| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-fix-win32-linker.patch | fix mingw32 linker error without this patch, we get a problem cross-building for mingw32, where the linker script is not recognized. . This is a similar issue to the one the libgpg-error had in https://lists.gnupg.org/pipermail/gnupg-devel/2016-February/030798.html |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2016-02-14 | ||
| 10_Fix-a-possible-segv-in-case-of-an-unknown-CMS-object.patch | [PATCH] Fix a possible segv in case of an unknown CMS object. * src/cms.c (ksba_cms_get_enc_val): Fix strcmp. -- |
Werner Koch <wk@gnupg.org> | no | 2020-12-21 | ||
| 20_Detect-a-possible-overflow-directly-in-the-TLV-parse.patch | [PATCH] Detect a possible overflow directly in the TLV parser. * src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly used sum. -- It is quite common to have checks like if (ti.nhdr + ti.length >= DIM(tmpbuf)) return gpg_error (GPG_ERR_TOO_LARGE); This patch detects possible integer overflows immmediately when creating the TI object. |
Werner Koch <wk@gnupg.org> | no | 2022-10-05 | ||
| 25-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch | [PATCH] Fix an integer overflow in the CRL signature parser. * src/crl.c (parse_signature): N+N2 now checked for overflow. * src/ocsp.c (parse_response_extensions): Do not accept too large values. (parse_single_extensions): Ditto. -- The second patch is an extra safegourd not related to the reported bug. |
Werner Koch <wk@gnupg.org> | no | 2022-11-22 |