diff options
Diffstat (limited to 'user/libtasn1')
| -rw-r--r-- | user/libtasn1/APKBUILD | 11 | ||||
| -rw-r--r-- | user/libtasn1/CVE-2017-10790.patch | 55 |
2 files changed, 4 insertions, 62 deletions
diff --git a/user/libtasn1/APKBUILD b/user/libtasn1/APKBUILD index f3fcce75d..8412236d7 100644 --- a/user/libtasn1/APKBUILD +++ b/user/libtasn1/APKBUILD @@ -1,16 +1,16 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libtasn1 -pkgver=4.14 +pkgver=4.16.0 pkgrel=0 pkgdesc="Highly portable ASN.1 library" url="https://www.gnu.org/software/libtasn1/" arch="all" license="LGPL-2.1+" +depends="" makedepends="texinfo" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" -source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz - " +source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" # secfixes: # 4.14-r0: @@ -21,7 +21,6 @@ source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz # - CVE-2017-10790 build() { - cd "$builddir" CFLAGS="-Wno-error=inline" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,12 +32,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -49,4 +46,4 @@ tools() { mv -i "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="efdcf3729e9e057cafbfdc9929f08531de03cf3b64e7db62cb53c26bf34c8db4d73786fd853620ab1a10dbafe55e119ad17bfeb40e191071945c7b4db9c9e223 libtasn1-4.14.tar.gz" +sha512sums="b356249535d5d592f9b59de39d21e26dd0f3f00ea47c9cef292cdd878042ea41ecbb7c8d2f02ac5839f5210092fe92a25acd343260ddf644887b031b167c2e71 libtasn1-4.16.0.tar.gz" diff --git a/user/libtasn1/CVE-2017-10790.patch b/user/libtasn1/CVE-2017-10790.patch deleted file mode 100644 index eb752c20a..000000000 --- a/user/libtasn1/CVE-2017-10790.patch +++ /dev/null @@ -1,55 +0,0 @@ -From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 22 Jun 2017 16:31:37 +0200 -Subject: [PATCH] _asn1_check_identifier: safer access to values read - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/parser_aux.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index 976ab38..786ea64 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) - if (p2 == NULL) - { - if (p->value) -- _asn1_strcpy (_asn1_identifierMissing, p->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); - return ASN1_IDENTIFIER_NOT_FOUND; -@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) - if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); -- _asn1_str_cat (name2, sizeof (name2), "."); -- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ if (p2->value) -+ { -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ } -+ else -+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) -@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) - _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) - || !(p2->type & CONST_ASSIGN)) --- -1.9.1 - |