[gentoo-commits] repo/gentoo:master commit in: dev-libs/crypto++/, dev-libs/crypto++/files/

Mon, 05 Jun 2017 10:30:06 -0700 

commit:     edc966cf52bcb20f6141cc4ca3a20e98d4440069
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  5 17:14:51 2017 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Jun  5 17:29:16 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edc966cf

dev-libs/crypto++: fix CVE-2017-9434

Bug: 620926

Package-Manager: Portage-2.3.5, Repoman-2.3.1

 dev-libs/crypto++/crypto++-5.6.5-r1.ebuild         | 60 ++++++++++++++++++++++
 .../files/crypto++-5.6.5-CVE-2017-9434.patch       | 45 ++++++++++++++++
 2 files changed, 105 insertions(+)

diff --git a/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild 
b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
new file mode 100644
index 00000000000..47aa6d36e78
--- /dev/null
+++ b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit flag-o-matic toolchain-funcs
+
+DESCRIPTION="C++ class library of cryptographic schemes"
+HOMEPAGE="http://cryptopp.com";
+SRC_URI="https://www.cryptopp.com/cryptopp${PV//.}.zip";
+
+LICENSE="Boost-1.0"
+SLOT="0/5.6" # subslot is so version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x64-macos"
+IUSE="static-libs"
+
+DEPEND="app-arch/unzip"
+
+S="${WORKDIR}"
+
+PATCHES=(
+       "${FILESDIR}/${PN}-5.6.4-nonative.patch"
+       "${FILESDIR}/${P}-CVE-2017-9434.patch"
+)
+
+pkg_setup() {
+       export CXX="$(tc-getCXX)"
+       export LIBDIR="${EPREFIX}/usr/$(get_libdir)"
+       export PREFIX="${EPREFIX}/usr"
+}
+
+src_compile() {
+       # higher optimizations cause problems
+       replace-flags -O3 -O2
+       # ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS
+       [[ ${CHOST} == *-darwin* ]] && append-cxxflags -DCRYPTOPP_DISABLE_ASM
+
+       emake -f GNUmakefile all shared
+}
+
+src_install() {
+       default
+
+       # remove leftovers as build system sucks
+       rm -fr "${ED}"/usr/bin "${ED}"/usr/share/cryptopp
+       use static-libs || rm -f "${ED}${EPREFIX}"/usr/$(get_libdir)/*.a
+
+       # compatibility
+       dosym cryptopp "${EPREFIX}"/usr/include/crypto++
+       for f in "${ED}${EPREFIX}"/usr/$(get_libdir)/*; do
+               ln -s "$(basename "${f}")" "$(echo "${f}" | sed 
's/cryptopp/crypto++/')" || die
+       done
+}
+
+pkg_preinst() {
+       # we switched directory to symlink
+       # make sure portage digests that
+       rm -fr "${EROOT}/usr/include/crypto++"
+       rm -fr "${EROOT}/usr/include/cryptopp"
+}

diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch 
b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
new file mode 100644
index 00000000000..428f48901a3
--- /dev/null
+++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
@@ -0,0 +1,45 @@
+From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001
+From: Jeffrey Walton <[email protected]>
+Date: Wed, 10 May 2017 18:17:12 -0400
+Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The
+ improved validation and excpetion clears the Address Sanitizer and Undefined
+ Behavior Sanitizer findings
+
+---
+ zinflate.cpp | 8 +++++++-
+ zinflate.h   | 4 ++++
+ 3 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/zinflate.cpp b/zinflate.cpp
+index 664efe6..fbd7505 100644
+--- a/zinflate.cpp
++++ b/zinflate.cpp
+@@ -550,12 +550,16 @@ bool Inflator::DecodeBody()
+                                               break;
+                                       }
+               case DISTANCE_BITS:
++                                      if (m_distance >= 
COUNTOF(distanceExtraBits))
++                                              throw BadDistanceErr();
+                                       bits = distanceExtraBits[m_distance];
+                                       if (!m_reader.FillBuffer(bits))
+                                       {
+                                               m_nextDecode = DISTANCE_BITS;
+                                               break;
+                                       }
++                                      if (m_distance >= 
COUNTOF(distanceStarts))
++                                              throw BadDistanceErr();
+                                       m_distance = m_reader.GetBits(bits) + 
distanceStarts[m_distance];
+                                       OutputPast(m_literal, m_distance);
+                               }
+diff --git a/zinflate.h b/zinflate.h
+index e2fd237..c47d2f6 100644
+--- a/zinflate.h
++++ b/zinflate.h
+@@ -96,6 +96,7 @@ public:
+       };
+       class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : 
Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};
+       class BadBlockErr : public Err {public: BadBlockErr() : 
Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};
++      class BadDistanceErr : public Err {public: BadDistanceErr() : 
Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};
+ 
+       //! \brief RFC 1951 Decompressor
+       //! \param attachment the filter's attached transformation

Reply via email to