diff --git a/backport-CVE-2021-4209.patch b/backport-CVE-2021-4209.patch new file mode 100644 index 0000000000000000000000000000000000000000..9be5136a37e0b26185ed811fc47c1335991e13e5 --- /dev/null +++ b/backport-CVE-2021-4209.patch @@ -0,0 +1,32 @@ +From 3db352734472d851318944db13be73da61300568 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 22 Dec 2021 09:12:25 +0100 +Subject: [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length + input + +As Nettle's hash update functions internally call memcpy, providing +zero-length input may cause undefined behavior. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/mac.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c +index f9d4d7a8df..35e070fab0 100644 +--- a/lib/nettle/mac.c ++++ b/lib/nettle/mac.c +@@ -788,7 +788,9 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo, + if (ret < 0) + return gnutls_assert_val(ret); + +- ctx.update(&ctx, text_size, text); ++ if (text_size > 0) { ++ ctx.update(&ctx, text_size, text); ++ } + ctx.digest(&ctx, ctx.length, digest); + + return 0; +-- +GitLab + diff --git a/gnutls.spec b/gnutls.spec index 32cd1ebd8ffeff7ff80de68c270cc61c21161a96..4ef83a5360609f1a2af5decf6e3ac192dfbdb8a1 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,6 +1,6 @@ Name: gnutls Version: 3.6.14 -Release: 8 +Release: 9 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ @@ -16,6 +16,7 @@ Patch5: backport-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch Patch6: backport-CVE-2021-20231.patch Patch7: backport-CVE-2021-20232.patch Patch8: backport-CVE-2022-2509.patch +Patch9: backport-CVE-2021-4209.patch %bcond_without dane %bcond_with guile @@ -206,6 +207,9 @@ make check %{?_smp_mflags} %endif %changelog +* Mon Aug 29 2022 yanglongkang - 3.6.14-9 +- fix CVE-2021-4209 + * Fri Aug 5 2022 dongyuzhen - 3.6.14-8 - fix CVE-2022-2509