[arch-commits] Commit in gnutls/repos (3 files)

Jan de Groot jgc at archlinux.org
Thu May 22 17:26:15 UTC 2008 

    Date: Thursday, May 22, 2008 @ 13:26:15
  Author: jgc
Revision: 1877

Security update

Added:
  gnutls/repos/extra-i686/GNUTLS-SA-2008-1.patch
    (from rev 1875, gnutls/trunk/GNUTLS-SA-2008-1.patch)
Modified:
  gnutls/repos/extra-i686/	(properties)
  gnutls/repos/extra-i686/PKGBUILD

------------------------+
 GNUTLS-SA-2008-1.patch |  153 +++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD               |   15 ++--
 2 files changed, 162 insertions(+), 6 deletions(-)


Property changes on: gnutls/repos/extra-i686
___________________________________________________________________
Name: svnmerge-integrated
   - /gnutls/trunk:1
   + /gnutls/trunk:1-1876

Copied: gnutls/repos/extra-i686/GNUTLS-SA-2008-1.patch (from rev 1875, gnutls/trunk/GNUTLS-SA-2008-1.patch)
===================================================================
--- extra-i686/GNUTLS-SA-2008-1.patch	                        (rev 0)
+++ extra-i686/GNUTLS-SA-2008-1.patch	2008-05-22 17:26:15 UTC (rev 1877)
@@ -0,0 +1,153 @@
+From: Simon Josefsson <simon at josefsson.org>
+Date: Mon, 19 May 2008 08:34:08 +0000 (+0200)
+Subject: Fix GNUTLS-SA-2008-1 security vulnerabilities.
+X-Git-Tag: gnutls_2_2_4~4
+X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff_plain;h=a05a837a1c2225931c282ed9ba38d557ee8ad8b2
+
+Fix GNUTLS-SA-2008-1 security vulnerabilities.
+See http://www.gnu.org/software/gnutls/security.html for updates.
+---
+
+diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
+index 4e76515..bfcee9d 100644
+--- a/lib/ext_server_name.c
++++ b/lib/ext_server_name.c
+@@ -74,10 +74,27 @@ _gnutls_server_name_recv_params (gnutls_session_t session,
+ 	  len = _gnutls_read_uint16 (p);
+ 	  p += 2;
+ 
+-	  DECR_LENGTH_RET (data_size, len, 0);
+-	  server_names++;
++	  if (len > 0)
++	    {
++	      DECR_LENGTH_RET (data_size, len, 0);
++	      server_names++;
++	      p += len;
++	    }
++	  else
++	    _gnutls_handshake_log
++	      ("HSK[%x]: Received zero size server name (under attack?)\n",
++	       session);
+ 
+-	  p += len;
++	}
++
++      /* we cannot accept more server names.
++       */
++      if (server_names > MAX_SERVER_NAME_EXTENSIONS)
++	{
++	  _gnutls_handshake_log
++	    ("HSK[%x]: Too many server names received (under attack?)\n",
++	     session);
++	  server_names = MAX_SERVER_NAME_EXTENSIONS;
+ 	}
+ 
+       session->security_parameters.extensions.server_names_size =
+@@ -85,10 +102,6 @@ _gnutls_server_name_recv_params (gnutls_session_t session,
+       if (server_names == 0)
+ 	return 0;		/* no names found */
+ 
+-      /* we cannot accept more server names.
+-       */
+-      if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+-	server_names = MAX_SERVER_NAME_EXTENSIONS;
+ 
+       p = data + 2;
+       for (i = 0; i < server_names; i++)
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index e930c1d..f071710 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -453,6 +453,14 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+       return GNUTLS_E_INTERNAL_ERROR;
+     }
+ 
++  if (ciphertext.size < (unsigned) blocksize + hash_size)
++    {
++      _gnutls_record_log
++	("REC[%x]: Short record length %d < %d + %d (under attack?)\n",
++	 session, ciphertext.size, blocksize, hash_size);
++      gnutls_assert ();
++      return GNUTLS_E_DECRYPTION_FAILED;
++    }
+ 
+   /* actual decryption (inplace)
+    */
+@@ -504,9 +512,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+ 
+       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
+ 
+-      length = ciphertext.size - hash_size - pad;
+-
+-      if (pad > ciphertext.size - hash_size)
++      if ((int)pad > (int)ciphertext.size - hash_size)
+ 	{
+ 	  gnutls_assert ();
+ 	  /* We do not fail here. We check below for the
+@@ -515,6 +521,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+ 	  pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ 	}
+ 
++      length = ciphertext.size - hash_size - pad;
++
+       /* Check the pading bytes (TLS 1.x)
+        */
+       if (ver >= GNUTLS_TLS1 && pad_failed == 0)
+diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
+index 2737edf..cec3283 100644
+--- a/lib/gnutls_handshake.c
++++ b/lib/gnutls_handshake.c
+@@ -1001,6 +1001,14 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
+ 
+       *recv_type = session->internals.handshake_header_buffer.recv_type;
+ 
++      if (*recv_type != type)
++	{
++	  gnutls_assert ();
++	  _gnutls_handshake_log
++	    ("HSK[%x]: Handshake type mismatch (under attack?)\n", session);
++	  return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
++	}
++
+       return session->internals.handshake_header_buffer.packet_length;
+     }
+ 
+From: Simon Josefsson <simon at josefsson.org>
+Date: Mon, 19 May 2008 19:44:43 +0000 (+0200)
+Subject: Fix broken debug check for GNUTLS-SA-2008-1.
+X-Git-Tag: gnutls_2_2_5~4
+X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff_plain;h=d1417aadd49dcb549b7ad503e6bb315a8cbc280a
+
+Fix broken debug check for GNUTLS-SA-2008-1.
+---
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index f071710..e16ad1f 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -453,15 +453,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+       return GNUTLS_E_INTERNAL_ERROR;
+     }
+ 
+-  if (ciphertext.size < (unsigned) blocksize + hash_size)
+-    {
+-      _gnutls_record_log
+-	("REC[%x]: Short record length %d < %d + %d (under attack?)\n",
+-	 session, ciphertext.size, blocksize, hash_size);
+-      gnutls_assert ();
+-      return GNUTLS_E_DECRYPTION_FAILED;
+-    }
+-
+   /* actual decryption (inplace)
+    */
+   switch (_gnutls_cipher_is_block
+@@ -515,6 +506,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+       if ((int)pad > (int)ciphertext.size - hash_size)
+ 	{
+ 	  gnutls_assert ();
++	  _gnutls_record_log
++	    ("REC[%x]: Short record length %d > %d - %d (under attack?)\n",
++	     session, pad, ciphertext.size, hash_size);
+ 	  /* We do not fail here. We check below for the
+ 	   * the pad_failed. If zero means success.
+ 	   */

Modified: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD	2008-05-22 17:13:45 UTC (rev 1876)
+++ extra-i686/PKGBUILD	2008-05-22 17:26:15 UTC (rev 1877)
@@ -1,21 +1,24 @@
 # $Id$
-# Maintainer: dorphell <dorphell at archlinux.org>
+# Maintainer: Jan de Groot <jgc at archlinux.org>
 
 pkgname=gnutls
 pkgver=2.0.4
-pkgrel=1
+pkgrel=2
 pkgdesc="A library which provides a secure layer over a reliable transport layer"
 arch=(i686 x86_64)
 license=('GPL' 'LGPL')
 url="http://www.gnu.org/software/gnutls/"
 options=('libtool')
 depends=('gcc-libs' 'opencdk>=0.6.6' 'libtasn1>=1.1' 'lzo2' 'readline')
-source=(ftp://ftp.gnutls.org/pub/gnutls/${pkgname}-${pkgver}.tar.bz2)
-md5sums=('0d3c959ff2b3b71f840038c3441ba1f9')
+source=(ftp://ftp.gnutls.org/pub/gnutls/${pkgname}-${pkgver}.tar.bz2
+	GNUTLS-SA-2008-1.patch)
+md5sums=('0d3c959ff2b3b71f840038c3441ba1f9'
+	 '7b2dea9266c30f670e60730f776f5f68')
 
 build() {
   cd ${startdir}/src/${pkgname}-${pkgver}
-  ./configure --prefix=/usr --with-zlib --disable-guile
+  patch -Np1 -i ${startdir}/src/GNUTLS-SA-2008-1.patch || return 1
+  ./configure --prefix=/usr --with-zlib --disable-guile || return 1
   make || return 1
-  make DESTDIR=${startdir}/pkg install
+  make DESTDIR=${startdir}/pkg install || return 1
 }

More information about the arch-commits mailing list