[ubuntu/artful-proposed] gnutls28 3.5.8-5ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed May 3 15:42:15 UTC 2017
gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium
* Merge with Debian. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
gnutls28 (3.5.8-5) unstable; urgency=medium
* 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
* 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
Addressed large allocation in OpenPGP certificate parsing, that could lead
in out-of-memory condition. Issue found using oss-fuzz project, and was
fixed by Alex Gaynor.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
[GNUTLS-SA-2017-3C]
gnutls28 (3.5.8-4) unstable; urgency=medium
* More upstream fixes from gnutls_3_5_x branch:
+ 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
overflow resulting to invalid memory write in OpenPGP certificate
parsing. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
[GNUTLS-SA-2017-3A]
+ 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
1 byte past the end of buffer in OpenPGP certificate parsing. Issue
found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+ 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
Addressed crashes in OpenPGP certificate parsing, related to private key
parser. No longer allow OpenPGP certificates (public keys) to contain
private key sub-packets. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
[GNUTLS-SA-2017-3B]
gnutls28 (3.5.8-3) unstable; urgency=high
* Another two bugfixes from upstream.
+ 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
Address test suite failure due to timezone differences.
Closes: #853732
+ 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
When returning success, but no elements
gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
elements with a pointer that was uninitialized.
gnutls28 (3.5.8-2) unstable; urgency=medium
* Pull two fixes from upstream GIT gnutls_3_5_x branch
35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.
gnutls28 (3.5.8-1) unstable; urgency=medium
* New upstream release.
* Upload to unstable.
gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium
* New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
tests/key-tests/key-invalid.)
+ Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
+ libgnutls: Fix double free in certificate information printing. If the
PKIX extension proxy was set with a policy language set but no policy
specified, that could lead to a double free. GNUTLS-SA-2017-1
CVE-2017-5334
+ libgnutls: Addressed invalid memory accesses in OpenPGP certificate
parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
gnutls28 (3.5.7-3) unstable; urgency=medium
* 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
by PKCS#8 decryption functions when an invalid key is provided. This
addresses regression on decrypting certain PKCS#8 keys.
Closes: #848905
gnutls28 (3.5.7-2) unstable; urgency=medium
* Upload to unstable.
gnutls28 (3.5.7-1) experimental; urgency=low
* New upstream version.
* Drop unneeded patches.
40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
41_04_cleanups-in-_gnutls_buffer_to_datum.patch
41_05_x509-output-use-the-new-functions-for-DN-output.patch
41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
* Add missing dependency of libgnutls28-dev on libgnutls-dane0.
* Update symbol file. (Add new symbols, bump dependency on functions that
might return new error codes.)
* Build with --with-included-unistring, Debian's libunistring package is
too old (non dual-licensed).
gnutls28 (3.5.6-7) unstable; urgency=low
* Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
for dns-root-data to libgnutls-dane0.
* Upload to unstable.
gnutls28 (3.5.6-6) experimental; urgency=medium
* Pull a patch set from upstream GIT which reverts the DN sorting change in
3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
Closes: #844539
41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
41_04_cleanups-in-_gnutls_buffer_to_datum.patch
41_05_x509-output-use-the-new-functions-for-DN-output.patch
41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
* Update symbol file.
gnutls28 (3.5.6-5) experimental; urgency=low
* Merge changes from unstable.
Date: Wed, 03 May 2017 10:00:32 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnutls28/3.5.8-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 03 May 2017 10:00:32 -0400
Source: gnutls28
Binary: libgnutls28-dev libgnutls30 gnutls-bin gnutls-doc libgnutlsxx28 libgnutls-openssl27 libgnutls-dane0
Architecture: source
Version: 3.5.8-5ubuntu1
Distribution: artful
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
gnutls-bin - GNU TLS library - commandline utilities
gnutls-doc - GNU TLS library - documentation and examples
libgnutls-dane0 - GNU TLS library - DANE security support
libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
libgnutls28-dev - GNU TLS library - development files
libgnutls30 - GNU TLS library - main runtime library
libgnutlsxx28 - GNU TLS library - C++ runtime library
Closes: 844539 848905 853732
Changes:
gnutls28 (3.5.8-5ubuntu1) artful; urgency=medium
.
* Merge with Debian. Remaining changes:
- debian/patches/disable_global_init_override_test.patch: disable
failing test.
- debian/patches/add-openssl-test-link.patch: add link for libssl
.
gnutls28 (3.5.8-5) unstable; urgency=medium
.
* 35_01_z_opencdk-read-packet.c-corrected-typo-in-type-cast.patch: Fix typo
in 35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch.
* 35_07_Enforce-the-max-packet-length-for-OpenPGP-subpackets.patch:
Addressed large allocation in OpenPGP certificate parsing, that could lead
in out-of-memory condition. Issue found using oss-fuzz project, and was
fixed by Alex Gaynor.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
[GNUTLS-SA-2017-3C]
.
gnutls28 (3.5.8-4) unstable; urgency=medium
.
* More upstream fixes from gnutls_3_5_x branch:
+ 35_05_cdk_pkt_read-enforce-packet-limits.patch: Addressed integer
overflow resulting to invalid memory write in OpenPGP certificate
parsing. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
[GNUTLS-SA-2017-3A]
+ 35_05_opencdk-read_attribute-account-buffer-size.patch Addressed read of
1 byte past the end of buffer in OpenPGP certificate parsing. Issue
found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391
+ 35_06_opencdk-do-not-parse-any-secret-keys-in-packet-when-.patch
Addressed crashes in OpenPGP certificate parsing, related to private key
parser. No longer allow OpenPGP certificates (public keys) to contain
private key sub-packets. Issue found using oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
[GNUTLS-SA-2017-3B]
.
gnutls28 (3.5.8-3) unstable; urgency=high
.
* Another two bugfixes from upstream.
+ 35_03_Address-test-suite-failure-due-to-timezone-differenc.patch
Address test suite failure due to timezone differences.
Closes: #853732
+ 35_04_gnutls_pkcs11_obj_list_import_url4-always-return-an-.patch
When returning success, but no elements
gnutls_pkcs11_obj_list_import_url4 could have returned zero number of
elements with a pointer that was uninitialized.
.
gnutls28 (3.5.8-2) unstable; urgency=medium
.
* Pull two fixes from upstream GIT gnutls_3_5_x branch
35_01_opencdk-improved-error-code-checking-in-the-stream-r.patch
35_02_Disable-AVX-support-when-it-is-not-supported-by-the-.patch.
.
gnutls28 (3.5.8-1) unstable; urgency=medium
.
* New upstream release.
* Upload to unstable.
.
gnutls28 (3.5.7+git668ea9-1) experimental; urgency=medium
.
* New upstream git snapshot 668ea956379d7ad65908912d2fa2e4499d45eddc from
upstream gnutls_3_5_x branch (2016-01-06). (Results of make dist + adding
tests/key-tests/key-invalid.)
+ Drop 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch
35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch
+ libgnutls: Fix double free in certificate information printing. If the
PKIX extension proxy was set with a policy language set but no policy
specified, that could lead to a double free. GNUTLS-SA-2017-1
CVE-2017-5334
+ libgnutls: Addressed invalid memory accesses in OpenPGP certificate
parsing. (issues found using oss-fuzz project) GNUTLS-SA-2017-2
CVE-2017-5335 / CVE-2017-5336 / CVE-2017-5337
.
gnutls28 (3.5.7-3) unstable; urgency=medium
.
* 35_01_pkcs8-ensure-that-the-correct-error-code-is-returned.patch,
35_02_tests-added-test-for-PKCS-8-encrypted-key-decoding.patch from
upstream 3.5 branch: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
by PKCS#8 decryption functions when an invalid key is provided. This
addresses regression on decrypting certain PKCS#8 keys.
Closes: #848905
.
gnutls28 (3.5.7-2) unstable; urgency=medium
.
* Upload to unstable.
.
gnutls28 (3.5.7-1) experimental; urgency=low
.
* New upstream version.
* Drop unneeded patches.
40_01_sockets-only-use-gnutls_bye-on-a-valid-socket-sessio.patch
40_02_gnutls-cli-debug-terminate-sessions-which-cannot-be-.patch
41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
41_04_cleanups-in-_gnutls_buffer_to_datum.patch
41_05_x509-output-use-the-new-functions-for-DN-output.patch
41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
* Add missing dependency of libgnutls28-dev on libgnutls-dane0.
* Update symbol file. (Add new symbols, bump dependency on functions that
might return new error codes.)
* Build with --with-included-unistring, Debian's libunistring package is
too old (non dual-licensed).
.
gnutls28 (3.5.6-7) unstable; urgency=low
.
* Point UNBOUND_ROOT_KEY_FILE to /usr/share/dns/root.key and add a Suggest
for dns-root-data to libgnutls-dane0.
* Upload to unstable.
.
gnutls28 (3.5.6-6) experimental; urgency=medium
.
* Pull a patch set from upstream GIT which reverts the DN sorting change in
3.5.6 and adds new functions to provide a RFC4514 compliant sorting.
Closes: #844539
41_01_Introduced-new-functions-to-allow-multiple-DN-parsin.patch
41_02__gnutls_x509_get_dn-when-no-data-ensure-we-return-GN.patch
41_03_certtool-use-the-new-APIs-for-DN-extraction.patch
41_04_cleanups-in-_gnutls_buffer_to_datum.patch
41_05_x509-output-use-the-new-functions-for-DN-output.patch
41_07_tests-account-for-the-strict-RFC4514-compliance-reve.patch
41_08_pkcs7-output-use-the-new-functions-for-DN-output.patch
* Update symbol file.
.
gnutls28 (3.5.6-5) experimental; urgency=low
.
* Merge changes from unstable.
Checksums-Sha1:
2e74391ff752713549f041741217a66c70cc90d8 3351 gnutls28_3.5.8-5ubuntu1.dsc
238d5e62f9bb078101131dd2f4c7f2c1ac13e813 7264448 gnutls28_3.5.8.orig.tar.xz
a48eb37b418a20fa78593786c1a2aeea25479176 287 gnutls28_3.5.8.orig.tar.xz.asc
c33d609a9fc83595839fdaa9dfcd1f0b47346a66 106052 gnutls28_3.5.8-5ubuntu1.debian.tar.xz
5cb3d3ce2fa02f5c8e326f63ef79dba6232deaf7 6721 gnutls28_3.5.8-5ubuntu1_source.buildinfo
Checksums-Sha256:
0387a71f2cb317bb88cdef8b8db9a46dde8076484fdb24424456b4a1eb6f76e0 3351 gnutls28_3.5.8-5ubuntu1.dsc
0e97f243ae72b70307d684b84c7fe679385aa7a7a0e37e5be810193dcc17d4ff 7264448 gnutls28_3.5.8.orig.tar.xz
417da9db564a841128edb2dc2c98465a5749541f7d71492cb7c4905a0bfeac82 287 gnutls28_3.5.8.orig.tar.xz.asc
3ff99b320d86b4764cc83e0f8eb16c012682c85792a78fda74dda02e9acacf2c 106052 gnutls28_3.5.8-5ubuntu1.debian.tar.xz
cafcaea46146d5d523f53f0bb8539d24f4a4973ba45beb8acc41a4fe2033f29a 6721 gnutls28_3.5.8-5ubuntu1_source.buildinfo
Files:
f2f41949050c89e4dbd1e803d0cf8521 3351 libs optional gnutls28_3.5.8-5ubuntu1.dsc
113e892e51acdb11b81804cd355adfee 7264448 libs optional gnutls28_3.5.8.orig.tar.xz
02647c990bd24fd3fa55b9be17d684d2 287 libs optional gnutls28_3.5.8.orig.tar.xz.asc
51490256db350426124bdacc28a4f91e 106052 libs optional gnutls28_3.5.8-5ubuntu1.debian.tar.xz
5c7546aafc9eed133a5fbb47838fbd71 6721 libs optional gnutls28_3.5.8-5ubuntu1_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJZCfQqAAoJEGVp2FWnRL6TuDAP/R8qCorO/ktkpJJ/oEjVsm5t
B9Y9oYwtq8luV32VsU26H97v4pr/3VsQKGObPs4g1RgWko45VuD5HBdkP9O4nmB1
GUrchG7eQBdFbGxJLF8pNFQ+842c996S9GYmHCNivXYqrQTnGo3NwpCu7Y/AfLj9
4JTyymfUuEfvAw9XEHCtFItcqtdeyNroBRA1qI4zXcYax46Q/KX6MoDPNiNLIZ5a
FxWtY+3kpJj2hKXc2S+X+mYB0tZikgl9ztkfp6f30eibA6IVjxGSJuUFLphUPuVe
MIyi+huPiTOmhu2hM5VHo+SMON74mQANDVeu4JZuXRcqr7wMHpNT50DdoArVKL7H
7MJv8GqZTwmKfd8g5FJyIOdLE78JQFBRRb92RYVN3seU/3pDiGXxJL13rC4VZbW3
vI/pLfOGOOhIeZ3BL76GZPyY69LOXKE0VYb8Hj7SSCnygwOI5CWX/wV2KAcnYBsw
rJdpvyIjPvRpNspon7oVTcDjlpz9r+LvIBfCIPBO+AVyTyWjkJvM5xtBf5U+I5tF
dItH/sWqcGVUjgWn/AMD9sfNJ1YLy5Yh9YyMfsdBt/wjHn7Qlhpt1RF1XAkIrqBh
zIhAZpHCv638fUUtgzbpCBBrNy7N1Ic3LlU5feqOIQOv+BI4i2iU3Bpkl//OabfD
p7+geyo3XR2KXJ4u86xp
=ePew
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list