From 1f4838353e54ba7f401be2e0010bb516f5f8b878 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 30 Nov 2022 13:56:23 -0500 Subject: [PATCH] Resolves: rhbz#2140602 --- libtasn1-4.19-CVE-2021-46848.patch | 11 +++++++++++ libtasn1.spec | 7 ++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 libtasn1-4.19-CVE-2021-46848.patch diff --git a/libtasn1-4.19-CVE-2021-46848.patch b/libtasn1-4.19-CVE-2021-46848.patch new file mode 100644 index 0000000..e4383f3 --- /dev/null +++ b/libtasn1-4.19-CVE-2021-46848.patch @@ -0,0 +1,11 @@ +--- a/lib/int.h 2022-11-30 14:21:26.985600761 -0500 ++++ b/lib/int.h 2022-11-30 14:23:25.856065950 -0500 +@@ -97,7 +97,7 @@ + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ +- (etype) <= _asn1_tags_size && \ ++ (etype) < _asn1_tags_size && \ + _asn1_tags[(etype)].desc != NULL)?1:0) + + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ diff --git a/libtasn1.spec b/libtasn1.spec index 1243acd..1068052 100644 --- a/libtasn1.spec +++ b/libtasn1.spec @@ -1,7 +1,7 @@ Summary: The ASN.1 library used in GNUTLS Name: libtasn1 Version: 4.16.0 -Release: 7%{?dist} +Release: 8%{?dist} # The libtasn1 library is LGPLv2+, utilities are GPLv3+ License: GPLv3+ and LGPLv2+ @@ -11,6 +11,7 @@ Source1: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg Patch1: libtasn1-3.4-rpath.patch Patch200: libtasn1-4.16-coverity.patch +Patch300: libtasn1-4.19-CVE-2021-46848.patch BuildRequires: gnupg2 BuildRequires: gcc @@ -57,6 +58,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %patch1 -p1 -b .rpath %patch200 -p1 -b .coverity +%patch300 -p1 -b .CVE-2021-46848 %build autoreconf -v -f --install @@ -95,6 +97,9 @@ make check %changelog +* Wed Nov 30 2022 Simo Sorce - 4.16.0-9 +- Resolves: rhbz#2140602 + * Mon Aug 09 2021 Mohan Boddu - 4.16.0-7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688