rpms
/
perl-Convert-ASN1
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:i8c
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'i8c' and 'c9' have entirely different histories.
i8c ... c9

2 changed files with 74 additions and 6 deletions
Show Stats

45
SOURCES/Convert-ASN1-0.27-CVE-2013-7488.patch
Unescape View File

@ -0,0 +1,45 @@
From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:37:48 -0700
Subject: [PATCH 1/2] Fix unsafe decoding in indef case
Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
---
lib/Convert/ASN1/_decode.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
index e811e8d..eb2b584 100644
--- a/lib/Convert/ASN1/_decode.pm
+++ b/lib/Convert/ASN1/_decode.pm
@@ -685,6 +685,7 @@ sub _scan_indef {
if((unpack("C",$tag) & 0x1f) == 0x1f) {
my $b;
do {
+ return if $pos >= $end;
$tag .= substr($_[0],$pos++,1);
$b = ord substr($tag,-1);
} while($b & 0x80);
From 8125d99e15596fee1b5f904ed74a76bccf54082d Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:53:09 -0700
Subject: [PATCH 2/2] Add second part of position check
Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
---
lib/Convert/ASN1/_decode.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
index eb2b584..67b95aa 100644
--- a/lib/Convert/ASN1/_decode.pm
+++ b/lib/Convert/ASN1/_decode.pm
@@ -679,6 +679,7 @@ sub _scan_indef {
$pos += 2;
next;
}
+ return if $pos >= $end;
my $tag = substr($_[0], $pos++, 1);

35
SPECS/perl-Convert-ASN1.spec
Unescape View File

@ -4,7 +4,7 @@
Summary: ASN.1 encode/decode library Summary: ASN.1 encode/decode library
Name: perl-Convert-ASN1 Name: perl-Convert-ASN1
Version: 0.27 Version: 0.27
Release: 17%{?dist} Release: 24%{?dist}
License: GPL+ or Artistic License: GPL+ or Artistic
URL: https://metacpan.org/release/Convert-ASN1 URL: https://metacpan.org/release/Convert-ASN1
Source0: https://cpan.metacpan.org/authors/id/G/GB/GBARR/Convert-ASN1-%{version}.tar.gz Source0: https://cpan.metacpan.org/authors/id/G/GB/GBARR/Convert-ASN1-%{version}.tar.gz
@ -13,6 +13,9 @@ Patch0: Convert-ASN1-0.27-Correct-shebangs-in-tests.patch
# Allow running tests from a read-only location, # Allow running tests from a read-only location,
# <https://github.com/gbarr/perl-Convert-ASN1/pull/40> # <https://github.com/gbarr/perl-Convert-ASN1/pull/40>
Patch1: Convert-ASN1-0.27-Use-temporary-output-files-for-tests.patch Patch1: Convert-ASN1-0.27-Use-temporary-output-files-for-tests.patch
# Fix unsafe decoding in indef case,
# <https://github.com/gbarr/perl-Convert-ASN1/pull/15>
Patch2: Convert-ASN1-0.27-CVE-2013-7488.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: coreutils BuildRequires: coreutils
BuildRequires: make BuildRequires: make
@ -74,6 +77,7 @@ with "%{_libexecdir}/%{name}/test".
%setup -q -n Convert-ASN1-%{version} %setup -q -n Convert-ASN1-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
chmod +x t/*.t chmod +x t/*.t
%build %build
@ -86,7 +90,7 @@ mkdir -p %{buildroot}/%{_libexecdir}/%{name}
cp -a t %{buildroot}/%{_libexecdir}/%{name} cp -a t %{buildroot}/%{_libexecdir}/%{name}
cat > %{buildroot}/%{_libexecdir}/%{name}/test << 'EOF' cat > %{buildroot}/%{_libexecdir}/%{name}/test << 'EOF'
#!/bin/sh #!/bin/sh
cd %{_libexecdir}/%{name} && exec prove -I . -j $(getconf _NPROCESSORS_ONLN) cd %{_libexecdir}/%{name} && exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
EOF EOF
chmod +x %{buildroot}/%{_libexecdir}/%{name}/test chmod +x %{buildroot}/%{_libexecdir}/%{name}/test
%{_fixperms} %{buildroot}/* %{_fixperms} %{buildroot}/*
@ -105,11 +109,30 @@ make test
%{_libexecdir}/%{name} %{_libexecdir}/%{name}
%changelog %changelog
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.27-17 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.27-24
- Rebuilt for MSVSphere 8.8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Sep 17 2019 Petr Pisar <ppisar@redhat.com> - 0.27-17 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.27-23
- Bump a release to replace the EPEL package (bug #1746898) - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.27-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Nov 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 0.27-21
- Fix unsafe decoding in indef case (CVE-2013-7488)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 0.27-19
- Perl 5.32 rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.27-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Oct 30 2019 Petr Pisar <ppisar@redhat.com> - 0.27-17
- Quote a substituted number of processors in the test script
* Wed Aug 28 2019 Petr Pisar <ppisar@redhat.com> - 0.27-16 * Wed Aug 28 2019 Petr Pisar <ppisar@redhat.com> - 0.27-16
- Modernize spec file - Modernize spec file

Write Preview
Loading…
Cancel
Save