kalev pushed to mingw-libtasn1 (f20). "Backported fix for stack overflow in DER decoder (CVE-2015-2806)"

[notifications at fedoraproject.org]

>From 78cab12691d450c4c18b4825f45b5b0c918035d1 Mon Sep 17 00:00:00 2001
From: Kalev Lember <kalevlember at gmail.com>
Date: Tue, 31 Mar 2015 23:45:53 +0200
Subject: Backported fix for stack overflow in DER decoder (CVE-2015-2806)


diff --git a/libtasn1-3.8-ltostr.patch b/libtasn1-3.8-ltostr.patch
new file mode 100644
index 0000000..a447d3a
--- /dev/null
+++ b/libtasn1-3.8-ltostr.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/parser_aux.h b/lib/parser_aux.h
+index 1f1aec2..7b2dfd4 100644
+--- a/lib/parser_aux.h
++++ b/lib/parser_aux.h
+@@ -52,7 +52,7 @@ void _asn1_delete_list (void);
+ 
+ void _asn1_delete_list_and_nodes (void);
+ 
+-#define LTOSTR_MAX_SIZE 20
++#define LTOSTR_MAX_SIZE 22
+ char *_asn1_ltostr (long v, char *str);
+ 
+ asn1_node _asn1_find_up (asn1_node node);
diff --git a/mingw-libtasn1.spec b/mingw-libtasn1.spec
index 39ea6ff..c1ca837 100644
--- a/mingw-libtasn1.spec
+++ b/mingw-libtasn1.spec
@@ -2,7 +2,7 @@
 
 Name:           mingw-libtasn1
 Version:        3.8
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        MinGW Windows libtasn1 library
 
 # The libtasn1 library is LGPLv2+, utilities are GPLv3+;
@@ -13,6 +13,7 @@ URL:            http://www.gnu.org/software/libtasn1/
 Source0:        http://ftp.gnu.org/gnu/libtasn1/libtasn1-%{version}.tar.gz
 Source1:        http://ftp.gnu.org/gnu/libtasn1/libtasn1-%{version}.tar.gz.sig
 Patch1:         libtasn1-3.8-octet-string.patch
+Patch2:         libtasn1-3.8-ltostr.patch
 
 BuildArch:      noarch
 
@@ -61,6 +62,7 @@ This package contains the MinGW Windows cross compiled libtasn1 library.
 %prep
 %setup -q -n libtasn1-%{version}
 %patch1 -p1 -b .octet-string
+%patch2 -p1 -b .ltostr
 
 
 %build
@@ -100,6 +102,9 @@ rm -f $RPM_BUILD_ROOT%{mingw64_bindir}/*.exe
 
 
 %changelog
+* Tue Mar 31 2015 Kalev Lember <kalevlember at gmail.com> - 3.8-2
+- Backported fix for stack overflow in DER decoder (CVE-2015-2806)
+
 * Thu Sep 11 2014 Michael Cronenworth <mike at cchtml.com> - 3.8-1
 - Update to 3.8
 
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/mingw-libtasn1.git/commit/?h=f20&id=78cab12691d450c4c18b4825f45b5b0c918035d1