summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-01-07 14:38:09 +0100
committerTudor Florea <tudor.florea@enea.com>2016-01-08 01:50:10 +0100
commitcc1d3f0edb1a8d2bdd24aa34c654c2135e0854fe (patch)
treec9c7c8f04c561fa7f7697412c4017610152c283a /meta
parent143136f7c830a5beb149f05886d2a649a29fca7a (diff)
downloadpoky-cc1d3f0edb1a8d2bdd24aa34c654c2135e0854fe.tar.gz
gnutls: CVE-2015-6251
Fixes double free flaw in certificate DN decoding. References: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-6251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251 Upstream fix: https://gitlab.com/gnutls/gnutls/commit/ 272854367efc130fbd4f1a51840d80c630214e12 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch27
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.3.5.bb1
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
new file mode 100644
index 0000000000..5a29a9671e
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
@@ -0,0 +1,27 @@
1From 272854367efc130fbd4f1a51840d80c630214e12 Mon Sep 17 00:00:00 2001
2From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3Date: Mon, 20 Jul 2015 21:49:28 +0200
4Subject: [PATCH] Reset the output value on error in _gnutls_x509_dn_to_string()
5
6Fixes CVE-2015-6251.
7Upstream-Status: Backport
8
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/x509/common.c | 1 +
12 1 file changed, 1 insertion(+), 0 deletions(-)
13
14diff --git a/lib/x509/common.c b/lib/x509/common.c
15index 94b6bbc..9a4b96f 100644
16--- a/lib/x509/common.c
17+++ b/lib/x509/common.c
18@@ -469,6 +469,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value,
19 if (ret < 0) {
20 gnutls_assert();
21 gnutls_free(str->data);
22+ str->data = NULL;
23 return ret;
24 }
25 str->size = size;
26--
27libgit2 0.23.4
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.5.bb b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
index 9f26470f41..ce1da890f6 100644
--- a/meta/recipes-support/gnutls/gnutls_3.3.5.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
@@ -3,6 +3,7 @@ require gnutls.inc
3SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ 3SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4 file://eliminated-double-free-CVE-2015-3308.patch \ 4 file://eliminated-double-free-CVE-2015-3308.patch \
5 file://better-fix-for-double-free-CVE-2015-3308.patch \ 5 file://better-fix-for-double-free-CVE-2015-3308.patch \
6 file://CVE-2015-6251.patch \
6 " 7 "
7 8
8SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2" 9SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2"