fix CVE-2020-11501
This commit is contained in:
Anakin Zhang
parent
0cab95307a
commit
00f445ee85
32
fix-CVE-2020-11501-zeroed-random.patch
Normal file
32
fix-CVE-2020-11501-zeroed-random.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
|
||||
Date: Fri, 27 Mar 2020 17:17:57 +0100
|
||||
Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
|
||||
hello verify request", which failed to "De Morgan" properly.
|
||||
|
||||
Signed-off-by: Stefan Bühler <stbuehler@web.de>
|
||||
---
|
||||
lib/handshake.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/handshake.c b/lib/handshake.c
|
||||
index 1e6164c..5c8f33a 100644
|
||||
--- a/lib/handshake.c
|
||||
+++ b/lib/handshake.c
|
||||
@@ -2164,7 +2164,7 @@ static int send_client_hello(gnutls_session_t session, int again)
|
||||
/* Generate random data
|
||||
*/
|
||||
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
|
||||
- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
|
||||
+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
|
||||
ret = _gnutls_gen_client_random(session);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,13 +1,14 @@
|
||||
Name: gnutls
|
||||
Version: 3.6.9
|
||||
Release: 5
|
||||
Release: 5.h1
|
||||
Summary: The GNU Secure Communication Protocol Library
|
||||
|
||||
License: LGPLv2.1+ and GPLv3+
|
||||
URL: https://www.gnutls.org/
|
||||
Source0: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz
|
||||
Source1: https://www.gnupg.org/ftp/gcrypt/%{name}/v3.6/%{name}-%{version}.tar.xz.sig
|
||||
Patch9000: fix-ipv6-handshake-failed.patch
|
||||
Patch0: fix-ipv6-handshake-failed.patch
|
||||
Patch1: fix-CVE-2020-11501-zeroed-random.patch
|
||||
|
||||
%bcond_without dane
|
||||
%bcond_with guile
|
||||
@ -194,6 +195,9 @@ make check %{?_smp_mflags}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Apr 22 2020 Anakin Zhang <nbztx@126.com> - 3.6.9-5.h1
|
||||
- fix CVE-2020-11501
|
||||
|
||||
* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-5
|
||||
- Type:bugfix
|
||||
- Id:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user