diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2022-03-16 23:04:39 +0100 |
|---|---|---|
| committer | Ariadne Conill <ariadne@treehouse.systems> | 2022-03-24 15:38:28 +0000 |
| commit | efbeb3f494f5c6d9a13833787237b081e2347f50 (patch) | |
| tree | 24c8bb255fe8f68227ab1c95fc68495c607e2207 | |
| parent | 31380088ffed60b517f8a41b5026356bf6d1ab94 (diff) | |
main/libretls: patch CVE-2022-0778
| -rw-r--r-- | main/libretls/APKBUILD | 8 | ||||
| -rw-r--r-- | main/libretls/CVE-2022-0778.patch | 54 |
2 files changed, 61 insertions, 1 deletions
diff --git a/main/libretls/APKBUILD b/main/libretls/APKBUILD index be6223ef47a..6bfd02cdc6b 100644 --- a/main/libretls/APKBUILD +++ b/main/libretls/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Ariadne Conill <ariadne@dereferenced.org> pkgname=libretls pkgver=3.3.3p1 -pkgrel=2 +pkgrel=3 pkgdesc="port of libtls from libressl to openssl" arch="all" url="https://git.causal.agency/libretls/" @@ -13,8 +13,13 @@ makedepends_host="openssl-dev" makedepends="$depends_dev autoconf automake libtool" subpackages="$pkgname-doc $pkgname-static $pkgname-dev" source="https://causal.agency/libretls/libretls-$pkgver.tar.gz + CVE-2022-0778.patch test_program.c" +# secfixes: +# 3.3.3p1-r3: +# - CVE-2022-0778 + prepare() { default_prepare @@ -52,5 +57,6 @@ check() { sha512sums=" 58806e87e9071fd370f7287c29e4e395d8fdb9e2db6105ee2d22d890a497b204d0cf041ea495c5fc565e0ab97d9172966b3e895e30feec30e541bd1b4ecef6db libretls-3.3.3p1.tar.gz +d415a589fb3b220b20bf28a9711d3fe13d9709c0204a0a1493751a1c11dc0c957a6da8a1d794630ca38234f3222d5b9b7e53a6c24567f6b42967aa5868ba682f CVE-2022-0778.patch 71d36fe25c95a0a45497e3f699b01dddcaae9053dd1b1e2419df94272c47024cf6516c51c902129201061601b04a72551904b15a332a4cf53358983b5db73618 test_program.c " diff --git a/main/libretls/CVE-2022-0778.patch b/main/libretls/CVE-2022-0778.patch new file mode 100644 index 00000000000..136f71f1aee --- /dev/null +++ b/main/libretls/CVE-2022-0778.patch @@ -0,0 +1,54 @@ +From d09ca2569d9cbe6fa1e8038e90ff5cb57e20e0b5 Mon Sep 17 00:00:00 2001 +From: Brent Cook <busterb@gmail.com> +Date: Sat, 12 Mar 2022 11:26:23 -0600 +Subject: [PATCH] add infinite loop fix in BN_mod_sqrt + +--- + patches/bn_sqrt.patch | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + create mode 100644 patches/bn_sqrt.patch + +diff --git a/patches/bn_sqrt.patch b/patches/bn_sqrt.patch +new file mode 100644 +index 000000000..495de3120 +--- /dev/null ++++ b/patches/bn_sqrt.patch +@@ -0,0 +1,38 @@ ++--- crypto/bn/bn_sqrt.c.orig Fri Feb 18 16:30:39 2022 +++++ crypto/bn/bn_sqrt.c Sat Mar 12 11:23:53 2022 ++@@ -351,21 +351,22 @@ ++ goto vrfy; ++ } ++ ++- ++- /* find smallest i such that b^(2^i) = 1 */ ++- i = 1; ++- if (!BN_mod_sqr(t, b, p, ctx)) ++- goto end; ++- while (!BN_is_one(t)) { ++- i++; ++- if (i == e) { ++- BNerror(BN_R_NOT_A_SQUARE); ++- goto end; +++ /* Find the smallest i with 0 < i < e such that b^(2^i) = 1. */ +++ for (i = 1; i < e; i++) { +++ if (i == 1) { +++ if (!BN_mod_sqr(t, b, p, ctx)) +++ goto end; +++ } else { +++ if (!BN_mod_sqr(t, t, p, ctx)) +++ goto end; ++ } ++- if (!BN_mod_mul(t, t, t, p, ctx)) ++- goto end; +++ if (BN_is_one(t)) +++ break; ++ } ++- +++ if (i >= e) { +++ BNerror(BN_R_NOT_A_SQUARE); +++ goto end; +++ } ++ ++ /* t := y^2^(e - i - 1) */ ++ if (!BN_copy(t, y)) |