Bug#693530: marked as done (unblock: gnutls26/2.12.20-2)

Sat, 17 Nov 2012 08:54:17 -0800 

Your message dated Sat, 17 Nov 2012 16:48:56 +0000
with message-id <[email protected]>
and subject line Re: Bug#693530: unblock: gnutls26/2.12.20-2
has caused the Debian Bug report #693530,
regarding unblock: gnutls26/2.12.20-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
693530: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693530
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Please unblock package gnutls26.

* This fixes a network-manager segfault in vpn setup. (#647747) [FWIW
  I have doublechecked with upstream that this not some kind of
  vulnerability, but just a regular bug.]
  30_strlen_on_null.diff - Upstream has the same fix
  
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=fcc063e196a97acdbbc94c5fd2d9603d21fc9c1f
 with a little bit different formatting.

* Currently there are two source packages in squeeze which build a
  gnutls-doc package (gnutls26 and gnutls28). I was made aware of this
  bug when I tried to upload gnutls 2.12.21 to experimental and the
  package was rejected. Since later (security) uploads of gnutls might
  have same the problem I think this issue might be considered rc.
  
  We fix it by introducing gnutls26-doc, which is co-installable with
  gnutls-doc.

unblock gnutls26/2.12.20-2

thanks, cu andreas

diff -Nru gnutls26-2.12.20/debian/changelog gnutls26-2.12.20/debian/changelog
--- gnutls26-2.12.20/debian/changelog   2012-06-10 16:53:53.000000000 +0200
+++ gnutls26-2.12.20/debian/changelog   2012-11-13 19:21:44.000000000 +0100
@@ -1,3 +1,14 @@
+gnutls26 (2.12.20-2) unstable; urgency=low
+
+  * 30_strlen_on_null.diff: Fix segfault caused by running strlen() on NULL.
+    Closes: #647747
+  * Fix documentation packaging. gnutls-doc is built from the GnuTLS 3.x
+    packages. Add a new gnutls26-doc package which drops manpages and info
+    format documentation in favour of being co-installable with
+    gnutls-doc.
+
+ -- Andreas Metzler <[email protected]>  Tue, 13 Nov 2012 19:21:25 +0100
+
 gnutls26 (2.12.20-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru gnutls26-2.12.20/debian/control gnutls26-2.12.20/debian/control
--- gnutls26-2.12.20/debian/control     2012-03-03 18:17:11.000000000 +0100
+++ gnutls26-2.12.20/debian/control     2012-11-13 19:03:33.000000000 +0100
@@ -24,7 +24,7 @@
  libgnutlsxx27 (= ${binary:Version}),libgnutls-openssl27 (= ${binary:Version}),
  libgcrypt11-dev (>= 1.4.0), libc6-dev | libc-dev, zlib1g-dev,
  libtasn1-3-dev (>= 0.3.4), libp11-kit-dev (>= 0.4), ${misc:Depends}
-Suggests: gnutls-doc
+Suggests: gnutls26-doc
 Conflicts: gnutls-dev
 Replaces: gnutls-dev
 Description: GNU TLS library - development files
@@ -93,12 +93,12 @@
  .
  This package contains the debugger symbols and commandline utilities.
 
-Package: gnutls-doc
+Package: gnutls26-doc
 Architecture: all
 Section: doc
 Depends: ${misc:Depends}
 Multi-Arch: foreign
-Description: GNU TLS library - documentation and examples
+Description: GNU TLS library 2.x - documentation and examples
  GnuTLS is a portable library which implements the Transport Layer
  Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
  .
@@ -114,7 +114,7 @@
   - all the strong encryption algorithms (including SHA-256/384/512 and
     Camellia (RFC 4132)).
  .
- This package contains all the GnuTLS documentation.
+ This package contains the documentation for the GnuTLS 2.x legacy version.
 
 Package: libgnutlsxx27
 Priority: extra
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.doc-base 
gnutls26-2.12.20/debian/gnutls26-doc.doc-base
--- gnutls26-2.12.20/debian/gnutls26-doc.doc-base       1970-01-01 
01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.doc-base       2012-11-13 
19:02:55.000000000 +0100
@@ -0,0 +1,12 @@
+Document: gnutls26
+Title: GnuTLS 2.x Manual
+Author: Simon Josefsson
+Abstract: GnuTLS 2.x library manual
+Section: Programming/C
+
+Format: HTML
+Index: /usr/share/doc/gnutls26-doc/html/gnutls.html
+Files: /usr/share/doc/gnutls26-doc/html/*
+
+Format: PDF
+Files: /usr/share/doc/gnutls26-doc/gnutls.pdf
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference 
gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference
--- gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference  1970-01-01 
01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.doc-base.apireference  2012-11-13 
19:02:55.000000000 +0100
@@ -0,0 +1,9 @@
+Document: gnutls26-api
+Title: GnuTLS 2.x API Reference Manual
+Author: Simon Josefsson
+Abstract: GNU TLS API Reference Manual
+Section: Programming/C
+
+Format: HTML
+Index: /usr/share/doc/gnutls26-doc/api-reference/index.html
+Files: /usr/share/doc/gnutls26-doc/api-reference/*
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.docs 
gnutls26-2.12.20/debian/gnutls26-doc.docs
--- gnutls26-2.12.20/debian/gnutls26-doc.docs   1970-01-01 01:00:00.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.docs   2012-11-13 19:02:55.000000000 
+0100
@@ -0,0 +1 @@
+doc/gnutls.pdf
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.examples 
gnutls26-2.12.20/debian/gnutls26-doc.examples
--- gnutls26-2.12.20/debian/gnutls26-doc.examples       1970-01-01 
01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.examples       2012-11-13 
19:02:55.000000000 +0100
@@ -0,0 +1 @@
+doc/examples/*.c
diff -Nru gnutls26-2.12.20/debian/gnutls26-doc.install 
gnutls26-2.12.20/debian/gnutls26-doc.install
--- gnutls26-2.12.20/debian/gnutls26-doc.install        1970-01-01 
01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/gnutls26-doc.install        2012-11-13 
19:02:55.000000000 +0100
@@ -0,0 +1,6 @@
+doc/reference/html/*html usr/share/doc/gnutls26-doc/api-reference
+doc/reference/html/*png usr/share/doc/gnutls26-doc/api-reference
+doc/reference/html/*.css usr/share/doc/gnutls26-doc/api-reference
+doc/reference/html/*.sgml usr/share/doc/gnutls26-doc/api-reference
+doc/*.html usr/share/doc/gnutls26-doc/html
+doc/*.png usr/share/doc/gnutls26-doc/html
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.doc-base 
gnutls26-2.12.20/debian/gnutls-doc.doc-base
--- gnutls26-2.12.20/debian/gnutls-doc.doc-base 2008-05-01 13:30:56.000000000 
+0200
+++ gnutls26-2.12.20/debian/gnutls-doc.doc-base 1970-01-01 01:00:00.000000000 
+0100
@@ -1,16 +0,0 @@
-Document: gnutls
-Title: GnuTLS Manual
-Author: Simon Josefsson
-Abstract: GnuTLS library manual
-Section: Programming/C
-
-Format: HTML
-Index: /usr/share/doc/gnutls-doc/html/gnutls.html
-Files: /usr/share/doc/gnutls-doc/html/*
-
-Format: PDF
-Files: /usr/share/doc/gnutls-doc/gnutls.pdf
-
-Format: info
-Index: /usr/share/info/gnutls.info.gz
-Files: /usr/share/info/gnutls.info*
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference 
gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference
--- gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference    2008-05-01 
13:31:02.000000000 +0200
+++ gnutls26-2.12.20/debian/gnutls-doc.doc-base.apireference    1970-01-01 
01:00:00.000000000 +0100
@@ -1,9 +0,0 @@
-Document: gnutls-api
-Title: GNU TLS API Reference Manual
-Author: Simon Josefsson
-Abstract: GNU TLS API Reference Manual
-Section: Programming/C
-
-Format: HTML
-Index: /usr/share/doc/gnutls-doc/api-reference/index.html
-Files: /usr/share/doc/gnutls-doc/api-reference/*
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.docs 
gnutls26-2.12.20/debian/gnutls-doc.docs
--- gnutls26-2.12.20/debian/gnutls-doc.docs     2007-11-29 19:56:04.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls-doc.docs     1970-01-01 01:00:00.000000000 
+0100
@@ -1 +0,0 @@
-doc/gnutls.pdf
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.examples 
gnutls26-2.12.20/debian/gnutls-doc.examples
--- gnutls26-2.12.20/debian/gnutls-doc.examples 2007-11-29 19:56:04.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls-doc.examples 1970-01-01 01:00:00.000000000 
+0100
@@ -1 +0,0 @@
-doc/examples/*.c
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.info 
gnutls26-2.12.20/debian/gnutls-doc.info
--- gnutls26-2.12.20/debian/gnutls-doc.info     2007-11-29 19:56:04.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls-doc.info     1970-01-01 01:00:00.000000000 
+0100
@@ -1 +0,0 @@
-debian/tmp/usr/share/info/gnutls.info*
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.install 
gnutls26-2.12.20/debian/gnutls-doc.install
--- gnutls26-2.12.20/debian/gnutls-doc.install  2007-11-29 19:56:04.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls-doc.install  1970-01-01 01:00:00.000000000 
+0100
@@ -1,7 +0,0 @@
-doc/reference/html/*html usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*png usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*.css usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*.sgml usr/share/doc/gnutls-doc/api-reference
-doc/reference/html/*.devhelp* usr/share/doc/gnutls-doc/api-reference
-doc/*.html usr/share/doc/gnutls-doc/html
-doc/*.png usr/share/doc/gnutls-doc/html
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.links 
gnutls26-2.12.20/debian/gnutls-doc.links
--- gnutls26-2.12.20/debian/gnutls-doc.links    2007-11-29 19:56:04.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls-doc.links    1970-01-01 01:00:00.000000000 
+0100
@@ -1 +0,0 @@
-/usr/share/doc/gnutls-doc/api-reference /usr/share/gtk-doc/html/gnutls
diff -Nru gnutls26-2.12.20/debian/gnutls-doc.manpages 
gnutls26-2.12.20/debian/gnutls-doc.manpages
--- gnutls26-2.12.20/debian/gnutls-doc.manpages 2007-11-29 19:56:04.000000000 
+0100
+++ gnutls26-2.12.20/debian/gnutls-doc.manpages 1970-01-01 01:00:00.000000000 
+0100
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man3/*
diff -Nru gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff 
gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff
--- gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff      1970-01-01 
01:00:00.000000000 +0100
+++ gnutls26-2.12.20/debian/patches/30_strlen_on_null.diff      2012-11-12 
19:28:36.000000000 +0100
@@ -0,0 +1,50 @@
+Description: Prevent segfault on strlen(NULL)
+ already fixed in GnuTLS 3 at 95a922c2a8b75e6eddbcc688c0d719d0b07ee395
+Bug-Debian: http://bugs.debian.org/647747
+Last-Update: 2012-11-12
+
+--- gnutls26-2.12.20.orig/lib/x509/privkey_pkcs8.c
++++ gnutls26-2.12.20/lib/x509/privkey_pkcs8.c
+@@ -1577,8 +1577,12 @@ decrypt_data (schema_id schema, ASN1_TYP
+   cipher_hd_st ch;
+   int ch_init = 0;
+   int key_size;
++  unsigned int password_lenght=0;
+ 
+   data_size = 0;
++  if (password) {
++        password_lenght = strlen(password);
++  }
+   result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
+   if (result != ASN1_MEM_ERROR)
+     {
+@@ -1625,7 +1629,7 @@ decrypt_data (schema_id schema, ASN1_TYP
+     case PBES2_AES_192:
+     case PBES2_AES_256:
+ 
+-      result = _gnutls_pbkdf2_sha1 (password, strlen (password),
++      result = _gnutls_pbkdf2_sha1 (password, password_lenght,
+                                     kdf_params->salt, kdf_params->salt_size,
+                                     kdf_params->iter_count, key, key_size);
+ 
+@@ -1881,6 +1885,11 @@ generate_key (schema_id schema,
+ {
+   opaque rnd[2];
+   int ret;
++  unsigned int password_lenght=0;
++
++  if (password) {
++        password_lenght = strlen(password);
++  }
+ 
+   ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
+   if (ret < 0)
+@@ -1955,7 +1964,7 @@ generate_key (schema_id schema,
+     case PBES2_AES_192:
+     case PBES2_AES_256:
+ 
+-      ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
++      ret = _gnutls_pbkdf2_sha1 (password,  password_lenght,
+                                  kdf_params->salt, kdf_params->salt_size,
+                                  kdf_params->iter_count,
+                                  key->data, kdf_params->key_size);
diff -Nru gnutls26-2.12.20/debian/patches/series 
gnutls26-2.12.20/debian/patches/series
--- gnutls26-2.12.20/debian/patches/series      2012-06-10 16:28:05.000000000 
+0200
+++ gnutls26-2.12.20/debian/patches/series      2012-11-12 19:28:53.000000000 
+0100
@@ -3,3 +3,4 @@
 17_ignoretestsuitteerrors.diff
 18_gpgerrorinpkgconfig.diff
 20_tests-select.diff
+30_strlen_on_null.diff
diff -Nru gnutls26-2.12.20/debian/rules gnutls26-2.12.20/debian/rules
--- gnutls26-2.12.20/debian/rules       2012-03-03 18:25:25.000000000 +0100
+++ gnutls26-2.12.20/debian/rules       2012-11-13 19:02:55.000000000 +0100
@@ -18,7 +18,7 @@
 
 # pre-clean rule: save gnutls.pdf since it is expensive to regenerate.
 # See README.source
-cleanbuilddir/gnutls-doc::
+cleanbuilddir/gnutls26-doc::
        if [ -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf 
doc/gnutls.pdf.debbackup ; fi
 
 
@@ -35,21 +35,9 @@
        if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; then mv 
doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi
 
 # additional comands for build rule
-build/gnutls-doc::
+build/gnutls26-doc::
        $(MAKE) html
 
-# add post deb preparation (including debhelper stuff) actions
-# generate symlinks manually and use dh_link to make them policy-conform.
-binary-install/gnutls-doc::
-       cd debian/gnutls-doc && \
-       for i in usr/share/doc/gnutls-doc/html/gnutls*.png ; do \
-               i=`basename "$$i"` ; \
-               ln -s "/usr/share/doc/gnutls-doc/html/$$i" \
-                       usr/share/info/ ; \
-       done && \
-       cd ../.. && \
-       dh_link -pgnutls-doc
-
 common-install-arch::
        find debian/tmp/usr/lib/* -name '*.so.*.*' -type f -exec \
                chrpath -d {} +

--- End Message ---
--- Begin Message --- 
On Sat, 2012-11-17 at 16:27 +0100, Andreas Metzler wrote:
> Please unblock package gnutls26.
> 
> * This fixes a network-manager segfault in vpn setup. (#647747) [FWIW

++  unsigned int password_lenght=0;

s/lenght/length/g, fwiw.

[...]
> * Currently there are two source packages in squeeze which build a
>   gnutls-doc package (gnutls26 and gnutls28). I was made aware of this

In wheezy, too. :-)

>   bug when I tried to upload gnutls 2.12.21 to experimental and the
>   package was rejected. Since later (security) uploads of gnutls might
>   have same the problem I think this issue might be considered rc.
>   
>   We fix it by introducing gnutls26-doc, which is co-installable with
>   gnutls-doc.

Unblocked; thanks.

Regards,

Adam

--- End Message ---

Reply via email to