aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-05-13 08:47:28 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-06-11 09:57:38 +0000
commit90425002c408b60bf68ded2924a337eb15487e47 (patch)
tree5ddb85c6e61419eecdb16fb9c3fc6ef8ccd765a9
parent2bcfd49fcc641f67438df3ea970bf14ba822cdf9 (diff)
downloadaports-90425002c408b60bf68ded2924a337eb15487e47.tar.bz2
aports-90425002c408b60bf68ded2924a337eb15487e47.tar.xz
main/libtasn1: security fix for CVE-2015-2806
fixes #4159
-rw-r--r--main/libtasn1/APKBUILD26
-rw-r--r--main/libtasn1/CVE-2015-2806.patch55
-rw-r--r--main/libtasn1/CVE-2015-3622.patch44
3 files changed, 119 insertions, 6 deletions
diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD
index 57a969fa7b..79e4d0afb9 100644
--- a/main/libtasn1/APKBUILD
+++ b/main/libtasn1/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libtasn1
pkgver=3.6
-pkgrel=0
+pkgrel=1
pkgdesc="The ASN.1 library used in GNUTLS"
url="http://www.gnu.org/software/gnutls/"
arch="all"
@@ -10,10 +10,21 @@ subpackages="$pkgname-dev $pkgname-doc"
depends=
makedepends="texinfo"
install=
-source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+ CVE-2015-2806.patch
+ "
_builddir="$srcdir"/$pkgname-$pkgver
-build() {
+prepare() {
+ cd "$_builddir"
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
+build() {
cd "$_builddir"
./configure --prefix=/usr || return 1
make || return 1
@@ -24,6 +35,9 @@ package() {
make DESTDIR="$pkgdir" install || return 1
rm "$pkgdir"/usr/lib/*.la || return 1
}
-md5sums="6ed38e161e11013054f2a2bb4c4da449 libtasn1-3.6.tar.gz"
-sha256sums="19e34766a38abc74cec1863cc30c8a4e13f763310ecaf7a5e861ba1d143ea430 libtasn1-3.6.tar.gz"
-sha512sums="c682cd7502c687e3a304216366fdbb9de62052cb5f3394bbe1172ccb5eae8fd00bbf7282ad642c58a6be5f1ad224353a4a3f7d9a6bad14ab7016d530883a5d9e libtasn1-3.6.tar.gz"
+md5sums="6ed38e161e11013054f2a2bb4c4da449 libtasn1-3.6.tar.gz
+4a0e850f458a1ae1a94f419e47e2390b CVE-2015-2806.patch"
+sha256sums="19e34766a38abc74cec1863cc30c8a4e13f763310ecaf7a5e861ba1d143ea430 libtasn1-3.6.tar.gz
+203076736bcac3e31bc0f6e2c6b16db28d0e66e9e734656d27d2ee938443f4c2 CVE-2015-2806.patch"
+sha512sums="c682cd7502c687e3a304216366fdbb9de62052cb5f3394bbe1172ccb5eae8fd00bbf7282ad642c58a6be5f1ad224353a4a3f7d9a6bad14ab7016d530883a5d9e libtasn1-3.6.tar.gz
+7107e5a25208118994f508731f0d219734dc1f61d3ae991d6bacdcacf5759dbecf21b10e2ff49b7dc9f22af405fcd7480feeb93cc5d2854ff9311497431ca9f8 CVE-2015-2806.patch"
diff --git a/main/libtasn1/CVE-2015-2806.patch b/main/libtasn1/CVE-2015-2806.patch
new file mode 100644
index 0000000000..43ba6e4b89
--- /dev/null
+++ b/main/libtasn1/CVE-2015-2806.patch
@@ -0,0 +1,55 @@
+From 4d4f992826a4962790ecd0cce6fbba4a415ce149 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Thu, 26 Mar 2015 18:34:57 +0100
+Subject: [PATCH] increased size of LTOSTR_MAX_SIZE to account for sign and null byte
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This address an overflow found by Hanno Böck in DER decoding.
+---
+ lib/parser_aux.c | 4 ++--
+ lib/parser_aux.h | 5 +++--
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index d3e9009..da9a388 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void)
+
+
+ char *
+-_asn1_ltostr (long v, char *str)
++_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
+ {
+ long d, r;
+ char temp[LTOSTR_MAX_SIZE];
+@@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str)
+ count++;
+ v = d;
+ }
+- while (v);
++ while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
+
+ for (k = 0; k < count; k++)
+ str[k + start] = temp[start + count - k - 1];
+diff --git a/lib/parser_aux.h b/lib/parser_aux.h
+index 55d9061..437f1c8 100644
+--- a/lib/parser_aux.h
++++ b/lib/parser_aux.h
+@@ -52,8 +52,9 @@ void _asn1_delete_list (void);
+
+ void _asn1_delete_list_and_nodes (void);
+
+-#define LTOSTR_MAX_SIZE 20
+-char *_asn1_ltostr (long v, char *str);
++/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
++#define LTOSTR_MAX_SIZE 22
++char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
+
+ asn1_node _asn1_find_up (asn1_node node);
+
+--
+1.7.2.5
+
diff --git a/main/libtasn1/CVE-2015-3622.patch b/main/libtasn1/CVE-2015-3622.patch
new file mode 100644
index 0000000000..b14b042983
--- /dev/null
+++ b/main/libtasn1/CVE-2015-3622.patch
@@ -0,0 +1,44 @@
+From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Apr 2015 14:56:27 +0200
+Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Reported by Hanno Böck.
+---
+ lib/decoding.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 7fbd931..42ddc6b 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+ return ASN1_DER_ERROR;
+
+ counter = len3 + 1;
++ DECR_LEN(der_len, len3);
+
+ if (len2 == -1)
+ counter_end = der_len - 2;
+@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+
+ while (counter < counter_end)
+ {
++ DECR_LEN(der_len, 1);
+ len2 = asn1_get_length_der (der + counter, der_len, &len3);
+
+ if (IS_ERR(len2, flags))
+@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+ len2 = 0;
+ }
+
+- DECR_LEN(der_len, 1);
+ counter += len2 + len3 + 1;
+ }
+
+--
+1.7.2.5
+