.gitignore

@@ -1,2 +1,2 @@
 SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
-SOURCES/libtasn1-4.13.tar.gz
+SOURCES/libtasn1-4.16.0.tar.gz

.libtasn1.metadata

@@ -1,2 +1,2 @@
-a5442dfcf7f1b60f55f0e270e014a57710e75069 SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
-a84afb4cd8187c1fa5901c6bc1cf1486eea66635 SOURCES/libtasn1-4.13.tar.gz
+90f7b4d994c81d1debc13aa0c6c105c9a682921a SOURCES/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+f4f1fc301c0835389d9db7754815e48f4f57937a SOURCES/libtasn1-4.16.0.tar.gz

SOURCES/libtasn1-4.13.tar.gz.sig

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEqBLL/fzcTQvnoJMSnV6q9pATuEIFAlpeOtEACgkQnV6q9pAT
-uEIWNAf/YnmT4u3ShAfhUKE4sIap+8ivG5AxCPw1Rwgwc8qcS2VKOVeiwYTWmt9t
-g5CDrVu27DTPbCkdS7sTKrHQT3Pjc2DRJWHJbaHr5J717sNp50XWWXjNyZGrmyN4
-ais1d7no0GMXRsR6SUOFi+M52Q/vWhhYz4gaDAV9XSOqbJ6MPiw4BhjqyVSQ4lwD
-Lfn4upk+1JFjzCpVft7iXrx1P4RXvFJC1sBYpUJAbdm9y0rO5jGiY7EHokDNq1rT
-71hBWUclo37GsJnF65CRD1Mb5/wdZxm2wvEL/SFlHKqnY/uB3y4u7il91fi9zrwY
-mDmVimu7E563pqum16000pybZIEmFw==
-=LTAv
------END PGP SIGNATURE-----

SOURCES/libtasn1-4.16-coverity.patch

@@ -0,0 +1,70 @@
+diff -up libtasn1-4.16.0/lib/coding.c.coverity libtasn1-4.16.0/lib/coding.c
+--- libtasn1-4.16.0/lib/coding.c.coverity	2020-02-01 23:22:04.000000000 +0100
++++ libtasn1-4.16.0/lib/coding.c	2021-04-13 17:34:34.101819976 +0200
+@@ -1103,7 +1103,10 @@ asn1_der_coding (asn1_node_const element
+   max_len = *len;
+ 
+   if (der == NULL && max_len > 0)
+-    return ASN1_VALUE_NOT_VALID;
++    {
++      err = ASN1_VALUE_NOT_VALID;
++      goto error;
++    }
+ 
+   counter = 0;
+   move = DOWN;
+diff -up libtasn1-4.16.0/lib/element.c.coverity libtasn1-4.16.0/lib/element.c
+--- libtasn1-4.16.0/lib/element.c.coverity	2020-01-03 23:20:17.000000000 +0100
++++ libtasn1-4.16.0/lib/element.c	2021-04-13 18:05:21.054820798 +0200
+@@ -142,7 +142,7 @@ int
+ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
+ {
+   asn1_node p, p2;
+-  char temp[LTOSTR_MAX_SIZE];
++  char temp[LTOSTR_MAX_SIZE+1];
+   long n;
+ 
+   if (!node || !(node->down))
+@@ -183,7 +183,12 @@ _asn1_append_sequence_set (asn1_node nod
+       n = strtol (p->name + 1, NULL, 0);
+       n++;
+       temp[0] = '?';
++      if (n < 0)
++	return ASN1_GENERIC_ERROR;
++      /* assuming non-negative n, we have enough space in buffer */
+       _asn1_ltostr (n, temp + 1);
++      if (strlen(temp) >= LTOSTR_MAX_SIZE)
++	return ASN1_GENERIC_ERROR;
+     }
+   _asn1_set_name (p2, temp);
+   /*  p2->type |= CONST_OPTION; */
+diff -up libtasn1-4.16.0/lib/int.h.coverity libtasn1-4.16.0/lib/int.h
+--- libtasn1-4.16.0/lib/int.h.coverity	2020-01-03 23:20:17.000000000 +0100
++++ libtasn1-4.16.0/lib/int.h	2021-04-13 17:34:34.101819976 +0200
+@@ -213,6 +213,7 @@ void *_asn1_realloc(void *ptr, size_t si
+   ret = realloc(ptr, size);
+   if (ret == NULL)
+     {
++      /* cppcheck-suppress doubleFree */
+       free(ptr);
+     }
+   return ret;
+diff -up libtasn1-4.16.0/src/asn1Coding.c.coverity libtasn1-4.16.0/src/asn1Coding.c
+--- libtasn1-4.16.0/src/asn1Coding.c.coverity	2019-07-19 19:55:08.000000000 +0200
++++ libtasn1-4.16.0/src/asn1Coding.c	2021-04-13 17:34:34.102819982 +0200
+@@ -72,13 +72,13 @@ readAssignment (FILE * file, char *varNa
+ 
+   int ret;
+ 
+-  ret = fscanf (file, "%s", varName);
++  ret = fscanf (file, "%1023s", varName);
+   if (ret == EOF)
+     return ASSIGNMENT_EOF;
+   if (!strcmp (varName, "''"))
+     varName[0] = 0;
+ 
+-  ret = fscanf (file, "%s", value);
++  ret = fscanf (file, "%1023s", value);
+   if (ret == EOF)
+     return ASSIGNMENT_ERROR;
+ 

SOURCES/libtasn1-4.16.0.tar.gz.sig

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEWfu1XKfzqKsMUDdz2BxIh/FnmmUFAl42AF0ACgkQ2BxIh/Fn
+mmVm8Qf9GroRQ/D3f8crSv/HWZJ/EGDKAcSc+s0Gc5bfPQK7CrEUJpoCRt+kZzhO
+9RWcod3jot3/W26v1R6lCruQwUDbXmoPOYUMJ5cJuP8oHSs3+6m96e6aadWhpNxh
+8FGsnSvLNJ1zeCtsuvf9Zyi1NVicBGoeeCRgkJIkAE1TnCsbpo+QascmXJHlfDc2
+lueMzRexFzy7t03ySsRdiKpfzG1pyTWvU7lVhX8ysf2+31wi9kgvg71bPJhsA794
+FBIkpHcJXBkxxmlIvI/O65pRNX+13GmZjcPij5qth6Cr1fVQcN4hzEEKzyzf2RoP
+xqzVc6yNRh8pj+A44vwZ4sm7S+o0tQ==
+=czTt
+-----END PGP SIGNATURE-----

SOURCES/libtasn1-4.20-CVE-2024-12133.patch

@@ -50,12 +50,12 @@ nodes to their parent nodes as a cache.
 Signed-off-by: Daiki Ueno <ueno@gnu.org>
 Signed-off-by: Simon Josefsson <simon@josefsson.org>
 ---
- lib/element.c    | 56 ++++++++++++++++++++++++++++++++++++++++++------
- lib/element.h    | 10 +++++++++
- lib/int.h        |  8 +++++++
- lib/parser_aux.c | 10 +++++++++
- lib/structure.c  | 13 +++++++++++
- 5 files changed, 90 insertions(+), 7 deletions(-)
+ lib/element.c    | 64 +++++++++++++++++++++++++++++++++++++++---------
+ lib/element.h    | 10 ++++++++
+ lib/int.h        |  8 ++++++
+ lib/parser_aux.c | 10 ++++++++
+ lib/structure.c  | 13 ++++++++++
+ 5 files changed, 93 insertions(+), 12 deletions(-)
 
 diff --git a/lib/element.c b/lib/element.c
 index 850bef4..528df41 100644
@@ -63,13 +63,13 @@ index 850bef4..528df41 100644
 +++ b/lib/element.c
 @@ -33,6 +33,8 @@
  #include "structure.h"
- 
+ #include "c-ctype.h"
  #include "element.h"
 +#include <limits.h>
 +#include "intprops.h"
  
  void
- _asn1_hierarchical_name (asn1_node node, char *name, int name_size)
+ _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size)
 @@ -129,6 +131,41 @@ _asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
    return ASN1_SUCCESS;
  }
@@ -114,13 +114,13 @@ index 850bef4..528df41 100644
   * is a monotonically increased serial number.
 @@ -145,6 +182,7 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
    asn1_node p, p2;
-   char temp[LTOSTR_MAX_SIZE];
+   char temp[LTOSTR_MAX_SIZE+1];
    long n;
 +  int result;
  
    if (!node || !(node->down))
      return ASN1_GENERIC_ERROR;
-@@ -177,17 +215,21 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
+@@ -176,22 +214,24 @@ _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache)
        pcache->tail = p2;
      }
  
@@ -133,13 +133,21 @@ index 850bef4..528df41 100644
 -      n = strtol (p->name + 1, NULL, 0);
 -      n++;
 -      temp[0] = '?';
+-      if (n < 0)
+-	return ASN1_GENERIC_ERROR;
+-      /* assuming non-negative n, we have enough space in buffer */
 -      _asn1_ltostr (n, temp + 1);
+-      if (strlen(temp) >= LTOSTR_MAX_SIZE)
+-	return ASN1_GENERIC_ERROR;
 +      n = strtol (p->name + 1, NULL, 10);
 +      if (n <= 0 || n >= LONG_MAX - 1)
 +	      return ASN1_GENERIC_ERROR;
      }
++  /* assuming non-negative n, we have enough space in buffer */
 +  temp[0] = '?';
 +  _asn1_ltostr (n + 1, temp + 1);
++  if (strlen(temp) >= LTOSTR_MAX_SIZE)
++	  return ASN1_GENERIC_ERROR;
    _asn1_set_name (p2, temp);
    /*  p2->type |= CONST_OPTION; */
 +  result = _asn1_node_array_set (&node->numbered_children, n, p2);
@@ -153,11 +161,11 @@ diff --git a/lib/element.h b/lib/element.h
 index 732054e..b84e3a2 100644
 --- a/lib/element.h
 +++ b/lib/element.h
-@@ -38,4 +38,14 @@ int _asn1_convert_integer (const unsigned char *value,
+@@ -37,4 +37,14 @@ int _asn1_convert_integer (const unsigned char *value,
  
- void _asn1_hierarchical_name (asn1_node node, char *name, int name_size);
+ void _asn1_hierarchical_name (asn1_node_const node, char *name, int name_size);
  
-+static inline asn1_node
++static inline asn1_node_const
 +_asn1_node_array_get (const struct asn1_node_array_st *array, size_t position)
 +{
 +  return position < array->size ? array->nodes[position] : NULL;
@@ -198,15 +206,7 @@ diff --git a/lib/parser_aux.c b/lib/parser_aux.c
 index 415905a..4281cc9 100644
 --- a/lib/parser_aux.c
 +++ b/lib/parser_aux.c
-@@ -21,6 +21,7 @@
- 
- #include <int.h>
- #include <hash-pjw-bare.h>
-+#include <limits.h>
- #include "parser_aux.h"
- #include "gstr.h"
- #include "structure.h"
-@@ -126,6 +126,7 @@ asn1_find_node (asn1_node pointer, const char *name)
+@@ -126,6 +126,7 @@ asn1_find_node (asn1_node_const pointer, const char *name)
    const char *n_start;
    unsigned int nsize;
    unsigned int nhash;
@@ -214,7 +214,7 @@ index 415905a..4281cc9 100644
  
    if (pointer == NULL)
      return NULL;
-@@ -209,6 +210,7 @@ asn1_find_node (asn1_node pointer, const char *name)
+@@ -209,6 +210,7 @@ asn1_find_node (asn1_node_const pointer, const char *name)
        if (p->down == NULL)
  	return NULL;
  
@@ -222,11 +222,11 @@ index 415905a..4281cc9 100644
        p = p->down;
        if (p == NULL)
          return NULL;
-@@ -222,6 +224,12 @@ asn1_find_node (asn1_node pointer, const char *name)
+@@ -222,6 +224,12 @@ asn1_find_node (asn1_node_const pointer, const char *name)
  	}
        else
  	{			/* no "?LAST" */
-+	  if (n[0] == '?' && isdigit (n[1]))
++	  if (n[0] == '?' && c_isdigit (n[1]))
 +	    {
 +	      long position = strtol (n + 1, NULL, 10);
 +	      if (position > 0 && position < LONG_MAX)
@@ -252,7 +252,7 @@ index 9c95b9e..32692ad 100644
  #include <structure.h>
  #include "parser_aux.h"
  #include <gstr.h>
-+#include <ctype.h>
++#include "c-ctype.h"
 +#include "element.h"
 +#include <limits.h>
  
@@ -264,7 +264,7 @@ index 9c95b9e..32692ad 100644
  
 +  if (source_node->parent
 +      && source_node->name[0] == '?'
-+      && isdigit (source_node->name[1]))
++      && c_isdigit (source_node->name[1]))
 +    {
 +      long position = strtol (source_node->name + 1, NULL, 10);
 +      if (position > 0 && position < LONG_MAX)

SPECS/libtasn1.spec

@@ -1,41 +1,41 @@
 Summary:	The ASN.1 library used in GNUTLS
 Name:		libtasn1
-Version:	4.13
-Release:	5%{?dist}
+Version:	4.16.0
+Release:	9%{?dist}
 
 # The libtasn1 library is LGPLv2+, utilities are GPLv3+
 License:	GPLv3+ and LGPLv2+
-Group:		System Environment/Libraries
 URL:		http://www.gnu.org/software/libtasn1/
 Source0:	http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz
 Source1:	http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig
 Source2:	gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
 Patch1:		libtasn1-3.4-rpath.patch
+Patch200:	libtasn1-4.16-coverity.patch
 Patch300:	libtasn1-4.19-CVE-2021-46848.patch
 Patch301:	libtasn1-4.20-CVE-2024-12133.patch
 
+BuildRequires:	gnupg2
+BuildRequires:	gcc
 BuildRequires:	bison, pkgconfig, help2man
 BuildRequires:	autoconf, automake, libtool
-%ifarch %{valgrind_arches}
 BuildRequires:	valgrind-devel
-%endif
+BuildRequires: make
 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130324
 
 %package devel
 Summary:	Files for development of applications which will use libtasn1
-Group:		Development/Libraries
+Requires:	%{name}%{?_isa} = %{version}-%{release}
+
 Requires:	%name = %version-%release
+Requires:	%{name}-tools = %{version}-%{release}
 Requires:	pkgconfig
-Requires(post):		/sbin/install-info
-Requires(postun):	/sbin/install-info
 
 
 %package tools
 Summary:	Some ASN.1 tools
-Group:		Applications/Text
 License:	GPLv3+
-Requires:	%name = %version-%release
+Requires:	%{name}%{?_isa} = %{version}-%{release}
 
 
 %description
@@ -58,6 +58,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %setup -q
 
 %patch1 -p1 -b .rpath
+%patch200 -p1 -b .coverity
 %patch300 -p1 -b .CVE-2021-46848
 %patch301 -p1 -b .CVE-2024-12133
 
@@ -67,11 +68,11 @@ autoreconf -v -f --install
 # libtasn1 likes to regenerate docs
 touch doc/stamp_docs
 
-make %{?_smp_mflags}
+%make_build
 
 
 %install
-make DESTDIR="$RPM_BUILD_ROOT" install
+%make_install
 
 rm -f $RPM_BUILD_ROOT{%_libdir/*.la,%_infodir/dir}
 
@@ -79,23 +80,9 @@ rm -f $RPM_BUILD_ROOT{%_libdir/*.la,%_infodir/dir}
 %check
 make check
 
-
-%post   -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
-
-
-%post devel
-test -f %_infodir/%name.info.gz && \
-	/sbin/install-info --info-dir=%_infodir %_infodir/%name.info || :
-
-%preun devel
-test "$1" = 0 -a -f %_infodir/%name.info.gz && \
-	/sbin/install-info --info-dir=%_infodir --delete %_infodir/%name.info || :
-
 %files
-%{!?_licensedir:%global license %%doc}
-%license COPYING*
-%doc AUTHORS NEWS README THANKS
+%license LICENSE doc/COPYING*
+%doc AUTHORS NEWS README.md
 %{_libdir}/*.so.6*
 
 %files tools
@@ -112,14 +99,62 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \
 
 
 %changelog
-* Wed Feb 12 2025 Alexander Sosedkin <asosedki@redhat.com> - 4.13.0-5
-- Backport the fix for CVE-2024-12133
+* Wed Feb 12 2025 Alexander Sosedkin <asosedki@redhat.com> - 4.16.0-9
+- Backport the fix for CVE-2024-12133 (RHEL-78580)
 
-* Wed Nov 30 2022 Simo Sorce <simo@redhat.com> - 4.13.0-4
-- Resolves: rhbz#2140600
+* Wed Nov 30 2022 Simo Sorce <simo@redhat.com> - 4.16.0-8
+- Resolves: rhbz#2140602
 
-* Fri Aug  3 2018 Florian Weimer <fweimer@redhat.com> - 4.13-3
-- Honor %%{valgrind_arches}
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.16.0-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.16.0-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Mon Apr 12 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 4.16.0-5
+- Coverity-related fixes (#1938797)
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.16.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.16.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 4.16.0-2
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Sun Feb 02 2020 Nikos Mavrogiannopoulos <nmav@redhat.com> - 4.16.0-1
+- Update to 4.14 (#1621973)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.15.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Nov 21 2019 Simo Sorce <simo@redhat.com> - 4.15.0-1
+- Update to 4.15.0 (#1775065)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Jul 22 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 4.14-1
+- Update to 4.14 (#1621973)
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.13-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 4.13-6
+- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc.
+
+* Mon Oct 22 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 4.13-5
+- libtasn1-devel requires the tools subpackage; it is necessary for
+  development.
+
+* Sat Jul 21 2018 Peter Robinson <pbrobinson@fedoraproject.org> 4.13-4
+- Add missing gcc/gnupg2 deps, spec cleanups
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.13-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild