Hello community, here is the log from the commit of package libtasn1 for openSUSE:Factory checked in at 2019-05-03 22:21:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libtasn1 (Old) and /work/SRC/openSUSE:Factory/.libtasn1.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtasn1" Fri May 3 22:21:48 2019 rev:45 rq:699551 version:4.13 Changes: -------- --- /work/SRC/openSUSE:Factory/libtasn1/libtasn1.changes 2018-02-28 19:55:13.480262459 +0100 +++ /work/SRC/openSUSE:Factory/.libtasn1.new.5148/libtasn1.changes 2019-05-03 22:21:49.720635793 +0200 @@ -1,0 +2,7 @@ +Mon Apr 29 16:13:16 UTC 2019 - [email protected] + +- Add libtasn1-object-id-recursion.patch: limit recursion in + _asn1_expand_object_id (boo#1105435 CVE-2018-1000654 + (https://gitlab.com/gnutls/libtasn1/merge_requests/8) + +------------------------------------------------------------------- New: ---- libtasn1-object-id-recursion.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtasn1.spec ++++++ --- /var/tmp/diff_new_pack.iHDs5a/_old 2019-05-03 22:21:50.728637838 +0200 +++ /var/tmp/diff_new_pack.iHDs5a/_new 2019-05-03 22:21:50.728637838 +0200 @@ -1,7 +1,7 @@ # # spec file for package libtasn1 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,7 +21,7 @@ Version: 4.13 Release: 0 Summary: ASN.1 parsing library -License: LGPL-2.1+ and GPL-3.0 +License: LGPL-2.1-or-later AND GPL-3.0-only Group: Productivity/Networking/Security Url: https://www.gnu.org/software/libtasn1/ Source0: http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz @@ -29,6 +29,8 @@ # http://josefsson.org/key.txt Source2: %{name}.keyring Source99: baselibs.conf +# PATCH-FIX-UPSTREAM libtasn1-object-id-recursion.patch boo#1105435 [email protected] -- limit recursion in _asn1_expand_object_id. +Patch0: libtasn1-object-id-recursion.patch BuildRequires: info BuildRequires: pkgconfig Requires(post): %{install_info_prereq} @@ -62,6 +64,7 @@ %prep %setup -q +%patch0 -p1 %build %configure --disable-static ++++++ libtasn1-object-id-recursion.patch ++++++ >From 9c40f7796c9d33179b602f65f4b587d175fba23c Mon Sep 17 00:00:00 2001 From: Mike Gorse <[email protected]> Date: Thu, 11 Apr 2019 11:14:58 -0500 Subject: [PATCH 1/2] _asn1_expand_object_id: Limit recursion Resolves #4 --- lib/parser_aux.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/parser_aux.c b/lib/parser_aux.c index 786ea64..08c2167 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -675,7 +675,7 @@ _asn1_expand_object_id (asn1_node node) { asn1_node p, p2, p3, p4, p5; char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1]; - int move, tlen; + int move, tlen, tries; if (node == NULL) return ASN1_ELEMENT_NOT_FOUND; @@ -684,6 +684,7 @@ _asn1_expand_object_id (asn1_node node) p = node; move = DOWN; + tries = 0; while (!((p == node) && (move == UP))) { @@ -738,7 +739,9 @@ _asn1_expand_object_id (asn1_node node) p4 = p4->right; } move = DOWN; - continue; + tries++; + if (tries < 3) + continue; } } } @@ -747,6 +750,7 @@ _asn1_expand_object_id (asn1_node node) else move = RIGHT; + tries = 0; if (move == DOWN) { if (p->down) -- >From 57d6bc19d44b0693023031c6dbc0d21a36550f34 Mon Sep 17 00:00:00 2001 From: Mike Gorse <[email protected]> Date: Thu, 25 Apr 2019 16:40:18 -0500 Subject: [PATCH 2/2] Add reproducer for issues/4 to Test_tree.asn --- tests/Test_tree.asn | 9 +++++++++ tests/Test_tree_asn1_tab.c | 13 +++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/tests/Test_tree.asn b/tests/Test_tree.asn index 0ad0dc5..a253bc8 100644 --- a/tests/Test_tree.asn +++ b/tests/Test_tree.asn @@ -154,6 +154,15 @@ X520LocalityName ::= CHOICE { bmpString BMPString } +id-xnyTest OBJECT IDENTIFIER ::= {id-ix 29 1} +id-ix OBJECR ::= {id-ix 29 2} +BMPString ::= OCTET S +} +UniversalString : BY id O} +id-ix OBJECT IDENTIFIER ::= {2 5} +id-xnyTest OBJECT IDENTIFIER ::= {id-ix 29 1} +anyTest2 ::= INTEGER + id-Test OBJECT IDENTIFIER ::= {1 2 29 2} END diff --git a/tests/Test_tree_asn1_tab.c b/tests/Test_tree_asn1_tab.c index 7869f85..0f211c8 100644 --- a/tests/Test_tree_asn1_tab.c +++ b/tests/Test_tree_asn1_tab.c @@ -68,7 +68,7 @@ const asn1_static_node Test_tree_asn1_tab[] = { { "set", 1610612751, NULL }, { NULL, 3, NULL }, { "oid", 1073741836, NULL }, - { "time2", 1082130449, NULL }, + { "time2", 1073741861, NULL }, { "bol", 1073741828, NULL }, { "oct", 1073741831, NULL }, { "bit", 1073758214, NULL }, @@ -81,7 +81,7 @@ const asn1_static_node Test_tree_asn1_tab[] = { { "any", 1610637325, NULL }, { NULL, 4104, "1"}, { "gen", 1073758235, NULL }, - { "time1", 16777233, NULL }, + { "time1", 36, NULL }, { "SequenceTestTag", 1610612741, NULL }, { "int1", 1610620931, NULL }, { NULL, 2056, "2"}, @@ -160,6 +160,15 @@ const asn1_static_node Test_tree_asn1_tab[] = { { "universalString", 1073741856, NULL }, { "utf8String", 1073741858, NULL }, { "bmpString", 33, NULL }, + { "id-xnyTest", 1879048204, NULL }, + { NULL, 1073741825, "id-ix"}, + { NULL, 1073741825, "29"}, + { NULL, 1, "1"}, + { "id-ix", 1880096780, "OBJECR"}, + { NULL, 1073741825, "id-ix"}, + { NULL, 1073741825, "29"}, + { NULL, 1, "2"}, + { "BMPString", 1073741827, NULL }, { "id-Test", 805306380, NULL }, { NULL, 1073741825, "1"}, { NULL, 1073741825, "2"}, -- 2.20.1
