diff options
| -rw-r--r-- | gnu/local.mk | 2 | ||||
| -rw-r--r-- | gnu/packages/patches/libtasn1-CVE-2017-10790.patch | 63 | ||||
| -rw-r--r-- | gnu/packages/patches/libtasn1-CVE-2018-6003.patch | 73 | ||||
| -rw-r--r-- | gnu/packages/tls.scm | 16 |
4 files changed, 3 insertions, 151 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 1b442e7ba9..82ae783db6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -851,8 +851,6 @@ dist_patch_DATA = \ %D%/packages/patches/libssh-hostname-parser-bug.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ - %D%/packages/patches/libtasn1-CVE-2017-10790.patch \ - %D%/packages/patches/libtasn1-CVE-2018-6003.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtirpc-missing-headers.patch \ %D%/packages/patches/libtiff-CVE-2017-9935.patch \ diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch deleted file mode 100644 index 6cec0c8030..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix CVE-2017-10790: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 - -Patch copied from upstream source repository: - -https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 - -From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 22 Jun 2017 16:31:37 +0200 -Subject: [PATCH] _asn1_check_identifier: safer access to values read - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/parser_aux.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index 976ab38..786ea64 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) - if (p2 == NULL) - { - if (p->value) -- _asn1_strcpy (_asn1_identifierMissing, p->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); - return ASN1_IDENTIFIER_NOT_FOUND; -@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) - if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); -- _asn1_str_cat (name2, sizeof (name2), "."); -- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ if (p2->value) -+ { -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ } -+ else -+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) -@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) - _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) - || !(p2->type & CONST_ASSIGN)) --- -2.13.3 - diff --git a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch deleted file mode 100644 index 3e6140518d..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch +++ /dev/null @@ -1,73 +0,0 @@ -Fix CVE-2018-6003: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003 -https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html - -Patch copied from upstream source repository: - -https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 - -From c593ae84cfcde8fea45787e53950e0ac71e9ca97 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 4 Jan 2018 10:52:05 +0100 -Subject: [PATCH] _asn1_decode_simple_ber: restrict the levels of recursion to 3 - -On indefinite string decoding, setting a maximum level of recursions -protects the BER decoder from a stack exhaustion due to large amounts -of recursion. - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/decoding.c | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/lib/decoding.c b/lib/decoding.c -index 2240b09..0ee35d3 100644 ---- a/lib/decoding.c -+++ b/lib/decoding.c -@@ -45,6 +45,13 @@ - - #define DECODE_FLAG_HAVE_TAG 1 - #define DECODE_FLAG_INDEFINITE (1<<1) -+/* On indefinite string decoding, allow this maximum levels -+ * of recursion. Allowing infinite recursion, makes the BER -+ * decoder susceptible to stack exhaustion due to that recursion. -+ */ -+#define DECODE_FLAG_LEVEL1 (1<<2) -+#define DECODE_FLAG_LEVEL2 (1<<3) -+#define DECODE_FLAG_LEVEL3 (1<<4) - - #define DECR_LEN(l, s) do { \ - l -= s; \ -@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - } - - /* indefinite constructed */ -- if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) -+ if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && -+ !(dflags & DECODE_FLAG_LEVEL3)) - { - len_len = 1; - -@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - do - { - unsigned tmp_len; -+ unsigned flags = DECODE_FLAG_HAVE_TAG; -+ -+ if (dflags & DECODE_FLAG_LEVEL1) -+ flags |= DECODE_FLAG_LEVEL2; -+ else if (dflags & DECODE_FLAG_LEVEL2) -+ flags |= DECODE_FLAG_LEVEL3; -+ else -+ flags |= DECODE_FLAG_LEVEL1; - -- result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len); -+ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, -+ flags); - if (result != ASN1_SUCCESS) - { - warn(); --- -libgit2 0.26.0 - diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 1928051bc1..3aa9ddc14e 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org> -;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name> +;;; Copyright © 2015, 2016, 2017, 2018 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> @@ -65,8 +65,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.12") - (replacement libtasn1/fixed) + (version "4.13") (source (origin (method url-fetch) @@ -74,8 +73,7 @@ version ".tar.gz")) (sha256 (base32 - "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")) - (patches (search-patches "libtasn1-CVE-2017-10790.patch")))) + "1jlc1iahj8k3haz28j55nzg7sgni5h41vqy461i1bpbx6668wlky")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -87,14 +85,6 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) -(define libtasn1/fixed - (package - (inherit libtasn1) - (source (origin - (inherit (package-source libtasn1)) - (patches (search-patches "libtasn1-CVE-2017-10790.patch" - "libtasn1-CVE-2018-6003.patch")))))) - (define-public asn1c (package (name "asn1c") |