From 00f445ee851a00a6949dc4379b8d11a8e7091acf Mon Sep 17 00:00:00 2001 From: Anakin Zhang Date: Wed, 22 Apr 2020 16:00:29 +0800 Subject: [PATCH] fix CVE-2020-11501 --- fix-CVE-2020-11501-zeroed-random.patch | 32 ++++++++++++++++++++++++++ gnutls.spec | 8 +++++-- 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 fix-CVE-2020-11501-zeroed-random.patch diff --git a/fix-CVE-2020-11501-zeroed-random.patch b/fix-CVE-2020-11501-zeroed-random.patch new file mode 100644 index 0000000..822fcec --- /dev/null +++ b/fix-CVE-2020-11501-zeroed-random.patch @@ -0,0 +1,32 @@ +From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20B=C3=BChler?= +Date: Fri, 27 Mar 2020 17:17:57 +0100 +Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This broke with bcf4de03 "handshake: treat reply to HRR as a reply to +hello verify request", which failed to "De Morgan" properly. + +Signed-off-by: Stefan Bühler +--- + lib/handshake.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index 1e6164c..5c8f33a 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2164,7 +2164,7 @@ static int send_client_hello(gnutls_session_t session, int again) + /* Generate random data + */ + if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && +- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { ++ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { + ret = _gnutls_gen_client_random(session); + if (ret < 0) { + gnutls_assert(); +-- +1.8.3.1 + diff --git a/gnutls.spec b/gnutls.spec index ce8b92c..44a36ba 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,13 +1,14 @@ Name: gnutls Version: 3.6.9 -Release: 5 +Release: 5.h1 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ URL: https://www.gnutls.org/ Source0: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz Source1: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz.sig -Patch9000: fix-ipv6-handshake-failed.patch +Patch0: fix-ipv6-handshake-failed.patch +Patch1: fix-CVE-2020-11501-zeroed-random.patch %bcond_without dane %bcond_with guile @@ -194,6 +195,9 @@ make check %{?_smp_mflags} %endif %changelog +* Wed Apr 22 2020 Anakin Zhang - 3.6.9-5.h1 +- fix CVE-2020-11501 + * Fri Jan 10 2020 openEuler Buildteam - 3.6.9-5 - Type:bugfix - Id:NA -- Gitee