diff options
| author |   Alon Bar-Lev <alonbl@gentoo.org> | 2017-06-05 20:14:51 +0300 |
|---|---|---|
| committer | Alon Bar-Lev <alonbl@gentoo.org> | 2017-06-05 20:29:16 +0300 |
| commit | edc966cf52bcb20f6141cc4ca3a20e98d4440069 (patch) | |
| tree | 1eb2dbe719a3ee105e6f84476b57b418f3e4177f | |
| parent | dev-libs/crypto++: remove unused patches (diff) | |
| download | gentoo-edc966cf.tar.gz gentoo-edc966cf.tar.bz2 gentoo-edc966cf.zip | |
dev-libs/crypto++: fix CVE-2017-9434
Bug: 620926
Package-Manager: Portage-2.3.5, Repoman-2.3.1
| -rw-r--r-- | dev-libs/crypto++/crypto++-5.6.5-r1.ebuild | 60 | ||||
| -rw-r--r-- | dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch | 45 |
2 files changed, 105 insertions, 0 deletions
diff --git a/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild new file mode 100644 index 000000000000..47aa6d36e782 --- /dev/null +++ b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic toolchain-funcs + +DESCRIPTION="C++ class library of cryptographic schemes" +HOMEPAGE="http://cryptopp.com" +SRC_URI="https://www.cryptopp.com/cryptopp${PV//.}.zip" + +LICENSE="Boost-1.0" +SLOT="0/5.6" # subslot is so version +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x64-macos" +IUSE="static-libs" + +DEPEND="app-arch/unzip" + +S="${WORKDIR}" + +PATCHES=( + "${FILESDIR}/${PN}-5.6.4-nonative.patch" + "${FILESDIR}/${P}-CVE-2017-9434.patch" +) + +pkg_setup() { + export CXX="$(tc-getCXX)" + export LIBDIR="${EPREFIX}/usr/$(get_libdir)" + export PREFIX="${EPREFIX}/usr" +} + +src_compile() { + # higher optimizations cause problems + replace-flags -O3 -O2 + # ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS + [[ ${CHOST} == *-darwin* ]] && append-cxxflags -DCRYPTOPP_DISABLE_ASM + + emake -f GNUmakefile all shared +} + +src_install() { + default + + # remove leftovers as build system sucks + rm -fr "${ED}"/usr/bin "${ED}"/usr/share/cryptopp + use static-libs || rm -f "${ED}${EPREFIX}"/usr/$(get_libdir)/*.a + + # compatibility + dosym cryptopp "${EPREFIX}"/usr/include/crypto++ + for f in "${ED}${EPREFIX}"/usr/$(get_libdir)/*; do + ln -s "$(basename "${f}")" "$(echo "${f}" | sed 's/cryptopp/crypto++/')" || die + done +} + +pkg_preinst() { + # we switched directory to symlink + # make sure portage digests that + rm -fr "${EROOT}/usr/include/crypto++" + rm -fr "${EROOT}/usr/include/cryptopp" +} diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch new file mode 100644 index 000000000000..428f48901a31 --- /dev/null +++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch @@ -0,0 +1,45 @@ +From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001 +From: Jeffrey Walton <noloader@gmail.com> +Date: Wed, 10 May 2017 18:17:12 -0400 +Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The + improved validation and excpetion clears the Address Sanitizer and Undefined + Behavior Sanitizer findings + +--- + zinflate.cpp | 8 +++++++- + zinflate.h | 4 ++++ + 3 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/zinflate.cpp b/zinflate.cpp +index 664efe6..fbd7505 100644 +--- a/zinflate.cpp ++++ b/zinflate.cpp +@@ -550,12 +550,16 @@ bool Inflator::DecodeBody() + break;
+ }
+ case DISTANCE_BITS:
++ if (m_distance >= COUNTOF(distanceExtraBits))
++ throw BadDistanceErr();
+ bits = distanceExtraBits[m_distance];
+ if (!m_reader.FillBuffer(bits))
+ {
+ m_nextDecode = DISTANCE_BITS;
+ break;
+ }
++ if (m_distance >= COUNTOF(distanceStarts))
++ throw BadDistanceErr();
+ m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];
+ OutputPast(m_literal, m_distance);
+ }
+diff --git a/zinflate.h b/zinflate.h +index e2fd237..c47d2f6 100644 +--- a/zinflate.h ++++ b/zinflate.h +@@ -96,6 +96,7 @@ public: + };
+ class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};
+ class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};
++ class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};
+
+ //! \brief RFC 1951 Decompressor
+ //! \param attachment the filter's attached transformation
|