Bug#693530: unblock: gnutls26/2.12.20-2
Andreas Metzler
ametzler at downhill.at.eu.org
Sat Nov 17 15:27:21 UTC 2012
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package gnutls26.
* This fixes a network-manager segfault in vpn setup. (#647747) [FWIW
I have doublechecked with upstream that this not some kind of
vulnerability, but just a regular bug.]
30_strlen_on_null.diff - Upstream has the same fix
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=fcc063e196a97acdbbc94c5fd2d9603d21fc9c1f with a little bit different formatting.
* Currently there are two source packages in squeeze which build a
gnutls-doc package (gnutls26 and gnutls28). I was made aware of this
bug when I tried to upload gnutls 2.12.21 to experimental and the
package was rejected. Since later (security) uploads of gnutls might
have same the problem I think this issue might be considered rc.
We fix it by introducing gnutls26-doc, which is co-installable with
gnutls-doc.
unblock gnutls26/2.12.20-2
thanks, cu andreas
-------------- next part --------------
diff -Nru gnutls26-2.12.20/debian/changelog gnutls26-2.12.20/debian/changelog
--- gnutls26-2.12.20/debian/changelog 2012-06-10 16:53:53.000000000 +0200
+++ gnutls26-2.12.20/debian/changelog 2012-11-13 19:21:44.000000000 +0100
@@ -1,3 +1,14 @@
+gnutls26 (2.12.20-2) unstable; urgency=low
+
+ * 30_strlen_on_null.diff: Fix segfault caused by running strlen() on NULL.
+ Closes: #647747
+ * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x
+ packages. Add a new gnutls26-doc package which drops manpages and info
+ format documentation in favour of being co-installable with
+ gnutls-doc.
+
+ -- Andreas Metzler <ametzler at debian.org> Tue, 13 Nov 2012 19:21:25 +0100
+
gnutls26 (2.12.20-1) unstable; urgency=low
* New upstream release.
diff -Nru gnutls26-2.12.20/debian/control gnutls26-2.12.20/debian/control
--- gnutls26-2.12.20/debian/control 2012-03-03 18:17:11.000000000 +0100
+++ gnutls26-2.12.20/debian/control 2012-11-13 19:03:33.000000000 +0100
@@ -24,7 +24,7 @@
libgnutlsxx27 (= ${binary:Version}),libgnutls-openssl27 (= ${binary:Version}),
libgcrypt11-dev (>= 1.4.0), libc6-dev | libc-dev, zlib1g-dev,
libtasn1-3-dev (>= 0.3.4), libp11-kit-dev (>= 0.4), ${misc:Depends}
-Suggests: gnutls-doc
+Suggests: gnutls26-doc
Conflicts: gnutls-dev
Replaces: gnutls-dev
Description: GNU TLS library - development files
@@ -93,12 +93,12 @@
.
This package contains the debugger symbols and commandline utilities.
-Package: gnutls-doc
+Package: gnutls26-doc
Architecture: all
Section: doc
Depends: ${misc:Depends}
Multi-Arch: foreign
-Description: GNU TLS library - documentation and examples
+Description: GNU TLS library 2.x - documentation and examples
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
.
@@ -114,7 +114,7 @@
- all the strong encryption algorithms (including SHA-256/384/512 and
Camellia (RFC 4132)).
.
- This package contains all the GnuTLS documentation.
+ This package contains the documentation for the GnuTLS 2.x legacy version.
Package: libgnutlsxx27
Priority: extra
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.doc-base gnutls26-2.12.20/debian/gnutls26-doc.doc-base
--- gnutls26-2.12.20/debian/gnutls26-doc.doc-base 1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.doc-base 2012-11-13 19:02:55.000000000 +0100
@@ -0,0 +1,12 @@
+Document: gnutls26
+Title: GnuTLS 2.x Manual
+Author: Simon Josefsson
+Abstract: GnuTLS 2.x library manual
+Section: Programming/C
+
+Format: HTML
+Index: /usr/share/doc/gnutls26-doc/html/gnutls.html
+Files: /usr/share/doc/gnutls26-doc/html/*
+
+Format: PDF
+Files: /usr/share/doc/gnutls26-doc/gnutls.pdf
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference
--- gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference 1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference 2012-11-13 19:02:55.000000000 +0100
@@ -0,0 +1,9 @@
+Document: gnutls26-api
+Title: GnuTLS 2.x API Reference Manual
+Author: Simon Josefsson
+Abstract: GNU TLS API Reference Manual
+Section: Programming/C
+
+Format: HTML
+Index: /usr/share/doc/gnutls26-doc/api-reference/index.html
+Files: /usr/share/doc/gnutls26-doc/api-reference/*
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.docs gnutls26-2.12.20/debian/gnutls26-doc.docs
--- gnutls26-2.12.20/debian/gnutls26-doc.docs 1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.docs 2012-11-13 19:02:55.000000000 +0100
@@ -0,0 +1 @@
+doc/gnutls.pdf
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.examples gnutls26-2.12.20/debian/gnutls26-doc.examples
--- gnutls26-2.12.20/debian/gnutls26-doc.examples 1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.examples 2012-11-13 19:02:55.000000000 +0100
@@ -0,0 +1 @@
+doc/examples/*.c
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.install gnutls26-2.12.20/debian/gnutls26-doc.install
--- gnutls26-2.12.20/debian/gnutls26-doc.install 1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.install 2012-11-13 19:02:55.000000000 +0100
@@ -0,0 +1,6 @@
+doc/reference/html/*html usr/share/doc/gnutls26-doc/api-reference
+doc/reference/html/*png usr/share/doc/gnutls26-doc/api-reference
+doc/reference/html/*.css usr/share/doc/gnutls26-doc/api-reference
+doc/reference/html/*.sgml usr/share/doc/gnutls26-doc/api-reference
+doc/*.html usr/share/doc/gnutls26-doc/html
+doc/*.png usr/share/doc/gnutls26-doc/html
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.doc-base gnutls26-2.12.20/debian/gnutls-doc.doc-base
--- gnutls26-2.12.20/debian/gnutls-doc.doc-base 2008-05-01 13:30:56.000000000 +0200
+++ gnutls26-2.12.20/debian/gnutls-doc.doc-base 1970-01-01 01:00:00.000000000 +0100
@@ -1,16 +0,0 @@
-Document: gnutls
-Title: GnuTLS Manual
-Author: Simon Josefsson
-Abstract: GnuTLS library manual
-Section: Programming/C
-
-Format: HTML
-Index: /usr/share/doc/gnutls-doc/html/gnutls.html
-Files: /usr/share/doc/gnutls-doc/html/*
-
-Format: PDF
-Files: /usr/share/doc/gnutls-doc/gnutls.pdf
-
-Format: info
-Index: /usr/share/info/gnutls.info.gz
-Files: /usr/share/info/gnutls.info*
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference
--- gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference 2008-05-01 13:31:02.000000000 +0200
+++ gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference 1970-01-01 01:00:00.000000000 +0100
@@ -1,9 +0,0 @@
-Document: gnutls-api
-Title: GNU TLS API Reference Manual
-Author: Simon Josefsson
-Abstract: GNU TLS API Reference Manual
-Section: Programming/C
-
-Format: HTML
-Index: /usr/share/doc/gnutls-doc/api-reference/index.html
-Files: /usr/share/doc/gnutls-doc/api-reference/*
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.docs gnutls26-2.12.20/debian/gnutls-doc.docs
--- gnutls26-2.12.20/debian/gnutls-doc.docs 2007-11-29 19:56:04.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls-doc.docs 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-doc/gnutls.pdf
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.examples gnutls26-2.12.20/debian/gnutls-doc.examples
--- gnutls26-2.12.20/debian/gnutls-doc.examples 2007-11-29 19:56:04.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls-doc.examples 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-doc/examples/*.c
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.info gnutls26-2.12.20/debian/gnutls-doc.info
--- gnutls26-2.12.20/debian/gnutls-doc.info 2007-11-29 19:56:04.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls-doc.info 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-debian/tmp/usr/share/info/gnutls.info*
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.install gnutls26-2.12.20/debian/gnutls-doc.install
--- gnutls26-2.12.20/debian/gnutls-doc.install 2007-11-29 19:56:04.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls-doc.install 1970-01-01 01:00:00.000000000 +0100
@@ -1,7 +0,0 @@
-doc/reference/html/*html usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*png usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*.css usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*.sgml usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*.devhelp* usr/share/doc/gnutls-doc/api-reference
-doc/*.html usr/share/doc/gnutls-doc/html
-doc/*.png usr/share/doc/gnutls-doc/html
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.links gnutls26-2.12.20/debian/gnutls-doc.links
--- gnutls26-2.12.20/debian/gnutls-doc.links 2007-11-29 19:56:04.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls-doc.links 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-/usr/share/doc/gnutls-doc/api-reference /usr/share/gtk-doc/html/gnutls
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.manpages gnutls26-2.12.20/debian/gnutls-doc.manpages
--- gnutls26-2.12.20/debian/gnutls-doc.manpages 2007-11-29 19:56:04.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls-doc.manpages 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man3/*
diff -Nru gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff
--- gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff 2012-11-12 19:28:36.000000000 +0100
@@ -0,0 +1,50 @@
+Description: Prevent segfault on strlen(NULL)
+ already fixed in GnuTLS 3 at 95a922c2a8b75e6eddbcc688c0d719d0b07ee395
+Bug-Debian: http://bugs.debian.org/647747
+Last-Update: 2012-11-12
+
+--- gnutls26-2.12.20.orig/lib/x509/privkey_pkcs8.c
++++ gnutls26-2.12.20/lib/x509/privkey_pkcs8.c
+@@ -1577,8 +1577,12 @@ decrypt_data (schema_id schema, ASN1_TYP
+ cipher_hd_st ch;
+ int ch_init = 0;
+ int key_size;
++ unsigned int password_lenght=0;
+
+ data_size = 0;
++ if (password) {
++ password_lenght = strlen(password);
++ }
+ result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+@@ -1625,7 +1629,7 @@ decrypt_data (schema_id schema, ASN1_TYP
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+- result = _gnutls_pbkdf2_sha1 (password, strlen (password),
++ result = _gnutls_pbkdf2_sha1 (password, password_lenght,
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count, key, key_size);
+
+@@ -1881,6 +1885,11 @@ generate_key (schema_id schema,
+ {
+ opaque rnd[2];
+ int ret;
++ unsigned int password_lenght=0;
++
++ if (password) {
++ password_lenght = strlen(password);
++ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0)
+@@ -1955,7 +1964,7 @@ generate_key (schema_id schema,
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+- ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
++ ret = _gnutls_pbkdf2_sha1 (password, password_lenght,
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
diff -Nru gnutls26-2.12.20/debian/patches/series gnutls26-2.12.20/debian/patches/series
--- gnutls26-2.12.20/debian/patches/series 2012-06-10 16:28:05.000000000 +0200
+++ gnutls26-2.12.20/debian/patches/series 2012-11-12 19:28:53.000000000 +0100
@@ -3,3 +3,4 @@
17_ignoretestsuitteerrors.diff
18_gpgerrorinpkgconfig.diff
20_tests-select.diff
+30_strlen_on_null.diff
diff -Nru gnutls26-2.12.20/debian/rules gnutls26-2.12.20/debian/rules
--- gnutls26-2.12.20/debian/rules 2012-03-03 18:25:25.000000000 +0100
+++ gnutls26-2.12.20/debian/rules 2012-11-13 19:02:55.000000000 +0100
@@ -18,7 +18,7 @@
# pre-clean rule: save gnutls.pdf since it is expensive to regenerate.
# See README.source
-cleanbuilddir/gnutls-doc::
+cleanbuilddir/gnutls26-doc::
if [ -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi
@@ -35,21 +35,9 @@
if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi
# additional comands for build rule
-build/gnutls-doc::
+build/gnutls26-doc::
$(MAKE) html
-# add post deb preparation (including debhelper stuff) actions
-# generate symlinks manually and use dh_link to make them policy-conform.
-binary-install/gnutls-doc::
- cd debian/gnutls-doc && \
- for i in usr/share/doc/gnutls-doc/html/gnutls*.png ; do \
- i=`basename "$$i"` ; \
- ln -s "/usr/share/doc/gnutls-doc/html/$$i" \
- usr/share/info/ ; \
- done && \
- cd ../.. && \
- dh_link -pgnutls-doc
-
common-install-arch::
find debian/tmp/usr/lib/* -name '*.so.*.*' -type f -exec \
chrpath -d {} +
More information about the Pkg-gnutls-maint
mailing list