commit: 9dc32f9b7cf12ea92bbdca93405b602d06925dd2 Author: Kent Fredric <kentnl <AT> gentoo <DOT> org> AuthorDate: Sun Jun 28 16:30:58 2020 +0000 Commit: Kent Fredric <kentnl <AT> gentoo <DOT> org> CommitDate: Sun Jun 28 16:37:13 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc32f9b
dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680 - EAPI7 - Remove empty/unused variable assignments - Add patch submitted to upstream repo to remedy CVE-2013-7488 Bug: https://bugs.gentoo.org/716680 Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15 Bug: https://github.com/gbarr/perl-Convert-ASN1/issues/14 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl <AT> gentoo.org> .../Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild | 27 +++++++++++++ .../files/Convert-ASN1-0.270.0-CVE-2013-7488.patch | 45 ++++++++++++++++++++++ 2 files changed, 72 insertions(+) diff --git a/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild b/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild new file mode 100644 index 00000000000..99a786a4ec7 --- /dev/null +++ b/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DIST_AUTHOR=GBARR +DIST_VERSION=0.27 +inherit perl-module + +DESCRIPTION="Standard en/decode of ASN.1 structures" + +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~x86-solaris" +IUSE="test" +RESTRICT="!test? ( test )" + +BDEPEND=" + >=virtual/perl-ExtUtils-MakeMaker-6.300.0 + test? ( + >=virtual/perl-Math-BigInt-1.997.0 + >=virtual/perl-Test-Simple-0.900.0 + ) +" +PATCHES=( + "${FILESDIR}/${P}-perl-526.patch" + "${FILESDIR}/${PN}-0.270.0-CVE-2013-7488.patch" +) diff --git a/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch new file mode 100644 index 00000000000..1922eceaa30 --- /dev/null +++ b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch @@ -0,0 +1,45 @@ +From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001 +From: Dana Jacobsen <[email protected]> +Date: Tue, 29 Oct 2013 08:37:48 -0700 +Subject: [PATCH 1/2] Fix unsafe decoding in indef case + +Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15 +--- + lib/Convert/ASN1/_decode.pm | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm +index e811e8d..eb2b584 100644 +--- a/lib/Convert/ASN1/_decode.pm ++++ b/lib/Convert/ASN1/_decode.pm +@@ -685,6 +685,7 @@ sub _scan_indef { + if((ord($tag) & 0x1f) == 0x1f) { + my $b; + do { ++ return if $pos >= $end; + $tag .= substr($_[0],$pos++,1); + $b = ord substr($tag,-1); + } while($b & 0x80); + +From 8125d99e15596fee1b5f904ed74a76bccf54082d Mon Sep 17 00:00:00 2001 +From: Dana Jacobsen <[email protected]> +Date: Tue, 29 Oct 2013 08:53:09 -0700 +Subject: [PATCH 2/2] Add second part of position check + +Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15 +--- + lib/Convert/ASN1/_decode.pm | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm +index eb2b584..67b95aa 100644 +--- a/lib/Convert/ASN1/_decode.pm ++++ b/lib/Convert/ASN1/_decode.pm +@@ -679,6 +679,7 @@ sub _scan_indef { + $pos += 2; + next; + } ++ return if $pos >= $end; + + my $tag = substr($_[0], $pos++, 1); +
