Bug#1073262: bookworm-pu: package gnutls28/3.7.9-2+deb12u3

Andreas Metzler ametzler at bebt.de
Sat Jun 15 12:44:49 BST 2024 

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: gnutls28 at packages.debian.org
Control: affects -1 + src:gnutls28
User: release.debian.org at packages.debian.org
Usertags: pu

Hello,

I would like to essentially (i.e. sans version number bump) upgrade
gnutls28 to 3.7.11. All changes are cherry-picked from 3.8.x and are
already included in the sid/testing version.

Replace 60-auth-rsa_psk-side-step-potential-side-channel.patch
61-x509-detect-loop-in-certificate-chain.patch
62-rsa-psk-minimize-branching-after-decryption.patch with versions from
gnutls_3_7_x branch instead of manual backports from 3.8.x.

Add 53-fips-fix-checking-on-hash-algorithm-used-in-ECDSA.patch (Fix
checking on hash algorithm used in ECDSA in FIPS mode) and
54-fips-mark-composite-signature-API-not-approved.patch (Mark composite
signature API non-approved in FIPS mode.) to allow
straight cherry-picking of later patches.

63_01-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch
libgnutls: Fixed a bug where certtool crashed when verifying a
certificate chain with more than 16 certificates. Reported by William
Woodruff (#1525) and yixiangzhike (#1527).  [GNUTLS-SA-2024-01-23, CVSS:
medium] [CVE-2024-28835] Closes: #1067463

63_02-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).  [GNUTLS-SA-2023-12-04, CVSS:
medium] [CVE-2024-28834] Closes: #1067464

63_03-serv-fix-memleak-when-a-connected-client-disappears.patch
Fix a memleak in gnutls-serv when a connected client disappears.

63_04-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch
Fix a segfault in _gnutls13_recv_end_of_early_data().

63_05-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch
Fix a potential segfault in _gnutls13_recv_finished().

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: from-u2-to-u3.deb.diff
Type: text/x-diff
Size: 68877 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20240615/9adc8e08/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20240615/9adc8e08/attachment-0001.sig>

More information about the Pkg-gnutls-maint mailing list