Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2020-06-11 10:01:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Thu Jun 11 10:01:25 2020 rev:124 rq:812790 version:3.6.14 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2020-04-15 19:52:11.397536638 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new.3606/gnutls.changes 2020-06-11 10:01:52.746615823 +0200 @@ -1,0 +2,41 @@ +Mon Jun 8 15:41:46 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Fix a memory leak that could lead to a DoS attack against Samba + servers (bsc#1172663) + * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch +- Temporarily disable broken guile reauth test (bsc#1171565) + * add gnutls-temporarily_disable_broken_guile_reauth_test + +------------------------------------------------------------------- +Thu Jun 4 09:39:58 UTC 2020 - Vítězslav Čížek <vci...@suse.com> + +- Update to 3.6.14 + * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. + The TLS server would not bind the session ticket encryption key with a + value supplied by the application until the initial key rotation, allowing + attacker to bypass authentication in TLS 1.3 and recover previous + conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) + [GNUTLS-SA-2020-06-03, CVSS: high] + * libgnutls: Fixed handling of certificate chain with cross-signed + intermediate CA certificates (#1008). (bsc#1172461) + * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). + * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName + (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority + Key Identifier (AKI) properly (#989, #991). + * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). + * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). + Also both accelerated and non-accelerated implementations check key block + according to FIPS-140-2 IG A.9 (!1233). + * libgnutls: Added support for AES-SIV ciphers (#463). + * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). + * libgnutls: No longer use internal symbols exported from Nettle (!1235) + * API and ABI modifications: + GNUTLS_CIPHER_AES_128_SIV: Added + GNUTLS_CIPHER_AES_256_SIV: Added + GNUTLS_CIPHER_AES_192_GCM: Added + gnutls_pkcs7_print_signature_info: Added +- Add key D605848ED7E69871: public key "Daiki Ueno <u...@unixuser.org>" to + the keyring +- Drop gnutls-fips_correct_nettle_soversion.patch (upstream) + +------------------------------------------------------------------- Old: ---- gnutls-3.6.13.tar.xz gnutls-3.6.13.tar.xz.sig gnutls-fips_correct_nettle_soversion.patch New: ---- 0001-crypto-api-always-allocate-memory-when-serializing-i.patch gnutls-3.6.14.tar.xz gnutls-3.6.14.tar.xz.sig gnutls-temporarily_disable_broken_guile_reauth_test ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.MNW2Fc/_old 2020-06-11 10:01:54.550621633 +0200 +++ /var/tmp/diff_new_pack.MNW2Fc/_new 2020-06-11 10:01:54.550621633 +0200 @@ -28,7 +28,7 @@ %bcond_with tpm %bcond_without guile Name: gnutls -Version: 3.6.13 +Version: 3.6.14 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1-or-later AND GPL-3.0-or-later @@ -39,8 +39,9 @@ Source2: %{name}.keyring Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch -Patch2: gnutls-fips_correct_nettle_soversion.patch Patch4: gnutls-3.6.6-set_guile_site_dir.patch +Patch5: 0001-crypto-api-always-allocate-memory-when-serializing-i.patch +Patch6: gnutls-temporarily_disable_broken_guile_reauth_test BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge ++++++ 0001-crypto-api-always-allocate-memory-when-serializing-i.patch ++++++ >From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001 From: Daiki Ueno <u...@gnu.org> Date: Fri, 5 Jun 2020 16:26:33 +0200 Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t The AEAD iov interface falls back to serializing the input buffers if the low-level cipher doesn't support scatter/gather encryption. However, there was a bug in the functions used for the serialization, which causes memory leaks under a certain condition (i.e. the number of input buffers is 1). This patch makes the logic of the functions simpler, by removing a micro-optimization that tries to minimize the number of calls to malloc/free. The original problem was reported by Marius Steffen in: https://bugzilla.samba.org/show_bug.cgi?id=14399 and the cause was investigated by Alexander Haase in: https://gitlab.com/gnutls/gnutls/-/merge_requests/1277 Signed-off-by: Daiki Ueno <u...@gnu.org> --- lib/crypto-api.c | 36 +++++++++++------------------------- tests/aead-cipher-vec.c | 33 ++++++++++++++++++--------------- 2 files changed, 29 insertions(+), 40 deletions(-) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 45be64ed1f..8524f5ed4f 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, struct iov_store_st { void *data; size_t size; - unsigned allocated; }; static void iov_store_free(struct iov_store_st *s) { - if (s->allocated) { - gnutls_free(s->data); - s->allocated = 0; - } + gnutls_free(s->data); } static int iov_store_grow(struct iov_store_st *s, size_t length) { - if (s->allocated || s->data == NULL) { - s->size += length; - s->data = gnutls_realloc(s->data, s->size); - if (s->data == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - s->allocated = 1; - } else { - void *data = s->data; - size_t size = s->size + length; - s->data = gnutls_malloc(size); - memcpy(s->data, data, s->size); - s->size += length; - } + void *data; + + s->size += length; + data = gnutls_realloc(s->data, s->size); + if (data == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + s->data = data; return 0; } @@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) memset(dst, 0, sizeof(*dst)); if (iovcnt == 0) { return 0; - } else if (iovcnt == 1) { - dst->data = iov[0].iov_base; - dst->size = iov[0].iov_len; - /* implies: dst->allocated = 0; */ - return 0; } else { int i; uint8_t *p; @@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) p = dst->data; for (i=0;i<iovcnt;i++) { - memcpy(p, iov[i].iov_base, iov[i].iov_len); + if (iov[i].iov_len > 0) + memcpy(p, iov[i].iov_base, iov[i].iov_len); p += iov[i].iov_len; } - dst->allocated = 1; return 0; } } diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c index fba9010d9e..6a30a35f7b 100644 --- a/tests/aead-cipher-vec.c +++ b/tests/aead-cipher-vec.c @@ -49,6 +49,7 @@ static void start(const char *name, int algo) giovec_t auth_iov[2]; uint8_t tag[64]; size_t tag_size = 0; + size_t i; key.data = key16; key.size = gnutls_cipher_get_key_size(algo); @@ -82,21 +83,23 @@ static void start(const char *name, int algo) if (ret < 0) fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret)); - ret = gnutls_aead_cipher_encryptv2(ch, - iv.data, iv.size, - auth_iov, 2, - iov, 3, - tag, &tag_size); - if (ret < 0) - fail("could not encrypt data: %s\n", gnutls_strerror(ret)); - - ret = gnutls_aead_cipher_decryptv2(ch, - iv.data, iv.size, - auth_iov, 2, - iov, 3, - tag, tag_size); - if (ret < 0) - fail("could not decrypt data: %s\n", gnutls_strerror(ret)); + for (i = 0; i < 2; i++) { + ret = gnutls_aead_cipher_encryptv2(ch, + iv.data, iv.size, + auth_iov, 2, + iov, i + 1, + tag, &tag_size); + if (ret < 0) + fail("could not encrypt data: %s\n", gnutls_strerror(ret)); + + ret = gnutls_aead_cipher_decryptv2(ch, + iv.data, iv.size, + auth_iov, 2, + iov, i + 1, + tag, tag_size); + if (ret < 0) + fail("could not decrypt data: %s\n", gnutls_strerror(ret)); + } gnutls_aead_cipher_deinit(ch); } -- 2.25.0 ++++++ gnutls-3.6.13.tar.xz -> gnutls-3.6.14.tar.xz ++++++ ++++ 131127 lines of diff (skipped) ++++++ gnutls-temporarily_disable_broken_guile_reauth_test ++++++ Index: gnutls-3.6.14/guile/Makefile.in =================================================================== --- gnutls-3.6.14.orig/guile/Makefile.in 2020-06-03 15:05:54.000000000 +0200 +++ gnutls-3.6.14/guile/Makefile.in 2020-06-09 09:03:17.267773380 +0200 @@ -1850,7 +1850,7 @@ CLEANFILES = modules/gnutls.scm $(am__ap TESTS = tests/anonymous-auth.scm tests/session-record-port.scm \ tests/pkcs-import-export.scm tests/errors.scm \ tests/x509-certificates.scm tests/x509-auth.scm \ - tests/reauth.scm tests/priorities.scm $(am__append_2) + tests/priorities.scm $(am__append_2) TESTS_ENVIRONMENT = \ GUILE_AUTO_COMPILE=0 \ GUILE_WARN_DEPRECATED=detailed ++++++ gnutls.keyring ++++++ ++++ 1044 lines (skipped) ++++ between gnutls.keyring ++++ and /work/SRC/openSUSE:Factory/.gnutls.new.3606/gnutls.keyring