diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-01-07 14:38:09 +0100 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2016-01-22 20:44:38 +0100 |
commit | 7273dba2c5f6c834560cd84853a1df358221b469 (patch) | |
tree | 0299aa3274dfe11f1f762d2c70599eb3f79433ad /meta/recipes-support/gnutls | |
parent | c6d12aaaa21048373b280cff9d3dfc0082a025eb (diff) | |
download | poky-7273dba2c5f6c834560cd84853a1df358221b469.tar.gz |
gnutls: CVE-2015-6251
Fixes double free flaw in certificate DN decoding.
(Add back the patch inappropriately removed)
References:
http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251
Upstream fix:
https://gitlab.com/gnutls/gnutls/commit/
272854367efc130fbd4f1a51840d80c630214e12
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-support/gnutls')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch | 27 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.3.5.bb | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch new file mode 100644 index 0000000000..5a29a9671e --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | From 272854367efc130fbd4f1a51840d80c630214e12 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
3 | Date: Mon, 20 Jul 2015 21:49:28 +0200 | ||
4 | Subject: [PATCH] Reset the output value on error in _gnutls_x509_dn_to_string() | ||
5 | |||
6 | Fixes CVE-2015-6251. | ||
7 | Upstream-Status: Backport | ||
8 | |||
9 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
10 | --- | ||
11 | lib/x509/common.c | 1 + | ||
12 | 1 file changed, 1 insertion(+), 0 deletions(-) | ||
13 | |||
14 | diff --git a/lib/x509/common.c b/lib/x509/common.c | ||
15 | index 94b6bbc..9a4b96f 100644 | ||
16 | --- a/lib/x509/common.c | ||
17 | +++ b/lib/x509/common.c | ||
18 | @@ -469,6 +469,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, | ||
19 | if (ret < 0) { | ||
20 | gnutls_assert(); | ||
21 | gnutls_free(str->data); | ||
22 | + str->data = NULL; | ||
23 | return ret; | ||
24 | } | ||
25 | str->size = size; | ||
26 | -- | ||
27 | libgit2 0.23.4 | ||
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.5.bb b/meta/recipes-support/gnutls/gnutls_3.3.5.bb index 9f26470f41..ce1da890f6 100644 --- a/meta/recipes-support/gnutls/gnutls_3.3.5.bb +++ b/meta/recipes-support/gnutls/gnutls_3.3.5.bb | |||
@@ -3,6 +3,7 @@ require gnutls.inc | |||
3 | SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ | 3 | SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ |
4 | file://eliminated-double-free-CVE-2015-3308.patch \ | 4 | file://eliminated-double-free-CVE-2015-3308.patch \ |
5 | file://better-fix-for-double-free-CVE-2015-3308.patch \ | 5 | file://better-fix-for-double-free-CVE-2015-3308.patch \ |
6 | file://CVE-2015-6251.patch \ | ||
6 | " | 7 | " |
7 | 8 | ||
8 | SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2" | 9 | SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2" |