rpms/gnutls/FC-5 gnutls-1.4.2-cve-2006-4790.patch, NONE, 1.1 gnutls.spec, 1.19, 1.20

Thu Sep 14 11:54:08 UTC 2006

Author: tmraz

Update of /cvs/dist/rpms/gnutls/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv13958

Modified Files:
	gnutls.spec 
Added Files:
	gnutls-1.4.2-cve-2006-4790.patch 
Log Message:
* Thu Sep 14 2006 Tomas Mraz <tmraz at redhat.com> 1.2.10-3
- detect forged signatures - CVE-2006-4790 (#206411), patch
  from upstream


gnutls-1.4.2-cve-2006-4790.patch:
 verify.c |   13 +++++++++++++
 1 files changed, 13 insertions(+)

--- NEW FILE gnutls-1.4.2-cve-2006-4790.patch ---
Make sure the digestAlgorithm.parameters field is empty, which it has
to be for the hashes we support.  Otherwise, the field can encode
"garbage" that might be used to make the signature be a perfect cube,
similar (but not identical) to Bleichenbacher's Crypto 06 rump session
attack.
Index: verify.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/verify.c,v
retrieving revision 1.52
retrieving revision 1.55
diff -u -p -r1.52 -r1.55
--- gnutls/lib/x509/verify.c	7 Nov 2005 23:28:02 -0000	1.52
+++ gnutls/lib/x509/verify.c	12 Sep 2006 13:11:23 -0000	1.55
@@ -505,6 +505,19 @@ decode_ber_digest_info (const gnutls_dat
       return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
     }
 
+  len = sizeof (str) - 1;
+  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
+  /* To avoid permitting garbage in the parameters field, either the
+     parameters field is not present, or it contains 0x05 0x00. */
+  if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+	(result == ASN1_SUCCESS && len == 2 &&
+	 str[0] == 0x05 && str[1] == 0x00)))
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return GNUTLS_E_ASN1_GENERIC_ERROR;
+    }
+
   result = asn1_read_value (dinfo, "digest", digest, digest_size);
   if (result != ASN1_SUCCESS)
     {


Index: gnutls.spec
===================================================================
RCS file: /cvs/dist/rpms/gnutls/FC-5/gnutls.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- gnutls.spec	13 Feb 2006 08:10:43 -0000	1.19
+++ gnutls.spec	14 Sep 2006 11:54:06 -0000	1.20
@@ -4,7 +4,8 @@
 Release: 1
 License: LGPL
 Group: System Environment/Libraries
-BuildPrereq: libgcrypt-devel >= 1.2.2
+BuildRequires: libgcrypt-devel >= 1.2.2, gettext
+BuildRequires: zlib-devel, readline-devel, libtermcap-devel
 #BuildPrereq: libtasn1-devel
 #BuildPrereq: opencdk-devel
 URL: http://www.gnutls.org/
@@ -14,6 +15,7 @@
 Source0: %{name}-%{version}-nosrp.tar.bz2
 Source1: libgnutls-config
 Patch0: gnutls-1.2.9-nosrp.patch
+Patch3: gnutls-1.4.2-cve-2006-4790.patch
 BuildRoot: %{_tmppath}/%{name}-root
 Requires: libgcrypt >= 1.2.2
 
@@ -23,6 +25,7 @@
 Requires: %{name} = %{version}-%{release}
 Requires: libgcrypt-devel
 Requires: zlib-devel
+Requires: pkgconfig
 
 %package utils
 Summary: Command line tools for TLS protocol.
@@ -51,6 +54,7 @@
 %prep
 %setup -q
 %patch0 -p1 -b .nosrp
+%patch3 -p1 -b .no-params
 
 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
     touch lib/$i
@@ -114,6 +118,13 @@
 %{_mandir}/man1/*
 
 %changelog
+* Thu Sep 14 2006 Tomas Mraz <tmraz at redhat.com> 1.2.10-3
+- detect forged signatures - CVE-2006-4790 (#206411), patch
+  from upstream
+
+* Tue May 16 2006 Tomas Mraz <tmraz at redhat.com> - 1.2.10-2
+- added missing buildrequires
+
 * Mon Feb 13 2006 Tomas Mraz <tmraz at redhat.com> - 1.2.10-1
 - updated to new version (fixes CVE-2006-0645)
 


