summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJesus Rivero <neurogeek@gentoo.org>2009-03-04 04:44:45 +0000
committerJesus Rivero <neurogeek@gentoo.org>2009-03-04 04:44:45 +0000
commitf1b9a72ef70c850e1d1a3ac89310e1974beab7ed (patch)
treeb33f71c0a3de16a5777663a7d8df8e6f35952769 /dev-python/pycrypto
parentVersion bump, drop old (diff)
downloadgentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.tar.gz
gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.tar.bz2
gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.zip
Added patch for Buffer Overflow in ARC2 module. Bug #258049. CVE-2009-0544
(Portage version: 2.2_rc16/cvs/Linux 2.6.18-gentoo-r3 i686)
Diffstat (limited to 'dev-python/pycrypto')
-rw-r--r--dev-python/pycrypto/ChangeLog8
-rw-r--r--dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch23
-rw-r--r--dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild59
3 files changed, 89 insertions, 1 deletions
diff --git a/dev-python/pycrypto/ChangeLog b/dev-python/pycrypto/ChangeLog
index 2031efecfa56..905dd71664d5 100644
--- a/dev-python/pycrypto/ChangeLog
+++ b/dev-python/pycrypto/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for dev-python/pycrypto
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/pycrypto/ChangeLog,v 1.64 2009/03/01 08:24:02 neurogeek Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-python/pycrypto/ChangeLog,v 1.65 2009/03/04 04:44:45 neurogeek Exp $
+
+*pycrypto-2.0.1-r8 (04 Mar 2009)
+
+ 04 Mar 2009; Jesus Rivero <neurogeek@gentoo.org>
+ +files/pycrypto-2.0.1-CVE-2009-0544.patch, +pycrypto-2.0.1-r8.ebuild:
+ Added patch for Buffer Overflow in ARC2 module. Bug #258049. CVE-2009-0544
*pycrypto-2.0.1-r7 (01 Mar 2009)
diff --git a/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch b/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch
new file mode 100644
index 000000000000..9a4734cf608d
--- /dev/null
+++ b/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch
@@ -0,0 +1,23 @@
+--- src/ARC2.c.orig 2009-03-03 23:53:08.000000000 -0430
++++ src/ARC2.c 2009-03-03 23:53:08.000000000 -0430
+@@ -11,6 +11,7 @@
+ */
+
+ #include <string.h>
++#include "Python.h"
+
+ #define MODULE_NAME ARC2
+ #define BLOCK_SIZE 8
+@@ -146,6 +147,12 @@
+ We'll hardwire it to 1024. */
+ #define bits 1024
+
++ if ((U32)keylength > sizeof(self->xkey)) {
++ PyErr_SetString(PyExc_ValueError,
++ "ARC2 key length must be less than 128 bytes");
++ return;
++ }
++
+ memcpy(self->xkey, key, keylength);
+
+ /* Phase 1: Expand input key to 128 bytes */
diff --git a/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild b/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild
new file mode 100644
index 000000000000..a02b5891373a
--- /dev/null
+++ b/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild,v 1.1 2009/03/04 04:44:45 neurogeek Exp $
+
+NEED_PYTHON=2.5
+inherit distutils toolchain-funcs flag-o-matic
+
+DESCRIPTION="Python Cryptography Toolkit"
+HOMEPAGE="http://www.amk.ca/python/code/crypto.html"
+SRC_URI="http://www.amk.ca/files/python/crypto/${P}.tar.gz"
+
+LICENSE="freedist"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="bindist gmp test"
+
+RDEPEND="virtual/python
+ gmp? ( dev-libs/gmp )"
+DEPEND="${RDEPEND}
+ test? ( =dev-python/sancho-0.11-r1 )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ use bindist && epatch "${FILESDIR}"/${P}-bindist.patch
+ epatch "${FILESDIR}"/${P}-sha256.patch
+ epatch "${FILESDIR}"/${P}-sha256-2.patch
+ epatch "${FILESDIR}"/${P}-gmp.patch
+ epatch "${FILESDIR}"/${P}-uint32.patch
+ epatch "${FILESDIR}"/${P}-sancho-package-rename.patch
+ epatch "${FILESDIR}"/${P}-2.6_hashlib.patch
+ #ARC2 buffer overlow. Bug 258049
+ epatch "${FILESDIR}"/${P}-CVE-2009-0544.patch
+}
+
+src_compile() {
+ use gmp \
+ && export USE_GMP=1 \
+ || export USE_GMP=0
+ # sha256 hashes occasionally trigger ssp when built with
+ # -finline-functions (implied by -O3).
+ gcc-specs-ssp && append-flags -fno-inline-functions
+ distutils_src_compile
+ python_need_rebuild
+}
+
+src_test() {
+ export PYTHONPATH=$(ls -d "${S}"/build/lib.*/)
+ python ./test.py || die "test failed"
+ if use test ; then
+ local x
+ cd test
+ for x in test_*.py ; do
+ python ${x} || die "${x} failed"
+ done
+ fi
+}
+
+DOCS="ACKS ChangeLog PKG-INFO README TODO Doc/pycrypt.tex"