summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-01-07 13:38:09 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-01-22 19:44:38 (GMT)
commit7273dba2c5f6c834560cd84853a1df358221b469 (patch)
tree0299aa3274dfe11f1f762d2c70599eb3f79433ad
parentc6d12aaaa21048373b280cff9d3dfc0082a025eb (diff)
downloadpoky-7273dba2c5f6c834560cd84853a1df358221b469.tar.gz
gnutls: CVE-2015-6251
Fixes double free flaw in certificate DN decoding. (Add back the patch inappropriately removed) References: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251 Upstream fix: https://gitlab.com/gnutls/gnutls/commit/ 272854367efc130fbd4f1a51840d80c630214e12 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch27
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.3.5.bb1
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
new file mode 100644
index 0000000..5a29a96
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
@@ -0,0 +1,27 @@
1From 272854367efc130fbd4f1a51840d80c630214e12 Mon Sep 17 00:00:00 2001
2From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3Date: Mon, 20 Jul 2015 21:49:28 +0200
4Subject: [PATCH] Reset the output value on error in _gnutls_x509_dn_to_string()
5
6Fixes CVE-2015-6251.
7Upstream-Status: Backport
8
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/x509/common.c | 1 +
12 1 file changed, 1 insertion(+), 0 deletions(-)
13
14diff --git a/lib/x509/common.c b/lib/x509/common.c
15index 94b6bbc..9a4b96f 100644
16--- a/lib/x509/common.c
17+++ b/lib/x509/common.c
18@@ -469,6 +469,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value,
19 if (ret < 0) {
20 gnutls_assert();
21 gnutls_free(str->data);
22+ str->data = NULL;
23 return ret;
24 }
25 str->size = size;
26--
27libgit2 0.23.4
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.5.bb b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
index 9f26470..ce1da89 100644
--- a/meta/recipes-support/gnutls/gnutls_3.3.5.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
@@ -3,6 +3,7 @@ require gnutls.inc
3SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ 3SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4 file://eliminated-double-free-CVE-2015-3308.patch \ 4 file://eliminated-double-free-CVE-2015-3308.patch \
5 file://better-fix-for-double-free-CVE-2015-3308.patch \ 5 file://better-fix-for-double-free-CVE-2015-3308.patch \
6 file://CVE-2015-6251.patch \
6 " 7 "
7 8
8SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2" 9SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2"