[gentoo-commits] repo/gentoo:master commit in: app-crypt/mhash/files/, app-crypt/mhash/
commit: 62b38c216dc300d3300f24a19d8de5ff6fc644bb
Author: Sam James gentoo org>
AuthorDate: Wed Dec 20 10:34:22 2023 +
Commit: Sam James gentoo org>
CommitDate: Wed Dec 20 10:35:08 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62b38c21
app-crypt/mhash: fix UAF in tests
Closes: https://bugs.gentoo.org/914173
Signed-off-by: Sam James gentoo.org>
.../mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch | 19 +++
app-crypt/mhash/mhash-0.9.9.9-r3.ebuild | 1 +
2 files changed, 20 insertions(+)
diff --git a/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch
b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch
new file mode 100644
index ..cd9b3c041891
--- /dev/null
+++ b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/914173
+https://sourceforge.net/p/mhash/patches/12/
+https://sourceforge.net/p/mhash/bugs/43/
+
+Fixes a segfault due to use-after-free on x86 & ARM in the test suite.
+
+Index: mhash-0.9.9.9/src/hmac_test.c
+===
+--- mhash-0.9.9.9/src/hmac_test.c
mhash-0.9.9.9/src/hmac_test.c 2020-04-01 00:04:44.039815882 +0200
+@@ -76,8 +76,6 @@
+
+ /* Test No 2 */
+
+- mutils_memset(tmp, 0, sizeof(tmp));
+-
+ passlen=sizeof(KEY2) - 1;
+ password = (mutils_word8 *) mutils_malloc(passlen+1);
+ mutils_memcpy(password, KEY2, passlen);
diff --git a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
index e2dff3f8b8ba..59e8dcb9010e 100644
--- a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
+++ b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
@@ -26,6 +26,7 @@ PATCHES=(
"${FILESDIR}"/${P}-align.patch
"${FILESDIR}"/${P}-alignment.patch
"${FILESDIR}"/${P}-no-malloc-check.patch
+ "${FILESDIR}"/${P}-hmac-uaf-test.patch
)
DOCS=( doc/example.c doc/skid2-authentication )
[gentoo-commits] repo/gentoo:master commit in: app-crypt/mhash/files/, app-crypt/mhash/
commit: ebe40f65ccf0618947fe31b55c7a1ac5e4748716
Author: Alfredo Tupone gentoo org>
AuthorDate: Sun Mar 19 10:45:39 2023 +
Commit: Alfredo Tupone gentoo org>
CommitDate: Sun Mar 19 10:53:15 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebe40f65
app-crypt/mhash: generate a pck-config file
Closes: https://bugs.gentoo.org/895562
Signed-off-by: Alfredo Tupone gentoo.org>
app-crypt/mhash/files/mhash.pc | 4
.../mhash/{mhash-0.9.9.9-r2.ebuild => mhash-0.9.9.9-r3.ebuild} | 10 --
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/app-crypt/mhash/files/mhash.pc b/app-crypt/mhash/files/mhash.pc
new file mode 100644
index ..6186f85c7839
--- /dev/null
+++ b/app-crypt/mhash/files/mhash.pc
@@ -0,0 +1,4 @@
+Libs:-lmhash
+Name: mhash
+Version: @VERSION@
+Description: provides a uniform interface to several hash algorithms
diff --git a/app-crypt/mhash/mhash-0.9.9.9-r2.ebuild
b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
similarity index 89%
rename from app-crypt/mhash/mhash-0.9.9.9-r2.ebuild
rename to app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
index e31cbe8e8e25..d8cba554e436 100644
--- a/app-crypt/mhash/mhash-0.9.9.9-r2.ebuild
+++ b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
inherit autotools
@@ -39,6 +39,10 @@ src_prepare() {
-e 's/--netscape//' \
"${S}"/doc/Makefile.in || die
+ sed \
+ -e "s:@VERSION@:${PV}:" \
+ "${FILESDIR}"/${PN}.pc > ${PN}.pc || die
+
# Refresh bundled libtool (ltmain.sh)
# (elibtoolize is not sufficient)
# bug #668666
@@ -57,5 +61,7 @@ src_compile() {
src_install() {
default
+ insinto /usr/$(get_libdir)/pkgconfig
+ doins ${PN}.pc
find "${ED}" -name '*.la' -delete || die
}
