[gentoo-commits] repo/gentoo:master commit in: app-crypt/mhash/files/, app-crypt/mhash/
commit: 62b38c216dc300d3300f24a19d8de5ff6fc644bb Author: Sam James gentoo org> AuthorDate: Wed Dec 20 10:34:22 2023 + Commit: Sam James gentoo org> CommitDate: Wed Dec 20 10:35:08 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62b38c21 app-crypt/mhash: fix UAF in tests Closes: https://bugs.gentoo.org/914173 Signed-off-by: Sam James gentoo.org> .../mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch | 19 +++ app-crypt/mhash/mhash-0.9.9.9-r3.ebuild | 1 + 2 files changed, 20 insertions(+) diff --git a/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch new file mode 100644 index ..cd9b3c041891 --- /dev/null +++ b/app-crypt/mhash/files/mhash-0.9.9.9-hmac-uaf-test.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/914173 +https://sourceforge.net/p/mhash/patches/12/ +https://sourceforge.net/p/mhash/bugs/43/ + +Fixes a segfault due to use-after-free on x86 & ARM in the test suite. + +Index: mhash-0.9.9.9/src/hmac_test.c +=== +--- mhash-0.9.9.9/src/hmac_test.c mhash-0.9.9.9/src/hmac_test.c 2020-04-01 00:04:44.039815882 +0200 +@@ -76,8 +76,6 @@ + + /* Test No 2 */ + +- mutils_memset(tmp, 0, sizeof(tmp)); +- + passlen=sizeof(KEY2) - 1; + password = (mutils_word8 *) mutils_malloc(passlen+1); + mutils_memcpy(password, KEY2, passlen); diff --git a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild index e2dff3f8b8ba..59e8dcb9010e 100644 --- a/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild +++ b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild @@ -26,6 +26,7 @@ PATCHES=( "${FILESDIR}"/${P}-align.patch "${FILESDIR}"/${P}-alignment.patch "${FILESDIR}"/${P}-no-malloc-check.patch + "${FILESDIR}"/${P}-hmac-uaf-test.patch ) DOCS=( doc/example.c doc/skid2-authentication )
[gentoo-commits] repo/gentoo:master commit in: app-crypt/mhash/files/, app-crypt/mhash/
commit: ebe40f65ccf0618947fe31b55c7a1ac5e4748716 Author: Alfredo Tupone gentoo org> AuthorDate: Sun Mar 19 10:45:39 2023 + Commit: Alfredo Tupone gentoo org> CommitDate: Sun Mar 19 10:53:15 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebe40f65 app-crypt/mhash: generate a pck-config file Closes: https://bugs.gentoo.org/895562 Signed-off-by: Alfredo Tupone gentoo.org> app-crypt/mhash/files/mhash.pc | 4 .../mhash/{mhash-0.9.9.9-r2.ebuild => mhash-0.9.9.9-r3.ebuild} | 10 -- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/app-crypt/mhash/files/mhash.pc b/app-crypt/mhash/files/mhash.pc new file mode 100644 index ..6186f85c7839 --- /dev/null +++ b/app-crypt/mhash/files/mhash.pc @@ -0,0 +1,4 @@ +Libs:-lmhash +Name: mhash +Version: @VERSION@ +Description: provides a uniform interface to several hash algorithms diff --git a/app-crypt/mhash/mhash-0.9.9.9-r2.ebuild b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild similarity index 89% rename from app-crypt/mhash/mhash-0.9.9.9-r2.ebuild rename to app-crypt/mhash/mhash-0.9.9.9-r3.ebuild index e31cbe8e8e25..d8cba554e436 100644 --- a/app-crypt/mhash/mhash-0.9.9.9-r2.ebuild +++ b/app-crypt/mhash/mhash-0.9.9.9-r3.ebuild @@ -1,7 +1,7 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 inherit autotools @@ -39,6 +39,10 @@ src_prepare() { -e 's/--netscape//' \ "${S}"/doc/Makefile.in || die + sed \ + -e "s:@VERSION@:${PV}:" \ + "${FILESDIR}"/${PN}.pc > ${PN}.pc || die + # Refresh bundled libtool (ltmain.sh) # (elibtoolize is not sufficient) # bug #668666 @@ -57,5 +61,7 @@ src_compile() { src_install() { default + insinto /usr/$(get_libdir)/pkgconfig + doins ${PN}.pc find "${ED}" -name '*.la' -delete || die }