Version in base suite: 0.9.13-3+deb11u1

Base version: rhonabwy_0.9.13-3+deb11u1
Target version: rhonabwy_0.9.13-3+deb11u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/rhonabwy/rhonabwy_0.9.13-3+deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/r/rhonabwy/rhonabwy_0.9.13-3+deb11u2.dsc

 changelog            |    7 +++++++
 patches/aesgcm.patch |   32 ++++++++++++++++++++++++++++++++
 patches/series       |    1 +
 3 files changed, 40 insertions(+)

diff -Nru rhonabwy-0.9.13/debian/changelog rhonabwy-0.9.13/debian/changelog
--- rhonabwy-0.9.13/debian/changelog	2021-09-22 11:29:46.000000000 +0000
+++ rhonabwy-0.9.13/debian/changelog	2022-06-26 21:27:39.000000000 +0000
@@ -1,3 +1,10 @@
+rhonabwy (0.9.13-3+deb11u2) bullseye; urgency=medium
+
+  * d/patches/aesgcm.patch: Fix CVE-2022-32096
+      Fix aesgcm buffer overflow
+
+ -- Nicolas Mora <babelouest@debian.org>  Sun, 26 Jun 2022 17:27:39 -0400
+
 rhonabwy (0.9.13-3+deb11u1) bullseye; urgency=medium
 
   * d/patches/bugfixes: apply upstream bugfixes
diff -Nru rhonabwy-0.9.13/debian/patches/aesgcm.patch rhonabwy-0.9.13/debian/patches/aesgcm.patch
--- rhonabwy-0.9.13/debian/patches/aesgcm.patch	1970-01-01 00:00:00.000000000 +0000
+++ rhonabwy-0.9.13/debian/patches/aesgcm.patch	2022-06-26 21:27:39.000000000 +0000
@@ -0,0 +1,32 @@
+Description: Fix aesgcm buffer overflow
+Author: Nicolas Mora <babelouest@debian.org>
+Forwarded: not-needed
+--- a/src/jwe.c
++++ b/src/jwe.c
+@@ -226,14 +226,24 @@
+         ret = RHN_ERROR;
+         break;
+       }
++      if (!o_base64url_decode((const unsigned char *)r_jwe_get_header_str_value(jwe, "iv"), o_strlen(r_jwe_get_header_str_value(jwe, "iv")), NULL, &iv_len) || iv_len > 96) {
++        y_log_message(Y_LOG_LEVEL_ERROR, "r_jwe_aesgcm_key_unwrap - Invalid header iv");
++        ret = RHN_ERROR_INVALID;
++        break;
++      }
+       if (!o_base64url_decode((const unsigned char *)r_jwe_get_header_str_value(jwe, "iv"), o_strlen(r_jwe_get_header_str_value(jwe, "iv")), iv, &iv_len)) {
+         y_log_message(Y_LOG_LEVEL_ERROR, "r_jwe_aesgcm_key_unwrap - Error o_base64url_decode iv");
+-        ret = RHN_ERROR;
++        ret = RHN_ERROR_INVALID;
++        break;
++      }
++      if (!o_base64url_decode((const unsigned char *)jwe->encrypted_key_b64url, o_strlen((const char *)jwe->encrypted_key_b64url), NULL, &cipherkey_len) || cipherkey_len > 64) {
++        y_log_message(Y_LOG_LEVEL_ERROR, "r_jwe_aesgcm_key_unwrap - Invalid cipherkey");
++        ret = RHN_ERROR_INVALID;
+         break;
+       }
+       if (!o_base64url_decode((const unsigned char *)jwe->encrypted_key_b64url, o_strlen((const char *)jwe->encrypted_key_b64url), cipherkey, &cipherkey_len)) {
+         y_log_message(Y_LOG_LEVEL_ERROR, "r_jwe_aesgcm_key_unwrap - Error o_base64url_decode cipherkey");
+-        ret = RHN_ERROR;
++        ret = RHN_ERROR_INVALID;
+         break;
+       }
+       key_g.data = key;
diff -Nru rhonabwy-0.9.13/debian/patches/series rhonabwy-0.9.13/debian/patches/series
--- rhonabwy-0.9.13/debian/patches/series	2021-09-22 11:29:46.000000000 +0000
+++ rhonabwy-0.9.13/debian/patches/series	2022-06-26 21:27:39.000000000 +0000
@@ -1,3 +1,4 @@
 library_info.patch
 disable_test_rhonabwy_generate_key_pair.patch
 bugfixes.patch
+aesgcm.patch