Hi, I prepared a security upload for stable (attached debdiff). Should I upload it to stable-security(security-master)?
Thanks, Roland
diff -ruN temp/polarssl-0.12.1/debian/changelog polarssl-0.12.1/debian/changelog --- temp/polarssl-0.12.1/debian/changelog 2013-02-07 22:54:41.000000000 +0100 +++ polarssl-0.12.1/debian/changelog 2013-02-07 22:23:50.692035233 +0100 @@ -1,3 +1,11 @@ +polarssl (0.12.1-1squeeze1) stable-security; urgency=low + + * Security fix for CVE-2013-0169: Lucky 13 TLS protocol timing flaw + including CVE-2013-1621 and CVE-2013-1622, backported from upstream + diff from 1.2.4 to 1.2.5. (Closes: #699887) + + -- Roland Stigge <sti...@antcom.de> Thu, 07 Feb 2013 22:17:00 +0100 + polarssl (0.12.1-1) unstable; urgency=low * New upstream release. diff -ruN temp/polarssl-0.12.1/debian/control polarssl-0.12.1/debian/control --- temp/polarssl-0.12.1/debian/control 2013-02-07 22:54:41.000000000 +0100 +++ polarssl-0.12.1/debian/control 2013-02-07 22:45:29.536070015 +0100 @@ -1,7 +1,7 @@ Source: polarssl Section: libs Priority: optional -Maintainer: Arnaud Cornet <acor...@debian.org> +Maintainer: Roland Stigge <sti...@antcom.de> Standards-Version: 3.8.3 Build-Depends: debhelper (>= 7.0.50~), quilt Homepage: http://polarssl.org diff -ruN temp/polarssl-0.12.1/debian/patches/CVE-2013-0169.diff polarssl-0.12.1/debian/patches/CVE-2013-0169.diff --- temp/polarssl-0.12.1/debian/patches/CVE-2013-0169.diff 1970-01-01 01:00:00.000000000 +0100 +++ polarssl-0.12.1/debian/patches/CVE-2013-0169.diff 2013-02-07 22:15:39.388022077 +0100 @@ -0,0 +1,125 @@ +Description: Fix for CVE-2013-0169 + This patch fixes CVE-2013-0169: Lucky 13 TLS protocol timing flaw + This also refers to CVE-2013-1621 and CVE-2013-1622. It is a backport from + upstreams diff between versions 1.2.4 to 1.2.5, doing only minimal changes + addressing the CVE. +Author: Roland Stigge <sti...@antcom.de> +Bug-Debian: http://bugs.debian.org/699887 + +--- polarssl-0.12.1.orig/library/ssl_tls.c ++++ polarssl-0.12.1/library/ssl_tls.c +@@ -601,7 +601,7 @@ + + static int ssl_decrypt_buf( ssl_context *ssl ) + { +- int i, padlen; ++ int i, padlen = 0, correct = 1; + unsigned char tmp[20]; + + SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); +@@ -616,7 +616,6 @@ + if( ssl->ivlen == 0 ) + { + #if defined(POLARSSL_ARC4_C) +- padlen = 0; + arc4_crypt( (arc4_context *) ssl->ctx_dec, + ssl->in_msg, ssl->in_msglen ); + #else +@@ -625,6 +624,7 @@ + } + else + { ++ size_t minlen = 0, fake_padlen; + /* + * Decrypt and check the padding + */ +@@ -635,6 +635,17 @@ + return( POLARSSL_ERR_SSL_INVALID_MAC ); + } + ++ if( ssl->minor_ver >= SSL_MINOR_VERSION_2 ) ++ minlen += ssl->ivlen; ++ ++ if( ssl->in_msglen < minlen + ssl->ivlen || ++ ssl->in_msglen < minlen + ssl->maclen + 1 ) ++ { ++ SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )", ++ ssl->in_msglen, ssl->ivlen, ssl->maclen ) ); ++ return( POLARSSL_ERR_SSL_INVALID_MAC ); ++ } ++ + switch( ssl->ivlen ) + { + #if defined(POLARSSL_DES_C) +@@ -676,13 +687,20 @@ + + padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; + ++ fake_padlen = 256 - padlen; ++ ++ if( ssl->in_msglen < ssl->maclen + padlen ) ++ { ++ padlen = 0; ++ fake_padlen = 256; ++ correct = 0; ++ } ++ + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + if( padlen > ssl->ivlen ) + { +- SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " +- "should be no more than %d", +- padlen, ssl->ivlen ) ); ++ correct = 0; + padlen = 0; + } + } +@@ -695,12 +713,18 @@ + { + if( ssl->in_msg[ssl->in_msglen - i] != padlen - 1 ) + { +- SSL_DEBUG_MSG( 1, ( "bad padding byte: should be " +- "%02x, but is %02x", padlen - 1, +- ssl->in_msg[ssl->in_msglen - i] ) ); ++ correct = 0; ++ fake_padlen = 256 - i; + padlen = 0; + } + } ++ for( i = 1; i <= fake_padlen; i++ ) ++ { ++ if( ssl->in_msg[i + 1] != fake_padlen - 1 ) ++ minlen = 0; ++ else ++ minlen = 1; ++ } + } + } + +@@ -715,7 +739,7 @@ + ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 ); + ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen ); + +- memcpy( tmp, ssl->in_msg + ssl->in_msglen, 20 ); ++ memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->maclen ); + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { +@@ -748,14 +772,14 @@ + ssl->maclen ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); +- return( POLARSSL_ERR_SSL_INVALID_MAC ); ++ correct = 0; + } + + /* + * Finally check the padding length; bad padding + * will produce the same error as an invalid MAC. + */ +- if( ssl->ivlen != 0 && padlen == 0 ) ++ if( correct == 0 ) + return( POLARSSL_ERR_SSL_INVALID_MAC ); + + if( ssl->in_msglen == 0 ) diff -ruN temp/polarssl-0.12.1/debian/patches/series polarssl-0.12.1/debian/patches/series --- temp/polarssl-0.12.1/debian/patches/series 2013-02-07 22:54:41.000000000 +0100 +++ polarssl-0.12.1/debian/patches/series 2013-02-07 22:16:44.888023831 +0100 @@ -1,2 +1,3 @@ config.diff makefile-destdir-fix.diff +CVE-2013-0169.diff
