Backport the fix for CVE-2024-12243

Resolves: RHEL-78580
2025-02-12 16:52:04 +01:00 · 2025-02-12 16:52:04 +01:00 · b38757470b
commit b38757470b
parent b54e951cdf
2 changed files with 1153 additions and 1 deletions
--- a/gnutls-3.8.9-CVE-2024-12243.patch
+++ b/gnutls-3.8.9-CVE-2024-12243.patch
--- a/gnutls.spec
+++ b/gnutls.spec
@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16))
 }

 Version: 3.8.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 # not upstreamed
 Patch: gnutls-3.2.7-rpath.patch
 Patch: gnutls-3.7.2-enable-intel-cet.patch
@ -29,6 +29,7 @@ Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
 Patch: gnutls-3.8.3-ktls-utsname.patch
 Patch: gnutls-3.8.3-deterministic-ecdsa-fixes.patch
 Patch: gnutls-3.8.3-verify-chain.patch
+Patch: gnutls-3.8.9-CVE-2024-12243.patch

 %bcond_without bootstrap
 %bcond_without dane
@ -415,6 +416,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null XFAIL_TESTS="$x
 %endif

 %changelog
+* Wed Feb 12 2025 Alexander Sosedkin <asosedki@redhat.com> - 3.8.3-5
+- Backport the fix for CVE-2024-12243 (RHEL-78580)
+
 * Fri Apr  5 2024 Daiki Ueno <dueno@redhat.com> - 3.8.3-4
 - Bump release to ensure el9 package is greater than el9_* packages