From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-953983-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 44B81139695
for <garchives@archives.gentoo.org>; Mon, 5 Jun 2017 17:29:54 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 7C496E0D3C;
Mon, 5 Jun 2017 17:29:53 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 39D14E0D3C
for <gentoo-commits@lists.gentoo.org>; Mon, 5 Jun 2017 17:29:53 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 2898F34171D
for <gentoo-commits@lists.gentoo.org>; Mon, 5 Jun 2017 17:29:52 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id B974E7468
for <gentoo-commits@lists.gentoo.org>; Mon, 5 Jun 2017 17:29:50 +0000 (UTC)
From: "Alon Bar-Lev" <alonbl@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Alon Bar-Lev" <alonbl@gentoo.org>
Message-ID: <1496683756.edc966cf52bcb20f6141cc4ca3a20e98d4440069.alonbl@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/crypto++/, dev-libs/crypto++/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-libs/crypto++/crypto++-5.6.5-r1.ebuild dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
X-VCS-Directories: dev-libs/crypto++/files/ dev-libs/crypto++/
X-VCS-Committer: alonbl
X-VCS-Committer-Name: Alon Bar-Lev
X-VCS-Revision: edc966cf52bcb20f6141cc4ca3a20e98d4440069
X-VCS-Branch: master
Date: Mon, 5 Jun 2017 17:29:50 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: c3524b44-bc9f-464c-9c0f-9306032a72ed
X-Archives-Hash: f3cea24d951fde05554bde072dae8181
commit: edc966cf52bcb20f6141cc4ca3a20e98d4440069
Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 5 17:14:51 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Mon Jun 5 17:29:16 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edc966cf
dev-libs/crypto++: fix CVE-2017-9434
Bug: 620926
Package-Manager: Portage-2.3.5, Repoman-2.3.1
dev-libs/crypto++/crypto++-5.6.5-r1.ebuild | 60 ++++++++++++++++++++++
.../files/crypto++-5.6.5-CVE-2017-9434.patch | 45 ++++++++++++++++
2 files changed, 105 insertions(+)
diff --git a/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
new file mode 100644
index 00000000000..47aa6d36e78
--- /dev/null
+++ b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit flag-o-matic toolchain-funcs
+
+DESCRIPTION="C++ class library of cryptographic schemes"
+HOMEPAGE="http://cryptopp.com"
+SRC_URI="https://www.cryptopp.com/cryptopp${PV//.}.zip"
+
+LICENSE="Boost-1.0"
+SLOT="0/5.6" # subslot is so version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x64-macos"
+IUSE="static-libs"
+
+DEPEND="app-arch/unzip"
+
+S="${WORKDIR}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-5.6.4-nonative.patch"
+ "${FILESDIR}/${P}-CVE-2017-9434.patch"
+)
+
+pkg_setup() {
+ export CXX="$(tc-getCXX)"
+ export LIBDIR="${EPREFIX}/usr/$(get_libdir)"
+ export PREFIX="${EPREFIX}/usr"
+}
+
+src_compile() {
+ # higher optimizations cause problems
+ replace-flags -O3 -O2
+ # ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS
+ [[ ${CHOST} == *-darwin* ]] && append-cxxflags -DCRYPTOPP_DISABLE_ASM
+
+ emake -f GNUmakefile all shared
+}
+
+src_install() {
+ default
+
+ # remove leftovers as build system sucks
+ rm -fr "${ED}"/usr/bin "${ED}"/usr/share/cryptopp
+ use static-libs || rm -f "${ED}${EPREFIX}"/usr/$(get_libdir)/*.a
+
+ # compatibility
+ dosym cryptopp "${EPREFIX}"/usr/include/crypto++
+ for f in "${ED}${EPREFIX}"/usr/$(get_libdir)/*; do
+ ln -s "$(basename "${f}")" "$(echo "${f}" | sed 's/cryptopp/crypto++/')" || die
+ done
+}
+
+pkg_preinst() {
+ # we switched directory to symlink
+ # make sure portage digests that
+ rm -fr "${EROOT}/usr/include/crypto++"
+ rm -fr "${EROOT}/usr/include/cryptopp"
+}
diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
new file mode 100644
index 00000000000..428f48901a3
--- /dev/null
+++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
@@ -0,0 +1,45 @@
+From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001
+From: Jeffrey Walton <noloader@gmail.com>
+Date: Wed, 10 May 2017 18:17:12 -0400
+Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The
+ improved validation and excpetion clears the Address Sanitizer and Undefined
+ Behavior Sanitizer findings
+
+---
+ zinflate.cpp | 8 +++++++-
+ zinflate.h | 4 ++++
+ 3 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/zinflate.cpp b/zinflate.cpp
+index 664efe6..fbd7505 100644
+--- a/zinflate.cpp
++++ b/zinflate.cpp
+@@ -550,12 +550,16 @@ bool Inflator::DecodeBody()
+ break;
+ }
+ case DISTANCE_BITS:
++ if (m_distance >= COUNTOF(distanceExtraBits))
++ throw BadDistanceErr();
+ bits = distanceExtraBits[m_distance];
+ if (!m_reader.FillBuffer(bits))
+ {
+ m_nextDecode = DISTANCE_BITS;
+ break;
+ }
++ if (m_distance >= COUNTOF(distanceStarts))
++ throw BadDistanceErr();
+ m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];
+ OutputPast(m_literal, m_distance);
+ }
+diff --git a/zinflate.h b/zinflate.h
+index e2fd237..c47d2f6 100644
+--- a/zinflate.h
++++ b/zinflate.h
+@@ -96,6 +96,7 @@ public:
+ };
+ class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};
+ class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};
++ class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};
+
+ //! \brief RFC 1951 Decompressor
+ //! \param attachment the filter's attached transformation