From 3152fcc3bbd4cabf01c7e70766a305ce4c725881 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 25 May 2018 23:29:36 +0000
Subject: Fri May 25 23:29:36 UTC 2018

patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.0.txz:  Rebuilt.
  Handle removal of US/Pacific-New timezone. If we see that the machine is
  using this, it will be automatically switched to US/Pacific.
---
 .../libtasn1/libtasn1.CVE-2014-3467_8_9.diff       | 152 +++++++++++++++++++++
 1 file changed, 152 insertions(+)
 create mode 100644 patches/source/libtasn1/libtasn1.CVE-2014-3467_8_9.diff

(limited to 'patches/source/libtasn1/libtasn1.CVE-2014-3467_8_9.diff')

diff --git a/patches/source/libtasn1/libtasn1.CVE-2014-3467_8_9.diff b/patches/source/libtasn1/libtasn1.CVE-2014-3467_8_9.diff
new file mode 100644
index 000000000..9b190c611
--- /dev/null
+++ b/patches/source/libtasn1/libtasn1.CVE-2014-3467_8_9.diff
@@ -0,0 +1,152 @@
+diff -u -r libtasn1-2.14.orig/lib/decoding.c libtasn1-2.14/lib/decoding.c
+--- libtasn1-2.14.orig/lib/decoding.c	2012-09-13 01:16:23.000000000 -0500
++++ libtasn1-2.14/lib/decoding.c	2014-06-05 16:42:36.495243018 -0500
+@@ -149,7 +149,7 @@
+       /* Long form */
+       punt = 1;
+       ris = 0;
+-      while (punt <= der_len && der[punt] & 128)
++      while (punt < der_len && der[punt] & 128)
+ 	{
+ 	  last = ris;
+ 
+@@ -226,12 +226,11 @@
+ 		    int *ret_len, unsigned char *str, int str_size,
+ 		    int *str_len)
+ {
+-  int len_len;
++  int len_len = 0;
+ 
+   if (der_len <= 0)
+     return ASN1_GENERIC_ERROR;
+ 
+-  /* if(str==NULL) return ASN1_SUCCESS; */
+   *str_len = asn1_get_length_der (der, der_len, &len_len);
+ 
+   if (*str_len < 0)
+@@ -239,7 +238,10 @@
+ 
+   *ret_len = *str_len + len_len;
+   if (str_size >= *str_len)
+-    memcpy (str, der + len_len, *str_len);
++    {
++      if (*str_len > 0 && str != NULL)
++        memcpy (str, der + len_len, *str_len);
++    }
+   else
+     {
+       return ASN1_MEM_ERROR;
+@@ -259,7 +261,7 @@
+   if (der_len <= 0 || str == NULL)
+     return ASN1_DER_ERROR;
+   str_len = asn1_get_length_der (der, der_len, &len_len);
+-  if (str_len < 0 || str_size < str_len)
++  if (str_len <= 0 || str_size < str_len)
+     return ASN1_DER_ERROR;
+   memcpy (str, der + len_len, str_len);
+   str[str_len] = 0;
+@@ -285,7 +287,7 @@
+     return ASN1_GENERIC_ERROR;
+   len = asn1_get_length_der (der, der_len, &len_len);
+ 
+-  if (len < 0 || len > der_len || len_len > der_len)
++  if (len <= 0 || len > der_len || len_len > der_len)
+     return ASN1_DER_ERROR;
+ 
+   val1 = der[len_len] / 40;
+@@ -347,7 +349,7 @@
+ 		  int *ret_len, unsigned char *str, int str_size,
+ 		  int *bit_len)
+ {
+-  int len_len, len_byte;
++  int len_len = 0, len_byte;
+ 
+   if (der_len <= 0)
+     return ASN1_GENERIC_ERROR;
+@@ -358,8 +360,14 @@
+   *ret_len = len_byte + len_len + 1;
+   *bit_len = len_byte * 8 - der[len_len];
+ 
++  if (*bit_len <= 0)
++    return ASN1_DER_ERROR;
++
+   if (str_size >= len_byte)
+-    memcpy (str, der + len_len + 1, len_byte);
++    {
++      if (len_byte > 0 && str)
++        memcpy (str, der + len_len + 1, len_byte);
++    }
+   else
+     {
+       return ASN1_MEM_ERROR;
+diff -u -r libtasn1-2.14.orig/lib/element.c libtasn1-2.14/lib/element.c
+--- libtasn1-2.14.orig/lib/element.c	2012-09-24 06:51:43.000000000 -0500
++++ libtasn1-2.14/lib/element.c	2014-06-05 16:50:27.290222945 -0500
+@@ -112,8 +112,11 @@
+     /* VALUE_OUT is too short to contain the value conversion */
+     return ASN1_MEM_ERROR;
+ 
+-  for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+-    value_out[k2 - k] = val[k2];
++  if (value_out != NULL) 
++    {
++      for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
++        value_out[k2 - k] = val[k2];
++    }
+ 
+ #if 0
+   printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
+@@ -617,7 +620,8 @@
+ 	if (ptr_size < data_size) { \
+ 		return ASN1_MEM_ERROR; \
+ 	} else { \
+-		memcpy( ptr, data, data_size); \
++		if (ptr && data_size > 0) \
++		  memcpy( ptr, data, data_size); \
+ 	}
+ 
+ #define PUT_STR_VALUE( ptr, ptr_size, data) \
+@@ -626,16 +630,19 @@
+ 		return ASN1_MEM_ERROR; \
+ 	} else { \
+ 		/* this strcpy is checked */ \
+-		_asn1_strcpy(ptr, data); \
++		if (ptr) { \
++		  _asn1_strcpy(ptr, data); \
++		} \
+ 	}
+ 
+ #define ADD_STR_VALUE( ptr, ptr_size, data) \
+-	*len = (int) _asn1_strlen(data) + 1; \
+-	if (ptr_size < (int) _asn1_strlen(ptr)+(*len)) { \
++        *len += _asn1_strlen(data); \
++        if (ptr_size < (int) *len) { \
++                (*len)++; \
+ 		return ASN1_MEM_ERROR; \
+ 	} else { \
+ 		/* this strcat is checked */ \
+-		_asn1_strcat(ptr, data); \
++		if (ptr) _asn1_strcat(ptr, data); \
+ 	}
+ 
+ /**
+@@ -792,7 +799,9 @@
+     case TYPE_OBJECT_ID:
+       if (node->type & CONST_ASSIGN)
+ 	{
+-	  value[0] = 0;
++	  *len = 0;
++	  if (value)
++	  	value[0] = 0;
+ 	  p = node->down;
+ 	  while (p)
+ 	    {
+@@ -806,7 +815,7 @@
+ 		}
+ 	      p = p->right;
+ 	    }
+-	  *len = _asn1_strlen (value) + 1;
++	  (*len)++;
+ 	}
+       else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ 	{
-- 
cgit v1.2.3-65-gdbad