Hello community, here is the log from the commit of package gnutls.12426 for openSUSE:Leap:15.1:Update checked in at 2020-04-28 00:18:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/gnutls.12426 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.gnutls.12426.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls.12426" Tue Apr 28 00:18:44 2020 rev:1 rq:797517 version:3.6.7 Changes: -------- New Changes file: --- /dev/null 2020-04-14 14:47:33.391806949 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.gnutls.12426.new.2738/gnutls.changes 2020-04-28 00:18:47.680558241 +0200 @@ -0,0 +1,3673 @@ +------------------------------------------------------------------- +Tue Apr 21 13:52:11 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Don't check for /etc/system-fips which we don't have (bsc#1169992) + * add gnutls-fips_mode_enabled.patch + +------------------------------------------------------------------- +Tue Apr 7 09:02:49 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Backport AES XTS support (bsc#1168835) + * add 0001-Vendor-in-XTS-functionality-from-Nettle.patch + * add gnutls-fips_XTS_key_check.patch + +------------------------------------------------------------------- +Thu Apr 2 08:38:40 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Fix zero random value in DTLS client hello + (CVE-2020-11501, bsc#1168345) + * add gnutls-CVE-2020-11501.patch + +------------------------------------------------------------------- +Mon Mar 30 12:43:33 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Split off FIPS checksums into a separate libgnutls30-hmac + subpackage (bsc#1152692) + * update baselibs.conf + +------------------------------------------------------------------- +Mon Mar 23 22:36:59 UTC 2020 - Jason Sikes <jsi...@suse.com> + +- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue + * No longer truncate output IV if input is shorter than block size. + * Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch + +------------------------------------------------------------------- +Mon Mar 23 14:30:07 UTC 2020 - Jason Sikes <jsi...@suse.com> + +- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test + * Added Diffie Hellman public key verification test. + * gnutls-3.6.7-fips_DH_ECDH_key_tests.patch + +------------------------------------------------------------------- +Tue Sep 24 13:16:02 UTC 2019 - Vítězslav Čížek <vci...@suse.com> + +- Install checksums for binary integrity verification which are + required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) + +------------------------------------------------------------------- +Thu May 16 12:34:30 UTC 2019 - Vítězslav Čížek <vci...@suse.com> + +- Explicitly require libnettle 3.4.1 (bsc#1134856) + * The RSA decryption code was rewritten in GnuTLS 3.6.5 in order + to fix CVE-2018-16868, the new implementation makes use of a new + rsa_sec_decrypt() function introduced in libnettle 3.4.1 + * libnettle was recently updated to the 3.4.1 version but we need + to add explicit dependency on it to prevent missing symbol errors + with the older versions + +------------------------------------------------------------------- +Tue Apr 16 23:47:37 UTC 2019 - Jason Sikes <jsi...@suse.de> + +- Restored autoreconf in build. +- Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch + since the version requirements of required libraries are once again + automatically determined. +- Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a + better patch name for handling the '--with-guile-site-dir=' problem in + 3.6.7. + +------------------------------------------------------------------- +Tue Apr 2 03:21:28 UTC 2019 - Jason Sikes <jsi...@suse.de> + +- Update gnutls to 3.6.7 + ** libgnutls, gnutls tools: Every gnutls_free() will automatically set + the free'd pointer to NULL. This prevents possible use-after-free and + double free issues. Use-after-free will be turned into NULL dereference. + The counter-measure does not extend to applications using gnutls_free(). + + ** libgnutls: Fixed a memory corruption (double free) vulnerability in the + certificate verification API. Reported by Tavis Ormandy; addressed with + the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) + + ** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; + Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) + + ** libgnutls: enforce key usage limitations on certificates more actively. + Previously we would enforce it for TLS1.2 protocol, now we enforce it + even when TLS1.3 is negotiated, or on client certificates as well. When + an inappropriate for TLS1.3 certificate is seen on the credentials structure + GnuTLS will disable TLS1.3 support for that session (#690). + + ** libgnutls: the default number of tickets sent under TLS 1.3 was increased to + two. This makes it easier for clients which perform multiple connections + to the server to use the tickets sent by a default server. + + ** libgnutls: enforce the equality of the two signature parameters fields in + a certificate. We were already enforcing the signature algorithm, but there + was a bug in parameter checking code. + + ** libgnutls: fixed issue preventing sending and receiving from different + threads when false start was enabled (#713). + + ** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable + session, as non-writeable security officer sessions are undefined in PKCS#11 + (#721). + + ** libgnutls: no longer send downgrade sentinel in TLS 1.3. + Previously the sentinel value was embedded to early in version + negotiation and was sent even on TLS 1.3. It is now sent only when + TLS 1.2 or earlier is negotiated (#689). + + ** gnutls-cli: Added option --logfile to redirect informational messages output. + +- Disabled dane support since dane is not shipped with SLE-15 + +- Changed configure script to hardware guile site directory since command-line + option '--with-guile-site-dir=' was removed from the configure script in 3.6.7. + + ** Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch + +- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix + compilation issues on PPC + +- Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification + and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868) + +------------------------------------------------------------------- +Wed Mar 20 23:26:56 UTC 2019 - Jason Sikes <jsi...@suse.de> + +- FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3 + ** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits + on the public key (#640). + ** libgnutls: Added support for raw public-key authentication as defined in RFC7250. + Raw public-keys can be negotiated by enabling the corresponding certificate + types via the priority strings. The raw public-key mechanism must be explicitly + enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). + ** libgnutls: When on server or client side we are sending no extensions we do + not set an empty extensions field but we rather remove that field competely. + This solves a regression since 3.5.x and improves compatibility of the server + side with certain clients. + ** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if + the CKA_SIGN is not set (#667). + ** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely + disable extensions at all cases, while providing a functional session. This + also implies that when specified, TLS1.3 is disabled. + ** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. + The previous definition was non-functional (#609). + * Removed patches: + 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch + 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch + 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch + 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch + * Added Patches: + ** disable failing psk-file test (race condition): + disable-psk-file-test.patch + ** Patch configure script to accept specific versions of autotools and guile + that are present in SUSE-SLE15. (A bug prevents configure from accepting + a range of compatible versions. Upstream's solution is to hardwire for + the most current versions.) + gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch + * Modified: + ** gnutls-3.6.0-disable-flaky-dtls_resume-test.patch + +------------------------------------------------------------------- +Mon Sep 3 12:56:20 UTC 2018 - vci...@suse.com + +- Security update + Improve mitigations against Lucky 13 class of attacks + * "Just in Time" PRIME + PROBE cache-based side channel attack + can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) + * HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of + wrong constant (CVE-2018-10845, bsc#1105459) + * HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not + enough dummy function calls (CVE-2018-10844, bsc#1105437) + * add patches: + 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch + 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch + 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch + 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch + +------------------------------------------------------------------- +Thu Mar 29 10:01:31 UTC 2018 - vci...@suse.com + +- Simplify the DANE support %ifdef condition + * build with DANE on openSUSE only + +------------------------------------------------------------------- +Mon Mar 26 16:17:55 UTC 2018 - jeng...@inai.de + +- Adjust RPM groups. Drop %if..%endif guards that are idempotent. + +------------------------------------------------------------------- +Fri Mar 23 11:20:59 UTC 2018 - vci...@suse.com + +- build without DANE support on SLE-15, as it doesn't have unbound + (bsc#1086428) + ++++ 3476 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.gnutls.12426.new.2738/gnutls.changes New: ---- 0001-Vendor-in-XTS-functionality-from-Nettle.patch baselibs.conf disable-psk-file-test.patch gnutls-3.5.11-skip-trust-store-tests.patch gnutls-3.6.0-disable-flaky-dtls_resume-test.patch gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch gnutls-3.6.7-fips_DH_ECDH_key_tests.patch gnutls-3.6.7.tar.xz gnutls-3.6.7.tar.xz.sig gnutls-CVE-2020-11501.patch gnutls-fips_XTS_key_check.patch gnutls-fips_mode_enabled.patch gnutls.changes gnutls.keyring gnutls.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ # # spec file for package gnutls # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define gnutls_sover 30 %define gnutlsxx_sover 28 %define gnutls_dane_sover 0 # unbound isn't in SLE (bsc#1086428) %if 0%{?is_opensuse} %bcond_without dane %else %bcond_with dane %endif %bcond_with tpm %bcond_without guile Name: gnutls Version: 3.6.7 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later Group: Productivity/Networking/Security URL: https://www.gnutls.org/ Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig Source2: %{name}.keyring Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch Patch3: disable-psk-file-test.patch Patch4: gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch Patch5: gnutls-3.6.7-fips_DH_ECDH_key_tests.patch Patch6: gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch Patch7: gnutls-CVE-2020-11501.patch Patch8: 0001-Vendor-in-XTS-functionality-from-Nettle.patch Patch9: gnutls-fips_XTS_key_check.patch Patch10: gnutls-fips_mode_enabled.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge BuildRequires: fdupes BuildRequires: fipscheck BuildRequires: gcc-c++ # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present BuildRequires: iproute2 BuildRequires: libidn2-devel BuildRequires: libnettle-devel >= 3.4.1 BuildRequires: libtasn1-devel >= 4.9 BuildRequires: libtool BuildRequires: libunistring-devel BuildRequires: makeinfo BuildRequires: p11-kit-devel >= 0.23.1 BuildRequires: pkgconfig BuildRequires: xz BuildRequires: zlib-devel BuildRequires: pkgconfig(autoopts) # CVE-2018-16868 (bsc#1118087) fix requires rsa_sec_decrypt which was added in 3.4.1 (bsc#1134856) Requires: libnettle6 >= 3.4.1 %if 0%{?suse_version} <= 1320 BuildRequires: net-tools %else BuildRequires: net-tools-deprecated %endif %if %{with tpm} BuildRequires: trousers-devel %endif %if %{with dane} Requires: libgnutls-dane%{gnutls_dane_sover} = %{version} %if 0%{?suse_version} <= 1320 BuildRequires: unbound-devel %else BuildRequires: libunbound-devel %endif %endif %if %{with guile} BuildRequires: guile-devel %endif %description The GnuTLS library provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETFs TLS working group. %package -n libgnutls%{gnutls_sover} Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later Group: System/Libraries # install libopenssl and libopenssl-hmac close together (bsc#1090765) Suggests: libgnutls%{gnutls_sover}-hmac = %{version}-%{release} %description -n libgnutls%{gnutls_sover} The GnuTLS library provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETFs TLS working group. %package -n libgnutls%{gnutls_sover}-hmac Summary: Checksums of the GNU Transport Layer Security Library License: LGPL-2.1-or-later Group: System/Libraries Requires: libgnutls%{gnutls_sover} = %{version}-%{release} %description -n libgnutls%{gnutls_sover}-hmac FIPS SHA256 checksums of the libgnutls library. %if %{with dane} %package -n libgnutls-dane%{gnutls_dane_sover} Summary: DANE support for the GNU Transport Layer Security Library License: LGPL-2.1-or-later Group: System/Libraries %description -n libgnutls-dane%{gnutls_dane_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. This package contains the "DANE" part of gnutls. %endif %package -n libgnutlsxx%{gnutlsxx_sover} Summary: C++ API for the GNU Transport Layer Security Library License: LGPL-2.1-or-later Group: System/Libraries %description -n libgnutlsxx%{gnutlsxx_sover} The GnuTLS library provides a secure layer over a reliable transport layer. implements the proposed standards of the IETF TLS working group. %package -n libgnutls-devel Summary: Development package for the GnuTLS C API License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libgnutls%{gnutls_sover} = %{version} Requires(pre): %{install_info_prereq} Provides: gnutls-devel = %{version}-%{release} %description -n libgnutls-devel Files needed for software development using gnutls. %if %{with dane} %package -n libgnutls-dane-devel Summary: Development package for GnuTLS DANE component License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: libgnutls-dane%{gnutls_dane_sover} = %{version} %description -n libgnutls-dane-devel Files needed for software development using gnutls. %endif %package -n libgnutlsxx-devel Summary: Development package for the GnuTLS C++ API License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel Requires(pre): %{install_info_prereq} %description -n libgnutlsxx-devel Files needed for software development using gnutls. %package guile Summary: Guile wrappers for gnutls License: LGPL-2.1-or-later Group: Development/Libraries/Other Requires: guile %description guile GnuTLS Wrappers for GNU Guile, a dialect of Scheme. %prep %setup -q %patch1 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 # dtls-resume test fails on PPC %ifarch ppc64 ppc64le ppc %patch2 -p1 %endif %build export LDFLAGS="-pie" export CFLAGS="%{optflags} -fPIE" export CXXFLAGS="%{optflags} -fPIE" autoreconf -fiv %configure \ gl_cv_func_printf_directive_n=yes \ gl_cv_func_printf_infinite_long_double=yes \ --disable-static \ --disable-rpath \ --disable-silent-rules \ --with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \ --with-sysroot=/%{?_sysroot} \ %if %{without tpm} --without-tpm \ %endif %if %{with dane} --with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \ %else --disable-libdane \ %endif --enable-fips140-mode \ %{nil} make %{?_smp_mflags} # the hmac hashes: # # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %expand of # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' %{expand:%%global __os_install_post {%__os_install_post %{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover} }} %install %make_install rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files find %{buildroot} -type f -name "*.la" -delete -print # install docs mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/ mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/ mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ # PNG files are replaced with the compressed files and that breaks # deduplication, this is workaround find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} + rm -rf %{buildroot}%{_datadir}/doc/gnutls %fdupes -s %{buildroot}%{_datadir} %find_lang libgnutls --all-name %check %if ! 0%{?qemu_user_space_build} make %{?_smp_mflags} check || { find -name test-suite.log -print -exec cat {} + exit 1 } %endif %post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %if %{with dane} %post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig %postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig %endif %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %preun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %files -f libgnutls.lang %license LICENSE %doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/gnutls-cli %{_bindir}/gnutls-cli-debug %{_bindir}/gnutls-serv %{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool %{_bindir}/srptool %if %{with dane} %{_bindir}/danetool %endif %if %{with tpm} %{_bindir}/tpmtool %endif %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} %{_libdir}/libgnutls.so.%{gnutls_sover}* %files -n libgnutls%{gnutls_sover}-hmac %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac %if %{with dane} %files -n libgnutls-dane%{gnutls_dane_sover} %{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}* %endif %files -n libgnutlsxx%{gnutlsxx_sover} %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h %{_includedir}/%{name}/compat.h %{_includedir}/%{name}/dtls.h %{_includedir}/%{name}/gnutls.h %{_includedir}/%{name}/openpgp.h %{_includedir}/%{name}/ocsp.h %{_includedir}/%{name}/pkcs7.h %{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/self-test.h %{_includedir}/%{name}/socket.h %{_includedir}/%{name}/x509.h %{_includedir}/%{name}/x509-ext.h %{_includedir}/%{name}/tpm.h %{_includedir}/%{name}/system-keys.h %{_includedir}/%{name}/urls.h %{_libdir}/libgnutls.so %{_libdir}/pkgconfig/gnutls.pc %{_mandir}/man3/* %{_infodir}/*%{ext_info} %doc %{_docdir}/libgnutls-devel %if %{with dane} %files -n libgnutls-dane-devel %dir %{_includedir}/%{name} %{_includedir}/%{name}/dane.h %{_libdir}/pkgconfig/gnutls-dane.pc %{_libdir}/libgnutls-dane.so %endif %files -n libgnutlsxx-devel %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h %if %{with guile} %files guile %{_libdir}/guile/* %{_datadir}/guile/gnutls* %endif %changelog ++++++ 0001-Vendor-in-XTS-functionality-from-Nettle.patch ++++++ ++++ 699 lines (skipped) ++++++ baselibs.conf ++++++ libgnutls30 suggests "libgnutls30-hmac-<targettype> = <version>-%release" obsoletes "gnutls-<targettype>" libgnutls30-hmac requires "libgnutls30-<targettype> = <version>-%release" libgnutls-devel requires -libgnutls-<targettype> requires "libgnutls30-<targettype> = <version>" ++++++ disable-psk-file-test.patch ++++++ Index: gnutls-3.6.6/tests/Makefile.in =================================================================== --- gnutls-3.6.6.orig/tests/Makefile.in 2019-01-25 08:26:36.000000000 +0100 +++ gnutls-3.6.6/tests/Makefile.in 2019-02-04 09:02:38.627539105 +0100 @@ -480,7 +480,7 @@ am__EXEEXT_12 = tls13/supported_versions pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \ x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \ x509sign-verify-gost$(EXEEXT) mini-alignment$(EXEEXT) \ - oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \ + oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) \ priority-init2$(EXEEXT) post-client-hello-change-prio$(EXEEXT) \ status-request$(EXEEXT) status-request-ok$(EXEEXT) \ status-request-missing$(EXEEXT) sign-verify-ext$(EXEEXT) \ @@ -1652,8 +1652,6 @@ privkey_verify_broken_OBJECTS = privkey- privkey_verify_broken_LDADD = $(LDADD) privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ libutils.la $(am__DEPENDENCIES_2) -psk_file_SOURCES = psk-file.c -psk_file_OBJECTS = psk-file.$(OBJEXT) psk_file_LDADD = $(LDADD) psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ $(am__DEPENDENCIES_2) @@ -2841,7 +2839,7 @@ am__depfiles_remade = ./$(DEPDIR)/alerts ./$(DEPDIR)/priorities.Po ./$(DEPDIR)/priority-init2.Po \ ./$(DEPDIR)/priority-mix.Po ./$(DEPDIR)/priority-set.Po \ ./$(DEPDIR)/priority-set2.Po ./$(DEPDIR)/privkey-keygen.Po \ - ./$(DEPDIR)/privkey-verify-broken.Po ./$(DEPDIR)/psk-file.Po \ + ./$(DEPDIR)/privkey-verify-broken.Po \ ./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pubkey-import-export.Po \ ./$(DEPDIR)/random-art.Po ./$(DEPDIR)/rawpk-api.Po \ ./$(DEPDIR)/record-pad.Po ./$(DEPDIR)/record-retvals.Po \ @@ -3153,7 +3151,7 @@ SOURCES = $(libpkcs11mock1_la_SOURCES) $ post-client-hello-change-prio.c prf.c priorities.c \ priorities-groups.c priority-init2.c priority-mix.c \ priority-set.c priority-set2.c privkey-keygen.c \ - privkey-verify-broken.c psk-file.c pskself.c \ + privkey-verify-broken.c pskself.c \ pubkey-import-export.c random-art.c rawpk-api.c record-pad.c \ record-retvals.c record-sizes.c record-sizes-range.c \ record-timeouts.c recv-data-before-handshake.c \ @@ -3323,7 +3321,7 @@ DIST_SOURCES = $(am__libpkcs11mock1_la_S post-client-hello-change-prio.c prf.c priorities.c \ priorities-groups.c priority-init2.c priority-mix.c \ priority-set.c priority-set2.c privkey-keygen.c \ - privkey-verify-broken.c psk-file.c pskself.c \ + privkey-verify-broken.c pskself.c \ pubkey-import-export.c random-art.c rawpk-api.c record-pad.c \ record-retvals.c record-sizes.c record-sizes-range.c \ record-timeouts.c recv-data-before-handshake.c \ @@ -4915,7 +4913,7 @@ ctests = tls13/supported_versions tls13/ gnutls_ocsp_resp_list_import2 server-sign-md5-rep \ privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \ x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \ - mini-alignment oids atfork prf psk-file priority-init2 \ + mini-alignment oids atfork prf priority-init2 \ post-client-hello-change-prio status-request status-request-ok \ status-request-missing sign-verify-ext fallback-scsv \ pkcs8-key-decode urls dtls-rehandshake-cert key-usage-rsa \ @@ -6099,10 +6097,6 @@ privkey-verify-broken$(EXEEXT): $(privke @rm -f privkey-verify-broken$(EXEEXT) $(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS) -psk-file$(EXEEXT): $(psk_file_OBJECTS) $(psk_file_DEPENDENCIES) $(EXTRA_psk_file_DEPENDENCIES) - @rm -f psk-file$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(psk_file_OBJECTS) $(psk_file_LDADD) $(LIBS) - pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES) @rm -f pskself$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS) @@ -7133,7 +7127,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk-file.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker @@ -9258,13 +9251,6 @@ prf.log: prf$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -psk-file.log: psk-file$(EXEEXT) - @p='psk-file$(EXEEXT)'; \ - b='psk-file'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) priority-init2.log: priority-init2$(EXEEXT) @p='priority-init2$(EXEEXT)'; \ b='priority-init2'; \ @@ -11316,7 +11302,6 @@ distclean: distclean-recursive -rm -f ./$(DEPDIR)/priority-set2.Po -rm -f ./$(DEPDIR)/privkey-keygen.Po -rm -f ./$(DEPDIR)/privkey-verify-broken.Po - -rm -f ./$(DEPDIR)/psk-file.Po -rm -f ./$(DEPDIR)/pskself.Po -rm -f ./$(DEPDIR)/pubkey-import-export.Po -rm -f ./$(DEPDIR)/random-art.Po @@ -11766,7 +11751,6 @@ maintainer-clean: maintainer-clean-recur -rm -f ./$(DEPDIR)/priority-set2.Po -rm -f ./$(DEPDIR)/privkey-keygen.Po -rm -f ./$(DEPDIR)/privkey-verify-broken.Po - -rm -f ./$(DEPDIR)/psk-file.Po -rm -f ./$(DEPDIR)/pskself.Po -rm -f ./$(DEPDIR)/pubkey-import-export.Po -rm -f ./$(DEPDIR)/random-art.Po ++++++ gnutls-3.5.11-skip-trust-store-tests.patch ++++++ From: Andreas Stieger <astie...@suse.com> Date: Thu, 18 May 2017 10:31:42 +0200 References: https://build.opensuse.org/request/show/493998 Upstream: never trust-store test added in https://gitlab.com/gnutls/gnutls/commit/8d740ae87fae9c1237421dd24825b78103c5da36 need ca-certificates-mozilla to run. [ 242s] FAIL: trust-store [ 242s] ================= [ 242s] [ 242s] doit:64: no certificates were found in system trust store! [ 242s] FAIL trust-store (exit status: 1) But this would create a build cycle. Skip test. Index: gnutls-3.5.11/tests/trust-store.c =================================================================== --- gnutls-3.5.11.orig/tests/trust-store.c 2017-04-07 07:52:07.000000000 +0200 +++ gnutls-3.5.11/tests/trust-store.c 2017-05-18 10:33:53.537598763 +0200 @@ -44,6 +44,9 @@ static void tls_log_func(int level, cons void doit(void) { + /* building without ca-certificates-mozilla, skip test */ + exit(77); + gnutls_certificate_credentials_t x509_cred; int ret; ++++++ gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ++++++ Index: gnutls-3.6.7/tests/Makefile.am =================================================================== --- gnutls-3.6.7.orig/tests/Makefile.am +++ gnutls-3.6.7/tests/Makefile.am @@ -453,7 +453,7 @@ if !WINDOWS # List of tests not available/functional under windows # -dist_check_SCRIPTS += dtls/dtls dtls/dtls-resume #dtls/dtls-nb +dist_check_SCRIPTS += dtls/dtls #dtls/dtls-resume #dtls/dtls-nb indirect_tests += dtls-stress Index: gnutls-3.6.7/tests/Makefile.in =================================================================== --- gnutls-3.6.7.orig/tests/Makefile.in +++ gnutls-3.6.7/tests/Makefile.in @@ -165,7 +165,7 @@ host_triplet = @host@ # # List of tests not available/functional under windows # -@WINDOWS_FALSE@am__append_13 = dtls/dtls dtls/dtls-resume fastopen.sh \ +@WINDOWS_FALSE@am__append_13 = dtls/dtls fastopen.sh \ @WINDOWS_FALSE@ pkgconfig.sh starttls.sh starttls-ftp.sh \ @WINDOWS_FALSE@ starttls-smtp.sh starttls-lmtp.sh \ @WINDOWS_FALSE@ starttls-pop3.sh starttls-xmpp.sh \ @@ -2703,7 +2703,7 @@ x509sign_verify_rsa_DEPENDENCIES = $(COM $(am__DEPENDENCIES_2) am__dist_check_SCRIPTS_DIST = rfc2253-escape-test \ rsa-md5-collision/rsa-md5-collision.sh systemkey.sh dtls/dtls \ - dtls/dtls-resume fastopen.sh pkgconfig.sh starttls.sh \ + fastopen.sh pkgconfig.sh starttls.sh \ starttls-ftp.sh starttls-smtp.sh starttls-lmtp.sh \ starttls-pop3.sh starttls-xmpp.sh starttls-nntp.sh \ starttls-sieve.sh ocsp-tests/ocsp-tls-connection \ ++++++ gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch ++++++ Index: gnutls-3.6.7/m4/guile.m4 =================================================================== --- gnutls-3.6.7.orig/m4/guile.m4 +++ gnutls-3.6.7/m4/guile.m4 @@ -177,7 +177,7 @@ AC_DEFUN([GUILE_SITE_DIR], [AC_REQUIRE([GUILE_PKG]) AC_REQUIRE([GUILE_PROGS]) AC_MSG_CHECKING(for Guile site directory) - GUILE_SITE=`$PKG_CONFIG --print-errors --variable=sitedir guile-$GUILE_EFFECTIVE_VERSION` + GUILE_SITE=/usr/share/guile AC_MSG_RESULT($GUILE_SITE) if test "$GUILE_SITE" = ""; then AC_MSG_FAILURE(sitedir not found) ++++++ gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch ++++++ Index: gnutls-3.6.7/lib/nettle/backport/cfb8.c =================================================================== --- gnutls-3.6.7.orig/lib/nettle/backport/cfb8.c +++ gnutls-3.6.7/lib/nettle/backport/cfb8.c @@ -106,10 +106,12 @@ cfb8_decrypt(const void *ctx, nettle_cip src += i; dst += i; - memcpy(buffer, buffer + block_size, block_size); - memcpy(buffer + block_size, src, - length < block_size ? length : block_size); - + if (i == block_size) + { + memcpy(buffer, buffer + block_size, block_size); + memcpy(buffer + block_size, src, + length < block_size ? length : block_size); + } } memcpy(iv, buffer + i, block_size); ++++++ gnutls-3.6.7-fips_DH_ECDH_key_tests.patch ++++++ Index: gnutls-3.6.7/lib/nettle/pk.c =================================================================== --- gnutls-3.6.7.orig/lib/nettle/pk.c +++ gnutls-3.6.7/lib/nettle/pk.c @@ -240,15 +240,16 @@ static int _wrap_nettle_pk_derive(gnutls switch (algo) { case GNUTLS_PK_DH: { - bigint_t f, x, prime; - bigint_t k = NULL, ff = NULL; + bigint_t f, x, q, prime; + bigint_t k = NULL, ff = NULL, r = NULL; unsigned int bits; f = pub->params[DH_Y]; x = priv->params[DH_X]; + q = priv->params[DH_Q]; prime = priv->params[DH_P]; - ret = _gnutls_mpi_init_multi(&k, &ff, NULL); + ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL); if (ret < 0) return gnutls_assert_val(ret); @@ -268,6 +269,21 @@ static int _wrap_nettle_pk_derive(gnutls goto dh_cleanup; } + /* if we have Q check that y ^ q mod p == 1 */ + if (q != NULL) { + ret = _gnutls_mpi_powm(r, f, q, prime); + if (ret < 0) { + gnutls_assert(); + goto dh_cleanup; + } + ret = _gnutls_mpi_cmp_ui(r, 1); + if (ret != 0) { + gnutls_assert(); + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto dh_cleanup; + } + } + /* prevent denial of service */ bits = _gnutls_mpi_get_nbits(prime); if (bits == 0 || bits > MAX_DH_BITS) { @@ -298,6 +314,7 @@ static int _wrap_nettle_pk_derive(gnutls ret = 0; dh_cleanup: + _gnutls_mpi_release(&r); _gnutls_mpi_release(&ff); zrelease_temp_mpi_key(&k); if (ret < 0) ++++++ gnutls-CVE-2020-11501.patch ++++++ >From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbueh...@web.de> Date: Fri, 27 Mar 2020 17:17:57 +0100 Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This broke with bcf4de03 "handshake: treat reply to HRR as a reply to hello verify request", which failed to "De Morgan" properly. Signed-off-by: Stefan Bühler <stbueh...@web.de> --- lib/handshake.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: gnutls-3.6.7/lib/handshake.c =================================================================== --- gnutls-3.6.7.orig/lib/handshake.c 2020-04-02 10:41:59.591316756 +0200 +++ gnutls-3.6.7/lib/handshake.c 2020-04-02 10:43:41.263818988 +0200 @@ -2221,7 +2221,7 @@ static int send_client_hello(gnutls_sess /* Generate random data */ if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && - !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { + !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { ret = _gnutls_gen_client_random(session); if (ret < 0) { gnutls_assert(); ++++++ gnutls-fips_XTS_key_check.patch ++++++ Index: gnutls-3.6.7/lib/nettle/backport/xts.c =================================================================== --- gnutls-3.6.7.orig/lib/nettle/backport/xts.c 2020-04-07 11:11:54.506109418 +0200 +++ gnutls-3.6.7/lib/nettle/backport/xts.c 2020-04-07 16:52:48.543404370 +0200 @@ -203,6 +203,8 @@ xts_decrypt_message(const void *dec_ctx, void xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) != 0); aes128_set_encrypt_key(&xts_key->cipher, key); aes128_set_encrypt_key(&xts_key->tweak_cipher, &key[AES128_KEY_SIZE]); } @@ -210,6 +212,8 @@ xts_aes128_set_encrypt_key(struct xts_ae void xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) != 0); aes128_set_decrypt_key(&xts_key->cipher, key); aes128_set_encrypt_key(&xts_key->tweak_cipher, &key[AES128_KEY_SIZE]); } @@ -238,6 +242,8 @@ xts_aes128_decrypt_message(struct xts_ae void xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) != 0); aes256_set_encrypt_key(&xts_key->cipher, key); aes256_set_encrypt_key(&xts_key->tweak_cipher, &key[AES256_KEY_SIZE]); } @@ -245,6 +251,8 @@ xts_aes256_set_encrypt_key(struct xts_ae void xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key) { + /* FIPS requires that the key and the tweak must not be non-equal */ + assert(memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) != 0); aes256_set_decrypt_key(&xts_key->cipher, key); aes256_set_encrypt_key(&xts_key->tweak_cipher, &key[AES256_KEY_SIZE]); } ++++++ gnutls-fips_mode_enabled.patch ++++++ Index: gnutls-3.6.7/lib/fips.c =================================================================== --- gnutls-3.6.7.orig/lib/fips.c 2020-04-07 11:11:54.490109339 +0200 +++ gnutls-3.6.7/lib/fips.c 2020-04-21 14:54:51.262199739 +0200 @@ -38,7 +38,6 @@ unsigned int _gnutls_lib_state = LIB_STA #include <dlfcn.h> #define FIPS_KERNEL_FILE "/proc/sys/crypto/fips_enabled" -#define FIPS_SYSTEM_FILE "/etc/system-fips" /* We provide a per-thread FIPS-mode so that an application * can use gnutls_fips140_set_mode() to override a specific @@ -53,7 +52,7 @@ static int _skip_integrity_checks = 0; */ unsigned _gnutls_fips_mode_enabled(void) { - unsigned f1p = 0, f2p; + unsigned f1p = 0; FILE* fd; const char *p; unsigned ret; @@ -80,7 +79,7 @@ unsigned _gnutls_fips_mode_enabled(void) p = secure_getenv("GNUTLS_FORCE_FIPS_MODE"); if (p) { if (p[0] == '1') - ret = 1; + ret = GNUTLS_FIPS140_STRICT; else if (p[0] == '2') ret = GNUTLS_FIPS140_SELFTESTS; else if (p[0] == '3') @@ -102,22 +101,12 @@ unsigned _gnutls_fips_mode_enabled(void) else f1p = 0; } - f2p = !access(FIPS_SYSTEM_FILE, F_OK); - - if (f1p != 0 && f2p != 0) { + if (f1p != 0) { _gnutls_debug_log("FIPS140-2 mode enabled\n"); ret = GNUTLS_FIPS140_STRICT; goto exit; } - if (f2p != 0) { - /* a funny state where self tests are performed - * and ignored */ - _gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n"); - ret = GNUTLS_FIPS140_SELFTESTS; - goto exit; - } - ret = GNUTLS_FIPS140_DISABLED; goto exit;