From 8ea6e43d2f65acbfda614dbd4635823d7605b6d8 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Thu, 18 May 2023 10:12:16 +0100
Subject: gentoo auto-resync : 18:05:2023 - 10:12:16

---
 net-libs/libsignal-protocol-c/Manifest             |  3 +-
 ...libsignal-protocol-c-2.3.3-CVE-2022-48468.patch | 53 ++++++++++++++++++++++
 .../libsignal-protocol-c-2.3.3-r1.ebuild           | 18 ++++++++
 .../libsignal-protocol-c-9999.ebuild               | 14 ------
 4 files changed, 73 insertions(+), 15 deletions(-)
 create mode 100644 net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
 create mode 100644 net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild
 delete mode 100644 net-libs/libsignal-protocol-c/libsignal-protocol-c-9999.ebuild

(limited to 'net-libs/libsignal-protocol-c')

diff --git a/net-libs/libsignal-protocol-c/Manifest b/net-libs/libsignal-protocol-c/Manifest
index 5f94a23f658c..28cf908b1f63 100644
--- a/net-libs/libsignal-protocol-c/Manifest
+++ b/net-libs/libsignal-protocol-c/Manifest
@@ -1,4 +1,5 @@
+AUX libsignal-protocol-c-2.3.3-CVE-2022-48468.patch 1931 BLAKE2B 1e76d3bc4d4abad0440f3043475949de0d6bac7978f090e4b500c945ad93cfd400d363a7d81732dceb2853ad18da3d10d57e81e6daf2f0155a8fd9790cd21e9d SHA512 9e62354dc98ac8292df8485a1e6861867372d1625d49400fbb6503f1f34e3824f48c1e80d0bc9ec7878c4b341dabcdbc35acd740d21b59d67e13a0be403cbe32
 DIST libsignal-protocol-c-2.3.3.tar.gz 272073 BLAKE2B 86f31ed8a18bfc1ea80c45ffaf983611d353616d418f308711665aae287ff86697f7586f20f2c52ac028f9e5ad8b6d39c80876b263654c620a541812917b4f44 SHA512 19d892e13fac32022658de5eaf1db8cec3226f5f3f37a4c1c33bfa9653126ecbc6350a1ab5624025f909803c2277b86321dbea7f64e9932883cae57b65f58112
+EBUILD libsignal-protocol-c-2.3.3-r1.ebuild 448 BLAKE2B 5d7f5bbae4c2d36fae47f57b9ff3f2af04ae7a93fcbf2368b9d34f3769b73df1b5565a02c387d07fe0b6e88451dc73d2d597d661f30e49f194faff07e79a97e6 SHA512 80b935e6a3a58a32dd727e5e45c003821d39e68a3a0469a48a905021f0e0df6c275e5e701b9019ac5020e53537958c75556a340c204e7a61f35c8ea04fe3aa35
 EBUILD libsignal-protocol-c-2.3.3.ebuild 346 BLAKE2B cfa3bb04e96f7fb558250e8c97da2dfcc5d066370aefd966e734303531e9527a8772365cfd593f904547f5d16ca98268f537fb14f45032fcf677f5fb4817dd3b SHA512 e1153a01732b51c103d8efc23ca49c2bc2292ed64d7d9fe04e8c65819a211a6f35f42e7b4ea971a503a5cc85c6803d45c2a828e266052ff6bbdc2df6d186c57a
-EBUILD libsignal-protocol-c-9999.ebuild 311 BLAKE2B 17b9baf64a60146c55a2b525493a265eb5070a20a31b4a0dffe24c86e8a720f60a47c06f09e4473dcb2585c0a6f612d2b4df4b47944e927afe84e8ce29ab668f SHA512 6443aef8035cdb162e1681e0547411a1a1e157fb994b89e3e06cc61ed8f01c62419e02a3108e38044688de604342ff48e59a779b3b163cd9984ce3bc3c594659
 MISC metadata.xml 659 BLAKE2B f4a2ca5360a22ee74952638cfe61ef8b2d3351c5838ba130b5344d2362f946b2bdda5b58b2ed887fa8c5d2425c3d431e9d954752e7c3c36e7f0ae4d66a5bf706 SHA512 681673e2b407848e5abefaeb39159e0fa950720d6dc47992a6d11cfd8bb4d121995d4b247789afebf953d327a632bbaceccdd862232dac7f256e0f787ee6da5e
diff --git a/net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch b/net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
new file mode 100644
index 000000000000..8b3706dd8829
--- /dev/null
+++ b/net-libs/libsignal-protocol-c/files/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch
@@ -0,0 +1,53 @@
+From 478dfe51552243b367cf2e9c5d047cbbd3c21635 Mon Sep 17 00:00:00 2001
+From: Randy Barlow <randy@electronsweatshop.com>
+Date: Fri, 18 Mar 2022 12:42:57 -0400
+Subject: [PATCH] CVE-2022-48468: unsigned integer overflow
+
+This commit combines two upstream commits from protobuf-c[0][1].
+The first fixes an unsigned integer overflow, and the second fixes a
+regression introduced by the first. I originally decided to amend the
+commit message of the first to mention that it fixes a CVE, but then I
+realized it would be better to bring the fix for the regression together
+with it.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468
+https://bugzilla.redhat.com/show_bug.cgi?id=2186673
+
+[0]
+https://github.com/protobuf-c/protobuf-c/pull/513/commits/289f5c18b195aa43d46a619d1188709abbfa9c82
+[1]
+https://github.com/protobuf-c/protobuf-c/pull/513/commits/0d1fd124a4e0a07b524989f6e64410ff648fba61
+
+Co-authored-by: 10054172 <hui.zhang@thalesgroup.com>
+Co-authored-by: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
+Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
+---
+ src/protobuf-c/protobuf-c.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/protobuf-c/protobuf-c.c b/src/protobuf-c/protobuf-c.c
+index 4f2f5bc..6ae5287 100644
+--- a/src/protobuf-c/protobuf-c.c
++++ b/src/protobuf-c/protobuf-c.c
+@@ -2456,10 +2456,13 @@ parse_required_member(ScannedMember *scanned_member,
+ 			return FALSE;
+ 
+ 		def_mess = scanned_member->field->default_value;
+-		subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
+-						 allocator,
+-						 len - pref_len,
+-						 data + pref_len);
++		if (len >= pref_len)
++			subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
++							 allocator,
++							 len - pref_len,
++							 data + pref_len);
++		else
++			subm = NULL;
+ 
+ 		if (maybe_clear &&
+ 		    *pmessage != NULL &&
+-- 
+2.39.2
+
diff --git a/net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild b/net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild
new file mode 100644
index 000000000000..894d6fc41d30
--- /dev/null
+++ b/net-libs/libsignal-protocol-c/libsignal-protocol-c-2.3.3-r1.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake
+
+DESCRIPTION="Signal Protocol C Library"
+HOMEPAGE="https://signal.org/ https://github.com/signalapp/libsignal-protocol-c"
+SRC_URI="https://github.com/signalapp/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm64 ~x86"
+
+LICENSE="GPL-3"
+SLOT="0"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.3.3-CVE-2022-48468.patch
+)
diff --git a/net-libs/libsignal-protocol-c/libsignal-protocol-c-9999.ebuild b/net-libs/libsignal-protocol-c/libsignal-protocol-c-9999.ebuild
deleted file mode 100644
index 07a69138ceed..000000000000
--- a/net-libs/libsignal-protocol-c/libsignal-protocol-c-9999.ebuild
+++ /dev/null
@@ -1,14 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit git-r3 cmake
-
-DESCRIPTION="Signal Protocol C Library"
-HOMEPAGE="https://www.whispersystems.org/"
-
-EGIT_REPO_URI="https://github.com/signalapp/libsignal-protocol-c"
-
-LICENSE="GPL-3"
-SLOT="0"
-- 
cgit v1.2.3