diff --git a/dist b/dist new file mode 100644 index 0000000000000000000000000000000000000000..535c6900412d365bb0ff6de8d1f27110833b3ae3 --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an8_7 diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..507bb908f342ca6ccf56c71f0051dbb9549c3bfb --- /dev/null +++ b/download @@ -0,0 +1,2 @@ +ce2ba4d3088119b48e7531a703669c52 libtasn1-4.13.tar.gz +92d43319927b3968b86c7a2783e97a5f libtasn1-4.13.tar.gz.sig diff --git a/libtasn1-4.13.tar.gz b/libtasn1-4.13.tar.gz deleted file mode 100644 index dbcfc7f8ff38efebb7be2f5b06ba7c924084fb56..0000000000000000000000000000000000000000 Binary files a/libtasn1-4.13.tar.gz and /dev/null differ diff --git a/libtasn1-4.13.tar.gz.sig b/libtasn1-4.13.tar.gz.sig deleted file mode 100644 index d1763c5bc148a1f19c4c16ee1b8f38f21fbb1911..0000000000000000000000000000000000000000 --- a/libtasn1-4.13.tar.gz.sig +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEqBLL/fzcTQvnoJMSnV6q9pATuEIFAlpeOtEACgkQnV6q9pAT -uEIWNAf/YnmT4u3ShAfhUKE4sIap+8ivG5AxCPw1Rwgwc8qcS2VKOVeiwYTWmt9t -g5CDrVu27DTPbCkdS7sTKrHQT3Pjc2DRJWHJbaHr5J717sNp50XWWXjNyZGrmyN4 -ais1d7no0GMXRsR6SUOFi+M52Q/vWhhYz4gaDAV9XSOqbJ6MPiw4BhjqyVSQ4lwD -Lfn4upk+1JFjzCpVft7iXrx1P4RXvFJC1sBYpUJAbdm9y0rO5jGiY7EHokDNq1rT -71hBWUclo37GsJnF65CRD1Mb5/wdZxm2wvEL/SFlHKqnY/uB3y4u7il91fi9zrwY -mDmVimu7E563pqum16000pybZIEmFw== -=LTAv ------END PGP SIGNATURE----- diff --git a/libtasn1-4.19-CVE-2021-46848.patch b/libtasn1-4.19-CVE-2021-46848.patch new file mode 100644 index 0000000000000000000000000000000000000000..e4383f383c00c6f360f94ea82536c73dd2b916be --- /dev/null +++ b/libtasn1-4.19-CVE-2021-46848.patch @@ -0,0 +1,11 @@ +--- a/lib/int.h 2022-11-30 14:21:26.985600761 -0500 ++++ b/lib/int.h 2022-11-30 14:23:25.856065950 -0500 +@@ -97,7 +97,7 @@ + #define ETYPE_TAG(etype) (_asn1_tags[etype].tag) + #define ETYPE_CLASS(etype) (_asn1_tags[etype].class) + #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ +- (etype) <= _asn1_tags_size && \ ++ (etype) < _asn1_tags_size && \ + _asn1_tags[(etype)].desc != NULL)?1:0) + + #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ diff --git a/libtasn1.spec b/libtasn1.spec index 11d06747f71136be69aedb1af54f0302edbcf34c..57825329369b382dae8a90cfa0c52ac000c93a1b 100644 --- a/libtasn1.spec +++ b/libtasn1.spec @@ -2,7 +2,7 @@ Summary: The ASN.1 library used in GNUTLS Name: libtasn1 Version: 4.13 -Release: 3%{anolis_release}%{?dist} +Release: 4%{anolis_release}%{?dist} # The libtasn1 library is LGPLv2+, utilities are GPLv3+ License: GPLv3+ and LGPLv2+ @@ -12,6 +12,7 @@ Source0: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz Source1: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg Patch1: libtasn1-3.4-rpath.patch +Patch300: libtasn1-4.19-CVE-2021-46848.patch BuildRequires: bison, pkgconfig, help2man BuildRequires: autoconf, automake, libtool @@ -66,6 +67,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %setup -q %patch1 -p1 -b .rpath +%patch300 -p1 -b .CVE-2021-46848 %build autoreconf -v -f --install @@ -119,9 +121,12 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \ %doc AUTHORS NEWS README THANKS %changelog -* Fri Jul 15 2022 Weisson - 4.13-3.0.1 +* Wed Jan 18 2023 Weisson - 4.13-4.0.1 - Add doc sub package +* Wed Nov 30 2022 Simo Sorce - 4.13-4 +- Resolves: rhbz#2140600 + * Fri Aug 3 2018 Florian Weimer - 4.13-3 - Honor %%{valgrind_arches}