pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q1]: pkgsrc/security/libtomcrypt Pullup ticket #5451 - req...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1af25a5e0895
branches: pkgsrc-2017Q1
changeset: 360399:1af25a5e0895
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Sat Jun 03 18:03:48 2017 +0000
description:
Pullup ticket #5451 - requested by sevan
security/libtomcrypt: security fix
Revisions pulled up:
- security/libtomcrypt/Makefile 1.7
- security/libtomcrypt/distinfo 1.6
- security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c 1.1
---
Module Name: pkgsrc
Committed By: snj
Date: Tue May 16 21:55:50 UTC 2017
Modified Files:
pkgsrc/security/libtomcrypt: Makefile distinfo
Added Files:
pkgsrc/security/libtomcrypt/patches:
patch-src_pk_rsa_rsa__verify__hash.c
Log Message:
Fix CVE-2016-6129. Bump PKGREVISION to 3.
diffstat:
security/libtomcrypt/Makefile | 4 +-
security/libtomcrypt/distinfo | 3 +-
security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c | 33 ++++++++++
3 files changed, 37 insertions(+), 3 deletions(-)
diffs (65 lines):
diff -r c4bbe8f32f3c -r 1af25a5e0895 security/libtomcrypt/Makefile
--- a/security/libtomcrypt/Makefile Sat Jun 03 18:02:44 2017 +0000
+++ b/security/libtomcrypt/Makefile Sat Jun 03 18:03:48 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2014/12/16 02:58:20 mef Exp $
+# $NetBSD: Makefile,v 1.6.20.1 2017/06/03 18:03:48 bsiegert Exp $
DISTNAME= crypt-1.17
PKGNAME= libtom${DISTNAME}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= http://libtom.org/files/
EXTRACT_SUFX= .tar.bz2
diff -r c4bbe8f32f3c -r 1af25a5e0895 security/libtomcrypt/distinfo
--- a/security/libtomcrypt/distinfo Sat Jun 03 18:02:44 2017 +0000
+++ b/security/libtomcrypt/distinfo Sat Jun 03 18:03:48 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2015/11/04 01:17:50 agc Exp $
+$NetBSD: distinfo,v 1.5.12.1 2017/06/03 18:03:48 bsiegert Exp $
SHA1 (crypt-1.17.tar.bz2) = 9c746822c84e4276e432b64964f94d1d5ddd13ad
RMD160 (crypt-1.17.tar.bz2) = 742d72d82fea2e6a9865d8c682c10cbaba69ea2f
@@ -8,3 +8,4 @@
SHA1 (patch-ab) = c0eb1522dd02c2811deebfa353433e81e71a8928
SHA1 (patch-ac) = 871a713512b20199b502876d2523e8bf619c5e85
SHA1 (patch-src_headers_tomcrypt__macros.h) = 4aa1e0773a11c32fca83e7de82e12d44fdbb8202
+SHA1 (patch-src_pk_rsa_rsa__verify__hash.c) = 0bc2467fa3fc0a372baafbfea4c7b328422f8adb
diff -r c4bbe8f32f3c -r 1af25a5e0895 security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c Sat Jun 03 18:03:48 2017 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-src_pk_rsa_rsa__verify__hash.c,v 1.1.2.2 2017/06/03 18:03:48 bsiegert Exp $
+
+Fix for CVE-2016-6129.
+
+Source: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
+
+--- src/pk/rsa/rsa_verify_hash.c.orig 2007-05-12 07:46:25.000000000 -0700
++++ src/pk/rsa/rsa_verify_hash.c 2017-05-16 13:42:46.762259864 -0700
+@@ -96,7 +96,7 @@ int rsa_verify_hash_ex(const unsigned ch
+ } else {
+ /* LTC_PKCS #1 v1.5 decode it */
+ unsigned char *out;
+- unsigned long outlen, loid[16];
++ unsigned long outlen, loid[16], reallen;
+ int decoded;
+ ltc_asn1_list digestinfo[2], siginfo[2];
+
+@@ -138,8 +138,14 @@ int rsa_verify_hash_ex(const unsigned ch
+ goto bail_2;
+ }
+
++ if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
++ XFREE(out);
++ goto bail_2;
++ }
++
+ /* test OID */
+- if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
++ if ((reallen == outlen) &&
++ (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+ (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
+ (siginfo[1].size == hashlen) &&
+ (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
Home |
Main Index |
Thread Index |
Old Index