Hi,
I prepared a security upload for stable (attached debdiff). Should I
upload it to stable-security(security-master)?
Thanks,
Roland
diff -ruN temp/polarssl-0.12.1/debian/changelog polarssl-0.12.1/debian/changelog
--- temp/polarssl-0.12.1/debian/changelog 2013-02-07 22:54:41.0
+0100
+++ polarssl-0.12.1/debian/changelog2013-02-07 22:23:50.692035233 +0100
@@ -1,3 +1,11 @@
+polarssl (0.12.1-1squeeze1) stable-security; urgency=low
+
+ * Security fix for CVE-2013-0169: Lucky 13 TLS protocol timing flaw
+including CVE-2013-1621 and CVE-2013-1622, backported from upstream
+diff from 1.2.4 to 1.2.5. (Closes: #699887)
+
+ -- Roland Stigge sti...@antcom.de Thu, 07 Feb 2013 22:17:00 +0100
+
polarssl (0.12.1-1) unstable; urgency=low
* New upstream release.
diff -ruN temp/polarssl-0.12.1/debian/control polarssl-0.12.1/debian/control
--- temp/polarssl-0.12.1/debian/control 2013-02-07 22:54:41.0 +0100
+++ polarssl-0.12.1/debian/control 2013-02-07 22:45:29.536070015 +0100
@@ -1,7 +1,7 @@
Source: polarssl
Section: libs
Priority: optional
-Maintainer: Arnaud Cornet acor...@debian.org
+Maintainer: Roland Stigge sti...@antcom.de
Standards-Version: 3.8.3
Build-Depends: debhelper (= 7.0.50~), quilt
Homepage: http://polarssl.org
diff -ruN temp/polarssl-0.12.1/debian/patches/CVE-2013-0169.diff
polarssl-0.12.1/debian/patches/CVE-2013-0169.diff
--- temp/polarssl-0.12.1/debian/patches/CVE-2013-0169.diff 1970-01-01
01:00:00.0 +0100
+++ polarssl-0.12.1/debian/patches/CVE-2013-0169.diff 2013-02-07
22:15:39.388022077 +0100
@@ -0,0 +1,125 @@
+Description: Fix for CVE-2013-0169
+ This patch fixes CVE-2013-0169: Lucky 13 TLS protocol timing flaw
+ This also refers to CVE-2013-1621 and CVE-2013-1622. It is a backport from
+ upstreams diff between versions 1.2.4 to 1.2.5, doing only minimal changes
+ addressing the CVE.
+Author: Roland Stigge sti...@antcom.de
+Bug-Debian: http://bugs.debian.org/699887
+
+--- polarssl-0.12.1.orig/library/ssl_tls.c
polarssl-0.12.1/library/ssl_tls.c
+@@ -601,7 +601,7 @@
+
+ static int ssl_decrypt_buf( ssl_context *ssl )
+ {
+-int i, padlen;
++int i, padlen = 0, correct = 1;
+ unsigned char tmp[20];
+
+ SSL_DEBUG_MSG( 2, ( = decrypt buf ) );
+@@ -616,7 +616,6 @@
+ if( ssl-ivlen == 0 )
+ {
+ #if defined(POLARSSL_ARC4_C)
+-padlen = 0;
+ arc4_crypt( (arc4_context *) ssl-ctx_dec,
+ ssl-in_msg, ssl-in_msglen );
+ #else
+@@ -625,6 +624,7 @@
+ }
+ else
+ {
++size_t minlen = 0, fake_padlen;
+ /*
+ * Decrypt and check the padding
+ */
+@@ -635,6 +635,17 @@
+ return( POLARSSL_ERR_SSL_INVALID_MAC );
+ }
+
++if( ssl-minor_ver = SSL_MINOR_VERSION_2 )
++minlen += ssl-ivlen;
++
++if( ssl-in_msglen minlen + ssl-ivlen ||
++ssl-in_msglen minlen + ssl-maclen + 1 )
++{
++SSL_DEBUG_MSG( 1, ( msglen (%d) max( ivlen(%d), maclen (%d) +
1 ) ( + expl IV ),
++ ssl-in_msglen, ssl-ivlen, ssl-maclen ) );
++return( POLARSSL_ERR_SSL_INVALID_MAC );
++}
++
+ switch( ssl-ivlen )
+ {
+ #if defined(POLARSSL_DES_C)
+@@ -676,13 +687,20 @@
+
+ padlen = 1 + ssl-in_msg[ssl-in_msglen - 1];
+
++fake_padlen = 256 - padlen;
++
++if( ssl-in_msglen ssl-maclen + padlen )
++{
++padlen = 0;
++fake_padlen = 256;
++correct = 0;
++}
++
+ if( ssl-minor_ver == SSL_MINOR_VERSION_0 )
+ {
+ if( padlen ssl-ivlen )
+ {
+-SSL_DEBUG_MSG( 1, ( bad padding length: is %d,
+-should be no more than %d,
+- padlen, ssl-ivlen ) );
++correct = 0;
+ padlen = 0;
+ }
+ }
+@@ -695,12 +713,18 @@
+ {
+ if( ssl-in_msg[ssl-in_msglen - i] != padlen - 1 )
+ {
+-SSL_DEBUG_MSG( 1, ( bad padding byte: should be
+-%02x, but is %02x, padlen - 1,
+- ssl-in_msg[ssl-in_msglen - i] ) );
++correct = 0;
++fake_padlen = 256 - i;
+ padlen = 0;
+ }
+ }
++for( i = 1; i = fake_padlen; i++ )
++{
++if( ssl-in_msg[i + 1] != fake_padlen - 1 )
++minlen = 0;
++else
++minlen = 1;
++}
+ }
+ }
+
+@@ -715,7 +739,7 @@
+ ssl-in_hdr[3] = (unsigned char)( ssl-in_msglen 8 );
+ ssl-in_hdr[4] = (unsigned char)( ssl-in_msglen );
+
+-memcpy( tmp, ssl-in_msg + ssl-in_msglen, 20 );
++memcpy( tmp, ssl-in_msg + ssl-in_msglen, ssl-maclen );
+
+ if( ssl-minor_ver ==
