From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org
Subject: Re: GnuTLS security update
Date: Sun, 11 Sep 2016 22:54:09 +0200 [thread overview]
Message-ID: <87zinei2dq.fsf@gnu.org> (raw)
In-Reply-To: <20160911154108.GA13920@jasmine> (Leo Famulari's message of "Sun, 11 Sep 2016 11:41:08 -0400")
Hi,
Leo Famulari <leo@famulari.name> skribis:
> For master, the naive approach of cherry-picking the patch [1] did not
> work; the test 'system-prio-file' fails consistently with that change. I
> could instead try grafting the updated version.
These 3 GnuTLS commits appear to be related to this issue:
--8<---------------cut here---------------start------------->8---
commit 8469db9dbcdd6ec22094a4f095201d80d981b9f0
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun Aug 28 00:55:30 2016 +0200
tests: added basic operational check of gnutls_ocsp_resp_get_single()
commit 8a0c9bbae25f75e30a913c6f4b29f468940398ca
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun Aug 28 00:40:49 2016 +0200
gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks
Simplified and optimized the function operation, by removing
unecessary memory allocations, as well as eliminate memory leaks
on certain error cases.
commit 964632f37dfdfb914ebc5e49db4fa29af35b1de9
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat Aug 27 17:00:22 2016 +0200
ocsp: corrected the comparison of the serial size in OCSP response
Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't.
Reported by Stefan Buehler.
--8<---------------cut here---------------end--------------->8---
If applying these patches on top of our current GnuTLS version (and then
using it as a graft) works, we could do that.
If not, using the later 3.5.x release should be OK (API- and
ABI-compatible).
Ludo’.
next prev parent reply other threads:[~2016-09-11 20:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-11 15:41 GnuTLS security update Leo Famulari
2016-09-11 16:08 ` Vincent Legoll
2016-09-11 20:45 ` Ludovic Courtès
2016-09-11 20:54 ` Ludovic Courtès [this message]
2016-09-12 1:53 ` Leo Famulari
2016-09-12 3:28 ` Leo Famulari
2016-09-12 12:56 ` Ludovic Courtès
2016-09-12 16:34 ` Leo Famulari
2016-10-14 21:37 ` bug#24418: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zinei2dq.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).