Ubuntu
gnutls28 package

Merge ~mkukri/ubuntu/+source/gnutls28:rebuild into ubuntu/+source/gnutls28:debian/sid

Proposed by Mate Kukri on 2023-11-23

Status:	Merged
Merge reported by:	Mate Kukri
Merged at revision:	33b591e1f27e935d1b876ba729349aded4e4aedc
Proposed branch:	~mkukri/ubuntu/+source/gnutls28:rebuild
Merge into:	ubuntu/+source/gnutls28:debian/sid
Diff against target:	896 lines (+663/-17) 9 files modified debian/changelog (+257/-0) debian/conf/config (+4/-0) debian/control (+2/-1) debian/libgnutls30.install (+1/-0) debian/patches/9259100633b77a0dc03f83047d7cf778466bf9f3.patch (+384/-0) debian/patches/series (+3/-0) debian/rules (+1/-0) debian/tests/control (+2/-1) debian/tests/run-upstream-testsuite (+9/-15)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Ubuntu Sponsors	2023-11-23	Pending
git-ubuntu import	2023-11-23	Pending
Review via email: mp+456191@code.launchpad.net

Commit message

Rebuild

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Mate Kukri

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 9f1e9d3..2716fdf 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,38 @@
++gnutls28 (3.8.1-4ubuntu5) UNRELEASED; urgency=medium
++
++  * armhf (-fstack-clash-protection) breakage rebuild
++
++ -- Mate Kukri <mate.kukri@canonical.com>  Thu, 23 Nov 2023 15:13:53 +0000
++
++gnutls28 (3.8.1-4ubuntu4) noble; urgency=medium
++
++  * Don't run the testsuite under the influence of a configuration file.
++
++ -- Adrien Nader <adrien.nader@canonical.com>  Fri, 17 Nov 2023 11:08:39 +0100
++
++gnutls28 (3.8.1-4ubuntu3) noble; urgency=medium
++
++  * Forcefully disable TLS 1.0 and 1.1 through /etc/gnutls/config.
++
++ -- Adrien Nader <adrien.nader@canonical.com>  Fri, 27 Oct 2023 17:41:58 -0400
++
++gnutls28 (3.8.1-4ubuntu2) noble; urgency=medium
++
++  * Rebuild against latest libunistring
++
++ -- Jeremy Bícha <jbicha@ubuntu.com>  Fri, 27 Oct 2023 06:48:46 -0400
++
++gnutls28 (3.8.1-4ubuntu1) mantic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++      TLS1.3 with medium security profile (2048 RSA keys minimum, and
++      similar).
++  * Fix logic for i386 autopkgtest on an amd64 host
++
++ -- Dan Bungert <daniel.bungert@canonical.com>  Tue, 22 Aug 2023 16:30:06 -0600
++
  gnutls28 (3.8.1-4) unstable; urgency=medium
    * Fix autopkgtest for 32 bit archs.
@@ -8,6 +43,16 @@ gnutls28 (3.8.1-4) unstable; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sat, 19 Aug 2023 11:28:08 +0200
++gnutls28 (3.8.1-3ubuntu1) mantic; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++      TLS1.3 with medium security profile (2048 RSA keys minimum, and
++      similar).
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 08 Aug 2023 12:33:16 -0500
++
  gnutls28 (3.8.1-3) unstable; urgency=low
    * 50-0001-Fix-build-on-GNU-Hurd.patch (Thanks, Samuel Thibault) from
@@ -67,6 +112,16 @@ gnutls28 (3.8.0+git20230413-1) experimental; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sat, 29 Apr 2023 11:51:27 +0200
++gnutls28 (3.7.9-2ubuntu1) mantic; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++      TLS1.3 with medium security profile (2048 RSA keys minimum, and
++      similar).
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 05 May 2023 09:48:08 +0200
++
  gnutls28 (3.7.9-2) unstable; urgency=medium
    * CI: Do not try to run tests/ktls.sh, it uses a helper binary. (Plus gnutls
@@ -82,6 +137,16 @@ gnutls28 (3.7.9-1) unstable; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sat, 18 Feb 2023 07:00:58 +0100
++gnutls28 (3.7.8-5ubuntu1) lunar; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++      TLS1.3 with medium security profile (2048 RSA keys minimum, and
++      similar).
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 17 Feb 2023 08:00:36 -0500
++
  gnutls28 (3.7.8-5) unstable; urgency=high
    [ Debian Janitor ]
@@ -98,6 +163,18 @@ gnutls28 (3.7.8-5) unstable; urgency=high
   -- Andreas Metzler <ametzler@debian.org>  Fri, 10 Feb 2023 07:29:17 +0100
++gnutls28 (3.7.8-4ubuntu1) lunar; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++  * Dropped changes:
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Adrien Nader <adrien.nader@canonical.com>  Thu, 19 Jan 2023 14:47:39 +0100
++
  gnutls28 (3.7.8-4) unstable; urgency=low
    * Replace 50_Fix-removal-of-duplicate-certs-during-verification.patch with
@@ -130,6 +207,24 @@ gnutls28 (3.7.8-1) experimental; urgency=low
   -- Andreas Metzler <ametzler@debian.org>  Sat, 01 Oct 2022 13:48:17 +0200
++gnutls28 (3.7.7-2ubuntu2) kinetic; urgency=medium
++
++  * Fix Segmentation Fault due to misdetected Intel AVX support
++    (LP: #1988398)
++
++ -- Gregor Jasny <gjasny@googlemail.com>  Thu, 01 Sep 2022 07:42:53 +0100
++
++gnutls28 (3.7.7-2ubuntu1) kinetic; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 01 Aug 2022 09:33:38 +0200
++
  gnutls28 (3.7.7-2) unstable; urgency=medium
    * 50_01-Avoid-redirection-bashism-in-testsuite.patch: Fix CI error.
@@ -145,6 +240,17 @@ gnutls28 (3.7.7-1) unstable; urgency=low
   -- Andreas Metzler <ametzler@debian.org>  Sat, 30 Jul 2022 14:09:32 +0200
++gnutls28 (3.7.6-2ubuntu1) kinetic; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sun, 19 Jun 2022 12:43:43 +0200
++
  gnutls28 (3.7.6-2) unstable; urgency=low
    * Upload to unstable.
@@ -164,6 +270,17 @@ gnutls28 (3.7.5-1) experimental; urgency=low
   -- Andreas Metzler <ametzler@debian.org>  Sun, 22 May 2022 08:16:07 +0200
++gnutls28 (3.7.4-2ubuntu1) kinetic; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 29 Apr 2022 10:25:13 +0200
++
  gnutls28 (3.7.4-2) unstable; urgency=low
    * 40_srptest_doubletimeout.diff: Increase timeout for tests/srp to fix
@@ -184,6 +301,17 @@ gnutls28 (3.7.4-1) experimental; urgency=low
   -- Andreas Metzler <ametzler@debian.org>  Sun, 03 Apr 2022 13:30:32 +0200
++gnutls28 (3.7.3-4ubuntu1) jammy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 24 Jan 2022 09:23:08 +0100
++
  gnutls28 (3.7.3-4) unstable; urgency=low
    [ Helmut Grohne ]
@@ -222,6 +350,17 @@ gnutls28 (3.7.3-1) experimental; urgency=low
   -- Andreas Metzler <ametzler@debian.org>  Tue, 18 Jan 2022 18:58:41 +0100
++gnutls28 (3.7.2-5ubuntu1) jammy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 08 Jan 2022 21:03:33 +0100
++
  gnutls28 (3.7.2-5) unstable; urgency=medium
    * 40_fix-gtk-mkhtml.patch by Dennis Filder fixes gtk-doc generation.
@@ -230,6 +369,17 @@ gnutls28 (3.7.2-5) unstable; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Wed, 05 Jan 2022 18:46:29 +0100
++gnutls28 (3.7.2-4ubuntu1) jammy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 20 Dec 2021 21:29:48 +0100
++
  gnutls28 (3.7.2-4) unstable; urgency=low
    * Run wrap-and-sort -ast, and drop depends/b-d on libgmp > 2:6 since even
@@ -244,6 +394,17 @@ gnutls28 (3.7.2-3) experimental; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sun, 29 Aug 2021 14:29:40 +0200
++gnutls28 (3.7.2-2ubuntu1) jammy; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 03 Nov 2021 09:23:28 +0100
++
  gnutls28 (3.7.2-2) unstable; urgency=low
    * Invoke dh_autoreconf with GTKDOCIZE=echo for arch-only builds, fixing
@@ -261,6 +422,18 @@ gnutls28 (3.7.2-1) experimental; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sun, 20 Jun 2021 13:49:44 +0200
++gnutls28 (3.7.1-5ubuntu1) impish; urgency=low
++
++  * Merge from Debian unstable (LP: #1939739). Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++    - Reduce parallelism in build to 2 to address FTBFS with lto
++  * Add LP bug number to previous merge entry in changelog
++
++ -- William 'jawn-smith' Wilson <william.wilson@canonical.com>  Thu, 12 Aug 2021 13:17:53 -0600
++
  gnutls28 (3.7.1-5) unstable; urgency=medium
    * Another fix from 3.7.2:
@@ -270,6 +443,17 @@ gnutls28 (3.7.1-5) unstable; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sat, 29 May 2021 12:14:30 +0200
++gnutls28 (3.7.1-4ubuntu1) impish; urgency=low
++
++  * Merge from Debian unstable (LP: #1929229). Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++  * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
++
++ -- William 'jawn-smith' Wilson <william.wilson@canonical.com>  Fri, 21 May 2021 10:29:32 -0600
++
  gnutls28 (3.7.1-4) unstable; urgency=medium
    * Pull fixes from upstream Git master
@@ -293,6 +477,18 @@ gnutls28 (3.7.1-4) unstable; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Sun, 25 Apr 2021 12:55:14 +0200
++gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++  * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
++  * Merge CVE fixes CVE-2021-20231 CVE-2021-20232
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 14 Apr 2021 15:44:37 +0100
++
  gnutls28 (3.7.1-3) unstable; urgency=low
    * Rename/refetch
@@ -361,6 +557,16 @@ gnutls28 (3.7.0-6) unstable; urgency=medium
   -- Andreas Metzler <ametzler@debian.org>  Mon, 08 Feb 2021 18:04:21 +0100
++gnutls28 (3.7.0-5ubuntu1) hirsute; urgency=low
++
++  * Merge from Debian unstable LP: #1893924.  Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 31 Dec 2020 15:56:50 +0000
++
  gnutls28 (3.7.0-5) unstable; urgency=low
    * Update from upstream GIT master, replace patches, add new ones.
@@ -412,6 +618,17 @@ gnutls28 (3.7.0-1) experimental; urgency=low
   -- Andreas Metzler <ametzler@debian.org>  Thu, 03 Dec 2020 18:40:03 +0100
++gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low
++
++  * Merge from Debian unstable LP: #1893924.  Remaining changes:
++    - Enable CET.
++    - Set default priority string to only allow TLS1.2, DTLS1.2, and
++    TLS1.3 with medium security profile (2048 RSA keys minimum, and
++    similar).
++  * Add patch to fix ftbfs gnulib with new glibc.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 24 Sep 2020 12:03:44 +0100
++
  gnutls28 (3.6.15-4) unstable; urgency=medium
    * autopkgtest: Require build-essential.
@@ -484,6 +701,45 @@ gnutls28 (3.6.14-1) unstable; urgency=high
   -- Andreas Metzler <ametzler@debian.org>  Sat, 06 Jun 2020 14:11:30 +0200
++gnutls28 (3.6.13-4ubuntu5) groovy; urgency=medium
++
++  * SECURITY UPDATE: null pointer deref via no_renegotiation alert
++    - debian/patches/CVE-2020-24659.patch: reject no_renegotiation alert if
++      handshake is incomplete in lib/gnutls_int.h, lib/handshake.c.
++    - CVE-2020-24659
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 08 Sep 2020 10:09:39 -0400
++
++gnutls28 (3.6.13-4ubuntu4) groovy; urgency=medium
++
++  * No change rebuild against new libnettle8 and libhogweed6 ABI.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 29 Jun 2020 22:24:52 +0100
++
++gnutls28 (3.6.13-4ubuntu3) groovy; urgency=medium
++
++  * Enable CET.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sun, 28 Jun 2020 23:48:44 +0100
++
++gnutls28 (3.6.13-4ubuntu2) groovy; urgency=medium
++
++  * SECURITY UPDATE: flaw in TLS session ticket key construction
++    - debian/patches/CVE-2020-13777.patch: differentiate initial state from
++      valid time window of TOTP in lib/stek.c,
++      tests/resume-with-previous-stek.c, tests/tls13/prf-early.c.
++    - CVE-2020-13777
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 05 Jun 2020 13:12:39 -0400
++
++gnutls28 (3.6.13-4ubuntu1) groovy; urgency=medium
++
++  * Resynchronize with Debian; remaining changes:
++    Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3
++    with medium security profile (2048 RSA keys minimum, and similar).
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 05 Jun 2020 15:12:03 +0200
++
  gnutls28 (3.6.13-4) unstable; urgency=medium
    * Output some network related debugging from debian/rules.
@@ -4233,3 +4489,4 @@ gnutls8 (0.9.94-1) experimental; urgency=low
    * debian/rules: Run auto* after the patches have been applied.
   -- Ivo Timmermans <ivo@debian.org>  Fri, 31 Oct 2003 18:47:09 +0100
++
 diff --git a/debian/conf/config b/debian/conf/config
 new file mode 100644
 index 0000000..447fe0c
 --- /dev/null
 +++ b/debian/conf/config
@@ -0,0 +1,4 @@
++[overrides]
++disabled-version = tls1.0
++disabled-version = tls1.1
++
 diff --git a/debian/control b/debian/control
 index f4f827d..f192e61 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: gnutls28
  Section: libs
  Priority: optional
--Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
  Uploaders:
   Andreas Metzler <ametzler@debian.org>,
   Eric Dorland <eric@debian.org>,
 diff --git a/debian/libgnutls30.install b/debian/libgnutls30.install
 index 8856fe2..2362556 100644
 --- a/debian/libgnutls30.install
 +++ b/debian/libgnutls30.install
@@ -1,2 +1,3 @@
  debian/tmp/usr/lib/*/libgnutls.so.*
  debian/tmp/usr/share/locale/*
++debian/conf/config etc/gnutls
 diff --git a/debian/patches/9259100633b77a0dc03f83047d7cf778466bf9f3.patch b/debian/patches/9259100633b77a0dc03f83047d7cf778466bf9f3.patch
 new file mode 100644
 index 0000000..c99819b
 --- /dev/null
 +++ b/debian/patches/9259100633b77a0dc03f83047d7cf778466bf9f3.patch
@@ -0,0 +1,384 @@
++From 9259100633b77a0dc03f83047d7cf778466bf9f3 Mon Sep 17 00:00:00 2001
++From: "H.J. Lu" <hjl.tools@gmail.com>
++Date: Fri, 28 Feb 2020 14:02:21 -0800
++Subject: [PATCH] Update x86-64 assembly codes with CET support
++
++---
++ lib/accelerated/x86/elf/aes-ssse3-x86_64.s    | 21 +++++++++++++++
++ lib/accelerated/x86/elf/aesni-gcm-x86_64.s    | 16 +++++++++++
++ lib/accelerated/x86/elf/aesni-x86_64.s        | 27 +++++++++++++++++++
++ lib/accelerated/x86/elf/e_padlock-x86_64.s    | 16 +++++++++++
++ lib/accelerated/x86/elf/ghash-x86_64.s        | 22 +++++++++++++++
++ lib/accelerated/x86/elf/sha1-ssse3-x86_64.s   | 16 +++++++++++
++ lib/accelerated/x86/elf/sha256-ssse3-x86_64.s | 16 +++++++++++
++ lib/accelerated/x86/elf/sha512-ssse3-x86_64.s | 16 +++++++++++
++ 8 files changed, 150 insertions(+)
++
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/aes-ssse3-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/aes-ssse3-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/aes-ssse3-x86_64.s
++@@ -635,6 +635,7 @@ _vpaes_schedule_mangle:
++ .align	16
++ vpaes_set_encrypt_key:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movl	%esi,%eax
++ 	shrl	$5,%eax
++ 	addl	$5,%eax
++@@ -653,6 +654,7 @@ vpaes_set_encrypt_key:
++ .align	16
++ vpaes_set_decrypt_key:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movl	%esi,%eax
++ 	shrl	$5,%eax
++ 	addl	$5,%eax
++@@ -676,6 +678,7 @@ vpaes_set_decrypt_key:
++ .align	16
++ vpaes_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movdqu	(%rdi),%xmm0
++ 	call	_vpaes_preheat
++ 	call	_vpaes_encrypt_core
++@@ -689,6 +692,7 @@ vpaes_encrypt:
++ .align	16
++ vpaes_decrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movdqu	(%rdi),%xmm0
++ 	call	_vpaes_preheat
++ 	call	_vpaes_decrypt_core
++@@ -701,6 +705,7 @@ vpaes_decrypt:
++ .align	16
++ vpaes_cbc_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	xchgq	%rcx,%rdx
++ 	subq	$16,%rcx
++ 	jc	.Lcbc_abort
++@@ -865,3 +870,19 @@ _vpaes_consts:
++ .size	_vpaes_consts,.-_vpaes_consts
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/aesni-gcm-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/aesni-gcm-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/aesni-gcm-x86_64.s
++@@ -828,3 +828,19 @@ aesni_gcm_encrypt:
++ .align	64
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/aesni-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/aesni-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/aesni-x86_64.s
++@@ -44,6 +44,7 @@
++ .align	16
++ aesni_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movups	(%rdi),%xmm2
++ 	movl	240(%rdx),%eax
++ 	movups	(%rdx),%xmm0
++@@ -70,6 +71,7 @@ aesni_encrypt:
++ .align	16
++ aesni_decrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movups	(%rdi),%xmm2
++ 	movl	240(%rdx),%eax
++ 	movups	(%rdx),%xmm0
++@@ -557,6 +559,7 @@ _aesni_decrypt8:
++ .align	16
++ aesni_ecb_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	andq	$-16,%rdx
++ 	jz	.Lecb_ret
++
++@@ -901,6 +904,7 @@ aesni_ecb_encrypt:
++ .align	16
++ aesni_ccm64_encrypt_blocks:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movl	240(%rcx),%eax
++ 	movdqu	(%r8),%xmm6
++ 	movdqa	.Lincrement64(%rip),%xmm9
++@@ -966,6 +970,7 @@ aesni_ccm64_encrypt_blocks:
++ .align	16
++ aesni_ccm64_decrypt_blocks:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	movl	240(%rcx),%eax
++ 	movups	(%r8),%xmm6
++ 	movdqu	(%r9),%xmm3
++@@ -1065,6 +1070,7 @@ aesni_ccm64_decrypt_blocks:
++ .align	16
++ aesni_ctr32_encrypt_blocks:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	cmpq	$1,%rdx
++ 	jne	.Lctr32_bulk
++
++@@ -1643,6 +1649,7 @@ aesni_ctr32_encrypt_blocks:
++ .align	16
++ aesni_xts_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	leaq	(%rsp),%r11
++ .cfi_def_cfa_register	%r11
++ 	pushq	%rbp
++@@ -2113,6 +2120,7 @@ aesni_xts_encrypt:
++ .align	16
++ aesni_xts_decrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	leaq	(%rsp),%r11
++ .cfi_def_cfa_register	%r11
++ 	pushq	%rbp
++@@ -2620,6 +2628,7 @@ aesni_xts_decrypt:
++ .align	32
++ aesni_ocb_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	leaq	(%rsp),%rax
++ 	pushq	%rbx
++ .cfi_adjust_cfa_offset	8
++@@ -3047,6 +3056,7 @@ __ocb_encrypt1:
++ .align	32
++ aesni_ocb_decrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	leaq	(%rsp),%rax
++ 	pushq	%rbx
++ .cfi_adjust_cfa_offset	8
++@@ -3484,6 +3494,7 @@ __ocb_decrypt1:
++ .align	16
++ aesni_cbc_encrypt:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	testq	%rdx,%rdx
++ 	jz	.Lcbc_ret
++
++@@ -4513,3 +4524,19 @@ __aesni_set_encrypt_key:
++ .align	64
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/e_padlock-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/e_padlock-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/e_padlock-x86_64.s
++@@ -1068,3 +1068,19 @@ padlock_ctr32_encrypt:
++ .section .note.GNU-stack,"",%progbits
++
++
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/ghash-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/ghash-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/ghash-x86_64.s
++@@ -45,6 +45,7 @@
++ .align	16
++ gcm_gmult_4bit:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	pushq	%rbx
++ .cfi_adjust_cfa_offset	8
++ .cfi_offset	%rbx,-16
++@@ -156,6 +157,7 @@ gcm_gmult_4bit:
++ .align	16
++ gcm_ghash_4bit:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	pushq	%rbx
++ .cfi_adjust_cfa_offset	8
++ .cfi_offset	%rbx,-16
++@@ -903,6 +905,7 @@ gcm_init_clmul:
++ .align	16
++ gcm_gmult_clmul:
++ .cfi_startproc
+++.byte	243,15,30,250
++ .L_gmult_clmul:
++ 	movdqu	(%rdi),%xmm0
++ 	movdqa	.Lbswap_mask(%rip),%xmm5
++@@ -956,6 +959,7 @@ gcm_gmult_clmul:
++ .align	32
++ gcm_ghash_clmul:
++ .cfi_startproc
+++.byte	243,15,30,250
++ .L_ghash_clmul:
++ 	movdqa	.Lbswap_mask(%rip),%xmm10
++
++@@ -1450,6 +1454,7 @@ gcm_init_avx:
++ .align	32
++ gcm_gmult_avx:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	jmp	.L_gmult_clmul
++ .cfi_endproc
++ .size	gcm_gmult_avx,.-gcm_gmult_avx
++@@ -1458,6 +1463,7 @@ gcm_gmult_avx:
++ .align	32
++ gcm_ghash_avx:
++ .cfi_startproc
+++.byte	243,15,30,250
++ 	vzeroupper
++
++ 	vmovdqu	(%rdi),%xmm10
++@@ -1886,3 +1892,19 @@ gcm_ghash_avx:
++ .align	64
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s
++@@ -5489,3 +5489,19 @@ K_XX_XX:
++ .align	64
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s
++@@ -5495,3 +5495,19 @@ sha256_block_data_order_avx2:
++ .size	sha256_block_data_order_avx2,.-sha256_block_data_order_avx2
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
++Index: gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s
++===================================================================
++--- gnutls28-3.7.0-5ubuntu1.orig/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s
+++++ gnutls28-3.7.0-5ubuntu1/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s
++@@ -5500,3 +5500,19 @@ sha512_block_data_order_avx2:
++ .size	sha512_block_data_order_avx2,.-sha512_block_data_order_avx2
++
++ .section .note.GNU-stack,"",%progbits
+++	.section ".note.gnu.property", "a"
+++	.p2align 3
+++	.long 1f - 0f
+++	.long 4f - 1f
+++	.long 5
+++0:
+++	.asciz "GNU"
+++1:
+++	.p2align 3
+++	.long 0xc0000002
+++	.long 3f - 2f
+++2:
+++	.long 3
+++3:
+++	.p2align 3
+++4:
 diff --git a/debian/patches/series b/debian/patches/series
 index 5c8eb27..79a0f79 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -2,3 +2,6 @@
 _srptest_doubletimeout.diff
 -0001-Fix-build-on-GNU-Hurd.patch
 -0002-Move-the-GNUTLS_NO_EXTENSIONS-compatibility-define-t.patch
++
++# Ubuntu patches
++9259100633b77a0dc03f83047d7cf778466bf9f3.patch
 diff --git a/debian/rules b/debian/rules
 index 3863017..ce0e6b5 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -22,6 +22,7 @@ CONFIGUREARGS = \
  	--with-packager=Debian \
  	--with-packager-bug-reports=http://bugs.debian.org/ \
  	--with-packager-version=$(DEB_VERSION) \
++	--with-default-priority-string='NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-DTLS1.2:%PROFILE_MEDIUM'
  BDIR = -O--builddirectory=b4deb
 diff --git a/debian/tests/control b/debian/tests/control
 index 7cc0ef3..4579247 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -5,7 +5,8 @@ Depends:
   datefudge,
   freebsd-net-tools [kfreebsd-i386 kfreebsd-amd64],
   net-tools [!kfreebsd-i386 !kfreebsd-amd64],
-- openssl,
++ openssl [!i386],
++ openssl:i386 [i386],
   softhsm2,
   @,
  Restrictions: rw-build-tree, allow-stderr
 diff --git a/debian/tests/run-upstream-testsuite b/debian/tests/run-upstream-testsuite
 index f8d0329..bf88154 100755
 --- a/debian/tests/run-upstream-testsuite
 +++ b/debian/tests/run-upstream-testsuite
@@ -14,10 +14,14 @@ export FAKETIME="datefudge"
  export FAKETIME_F_OPT="-s"
  export ac_cv_faketime_works="yes"
--if [ `dpkg-architecture -qDEB_HOST_ARCH_BITS` = 64 ] ; then
--	export ac_cv_sizeof_time_t=8
--else
--	export ac_cv_sizeof_time_t=4
++# Set the sizeof(time_t) to the correct value for the platform, to ensure we
++# run the correct tests.
++if test -z "${ac_cv_sizeof_time_t}"; then
++	test_arch=$(dpkg --status gnutls-bin|awk '/Architecture/ {print $2}')
++	case "$test_arch" in
++		i386|armhf) export ac_cv_sizeof_time_t=4;;
++		*) export ac_cv_sizeof_time_t=8;;
++	esac
  fi
  cd "$PKGTDIR"
@@ -32,16 +36,6 @@ export  CLI=/usr/bin/gnutls-cli \
  	ENABLE_GOST=1 \
  	PKCS12_ITER_COUNT=600000
--# Set the sizeof(time_t) to the correct value for the platform, to ensure we
--# run the correct tests.
--if test -z "${ac_cv_sizeof_time_t}"; then
--	if [ "$(date  --date=@2147483648 +%Y 2>/dev/null)" = "2038" ]; then
--		export ac_cv_sizeof_time_t=8
--	else
--		export ac_cv_sizeof_time_t=4
--	fi
--fi
--
  count=1
  for i in $(find ../../tests/ -type f -name '*.sh' | \
  	grep -Ev 'tests/gnutls-cli-debug.sh|tests/system-override-hash.sh|tests/pkgconfig.sh|tests/system-override-sig.sh|tests/system-override-sig-allowlist.sh|tests/system-override-sig-tls.sh|tests/tls13/prf-early.sh|tests/dtls/dtls.sh|tests/dtls/dtls-resume.sh|tests/cert-tests/tolerate-invalid-time.sh|tests/slow/|tests/protocol-set-allowlist.sh|tests/system-override-hash-allowlist.sh|tests/system-override-curves-allowlist.sh|tests/ktls.sh|tests/ktls_keyupdate.sh' \
@@ -57,7 +51,7 @@ for i in $(find ../../tests/ -type f -name '*.sh' | \
  		*)
  			d="";;
  	esac
--	if env srcdir=../../tests/$d sh $i ; then
++	if env GNUTLS_SYSTEM_PRIORITY_FILE= srcdir=../../tests/$d sh $i ; then
  		echo SUCCESS [$count]$i
  	else
  		if [ $? = 77 ] ; then

Ubuntugnutls28 package

Merge ~mkukri/ubuntu/+source/gnutls28:rebuild into ubuntu/+source/gnutls28:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
gnutls28 package