diff options
author | Karl Hiramoto <karl@hiramoto.org> | 2014-03-05 11:25:23 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-03-05 15:50:22 +0000 |
commit | 4988a8cda5e617579ac858232dd6749a11f6f28b (patch) | |
tree | d583470d60f5cfb5e2c38e77aa8f18057497755d /meta | |
parent | 4df2d018a14103040d4350f50e3d42192d3f395d (diff) | |
download | poky-4988a8cda5e617579ac858232dd6749a11f6f28b.tar.gz |
gnutls: CVE-2014-0092 correct return codes
This patch is for the OE-Core master branch - it comes from upstream:
git://gitorious.org/gnutls/gnutls.git
branch: gnutls_2_12_x
commit: 6aa26f78150ccbdf0aec1878a41c17c41d358a3b
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu Feb 27 19:42:26 2014 +0100
For more info see:
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
(From OE-Core rev: 61a507c545aead7e49da1e8ad54dec07a648fdb5)
Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch | 106 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_2.12.23.bb | 1 |
2 files changed, 107 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch new file mode 100644 index 0000000000..68ee5bc426 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-0092-corrected-return-codes.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 | ||
2 | From: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
3 | Date: Thu, 27 Feb 2014 19:42:26 +0100 | ||
4 | Subject: [PATCH 1/3] corrected return codes | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Signed-off-by: Karl Hiramoto <karl@hiramoto.org> | ||
9 | |||
10 | --- | ||
11 | lib/x509/verify.c | 16 ++++++++++------ | ||
12 | 1 file changed, 10 insertions(+), 6 deletions(-) | ||
13 | |||
14 | diff --git a/lib/x509/verify.c b/lib/x509/verify.c | ||
15 | index c9a6b0d..eef85a8 100644 | ||
16 | --- a/lib/x509/verify.c | ||
17 | +++ b/lib/x509/verify.c | ||
18 | @@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
19 | if (result < 0) | ||
20 | { | ||
21 | gnutls_assert (); | ||
22 | - goto cleanup; | ||
23 | + goto fail; | ||
24 | } | ||
25 | |||
26 | result = | ||
27 | @@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
28 | if (result < 0) | ||
29 | { | ||
30 | gnutls_assert (); | ||
31 | - goto cleanup; | ||
32 | + goto fail; | ||
33 | } | ||
34 | |||
35 | result = | ||
36 | @@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
37 | if (result < 0) | ||
38 | { | ||
39 | gnutls_assert (); | ||
40 | - goto cleanup; | ||
41 | + goto fail; | ||
42 | } | ||
43 | |||
44 | result = | ||
45 | @@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
46 | if (result < 0) | ||
47 | { | ||
48 | gnutls_assert (); | ||
49 | - goto cleanup; | ||
50 | + goto fail; | ||
51 | } | ||
52 | |||
53 | /* If the subject certificate is the same as the issuer | ||
54 | @@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, | ||
55 | else | ||
56 | gnutls_assert (); | ||
57 | |||
58 | +fail: | ||
59 | result = 0; | ||
60 | |||
61 | cleanup: | ||
62 | @@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
63 | gnutls_datum_t cert_signed_data = { NULL, 0 }; | ||
64 | gnutls_datum_t cert_signature = { NULL, 0 }; | ||
65 | gnutls_x509_crt_t issuer = NULL; | ||
66 | - int issuer_version, result; | ||
67 | + int issuer_version, result = 0; | ||
68 | |||
69 | if (output) | ||
70 | *output = 0; | ||
71 | @@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
72 | if (issuer_version < 0) | ||
73 | { | ||
74 | gnutls_assert (); | ||
75 | - return issuer_version; | ||
76 | + return 0; | ||
77 | } | ||
78 | |||
79 | if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && | ||
80 | @@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
81 | if (result < 0) | ||
82 | { | ||
83 | gnutls_assert (); | ||
84 | + result = 0; | ||
85 | goto cleanup; | ||
86 | } | ||
87 | |||
88 | @@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
89 | if (result < 0) | ||
90 | { | ||
91 | gnutls_assert (); | ||
92 | + result = 0; | ||
93 | goto cleanup; | ||
94 | } | ||
95 | |||
96 | @@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, | ||
97 | else if (result < 0) | ||
98 | { | ||
99 | gnutls_assert(); | ||
100 | + result = 0; | ||
101 | goto cleanup; | ||
102 | } | ||
103 | |||
104 | -- | ||
105 | 1.8.3.2 | ||
106 | |||
diff --git a/meta/recipes-support/gnutls/gnutls_2.12.23.bb b/meta/recipes-support/gnutls/gnutls_2.12.23.bb index 1575d2c614..e26b154601 100644 --- a/meta/recipes-support/gnutls/gnutls_2.12.23.bb +++ b/meta/recipes-support/gnutls/gnutls_2.12.23.bb | |||
@@ -6,6 +6,7 @@ SRC_URI += "file://gnutls-openssl.patch \ | |||
6 | file://correct_rpl_gettimeofday_signature.patch \ | 6 | file://correct_rpl_gettimeofday_signature.patch \ |
7 | file://configure-fix.patch \ | 7 | file://configure-fix.patch \ |
8 | file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \ | 8 | file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \ |
9 | file://CVE-2014-0092-corrected-return-codes.patch \ | ||
9 | ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \ | 10 | ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \ |
10 | " | 11 | " |
11 | 12 | ||