diff --git a/libreswan-4.15-CVE-2026-12413.patch b/libreswan-4.15-CVE-2026-12413.patch new file mode 100644 index 0000000..479c1f6 --- /dev/null +++ b/libreswan-4.15-CVE-2026-12413.patch @@ -0,0 +1,13 @@ +diff --git a/programs/pluto/ikev2_message.c b/programs/pluto/ikev2_message.c +index 84b289ca8f..a691346218 100644 +--- a/programs/pluto/ikev2_message.c ++++ b/programs/pluto/ikev2_message.c +@@ -1000,7 +1000,7 @@ struct msg_digest *reassemble_v2_incoming_fragments(struct v2_incoming_fragments + passert(md->chain[ISAKMP_NEXT_v2SK] == NULL); + passert(md->chain[ISAKMP_NEXT_v2SKF] != NULL); + pexpect(md->chain[ISAKMP_NEXT_v2SKF]->payload.v2skf.isaskf_number == 1); +- passert(md->digest_roof < elemsof(md->digest)); ++ passert(md->digest_roof <= elemsof(md->digest)); + + /* + * Pass 1: Compute the total payload size. diff --git a/libreswan-4.15-CVE-2026-50721.patch b/libreswan-4.15-CVE-2026-50721.patch new file mode 100644 index 0000000..d8f318b --- /dev/null +++ b/libreswan-4.15-CVE-2026-50721.patch @@ -0,0 +1,70 @@ +diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c +index 38b44ab61d..d2f36cb3da 100644 +--- a/lib/libswan/pubkey_rsa.c ++++ b/lib/libswan/pubkey_rsa.c +@@ -402,58 +402,20 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_ + *expected_hash); + } + +- /* +- * Use the same space used by the out going hash. +- */ +- +- SECItem decrypted_signature = { +- .type = siBuffer, +- }; +- +- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) { +- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature"); +- return false; +- } +- + /* NSS doesn't do const */ +- const SECItem encrypted_signature = { +- .type = siBuffer, +- .data = DISCARD_CONST(unsigned char *, signature.ptr), +- .len = signature.len, +- }; +- +- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature, +- lsw_nss_get_password_context(logger)) != SECSuccess) { +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); +- dbg("NSS RSA verify: decrypting signature is failed"); +- *fatal_diag = NULL; +- return false; +- } + +- if (DBGP(DBG_CRYPT)) { +- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) { +- jam_string(buf, "NSS RSA verify: decrypted sig: "); +- jam_nss_secitem(buf, &decrypted_signature); +- } +- } ++ const SECItem signature_secitem = ++ same_shunk_as_secitem(signature, siBuffer); ++ const SECItem expected_hash_secitem = ++ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer); + +- /* +- * Expect the matching hash to appear at the end. See above +- * for length check. It may, or may not, be prefixed by a +- * PKCS#1 1.5 RSA ASN.1 blob. +- */ +- passert(decrypted_signature.len >= expected_hash->len); +- uint8_t *start = (decrypted_signature.data +- + decrypted_signature.len +- - expected_hash->len); +- if (!memeq(start, expected_hash->ptr, expected_hash->len)) { +- dbg("RSA Signature NOT verified"); +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); ++ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem, ++ lsw_nss_get_password_context(logger)) != SECSuccess) { ++ dbg("NSS RSA verify: decrypting signature is failed"); + *fatal_diag = NULL; + return false; + } + +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); + *fatal_diag = NULL; + return true; + } diff --git a/libreswan-4.15-CVE-2026-50722.patch b/libreswan-4.15-CVE-2026-50722.patch new file mode 100644 index 0000000..98c9aab --- /dev/null +++ b/libreswan-4.15-CVE-2026-50722.patch @@ -0,0 +1,83 @@ +diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c +index d2f36cb3da..0c5a1c91e3 100644 +--- a/lib/libswan/pubkey_rsa.c ++++ b/lib/libswan/pubkey_rsa.c +@@ -491,7 +491,7 @@ static struct hash_signature RSA_sign_hash_pkcs1_1_5_rsa(const struct secret_stu + static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash, + shunk_t signature, + struct pubkey *pubkey, +- const struct hash_desc *unused_hash_algo UNUSED, ++ const struct hash_desc *hash_alg, + diag_t *fatal_diag, + struct logger *logger) + { +@@ -509,58 +509,24 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp + *expected_hash); + } + +- /* +- * Use the same space used by the out going hash. +- */ +- +- SECItem decrypted_signature = { +- .type = siBuffer, +- }; +- +- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) { +- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature"); +- return false; +- } ++ SECItem hash_item = ++ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer); + + /* NSS doesn't do const */ +- const SECItem encrypted_signature = { +- .type = siBuffer, +- .data = DISCARD_CONST(unsigned char *, signature.ptr), +- .len = signature.len, +- }; +- +- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature, +- lsw_nss_get_password_context(logger)) != SECSuccess) { +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); +- dbg("NSS RSA verify: decrypting signature is failed"); +- *fatal_diag = NULL; +- return false; +- } +- +- if (DBGP(DBG_CRYPT)) { +- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) { +- jam_string(buf, "NSS RSA verify: decrypted sig: "); +- jam_nss_secitem(buf, &decrypted_signature); +- } +- } ++ SECItem signature_item = ++ same_shunk_as_secitem(signature, siBuffer); + +- /* +- * Expect the matching hash to appear at the end. See above +- * for length check. It may, or may not, be prefixed by a +- * PKCS#1 1.5 RSA ASN.1 blob. +- */ +- passert(decrypted_signature.len >= expected_hash->len); +- uint8_t *start = (decrypted_signature.data +- + decrypted_signature.len +- - expected_hash->len); +- if (!memeq(start, expected_hash->ptr, expected_hash->len)) { +- dbg("RSA Signature NOT verified"); +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); ++ if (VFY_VerifyDigestDirect(&hash_item, ++ seckey_public, ++ &signature_item, ++ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION, ++ /*hash algorithm*/hash_alg->nss.oid_tag, ++ lsw_nss_get_password_context(logger)) != SECSuccess) { ++ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed"); + *fatal_diag = NULL; + return false; + } + +- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); + *fatal_diag = NULL; + return true; + } diff --git a/libreswan.spec b/libreswan.spec index da09c43..c182ded 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -31,7 +31,7 @@ Name: libreswan Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec # version is generated in the release script Version: 4.15 -Release: %{?prever:0.}8%{?prever:.%{prever}}%{?dist} +Release: %{?prever:0.}9%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz @@ -45,6 +45,9 @@ Patch: libreswan-4.15-ondemand-tcp.patch Patch: libreswan-4.15-netlink-extack.patch Patch: libreswan-4.15-create-child-sa-race-condition.patch Patch: libreswan-4.15-rereadsecrets.patch +Patch: libreswan-4.15-CVE-2026-12413.patch +Patch: libreswan-4.15-CVE-2026-50721.patch +Patch: libreswan-4.15-CVE-2026-50722.patch BuildRequires: audit-libs-devel BuildRequires: bison @@ -200,6 +203,9 @@ certutil -N -d sql:$tmpdir --empty-password %doc %{_mandir}/*/* %changelog +* Thu Jul 02 2026 Daiki Ueno - 4.15-9 +- Backport fixes for CVE-2026-12413, CVE-2026-50721 and CVE-2026-50722 (RHEL-190120, RHEL-190125, RHEL-190155) + * Tue Jan 14 2025 Daiki Ueno - 4.15-8 - showhostkey: fix regression after RHEL-68047 (RHEL-70842)