From b2bb01e5559952d7c2535629e34c5a46a8c2b4ff Mon Sep 17 00:00:00 2001 From: Leo Date: Tue, 23 Jul 2019 17:50:39 -0300 Subject: main/libtasn1: security upgrade to 4.14 - CVE-2018-1000654 Fixes #10519 --- main/libtasn1/APKBUILD | 15 ++++++----- main/libtasn1/CVE-2017-10790.patch | 55 -------------------------------------- 2 files changed, 8 insertions(+), 62 deletions(-) delete mode 100644 main/libtasn1/CVE-2017-10790.patch (limited to 'main/libtasn1') diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD index 7ce580d08f..315cd9f69f 100644 --- a/main/libtasn1/APKBUILD +++ b/main/libtasn1/APKBUILD @@ -1,23 +1,24 @@ # Contributor: Sören Tempel # Maintainer: Natanael Copa pkgname=libtasn1 -pkgver=4.13 +pkgver=4.14 pkgrel=0 pkgdesc="The ASN.1 library used in GNUTLS" url="https://www.gnu.org/software/gnutls/" arch="all" license="GPL-3.0 LGPL" makedepends="texinfo" +checkdepends="diffutils" subpackages="$pkgname-dev $pkgname-doc" -source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz - " -builddir="$srcdir/$pkgname-$pkgver" +source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" # secfixes: +# 4.14-r0: +# - CVE-2018-1000654 # 4.13-r0: -# - CVE-2018-6003 +# - CVE-2018-6003 # 4.12-r1: -# - CVE-2017-10790 +# - CVE-2017-10790 build() { cd "$builddir" @@ -40,4 +41,4 @@ package() { cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="bf5b60a296795e0a8a4a658c0106492393aa7ce698e785256b3427c17215c2a5b6178a61a2043c93ea4334f754eabece20221ac8fef0fd5644086a3891d98a9f libtasn1-4.13.tar.gz" +sha512sums="efdcf3729e9e057cafbfdc9929f08531de03cf3b64e7db62cb53c26bf34c8db4d73786fd853620ab1a10dbafe55e119ad17bfeb40e191071945c7b4db9c9e223 libtasn1-4.14.tar.gz" diff --git a/main/libtasn1/CVE-2017-10790.patch b/main/libtasn1/CVE-2017-10790.patch deleted file mode 100644 index eb752c20a9..0000000000 --- a/main/libtasn1/CVE-2017-10790.patch +++ /dev/null @@ -1,55 +0,0 @@ -From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Thu, 22 Jun 2017 16:31:37 +0200 -Subject: [PATCH] _asn1_check_identifier: safer access to values read - -Signed-off-by: Nikos Mavrogiannopoulos ---- - lib/parser_aux.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index 976ab38..786ea64 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) - if (p2 == NULL) - { - if (p->value) -- _asn1_strcpy (_asn1_identifierMissing, p->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); - return ASN1_IDENTIFIER_NOT_FOUND; -@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) - if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); -- _asn1_str_cat (name2, sizeof (name2), "."); -- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ if (p2->value) -+ { -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ } -+ else -+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) -@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) - _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) - || !(p2->type & CONST_ASSIGN)) --- -1.9.1 - -- cgit v1.2.3