[csw-devel] SF.net SVN: gar:[21491] csw/mgar/pkg/gnutls/trunk

chninkel at users.sourceforge.net chninkel at users.sourceforge.net
Thu Jul 11 00:44:38 CEST 2013 

Revision: 21491
          http://gar.svn.sourceforge.net/gar/?rev=21491&view=rev
Author:   chninkel
Date:     2013-07-10 22:44:38 +0000 (Wed, 10 Jul 2013)
Log Message:
-----------
gnutls/trunk: added security fix for CVE-2013-2116

Modified Paths:
--------------
    csw/mgar/pkg/gnutls/trunk/Makefile

Added Paths:
-----------
    csw/mgar/pkg/gnutls/trunk/files/0005-CVE-2013-2116.patch

Modified: csw/mgar/pkg/gnutls/trunk/Makefile
===================================================================
--- csw/mgar/pkg/gnutls/trunk/Makefile	2013-07-10 21:53:26 UTC (rev 21490)
+++ csw/mgar/pkg/gnutls/trunk/Makefile	2013-07-10 22:44:38 UTC (rev 21491)
@@ -28,6 +28,8 @@
 # We workaround the problem by changing the test so it expects
 # the certificates to be expired (another solution is to use LD_PRELOAD).
 PATCHFILES += 0004-workaround-certificate-expiration-issue-in-the-test-.patch
+# Security fix for CVE-2013-2116
+PATCHFILES += 0005-CVE-2013-2116.patch
 
 UFILES_REGEX = $(NAME)-(\d+(?:\.\d+)*).tar.bz2
 

Added: csw/mgar/pkg/gnutls/trunk/files/0005-CVE-2013-2116.patch
===================================================================
--- csw/mgar/pkg/gnutls/trunk/files/0005-CVE-2013-2116.patch	                        (rev 0)
+++ csw/mgar/pkg/gnutls/trunk/files/0005-CVE-2013-2116.patch	2013-07-10 22:44:38 UTC (rev 21491)
@@ -0,0 +1,25 @@
+From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Thu, 23 May 2013 09:54:37 +0200
+Subject: [PATCH] re-applied sanity check patch
+
+---
+ lib/gnutls_cipher.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 2835121..71f5a98 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+           return GNUTLS_E_DECRYPTION_FAILED;
+         }
+       pad = ciphertext.data[ciphertext.size - 1];   /* pad */
++      if (pad+1 > ciphertext.size-hash_size)
++        pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ 
+       /* Check the pading bytes (TLS 1.x). 
+        * Note that we access all 256 bytes of ciphertext for padding check
+-- 
+1.7.1
+

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list