From 7869ce61ea1e29e6447ad1976be580bcdd4a0241 Mon Sep 17 00:00:00 2001
From: yinyongkang <yinyongkang@kylinos.cn>
Date: Tue, 2 Jul 2024 09:07:09 +0800
Subject: [PATCH] fix CVE-2024-34703

(cherry picked from commit 6e87e1f51a33c36ef4329dd341149eb4bdd3eaac)
---
 ...CVE-2024-34703-When-decoding-an-arbi.patch | 35 +++++++++++++++++++
 botan2.spec                                   |  9 +++--
 2 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 Backport-CVE-2024-34703-When-decoding-an-arbi.patch

diff --git a/Backport-CVE-2024-34703-When-decoding-an-arbi.patch b/Backport-CVE-2024-34703-When-decoding-an-arbi.patch
new file mode 100644
index 0000000..9d345f0
--- /dev/null
+++ b/Backport-CVE-2024-34703-When-decoding-an-arbi.patch
@@ -0,0 +1,35 @@
+From 94e9154c143aa5264da6254a6a1be5bc66ee2b5a Mon Sep 17 00:00:00 2001
+From: Jack Lloyd <jack@randombit.net>
+Date: Tue, 20 Feb 2024 06:32:57 -0500
+Subject: [PATCH] When decoding an arbitrary elliptic curve, set an upper bound
+ on length
+
+Otherwise it's trivial to send a very large prime, which can take a
+significant amount of computation to check.
+
+Reported by Bing Shi
+---
+ src/lib/pubkey/ec_group/ec_group.cpp | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
+index bb60bac..214751b 100644
+--- a/src/lib/pubkey/ec_group/ec_group.cpp
++++ b/src/lib/pubkey/ec_group/ec_group.cpp
+@@ -334,8 +334,11 @@ std::shared_ptr<EC_Group_Data> EC_Group::BER_decode_EC_group(const uint8_t bits[
+          .end_cons()
+          .verify_end();
+ 
+-      if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p))
+-         throw Decoding_Error("Invalid ECC p parameter");
++      if(p.bits() < 112 || p.bits() > 1024)
++         throw Decoding_Error("ECC p parameter is invalid size");
++
++      if(p.is_negative() || !is_bailie_psw_probable_prime(p))
++         throw Decoding_Error("ECC p parameter is not a prime");
+ 
+       if(a.is_negative() || a >= p)
+          throw Decoding_Error("Invalid ECC a parameter");
+-- 
+2.41.0
+
diff --git a/botan2.spec b/botan2.spec
index 20397f2..81b89ea 100644
--- a/botan2.spec
+++ b/botan2.spec
@@ -2,13 +2,15 @@
 
 Name:           botan2
 Version:        2.19.3
-Release:        1
+Release:        2
 Summary:        Crypto and TLS for C++11
 
 License:        BSD
 URL:            https://botan.randombit.net/
 Source0:        %{url}/releases/Botan-%{version}.tar.xz
 
+Patch01:        Backport-CVE-2024-34703-When-decoding-an-arbi.patch
+
 BuildRequires:  gcc-c++ python3 python3-devel python3-sphinx python-docutils
 BuildRequires:  bzip2-devel zlib-devel make
 
@@ -52,7 +54,7 @@ This package contains the Python3 binding for %{name}.
 
 
 %prep
-%autosetup -n Botan-%{version}
+%autosetup -n Botan-%{version} -p1
 
 
 %build
@@ -124,6 +126,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./botan-test
 
 
 %changelog
+* Tue Jul 02 2024 yinyongkang <yinyongkang@kylinos.cn> - 2.19.3-2
+- fix CVE-2024-34703
+
 * Mon Nov 28 2022 liweiganga <liweiganga@uniontech.com> - 2.19.3-1
 - update to 2.19.3
 - fix CVE-2022-43705
-- 
Gitee