Hello community,
here is the log from the commit of package gnutls for openSUSE:13.1 checked in
at 2013-10-29 10:13:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1/gnutls (Old)
and /work/SRC/openSUSE:13.1/.gnutls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls"
Changes:
--------
--- /work/SRC/openSUSE:13.1/gnutls/gnutls.changes 2013-09-23
10:52:35.000000000 +0200
+++ /work/SRC/openSUSE:13.1/.gnutls.new/gnutls.changes 2013-10-29
10:13:36.000000000 +0100
@@ -1,0 +2,6 @@
+Fri Oct 25 04:22:30 UTC 2013 - shch...@suse.com
+
+- Fix bug[ bnc#847484], CVE-2013-4466 ( DoS in libdane)
+ Add patch file: CVE-2013-4466.patch
+
+-------------------------------------------------------------------
New:
----
CVE-2013-4466.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.brmHZT/_old 2013-10-29 10:13:36.000000000 +0100
+++ /var/tmp/diff_new_pack.brmHZT/_new 2013-10-29 10:13:36.000000000 +0100
@@ -40,6 +40,7 @@
Patch5: gnutls-3.2.4-noecc.patch
Patch6: gnutls-implement-trust-store-dir.diff
Patch7: make-obs-happy-with-gnutls_3.2.4.patch
+Patch8: CVE-2013-4466.patch
BuildRequires: automake
BuildRequires: gcc-c++
@@ -142,6 +143,7 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
autoreconf -if
++++++ CVE-2013-4466.patch ++++++
Index: gnutls-3.2.4/libdane/dane.c
===================================================================
--- gnutls-3.2.4.orig/libdane/dane.c
+++ gnutls-3.2.4/libdane/dane.c
@@ -233,77 +233,71 @@ int ret;
**/
void dane_query_deinit(dane_query_t q)
{
- ub_resolve_free(q->result);
+ if (q->result)
+ ub_resolve_free(q->result);
free(q);
}
/**
- * dane_query_tlsa:
+ * dane_raw_tlsa:
* @s: The DANE state structure
* @r: A structure to place the result
- * @host: The host name to resolve.
- * @proto: The protocol type (tcp, udp, etc.)
- * @port: The service port number (eg. 443).
+ * @dane_data: array of DNS rdata items, terminated with a NULL pointer;
+ * caller must guarantee that the referenced data remains
+ * valid until dane_query_deinit() is called.
+ * @dane_data_len: the length n bytes of the dane_data items
+ * @param secure true if the result is validated securely, false if
+ * validation failed or the domain queried has no security info
+ * @param bogus if the result was not secure (secure = 0) due to a security
failure,
+ * and the result is due to a security failure, bogus is true.
*
- * This function will query the DNS server for the TLSA (DANE)
- * data for the given host.
+ * This function will fill in the TLSA (DANE) structure from
+ * the given raw DNS record data.
*
* Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const
char* proto, unsigned int port)
+int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data,
const int *dane_data_len, int secure, int bogus)
{
- char ns[1024];
int ret;
unsigned int i;
*r = calloc(1, sizeof(struct dane_query_st));
if (*r == NULL)
return gnutls_assert_val(DANE_E_MEMORY_ERROR);
-
- snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
-
- /* query for webserver */
- ret = ub_resolve(s->ctx, ns, 52, 1, &(*r)->result);
- if(ret != 0) {
- return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
- }
-
-/* show first result */
- if(!(*r)->result->havedata) {
- return gnutls_assert_val(DANE_E_NO_DANE_DATA);
- }
-
+
i = 0;
do {
- if ((*r)->result->len[i] > 3)
+ if (dane_data_len[i] > 3)
ret = DANE_E_SUCCESS;
else {
return gnutls_assert_val(DANE_E_RECEIVED_CORRUPT_DATA);
}
-
- (*r)->usage[i] = (*r)->result->data[i][0];
- (*r)->type[i] = (*r)->result->data[i][1];
- (*r)->match[i] = (*r)->result->data[i][2];
- (*r)->data[i].data = (void*)&(*r)->result->data[i][3];
- (*r)->data[i].size = (*r)->result->len[i] - 3;
+
+ (*r)->usage[i] = dane_data[i][0];
+ (*r)->type[i] = dane_data[i][1];
+ (*r)->match[i] = dane_data[i][2];
+ (*r)->data[i].data = (void*)&dane_data[i][3];
+ (*r)->data[i].size = dane_data_len[i] - 3;
i++;
- } while((*r)->result->data[i] != NULL);
-
+ if (i > MAX_DATA_ENTRIES)
+ break;
+ } while(dane_data[i] != NULL);
+
(*r)->data_entries = i;
- if (!(s->flags & DANE_F_INSECURE) && !(*r)->result->secure) {
- if ((*r)->result->bogus)
+ if (!(s->flags & DANE_F_INSECURE) && !secure) {
+ if (bogus)
ret = gnutls_assert_val(DANE_E_INVALID_DNSSEC_SIG);
else
ret = gnutls_assert_val(DANE_E_NO_DNSSEC_SIG);
}
/* show security status */
- if ((*r)->result->secure) {
+ if (secure) {
(*r)->status = DANE_QUERY_DNSSEC_VERIFIED;
- } else if ((*r)->result->bogus) {
+ } else if (bogus) {
gnutls_assert();
(*r)->status = DANE_QUERY_BOGUS;
} else {
@@ -314,8 +308,53 @@ int dane_query_tlsa(dane_state_t s, dane
return ret;
}
-static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t
*raw2,
- dane_match_type_t match)
+
+/**
+ * dane_query_tlsa:
+ * @s: The DANE state structure
+ * @r: A structure to place the result
+ * @host: The host name to resolve.
+ * @proto: The protocol type (tcp, udp, etc.)
+ * @port: The service port number (eg. 443).
+ *
+ * This function will query the DNS server for the TLSA (DANE)
+ * data for the given host.
+ *
+ * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ **/
+int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const
char* proto, unsigned int port)
+{
+ char ns[1024];
+ int ret;
+ struct ub_result *result;
+
+ snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
+
+ /* query for webserver */
+ ret = ub_resolve(s->ctx, ns, 52, 1, &result);
+ if(ret != 0) {
+ return gnutls_assert_val(DANE_E_RESOLVING_ERROR);
+ }
+
+ /* show first result */
+ if(!result->havedata) {
+ ub_resolve_free (result);
+ return gnutls_assert_val(DANE_E_NO_DANE_DATA);
+ }
+
+ ret = dane_raw_tlsa (s, r, result->data, result->len, result->secure,
result->bogus);
+ if (*r == NULL) {
+ ub_resolve_free (result);
+ return ret;
+ }
+
+ (*r)->result = result;
+ return ret;
+}
+
+static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t
*raw2,
+ dane_match_type_t match)
{
uint8_t digest[64];
int ret;
Index: gnutls-3.2.4/libdane/includes/gnutls/dane.h
===================================================================
--- gnutls-3.2.4.orig/libdane/includes/gnutls/dane.h
+++ gnutls-3.2.4/libdane/includes/gnutls/dane.h
@@ -109,6 +109,8 @@ int dane_state_init (dane_state_t* s, un
int dane_state_set_dlv_file(dane_state_t s, const char* file);
void dane_state_deinit (dane_state_t s);
+int dane_raw_tlsa(dane_state_t s, dane_query_t *r, char *const*dane_data,
const int *dane_data_len, int secure, int bogus);
+
int dane_query_tlsa(dane_state_t s, dane_query_t *r, const char* host, const
char* proto, unsigned int port);
dane_query_status_t dane_query_status(dane_query_t q);
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
