!59 [sync] PR-58: fix CVE-2021-4209

From: @openeuler-sync-bot 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite

backport-CVE-2021-4209.patch

@@ -0,0 +1,32 @@
+From 3db352734472d851318944db13be73da61300568 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 22 Dec 2021 09:12:25 +0100
+Subject: [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length
+ input
+
+As Nettle's hash update functions internally call memcpy, providing
+zero-length input may cause undefined behavior.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/nettle/mac.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
+index f9d4d7a8df..35e070fab0 100644
+--- a/lib/nettle/mac.c
++++ b/lib/nettle/mac.c
+@@ -788,7 +788,9 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
+ 	if (ret < 0)
+ 		return gnutls_assert_val(ret);
+ 
+-	ctx.update(&ctx, text_size, text);
++	if (text_size > 0) {
++		ctx.update(&ctx, text_size, text);
++	}
+ 	ctx.digest(&ctx, ctx.length, digest);
+ 
+ 	return 0;
+-- 
+GitLab
+

gnutls.spec

@@ -1,6 +1,6 @@
 Name: gnutls
 Version: 3.7.2
-Release: 3
+Release: 4
 Summary: The GNU Secure Communication Protocol Library
 
 License: LGPLv2.1+ and GPLv3+
@@ -9,6 +9,8 @@ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
 Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
 
 Patch1: fix-ipv6-handshake-failed.patch
+Patch2: backport-CVE-2021-4209.patch
+
 
 %bcond_without dane
 %bcond_with guile
@@ -199,6 +201,9 @@ make check %{?_smp_mflags}
 %endif
 
 %changelog
+* Mon Aug 29 2022 yanglongkang <yanglongkang@h-partners.com> - 3.7.2-4
+- fix CVE-2021-4209
+
 * Tue Jun 14 2022 shangyibin <shangyibin1@h-partners.com> - 3.7.2-3
 - fix changelog