gnutils: Security fix CVE-2016-7444

affects gnutls < 3.3.24 (From OE-Core rev: c0a682cfeedfc8976324a3bba863f1d9b0127d76) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2016-10-02 17:11:14 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-12-06 22:46:44 +0000
commit: 1f8eb08791b3a661d56e0498c2386c5ad2859bc4 (patch)
tree: a1b0907cd61583cf68e69f86ea32978c78fdab94
parent: b9c389404f7fb73aa10572477e8929cadf05898e (diff)
download: poky-1f8eb08791b3a661d56e0498c2386c5ad2859bc4.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
new file mode 100644
index 0000000000..2bb0626d99
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,31 @@
+From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 27 Aug 2016 17:00:22 +0200
+Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP
+ response
+Previously the OCSP certificate check wouldn't verify the serial length
+and could succeed in cases it shouldn't.
+Reported by Stefan Buehler.
+Upstream-Status: Backport
+CVE: CVE-2016-7444
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ lib/x509/ocsp.c | 1 +
+ 1 file changed, 1 insertion(+)
+Index: gnutls-3.3.17.1/lib/x509/ocsp.c
+===================================================================
+--- gnutls-3.3.17.1.orig/lib/x509/ocsp.c
+++ gnutls-3.3.17.1/lib/x509/ocsp.c
+@@ -1257,6 +1257,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_r
+                gnutls_assert();
+                goto cleanup;
+        }
+       cserial.size = t;
+ 
+        if (rserial.size != cserial.size
+            || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb b/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb
index 0185797521..99b205314e 100644
--- a/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb
@@ -3,6 +3,7 @@ require gnutls.inc
 SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
            file://configure.ac-fix-sed-command.patch \
            file://use-pkg-config-to-locate-zlib.patch \
+            file://CVE-2016-7444.patch \
           "
 SRC_URI[md5sum] = "8d01c7e7f2cbc5871fdca832d2260b6b"
 SRC_URI[sha256sum] = "b40f158030a92f450a07b20300a3996710ca19800848d9f6fd62493170c5bbb4"
author	Armin Kuster <akuster808@gmail.com>	2016-10-02 17:11:14 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-12-06 22:46:44 +0000
commit	1f8eb08791b3a661d56e0498c2386c5ad2859bc4 (patch)
tree	a1b0907cd61583cf68e69f86ea32978c78fdab94
parent	b9c389404f7fb73aa10572477e8929cadf05898e (diff)
download	poky-1f8eb08791b3a661d56e0498c2386c5ad2859bc4.tar.gz

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch new file mode 100644 index 0000000000..2bb0626d99 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,31 @@
		1	From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
		2	From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
		3	Date: Sat, 27 Aug 2016 17:00:22 +0200
		4	Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP
		5	response
		6
		7	Previously the OCSP certificate check wouldn't verify the serial length
		8	and could succeed in cases it shouldn't.
		9
		10	Reported by Stefan Buehler.
		11
		12	Upstream-Status: Backport
		13	CVE: CVE-2016-7444
		14	Signed-off-by: Armin Kuster <akuster@mvista.com>
		15
		16	---
		17	lib/x509/ocsp.c \| 1 +
		18	1 file changed, 1 insertion(+)
		19
		20	Index: gnutls-3.3.17.1/lib/x509/ocsp.c
		21	===================================================================
		22	--- gnutls-3.3.17.1.orig/lib/x509/ocsp.c
		23	+++ gnutls-3.3.17.1/lib/x509/ocsp.c
		24	@@ -1257,6 +1257,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_r
		25	gnutls_assert();
		26	goto cleanup;
		27	}
		28	+ cserial.size = t;
		29
		30	if (rserial.size != cserial.size
		31	\|\| memcmp(cserial.data, rserial.data, rserial.size) != 0) {


diff --git a/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb b/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb index 0185797521..99b205314e 100644 --- a/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb +++ b/meta/recipes-support/gnutls/gnutls_3.3.17.1.bb
@@ -3,6 +3,7 @@ require gnutls.inc
3	SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \	3	SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4	file://configure.ac-fix-sed-command.patch \	4	file://configure.ac-fix-sed-command.patch \
5	file://use-pkg-config-to-locate-zlib.patch \	5	file://use-pkg-config-to-locate-zlib.patch \
		6	file://CVE-2016-7444.patch \
6	"	7	"
7	SRC_URI[md5sum] = "8d01c7e7f2cbc5871fdca832d2260b6b"	8	SRC_URI[md5sum] = "8d01c7e7f2cbc5871fdca832d2260b6b"
8	SRC_URI[sha256sum] = "b40f158030a92f450a07b20300a3996710ca19800848d9f6fd62493170c5bbb4"	9	SRC_URI[sha256sum] = "b40f158030a92f450a07b20300a3996710ca19800848d9f6fd62493170c5bbb4"