From 6516ecd07507c917f1f46e26eed7826015f1d1ec Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Thu, 3 Sep 2015 13:54:21 +0200
Subject: gnutls: CVE-2015-3308

Fixes use-after-free flaw in CRL distribution points parsing

Reference:
https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02

http://www.openwall.com/lists/oss-security/2015/04/15/6

(From OE-Core rev: 4db630c0cd7988c923eb3f48153a6cedafd6a139)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/gnutls/gnutls_3.3.12.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta/recipes-support/gnutls/gnutls_3.3.12.bb')

diff --git a/meta/recipes-support/gnutls/gnutls_3.3.12.bb b/meta/recipes-support/gnutls/gnutls_3.3.12.bb
index b310be0e58..62cd2d066d 100644
--- a/meta/recipes-support/gnutls/gnutls_3.3.12.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.3.12.bb
@@ -3,6 +3,8 @@ require gnutls.inc
 SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
             file://configure.ac-fix-sed-command.patch \
             file://use-pkg-config-to-locate-zlib.patch \
+            file://eliminated-double-free-CVE-2015-3308.patch \
+            file://better-fix-for-double-free-CVE-2015-3308.patch \
            "
 SRC_URI[md5sum] = "a37b20b4352a5f542367ded904729c90"
 SRC_URI[sha256sum] = "67ab3e92c5d48f3323b897d7c1aa0bb2af6f3a84f5bd9931cda163a7ff32299b"
-- 
cgit v1.2.3-54-g00ecf