rpms/gnutls/FC-5 gnutls-1.4.2-cve-2006-4790.patch, NONE, 1.1 gnutls.spec, 1.19, 1.20
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Sep 14 11:54:08 UTC 2006
Author: tmraz
Update of /cvs/dist/rpms/gnutls/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv13958
Modified Files:
gnutls.spec
Added Files:
gnutls-1.4.2-cve-2006-4790.patch
Log Message:
* Thu Sep 14 2006 Tomas Mraz <tmraz at redhat.com> 1.2.10-3
- detect forged signatures - CVE-2006-4790 (#206411), patch
from upstream
gnutls-1.4.2-cve-2006-4790.patch:
verify.c | 13 +++++++++++++
1 files changed, 13 insertions(+)
--- NEW FILE gnutls-1.4.2-cve-2006-4790.patch ---
Make sure the digestAlgorithm.parameters field is empty, which it has
to be for the hashes we support. Otherwise, the field can encode
"garbage" that might be used to make the signature be a perfect cube,
similar (but not identical) to Bleichenbacher's Crypto 06 rump session
attack.
Index: verify.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/verify.c,v
retrieving revision 1.52
retrieving revision 1.55
diff -u -p -r1.52 -r1.55
--- gnutls/lib/x509/verify.c 7 Nov 2005 23:28:02 -0000 1.52
+++ gnutls/lib/x509/verify.c 12 Sep 2006 13:11:23 -0000 1.55
@@ -505,6 +505,19 @@ decode_ber_digest_info (const gnutls_dat
return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
}
+ len = sizeof (str) - 1;
+ result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
+ /* To avoid permitting garbage in the parameters field, either the
+ parameters field is not present, or it contains 0x05 0x00. */
+ if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+ (result == ASN1_SUCCESS && len == 2 &&
+ str[0] == 0x05 && str[1] == 0x00)))
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
result = asn1_read_value (dinfo, "digest", digest, digest_size);
if (result != ASN1_SUCCESS)
{
Index: gnutls.spec
===================================================================
RCS file: /cvs/dist/rpms/gnutls/FC-5/gnutls.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- gnutls.spec 13 Feb 2006 08:10:43 -0000 1.19
+++ gnutls.spec 14 Sep 2006 11:54:06 -0000 1.20
@@ -4,7 +4,8 @@
Release: 1
License: LGPL
Group: System Environment/Libraries
-BuildPrereq: libgcrypt-devel >= 1.2.2
+BuildRequires: libgcrypt-devel >= 1.2.2, gettext
+BuildRequires: zlib-devel, readline-devel, libtermcap-devel
#BuildPrereq: libtasn1-devel
#BuildPrereq: opencdk-devel
URL: http://www.gnutls.org/
@@ -14,6 +15,7 @@
Source0: %{name}-%{version}-nosrp.tar.bz2
Source1: libgnutls-config
Patch0: gnutls-1.2.9-nosrp.patch
+Patch3: gnutls-1.4.2-cve-2006-4790.patch
BuildRoot: %{_tmppath}/%{name}-root
Requires: libgcrypt >= 1.2.2
@@ -23,6 +25,7 @@
Requires: %{name} = %{version}-%{release}
Requires: libgcrypt-devel
Requires: zlib-devel
+Requires: pkgconfig
%package utils
Summary: Command line tools for TLS protocol.
@@ -51,6 +54,7 @@
%prep
%setup -q
%patch0 -p1 -b .nosrp
+%patch3 -p1 -b .no-params
for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
touch lib/$i
@@ -114,6 +118,13 @@
%{_mandir}/man1/*
%changelog
+* Thu Sep 14 2006 Tomas Mraz <tmraz at redhat.com> 1.2.10-3
+- detect forged signatures - CVE-2006-4790 (#206411), patch
+ from upstream
+
+* Tue May 16 2006 Tomas Mraz <tmraz at redhat.com> - 1.2.10-2
+- added missing buildrequires
+
* Mon Feb 13 2006 Tomas Mraz <tmraz at redhat.com> - 1.2.10-1
- updated to new version (fixes CVE-2006-0645)
More information about the fedora-cvs-commits
mailing list