From 3e8a07b90185b391ec6002fb8d27175a5d90423b Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Fri, 5 Feb 2016 08:37:29 -0800 Subject: nettle: Security fix CVE-2015-8803 and CVE-2015-8805 (From OE-Core rev: f62eb452244c3124cc88ef01c14116dac43f377a) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../nettle/nettle-3.1.1/CVE-2015-8803_8805.patch | 71 ++++++++++++++++++++++ meta/recipes-support/nettle/nettle_3.1.1.bb | 4 ++ 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch (limited to 'meta') diff --git a/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch new file mode 100644 index 0000000000..b4ff228f6c --- /dev/null +++ b/meta/recipes-support/nettle/nettle-3.1.1/CVE-2015-8803_8805.patch @@ -0,0 +1,71 @@ +Upstream-Status: Backport +https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d + +CVE: CVE-2015-8803 +CVE: CVE-2015-8805 + +Same fix for both. + +Signed-off-by: Armin Kuster + +Index: nettle-3.1.1/ecc-256.c +=================================================================== +--- nettle-3.1.1.orig/ecc-256.c ++++ nettle-3.1.1/ecc-256.c +@@ -113,8 +113,19 @@ ecc_256_modp (const struct ecc_modulo *p + + assert (q2 < 2); + +- /* We multiply by two low limbs of p, 2^96 - 1, so we could use +- shifts rather than mul. */ ++ /* ++ n-1 n-2 n-3 n-4 ++ +---+---+---+---+ ++ | u1| u0| u low | ++ +---+---+---+---+ ++ - | q1(2^96-1)| ++ +-------+---+ ++ |q2(2^.)| ++ +-------+ ++ ++ We multiply by two low limbs of p, 2^96 - 1, so we could use ++ shifts rather than mul. ++ */ + t = mpn_submul_1 (rp + n - 4, p->m, 2, q1); + t += cnd_sub_n (q2, rp + n - 3, p->m, 1); + t += (-q2) & 0xffffffff; +@@ -124,7 +135,10 @@ ecc_256_modp (const struct ecc_modulo *p + u0 -= t; + t = (u1 < cy); + u1 -= cy; +- u1 += cnd_add_n (t, rp + n - 4, p->m, 3); ++ ++ cy = cnd_add_n (t, rp + n - 4, p->m, 2); ++ u0 += cy; ++ u1 += (u0 < cy); + u1 -= (-t) & 0xffffffff; + } + rp[2] = u0; +@@ -211,7 +225,7 @@ ecc_256_modq (const struct ecc_modulo *q + + /* Conditional add of p */ + u1 += t; +- u2 += (t<<32) + (u0 < t); ++ u2 += (t<<32) + (u1 < t); + + t = cnd_add_n (t, rp + n - 4, q->m, 2); + u1 += t; +Index: nettle-3.1.1/ChangeLog +=================================================================== +--- nettle-3.1.1.orig/ChangeLog ++++ nettle-3.1.1/ChangeLog +@@ -1,3 +1,9 @@ ++2015-12-10 Niels Möller ++ ++ * ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem ++ reported by Hanno Böck. ++ (ecc_256_modq): Fixed another carry propagation bug. ++ + 2015-04-24 Niels Möller + + * Released nettle-3.1.1. diff --git a/meta/recipes-support/nettle/nettle_3.1.1.bb b/meta/recipes-support/nettle/nettle_3.1.1.bb index 7d7134f192..1fe34615ca 100644 --- a/meta/recipes-support/nettle/nettle_3.1.1.bb +++ b/meta/recipes-support/nettle/nettle_3.1.1.bb @@ -7,5 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \ file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e" +SRC_URI += "\ + file://CVE-2015-8803_8805.patch \ + " + SRC_URI[md5sum] = "b40fa88dc32f37a182b6b42092ebb144" SRC_URI[sha256sum] = "5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c" -- cgit v1.2.3-54-g00ecf