summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch27
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.3.5.bb1
2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
new file mode 100644
index 0000000..5a29a96
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2015-6251.patch
@@ -0,0 +1,27 @@
1From 272854367efc130fbd4f1a51840d80c630214e12 Mon Sep 17 00:00:00 2001
2From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3Date: Mon, 20 Jul 2015 21:49:28 +0200
4Subject: [PATCH] Reset the output value on error in _gnutls_x509_dn_to_string()
5
6Fixes CVE-2015-6251.
7Upstream-Status: Backport
8
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/x509/common.c | 1 +
12 1 file changed, 1 insertion(+), 0 deletions(-)
13
14diff --git a/lib/x509/common.c b/lib/x509/common.c
15index 94b6bbc..9a4b96f 100644
16--- a/lib/x509/common.c
17+++ b/lib/x509/common.c
18@@ -469,6 +469,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value,
19 if (ret < 0) {
20 gnutls_assert();
21 gnutls_free(str->data);
22+ str->data = NULL;
23 return ret;
24 }
25 str->size = size;
26--
27libgit2 0.23.4
diff --git a/meta/recipes-support/gnutls/gnutls_3.3.5.bb b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
index 9f26470..ce1da89 100644
--- a/meta/recipes-support/gnutls/gnutls_3.3.5.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.3.5.bb
@@ -3,6 +3,7 @@ require gnutls.inc
3SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \ 3SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
4 file://eliminated-double-free-CVE-2015-3308.patch \ 4 file://eliminated-double-free-CVE-2015-3308.patch \
5 file://better-fix-for-double-free-CVE-2015-3308.patch \ 5 file://better-fix-for-double-free-CVE-2015-3308.patch \
6 file://CVE-2015-6251.patch \
6 " 7 "
7 8
8SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2" 9SRC_URI[md5sum] = "1f396dcf3c14ea67de7243821006d1a2"