Backport fixes for CVE-2026-12413, CVE-2026-50721 and CVE-2026-50722
Resolves: RHEL-190146 Resolves: RHEL-190140 Resolves: RHEL-190132 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
parent
de32bfbd16
commit
459896cfac
25
libreswan-4.12-CVE-2026-12413.patch
Normal file
25
libreswan-4.12-CVE-2026-12413.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From b702e3bd21a86214d80305710ddebee8b806a9fd Mon Sep 17 00:00:00 2001
|
||||
From: Paul Wouters <paul.wouters@aiven.io>
|
||||
Date: Thu, 9 Jul 2026 14:49:51 +0900
|
||||
Subject: [PATCH 3/3] Fix for CVE-2026-12413
|
||||
|
||||
---
|
||||
programs/pluto/ikev2_message.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/programs/pluto/ikev2_message.c b/programs/pluto/ikev2_message.c
|
||||
index 84b289ca8f..a691346218 100644
|
||||
--- a/programs/pluto/ikev2_message.c
|
||||
+++ b/programs/pluto/ikev2_message.c
|
||||
@@ -1000,7 +1000,7 @@ struct msg_digest *reassemble_v2_incoming_fragments(struct v2_incoming_fragments
|
||||
passert(md->chain[ISAKMP_NEXT_v2SK] == NULL);
|
||||
passert(md->chain[ISAKMP_NEXT_v2SKF] != NULL);
|
||||
pexpect(md->chain[ISAKMP_NEXT_v2SKF]->payload.v2skf.isaskf_number == 1);
|
||||
- passert(md->digest_roof < elemsof(md->digest));
|
||||
+ passert(md->digest_roof <= elemsof(md->digest));
|
||||
|
||||
/*
|
||||
* Pass 1: Compute the total payload size.
|
||||
--
|
||||
2.54.0
|
||||
|
||||
83
libreswan-4.12-CVE-2026-50721.patch
Normal file
83
libreswan-4.12-CVE-2026-50721.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From c3d8386105c66636d7a47c0a3912389ff2fa0f7d Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Cagney <cagney@gnu.org>
|
||||
Date: Thu, 9 Jul 2026 14:46:10 +0900
|
||||
Subject: [PATCH 1/3] crypto: in RSA_authenticate_hash_signature_raw_rsa() use
|
||||
PK11_Verify()
|
||||
|
||||
---
|
||||
lib/libswan/pubkey_rsa.c | 52 ++++++----------------------------------
|
||||
1 file changed, 7 insertions(+), 45 deletions(-)
|
||||
|
||||
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
|
||||
index 38b44ab61d..d2f36cb3da 100644
|
||||
--- a/lib/libswan/pubkey_rsa.c
|
||||
+++ b/lib/libswan/pubkey_rsa.c
|
||||
@@ -402,58 +402,20 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_
|
||||
*expected_hash);
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Use the same space used by the out going hash.
|
||||
- */
|
||||
-
|
||||
- SECItem decrypted_signature = {
|
||||
- .type = siBuffer,
|
||||
- };
|
||||
-
|
||||
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
|
||||
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
|
||||
- return false;
|
||||
- }
|
||||
-
|
||||
/* NSS doesn't do const */
|
||||
- const SECItem encrypted_signature = {
|
||||
- .type = siBuffer,
|
||||
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
|
||||
- .len = signature.len,
|
||||
- };
|
||||
-
|
||||
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
|
||||
- lsw_nss_get_password_context(logger)) != SECSuccess) {
|
||||
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
|
||||
- dbg("NSS RSA verify: decrypting signature is failed");
|
||||
- *fatal_diag = NULL;
|
||||
- return false;
|
||||
- }
|
||||
|
||||
- if (DBGP(DBG_CRYPT)) {
|
||||
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
|
||||
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
|
||||
- jam_nss_secitem(buf, &decrypted_signature);
|
||||
- }
|
||||
- }
|
||||
+ const SECItem signature_secitem =
|
||||
+ same_shunk_as_secitem(signature, siBuffer);
|
||||
+ const SECItem expected_hash_secitem =
|
||||
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
|
||||
|
||||
- /*
|
||||
- * Expect the matching hash to appear at the end. See above
|
||||
- * for length check. It may, or may not, be prefixed by a
|
||||
- * PKCS#1 1.5 RSA ASN.1 blob.
|
||||
- */
|
||||
- passert(decrypted_signature.len >= expected_hash->len);
|
||||
- uint8_t *start = (decrypted_signature.data
|
||||
- + decrypted_signature.len
|
||||
- - expected_hash->len);
|
||||
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
|
||||
- dbg("RSA Signature NOT verified");
|
||||
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
|
||||
+ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem,
|
||||
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
|
||||
+ dbg("NSS RSA verify: decrypting signature is failed");
|
||||
*fatal_diag = NULL;
|
||||
return false;
|
||||
}
|
||||
|
||||
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
|
||||
*fatal_diag = NULL;
|
||||
return true;
|
||||
}
|
||||
--
|
||||
2.54.0
|
||||
|
||||
96
libreswan-4.12-CVE-2026-50722.patch
Normal file
96
libreswan-4.12-CVE-2026-50722.patch
Normal file
@ -0,0 +1,96 @@
|
||||
From 26382ee5fd03ab850c01ba96055636743bbe9c2f Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Cagney <cagney@gnu.org>
|
||||
Date: Thu, 9 Jul 2026 14:46:51 +0900
|
||||
Subject: [PATCH 2/3] crypto: in
|
||||
RSA_authenticate_hash_signature_pkcs1_1_5_rsa() use VFY_VerifyDigestDirect()
|
||||
|
||||
---
|
||||
lib/libswan/pubkey_rsa.c | 58 +++++++++-------------------------------
|
||||
1 file changed, 12 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
|
||||
index d2f36cb3da..0c5a1c91e3 100644
|
||||
--- a/lib/libswan/pubkey_rsa.c
|
||||
+++ b/lib/libswan/pubkey_rsa.c
|
||||
@@ -491,7 +491,7 @@ static struct hash_signature RSA_sign_hash_pkcs1_1_5_rsa(const struct secret_stu
|
||||
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
|
||||
shunk_t signature,
|
||||
struct pubkey *pubkey,
|
||||
- const struct hash_desc *unused_hash_algo UNUSED,
|
||||
+ const struct hash_desc *hash_alg,
|
||||
diag_t *fatal_diag,
|
||||
struct logger *logger)
|
||||
{
|
||||
@@ -509,58 +509,24 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
|
||||
*expected_hash);
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Use the same space used by the out going hash.
|
||||
- */
|
||||
-
|
||||
- SECItem decrypted_signature = {
|
||||
- .type = siBuffer,
|
||||
- };
|
||||
-
|
||||
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
|
||||
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
|
||||
- return false;
|
||||
- }
|
||||
+ SECItem hash_item =
|
||||
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
|
||||
|
||||
/* NSS doesn't do const */
|
||||
- const SECItem encrypted_signature = {
|
||||
- .type = siBuffer,
|
||||
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
|
||||
- .len = signature.len,
|
||||
- };
|
||||
-
|
||||
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
|
||||
- lsw_nss_get_password_context(logger)) != SECSuccess) {
|
||||
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
|
||||
- dbg("NSS RSA verify: decrypting signature is failed");
|
||||
- *fatal_diag = NULL;
|
||||
- return false;
|
||||
- }
|
||||
-
|
||||
- if (DBGP(DBG_CRYPT)) {
|
||||
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
|
||||
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
|
||||
- jam_nss_secitem(buf, &decrypted_signature);
|
||||
- }
|
||||
- }
|
||||
+ SECItem signature_item =
|
||||
+ same_shunk_as_secitem(signature, siBuffer);
|
||||
|
||||
- /*
|
||||
- * Expect the matching hash to appear at the end. See above
|
||||
- * for length check. It may, or may not, be prefixed by a
|
||||
- * PKCS#1 1.5 RSA ASN.1 blob.
|
||||
- */
|
||||
- passert(decrypted_signature.len >= expected_hash->len);
|
||||
- uint8_t *start = (decrypted_signature.data
|
||||
- + decrypted_signature.len
|
||||
- - expected_hash->len);
|
||||
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
|
||||
- dbg("RSA Signature NOT verified");
|
||||
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
|
||||
+ if (VFY_VerifyDigestDirect(&hash_item,
|
||||
+ seckey_public,
|
||||
+ &signature_item,
|
||||
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
|
||||
+ /*hash algorithm*/hash_alg->nss.oid_tag,
|
||||
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
|
||||
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
|
||||
*fatal_diag = NULL;
|
||||
return false;
|
||||
}
|
||||
|
||||
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
|
||||
*fatal_diag = NULL;
|
||||
return true;
|
||||
}
|
||||
--
|
||||
2.54.0
|
||||
|
||||
@ -37,7 +37,7 @@ Name: libreswan
|
||||
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
|
||||
# version is generated in the release script
|
||||
Version: 4.12
|
||||
Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.4
|
||||
Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.5
|
||||
License: GPLv2
|
||||
Url: https://libreswan.org/
|
||||
|
||||
@ -55,6 +55,9 @@ Patch6: libreswan-4.3-1934186-config.patch
|
||||
Patch7: libreswan-4.9-2176248-authby-rsasig.patch
|
||||
Patch8: libreswan-4.12-ikev2-auth-delete-state.patch
|
||||
Patch9: libreswan-4.12-ikev1-compute-keymat-default.patch
|
||||
Patch10: libreswan-4.12-CVE-2026-12413.patch
|
||||
Patch11: libreswan-4.12-CVE-2026-50721.patch
|
||||
Patch12: libreswan-4.12-CVE-2026-50722.patch
|
||||
|
||||
BuildRequires: audit-libs-devel
|
||||
BuildRequires: bison
|
||||
@ -116,6 +119,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
|
||||
# linking to freebl is not needed
|
||||
sed -i "s/-lfreebl //" mk/config.mk
|
||||
@ -219,6 +225,9 @@ certutil -N -d sql:$tmpdir --empty-password
|
||||
%attr(0644,root,root) %doc %{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Thu Jul 09 2026 Daiki Ueno <dueno@redhat.com> - 4.12-2.5
|
||||
- Backport fixes for CVE-2026-12413, CVE-2026-50721 and CVE-2026-50722 (RHEL-190146, RHEL-190140, RHEL-190132)
|
||||
|
||||
* Thu Jun 6 2024 Daiki Ueno <dueno@redhat.com> - 4.12-2.4
|
||||
- Fix CVE-2024-3652 (RHEL-32482)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user