Mailinglist Archive: opensuse-commit (1314 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package gnutls for openSUSE:11.4
checked in at Tue Jan 24 15:38:10 CET 2012.



--------
--- old-versions/11.4/all/gnutls/gnutls.changes 2010-04-24 13:52:05.000000000 
+0200
+++ 11.4/gnutls/gnutls.changes  2011-11-14 09:28:23.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Nov 14 08:26:48 UTC 2011 - gjhe@xxxxxxxx
+
+- fix Bug 729486 - VUL-1: CVE-2011-4128: gnutls: buffer overflow
+  CVE-2011-4128
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.4/all/gnutls
Destination is old-versions/11.4/UPDATES/all/gnutls
calling whatdependson for 11.4-i586


New:
----
  CVE-2011-4128.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.hJ3fng/_old  2012-01-24 15:37:48.000000000 +0100
+++ /var/tmp/diff_new_pack.hJ3fng/_new  2012-01-24 15:37:48.000000000 +0100
@@ -1,7 +1,7 @@
 #
-# spec file for package gnutls (Version 2.8.6)
+# spec file for package gnutls
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,12 +21,13 @@
 Name:           gnutls
 BuildRequires:  gcc-c++ libgcrypt-devel libopencdk-devel libtasn1-devel 
pkg-config
 Version:        2.8.6
-Release:        1
+Release:        5.<RELEASE6>
 License:        LGPLv2.1+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://www.gnutls.org/
 Source0:        %name-%version.tar.bz2
 Source1:        baselibs.conf
+Patch1:         CVE-2011-4128.patch
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
@@ -137,7 +138,7 @@
 
 %prep
 %setup -q
-#%patch1 -p1
+%patch1 -p1
 #%patch2 -p1
 
 %build

++++++ CVE-2011-4128.patch ++++++
Index: gnutls-2.8.6/lib/gnutls_session.c
===================================================================
--- gnutls-2.8.6.orig/lib/gnutls_session.c
+++ gnutls-2.8.6/lib/gnutls_session.c
@@ -64,13 +64,14 @@ gnutls_session_get_data (gnutls_session_
       gnutls_assert ();
       return ret;
     }
-  *session_data_size = psession.size;
 
   if (psession.size > *session_data_size)
     {
+      *session_data_size = psession.size;
       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
       goto error;
     }
+  *session_data_size = psession.size;
 
   if (session_data != NULL)
     memcpy (session_data, psession.data, psession.size);
continue with "q"...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx