diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-05-31 15:10:50 -0700 |
| commit | 329684b59b8d55dd403c2c59f76d37210ba2f517 (patch) | |
| tree | 10421c6ee3bf179d50915cc00d4c15c1b83cb77a /patches/source/gnutls/gnutls-2.8.6_CVE-2014-0092.diff | |
| parent | b76270bf9e6dd375e495fec92140a79a79415d27 (diff) | |
| download | current-13.1.tar.gz current-13.1.tar.xz | |
Fri May 25 23:29:36 UTC 201813.1
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack13.1.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/gnutls/gnutls-2.8.6_CVE-2014-0092.diff')
| -rw-r--r-- | patches/source/gnutls/gnutls-2.8.6_CVE-2014-0092.diff | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/patches/source/gnutls/gnutls-2.8.6_CVE-2014-0092.diff b/patches/source/gnutls/gnutls-2.8.6_CVE-2014-0092.diff new file mode 100644 index 000000000..dc37370bd --- /dev/null +++ b/patches/source/gnutls/gnutls-2.8.6_CVE-2014-0092.diff @@ -0,0 +1,108 @@ +From 27892001331da24704fca8fa39041289ff7d3cd9 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Mon, 03 Mar 2014 +Subject: CVE-2014-0092 (GNUTLS-SA-2014-2) + +Fix vulnerabilities in the certificate verification code path. +The vulnerabilities can be exploited such that specially-crafted +certificates can bypass certificate validation checks. + +This is a backport adaptation for use with GnuTLS 2.8.6. + +Relevant upstream commit: +------------------------- +https://gitorious.org/gnutls/gnutls/commit/6aa26f78150ccb + +--- + lib/x509/verify.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -112,7 +112,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -121,7 +121,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -129,7 +129,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -137,7 +137,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + /* If the subject certificate is the same as the issuer +@@ -177,6 +177,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnu + else + gnutls_assert (); + ++fail: + result = 0; + + cleanup: +@@ -269,7 +270,7 @@ _gnutls_verify_certificate2 (gnutls_x509 + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer; +- int ret, issuer_version, result; ++ int ret, issuer_version, result = 0; + + if (output) + *output = 0; +@@ -299,7 +300,7 @@ _gnutls_verify_certificate2 (gnutls_x509 + if (issuer_version < 0) + { + gnutls_assert (); +- return issuer_version; ++ return 0; + } + + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && +@@ -320,6 +321,7 @@ _gnutls_verify_certificate2 (gnutls_x509 + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -328,6 +330,7 @@ _gnutls_verify_certificate2 (gnutls_x509 + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -337,6 +340,8 @@ _gnutls_verify_certificate2 (gnutls_x509 + if (ret < 0) + { + gnutls_assert (); ++ result = 0; ++ goto cleanup; + } + else if (ret == 0) + { |