",
++ NULL
++};
++
++static const char *superseding_ca[] = {
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDkzCCAkugAwIBAgIUIs7jB4Q4sFcdCmzWVHbJLESC3T4wDQYJKoZIhvcNAQEL"
++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMzEwWhgP"
++ "OTk5OTEyMzEyMzU5NTlaMCYxJDAiBgNVBAMTG0dudVRMUyB0ZXN0IGludGVybWVk"
++ "aWF0ZSBDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/"
++ "HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8"
++ "vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqI"
++ "hNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWl"
++ "WDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQp"
++ "kvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzkl"
++ "zz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2"
++ "N6Epn4B5qnUCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMD"
++ "BwQAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQe"
++ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAcF9R9VGQxTwW"
++ "aOjeIeQ9ZJxybaj0BaXC8xR4b9uZloS9d/RBFTjgRbQ82yqaj7f80mgUtabKRfTA"
++ "ltV2MgTbJdOjwGzEDtKGhClBbovnEGrYTbPBT9rgfYPt0q7SMBr6AzGAPt+ltwI7"
++ "9yntV81qvTxvW5MEEo0j2MuA3NT3oqe+w1rUKNQCWhnN2TUhJGkTlaaMozcgNFaE"
++ "Dplop4dtvCGtupxOjC3Nf6FWq1k7iZQxX70AFBYVMpuF7qGh6qDp+T1hmTCSVzxP"
++ "SfDQIBjhKgy4clhkuR5SRxhN74RX+/5eiQyVLxzr+eIhqzJhPqUCmVnCLcqYdNRi"
++ "hpHic4uJm0wGOKYTI7EG8rb4ZP4Jz6k4iN9CnL/+kiiW5otSl3YyCAuao5VKdDq9"
++ "izchzb9eow=="
++ "-----END CERTIFICATE-----",
++ "-----BEGIN CERTIFICATE-----"
++ "MIIDZTCCAh2gAwIBAgIULcrECQOBgPaePBfBHXcyZiU0IiYwDQYJKoZIhvcNAQEL"
++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMTQzWhgP"
++ "OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN"
++ "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C"
++ "qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ"
++ "U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8"
++ "vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW"
++ "PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG"
++ "VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7"
++ "FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB"
++ "o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE"
++ "FB53I21nMR+RB5uWL+z8yEb+jOEDMA0GCSqGSIb3DQEBCwUAA4IBMQAeMSzMyuTy"
++ "FjXTjxAUv010bsr6e6fI9txq/S1tXmWWJV/8aeARthuOFZO5Jjy3C5aMbac2HDV4"
++ "Otu0+JLaoEMSXvorAhValVuq06i5cmaPzvJBcxMWzlEAXfavSwHv5Q+kqNU3z81S"
++ "WnjEpMHcl9OyER7o9IhF55Xom2BXY5XL83QOzQ4C3bpKrNevZC7i7zS8NoYRGP+8"
++ "w21JseXkWQW4o2hkFqbCcRE1dlMW02iJE28RZ5aBFDIm2Y6zuLaXZIkaO7E41CAw"
++ "IUyhowm/S1HcmQnhruAGKJvQtB6jvnhZb7pgnuSkhIvAQgw93CLE985KEua1ifY2"
++ "p1d/6ho2TWotHHqDnDkB8pC0Wzai8R+63z18Kt0gROX2QItCyFksjNJqYPbgwZgt"
++ "eh1COrLsOJo+"
++ "-----END CERTIFICATE-----",
++ NULL
++};
++
+ #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+ # pragma GCC diagnostic push
+ # pragma GCC diagnostic ignored "-Wunused-variable"
+@@ -4142,6 +4238,7 @@ static struct
+ { "gost 34.10-12-256 - ok", gost12_256, &gost12_256[0], 0, 0, 0, 1466612070, 1},
+ { "gost 34.10-12-512 - ok", gost12_512, &gost12_512[0], 0, 0, 0, 1466612070, 1},
+ #endif
++ { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 },
+ { NULL, NULL, NULL, 0, 0}
+ };
+
diff -Nru gnutls28-3.6.7/debian/patches/44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch gnutls28-3.6.7/debian/patches/44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch
--- gnutls28-3.6.7/debian/patches/44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.6.7/debian/patches/44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch 2020-06-07 06:47:28.000000000 +0200
@@ -0,0 +1,72 @@
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 2 Jun 2020 20:53:11 +0200
+Subject: stek: differentiate initial state from valid time window of
+ TOTP
+Origin: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
+Bug: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
+Bug-Debian: https://bugs.debian.org/962289
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-13777
+Bug: https://gitlab.com/gnutls/gnutls/-/issues/1011
+
+There was a confusion in the TOTP implementation in stek.c. When the
+mechanism is initialized at the first time, it records the timestamp
+but doesn't initialize the key. This removes the timestamp recording
+at the initialization phase, so the key is properly set later.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+[Salvatore Bonaccorso: Drop test changes in tests/tls13/prf-early.c
+which are not applicble in version 3.6.7]
+---
+ lib/stek.c | 17 +++++------------
+ tests/resume-with-previous-stek.c | 4 ++--
+ tests/tls13/prf-early.c | 8 ++++----
+ 3 files changed, 11 insertions(+), 18 deletions(-)
+
+diff --git a/lib/stek.c b/lib/stek.c
+index 2f885cee372d..5ab9e7d2d1ce 100644
+--- a/lib/stek.c
++++ b/lib/stek.c
+@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
+ if (unlikely(session == NULL || key == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+- if (session->key.totp.last_result == 0) {
+- int64_t t;
+- memcpy(session->key.initial_stek, key->data, key->size);
+- t = totp_next(session);
+- if (t < 0)
+- return gnutls_assert_val(t);
++ if (unlikely(session->key.totp.last_result != 0))
++ return GNUTLS_E_INVALID_REQUEST;
+
+- session->key.totp.last_result = t;
+- session->key.totp.was_rotated = 0;
+-
+- return GNUTLS_E_SUCCESS;
+- }
++ memcpy(session->key.initial_stek, key->data, key->size);
+
+- return GNUTLS_E_INVALID_REQUEST;
++ session->key.totp.was_rotated = 0;
++ return 0;
+ }
+
+ /*
+diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
+index f212b188b9b6..05c1c90868db 100644
+--- a/tests/resume-with-previous-stek.c
++++ b/tests/resume-with-previous-stek.c
+@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
+ serverx509cred = NULL;
+ }
+
+- if (num_stek_rotations != 2)
+- fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
++ if (num_stek_rotations != 3)
++ fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
+
+ if (serverx509cred)
+ gnutls_certificate_free_credentials(serverx509cred);
+--
+2.27.0
+
diff -Nru gnutls28-3.6.7/debian/patches/series gnutls28-3.6.7/debian/patches/series
--- gnutls28-3.6.7/debian/patches/series 2020-06-05 19:32:17.000000000 +0200
+++ gnutls28-3.6.7/debian/patches/series 2020-06-07 07:34:21.000000000 +0200
@@ -7,5 +7,11 @@
40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
41_rel3.6.9_01-Support-for-Generalname-registeredID-from-RFC-5280-i.patch
42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
+42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch
43_rel3.6.13_01-dtls-client-hello-fix-zeroed-random-fixes-960.patch
-44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch
+43_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch
+44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch
+44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
+44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch
+44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch
+44_rel3.6.14_90-stek-differentiate-initial-state-from-valid-time-win.patch
Attachment:
signature.asc
Description: PGP signature