diff options
| author |   Alon Bar-Lev <alonbl@gentoo.org> | 2012-12-22 20:54:55 +0000 |
|---|---|---|
| committer | Alon Bar-Lev <alonbl@gentoo.org> | 2012-12-22 20:54:55 +0000 |
| commit | aa0582397bf48a0e6857e7dc699961808edee254 (patch) | |
| tree | ac19108d9cfe3ec0a672fd93aeb0f08a958212b8 /app-crypt | |
| parent | Rework sprintf patch to remove RCS substitution in patch, as it invalidate it (diff) | |
| download | gentoo-2-aa0582397bf48a0e6857e7dc699961808edee254.tar.gz gentoo-2-aa0582397bf48a0e6857e7dc699961808edee254.tar.bz2 gentoo-2-aa0582397bf48a0e6857e7dc699961808edee254.zip | |
Fix CVE-2012-4409 per bug#434112
(Portage version: 2.2.0_alpha149/cvs/Linux x86_64, unsigned Manifest commit)
Diffstat (limited to 'app-crypt')
| -rw-r--r-- | app-crypt/mcrypt/ChangeLog | 6 | ||||
| -rw-r--r-- | app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch | 25 | ||||
| -rw-r--r-- | app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild | 3 |
3 files changed, 32 insertions, 2 deletions
diff --git a/app-crypt/mcrypt/ChangeLog b/app-crypt/mcrypt/ChangeLog index 1ed8d28d9446..59e7d4d56014 100644 --- a/app-crypt/mcrypt/ChangeLog +++ b/app-crypt/mcrypt/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for app-crypt/mcrypt # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mcrypt/ChangeLog,v 1.37 2012/12/22 20:51:04 alonbl Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mcrypt/ChangeLog,v 1.38 2012/12/22 20:54:55 alonbl Exp $ + + 22 Dec 2012; Alon Bar-Lev <alonbl@gentoo.org> + +files/mcrypt-2.6.8-overflow.patch, mcrypt-2.6.8-r2.ebuild: + Fix CVE-2012-4409 per bug#434112 22 Dec 2012; Alon Bar-Lev <alonbl@gentoo.org> files/mcrypt-2.6.8-sprintf.patch, mcrypt-2.6.8-r2.ebuild: diff --git a/app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch b/app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch new file mode 100644 index 000000000000..97c658bb2d3b --- /dev/null +++ b/app-crypt/mcrypt/files/mcrypt-2.6.8-overflow.patch @@ -0,0 +1,25 @@ +From 3efb40e17ce4f76717ae17a1ce1e1f747ddf59fd Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Sat, 22 Dec 2012 22:37:06 +0200 +Subject: [PATCH] cleanup: buffer overflow + +--- + src/extra.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/src/extra.c b/src/extra.c +index 3082f82..c7a1ac0 100644 +--- a/src/extra.c ++++ b/src/extra.c +@@ -241,6 +241,8 @@ int check_file_head(FILE * fstream, char *algorithm, char *mode, + if (m_getbit(6, flags) == 1) { /* if the salt bit is set */ + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + if (*salt_size > 0) { + fread(tmp_buf, 1, *salt_size, + fstream); +-- +1.7.8.6 + diff --git a/app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild b/app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild index 139ad89bde64..d7c3b35b7351 100644 --- a/app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild +++ b/app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild,v 1.2 2012/12/22 20:31:00 alonbl Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/mcrypt/mcrypt-2.6.8-r2.ebuild,v 1.3 2012/12/22 20:54:55 alonbl Exp $ EAPI="2" @@ -26,6 +26,7 @@ src_prepare() { epatch "${FILESDIR}/${P}-segv.patch" epatch "${FILESDIR}/${P}-sprintf.patch" epatch "${FILESDIR}/${P}-format-string.patch" + epatch "${FILESDIR}/${P}-overflow.patch" } src_configure() { |