diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-03 13:24:12 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-03 13:24:12 +0000 |
commit | 56b56805061238eca7df74b22c4d0fb0b9aaaddd (patch) | |
tree | fa2afbaa8a0209dc3835d2484a09010775257fe8 | |
parent | 18be40b9db97ffee09f5859362538cd483249256 (diff) | |
download | aports-56b56805061238eca7df74b22c4d0fb0b9aaaddd.tar.bz2 aports-56b56805061238eca7df74b22c4d0fb0b9aaaddd.tar.xz |
main/gnutls: fix CVE-2013-2116
fixes #2030
-rw-r--r-- | main/gnutls/APKBUILD | 6 | ||||
-rw-r--r-- | main/gnutls/CVE-2013-2116.patch | 25 |
2 files changed, 29 insertions, 2 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index 9bbcddee39..be2c338f93 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gnutls pkgver=2.12.7 -pkgrel=2 +pkgrel=3 pkgdesc="A TLS protocol implementation" url="http://www.gnu.org/software/gnutls/" arch="all" @@ -15,6 +15,7 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-utils" source="http://ftp.gnu.org/pub/gnu/gnutls/$pkgname-$pkgver.tar.bz2 cve-2012-1573.patch CVE-2013-1619.patch + CVE-2013-2116.patch " prepare() { @@ -54,4 +55,5 @@ utils() { } md5sums="4b48aa3119f549d30d550bf4162c721b gnutls-2.12.7.tar.bz2 d0e686da958069dec743c8daca7dc17a cve-2012-1573.patch -0e404c8e8117f4384ec04ed139decd8b CVE-2013-1619.patch" +0e404c8e8117f4384ec04ed139decd8b CVE-2013-1619.patch +a0546d6e32372492a982b4365ccffa21 CVE-2013-2116.patch" diff --git a/main/gnutls/CVE-2013-2116.patch b/main/gnutls/CVE-2013-2116.patch new file mode 100644 index 0000000000..2223e708a6 --- /dev/null +++ b/main/gnutls/CVE-2013-2116.patch @@ -0,0 +1,25 @@ +From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 23 May 2013 09:54:37 +0200 +Subject: [PATCH] re-applied sanity check patch + +--- + lib/gnutls_cipher.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c +index 2835121..71f5a98 100644 +--- a/lib/gnutls_cipher.c ++++ b/lib/gnutls_cipher.c +@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, + return GNUTLS_E_DECRYPTION_FAILED; + } + pad = ciphertext.data[ciphertext.size - 1]; /* pad */ ++ if (pad+1 > ciphertext.size-hash_size) ++ pad_failed = GNUTLS_E_DECRYPTION_FAILED; + + /* Check the pading bytes (TLS 1.x). + * Note that we access all 256 bytes of ciphertext for padding check +-- +1.7.1 + |