[mingw-gnutls/f18] Fix CVE-2013-2116

mooninite mooninite at fedoraproject.org
Fri May 31 03:06:06 UTC 2013 

commit ae37c2ca33df21fd4eb8bd6c13d487f8b49bb9e5
Author: Michael Cronenworth <mike at cchtml.com>
Date:   Thu May 30 22:05:23 2013 -0500

    Fix CVE-2013-2116

 gnutls-2.12.23-cve-2013-2116.patch |   25 +++++++++++++++++++++++++
 mingw-gnutls.spec                  |    9 ++++++++-
 2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-2.12.23-cve-2013-2116.patch b/gnutls-2.12.23-cve-2013-2116.patch
new file mode 100644
index 0000000..2223e70
--- /dev/null
+++ b/gnutls-2.12.23-cve-2013-2116.patch
@@ -0,0 +1,25 @@
+From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Thu, 23 May 2013 09:54:37 +0200
+Subject: [PATCH] re-applied sanity check patch
+
+---
+ lib/gnutls_cipher.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 2835121..71f5a98 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+           return GNUTLS_E_DECRYPTION_FAILED;
+         }
+       pad = ciphertext.data[ciphertext.size - 1];   /* pad */
++      if (pad+1 > ciphertext.size-hash_size)
++        pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ 
+       /* Check the pading bytes (TLS 1.x). 
+        * Note that we access all 256 bytes of ciphertext for padding check
+-- 
+1.7.1
+
diff --git a/mingw-gnutls.spec b/mingw-gnutls.spec
index ca914b5..80f6273 100644
--- a/mingw-gnutls.spec
+++ b/mingw-gnutls.spec
@@ -2,7 +2,7 @@
 
 Name:           mingw-gnutls
 Version:        2.12.23
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        MinGW GnuTLS TLS/SSL encryption library
 
 License:        GPLv3+ and LGPLv2+
@@ -26,6 +26,8 @@ Patch6: gnutls-2.12.20-cli-debug-manpage.patch
 # Use only FIPS approved ciphers in the FIPS mode
 Patch7: gnutls-2.12.21-fips-algorithms.patch
 
+Patch100: gnutls-2.12.23-cve-2013-2116.patch
+
 # MinGW-specific patches.
 Patch1001:      gnutls-mingw-compile-fix.patch
 Patch1002:      gnutls-fix-external-libtasn1-detection.patch
@@ -104,6 +106,8 @@ for MinGW.
 %patch6 -p1 -b .cli-debug
 %patch7 -p1 -b .fips
 
+%patch100 -p1 -b .cve-2013-2116
+
 %patch1001 -p0 -b .mingw_compile
 %patch1002 -p0 -b .libtasn1
 
@@ -185,6 +189,9 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
 
 
 %changelog
+* Thu May 30 2013 Michael Cronenworth <mike at cchtml.com> - 2.12.23-2
+- Fix CVE-2013-2116
+
 * Mon Mar 04 2013 Michael Cronenworth <mike at cchtml.com> - 2.12.23-1
 - Update to 2.12.23

More information about the scm-commits mailing list