Imported Upstream version 1.6.2

diff --git a/ChangeLog b/ChangeLog
index 72ed3b2..d0e0b5b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2022-10-07  Werner Koch  <wk@gnupg.org>
+
+       Release 1.6.2.
+       + commit 29814959fe2b65c6d4ac35dea261006a8cad3661
+
+
+2022-10-05  Werner Koch  <wk@gnupg.org>
+
+       Detect a possible overflow directly in the TLV parser.
+       + commit 4b7d9cd4a018898d7714ce06f3faf2626c14582b
+       * src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
+       used sum.
+
 2022-09-16  Werner Koch  <wk@gnupg.org>
 
        Release 1.6.1.

diff --git a/NEWS b/NEWS
index 1667dac..3c74e41 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2]
+------------------------------------------------
+
+ * Fix integer overflow in the CRL parser.  [rK4b7d9cd4a0]
+
+ Release-info: https://dev.gnupg.org/T6230
+
+
 Noteworthy changes in version 1.6.1 (2022-09-16) [C22/A14/R1]
 ------------------------------------------------
 

diff --git a/configure b/configure
index beb7744..3495ab1 100755 (executable)
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libksba 1.6.1.
+# Generated by GNU Autoconf 2.69 for libksba 1.6.2.
 #
 # Report bugs to <https://bugs.gnupg.org>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libksba'
 PACKAGE_TARNAME='libksba'
-PACKAGE_VERSION='1.6.1'
-PACKAGE_STRING='libksba 1.6.1'
+PACKAGE_VERSION='1.6.2'
+PACKAGE_STRING='libksba 1.6.2'
 PACKAGE_BUGREPORT='https://bugs.gnupg.org'
 PACKAGE_URL=''
 
@@ -1384,7 +1384,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libksba 1.6.1 to adapt to many kinds of systems.
+\`configure' configures libksba 1.6.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1455,7 +1455,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libksba 1.6.1:";;
+     short | recursive ) echo "Configuration of libksba 1.6.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1584,7 +1584,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libksba configure 1.6.1
+libksba configure 1.6.2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2190,7 +2190,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libksba $as_me 1.6.1, which was
+It was created by libksba $as_me 1.6.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2546,7 +2546,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 # Please remember to document interface changes in the NEWS file.
 LIBKSBA_LT_CURRENT=22
 LIBKSBA_LT_AGE=14
-LIBKSBA_LT_REVISION=1
+LIBKSBA_LT_REVISION=2
 #-------------------
 # If the API is changed in an incompatible way: increment the next counter.
 KSBA_CONFIG_API_VERSION=1
@@ -3066,7 +3066,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libksba'
- VERSION='1.6.1'
+ VERSION='1.6.2'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -12475,7 +12475,7 @@ fi
 
 
 
-VERSION_NUMBER=0x010601
+VERSION_NUMBER=0x010602
 
 
 
@@ -15257,11 +15257,11 @@ fi
 # Generate extended version information for W32.
 if test "$have_w32_system" = yes; then
       BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
-      BUILD_FILEVERSION="${BUILD_FILEVERSION}54209"
+      BUILD_FILEVERSION="${BUILD_FILEVERSION}10625"
 fi
 
 
-BUILD_REVISION="d3c1e06"
+BUILD_REVISION="2981495"
 
 
 cat >>confdefs.h <<_ACEOF
@@ -15878,7 +15878,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libksba $as_me 1.6.1, which was
+This file was extended by libksba $as_me 1.6.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -15944,7 +15944,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libksba config.status 1.6.1
+libksba config.status 1.6.2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -17957,7 +17957,7 @@ fi
 echo "
         Libksba v${VERSION} has been configured as follows:
 
-        Revision:  d3c1e06  (54209)
+        Revision:  2981495  (10625)
         Platform:  $host
 
 "

diff --git a/configure.ac b/configure.ac
index 83a74b5..ef627c0 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ min_automake_version="1.14"
 m4_define([mym4_package],[libksba])
 m4_define([mym4_major], [1])
 m4_define([mym4_minor], [6])
-m4_define([mym4_micro], [1])
+m4_define([mym4_micro], [2])
 
 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a
@@ -52,7 +52,7 @@ AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
 # Please remember to document interface changes in the NEWS file.
 LIBKSBA_LT_CURRENT=22
 LIBKSBA_LT_AGE=14
-LIBKSBA_LT_REVISION=1
+LIBKSBA_LT_REVISION=2
 #-------------------
 # If the API is changed in an incompatible way: increment the next counter.
 KSBA_CONFIG_API_VERSION=1

diff --git a/doc/ksba.info b/doc/ksba.info
index ca39f88..63a62fc 100644 (file)
--- a/doc/ksba.info
+++ b/doc/ksba.info
@@ -8,8 +8,8 @@ END-INFO-DIR-ENTRY
 This file documents the KSBA library to access X.509 and CMS data
 structures.
 
-   This is edition 1.6.1, last updated 12 May 2020, of 'The KSBA
-Reference Manual', for Version 1.6.1.
+   This is edition 1.6.2, last updated 12 May 2020, of 'The KSBA
+Reference Manual', for Version 1.6.2.
 
    Copyright (C) 2002, 2003, 2004 g10 Code GmbH
 
@@ -25,8 +25,8 @@ File: ksba.info,  Node: Top,  Next: Introduction,  Up: (dir)
 Main Menu
 *********
 
-This is edition 1.6.1, last updated 12 May 2020, of 'The KSBA Reference
-Manual', for Version 1.6.1 of the KSBA library.
+This is edition 1.6.2, last updated 12 May 2020, of 'The KSBA Reference
+Manual', for Version 1.6.2 of the KSBA library.
 
    Copyright (C) 2002, 2003, 2004 g10 Code GmbH
 

diff --git a/doc/stamp-vti b/doc/stamp-vti
index f0e06c2..729de08 100644 (file)
--- a/doc/stamp-vti
+++ b/doc/stamp-vti
@@ -1,4 +1,4 @@
 @set UPDATED 12 May 2020
 @set UPDATED-MONTH May 2020
-@set EDITION 1.6.1
-@set VERSION 1.6.1
+@set EDITION 1.6.2
+@set VERSION 1.6.2

diff --git a/doc/version.texi b/doc/version.texi
index f0e06c2..729de08 100644 (file)
--- a/doc/version.texi
+++ b/doc/version.texi
@@ -1,4 +1,4 @@
 @set UPDATED 12 May 2020
 @set UPDATED-MONTH May 2020
-@set EDITION 1.6.1
-@set VERSION 1.6.1
+@set EDITION 1.6.2
+@set VERSION 1.6.2

diff --git a/src/ber-help.c b/src/ber-help.c
index 81c31ed..56efb6a 100644 (file)
--- a/src/ber-help.c
+++ b/src/ber-help.c
@@ -182,6 +182,12 @@ _ksba_ber_read_tl (ksba_reader_t reader, struct tag_info *ti)
       ti->length = len;
     }
 
+  if (ti->length > ti->nhdr && (ti->nhdr + ti->length) < ti->length)
+    {
+      ti->err_string = "header+length would overflow";
+      return gpg_error (GPG_ERR_EOVERFLOW);
+    }
+
   /* Without this kludge some example certs can't be parsed */
   if (ti->class == CLASS_UNIVERSAL && !ti->tag)
     ti->length = 0;

diff --git a/src/ksba.h b/src/ksba.h
index dbb83b5..aec5e4d 100644 (file)
--- a/src/ksba.h
+++ b/src/ksba.h
@@ -46,11 +46,11 @@ extern "C" {
 /* The version of this header should match the one of the library.  Do
  * not use this symbol in your application; use assuan_check_version
  * instead.  */
-#define KSBA_VERSION "1.6.1"
+#define KSBA_VERSION "1.6.2"
 
 /* The version number of this header.  It may be used to handle minor
  * API incompatibilities.  */
-#define KSBA_VERSION_NUMBER 0x010601
+#define KSBA_VERSION_NUMBER 0x010602