Change-Id: I9c43022bb24382d63d151b5f9f6ef094fcae0b10
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5046
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,74 @@ |
0 |
+From 2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Rainer Gerhards <rgerhards@adiscon.com> |
|
2 |
+Date: Tue, 20 Mar 2018 12:30:12 +0100 |
|
3 |
+Subject: [PATCH] unify error message generation |
|
4 |
+ |
|
5 |
+--- |
|
6 |
+ src/tcp.c | 38 +++++++++++++++++++++++++++++++++----- |
|
7 |
+ 1 file changed, 33 insertions(+), 5 deletions(-) |
|
8 |
+ |
|
9 |
+diff --git a/src/tcp.c b/src/tcp.c |
|
10 |
+index a587627..d2d48f5 100644 |
|
11 |
+--- a/src/tcp.c |
|
12 |
+@@ -1172,9 +1172,35 @@ relpTcpGetCN(relpTcp_t *pThis, gnutls_x509_crt_t cert, char *namebuf, int lenNam |
|
13 |
+ return r; |
|
14 |
+ } |
|
15 |
+ |
|
16 |
++ |
|
17 |
++/* helper to consistently add names to error message buffer */ |
|
18 |
++static int |
|
19 |
++relpTcpAddToCertNamesBuffer(relpTcp_t *const pThis, |
|
20 |
++ char *const buf, |
|
21 |
++ const size_t buflen, |
|
22 |
++ int *p_currIdx, |
|
23 |
++ const char *const certName) |
|
24 |
++{ |
|
25 |
++ int r = 0; |
|
26 |
++ assert(buf != NULL); |
|
27 |
++ assert(p_currIdx != NULL); |
|
28 |
++ const int currIdx = *p_currIdx; |
|
29 |
++ const int n = snprintf(buf + currIdx, buflen - currIdx, |
|
30 |
++ "DNSname: %s; ", certName); |
|
31 |
++ if(n < 0 || n >= (int) (buflen - currIdx)) { |
|
32 |
++ callOnAuthErr(pThis, "", "certificate validation failed, names " |
|
33 |
++ "inside certifcate are way to long (> 32KiB)", |
|
34 |
++ RELP_RET_AUTH_CERT_INVL); |
|
35 |
++ r = GNUTLS_E_CERTIFICATE_ERROR; |
|
36 |
++ } else { |
|
37 |
++ *p_currIdx += n; |
|
38 |
++ } |
|
39 |
++ return r; |
|
40 |
++} |
|
41 |
++ |
|
42 |
+ /* Check the peer's ID in name auth mode. */ |
|
43 |
+ static int |
|
44 |
+-relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt_t cert) |
|
45 |
++relpTcpChkPeerName(relpTcp_t *const pThis, gnutls_x509_crt_t cert) |
|
46 |
+ { |
|
47 |
+ int r = 0; |
|
48 |
+ int ret; |
|
49 |
+@@ -1213,8 +1239,9 @@ relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt_t cert) |
|
50 |
+ break; |
|
51 |
+ else if(gnuRet == GNUTLS_SAN_DNSNAME) { |
|
52 |
+ pThis->pEngine->dbgprint("librelp: subject alt dnsName: '%s'\n", szAltName); |
|
53 |
+- iAllNames += snprintf(allNames+iAllNames, sizeof(allNames)-iAllNames, |
|
54 |
+- "DNSname: %s; ", szAltName); |
|
55 |
++ r = relpTcpAddToCertNamesBuffer(pThis, allNames, sizeof(allNames), |
|
56 |
++ &iAllNames, szAltName); |
|
57 |
++ if(r != 0) goto done; |
|
58 |
+ relpTcpChkOnePeerName(pThis, szAltName, &bFoundPositiveMatch); |
|
59 |
+ /* do NOT break, because there may be multiple dNSName's! */ |
|
60 |
+ } |
|
61 |
+@@ -1225,8 +1252,9 @@ relpTcpChkPeerName(relpTcp_t *pThis, gnutls_x509_crt_t cert) |
|
62 |
+ /* if we did not succeed so far, we try the CN part of the DN... */ |
|
63 |
+ if(relpTcpGetCN(pThis, cert, cnBuf, sizeof(cnBuf)) == 0) { |
|
64 |
+ pThis->pEngine->dbgprint("librelp: relpTcp now checking auth for CN '%s'\n", cnBuf); |
|
65 |
+- iAllNames += snprintf(allNames+iAllNames, sizeof(allNames)-iAllNames, |
|
66 |
+- "CN: %s; ", cnBuf); |
|
67 |
++ r = relpTcpAddToCertNamesBuffer(pThis, allNames, sizeof(allNames), |
|
68 |
++ &iAllNames, cnBuf); |
|
69 |
++ if(r != 0) goto done; |
|
70 |
+ relpTcpChkOnePeerName(pThis, cnBuf, &bFoundPositiveMatch); |
|
71 |
+ } |
|
72 |
+ } |
... | ... |
@@ -1,25 +1,26 @@ |
1 |
-Summary: RELP Library |
|
2 |
-Name: librelp |
|
3 |
-Version: 1.2.13 |
|
4 |
-Release: 1%{?dist} |
|
5 |
-License: GPLv3+ |
|
6 |
-URL: http://www.librelp.com |
|
7 |
-Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz |
|
1 |
+Summary: RELP Library |
|
2 |
+Name: librelp |
|
3 |
+Version: 1.2.13 |
|
4 |
+Release: 2%{?dist} |
|
5 |
+License: GPLv3+ |
|
6 |
+URL: http://www.librelp.com |
|
7 |
+Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz |
|
8 | 8 |
%define sha1 librelp=c54fd06bed925f125d020575399a36fb56bb7838 |
9 |
-Group: System Environment/Libraries |
|
10 |
-Vendor: VMware, Inc. |
|
11 |
-Distribution: Photon |
|
12 |
-BuildRequires: gnutls-devel |
|
13 |
-BuildRequires: autogen |
|
14 |
-Requires: gnutls |
|
9 |
+Patch0: librelp-CVE-2018-1000140.patch |
|
10 |
+Group: System Environment/Libraries |
|
11 |
+Vendor: VMware, Inc. |
|
12 |
+Distribution: Photon |
|
13 |
+BuildRequires: gnutls-devel |
|
14 |
+BuildRequires: autogen |
|
15 |
+Requires: gnutls |
|
15 | 16 |
%description |
16 | 17 |
Librelp is an easy to use library for the RELP protocol. RELP (stands |
17 | 18 |
for Reliable Event Logging Protocol) is a general-purpose, extensible |
18 | 19 |
logging protocol. |
19 | 20 |
|
20 | 21 |
%package devel |
21 |
-Summary: Development libraries and header files for librelp |
|
22 |
-Requires: librelp |
|
22 |
+Summary: Development libraries and header files for librelp |
|
23 |
+Requires: librelp |
|
23 | 24 |
|
24 | 25 |
%description devel |
25 | 26 |
The package contains libraries and header files for |
... | ... |
@@ -27,15 +28,16 @@ developing applications that use librelp. |
27 | 27 |
|
28 | 28 |
%prep |
29 | 29 |
%setup -q |
30 |
+%patch0 -p1 |
|
30 | 31 |
%build |
31 | 32 |
./configure \ |
32 |
- --prefix=%{_prefix} |
|
33 |
+ --prefix=%{_prefix} |
|
33 | 34 |
make %{?_smp_mflags} |
34 | 35 |
%install |
35 | 36 |
make DESTDIR=%{buildroot} install |
36 | 37 |
|
37 |
-%post -p /sbin/ldconfig |
|
38 |
-%postun -p /sbin/ldconfig |
|
38 |
+%post -p /sbin/ldconfig |
|
39 |
+%postun -p /sbin/ldconfig |
|
39 | 40 |
%files |
40 | 41 |
%defattr(-,root,root) |
41 | 42 |
%{_libdir}/*.so.* |
... | ... |
@@ -47,12 +49,14 @@ make DESTDIR=%{buildroot} install |
47 | 47 |
%{_libdir}/*.so |
48 | 48 |
%{_libdir}/pkgconfig/*.pc |
49 | 49 |
%changelog |
50 |
-* Tue Apr 11 2017 Harish Udaiy Kumar <hudaiyakumar@vmware.com> 1.2.13-1 |
|
51 |
-- Updated to version 1.2.13 |
|
52 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.2.9-2 |
|
53 |
-- GA - Bump release of all rpms |
|
54 |
-* Thu Feb 25 2016 Anish Swaminathan <anishs@vmware.com> 1.2.9-1 |
|
55 |
-- Upgrade to 1.2.9 |
|
56 |
-* Thu Jun 18 2015 Divya Thaluru <dthaluru@vmware.com> 1.2.7-1 |
|
57 |
-- Initial build. First version |
|
50 |
+* Fri Apr 20 2018 Xiaolin Li <xiaolinl@vmware.com> 1.2.13-2 |
|
51 |
+- Fix CVE-2018-1000140 |
|
52 |
+* Tue Apr 11 2017 Harish Udaiy Kumar <hudaiyakumar@vmware.com> 1.2.13-1 |
|
53 |
+- Updated to version 1.2.13 |
|
54 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.2.9-2 |
|
55 |
+- GA - Bump release of all rpms |
|
56 |
+* Thu Feb 25 2016 Anish Swaminathan <anishs@vmware.com> 1.2.9-1 |
|
57 |
+- Upgrade to 1.2.9 |
|
58 |
+* Thu Jun 18 2015 Divya Thaluru <dthaluru@vmware.com> 1.2.7-1 |
|
59 |
+- Initial build. First version |
|
58 | 60 |
|