>From 9d9b90882491ff2ebf6f3a3580d4d7dbcdf57c72 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 8 Feb 2018 09:57:41 +0000 Subject: [PATCH 2/2] gnu: crypto++: Update to 6.0.0. * gnu/packages/crypto.scm (crypto++): Update to 6.0.0. * gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/crypto.scm | 6 +- .../crypto++-fix-dos-in-asn.1-decoders.patch | 65 ---------------------- 3 files changed, 2 insertions(+), 70 deletions(-) delete mode 100644 gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch diff --git a/gnu/local.mk b/gnu/local.mk index 06e78c2f5..88d55964e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -598,7 +598,6 @@ dist_patch_DATA = \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ - %D%/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index e616c9223..a3a28fed0 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -581,7 +581,7 @@ data on your platform, so the seed itself will be as random as possible. (define-public crypto++ (package (name "crypto++") - (version "5.6.5") + (version "6.0.0") (source (origin (method url-fetch/zipbomb) (uri (string-append "https://cryptopp.com/cryptopp" @@ -589,9 +589,7 @@ data on your platform, so the seed itself will be as random as possible. ".zip")) (sha256 (base32 - "0d1cqdz369ivi082k59025wvxzywvkizw7i0pf5h0a1izs3g8pm7")) - (patches - (search-patches "crypto++-fix-dos-in-asn.1-decoders.patch")))) + "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34")))) (build-system gnu-build-system) (arguments `(#:make-flags diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch deleted file mode 100644 index 88b2e7f25..000000000 --- a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001 -From: Gergely Nagy -Date: Wed, 14 Dec 2016 13:19:01 +0100 -Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939) - ---- - asn.cpp | 10 ++++++++++ - asn.h | 2 ++ - 2 files changed, 12 insertions(+) - -diff --git a/asn.cpp b/asn.cpp -index 297ff010..2e923ef7 100644 ---- a/asn.cpp -+++ b/asn.cpp -@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - str.New(bc); - if (bc != bt.Get(str, bc)) -@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation & - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - bt.TransferTo(str, bc); - return bc; -@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - SecByteBlock temp(bc); - if (bc != bt.Get(temp, bc)) -@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc == 0) -+ BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - byte unused; - if (!bt.Get(unused)) -diff --git a/asn.h b/asn.h -index ed9de52c..33f0dd09 100644 ---- a/asn.h -+++ b/asn.h -@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, - bool definite = BERLengthDecode(in, bc); - if (!definite) - BERDecodeError(); -+ if (bc > in.MaxRetrievable()) -+ BERDecodeError(); - - SecByteBlock buf(bc); - -- 2.16.1