nmav pushed to libtasn1 (f20). "backported fix for stack overflow in DER decoder"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Mar 30 07:32:05 UTC 2015
>From 09789fb5bda0d391f836e18ce321676b686c33a9 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Mon, 30 Mar 2015 09:30:37 +0200
Subject: backported fix for stack overflow in DER decoder
diff --git a/libtasn1-3.8-ltostr.patch b/libtasn1-3.8-ltostr.patch
new file mode 100644
index 0000000..a447d3a
--- /dev/null
+++ b/libtasn1-3.8-ltostr.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/parser_aux.h b/lib/parser_aux.h
+index 1f1aec2..7b2dfd4 100644
+--- a/lib/parser_aux.h
++++ b/lib/parser_aux.h
+@@ -52,7 +52,7 @@ void _asn1_delete_list (void);
+
+ void _asn1_delete_list_and_nodes (void);
+
+-#define LTOSTR_MAX_SIZE 20
++#define LTOSTR_MAX_SIZE 22
+ char *_asn1_ltostr (long v, char *str);
+
+ asn1_node _asn1_find_up (asn1_node node);
diff --git a/libtasn1.spec b/libtasn1.spec
index 5d1778a..08c44a4 100644
--- a/libtasn1.spec
+++ b/libtasn1.spec
@@ -1,7 +1,7 @@
Summary: The ASN.1 library used in GNUTLS
Name: libtasn1
Version: 3.8
-Release: 2%{?dist}
+Release: 3%{?dist}
# The libtasn1 library is LGPLv2+, utilities are GPLv3+
License: GPLv3+ and LGPLv2+
@@ -11,6 +11,7 @@ Source0: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz
Source1: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig
Patch1: libtasn1-3.4-rpath.patch
Patch2: libtasn1-3.8-octet-string.patch
+Patch3: libtasn1-3.8-ltostr.patch
BuildRequires: bison, pkgconfig
%ifarch %ix86 x86_64 ppc ppc64
BuildRequires: valgrind
@@ -54,6 +55,7 @@ data.
%patch1 -p1 -b .rpath
%patch2 -p1 -b .octet-string
+%patch3 -p1 -b .ltostr
%build
%configure --disable-static --disable-silent-rules
@@ -106,6 +108,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \
%changelog
+* Mon Mar 30 2015 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.8-3
+- backported fix for stack overflow in DER decoder
+
* Thu Sep 04 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 3.8-2
- added bug fix for octet string decoding (#1138218)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/libtasn1.git/commit/?h=f20&id=09789fb5bda0d391f836e18ce321676b686c33a9
More information about the scm-commits
mailing list