Accepting request 106219 from Base:System

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/106219 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=42
2012-02-21 11:38:08 +00:00 · 2012-02-21 11:38:08 +00:00 · 285c3d7e49
commit 285c3d7e49
parent 3c0ee622a8
3 changed files with 27 additions and 1 deletions
--- a/CVE-2012-0390.patch
+++ b/CVE-2012-0390.patch
@ -0,0 +1,18 @@
+Index: gnutls-3.0.3/lib/gnutls_cipher.c
+===================================================================
+--- gnutls-3.0.3.orig/lib/gnutls_cipher.c
+++ gnutls-3.0.3/lib/gnutls_cipher.c
+@@ -559,7 +559,12 @@ ciphertext_to_compressed (gnutls_session
+           }
+ 
+       if (length < 0)
+-        length = 0;
+      {
+	      /* Setting a proper length to prevent timing differences in
+	       * processing of records with invalid encryption.
+	       */
+	      length = ciphertext->size - tag_size;
+      }
+ 
+       /* Pass the type, version, length and compressed through
+        * MAC.
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Feb 13 06:09:57 UTC 2012 - gjhe@suse.com
+
+- fix Bug[bnc#739898] - VUL-1: CVE-2012-0390: GnuTLS DTLS plaintext 
+  recovery attack.
+
 -------------------------------------------------------------------
 Wed Nov 30 12:43:57 UTC 2011 - vuntz@opensuse.org

--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -35,6 +35,7 @@ Patch0:         gnutls-fix-compression.patch
 # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 vuntz@opensuse.org -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17
 Patch1:         gnutls-fix-crash-on-strcat.patch
 Patch2:         CVE-2011-4128.patch
+Patch3:         CVE-2012-0390.patch
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel >= 2.2
@ -158,6 +159,7 @@ implements the proposed standards of the IETF's TLS working group.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 %configure \