diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/crypto.scm | 6 | ||||
-rw-r--r-- | gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch | 65 |
3 files changed, 2 insertions, 70 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index c5c9278201..4a258dd3cd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -599,7 +599,6 @@ dist_patch_DATA = \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ - %D%/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 5e5bc4de05..225c26378d 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -583,7 +583,7 @@ data on your platform, so the seed itself will be as random as possible. (define-public crypto++ (package (name "crypto++") - (version "5.6.5") + (version "6.0.0") (source (origin (method url-fetch/zipbomb) (uri (string-append "https://cryptopp.com/cryptopp" @@ -591,9 +591,7 @@ data on your platform, so the seed itself will be as random as possible. ".zip")) (sha256 (base32 - "0d1cqdz369ivi082k59025wvxzywvkizw7i0pf5h0a1izs3g8pm7")) - (patches - (search-patches "crypto++-fix-dos-in-asn.1-decoders.patch")))) + "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34")))) (build-system gnu-build-system) (arguments `(#:make-flags diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch deleted file mode 100644 index 88b2e7f25a..0000000000 --- a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001 -From: Gergely Nagy <ngg@tresorit.com> -Date: Wed, 14 Dec 2016 13:19:01 +0100 -Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939) - ---- - asn.cpp | 10 ++++++++++ - asn.h | 2 ++ - 2 files changed, 12 insertions(+) - -diff --git a/asn.cpp b/asn.cpp -index 297ff010..2e923ef7 100644 ---- a/asn.cpp -+++ b/asn.cpp -@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) - size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- str.New(bc);
- if (bc != bt.Get(str, bc))
-@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation & - size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- bt.TransferTo(str, bc);
- return bc;
-@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as - size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- SecByteBlock temp(bc);
- if (bc != bt.Get(temp, bc))
-@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne - size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc == 0)
-+ BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- byte unused;
- if (!bt.Get(unused))
-diff --git a/asn.h b/asn.h -index ed9de52c..33f0dd09 100644 ---- a/asn.h -+++ b/asn.h -@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, - bool definite = BERLengthDecode(in, bc);
- if (!definite)
- BERDecodeError();
-+ if (bc > in.MaxRetrievable())
-+ BERDecodeError();
-
- SecByteBlock buf(bc);
-
|