diff options
author | Bryan Drewery <bdrewery@FreeBSD.org> | 2014-06-05 17:54:33 +0000 |
---|---|---|
committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2014-06-05 17:54:33 +0000 |
commit | 7d58e9457ecd610cdfafd57a69ca05a641840ea3 (patch) | |
tree | d34a08486e0e4b1027f0a19a6811ec03578d7fc7 | |
parent | 894568e29baef8caaec55d1aa6d520d87720963a (diff) | |
download | ports-7d58e9457ecd610cdfafd57a69ca05a641840ea3.tar.gz ports-7d58e9457ecd610cdfafd57a69ca05a641840ea3.zip |
MFH: r356535
Patch CVE-2014-3466 to prevent memory corruption due to server hello parsing.
Skipped PORTREVISION 5 which made several framework updates not needed here.
Obtained from: https://gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
Security: CVE-2014-3466, 9733c480-ebff-11e3-970b-206a8a720317
Notes
Notes:
svn path=/branches/2014Q2/; revision=356656
-rw-r--r-- | security/gnutls/Makefile | 2 | ||||
-rw-r--r-- | security/gnutls/files/patch-lib-gnutls_handshake.c | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index df799a47ae57..166876a8805e 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -3,7 +3,7 @@ PORTNAME= gnutls PORTVERSION= 2.12.23 -PORTREVISION= 4 +PORTREVISION= 6 CATEGORIES= security net MASTER_SITES= \ ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/ \ diff --git a/security/gnutls/files/patch-lib-gnutls_handshake.c b/security/gnutls/files/patch-lib-gnutls_handshake.c new file mode 100644 index 000000000000..8ecac0686495 --- /dev/null +++ b/security/gnutls/files/patch-lib-gnutls_handshake.c @@ -0,0 +1,11 @@ +--- lib/gnutls_handshake.c.orig 2012-11-03 06:03:47.000000000 -0700 ++++ lib/gnutls_handshake.c 2014-06-04 07:55:49.138570114 -0700 +@@ -1797,7 +1797,7 @@ + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; |