Version in base suite: 3.6.7-4

Base version: gnutls28_3.6.7-4
Target version: gnutls28_3.6.7-4+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/gnutls28/gnutls28_3.6.7-4.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/g/gnutls28/gnutls28_3.6.7-4+deb10u1.dsc

 changelog                                                                        |    8 +
 patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch |   63 ++++++++++
 patches/series                                                                   |    1 
 3 files changed, 72 insertions(+)

diff -Nru gnutls28-3.6.7/debian/changelog gnutls28-3.6.7/debian/changelog
--- gnutls28-3.6.7/debian/changelog	2019-06-12 17:21:23.000000000 +0000
+++ gnutls28-3.6.7/debian/changelog	2019-11-30 12:41:59.000000000 +0000
@@ -1,3 +1,11 @@
+gnutls28 (3.6.7-4+deb10u1) buster; urgency=medium
+
+  * 42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
+    from 3.6.10: Fix interop problems with gnutls 2.x. Closes: #933538
+    (Thanks, Hanno Stock!)
+
+ -- Andreas Metzler <ametzler@debian.org>  Sat, 30 Nov 2019 13:41:59 +0100
+
 gnutls28 (3.6.7-4) unstable; urgency=medium
 
   * Cherry-pick important bug-fixes from 3.6.8:
diff -Nru gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch
--- gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnutls28-3.6.7/debian/patches/42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch	2019-11-30 12:41:59.000000000 +0000
@@ -0,0 +1,63 @@
+From daa49b9e455d262a1a2bc1b641e72dc004e2cb3e Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 3 Aug 2019 21:51:58 +0200
+Subject: [PATCH] _gnutls_epoch_set_keys: do not forbid random padding in
+ TLS1.x CBC ciphersuites
+
+Since some point in 3.6.x we updated the calculation of maximum record size,
+however that did not include the possibility of random record padding available
+for CBC ciphersuites which exceeds the maximum. This commit allows for larger
+sizes for these ciphersuites to account for random padding as applied by
+gnutls 2.12.x.
+
+Resolves: #811
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ NEWS           |  4 ++++
+ lib/constate.c | 11 +++++++++--
+ lib/record.c   |  4 ++--
+ 3 files changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/lib/constate.c b/lib/constate.c
+index 51a4eca30..4c6ca0fd0 100644
+--- a/lib/constate.c
++++ b/lib/constate.c
+@@ -707,10 +707,17 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch, hs_stage_t
+ 			return gnutls_assert_val(ret);
+ 	}
+ 
+-	if (ver->tls13_sem) {
++	/* The TLS1.3 limit of 256 additional bytes is also enforced under CBC
++	 * ciphers to ensure we interoperate with gnutls 2.12.x which could add padding
++	 * data exceeding the maximum. */
++	if (ver->tls13_sem || _gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) {
+ 		session->internals.max_recv_size = 256;
+ 	} else {
+-		session->internals.max_recv_size = _gnutls_record_overhead(ver, params->cipher, params->mac, 1);
++		session->internals.max_recv_size = 0;
++	}
++
++	if (!ver->tls13_sem) {
++		session->internals.max_recv_size += _gnutls_record_overhead(ver, params->cipher, params->mac, 1);
+ 		if (session->internals.allow_large_records != 0)
+ 			session->internals.max_recv_size += EXTRA_COMP_SIZE;
+ 	}
+diff --git a/lib/record.c b/lib/record.c
+index 39d2a16be..7c7e36561 100644
+--- a/lib/record.c
++++ b/lib/record.c
+@@ -1219,8 +1219,8 @@ static int recv_headers(gnutls_session_t session,
+ 
+ 	if (record->length == 0 || record->length > max_record_recv_size(session)) {
+ 		_gnutls_audit_log
+-		    (session, "Received packet with illegal length: %u\n",
+-		     (unsigned int) record->length);
++		    (session, "Received packet with illegal length: %u (max: %u)\n",
++		     (unsigned int) record->length, (unsigned)max_record_recv_size(session));
+ 
+ 		if (record->length == 0) {
+ 			/* Empty, unencrypted records are always unexpected. */
+-- 
+2.24.0
+
diff -Nru gnutls28-3.6.7/debian/patches/series gnutls28-3.6.7/debian/patches/series
--- gnutls28-3.6.7/debian/patches/series	2019-06-12 17:21:15.000000000 +0000
+++ gnutls28-3.6.7/debian/patches/series	2019-11-30 12:41:59.000000000 +0000
@@ -5,3 +5,4 @@
 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch
 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch
 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch
+42_rel3.6.10_01-gnutls_epoch_set_keys-do-not-forbid-random-padding.patch