aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/crypto.scm6
-rw-r--r--gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch65
3 files changed, 2 insertions, 70 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index c5c9278201..4a258dd3cd 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -599,7 +599,6 @@ dist_patch_DATA = \
%D%/packages/patches/crawl-upgrade-saves.patch \
%D%/packages/patches/crda-optional-gcrypt.patch \
%D%/packages/patches/crossmap-allow-system-pysam.patch \
- %D%/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch \
%D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cube-nocheck.patch \
%D%/packages/patches/cursynth-wave-rand.patch \
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 5e5bc4de05..225c26378d 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -583,7 +583,7 @@ data on your platform, so the seed itself will be as random as possible.
(define-public crypto++
(package
(name "crypto++")
- (version "5.6.5")
+ (version "6.0.0")
(source (origin
(method url-fetch/zipbomb)
(uri (string-append "https://cryptopp.com/cryptopp"
@@ -591,9 +591,7 @@ data on your platform, so the seed itself will be as random as possible.
".zip"))
(sha256
(base32
- "0d1cqdz369ivi082k59025wvxzywvkizw7i0pf5h0a1izs3g8pm7"))
- (patches
- (search-patches "crypto++-fix-dos-in-asn.1-decoders.patch"))))
+ "1nidm6xbdza5cbgf5md2zznmaq692rfyjasycwipl6rzdfwjvb34"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags
diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch
deleted file mode 100644
index 88b2e7f25a..0000000000
--- a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001
-From: Gergely Nagy <ngg@tresorit.com>
-Date: Wed, 14 Dec 2016 13:19:01 +0100
-Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939)
-
----
- asn.cpp | 10 ++++++++++
- asn.h | 2 ++
- 2 files changed, 12 insertions(+)
-
-diff --git a/asn.cpp b/asn.cpp
-index 297ff010..2e923ef7 100644
---- a/asn.cpp
-+++ b/asn.cpp
-@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str)
- size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- str.New(bc);
- if (bc != bt.Get(str, bc))
-@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &
- size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- bt.TransferTo(str, bc);
- return bc;
-@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as
- size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- SecByteBlock temp(bc);
- if (bc != bt.Get(temp, bc))
-@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne
- size_t bc;
- if (!BERLengthDecode(bt, bc))
- BERDecodeError();
-+ if (bc == 0)
-+ BERDecodeError();
-+ if (bc > bt.MaxRetrievable())
-+ BERDecodeError();
-
- byte unused;
- if (!bt.Get(unused))
-diff --git a/asn.h b/asn.h
-index ed9de52c..33f0dd09 100644
---- a/asn.h
-+++ b/asn.h
-@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
- bool definite = BERLengthDecode(in, bc);
- if (!definite)
- BERDecodeError();
-+ if (bc > in.MaxRetrievable())
-+ BERDecodeError();
-
- SecByteBlock buf(bc);
-