From 702c4a9f6084c9703701ef3b13dcf47fb791fe97 Mon Sep 17 00:00:00 2001 From: rhatto Date: Mon, 2 Mar 2009 18:31:22 +0000 Subject: pycrypto: fixing CVE-2009-0544 git-svn-id: svn+slack://slack.fluxo.info/var/svn/mkbuilds@390 18ef50b8-d735-4ccd-97c1-689132df3dd9 --- dev/python/pycrypto/Manifest | 25 +++++++++++++++++++++++ dev/python/pycrypto/pycrypto-2.0.1.diff | 36 +++++++++++++++++++++++++++++++++ dev/python/pycrypto/pycrypto.mkbuild | 7 ++++++- 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 dev/python/pycrypto/Manifest create mode 100644 dev/python/pycrypto/pycrypto-2.0.1.diff diff --git a/dev/python/pycrypto/Manifest b/dev/python/pycrypto/Manifest new file mode 100644 index 0000000..0eb13d5 --- /dev/null +++ b/dev/python/pycrypto/Manifest @@ -0,0 +1,25 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +DIST pycrypto-2.0.1.tar.gz 154292 MD5 4d5674f3898a573691ffb335e8d749cd RMD160 5ce938a24f77f414e42680c17ef9b6dc8de94a2e SHA1 c77cdefdfb06e4749690013a9a9e1600ab14e26f SHA256 b08d4ed54c9403c77778a3803e53a4f33f359b42d94f6f3e14abb1bf4941e6ea SHA512 7c1fddd425e342b04534185c0295274e1cc219dfe829ad3bd5dce09d75b08befc52c4989316086ea9789df82d5f0cb2feba079d50f7b3cf8b5eac56789d32f05 +MKBUILD pycrypto.mkbuild 2691 MD5 afccfacc494295a1985d5edb1c455de1 RMD160 09d71798413c31f59fd5e37313500acb7c104566 SHA1 1df00a7fd5b8b9402e56ac701c57ef31d23b3670 SHA256 dca06c803fa37b7f387fdf3717aae84e3ae5e5876087212cf803cd516fea19fd SHA512 19d97388f4b6a0ef9f5ef80f1b64ab36818a7aee25cdc8ed39f88003eb8ada6549d83eb4679440b5a5d89316b35e4aacb1c0c018ca5d0c94a818bb6001466f2f +PATCH pycrypto-2.0.1.diff 1002 MD5 e89cbaa92c610fe69fc75abfd12d7472 RMD160 870443df14d57711fc0b6b111d162b313a1949a4 SHA1 c9851294b128c0effa3653b4e87a27cc96c16104 SHA256 00da3a6ccc56d1b9fc8d03988a6724cd4c3e9338b9d9a481a777426309b77c90 SHA512 d7fc8d185bc36b877cc20de8f9afbedf0e71641c0fdaa6d34b1f91e6631ace5cfc07d15fa919b7f2a0be361e70760a5747060698434e56520b97727954035c31 +SLACK-REQUIRED slack-required 79 MD5 2fec3f39ed8c22edf96cce7a9537d0f4 RMD160 1f02bf02d8f2995726a2c1ecaa1067c388aec58c SHA1 d1abed6268451680d1c97d83a9044926215a5647 SHA256 10f66f332401f9c8dd42ad7fbac20af1bcc14fc28e652a7e3031d31a683a3825 SHA512 e354dac035c8c021afd6a8d52838f1e4113045295f8538145697c588a8920a2d7a003cdbf27c45119f5d89de110bbc1135e87b74b2aef18ecf9cc76fec06eb8c +SLACKBUILD pycrypto.SlackBuild 7746 MD5 926b275289c3099df396a1d390a0ef2d RMD160 dbb08ae284b3c3d2d042a04584cd1ac6207e85b2 SHA1 ce17b96a5b5e2df29beca3ba2dcb2870253b6004 SHA256 021d1ef8a3fabebb893910899d22a7a788cd4cbce9eb7415b0c23f43546d18b7 SHA512 e68a85cfc096687b440cf96ac498e8f55d2f706e9834306ef64e51a1d4905cf91e8e704b6411de2f354f779922b652794a1317571b8047525fbe0d5e65d48d45 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iQIcBAEBAgAGBQJJrBDlAAoJEEHL93ESzgei5K0P/i4FEU8AJyJ5p6oNPeV9pEpg +UvJ7DQit3dA/bBLoRRErZFri5MnpoQtJa7WMoQxEr3gpn5BK4XPSfaXlBXMJnPIz +cjCjLRcbmWxYq+2HDVkfYdb2hXm5x94pMjKeg+b56cYOfX3YP/IzB7tAyF7+azOJ +DHmlKJllHvN/hiW//P2mySylniiqSRO/4Qq6B2bqvHKhHi9oZFmoPxk/MDMdv3Hd +UszIqM2jMfUm/Q3aeYCTHHYbhxNnfJtWObS7GFKjthkVpkkXCsi8RJyYLhOVIK1N +tLnPcgPbfgCOHq95lI7UN6Nu/38v3IiaF600QxiIcyfT/78gKqC5tjwZ2npJtIKT +0b/HHOC0m4OAjJxO8MxPsAUlNpd9DeDfwJ30LGHGvX63TF/Q8NBkdyvtwXAb6TbL +gSEJWm+SyMUwXQ8ITn1GFuTyyV6SCmDWGJ1WoWzYSi6Z1iRAYHw39jasHXSDN56W +rLYLJkMofTE+kt+BlpLIm1pnlyvMOaFdNiLzHhmNq9aoH+QxXpgSkVYXJrzkkxLe +S/Tycwbrk5+gz+JGYbTUy5EgPtuWB1/v0JroGxUPUVjwW808rJr+OjsfIRnebKII +HylMB4TBibm6F7s3Jma4JO1L/QoVoWQCp66z7j4jDQYJ1f5hhndosDKuIixz0OkY +520M4f9B3nTctgOnPMEw +=9RzG +-----END PGP SIGNATURE----- diff --git a/dev/python/pycrypto/pycrypto-2.0.1.diff b/dev/python/pycrypto/pycrypto-2.0.1.diff new file mode 100644 index 0000000..77f8576 --- /dev/null +++ b/dev/python/pycrypto/pycrypto-2.0.1.diff @@ -0,0 +1,36 @@ +From: Dwayne C. Litzenberger +Date: Fri, 6 Feb 2009 13:09:37 +0000 (-0500) +Subject: ARC2: Fix buffer overflow +X-Git-Url: http://gitweb2.dlitz.net/?p=crypto%2Fpycrypto-2.x.git;a=commitdiff_plain;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b + +ARC2: Fix buffer overflow + +Thanks to Mike Wiacek from the Google Security Team for +reporting this bug. +--- + +diff --git a/src/ARC2.c b/src/ARC2.c +index eb61713..35d9151 100644 +--- a/src/ARC2.c ++++ b/src/ARC2.c +@@ -11,6 +11,7 @@ + */ + + #include ++#include "Python.h" + + #define MODULE_NAME ARC2 + #define BLOCK_SIZE 8 +@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength) + 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173 + }; + ++ if ((U32)keylength > sizeof(self->xkey)) { ++ PyErr_SetString(PyExc_ValueError, ++ "ARC2 key length must be less than 128 bytes"); ++ return; ++ } ++ + memcpy(self->xkey, key, keylength); + + /* Phase 1: Expand input key to 128 bytes */ diff --git a/dev/python/pycrypto/pycrypto.mkbuild b/dev/python/pycrypto/pycrypto.mkbuild index 2f1699e..f0171da 100644 --- a/dev/python/pycrypto/pycrypto.mkbuild +++ b/dev/python/pycrypto/pycrypto.mkbuild @@ -28,6 +28,10 @@ # Complete URL address or URL base address ( without $SRC_NAME-$VERSION... ) [[DOWNLOAD FOLDER URL]]="http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz" +# Build number +[[BUILD NUMBER]]="2" + +# Slack required [[SLACK REQUIRED]]="python" # SlackBuild PATH in Slack.Sarava tree @@ -55,8 +59,9 @@ off: md5sum_download_and_check_0 off: md5sum_download_and_check_1 off: gpg_signature_check + on: manifest_check on: untar_source -off: patch_source + on: patch_source off: configure on: make_package off: install_package -- cgit v1.2.3