[gentoo-commits] repo/gentoo:master commit in: dev-libs/crypto++/files/, dev-libs/crypto++/

Mon, 29 Apr 2019 23:03:55 -0700 

commit:     34abb7faf744a76561db0e7c922e2c6f409da053
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 30 06:01:29 2019 +0000
Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Tue Apr 30 06:03:25 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34abb7fa

Revert "dev-libs/crypto++: cleanup old"

This reverts commit 756f4a7c8eaf896507c32131037492bd1e26e2e5.

Used by <sys-cluster/ceph/ceph-13

Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>

 dev-libs/crypto++/Manifest                         |  1 +
 dev-libs/crypto++/crypto++-5.6.5-r1.ebuild         | 60 ++++++++++++++++++++++
 .../crypto++/files/crypto++-5.6.4-nonative.patch   | 28 ++++++++++
 .../files/crypto++-5.6.5-CVE-2017-9434.patch       | 45 ++++++++++++++++
 4 files changed, 134 insertions(+)

diff --git a/dev-libs/crypto++/Manifest b/dev-libs/crypto++/Manifest
index afb0e40685e..ddba9587a28 100644
--- a/dev-libs/crypto++/Manifest
+++ b/dev-libs/crypto++/Manifest
@@ -1 +1,2 @@
+DIST cryptopp565.zip 4220843 BLAKE2B 
0c42da3564cdd175c2f2c5c4272caf826f21e47d2271c7f54acab86f5f79dcdad8d6cb946bc88f55fde6189bb2d24ad8fb03dda6b3b8c6f105434b55b8b217d0
 SHA512 
f13718d02ca69b0129aaf9e767c9d2e0333aa7538355f9c63d9eaf1ff369062084a18dc01489439ebf37797b3ea81b01beb072057d47ec962bfb824ddc72abc7
 DIST cryptopp700.zip 7296665 BLAKE2B 
1b1a60e240a9d94b4edfea16beef0ec48ec26c61f7f9a3d89d29bd2e77b13a83ce942f81467bb90d3086253560a3c4acd6b89178dcb416ed4328340ad5222dfd
 SHA512 
8fd8d680e5ceaf10b3c32cb1504bda4b32abc9fcaa2c6e61e3b5e67aca805c792579884bc6a749c29a99105304c421d03d7fe7909fc58f750b3155c7c5cec8ec

diff --git a/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild 
b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
new file mode 100644
index 00000000000..03281fc6285
--- /dev/null
+++ b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic toolchain-funcs
+
+DESCRIPTION="C++ class library of cryptographic schemes"
+HOMEPAGE="https://cryptopp.com";
+SRC_URI="https://www.cryptopp.com/cryptopp${PV//.}.zip";
+
+LICENSE="Boost-1.0"
+SLOT="0/5.6" # subslot is so version
+KEYWORDS="alpha amd64 ~arm arm64 hppa ppc ppc64 sparc x86 ~x64-macos"
+IUSE="static-libs"
+
+BDEPEND="app-arch/unzip"
+
+S="${WORKDIR}"
+
+PATCHES=(
+       "${FILESDIR}/${PN}-5.6.4-nonative.patch"
+       "${FILESDIR}/${P}-CVE-2017-9434.patch"
+)
+
+pkg_setup() {
+       export CXX="$(tc-getCXX)"
+       export LIBDIR="${EPREFIX}/usr/$(get_libdir)"
+       export PREFIX="${EPREFIX}/usr"
+}
+
+src_compile() {
+       # higher optimizations cause problems
+       replace-flags -O3 -O2
+       # ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS
+       [[ ${CHOST} == *-darwin* ]] && append-cxxflags -DCRYPTOPP_DISABLE_ASM
+
+       emake -f GNUmakefile all shared
+}
+
+src_install() {
+       default
+
+       # remove leftovers as build system sucks
+       rm -fr "${ED}"/usr/bin "${ED}"/usr/share/cryptopp
+       use static-libs || rm -f "${ED}${EPREFIX}"/usr/$(get_libdir)/*.a
+
+       # compatibility
+       dosym cryptopp "${EPREFIX}"/usr/include/crypto++
+       for f in "${ED}${EPREFIX}"/usr/$(get_libdir)/*; do
+               ln -s "$(basename "${f}")" "$(echo "${f}" | sed 
's/cryptopp/crypto++/')" || die
+       done
+}
+
+pkg_preinst() {
+       # we switched directory to symlink
+       # make sure portage digests that
+       rm -fr "${EROOT}/usr/include/crypto++"
+       rm -fr "${EROOT}/usr/include/cryptopp"
+}

diff --git a/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch 
b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch
new file mode 100644
index 00000000000..77d74ee729e
--- /dev/null
+++ b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch
@@ -0,0 +1,28 @@
+Index: work/GNUmakefile
+===================================================================
+--- work.orig/GNUmakefile
++++ work/GNUmakefile
+@@ -125,23 +125,6 @@ ifeq ($(IS_X86)$(IS_X32)$(IS_CYGWIN)$(IS
+  endif
+ endif
+ 
+-# Guard use of -march=native
+-ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)
+-   CXXFLAGS += -march=native
+-else ifneq ($(CLANG_COMPILER)$(INTEL_COMPILER),00)
+-   CXXFLAGS += -march=native
+-else
+-  # GCC 3.3 and "unknown option -march="
+-  # Ubuntu GCC 4.1 compiler crash with -march=native
+-  # NetBSD GCC 4.8 compiler and "bad value (native) for -march= switch"
+-  # Sun compiler is handled below
+-  ifeq ($(SUN_COMPILER)$(IS_X64),01)
+-    CXXFLAGS += -m64
+-  else ifeq ($(SUN_COMPILER)$(IS_X86),01)
+-    CXXFLAGS += -m32
+-  endif # X86/X32/X64
+-endif
+-
+ # Aligned access required for -O3 and above due to vectorization
+ UNALIGNED_ACCESS := $(shell $(EGREP) -c 
"^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS"
 config.h)
+ ifneq ($(UNALIGNED_ACCESS),0)

diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch 
b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
new file mode 100644
index 00000000000..428f48901a3
--- /dev/null
+++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
@@ -0,0 +1,45 @@
+From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001
+From: Jeffrey Walton <[email protected]>
+Date: Wed, 10 May 2017 18:17:12 -0400
+Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The
+ improved validation and excpetion clears the Address Sanitizer and Undefined
+ Behavior Sanitizer findings
+
+---
+ zinflate.cpp | 8 +++++++-
+ zinflate.h   | 4 ++++
+ 3 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/zinflate.cpp b/zinflate.cpp
+index 664efe6..fbd7505 100644
+--- a/zinflate.cpp
++++ b/zinflate.cpp
+@@ -550,12 +550,16 @@ bool Inflator::DecodeBody()
+                                               break;
+                                       }
+               case DISTANCE_BITS:
++                                      if (m_distance >= 
COUNTOF(distanceExtraBits))
++                                              throw BadDistanceErr();
+                                       bits = distanceExtraBits[m_distance];
+                                       if (!m_reader.FillBuffer(bits))
+                                       {
+                                               m_nextDecode = DISTANCE_BITS;
+                                               break;
+                                       }
++                                      if (m_distance >= 
COUNTOF(distanceStarts))
++                                              throw BadDistanceErr();
+                                       m_distance = m_reader.GetBits(bits) + 
distanceStarts[m_distance];
+                                       OutputPast(m_literal, m_distance);
+                               }
+diff --git a/zinflate.h b/zinflate.h
+index e2fd237..c47d2f6 100644
+--- a/zinflate.h
++++ b/zinflate.h
+@@ -96,6 +96,7 @@ public:
+       };
+       class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : 
Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};
+       class BadBlockErr : public Err {public: BadBlockErr() : 
Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};
++      class BadDistanceErr : public Err {public: BadDistanceErr() : 
Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};
+ 
+       //! \brief RFC 1951 Decompressor
+       //! \param attachment the filter's attached transformation

Reply via email to