Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libksba for openSUSE:Factory checked
in at 2023-01-04 18:09:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libksba (Old)
and /work/SRC/openSUSE:Factory/.libksba.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libksba"
Wed Jan 4 18:09:56 2023 rev:44 rq:1046434 version:1.6.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libksba/libksba.changes 2022-10-18
12:44:53.389708701 +0200
+++ /work/SRC/openSUSE:Factory/.libksba.new.1563/libksba.changes
2023-01-04 18:10:00.052334457 +0100
@@ -1,0 +2,7 @@
+Fri Dec 23 08:15:38 UTC 2022 - Dirk Müller <dmuel...@suse.com>
+
+- update to 1.6.3 (bsc#1206579, CVE-2022-47629):
+ * Fix another integer overflow in the CRL parser.
+ Release-info: https://dev.gnupg.org/T6304
+
+-------------------------------------------------------------------
Old:
----
libksba-1.6.2.tar.bz2
libksba-1.6.2.tar.bz2.sig
New:
----
libksba-1.6.3.tar.bz2
libksba-1.6.3.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libksba.spec ++++++
--- /var/tmp/diff_new_pack.SfruR0/_old 2023-01-04 18:10:00.668338087 +0100
+++ /var/tmp/diff_new_pack.SfruR0/_new 2023-01-04 18:10:00.672338111 +0100
@@ -18,7 +18,7 @@
%define soname 8
Name: libksba
-Version: 1.6.2
+Version: 1.6.3
Release: 0
Summary: A X.509 Library
License: (GPL-2.0-or-later OR LGPL-3.0-or-later) AND GPL-3.0-or-later
AND MIT
++++++ libksba-1.6.2.tar.bz2 -> libksba-1.6.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/ChangeLog new/libksba-1.6.3/ChangeLog
--- old/libksba-1.6.2/ChangeLog 2022-10-07 10:09:50.000000000 +0200
+++ new/libksba-1.6.3/ChangeLog 2022-12-06 14:33:38.000000000 +0100
@@ -1,3 +1,38 @@
+2022-12-06 Werner Koch <w...@gnupg.org>
+
+ Release 1.6.3.
+ + commit bffa9b346071725363a483db547e7dced9721cb5
+
+
+2022-11-23 Werner Koch <w...@gnupg.org>
+
+ Fix an integer overflow in the CRL signature parser.
+ + commit f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
+ * src/crl.c (parse_signature): N+N2 now checked for overflow.
+
+ * src/ocsp.c (parse_response_extensions): Do not accept too large
+ values.
+ (parse_single_extensions): Ditto.
+
+2022-11-02 NIIBE Yutaka <gni...@fsij.org>
+
+ build: Update m4/libgcrypt.m4.
+ + commit 4076b60f7cef4fddc3d30f6e6d4078081dbc7167
+ * m4/libgcrypt.m4: Update from libgcrypt master.
+
+2022-11-01 NIIBE Yutaka <gni...@fsij.org>
+
+ build: Prefer gpgrt-config when available.
+ + commit 13307b22882a220d206341e1196e74fd37418c2f
+ * src/ksba.m4: Overriding the decision by --with-libksba-prefix, use
+ gpgrt-config ksba when gpgrt-config is available.
+
+2022-10-24 NIIBE Yutaka <gni...@fsij.org>
+
+ build: Update gpg-error.m4.
+ + commit c3c1627f34234e3d54fe1f3411ac499dd7e3b3b0
+ * m4/gpg-error.m4: Update from libgpg-error 1.46.
+
2022-10-07 Werner Koch <w...@gnupg.org>
Release 1.6.2.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/NEWS new/libksba-1.6.3/NEWS
--- old/libksba-1.6.2/NEWS 2022-10-07 10:06:25.000000000 +0200
+++ new/libksba-1.6.3/NEWS 2022-12-06 14:30:27.000000000 +0100
@@ -1,3 +1,11 @@
+Noteworthy changes in version 1.6.3 (2022-12-06) [C22/A14/R3]
+------------------------------------------------
+
+ * Fix another integer overflow in the CRL parser. [T6284]
+
+ Release-info: https://dev.gnupg.org/T6304
+
+
Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2]
------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/configure new/libksba-1.6.3/configure
--- old/libksba-1.6.2/configure 2022-10-07 10:09:39.000000000 +0200
+++ new/libksba-1.6.3/configure 2022-12-06 14:33:27.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libksba 1.6.2.
+# Generated by GNU Autoconf 2.69 for libksba 1.6.3.
#
# Report bugs to <https://bugs.gnupg.org>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='libksba'
PACKAGE_TARNAME='libksba'
-PACKAGE_VERSION='1.6.2'
-PACKAGE_STRING='libksba 1.6.2'
+PACKAGE_VERSION='1.6.3'
+PACKAGE_STRING='libksba 1.6.3'
PACKAGE_BUGREPORT='https://bugs.gnupg.org'
PACKAGE_URL=''
@@ -1384,7 +1384,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libksba 1.6.2 to adapt to many kinds of systems.
+\`configure' configures libksba 1.6.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1455,7 +1455,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libksba 1.6.2:";;
+ short | recursive ) echo "Configuration of libksba 1.6.3:";;
esac
cat <<\_ACEOF
@@ -1584,7 +1584,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libksba configure 1.6.2
+libksba configure 1.6.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2190,7 +2190,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libksba $as_me 1.6.2, which was
+It was created by libksba $as_me 1.6.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2546,7 +2546,7 @@
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=22
LIBKSBA_LT_AGE=14
-LIBKSBA_LT_REVISION=2
+LIBKSBA_LT_REVISION=3
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
@@ -3066,7 +3066,7 @@
# Define the identity of the package.
PACKAGE='libksba'
- VERSION='1.6.2'
+ VERSION='1.6.3'
cat >>confdefs.h <<_ACEOF
@@ -12475,7 +12475,7 @@
-VERSION_NUMBER=0x010602
+VERSION_NUMBER=0x010603
@@ -14398,6 +14398,10 @@
fi
if test -n "$gpgrt_libdir"; then break; fi
done
+ if test -z "$libdir_candidates"; then
+ # No valid pkgconfig dir in any of the system directories, fallback
+ gpgrt_libdir=${possible_libdir1}
+ fi
else
# When we cannot determine system libdir-format, use this:
gpgrt_libdir=${possible_libdir1}
@@ -15257,11 +15261,11 @@
# Generate extended version information for W32.
if test "$have_w32_system" = yes; then
BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
- BUILD_FILEVERSION="${BUILD_FILEVERSION}10625"
+ BUILD_FILEVERSION="${BUILD_FILEVERSION}49146"
fi
-BUILD_REVISION="2981495"
+BUILD_REVISION="bffa9b3"
cat >>confdefs.h <<_ACEOF
@@ -15878,7 +15882,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libksba $as_me 1.6.2, which was
+This file was extended by libksba $as_me 1.6.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -15944,7 +15948,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libksba config.status 1.6.2
+libksba config.status 1.6.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -17957,7 +17961,7 @@
echo "
Libksba v${VERSION} has been configured as follows:
- Revision: 2981495 (10625)
+ Revision: bffa9b3 (49146)
Platform: $host
"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/configure.ac
new/libksba-1.6.3/configure.ac
--- old/libksba-1.6.2/configure.ac 2022-10-07 10:06:25.000000000 +0200
+++ new/libksba-1.6.3/configure.ac 2022-12-06 14:30:27.000000000 +0100
@@ -30,7 +30,7 @@
m4_define([mym4_package],[libksba])
m4_define([mym4_major], [1])
m4_define([mym4_minor], [6])
-m4_define([mym4_micro], [2])
+m4_define([mym4_micro], [3])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
@@ -52,7 +52,7 @@
# Please remember to document interface changes in the NEWS file.
LIBKSBA_LT_CURRENT=22
LIBKSBA_LT_AGE=14
-LIBKSBA_LT_REVISION=2
+LIBKSBA_LT_REVISION=3
#-------------------
# If the API is changed in an incompatible way: increment the next counter.
KSBA_CONFIG_API_VERSION=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/doc/ksba.info
new/libksba-1.6.3/doc/ksba.info
--- old/libksba-1.6.2/doc/ksba.info 2022-10-07 10:09:50.000000000 +0200
+++ new/libksba-1.6.3/doc/ksba.info 2022-12-06 14:33:38.000000000 +0100
@@ -8,8 +8,8 @@
This file documents the KSBA library to access X.509 and CMS data
structures.
- This is edition 1.6.2, last updated 12 May 2020, of 'The KSBA
-Reference Manual', for Version 1.6.2.
+ This is edition 1.6.3, last updated 22 November 2022, of 'The KSBA
+Reference Manual', for Version 1.6.3.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
@@ -25,8 +25,8 @@
Main Menu
*********
-This is edition 1.6.2, last updated 12 May 2020, of 'The KSBA Reference
-Manual', for Version 1.6.2 of the KSBA library.
+This is edition 1.6.3, last updated 22 November 2022, of 'The KSBA
+Reference Manual', for Version 1.6.3 of the KSBA library.
Copyright (C) 2002, 2003, 2004 g10 Code GmbH
@@ -228,33 +228,34 @@
path (via the '-I' option).
However, the path to the include file is determined at the time the
-source is configured. To solve this problem, 'KSBA' ships with a small
-helper program 'ksba-config' that knows about the path to the include
-file and other configuration options. The options that need to be added
-to the compiler invocation at compile time are output by the '--cflags'
-option of 'ksba-config'. The following example shows how it can be used
-at the command line:
-
- gcc -c foo.c `ksba-config --cflags`
-
- Adding the output of 'ksba-config --cflags' to the compiler's command
-line will ensure that the compiler can find the 'ksba.h' header file.
+source is configured. To solve this problem, 'KSBA' ships with
+'ksba.pc' file, that knows about the path to the include file and other
+configuration options. The options that need to be added to the
+compiler invocation at compile time are output by the '--cflags' option
+of 'pkg-config ksba'. The following example shows how it can be used at
+the command line:
+
+ gcc -c foo.c `pkg-config --cflags ksba`
+
+ Adding the output of 'pkg-config --cflags ksba' to the compiler's
+command line will ensure that the compiler can find the 'ksba.h' header
+file.
A similar problem occurs when linking the program with the library.
Again, the compiler has to find the library files. For this to work,
the path to the library files has to be added to the library search path
-(via the '-L' option). For this, the option '--libs' of 'ksba-config'
-can be used. For convenience, this option also outputs all other
+(via the '-L' option). For this, the option '--libs' of 'pkg-config
+ksba' can be used. For convenience, this option also outputs all other
options that are required to link the program with the 'KSBA' libraries
(in particular, the '-lksba' option). The example shows how to link
'foo.o' with the 'KSBA' libraries to a program 'foo'.
- gcc -o foo foo.o `ksba-config --libs`
+ gcc -o foo foo.o `pkg-config --libs ksba`
Of course you can also combine both examples to a single command by
-specifying both options to 'ksba-config':
+specifying both options to 'pkg-config ksba':
- gcc -o foo foo.c `ksba-config --cflags --libs`
+ gcc -o foo foo.c `pkg-config --cflags --libs ksba`
�
File: ksba.info, Node: Certificate Handling, Next: CMS, Prev: Preparation,
Up: Top
@@ -1870,33 +1871,33 @@
�
Tag Table:
-Node: Top738
-Node: Introduction2768
-Node: Getting Started3046
-Node: Features3912
-Node: Overview5003
-Node: Preparation5252
-Node: Header5735
-Node: Version Check6331
-Node: Building the source7423
-Node: Certificate Handling9267
-Node: Creating certificates10248
-Node: Retrieving attributes12709
-Node: Setting attributes26927
-Node: User data27192
-Node: CMS29112
-Node: CMS Basics29571
-Node: CMS Parser31634
-Node: CRLs35612
-Node: PKCS1035895
-Node: Utilities36156
-Node: Names36560
-Node: OIDs38872
-Node: DNs39076
-Node: Error Handling40207
-Node: Component Labels41562
-Node: Copying43125
-Node: Concept Index80652
-Node: Function and Data Index80780
+Node: Top743
+Node: Introduction2778
+Node: Getting Started3056
+Node: Features3922
+Node: Overview5013
+Node: Preparation5262
+Node: Header5745
+Node: Version Check6341
+Node: Building the source7433
+Node: Certificate Handling9284
+Node: Creating certificates10265
+Node: Retrieving attributes12726
+Node: Setting attributes26944
+Node: User data27209
+Node: CMS29129
+Node: CMS Basics29588
+Node: CMS Parser31651
+Node: CRLs35629
+Node: PKCS1035912
+Node: Utilities36173
+Node: Names36577
+Node: OIDs38889
+Node: DNs39093
+Node: Error Handling40224
+Node: Component Labels41579
+Node: Copying43142
+Node: Concept Index80669
+Node: Function and Data Index80797
�
End Tag Table
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/doc/ksba.texi
new/libksba-1.6.3/doc/ksba.texi
--- old/libksba-1.6.2/doc/ksba.texi 2020-05-12 12:09:20.000000000 +0200
+++ new/libksba-1.6.3/doc/ksba.texi 2022-11-22 16:19:20.000000000 +0100
@@ -259,18 +259,18 @@
path (via the @option{-I} option).
However, the path to the include file is determined at the time the
-source is configured. To solve this problem, `KSBA' ships with a small
-helper program @command{ksba-config} that knows about the path to the
-include file and other configuration options. The options that need to
-be added to the compiler invocation at compile time are output by the
-@option{--cflags} option of @command{ksba-config}. The following
+source is configured. To solve this problem, `KSBA' ships with
+@code{ksba.pc} file, that knows about the path to the include file and
+other configuration options. The options that need to be added to the
+compiler invocation at compile time are output by the
+@option{--cflags} option of @command{pkg-config ksba}. The following
example shows how it can be used at the command line:
@example
-gcc -c foo.c `ksba-config --cflags`
+gcc -c foo.c `pkg-config --cflags ksba`
@end example
-Adding the output of @samp{ksba-config --cflags} to the compiler's
+Adding the output of @samp{pkg-config --cflags ksba} to the compiler's
command line will ensure that the compiler can find the @file{ksba.h}
header file.
@@ -278,21 +278,21 @@
Again, the compiler has to find the library files. For this to work,
the path to the library files has to be added to the library search path
(via the @option{-L} option). For this, the option @option{--libs} of
-@command{ksba-config} can be used. For convenience, this option also
+@command{pkg-config ksba} can be used. For convenience, this option also
outputs all other options that are required to link the program with the
`KSBA' libraries (in particular, the @samp{-lksba} option). The
example shows how to link @file{foo.o} with the `KSBA' libraries to a
program @command{foo}.
@example
-gcc -o foo foo.o `ksba-config --libs`
+gcc -o foo foo.o `pkg-config --libs ksba`
@end example
Of course you can also combine both examples to a single command by
-specifying both options to @command{ksba-config}:
+specifying both options to @command{pkg-config ksba}:
@example
-gcc -o foo foo.c `ksba-config --cflags --libs`
+gcc -o foo foo.c `pkg-config --cflags --libs ksba`
@end example
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/doc/stamp-vti
new/libksba-1.6.3/doc/stamp-vti
--- old/libksba-1.6.2/doc/stamp-vti 2022-10-07 10:09:49.000000000 +0200
+++ new/libksba-1.6.3/doc/stamp-vti 2022-12-06 14:33:38.000000000 +0100
@@ -1,4 +1,4 @@
-@set UPDATED 12 May 2020
-@set UPDATED-MONTH May 2020
-@set EDITION 1.6.2
-@set VERSION 1.6.2
+@set UPDATED 22 November 2022
+@set UPDATED-MONTH November 2022
+@set EDITION 1.6.3
+@set VERSION 1.6.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/doc/version.texi
new/libksba-1.6.3/doc/version.texi
--- old/libksba-1.6.2/doc/version.texi 2022-10-07 10:09:13.000000000 +0200
+++ new/libksba-1.6.3/doc/version.texi 2022-12-06 14:33:38.000000000 +0100
@@ -1,4 +1,4 @@
-@set UPDATED 12 May 2020
-@set UPDATED-MONTH May 2020
-@set EDITION 1.6.2
-@set VERSION 1.6.2
+@set UPDATED 22 November 2022
+@set UPDATED-MONTH November 2022
+@set EDITION 1.6.3
+@set VERSION 1.6.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/m4/gpg-error.m4
new/libksba-1.6.3/m4/gpg-error.m4
--- old/libksba-1.6.2/m4/gpg-error.m4 2022-09-16 12:24:38.000000000 +0200
+++ new/libksba-1.6.3/m4/gpg-error.m4 2022-11-22 16:19:20.000000000 +0100
@@ -10,7 +10,7 @@
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
-# Last-changed: 2022-02-15
+# Last-changed: 2022-09-21
dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION,
@@ -120,6 +120,10 @@
fi
if test -n "$gpgrt_libdir"; then break; fi
done
+ if test -z "$libdir_candidates"; then
+ # No valid pkgconfig dir in any of the system directories, fallback
+ gpgrt_libdir=${possible_libdir1}
+ fi
else
# When we cannot determine system libdir-format, use this:
gpgrt_libdir=${possible_libdir1}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/m4/libgcrypt.m4
new/libksba-1.6.3/m4/libgcrypt.m4
--- old/libksba-1.6.2/m4/libgcrypt.m4 2020-11-18 15:45:18.000000000 +0100
+++ new/libksba-1.6.3/m4/libgcrypt.m4 2022-11-22 16:19:20.000000000 +0100
@@ -9,7 +9,7 @@
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
-# Last-changed: 2020-09-27
+# Last-changed: 2022-11-01
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -40,7 +40,7 @@
fi
use_gpgrt_config=""
- if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a
"$GPGRT_CONFIG" != "no"; then
+ if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
if $GPGRT_CONFIG libgcrypt --exists; then
LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/src/crl.c new/libksba-1.6.3/src/crl.c
--- old/libksba-1.6.2/src/crl.c 2022-10-07 09:56:23.000000000 +0200
+++ new/libksba-1.6.3/src/crl.c 2022-12-06 14:30:27.000000000 +0100
@@ -1349,7 +1349,7 @@
&& !ti.is_constructed) )
return gpg_error (GPG_ERR_INV_CRL_OBJ);
n2 = ti.nhdr + ti.length;
- if (n + n2 >= DIM(tmpbuf))
+ if (n + n2 >= DIM(tmpbuf) || (n + n2) < n)
return gpg_error (GPG_ERR_TOO_LARGE);
memcpy (tmpbuf+n, ti.buf, ti.nhdr);
err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/src/ksba.h new/libksba-1.6.3/src/ksba.h
--- old/libksba-1.6.2/src/ksba.h 2022-10-07 10:09:47.000000000 +0200
+++ new/libksba-1.6.3/src/ksba.h 2022-12-06 14:33:35.000000000 +0100
@@ -46,11 +46,11 @@
/* The version of this header should match the one of the library. Do
* not use this symbol in your application; use assuan_check_version
* instead. */
-#define KSBA_VERSION "1.6.2"
+#define KSBA_VERSION "1.6.3"
/* The version number of this header. It may be used to handle minor
* API incompatibilities. */
-#define KSBA_VERSION_NUMBER 0x010602
+#define KSBA_VERSION_NUMBER 0x010603
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/src/ksba.m4
new/libksba-1.6.3/src/ksba.m4
--- old/libksba-1.6.2/src/ksba.m4 2020-11-18 15:45:18.000000000 +0100
+++ new/libksba-1.6.3/src/ksba.m4 2022-11-22 16:19:20.000000000 +0100
@@ -9,7 +9,7 @@
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
-# Last-changed: 2020-11-18
+# Last-changed: 2022-11-01
dnl AM_PATH_KSBA([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
@@ -44,7 +44,7 @@
fi
use_gpgrt_config=""
- if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" !=
"no"; then
+ if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
if $GPGRT_CONFIG ksba --exists; then
KSBA_CONFIG="$GPGRT_CONFIG ksba"
AC_MSG_NOTICE([Use gpgrt-config as ksba-config])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libksba-1.6.2/src/ocsp.c new/libksba-1.6.3/src/ocsp.c
--- old/libksba-1.6.2/src/ocsp.c 2022-02-26 17:07:18.000000000 +0100
+++ new/libksba-1.6.3/src/ocsp.c 2022-12-06 14:30:27.000000000 +0100
@@ -721,6 +721,12 @@
|| memcmp (ocsp->nonce, data, ti.length))
ocsp->bad_nonce = 1;
}
+ if (ti.length > (1<<24))
+ {
+ /* Bail out on much too large objects. */
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
@@ -788,6 +794,12 @@
err = parse_octet_string (&data, &datalen, &ti);
if (err)
goto leave;
+ if (ti.length > (1<<24))
+ {
+ /* Bail out on much too large objects. */
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
