Bug#922879: gnutls: gnutls 3.6 pseudo-randomly breaks VLC HTTP/2

[Rémi Denis-Courmont]

Package: libgnutls30
Version: 3.6.6-2
Severity: important
File: gnutls
Tags: upstream patch

Dear Maintainer,

With GnuTLS 3.6.x, VLC pseudo-randomly fails to connect to HTTP/2
servers due to what seems like a race condition in GnuTLS.
See also https://trac.videolan.org/vlc/ticket/21951 .

To reproduce, run VLC a dozen time or so (depending on the system),
until hitting a failure:

# vlc -Irc https://streams.videolan.org/issues/21941/Greatest%20Motown%20Songs%2060s%2070s%20Hits.mp3
(Ctrl+C to abort if it does not fail straight away)

The problem appears to be caused by the "fix" for Debian bug 849807,
which does not seem to follow the GnuTLS thread safety rules.

Since breaking working applications seems far worse than protecting
broken applications from shooting themselves in the foot, I suggest
reverting 849807
(i.e. GnuTLS commit 6a62ddfc416a4ec2118704f93c97fdd448d66566).

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8), LANGUAGE=fr:en_GB:fi (charmap=UTF-8) (ignored: LC_ALL set to fi_FI.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgnutls30:amd64 depends on:
ii  libc6          2.28-7
ii  libgmp10       2:6.1.2+dfsg-4
ii  libhogweed4    3.4.1-1
ii  libidn2-0      2.0.5-1
ii  libnettle6     3.4.1-1
ii  libp11-kit0    0.23.15-2
ii  libtasn1-6     4.13-3
ii  libunistring2  0.9.10-1

libgnutls30:amd64 recommends no packages.

Versions of packages libgnutls30:amd64 suggests:
ii  gnutls-bin  3.6.6-2

-- no debconf information