CVE-2014-3564, rhbz#1125170, gpgme-1.3.2-bufferoverflow.patch
This commit is contained in:
Frantisek Kluknavsky
parent
334d8b46ea
commit
b9ab7b3e19
26
gpgme-1.3.2-bufferoverflow.patch
Normal file
26
gpgme-1.3.2-bufferoverflow.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -up wrk/src/engine-gpgsm.c.wrk wrk/src/engine-gpgsm.c
|
||||
--- wrk/src/engine-gpgsm.c.wrk 2014-12-06 04:22:35.944109162 +0100
|
||||
+++ wrk/src/engine-gpgsm.c 2014-12-06 04:24:15.127086534 +0100
|
||||
@@ -834,7 +834,8 @@ status_handler (void *opaque, int fd)
|
||||
else
|
||||
{
|
||||
*aline = newline;
|
||||
- gpgsm->colon.attic.linesize += linelen + 1;
|
||||
+ // gpgsm->colon.attic.linesize += linelen + 1; - cherrypicked security fix
|
||||
+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
|
||||
}
|
||||
}
|
||||
if (!err)
|
||||
diff -up wrk/src/engine-uiserver.c.wrk wrk/src/engine-uiserver.c
|
||||
--- wrk/src/engine-uiserver.c.wrk 2014-12-06 04:24:32.200254777 +0100
|
||||
+++ wrk/src/engine-uiserver.c 2014-12-06 04:25:16.718693472 +0100
|
||||
@@ -699,7 +699,8 @@ status_handler (void *opaque, int fd)
|
||||
else
|
||||
{
|
||||
*aline = newline;
|
||||
- uiserver->colon.attic.linesize += linelen + 1;
|
||||
+ //uiserver->colon.attic.linesize += linelen + 1; - cherrypicked security fix
|
||||
+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
|
||||
}
|
||||
}
|
||||
if (!err)
|
||||
@ -5,7 +5,7 @@
|
||||
Name: gpgme
|
||||
Summary: GnuPG Made Easy - high level crypto API
|
||||
Version: 1.4.3
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
|
||||
License: LGPLv2+
|
||||
URL: http://www.gnupg.org/related_software/gpgme/
|
||||
@ -22,6 +22,8 @@ Patch2: gpgme-1.4.3-no_gpgsm_t-verify.patch
|
||||
# add -D_FILE_OFFSET_BITS... to gpgme-config, upstreamable
|
||||
Patch3: gpgme-1.3.2-largefile.patch
|
||||
|
||||
Patch4: gpgme-1.3.2-bufferoverflow.patch
|
||||
|
||||
BuildRequires: gawk
|
||||
# see patch2 above, else we only need 2.0.4
|
||||
BuildRequires: gnupg2 >= 2.0.22
|
||||
@ -61,6 +63,7 @@ Requires(postun): /sbin/install-info
|
||||
%patch1 -p1 -b .config_extras
|
||||
#patch2 -p1 -b .no_gpgsm_t-verify
|
||||
%patch3 -p1 -b .largefile
|
||||
%patch4 -p1 -b .overflow
|
||||
|
||||
## HACK ALERT
|
||||
# The config script already suppresses the -L if it's /usr/lib, so cheat and
|
||||
@ -134,6 +137,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Dec 06 2014 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.4.3-5
|
||||
- CVE-2014-3564, rhbz#1125170, gpgme-1.3.2-bufferoverflow.patch
|
||||
|
||||
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user