diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
| commit | 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch) | |
| tree | 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /app-crypt/mcrypt | |
| parent | 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff) | |
gentoo resync : 14.07.2018
Diffstat (limited to 'app-crypt/mcrypt')
| -rw-r--r-- | app-crypt/mcrypt/Manifest | 9 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.7-qa.patch | 22 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.8-format-string.patch | 31 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch | 25 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.8-segv.patch | 40 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.8-sprintf.patch | 108 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.8-stdlib.h.patch | 11 | ||||
| -rw-r--r-- | app-crypt/mcrypt/mcrypt-2.6.8-r3.ebuild | 31 | ||||
| -rw-r--r-- | app-crypt/mcrypt/metadata.xml | 11 |
9 files changed, 288 insertions, 0 deletions
diff --git a/app-crypt/mcrypt/Manifest b/app-crypt/mcrypt/Manifest new file mode 100644 index 000000000000..07abce541550 --- /dev/null +++ b/app-crypt/mcrypt/Manifest @@ -0,0 +1,9 @@ +AUX mcrypt-2.6.7-qa.patch 736 BLAKE2B 3ccce0aa5e0cd2301123e91d7119059012b977107f7e555a07c33bdd9a303a7767e069d7f008682a0938be39b1eb7cd7ec461d8ace0c7d38c8e041e187580331 SHA512 f50e2db738583b5dbca80e7458cc341787b94bd475b699de1333e4839b1bc448c0a6d7c759a71849c60fc97d45dbb0f075ad6c5d67d312865eea26118bba4dee +AUX mcrypt-2.6.8-format-string.patch 518 BLAKE2B b5fd6a3780819acaa4c5e30dd78727b5eea94883e5467d2316929ace6fdb0ea7c0c54dc6db477b9aa9c9caa316269ab26d4dad08b4eff7137be216d0ea4e2661 SHA512 3056177ad2bf9cbf7cc9a5b3ae272407c0e38ed495ca665a26a9b36d5a0b5c874aff90a28903a6673e35b2691b036aed71721515cadd80c56a96d7604c4cee4a +AUX mcrypt-2.6.8-overflow.patch 810 BLAKE2B bc8c7e23335263396de52adb917527a8fd3da5b07618225b7012875c4afd4413e7dd173f74c044ae621d9a781057ec1c0e7df5442880128320f2bbbd46b89a2d SHA512 c884f67011f07245b7dc3c0a689c9bd33664a402ad5585823319084b74c758046938364372ce0ebf2cc898cb704375ff1f1cbee40d6e3d622641a16193857426 +AUX mcrypt-2.6.8-segv.patch 1330 BLAKE2B 731b3aba84731d81d993771270c0a8d42222ad636de388285e115da116298dea63fcaeef37c28e60600ddc6df5b662e9e35050ab5c26b390aae41b329cfe3e71 SHA512 7bea9f7731f39d2fed3920cbf6efaf006681e59eaa5dc3a0e50ac0cd3166c959e1ebd06c449329865501bd525a22c49380c4f72b27693f8bc0b0c0c4141a5af2 +AUX mcrypt-2.6.8-sprintf.patch 3617 BLAKE2B 9dc7fd48a12fbd34624ce4e02dd3e729444a8c8fd05b9a77f15cb0c7547aa21972bb4295e5ff9846530758e7994eee7dd9351ff32c03825e8d3611251ef858a5 SHA512 36163d3c782a29ab70527d0389e9ee4fc0fdb6d92300a5a576f3702c4b6a63f598e3832fd704570cd3c8da79182e2c57473b84932c26b08d3c8bd509f475a7d8 +AUX mcrypt-2.6.8-stdlib.h.patch 262 BLAKE2B 30735481ecc743554dc5a1fdf6d91d259ee2670ee39d939b90970aaaa0548c5edbe88fd5820f1cce4f7d4442d293258c5528f8c01d485a14fdda4cf060b27019 SHA512 6f20fe8982cca9fb448ace79c8b8b04260dc63f6a372da4cbf8a7a5d7458f32527e0f31d32387c9f326906fe6fe98013dc49a388b1c987ccca096c9796b409fd +DIST mcrypt-2.6.8.tar.gz 471915 BLAKE2B 63bb51d2e0fac138ad1cadd6c0842b5c13e604a0a6dd134b85c1e4f4a3af2758955c09a032641f34861a52dee5b0ce138b22e849a26a6e3c27bc0838999718fc SHA512 eae5f831e950df69eb93efc8314100b4b5dc8a535b1d00f500e6b25382efcec321346776a92dadf101b878ef46a47de2e9e81f5ddf5c73563ece4741f169c8d1 +EBUILD mcrypt-2.6.8-r3.ebuild 707 BLAKE2B add315ca7d9564ff68f1c955eae1958de657113e49f0cfd1ef33c410dcf96060c7139834533001dd78e32ac2f2ed1dfb670d677aa78ba66e4ca8a79fc8ad0fb4 SHA512 9378c7d796775b8e1edca96194a8d52663f91455cc6df20b76d79b417b7cb43d7309e9682c70c0fbdcb060b92e7d72c5771b1febdb127956e8282cbf95450893 +MISC metadata.xml 326 BLAKE2B 7815b2e4462f847a84c902df0c20b993c2a1cdd77006da029616096587e07003b2bba50499144d211c8ad0880eef53f0a3a9ce23af69f6320c427d6352958384 SHA512 a5d7a15b6084aebe038f38dc8003040c42434d415ebdb33b225e2772047950d35b2328dba5a7194533608b74ec47ca6a1bfccb56540f3a67308b499b04774207 diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.7-qa.patch b/app-crypt/mcrypt/files/mcrypt-2.6.7-qa.patch new file mode 100644 index 000000000000..368884f7fecb --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.7-qa.patch @@ -0,0 +1,22 @@ +diff -urNp mcrypt-2.6.7.org/src/gaaout.c mcrypt-2.6.7/src/gaaout.c +--- mcrypt-2.6.7.org/src/gaaout.c 2007-06-09 11:39:14.000000000 +0300 ++++ mcrypt-2.6.7/src/gaaout.c 2007-11-10 14:30:22.000000000 +0200 +@@ -5,6 +5,7 @@ + + + #include <defines.h> ++#include "mcrypt_int.h" + + #include <stdio.h> + #include <string.h> +diff -urNp mcrypt-2.6.7.org/src/mcrypt_int.h mcrypt-2.6.7/src/mcrypt_int.h +--- mcrypt-2.6.7.org/src/mcrypt_int.h 2003-09-08 20:25:50.000000000 +0300 ++++ mcrypt-2.6.7/src/mcrypt_int.h 2007-11-10 14:27:42.000000000 +0200 +@@ -15,3 +15,7 @@ void rol_buf(void * buffer, int buffersi + void mcrypt_version(); + void mcrypt_license(); + void usage(void); ++ ++int print_list(void); ++int print_hashlist(void); ++int print_keylist(void); diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.8-format-string.patch b/app-crypt/mcrypt/files/mcrypt-2.6.8-format-string.patch new file mode 100644 index 000000000000..ceeb28f38e0d --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.8-format-string.patch @@ -0,0 +1,31 @@ +--- a/src/errors.c ++++ b/src/errors.c +@@ -25,24 +25,24 @@ + + void err_quit(char *errmsg) + { +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + exit(-1); + } + + void err_warn(char *errmsg) + { + if (quiet <= 1) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_info(char *errmsg) + { + if (quiet == 0) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_crit(char *errmsg) + { + if (quiet <= 2) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch b/app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch new file mode 100644 index 000000000000..97c658bb2d3b --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch @@ -0,0 +1,25 @@ +From 3efb40e17ce4f76717ae17a1ce1e1f747ddf59fd Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Sat, 22 Dec 2012 22:37:06 +0200 +Subject: [PATCH] cleanup: buffer overflow + +--- + src/extra.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/src/extra.c b/src/extra.c +index 3082f82..c7a1ac0 100644 +--- a/src/extra.c ++++ b/src/extra.c +@@ -241,6 +241,8 @@ int check_file_head(FILE * fstream, char *algorithm, char *mode, + if (m_getbit(6, flags) == 1) { /* if the salt bit is set */ + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + if (*salt_size > 0) { + fread(tmp_buf, 1, *salt_size, + fstream); +-- +1.7.8.6 + diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.8-segv.patch b/app-crypt/mcrypt/files/mcrypt-2.6.8-segv.patch new file mode 100644 index 000000000000..478b3cbc0f6e --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.8-segv.patch @@ -0,0 +1,40 @@ +From 5bee29fae8f0e936ad4c957aef6035d09532a57a Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Sat, 22 Dec 2012 22:04:27 +0200 +Subject: [PATCH] cleanup: fixup segv on buffer access + +use exact buffer size instead of guess. + +do not copy out of source buffer. + +Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> +--- + src/rfc2440.c | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/rfc2440.c b/src/rfc2440.c +index 5a1f296..929b9ab 100644 +--- a/src/rfc2440.c ++++ b/src/rfc2440.c +@@ -497,7 +497,7 @@ plaintext_encode(const USTRING dat) + time_t t; + + assert(dat->len > 0); +- result = make_ustring( NULL, 2 * dat->len); /* xxx */ ++ result = make_ustring( NULL, dat->len + 12); /* xxx */ + newdat = (USTRING)dat; + result->d[pos++] = (0x80 | 0x40 | PKT_PLAINTEXT); + +@@ -810,7 +810,8 @@ encrypted_encode(const USTRING pt, const DEK *dek) + _mcrypt_encrypt(dek->hd, rndpref, dek->blocklen + 2, NULL, 0); + _mcrypt_sync(dek->hd, rndpref, dek->blocklen); + +- ct = make_ustring( rndpref, 2 * pt->len); /* xxx */ ++ ct = make_ustring( NULL, dek->blocklen + 2 + pt->len + 12); /* xxx */ ++ memcpy(ct->d, rndpref, dek->blocklen + 2); + pos = dek->blocklen + 2; + + _mcrypt_encrypt(dek->hd, ct->d + pos, pt->len, pt->d, pt->len); +-- +1.7.8.6 + diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.8-sprintf.patch b/app-crypt/mcrypt/files/mcrypt-2.6.8-sprintf.patch new file mode 100644 index 000000000000..a287680958bb --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.8-sprintf.patch @@ -0,0 +1,108 @@ +Description: [CVE-2012-4527] Stack-based buffer overflow with long file names + . + A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. + If a user were tricked into attempting to encrypt/decrypt specially crafted + long filename(s), this flaw would cause a stack-based buffer overflow that + could potentially lead to arbitrary code execution. + . + Note that this is caught by FORTIFY_SOURCE, which makes this a crash-only + bug on wheezy. +Author: Attila Bogar, Jean-Michel Vourgère <jmv_deb@nirgal.com> +Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4527 +Bug: CVE-2012-4527 +Bug-Debian: http://bugs.debian.org/690924 +Forwarded: no +Last-Update: 2012-11-01 +Index: mcrypt-2.6.8/src/mcrypt.c +=================================================================== +--- mcrypt-2.6.8.orig/src/mcrypt.c ++++ mcrypt-2.6.8/src/mcrypt.c +@@ -41,4 +41,6 @@ + ++/* Temporary error message can contain one file name and 1k of text */ ++#define ERRWIDTH ((PATH_MAX)+1024) +-char tmperr[128]; ++char tmperr[ERRWIDTH]; + unsigned int stream_flag = FALSE; + char *keymode = NULL; + char *mode = NULL; +@@ -482,7 +485,7 @@ + #ifdef HAVE_STAT + if (stream_flag == FALSE) { + if (is_normal_file(file[i]) == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: %s is not a regular file. Skipping...\n"), + program_name, file[i]); +@@ -501,7 +504,7 @@ + dinfile = file[i]; + if ((isatty(fileno((FILE *) (stdin))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: Encrypted data will not be read from a terminal.\n"), + program_name); +@@ -520,7 +523,7 @@ + einfile = file[i]; + if ((isatty(fileno((FILE *) (stdout))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: Encrypted data will not be written to a terminal.\n"), + program_name); +@@ -544,7 +547,7 @@ + strcpy(outfile, einfile); + /* if file has already the .nc ignore it */ + if (strstr(outfile, ".nc") != NULL) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("%s: file %s has the .nc suffix... skipping...\n"), + program_name, outfile); +@@ -590,10 +593,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); ++ snprintf(tmperr, ERRWIDTH, _("File %s was decrypted.\n"), dinfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was decrypted.\n")); ++ snprintf(tmperr, ERRWIDTH, _("Stdin was decrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -610,7 +613,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("File %s was NOT decrypted successfully.\n"), + dinfile); +@@ -636,10 +639,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); ++ snprintf(tmperr, ERRWIDTH, _("File %s was encrypted.\n"), einfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was encrypted.\n")); ++ snprintf(tmperr, ERRWIDTH, _("Stdin was encrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -655,7 +658,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, ERRWIDTH, + _ + ("File %s was NOT encrypted successfully.\n"), + einfile); diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.8-stdlib.h.patch b/app-crypt/mcrypt/files/mcrypt-2.6.8-stdlib.h.patch new file mode 100644 index 000000000000..c4bdb18a6dbc --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.8-stdlib.h.patch @@ -0,0 +1,11 @@ +--- a/src/rfc2440.c 2008-11-17 06:50:01.000000000 +1100 ++++ b/src/rfc2440.c 2010-08-10 13:48:28.000000000 +1000 +@@ -23,7 +23,7 @@ + #include <zlib.h> + #endif + #include <stdio.h> +-#include <malloc.h> ++#include <stdlib.h> + + #include "xmalloc.h" + #include "keys.h" diff --git a/app-crypt/mcrypt/mcrypt-2.6.8-r3.ebuild b/app-crypt/mcrypt/mcrypt-2.6.8-r3.ebuild new file mode 100644 index 000000000000..03b77bb3afb3 --- /dev/null +++ b/app-crypt/mcrypt/mcrypt-2.6.8-r3.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +DESCRIPTION="replacement of the old unix crypt(1)" +HOMEPAGE="http://mcrypt.sourceforge.net/" +SRC_URI="mirror://sourceforge/mcrypt/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc sparc x86 ~x86-macos" +IUSE="nls" + +DEPEND=">=dev-libs/libmcrypt-2.5.8 + >=app-crypt/mhash-0.9.9 + sys-libs/zlib" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-2.6.7-qa.patch" + "${FILESDIR}/${P}-stdlib.h.patch" + "${FILESDIR}/${P}-segv.patch" + "${FILESDIR}/${P}-sprintf.patch" + "${FILESDIR}/${P}-format-string.patch" + "${FILESDIR}/${P}-overflow.patch" +) + +src_configure() { + econf $(use_enable nls) +} diff --git a/app-crypt/mcrypt/metadata.xml b/app-crypt/mcrypt/metadata.xml new file mode 100644 index 000000000000..a07f7533cf4a --- /dev/null +++ b/app-crypt/mcrypt/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>crypto@gentoo.org</email> + <name>Crypto</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">mcrypt</remote-id> + </upstream> +</pkgmetadata> |