Patch to fix X509 DN comparisons.

2017-10-03 10:35:42 +02:00 · 2017-10-03 10:35:42 +02:00 · 81fbf5cda0
parent b4fa4c98ec
commit 81fbf5cda0
2 changed files with 20 additions and 1 deletions
--- a/botan-1.8.15-fix-x509-dn-cmp.patch
+++ b/botan-1.8.15-fix-x509-dn-cmp.patch
@ -0,0 +1,13 @@
+diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp
+index bdb9e79..3f56d12 100644
+--- a/src/utils/parsing.cpp
+++ b/src/utils/parsing.cpp
+@@ -227,6 +227,8 @@ bool x500_name_cmp(const std::string& name1, const std::string& name2)
+ 
+          if(p1 == name1.end() && p2 == name2.end())
+             return true;
+         if(p1 == name1.end() || p2 == name2.end())
+            return false;
+          }
+ 
+       if(!Charset::caseless_cmp(*p1, *p2))
--- a/botan.spec
+++ b/botan.spec
@ -1,6 +1,6 @@
 Name:           botan
 Version:        1.8.15
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Crypto library written in C++

 Group:          System Environment/Libraries
@ -12,6 +12,8 @@ Source0:        Botan-%{version}.stripped.tar.gz
 Source1:        README.fedora
 # soname was changed unintentionally upstream, revert it.
 Patch0:         botan-1.8.15-soname.patch
+# cherry-pick commit c9271016 from 1.10 branch: fix for CVE-2017-2801
+Patch1:         botan-1.8.15-fix-x509-dn-cmp.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 BuildRequires:  gcc-c++
@ -51,6 +53,7 @@ developing applications that use %{name}.
 %prep
 %setup -q -n Botan-%{version}
 %patch0 -p1
+%patch1 -p1
 cp -av %{SOURCE1} .

 %build
@ -120,6 +123,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./check --validate


 %changelog
+* Tue Oct  3 2017 Thomas Moschny <thomas.moschny@gmx.de> - 1.8.15-2
+- Patch to fix X509 DN comparisons.
+
 * Sat Feb 13 2016 Thomas Moschny <thomas.moschny@gmx.de> - 1.8.15-1
 - Update to 1.8.15.
 - Remove patch applied upstream.