Browse code
fix CVE-2017-10790 and CVE-2017-7507
Change-Id: If727d37241e78a1c1d7722efebda54794a3386a5
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4017
Reviewed-by: Sharath George
Tested-by: Sharath George
Priyesh Padmavilasom authored on 2017/10/11 08:52:08Showing 3 changed files
| ... | ... |
@@ -1,11 +1,11 @@ |
| 1 | 1 |
Summary: The GnuTLS Transport Layer Security Library |
| 2 | 2 |
Name: gnutls |
| 3 |
-Version: 3.5.10 |
|
| 3 |
+Version: 3.5.15 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv3+ and LGPLv2+ |
| 6 | 6 |
URL: http://www.gnutls.org |
| 7 | 7 |
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz
|
| 8 |
-%define sha1 gnutls=4a8afbda93d48e4cdbcb562a420e0f4e9f3361e9 |
|
| 8 |
+%define sha1 gnutls=9b7466434332b92dc3ca704b9211370370814fac |
|
| 9 | 9 |
Group: System Environment/Libraries |
| 10 | 10 |
Vendor: VMware, Inc. |
| 11 | 11 |
Distribution: Photon |
| ... | ... |
@@ -80,6 +80,8 @@ make %{?_smp_mflags} check
|
| 80 | 80 |
%{_mandir}/man3/*
|
| 81 | 81 |
|
| 82 | 82 |
%changelog |
| 83 |
+* Tue Oct 10 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.5.15-1 |
|
| 84 |
+- Update to 3.5.15. Fixes CVE-2017-7507 |
|
| 83 | 85 |
* Thu Apr 13 2017 Danut Moraru <dmoraru@vmware.com> 3.5.10-1 |
| 84 | 86 |
- Update to version 3.5.10 |
| 85 | 87 |
* Sun Dec 18 2016 Alexey Makhalov <amakhalov@vmware.com> 3.4.11-4 |
| 86 | 88 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,42 @@ |
| 0 |
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c |
|
| 1 |
+index 976ab38..786ea64 100644 |
|
| 2 |
+--- a/lib/parser_aux.c |
|
| 3 |
+@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) |
|
| 4 |
+ if (p2 == NULL) |
|
| 5 |
+ {
|
|
| 6 |
+ if (p->value) |
|
| 7 |
+- _asn1_strcpy (_asn1_identifierMissing, p->value); |
|
| 8 |
++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); |
|
| 9 |
+ else |
|
| 10 |
+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); |
|
| 11 |
+ return ASN1_IDENTIFIER_NOT_FOUND; |
|
| 12 |
+@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) |
|
| 13 |
+ if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) |
|
| 14 |
+ {
|
|
| 15 |
+ _asn1_str_cpy (name2, sizeof (name2), node->name); |
|
| 16 |
+- _asn1_str_cat (name2, sizeof (name2), "."); |
|
| 17 |
+- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); |
|
| 18 |
+- _asn1_strcpy (_asn1_identifierMissing, p2->value); |
|
| 19 |
++ if (p2->value) |
|
| 20 |
++ {
|
|
| 21 |
++ _asn1_str_cat (name2, sizeof (name2), "."); |
|
| 22 |
++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); |
|
| 23 |
++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); |
|
| 24 |
++ } |
|
| 25 |
++ else |
|
| 26 |
++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); |
|
| 27 |
++ |
|
| 28 |
+ p2 = asn1_find_node (node, name2); |
|
| 29 |
+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || |
|
| 30 |
+ !(p2->type & CONST_ASSIGN)) |
|
| 31 |
+@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) |
|
| 32 |
+ _asn1_str_cpy (name2, sizeof (name2), node->name); |
|
| 33 |
+ _asn1_str_cat (name2, sizeof (name2), "."); |
|
| 34 |
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); |
|
| 35 |
+- _asn1_strcpy (_asn1_identifierMissing, p2->value); |
|
| 36 |
++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); |
|
| 37 |
++ |
|
| 38 |
+ p2 = asn1_find_node (node, name2); |
|
| 39 |
+ if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) |
|
| 40 |
+ || !(p2->type & CONST_ASSIGN)) |
| ... | ... |
@@ -1,16 +1,15 @@ |
| 1 | 1 |
Summary: ASN.1 library |
| 2 | 2 |
Name: libtasn1 |
| 3 |
-Version: 4.10 |
|
| 3 |
+Version: 4.12 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv3+ and LGPLv2+ |
| 6 | 6 |
URL: http://www.gnu.org/software/libtasn1/ |
| 7 | 7 |
Source0: http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz
|
| 8 |
-%define sha1 libtasn1=c7b36fa50866bbc889f7503c7fd1e9f9d7c52a64 |
|
| 8 |
+%define sha1 libtasn1=f9a05b3b8acf319d89f07267407c03b184c4e3b0 |
|
| 9 | 9 |
Group: System Environment/Libraries |
| 10 | 10 |
Vendor: VMware, Inc. |
| 11 | 11 |
Distribution: Photon |
| 12 |
- |
|
| 13 |
-#Patch0: CVE-2016-4008.patch |
|
| 12 |
+Patch0: libtasn1-CVE-2017-10790.patch |
|
| 14 | 13 |
|
| 15 | 14 |
%description |
| 16 | 15 |
Libtasn1 library provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, |
| ... | ... |
@@ -27,7 +26,7 @@ developing applications that use libtasn1. |
| 27 | 27 |
|
| 28 | 28 |
%prep |
| 29 | 29 |
%setup -q |
| 30 |
-#%patch0 -p1 |
|
| 30 |
+%patch0 -p1 |
|
| 31 | 31 |
|
| 32 | 32 |
%build |
| 33 | 33 |
./configure \ |
| ... | ... |
@@ -58,6 +57,8 @@ make %{?_smp_mflags} check
|
| 58 | 58 |
%{_mandir}/man3/*
|
| 59 | 59 |
|
| 60 | 60 |
%changelog |
| 61 |
+* Tue Oct 10 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.12-1 |
|
| 62 |
+- update to 4.12 and apply patch for CVE-2017-10790 |
|
| 61 | 63 |
* Tue Apr 04 2017 Kumar Kaushik <kaushikk@vmware.com> 4.10-1 |
| 62 | 64 |
- Upgrading version to 4.10 |
| 63 | 65 |
* Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 4.7-4 |