mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 20:36:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/libtasn1: security upgrade to 4.14

Browse Source 
- CVE-2018-1000654

Fixes #10518
This commit is contained in:
Leo 2019-07-23 17:50:39 -03:00 committed by Natanael Copa
parent 86d8165dab
commit 69f938f425
2 changed files with 8 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
main/libtasn1/APKBUILD
View File

@ -1,23 +1,24 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libtasn1
pkgver=4.13
pkgver=4.14
pkgrel=0
pkgdesc="The ASN.1 library used in GNUTLS"
url="https://www.gnu.org/software/gnutls/"
arch="all"
license="GPL-3.0 LGPL"
makedepends="texinfo"
checkdepends="diffutils"
subpackages="$pkgname-dev $pkgname-doc"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
"
builddir="$srcdir/$pkgname-$pkgver"
source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
# secfixes:
# 4.14-r0:
# - CVE-2018-1000654
# 4.13-r0:
# - CVE-2018-6003
# - CVE-2018-6003
# 4.12-r1:
# - CVE-2017-10790
# - CVE-2017-10790
build() {
cd "$builddir"
@ -40,4 +41,4 @@ package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
}
sha512sums="bf5b60a296795e0a8a4a658c0106492393aa7ce698e785256b3427c17215c2a5b6178a61a2043c93ea4334f754eabece20221ac8fef0fd5644086a3891d98a9f libtasn1-4.13.tar.gz"
sha512sums="efdcf3729e9e057cafbfdc9929f08531de03cf3b64e7db62cb53c26bf34c8db4d73786fd853620ab1a10dbafe55e119ad17bfeb40e191071945c7b4db9c9e223 libtasn1-4.14.tar.gz"

55
main/libtasn1/CVE-2017-10790.patch
View File

@ -1,55 +0,0 @@
From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 22 Jun 2017 16:31:37 +0200
Subject: [PATCH] _asn1_check_identifier: safer access to values read
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
lib/parser_aux.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index 976ab38..786ea64 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
if (p2 == NULL)
{
if (p->value)
- _asn1_strcpy (_asn1_identifierMissing, p->value);
+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
else
_asn1_strcpy (_asn1_identifierMissing, "(null)");
return ASN1_IDENTIFIER_NOT_FOUND;
@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
{
_asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- _asn1_strcpy (_asn1_identifierMissing, p2->value);
+ if (p2->value)
+ {
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+ }
+ else
+ _asn1_strcpy (_asn1_identifierMissing, "(null)");
+
p2 = asn1_find_node (node, name2);
if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
!(p2->type & CONST_ASSIGN))
@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
_asn1_str_cpy (name2, sizeof (name2), node->name);
_asn1_str_cat (name2, sizeof (name2), ".");
_asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- _asn1_strcpy (_asn1_identifierMissing, p2->value);
+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+
p2 = asn1_find_node (node, name2);
if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
|| !(p2->type & CONST_ASSIGN))
--
1.9.1