rpms/gpgme
7
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2014-3564, rhbz#1125170, gpgme-1.3.2-bufferoverflow.patch

Browse Source
This commit is contained in:
Frantisek Kluknavsky 2014-12-06 05:01:09 +01:00
parent 334d8b46ea
commit b9ab7b3e19
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
gpgme-1.3.2-bufferoverflow.patch Normal file
View File

@ -0,0 +1,26 @@
diff -up wrk/src/engine-gpgsm.c.wrk wrk/src/engine-gpgsm.c
--- wrk/src/engine-gpgsm.c.wrk 2014-12-06 04:22:35.944109162 +0100
+++ wrk/src/engine-gpgsm.c 2014-12-06 04:24:15.127086534 +0100
@@ -834,7 +834,8 @@ status_handler (void *opaque, int fd)
else
{
*aline = newline;
- gpgsm->colon.attic.linesize += linelen + 1;
+ // gpgsm->colon.attic.linesize += linelen + 1; - cherrypicked security fix
+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
}
}
if (!err)
diff -up wrk/src/engine-uiserver.c.wrk wrk/src/engine-uiserver.c
--- wrk/src/engine-uiserver.c.wrk 2014-12-06 04:24:32.200254777 +0100
+++ wrk/src/engine-uiserver.c 2014-12-06 04:25:16.718693472 +0100
@@ -699,7 +699,8 @@ status_handler (void *opaque, int fd)
else
{
*aline = newline;
- uiserver->colon.attic.linesize += linelen + 1;
+ //uiserver->colon.attic.linesize += linelen + 1; - cherrypicked security fix
+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
}
}
if (!err)

8
gpgme.spec
View File

@ -5,7 +5,7 @@
Name: gpgme Name: gpgme
Summary: GnuPG Made Easy - high level crypto API Summary: GnuPG Made Easy - high level crypto API
Version: 1.4.3 Version: 1.4.3
Release: 4%{?dist} Release: 5%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: http://www.gnupg.org/related_software/gpgme/ URL: http://www.gnupg.org/related_software/gpgme/
@ -22,6 +22,8 @@ Patch2: gpgme-1.4.3-no_gpgsm_t-verify.patch
# add -D_FILE_OFFSET_BITS... to gpgme-config, upstreamable # add -D_FILE_OFFSET_BITS... to gpgme-config, upstreamable
Patch3: gpgme-1.3.2-largefile.patch Patch3: gpgme-1.3.2-largefile.patch
Patch4: gpgme-1.3.2-bufferoverflow.patch
BuildRequires: gawk BuildRequires: gawk
# see patch2 above, else we only need 2.0.4 # see patch2 above, else we only need 2.0.4
BuildRequires: gnupg2 >= 2.0.22 BuildRequires: gnupg2 >= 2.0.22
@ -61,6 +63,7 @@ Requires(postun): /sbin/install-info
%patch1 -p1 -b .config_extras %patch1 -p1 -b .config_extras
#patch2 -p1 -b .no_gpgsm_t-verify #patch2 -p1 -b .no_gpgsm_t-verify
%patch3 -p1 -b .largefile %patch3 -p1 -b .largefile
%patch4 -p1 -b .overflow
## HACK ALERT ## HACK ALERT
# The config script already suppresses the -L if it's /usr/lib, so cheat and # The config script already suppresses the -L if it's /usr/lib, so cheat and
@ -134,6 +137,9 @@ fi
%changelog %changelog
* Sat Dec 06 2014 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.4.3-5
- CVE-2014-3564, rhbz#1125170, gpgme-1.3.2-bufferoverflow.patch
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-4 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild