gnu: crypto++: Update to 6.0.0.

* gnu/packages/crypto.scm (crypto++): Update to 6.0.0.
* gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch: Delete
file.
* gnu/local.mk (dist_patch_DATA): Remove it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Pierre Langlois 2018-02-08 09:57:41 +00:00 committed by Ludovic Courtès
parent 9859b5c190
commit 6ca15c9ef6
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
3 changed files with 2 additions and 70 deletions

View File

@ -599,7 +599,6 @@ dist_patch_DATA = \
%D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \
%D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \
%D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \
%D%/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch \
%D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cube-nocheck.patch \
%D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cursynth-wave-rand.patch \

View File

@ -583,7 +583,7 @@ data on your platform, so the seed itself will be as random as possible.
(define-public crypto++ (define-public crypto++
(package (package
(name "crypto++") (name "crypto++")
(version "5.6.5") (version "6.0.0")
(source (origin (source (origin
(method url-fetch/zipbomb) (method url-fetch/zipbomb)
(uri (string-append "https://cryptopp.com/cryptopp" (uri (string-append "https://cryptopp.com/cryptopp"
@ -591,9 +591,7 @@ data on your platform, so the seed itself will be as random as possible.
".zip")) ".zip"))
(sha256 (sha256
(base32 (base32
"0d1cqdz369ivi082k59025wvxzywvkizw7i0pf5h0a1izs3g8pm7")) "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34"))))
(patches
(search-patches "crypto++-fix-dos-in-asn.1-decoders.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
`(#:make-flags `(#:make-flags

View File

@ -1,65 +0,0 @@
From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <ngg@tresorit.com>
Date: Wed, 14 Dec 2016 13:19:01 +0100
Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939)
---
asn.cpp | 10 ++++++++++
asn.h | 2 ++
2 files changed, 12 insertions(+)
diff --git a/asn.cpp b/asn.cpp
index 297ff010..2e923ef7 100644
--- a/asn.cpp
+++ b/asn.cpp
@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str)
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
+ if (bc > bt.MaxRetrievable())
+ BERDecodeError();
str.New(bc);
if (bc != bt.Get(str, bc))
@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
+ if (bc > bt.MaxRetrievable())
+ BERDecodeError();
bt.TransferTo(str, bc);
return bc;
@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
+ if (bc > bt.MaxRetrievable())
+ BERDecodeError();
SecByteBlock temp(bc);
if (bc != bt.Get(temp, bc))
@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
+ if (bc == 0)
+ BERDecodeError();
+ if (bc > bt.MaxRetrievable())
+ BERDecodeError();
byte unused;
if (!bt.Get(unused))
diff --git a/asn.h b/asn.h
index ed9de52c..33f0dd09 100644
--- a/asn.h
+++ b/asn.h
@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
bool definite = BERLengthDecode(in, bc);
if (!definite)
BERDecodeError();
+ if (bc > in.MaxRetrievable())
+ BERDecodeError();
SecByteBlock buf(bc);