diff options
| author | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2009-03-02 18:31:07 +0000 |
|---|---|---|
| committer | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2009-03-02 18:31:07 +0000 |
| commit | 4a55491819dce43f793bd1ede909a950bfbfeca1 (patch) | |
| tree | 24d273881b9f7455dc5a99c832037d90e062cfb3 /dev | |
| parent | 4761f747bfefb981e59657c4d3d91497f3e55e16 (diff) | |
| download | slackbuilds-4a55491819dce43f793bd1ede909a950bfbfeca1.tar.gz slackbuilds-4a55491819dce43f793bd1ede909a950bfbfeca1.tar.bz2 | |
pycrypto: fixing CVE-2009-0544
git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2112 370017ae-e619-0410-ac65-c121f96126d4
Diffstat (limited to 'dev')
| -rw-r--r-- | dev/python/pycrypto/Manifest | 25 | ||||
| -rw-r--r-- | dev/python/pycrypto/pycrypto-2.0.1.diff | 36 | ||||
| -rwxr-xr-x | dev/python/pycrypto/pycrypto.SlackBuild | 101 |
3 files changed, 158 insertions, 4 deletions
diff --git a/dev/python/pycrypto/Manifest b/dev/python/pycrypto/Manifest new file mode 100644 index 00000000..0eb13d5c --- /dev/null +++ b/dev/python/pycrypto/Manifest @@ -0,0 +1,25 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +DIST pycrypto-2.0.1.tar.gz 154292 MD5 4d5674f3898a573691ffb335e8d749cd RMD160 5ce938a24f77f414e42680c17ef9b6dc8de94a2e SHA1 c77cdefdfb06e4749690013a9a9e1600ab14e26f SHA256 b08d4ed54c9403c77778a3803e53a4f33f359b42d94f6f3e14abb1bf4941e6ea SHA512 7c1fddd425e342b04534185c0295274e1cc219dfe829ad3bd5dce09d75b08befc52c4989316086ea9789df82d5f0cb2feba079d50f7b3cf8b5eac56789d32f05 +MKBUILD pycrypto.mkbuild 2691 MD5 afccfacc494295a1985d5edb1c455de1 RMD160 09d71798413c31f59fd5e37313500acb7c104566 SHA1 1df00a7fd5b8b9402e56ac701c57ef31d23b3670 SHA256 dca06c803fa37b7f387fdf3717aae84e3ae5e5876087212cf803cd516fea19fd SHA512 19d97388f4b6a0ef9f5ef80f1b64ab36818a7aee25cdc8ed39f88003eb8ada6549d83eb4679440b5a5d89316b35e4aacb1c0c018ca5d0c94a818bb6001466f2f +PATCH pycrypto-2.0.1.diff 1002 MD5 e89cbaa92c610fe69fc75abfd12d7472 RMD160 870443df14d57711fc0b6b111d162b313a1949a4 SHA1 c9851294b128c0effa3653b4e87a27cc96c16104 SHA256 00da3a6ccc56d1b9fc8d03988a6724cd4c3e9338b9d9a481a777426309b77c90 SHA512 d7fc8d185bc36b877cc20de8f9afbedf0e71641c0fdaa6d34b1f91e6631ace5cfc07d15fa919b7f2a0be361e70760a5747060698434e56520b97727954035c31 +SLACK-REQUIRED slack-required 79 MD5 2fec3f39ed8c22edf96cce7a9537d0f4 RMD160 1f02bf02d8f2995726a2c1ecaa1067c388aec58c SHA1 d1abed6268451680d1c97d83a9044926215a5647 SHA256 10f66f332401f9c8dd42ad7fbac20af1bcc14fc28e652a7e3031d31a683a3825 SHA512 e354dac035c8c021afd6a8d52838f1e4113045295f8538145697c588a8920a2d7a003cdbf27c45119f5d89de110bbc1135e87b74b2aef18ecf9cc76fec06eb8c +SLACKBUILD pycrypto.SlackBuild 7746 MD5 926b275289c3099df396a1d390a0ef2d RMD160 dbb08ae284b3c3d2d042a04584cd1ac6207e85b2 SHA1 ce17b96a5b5e2df29beca3ba2dcb2870253b6004 SHA256 021d1ef8a3fabebb893910899d22a7a788cd4cbce9eb7415b0c23f43546d18b7 SHA512 e68a85cfc096687b440cf96ac498e8f55d2f706e9834306ef64e51a1d4905cf91e8e704b6411de2f354f779922b652794a1317571b8047525fbe0d5e65d48d45 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iQIcBAEBAgAGBQJJrBDlAAoJEEHL93ESzgei5K0P/i4FEU8AJyJ5p6oNPeV9pEpg +UvJ7DQit3dA/bBLoRRErZFri5MnpoQtJa7WMoQxEr3gpn5BK4XPSfaXlBXMJnPIz +cjCjLRcbmWxYq+2HDVkfYdb2hXm5x94pMjKeg+b56cYOfX3YP/IzB7tAyF7+azOJ +DHmlKJllHvN/hiW//P2mySylniiqSRO/4Qq6B2bqvHKhHi9oZFmoPxk/MDMdv3Hd +UszIqM2jMfUm/Q3aeYCTHHYbhxNnfJtWObS7GFKjthkVpkkXCsi8RJyYLhOVIK1N +tLnPcgPbfgCOHq95lI7UN6Nu/38v3IiaF600QxiIcyfT/78gKqC5tjwZ2npJtIKT +0b/HHOC0m4OAjJxO8MxPsAUlNpd9DeDfwJ30LGHGvX63TF/Q8NBkdyvtwXAb6TbL +gSEJWm+SyMUwXQ8ITn1GFuTyyV6SCmDWGJ1WoWzYSi6Z1iRAYHw39jasHXSDN56W +rLYLJkMofTE+kt+BlpLIm1pnlyvMOaFdNiLzHhmNq9aoH+QxXpgSkVYXJrzkkxLe +S/Tycwbrk5+gz+JGYbTUy5EgPtuWB1/v0JroGxUPUVjwW808rJr+OjsfIRnebKII +HylMB4TBibm6F7s3Jma4JO1L/QoVoWQCp66z7j4jDQYJ1f5hhndosDKuIixz0OkY +520M4f9B3nTctgOnPMEw +=9RzG +-----END PGP SIGNATURE----- diff --git a/dev/python/pycrypto/pycrypto-2.0.1.diff b/dev/python/pycrypto/pycrypto-2.0.1.diff new file mode 100644 index 00000000..77f85764 --- /dev/null +++ b/dev/python/pycrypto/pycrypto-2.0.1.diff @@ -0,0 +1,36 @@ +From: Dwayne C. Litzenberger <dlitz@dlitz.net> +Date: Fri, 6 Feb 2009 13:09:37 +0000 (-0500) +Subject: ARC2: Fix buffer overflow +X-Git-Url: http://gitweb2.dlitz.net/?p=crypto%2Fpycrypto-2.x.git;a=commitdiff_plain;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b + +ARC2: Fix buffer overflow + +Thanks to Mike Wiacek <mjwiacek@google.com> from the Google Security Team for +reporting this bug. +--- + +diff --git a/src/ARC2.c b/src/ARC2.c +index eb61713..35d9151 100644 +--- a/src/ARC2.c ++++ b/src/ARC2.c +@@ -11,6 +11,7 @@ + */ + + #include <string.h> ++#include "Python.h" + + #define MODULE_NAME ARC2 + #define BLOCK_SIZE 8 +@@ -144,6 +145,12 @@ block_init(block_state *self, U8 *key, int keylength) + 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173 + }; + ++ if ((U32)keylength > sizeof(self->xkey)) { ++ PyErr_SetString(PyExc_ValueError, ++ "ARC2 key length must be less than 128 bytes"); ++ return; ++ } ++ + memcpy(self->xkey, key, keylength); + + /* Phase 1: Expand input key to 128 bytes */ diff --git a/dev/python/pycrypto/pycrypto.SlackBuild b/dev/python/pycrypto/pycrypto.SlackBuild index 3322a427..d53fa462 100755 --- a/dev/python/pycrypto/pycrypto.SlackBuild +++ b/dev/python/pycrypto/pycrypto.SlackBuild @@ -15,8 +15,9 @@ # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA # # slackbuild for pycrypto, by Silvio Rhatto -# requires: python +# requires: # tested: pycrypto-2.0.1 +# model: generic.mkSlackBuild $Rev: 784 $ # # Look for slackbuildrc @@ -33,7 +34,7 @@ PKG_NAME="pycrypto" ARCH=${ARCH:=i486} SRC_VERSION=${VERSION:=2.0.1} PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')" -BUILD=${BUILD:=1rha} +BUILD=${BUILD:=2rha} SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME TMP=${TMP:=/tmp} PKG=${PKG:=$TMP/package-$PKG_NAME} @@ -47,9 +48,9 @@ NUMJOBS=${NUMJOBS:=""} LIBDIR="$PREFIX/lib" if [ "$ARCH" = "i386" ]; then - SLKCFLAGS="-O2 -march=i386 -mcpu=i686" + SLKCFLAGS="-O2 -march=i386 -mtune=i686" elif [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mcpu=i686" + SLKCFLAGS="-O2 -march=i486 -mtune=i686" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686" elif [ "$ARCH" = "s390" ]; then @@ -65,6 +66,7 @@ ERROR_WGET=31; ERROR_MAKE=32; ERROR_INSTALL=33 ERROR_MD5=34; ERROR_CONF=35; ERROR_HELP=36 ERROR_TAR=37; ERROR_MKPKG=38; ERROR_GPG=39 ERROR_PATCH=40; ERROR_VCS=41; ERROR_MKDIR=42 +ERROR_MANIFEST=43; # Clean up any leftovers of previous builds rm -rf "$PKG_WORK" 2> /dev/null @@ -84,12 +86,103 @@ if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET fi +# Check Manifest file +if [ -e "$CWD/Manifest" ]; then + + # Manifest signature checking + if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then + echo "Checking Manifest signature..." + gpg --verify $CWD/Manifest + if [ "$?" != "0" ]; then + exit $ERROR_MANIFEST + fi + fi + + MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`" + + for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do + + MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`" + MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`" + MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`" + + if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then + MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE" + else + MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`" + fi + + if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then + continue + fi + + echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..." + + SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`" + SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`" + + # Check source code size + if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then + echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC" + exit $ERROR_MANIFEST + else + echo "Size match." + fi + + # Check source code integrity + for ALGO in md5 rmd160 sha1 sha256 sha512; do + if [ $ALGO = "rmd160" ]; then + ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`" + else + ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`" + fi + ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`" + ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }') + if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then + echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC" + exit $ERROR_MANIFEST + else + echo "$ALGO match." + fi + done + + done + +else + exit $ERROR_MANIFEST +fi + # Untar cd "$PKG_WORK" tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR PKG_SRC="$PWD/`ls -l | awk '/^d/ { print $NF }'`" cd "$PKG_SRC" +# Patch source +patches=" [[PATCH URLS]] + $PKG_NAME.diff $PKG_NAME-$PKG_VERSION.diff + $PKG_NAME-$PKG_VERSION-$ARCH.diff $PKG_NAME-$ARCH.diff" +for patch in $patches; do + patch="`basename $patch`" + if [ -f "$CWD/$patch" ]; then + patch -Np1 < "$CWD/$patch" || exit $ERROR_PATCH + elif [ -f "$CWD/patches/$patch" ]; then + patch -Np1 < "$CWD/patches/$patch" || exit $ERROR_PATCH + elif [ -f "$CWD/$patch.gz" ]; then + gzip -dc "$CWD/$patch.gz" | patch -Np1 || exit $ERROR_PATCH + elif [ -f "$CWD/patches/$patch.gz" ]; then + gzip -dc "$CWD/patches/$patch.gz" | patch -Np1 || exit $ERROR_PATCH + elif [ -f "$SRC_DIR/$patch" ]; then + if [ "`basename $patch .gz`" != "$patch" ]; then + gzip -dc $SRC_DIR/$patch | patch -Np1 || exit $ERROR_PATCH + elif [ "`basename $patch .bz2`" != "$patch" ]; then + bzip2 -dc $SRC_DIR/$patch | patch -Np1 || exit $ERROR_PATCH + else + patch -Np1 < "$SRC_DIR/$patch" || exit $ERROR_PATCH + fi + fi +done + # Build and install package python setup.py build install --root=$PKG || exit $ERROR_INSTALL |