diff options
author | Jesus Rivero <neurogeek@gentoo.org> | 2009-03-04 04:44:45 +0000 |
---|---|---|
committer | Jesus Rivero <neurogeek@gentoo.org> | 2009-03-04 04:44:45 +0000 |
commit | f1b9a72ef70c850e1d1a3ac89310e1974beab7ed (patch) | |
tree | b33f71c0a3de16a5777663a7d8df8e6f35952769 /dev-python/pycrypto | |
parent | Version bump, drop old (diff) | |
download | gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.tar.gz gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.tar.bz2 gentoo-2-f1b9a72ef70c850e1d1a3ac89310e1974beab7ed.zip |
Added patch for Buffer Overflow in ARC2 module. Bug #258049. CVE-2009-0544
(Portage version: 2.2_rc16/cvs/Linux 2.6.18-gentoo-r3 i686)
Diffstat (limited to 'dev-python/pycrypto')
-rw-r--r-- | dev-python/pycrypto/ChangeLog | 8 | ||||
-rw-r--r-- | dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch | 23 | ||||
-rw-r--r-- | dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild | 59 |
3 files changed, 89 insertions, 1 deletions
diff --git a/dev-python/pycrypto/ChangeLog b/dev-python/pycrypto/ChangeLog index 2031efecfa56..905dd71664d5 100644 --- a/dev-python/pycrypto/ChangeLog +++ b/dev-python/pycrypto/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-python/pycrypto # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-python/pycrypto/ChangeLog,v 1.64 2009/03/01 08:24:02 neurogeek Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-python/pycrypto/ChangeLog,v 1.65 2009/03/04 04:44:45 neurogeek Exp $ + +*pycrypto-2.0.1-r8 (04 Mar 2009) + + 04 Mar 2009; Jesus Rivero <neurogeek@gentoo.org> + +files/pycrypto-2.0.1-CVE-2009-0544.patch, +pycrypto-2.0.1-r8.ebuild: + Added patch for Buffer Overflow in ARC2 module. Bug #258049. CVE-2009-0544 *pycrypto-2.0.1-r7 (01 Mar 2009) diff --git a/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch b/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch new file mode 100644 index 000000000000..9a4734cf608d --- /dev/null +++ b/dev-python/pycrypto/files/pycrypto-2.0.1-CVE-2009-0544.patch @@ -0,0 +1,23 @@ +--- src/ARC2.c.orig 2009-03-03 23:53:08.000000000 -0430 ++++ src/ARC2.c 2009-03-03 23:53:08.000000000 -0430 +@@ -11,6 +11,7 @@ + */ + + #include <string.h> ++#include "Python.h" + + #define MODULE_NAME ARC2 + #define BLOCK_SIZE 8 +@@ -146,6 +147,12 @@ + We'll hardwire it to 1024. */ + #define bits 1024 + ++ if ((U32)keylength > sizeof(self->xkey)) { ++ PyErr_SetString(PyExc_ValueError, ++ "ARC2 key length must be less than 128 bytes"); ++ return; ++ } ++ + memcpy(self->xkey, key, keylength); + + /* Phase 1: Expand input key to 128 bytes */ diff --git a/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild b/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild new file mode 100644 index 000000000000..a02b5891373a --- /dev/null +++ b/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-python/pycrypto/pycrypto-2.0.1-r8.ebuild,v 1.1 2009/03/04 04:44:45 neurogeek Exp $ + +NEED_PYTHON=2.5 +inherit distutils toolchain-funcs flag-o-matic + +DESCRIPTION="Python Cryptography Toolkit" +HOMEPAGE="http://www.amk.ca/python/code/crypto.html" +SRC_URI="http://www.amk.ca/files/python/crypto/${P}.tar.gz" + +LICENSE="freedist" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="bindist gmp test" + +RDEPEND="virtual/python + gmp? ( dev-libs/gmp )" +DEPEND="${RDEPEND} + test? ( =dev-python/sancho-0.11-r1 )" + +src_unpack() { + unpack ${A} + cd "${S}" + use bindist && epatch "${FILESDIR}"/${P}-bindist.patch + epatch "${FILESDIR}"/${P}-sha256.patch + epatch "${FILESDIR}"/${P}-sha256-2.patch + epatch "${FILESDIR}"/${P}-gmp.patch + epatch "${FILESDIR}"/${P}-uint32.patch + epatch "${FILESDIR}"/${P}-sancho-package-rename.patch + epatch "${FILESDIR}"/${P}-2.6_hashlib.patch + #ARC2 buffer overlow. Bug 258049 + epatch "${FILESDIR}"/${P}-CVE-2009-0544.patch +} + +src_compile() { + use gmp \ + && export USE_GMP=1 \ + || export USE_GMP=0 + # sha256 hashes occasionally trigger ssp when built with + # -finline-functions (implied by -O3). + gcc-specs-ssp && append-flags -fno-inline-functions + distutils_src_compile + python_need_rebuild +} + +src_test() { + export PYTHONPATH=$(ls -d "${S}"/build/lib.*/) + python ./test.py || die "test failed" + if use test ; then + local x + cd test + for x in test_*.py ; do + python ${x} || die "${x} failed" + done + fi +} + +DOCS="ACKS ChangeLog PKG-INFO README TODO Doc/pycrypt.tex" |