Darn,
time passes so quickly...
I have uploaded 1.10.16 to unstable and will fill unblock bug, given
that the upstream changes from 1.10.15 to 1.10.16 comprises just of this
bugfix:
$ git diff upstream/1.10.15..upstream/1.10.16
diff --git a/botan_version.py b/botan_version.py
index 9002199..28f4823 100644
--- a/botan_version.py
+++ b/botan_version.py
@@ -1,11 +1,11 @@
release_major = 1
release_minor = 10
-release_patch = 15
+release_patch = 16
release_so_abi_rev = 1
# These are set by the distribution script
-release_vc_rev = 'git:f79e642ab8c09971968abdfe6990df6801711e1f'
-release_datestamp = 20170112
+release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e'
+release_datestamp = 20170404
release_type = 'released'
diff --git a/doc/log.txt b/doc/log.txt
index 9ceaa7d..60b76d0 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -7,6 +7,16 @@ Release Notes
Series 1.10
----------------------------------------
+Version 1.10.16, 2017-04-04
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a bug in X509 DN string comparisons that could result in out of
bound
+ reads. This could result in information leakage, denial of service,
or
+ potentially incorrect certificate validation results. (CVE-2017-2801)
+
+* Avoid throwing during a destructor since this is undefined in C++11
+ and rarely a good idea. (GH #930)
+
Version 1.10.15, 2017-01-12
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/src/alloc/alloc_mmap/mmap_mem.cpp
b/src/alloc/alloc_mmap/mmap_mem.cpp
index 17c189e..85edbc4 100644
--- a/src/alloc/alloc_mmap/mmap_mem.cpp
+++ b/src/alloc/alloc_mmap/mmap_mem.cpp
@@ -73,8 +73,7 @@ void* MemoryMapping_Allocator::alloc_block(size_t n)
* will continue to exist until the mmap is unmapped from
* our address space upon deallocation (or process exit).
*/
- if(fd != -1 && ::close(fd) == -1)
- throw MemoryMapping_Failed("Could not close file");
+ fd != -1 && ::close(fd);
}
private:
int fd;
diff --git a/src/utils/parsing.cpp b/src/utils/parsing.cpp
index 9ec0004..fc7e963 100644
--- a/src/utils/parsing.cpp
+++ b/src/utils/parsing.cpp
@@ -230,6 +230,8 @@ bool x500_name_cmp(const std::string& name1, const
std::string& name2)
if(p1 == name1.end() && p2 == name2.end())
return true;
+ if(p1 == name1.end() || p2 == name2.end())
+ return false;
}
if(!Charset::caseless_cmp(*p1, *p2))
Cheers,
--
Ondřej Surý <ond...@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu
On Sun, May 28, 2017, at 14:27, Salvatore Bonaccorso wrote:
> Control: tags 860072 + pending
>
> Dear maintainer, hi Ondrej
>
> I've prepared an NMU for botan1.10 (versioned as 1.10.15-1.1) and
> uploaded it to DELAYED/3. Please feel free to tell me if I
> should delay it longer.
>
> Regards,
> Salvatore
> Email had 1 attachment:
> + botan1.10-1.10.15-1.1-nmu.diff
> 2k (text/x-diff)
