[mingw-gnutls/f18] Fix CVE-2013-2116
mooninite
mooninite at fedoraproject.org
Fri May 31 03:06:06 UTC 2013
commit ae37c2ca33df21fd4eb8bd6c13d487f8b49bb9e5
Author: Michael Cronenworth <mike at cchtml.com>
Date: Thu May 30 22:05:23 2013 -0500
Fix CVE-2013-2116
gnutls-2.12.23-cve-2013-2116.patch | 25 +++++++++++++++++++++++++
mingw-gnutls.spec | 9 ++++++++-
2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/gnutls-2.12.23-cve-2013-2116.patch b/gnutls-2.12.23-cve-2013-2116.patch
new file mode 100644
index 0000000..2223e70
--- /dev/null
+++ b/gnutls-2.12.23-cve-2013-2116.patch
@@ -0,0 +1,25 @@
+From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Thu, 23 May 2013 09:54:37 +0200
+Subject: [PATCH] re-applied sanity check patch
+
+---
+ lib/gnutls_cipher.c | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 2835121..71f5a98 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ pad = ciphertext.data[ciphertext.size - 1]; /* pad */
++ if (pad+1 > ciphertext.size-hash_size)
++ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+
+ /* Check the pading bytes (TLS 1.x).
+ * Note that we access all 256 bytes of ciphertext for padding check
+--
+1.7.1
+
diff --git a/mingw-gnutls.spec b/mingw-gnutls.spec
index ca914b5..80f6273 100644
--- a/mingw-gnutls.spec
+++ b/mingw-gnutls.spec
@@ -2,7 +2,7 @@
Name: mingw-gnutls
Version: 2.12.23
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MinGW GnuTLS TLS/SSL encryption library
License: GPLv3+ and LGPLv2+
@@ -26,6 +26,8 @@ Patch6: gnutls-2.12.20-cli-debug-manpage.patch
# Use only FIPS approved ciphers in the FIPS mode
Patch7: gnutls-2.12.21-fips-algorithms.patch
+Patch100: gnutls-2.12.23-cve-2013-2116.patch
+
# MinGW-specific patches.
Patch1001: gnutls-mingw-compile-fix.patch
Patch1002: gnutls-fix-external-libtasn1-detection.patch
@@ -104,6 +106,8 @@ for MinGW.
%patch6 -p1 -b .cli-debug
%patch7 -p1 -b .fips
+%patch100 -p1 -b .cve-2013-2116
+
%patch1001 -p0 -b .mingw_compile
%patch1002 -p0 -b .libtasn1
@@ -185,6 +189,9 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
%changelog
+* Thu May 30 2013 Michael Cronenworth <mike at cchtml.com> - 2.12.23-2
+- Fix CVE-2013-2116
+
* Mon Mar 04 2013 Michael Cronenworth <mike at cchtml.com> - 2.12.23-1
- Update to 2.12.23
More information about the scm-commits
mailing list