Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package gnutls26. * This fixes a network-manager segfault in vpn setup. (#647747) [FWIW I have doublechecked with upstream that this not some kind of vulnerability, but just a regular bug.] 30_strlen_on_null.diff - Upstream has the same fix http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=fcc063e196a97acdbbc94c5fd2d9603d21fc9c1f with a little bit different formatting. * Currently there are two source packages in squeeze which build a gnutls-doc package (gnutls26 and gnutls28). I was made aware of this bug when I tried to upload gnutls 2.12.21 to experimental and the package was rejected. Since later (security) uploads of gnutls might have same the problem I think this issue might be considered rc. We fix it by introducing gnutls26-doc, which is co-installable with gnutls-doc. unblock gnutls26/2.12.20-2 thanks, cu andreas
diff -Nru gnutls26-2.12.20/debian/changelog gnutls26-2.12.20/debian/changelog --- gnutls26-2.12.20/debian/changelog 2012-06-10 16:53:53.000000000 +0200 +++ gnutls26-2.12.20/debian/changelog 2012-11-13 19:21:44.000000000 +0100 @@ -1,3 +1,14 @@ +gnutls26 (2.12.20-2) unstable; urgency=low + + * 30_strlen_on_null.diff: Fix segfault caused by running strlen() on NULL. + Closes: #647747 + * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x + packages. Add a new gnutls26-doc package which drops manpages and info + format documentation in favour of being co-installable with + gnutls-doc. + + -- Andreas Metzler <[email protected]> Tue, 13 Nov 2012 19:21:25 +0100 + gnutls26 (2.12.20-1) unstable; urgency=low * New upstream release. diff -Nru gnutls26-2.12.20/debian/control gnutls26-2.12.20/debian/control --- gnutls26-2.12.20/debian/control 2012-03-03 18:17:11.000000000 +0100 +++ gnutls26-2.12.20/debian/control 2012-11-13 19:03:33.000000000 +0100 @@ -24,7 +24,7 @@ libgnutlsxx27 (= ${binary:Version}),libgnutls-openssl27 (= ${binary:Version}), libgcrypt11-dev (>= 1.4.0), libc6-dev | libc-dev, zlib1g-dev, libtasn1-3-dev (>= 0.3.4), libp11-kit-dev (>= 0.4), ${misc:Depends} -Suggests: gnutls-doc +Suggests: gnutls26-doc Conflicts: gnutls-dev Replaces: gnutls-dev Description: GNU TLS library - development files @@ -93,12 +93,12 @@ . This package contains the debugger symbols and commandline utilities. -Package: gnutls-doc +Package: gnutls26-doc Architecture: all Section: doc Depends: ${misc:Depends} Multi-Arch: foreign -Description: GNU TLS library - documentation and examples +Description: GNU TLS library 2.x - documentation and examples GnuTLS is a portable library which implements the Transport Layer Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols. . @@ -114,7 +114,7 @@ - all the strong encryption algorithms (including SHA-256/384/512 and Camellia (RFC 4132)). . - This package contains all the GnuTLS documentation. + This package contains the documentation for the GnuTLS 2.x legacy version. Package: libgnutlsxx27 Priority: extra diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.doc-base gnutls26-2.12.20/debian/gnutls26-doc.doc-base --- gnutls26-2.12.20/debian/gnutls26-doc.doc-base 1970-01-01 01:00:00.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls26-doc.doc-base 2012-11-13 19:02:55.000000000 +0100 @@ -0,0 +1,12 @@ +Document: gnutls26 +Title: GnuTLS 2.x Manual +Author: Simon Josefsson +Abstract: GnuTLS 2.x library manual +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/gnutls26-doc/html/gnutls.html +Files: /usr/share/doc/gnutls26-doc/html/* + +Format: PDF +Files: /usr/share/doc/gnutls26-doc/gnutls.pdf diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference --- gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference 1970-01-01 01:00:00.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference 2012-11-13 19:02:55.000000000 +0100 @@ -0,0 +1,9 @@ +Document: gnutls26-api +Title: GnuTLS 2.x API Reference Manual +Author: Simon Josefsson +Abstract: GNU TLS API Reference Manual +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/gnutls26-doc/api-reference/index.html +Files: /usr/share/doc/gnutls26-doc/api-reference/* diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.docs gnutls26-2.12.20/debian/gnutls26-doc.docs --- gnutls26-2.12.20/debian/gnutls26-doc.docs 1970-01-01 01:00:00.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls26-doc.docs 2012-11-13 19:02:55.000000000 +0100 @@ -0,0 +1 @@ +doc/gnutls.pdf diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.examples gnutls26-2.12.20/debian/gnutls26-doc.examples --- gnutls26-2.12.20/debian/gnutls26-doc.examples 1970-01-01 01:00:00.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls26-doc.examples 2012-11-13 19:02:55.000000000 +0100 @@ -0,0 +1 @@ +doc/examples/*.c diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.install gnutls26-2.12.20/debian/gnutls26-doc.install --- gnutls26-2.12.20/debian/gnutls26-doc.install 1970-01-01 01:00:00.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls26-doc.install 2012-11-13 19:02:55.000000000 +0100 @@ -0,0 +1,6 @@ +doc/reference/html/*html usr/share/doc/gnutls26-doc/api-reference +doc/reference/html/*png usr/share/doc/gnutls26-doc/api-reference +doc/reference/html/*.css usr/share/doc/gnutls26-doc/api-reference +doc/reference/html/*.sgml usr/share/doc/gnutls26-doc/api-reference +doc/*.html usr/share/doc/gnutls26-doc/html +doc/*.png usr/share/doc/gnutls26-doc/html diff -Nru gnutls26-2.12.20/debian/gnutls-doc.doc-base gnutls26-2.12.20/debian/gnutls-doc.doc-base --- gnutls26-2.12.20/debian/gnutls-doc.doc-base 2008-05-01 13:30:56.000000000 +0200 +++ gnutls26-2.12.20/debian/gnutls-doc.doc-base 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -Document: gnutls -Title: GnuTLS Manual -Author: Simon Josefsson -Abstract: GnuTLS library manual -Section: Programming/C - -Format: HTML -Index: /usr/share/doc/gnutls-doc/html/gnutls.html -Files: /usr/share/doc/gnutls-doc/html/* - -Format: PDF -Files: /usr/share/doc/gnutls-doc/gnutls.pdf - -Format: info -Index: /usr/share/info/gnutls.info.gz -Files: /usr/share/info/gnutls.info* diff -Nru gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference --- gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference 2008-05-01 13:31:02.000000000 +0200 +++ gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference 1970-01-01 01:00:00.000000000 +0100 @@ -1,9 +0,0 @@ -Document: gnutls-api -Title: GNU TLS API Reference Manual -Author: Simon Josefsson -Abstract: GNU TLS API Reference Manual -Section: Programming/C - -Format: HTML -Index: /usr/share/doc/gnutls-doc/api-reference/index.html -Files: /usr/share/doc/gnutls-doc/api-reference/* diff -Nru gnutls26-2.12.20/debian/gnutls-doc.docs gnutls26-2.12.20/debian/gnutls-doc.docs --- gnutls26-2.12.20/debian/gnutls-doc.docs 2007-11-29 19:56:04.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls-doc.docs 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -doc/gnutls.pdf diff -Nru gnutls26-2.12.20/debian/gnutls-doc.examples gnutls26-2.12.20/debian/gnutls-doc.examples --- gnutls26-2.12.20/debian/gnutls-doc.examples 2007-11-29 19:56:04.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls-doc.examples 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -doc/examples/*.c diff -Nru gnutls26-2.12.20/debian/gnutls-doc.info gnutls26-2.12.20/debian/gnutls-doc.info --- gnutls26-2.12.20/debian/gnutls-doc.info 2007-11-29 19:56:04.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls-doc.info 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -debian/tmp/usr/share/info/gnutls.info* diff -Nru gnutls26-2.12.20/debian/gnutls-doc.install gnutls26-2.12.20/debian/gnutls-doc.install --- gnutls26-2.12.20/debian/gnutls-doc.install 2007-11-29 19:56:04.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls-doc.install 1970-01-01 01:00:00.000000000 +0100 @@ -1,7 +0,0 @@ -doc/reference/html/*html usr/share/doc/gnutls-doc/api-reference -doc/reference/html/*png usr/share/doc/gnutls-doc/api-reference -doc/reference/html/*.css usr/share/doc/gnutls-doc/api-reference -doc/reference/html/*.sgml usr/share/doc/gnutls-doc/api-reference -doc/reference/html/*.devhelp* usr/share/doc/gnutls-doc/api-reference -doc/*.html usr/share/doc/gnutls-doc/html -doc/*.png usr/share/doc/gnutls-doc/html diff -Nru gnutls26-2.12.20/debian/gnutls-doc.links gnutls26-2.12.20/debian/gnutls-doc.links --- gnutls26-2.12.20/debian/gnutls-doc.links 2007-11-29 19:56:04.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls-doc.links 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -/usr/share/doc/gnutls-doc/api-reference /usr/share/gtk-doc/html/gnutls diff -Nru gnutls26-2.12.20/debian/gnutls-doc.manpages gnutls26-2.12.20/debian/gnutls-doc.manpages --- gnutls26-2.12.20/debian/gnutls-doc.manpages 2007-11-29 19:56:04.000000000 +0100 +++ gnutls26-2.12.20/debian/gnutls-doc.manpages 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -debian/tmp/usr/share/man/man3/* diff -Nru gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff --- gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff 1970-01-01 01:00:00.000000000 +0100 +++ gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff 2012-11-12 19:28:36.000000000 +0100 @@ -0,0 +1,50 @@ +Description: Prevent segfault on strlen(NULL) + already fixed in GnuTLS 3 at 95a922c2a8b75e6eddbcc688c0d719d0b07ee395 +Bug-Debian: http://bugs.debian.org/647747 +Last-Update: 2012-11-12 + +--- gnutls26-2.12.20.orig/lib/x509/privkey_pkcs8.c ++++ gnutls26-2.12.20/lib/x509/privkey_pkcs8.c +@@ -1577,8 +1577,12 @@ decrypt_data (schema_id schema, ASN1_TYP + cipher_hd_st ch; + int ch_init = 0; + int key_size; ++ unsigned int password_lenght=0; + + data_size = 0; ++ if (password) { ++ password_lenght = strlen(password); ++ } + result = asn1_read_value (pkcs8_asn, root, NULL, &data_size); + if (result != ASN1_MEM_ERROR) + { +@@ -1625,7 +1629,7 @@ decrypt_data (schema_id schema, ASN1_TYP + case PBES2_AES_192: + case PBES2_AES_256: + +- result = _gnutls_pbkdf2_sha1 (password, strlen (password), ++ result = _gnutls_pbkdf2_sha1 (password, password_lenght, + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, key, key_size); + +@@ -1881,6 +1885,11 @@ generate_key (schema_id schema, + { + opaque rnd[2]; + int ret; ++ unsigned int password_lenght=0; ++ ++ if (password) { ++ password_lenght = strlen(password); ++ } + + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2); + if (ret < 0) +@@ -1955,7 +1964,7 @@ generate_key (schema_id schema, + case PBES2_AES_192: + case PBES2_AES_256: + +- ret = _gnutls_pbkdf2_sha1 (password, strlen (password), ++ ret = _gnutls_pbkdf2_sha1 (password, password_lenght, + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, + key->data, kdf_params->key_size); diff -Nru gnutls26-2.12.20/debian/patches/series gnutls26-2.12.20/debian/patches/series --- gnutls26-2.12.20/debian/patches/series 2012-06-10 16:28:05.000000000 +0200 +++ gnutls26-2.12.20/debian/patches/series 2012-11-12 19:28:53.000000000 +0100 @@ -3,3 +3,4 @@ 17_ignoretestsuitteerrors.diff 18_gpgerrorinpkgconfig.diff 20_tests-select.diff +30_strlen_on_null.diff diff -Nru gnutls26-2.12.20/debian/rules gnutls26-2.12.20/debian/rules --- gnutls26-2.12.20/debian/rules 2012-03-03 18:25:25.000000000 +0100 +++ gnutls26-2.12.20/debian/rules 2012-11-13 19:02:55.000000000 +0100 @@ -18,7 +18,7 @@ # pre-clean rule: save gnutls.pdf since it is expensive to regenerate. # See README.source -cleanbuilddir/gnutls-doc:: +cleanbuilddir/gnutls26-doc:: if [ -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi @@ -35,21 +35,9 @@ if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi # additional comands for build rule -build/gnutls-doc:: +build/gnutls26-doc:: $(MAKE) html -# add post deb preparation (including debhelper stuff) actions -# generate symlinks manually and use dh_link to make them policy-conform. -binary-install/gnutls-doc:: - cd debian/gnutls-doc && \ - for i in usr/share/doc/gnutls-doc/html/gnutls*.png ; do \ - i=`basename "$$i"` ; \ - ln -s "/usr/share/doc/gnutls-doc/html/$$i" \ - usr/share/info/ ; \ - done && \ - cd ../.. && \ - dh_link -pgnutls-doc - common-install-arch:: find debian/tmp/usr/lib/* -name '*.so.*.*' -type f -exec \ chrpath -d {} +
