CVS commit: [pkgsrc-2017Q1] pkgsrc/security/libtomcrypt

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/security/libtomcrypt
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Sat, 3 Jun 2017 18:03:48 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat Jun  3 18:03:48 UTC 2017

Modified Files:
        pkgsrc/security/libtomcrypt [pkgsrc-2017Q1]: Makefile distinfo
Added Files:
        pkgsrc/security/libtomcrypt/patches [pkgsrc-2017Q1]:
            patch-src_pk_rsa_rsa__verify__hash.c

Log Message:
Pullup ticket #5451 - requested by sevan
security/libtomcrypt: security fix

Revisions pulled up:
- security/libtomcrypt/Makefile                                 1.7
- security/libtomcrypt/distinfo                                 1.6
- security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c 1.1

---
   Module Name:    pkgsrc
   Committed By:   snj
   Date:           Tue May 16 21:55:50 UTC 2017

   Modified Files:
           pkgsrc/security/libtomcrypt: Makefile distinfo
   Added Files:
           pkgsrc/security/libtomcrypt/patches:
               patch-src_pk_rsa_rsa__verify__hash.c

   Log Message:
   Fix CVE-2016-6129.  Bump PKGREVISION to 3.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.20.1 pkgsrc/security/libtomcrypt/Makefile
cvs rdiff -u -r1.5 -r1.5.12.1 pkgsrc/security/libtomcrypt/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/libtomcrypt/Makefile
diff -u pkgsrc/security/libtomcrypt/Makefile:1.6 pkgsrc/security/libtomcrypt/Makefile:1.6.20.1
--- pkgsrc/security/libtomcrypt/Makefile:1.6    Tue Dec 16 02:58:20 2014
+++ pkgsrc/security/libtomcrypt/Makefile        Sat Jun  3 18:03:48 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2014/12/16 02:58:20 mef Exp $
+# $NetBSD: Makefile,v 1.6.20.1 2017/06/03 18:03:48 bsiegert Exp $
 
 DISTNAME=      crypt-1.17
 PKGNAME=       libtom${DISTNAME}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    security
 MASTER_SITES=  http://libtom.org/files/
 EXTRACT_SUFX=  .tar.bz2

Index: pkgsrc/security/libtomcrypt/distinfo
diff -u pkgsrc/security/libtomcrypt/distinfo:1.5 pkgsrc/security/libtomcrypt/distinfo:1.5.12.1
--- pkgsrc/security/libtomcrypt/distinfo:1.5    Wed Nov  4 01:17:50 2015
+++ pkgsrc/security/libtomcrypt/distinfo        Sat Jun  3 18:03:48 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2015/11/04 01:17:50 agc Exp $
+$NetBSD: distinfo,v 1.5.12.1 2017/06/03 18:03:48 bsiegert Exp $
 
 SHA1 (crypt-1.17.tar.bz2) = 9c746822c84e4276e432b64964f94d1d5ddd13ad
 RMD160 (crypt-1.17.tar.bz2) = 742d72d82fea2e6a9865d8c682c10cbaba69ea2f
@@ -8,3 +8,4 @@ SHA1 (patch-aa) = a2385cf0543a19b1555d43
 SHA1 (patch-ab) = c0eb1522dd02c2811deebfa353433e81e71a8928
 SHA1 (patch-ac) = 871a713512b20199b502876d2523e8bf619c5e85
 SHA1 (patch-src_headers_tomcrypt__macros.h) = 4aa1e0773a11c32fca83e7de82e12d44fdbb8202
+SHA1 (patch-src_pk_rsa_rsa__verify__hash.c) = 0bc2467fa3fc0a372baafbfea4c7b328422f8adb

Added files:

Index: pkgsrc/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c
diff -u /dev/null pkgsrc/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c:1.1.2.2
--- /dev/null   Sat Jun  3 18:03:48 2017
+++ pkgsrc/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c    Sat Jun  3 18:03:48 2017
@@ -0,0 +1,33 @@
+$NetBSD: patch-src_pk_rsa_rsa__verify__hash.c,v 1.1.2.2 2017/06/03 18:03:48 bsiegert Exp $
+
+Fix for CVE-2016-6129.  
+
+Source: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
+
+--- src/pk/rsa/rsa_verify_hash.c.orig  2007-05-12 07:46:25.000000000 -0700
++++ src/pk/rsa/rsa_verify_hash.c       2017-05-16 13:42:46.762259864 -0700
+@@ -96,7 +96,7 @@ int rsa_verify_hash_ex(const unsigned ch
+   } else {
+     /* LTC_PKCS #1 v1.5 decode it */
+     unsigned char *out;
+-    unsigned long outlen, loid[16];
++    unsigned long outlen, loid[16], reallen;
+     int           decoded;
+     ltc_asn1_list digestinfo[2], siginfo[2];
+ 
+@@ -138,8 +138,14 @@ int rsa_verify_hash_ex(const unsigned ch
+        goto bail_2;
+     }
+ 
++    if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
++       XFREE(out);
++       goto bail_2;
++    }
++
+     /* test OID */
+-    if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
++    if ((reallen == outlen) &&
++        (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+         (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
+         (siginfo[1].size == hashlen) &&
+         (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {

Prev by Date: CVS commit: [pkgsrc-2017Q1] pkgsrc/emulators/gxemul
Next by Date: CVS commit: [pkgsrc-2017Q1] pkgsrc/lang/guile20
Previous by Thread: CVS commit: [pkgsrc-2017Q1] pkgsrc/emulators/gxemul
Next by Thread: CVS commit: [pkgsrc-2017Q1] pkgsrc/lang/guile20
Indexes:

Home | Main Index | Thread Index | Old Index