diff --git a/libreswan-4.12-CVE-2026-12413.patch b/libreswan-4.12-CVE-2026-12413.patch new file mode 100644 index 0000000..05320fc --- /dev/null +++ b/libreswan-4.12-CVE-2026-12413.patch @@ -0,0 +1,25 @@ +From b702e3bd21a86214d80305710ddebee8b806a9fd Mon Sep 17 00:00:00 2001 +From: Paul Wouters +Date: Thu, 9 Jul 2026 14:49:51 +0900 +Subject: [PATCH 3/3] Fix for CVE-2026-12413 + +--- + programs/pluto/ikev2_message.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/programs/pluto/ikev2_message.c b/programs/pluto/ikev2_message.c +index 84b289ca8f..a691346218 100644 +--- a/programs/pluto/ikev2_message.c ++++ b/programs/pluto/ikev2_message.c +@@ -1000,7 +1000,7 @@ struct msg_digest *reassemble_v2_incoming_fragments(struct v2_incoming_fragments + passert(md->chain[ISAKMP_NEXT_v2SK] == NULL); + passert(md->chain[ISAKMP_NEXT_v2SKF] != NULL); + pexpect(md->chain[ISAKMP_NEXT_v2SKF]->payload.v2skf.isaskf_number == 1); +- passert(md->digest_roof < elemsof(md->digest)); ++ passert(md->digest_roof <= elemsof(md->digest)); + + /* + * Pass 1: Compute the total payload size. +-- +2.54.0 + diff --git a/libreswan-4.12-CVE-2026-50721.patch b/libreswan-4.12-CVE-2026-50721.patch new file mode 100644 index 0000000..b81e5d2 --- /dev/null +++ b/libreswan-4.12-CVE-2026-50721.patch @@ -0,0 +1,83 @@ +From c3d8386105c66636d7a47c0a3912389ff2fa0f7d Mon Sep 17 00:00:00 2001 +From: Andrew Cagney +Date: Thu, 9 Jul 2026 14:46:10 +0900 +Subject: [PATCH 1/3] crypto: in RSA_authenticate_hash_signature_raw_rsa() use + PK11_Verify() + +--- + lib/libswan/pubkey_rsa.c | 52 ++++++---------------------------------- + 1 file changed, 7 insertions(+), 45 deletions(-) + +diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c +index 38b44ab61d..d2f36cb3da 100644 +--- a/lib/libswan/pubkey_rsa.c ++++ b/lib/libswan/pubkey_rsa.c +@@ -402,58 +402,20 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_ + *expected_hash); + } + +- /* +- * Use the same space used by the out going hash. +- */ +- +- SECItem decrypted_signature = { +- .type = siBuffer, +- }; +- +- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) { +- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature"); +- return false; +- } +- + /* NSS doesn't do const */ +- const SECItem encrypted_signature = { +- .type = siBuffer, +- .data = DISCARD_CONST(unsigned char *, signature.ptr), +- .len = signature.len, +- }; +- +- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature, +- lsw_nss_get_password_context(logger)) != SECSuccess) { +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); +- dbg("NSS RSA verify: decrypting signature is failed"); +- *fatal_diag = NULL; +- return false; +- } + +- if (DBGP(DBG_CRYPT)) { +- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) { +- jam_string(buf, "NSS RSA verify: decrypted sig: "); +- jam_nss_secitem(buf, &decrypted_signature); +- } +- } ++ const SECItem signature_secitem = ++ same_shunk_as_secitem(signature, siBuffer); ++ const SECItem expected_hash_secitem = ++ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer); + +- /* +- * Expect the matching hash to appear at the end. See above +- * for length check. It may, or may not, be prefixed by a +- * PKCS#1 1.5 RSA ASN.1 blob. +- */ +- passert(decrypted_signature.len >= expected_hash->len); +- uint8_t *start = (decrypted_signature.data +- + decrypted_signature.len +- - expected_hash->len); +- if (!memeq(start, expected_hash->ptr, expected_hash->len)) { +- dbg("RSA Signature NOT verified"); +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); ++ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem, ++ lsw_nss_get_password_context(logger)) != SECSuccess) { ++ dbg("NSS RSA verify: decrypting signature is failed"); + *fatal_diag = NULL; + return false; + } + +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); + *fatal_diag = NULL; + return true; + } +-- +2.54.0 + diff --git a/libreswan-4.12-CVE-2026-50722.patch b/libreswan-4.12-CVE-2026-50722.patch new file mode 100644 index 0000000..529bb78 --- /dev/null +++ b/libreswan-4.12-CVE-2026-50722.patch @@ -0,0 +1,96 @@ +From 26382ee5fd03ab850c01ba96055636743bbe9c2f Mon Sep 17 00:00:00 2001 +From: Andrew Cagney +Date: Thu, 9 Jul 2026 14:46:51 +0900 +Subject: [PATCH 2/3] crypto: in + RSA_authenticate_hash_signature_pkcs1_1_5_rsa() use VFY_VerifyDigestDirect() + +--- + lib/libswan/pubkey_rsa.c | 58 +++++++++------------------------------- + 1 file changed, 12 insertions(+), 46 deletions(-) + +diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c +index d2f36cb3da..0c5a1c91e3 100644 +--- a/lib/libswan/pubkey_rsa.c ++++ b/lib/libswan/pubkey_rsa.c +@@ -491,7 +491,7 @@ static struct hash_signature RSA_sign_hash_pkcs1_1_5_rsa(const struct secret_stu + static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash, + shunk_t signature, + struct pubkey *pubkey, +- const struct hash_desc *unused_hash_algo UNUSED, ++ const struct hash_desc *hash_alg, + diag_t *fatal_diag, + struct logger *logger) + { +@@ -509,58 +509,24 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp + *expected_hash); + } + +- /* +- * Use the same space used by the out going hash. +- */ +- +- SECItem decrypted_signature = { +- .type = siBuffer, +- }; +- +- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) { +- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature"); +- return false; +- } ++ SECItem hash_item = ++ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer); + + /* NSS doesn't do const */ +- const SECItem encrypted_signature = { +- .type = siBuffer, +- .data = DISCARD_CONST(unsigned char *, signature.ptr), +- .len = signature.len, +- }; +- +- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature, +- lsw_nss_get_password_context(logger)) != SECSuccess) { +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); +- dbg("NSS RSA verify: decrypting signature is failed"); +- *fatal_diag = NULL; +- return false; +- } +- +- if (DBGP(DBG_CRYPT)) { +- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) { +- jam_string(buf, "NSS RSA verify: decrypted sig: "); +- jam_nss_secitem(buf, &decrypted_signature); +- } +- } ++ SECItem signature_item = ++ same_shunk_as_secitem(signature, siBuffer); + +- /* +- * Expect the matching hash to appear at the end. See above +- * for length check. It may, or may not, be prefixed by a +- * PKCS#1 1.5 RSA ASN.1 blob. +- */ +- passert(decrypted_signature.len >= expected_hash->len); +- uint8_t *start = (decrypted_signature.data +- + decrypted_signature.len +- - expected_hash->len); +- if (!memeq(start, expected_hash->ptr, expected_hash->len)) { +- dbg("RSA Signature NOT verified"); +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); ++ if (VFY_VerifyDigestDirect(&hash_item, ++ seckey_public, ++ &signature_item, ++ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION, ++ /*hash algorithm*/hash_alg->nss.oid_tag, ++ lsw_nss_get_password_context(logger)) != SECSuccess) { ++ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed"); + *fatal_diag = NULL; + return false; + } + +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); + *fatal_diag = NULL; + return true; + } +-- +2.54.0 + diff --git a/libreswan.spec b/libreswan.spec index d0ff40a..6c29132 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -37,7 +37,7 @@ Name: libreswan Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols # version is generated in the release script Version: 4.12 -Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.4 +Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}.5 License: GPLv2 Url: https://libreswan.org/ @@ -55,6 +55,9 @@ Patch6: libreswan-4.3-1934186-config.patch Patch7: libreswan-4.9-2176248-authby-rsasig.patch Patch8: libreswan-4.12-ikev2-auth-delete-state.patch Patch9: libreswan-4.12-ikev1-compute-keymat-default.patch +Patch10: libreswan-4.12-CVE-2026-12413.patch +Patch11: libreswan-4.12-CVE-2026-50721.patch +Patch12: libreswan-4.12-CVE-2026-50722.patch BuildRequires: audit-libs-devel BuildRequires: bison @@ -116,6 +119,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 # linking to freebl is not needed sed -i "s/-lfreebl //" mk/config.mk @@ -219,6 +225,9 @@ certutil -N -d sql:$tmpdir --empty-password %attr(0644,root,root) %doc %{_mandir}/*/* %changelog +* Thu Jul 09 2026 Daiki Ueno - 4.12-2.5 +- Backport fixes for CVE-2026-12413, CVE-2026-50721 and CVE-2026-50722 (RHEL-190146, RHEL-190140, RHEL-190132) + * Thu Jun 6 2024 Daiki Ueno - 4.12-2.4 - Fix CVE-2024-3652 (RHEL-32482)