subject:"Bug#949310\: buster\-pu\: package gnutls28\/3.6.7\-4\+deb10u1"

Bug#949310: buster-pu: package gnutls28/3.6.7-4+deb10u1

2020-01-25 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sun, 2020-01-19 at 18:58 +0100, Andreas Metzler wrote:
> there is a regression in gnutls/buster compared to stretch. It fails
> to parse certificates using Registered ID in Subject Alternative
> Name.
> 

Please go ahead; thanks.

Regards,

Adam

Bug#949310: buster-pu: package gnutls28/3.6.7-4+deb10u1

2020-01-19 Thread Andreas Metzler

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hello,

there is a regression in gnutls/buster compared to stretch. It fails to
parse certificates using Registered ID in Subject Alternative Name.

See upstream report https://gitlab.com/gnutls/gnutls/issues/905 for more
details.

I would like to fix this in pu, by pulling the fix from GnuTLS 3.6.9.
The respective upstream change also adds a testcase and therefore
adds/modifies binaries. The proposed Debian changes are not
representable as debdiff, I am attaching git-format-patch diff instead.

cu Andreas
From de3d573242195eddab914709584242610b2e2762 Mon Sep 17 00:00:00 2001
From: Andreas Metzler 
Date: Sun, 19 Jan 2020 18:00:12 +0100
Subject: [PATCH] Fix parsing of certificates using RegisteredID Closes:
 #949293

---
 debian/binary/cert10.der  | Bin 0 -> 571 bytes
 debian/binary/cert5.der   | Bin 0 -> 414 bytes
 debian/changelog  |   6 +
 ...ralname-registeredID-from-RFC-5280-i.patch | 242 ++
 debian/patches/series |   1 +
 debian/rules  |   8 +
 debian/source/include-binaries|   2 +
 7 files changed, 259 insertions(+)
 create mode 100644 debian/binary/cert10.der
 create mode 100644 debian/binary/cert5.der
 create mode 100644 debian/patches/41_rel3.6.9_01-Support-for-Generalname-registeredID-from-RFC-5280-i.patch

diff --git a/debian/binary/cert10.der b/debian/binary/cert10.der
new file mode 100644
index ..07ab16d3eec034bd14cd94dd0174a2a76c768918
GIT binary patch
literal 571
zcmXqLVlp>qV!XS6nTe5!i7~~1i;Y98&EuRc3p0~}r=h5UFdK6y3o{Rod$6ygLP%`WXB7yE<
z2fL4n5$aH8Ms{W=1{U9cSH5JrPuwpy_1pr3D$^|zjMJuCRBw;2RdL_8Rbf7h>pH)<
zAeoC69oOR@)U-AzX+7fIwMMr5Y?*=QWGCtCmWvy28Z=%rkOx{StIQ%{Al4xA)v;*r
z&#tN0V)pImvRHUfwt=hluz@T{0UwJPi^$%nrZZC05)>tNl_o6w-@LqAk^3n)5M%{e
z*bP`am^;k5AbfsC#{Vq90A+755C>^j0P%tT1qKj%dZQ2{6C;a3G)O|8CBz`eKz)Jg
z0_8TvjFOT9D}DXsOuZ6du2l?na>LnND5TnoutPm+unLQW`T$vOZ
zKAwN?_-Mxhr6h5Iomr{=|DUv8=uvo<@*?`vb#(?Ub_*tjOx3;Lceh_Su}`~V!O>ZX
Wj1`&&hyKl2t6N}^n#Cltcsc-wAErzI

literal 0
HcmV?d1

diff --git a/debian/binary/cert5.der b/debian/binary/cert5.der
new file mode 100644
index ..f950ff3e1b1c3bdac0afcafc21301dc49041d298
GIT binary patch
literal 414
zcmXqLVw`2r#K^pWnTe5!iIrjX+4uVlc-c6$+C196^D;8BvN9Mj7|4n98krj!7?~S@
zfMJw4uQ4(gsG@N`vMxqe2Ij_IplB!4ZwC4U2Q8?b$)N|M&OB#gW@KPotY9E#Aj8HS
zDl5n$Y9QRkpHWg$P;8~IZ)m8eXQ*e`$bjqtptqSD8yT*aah+=6FIw}h=PuiXI_1f4
zjO}l_7B(=|un6DSbvJtr%dXy6-G}cxmQKx*-MiUR_O`VBL+Qk(3D%vDzl3h&ysw<&
zyp-`_YHz|MkvGayTkSrdl3Mnxul!d_+T{}q_@dUQofGUa{3yTitAVP$$&aJO<`d^y
RD_LK5pB*+m;E!y@E&!)kWTgNA

literal 0
HcmV?d1

diff --git a/debian/changelog b/debian/changelog
index 4944112..ab8c730 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+gnutls28 (3.6.7-4+deb10u2) buster; urgency=medium
+
+  * Fix parsing of certificates using RegisteredID Closes: #949293
+
+ -- Andreas Metzler   Sun, 19 Jan 2020 14:03:08 +0100
+
 gnutls28 (3.6.7-4+deb10u1) buster; urgency=medium
 
   * 42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
diff --git a/debian/patches/41_rel3.6.9_01-Support-for-Generalname-registeredID-from-RFC-5280-i.patch b/debian/patches/41_rel3.6.9_01-Support-for-Generalname-registeredID-from-RFC-5280-i.patch
new file mode 100644
index 000..9129642
--- /dev/null
+++ b/debian/patches/41_rel3.6.9_01-Support-for-Generalname-registeredID-from-RFC-5280-i.patch
@@ -0,0 +1,242 @@
+From 55c76aab7620aa2609bb488a8ab72c7d782e8424 Mon Sep 17 00:00:00 2001
+From: Karsten Ohme 
+Date: Sat, 22 Jun 2019 00:39:56 +0200
+Subject: [PATCH] Support for Generalname registeredID from RFC 5280 in subject
+ alt name
+
+Added test certificates (cert10.der) with registered ID
+
+Updated Makefile for inclusion of test certificates
+
+Updated SAN unknown test certificates (cert5.der)
+
+Signed-off-by: Karsten Ohme 
+---
+ NEWS   |   3 ++
+ lib/includes/gnutls/gnutls.h.in|   4 ++-
+ lib/x509/common.c  |   5 +++
+ lib/x509/extensions.c  |   3 ++
+ lib/x509/output.c  |   4 +++
+ lib/x509/x509.c|   9 --
+ tests/Makefile.am  |   4 +--
+ tests/certs-interesting/cert10.der | Bin 0 -> 571 bytes
+ tests/certs-interesting/cert5.der  | Bin 418 -> 414 bytes
+ tests/crt_apis.c   |  49 +++--
+ 10 files changed, 66 insertions(+), 15 deletions(-)
+ create mode 100644 tests/certs-interesting/cert10.der
+
+--- a/NEWS
 b/NEWS
+@@ -5,6 +5,8 @@ Copyright (C) 2000-2016 Free Software Fo
+ Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
+ See the end for copying conditions.
+ 
++** libgnutls: Added support for Generalname registeredID.
++
+ * Version 3.6.7 (released 2019-03-27)
+ 
+ ** libgnutls, gnutls to

Bug#949310: buster-pu: package gnutls28/3.6.7-4+deb10u1

Bug#949310: buster-pu: package gnutls28/3.6.7-4+deb10u1

2 matches

Site Navigation

Mail list logo

Footer information