From 80dfe275e662347798cd1c65dfcf94241bab0766 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 12 2014 03:42:44 +0000
Subject: import gnutls-3.1.18-10.el7_0


---

diff --git a/SOURCES/gnutls-3.1.18-cve-2014-8564.patch b/SOURCES/gnutls-3.1.18-cve-2014-8564.patch
new file mode 100644
index 0000000..99c598d
--- /dev/null
+++ b/SOURCES/gnutls-3.1.18-cve-2014-8564.patch
@@ -0,0 +1,39 @@
+diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
+index 51abe7b..5816b96 100644
+--- a/lib/gnutls_ecc.c
++++ b/lib/gnutls_ecc.c
+@@ -53,12 +53,24 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
+ 
+   /* pad and store x */
+   byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
++  if (numlen < byte_size)
++    {
++      ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++      goto cleanup;
++    }
++
+   size = out->size - (1 + (numlen - byte_size));
+   ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
+   if (ret < 0)
+     return gnutls_assert_val (ret);
+ 
+   byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
++  if (numlen < byte_size)
++    {
++      ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++      goto cleanup;
++    }
++
+   size = out->size - (1 + (numlen + numlen - byte_size));
+   ret =
+     _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
+@@ -67,6 +79,9 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
+ 
+   /* pad and store y */
+   return 0;
++cleanup:
++  _gnutls_free_datum(out);
++  return ret;
+ }
+ 
+ 
diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec
index 5ecc573..c1f3bc7 100644
--- a/SPECS/gnutls.spec
+++ b/SPECS/gnutls.spec
@@ -3,7 +3,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
 Version: 3.1.18
-Release: 9%{?dist}
+Release: 10%{?dist}
 # The libraries are LGPLv2.1+, utilities are GPLv3+, however
 # the bundled gnulib is LGPLv3+
 License: GPLv3+ and LGPLv2+ and LGPLv3+
@@ -40,6 +40,7 @@ Patch10: gnutls-3.1.18-suiteb.patch
 Patch11: gnutls-3.1.18-cve-2014-0092.patch
 Patch12: gnutls-3.1.18-server-hello-fix.patch
 Patch13: gnutls-3.1.18-fix-crash-on-certain-names.patch
+Patch14: gnutls-3.1.18-cve-2014-8564.patch
 
 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130424
@@ -151,6 +152,7 @@ This package contains Guile bindings for the library.
 %patch11 -p1 -b .cve-2014-0092
 %patch12 -p1 -b .server-hello-fix
 %patch13 -p1 -b .fix-crash-on-certain-names
+%patch14 -p1 -b .cve-2014-8564
 
 %{SOURCE2} -e
 
@@ -285,6 +287,9 @@ fi
 %endif
 
 %changelog
+* Fri Nov  7 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-10
+- Applied fix for CVE-2014-8564 (#1161472)
+
 * Wed May 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-9
 - fix session ID length check (#1102027)
 - fixes null pointer dereference (#1101727)