[gentoo-commits] repo/gentoo:master commit in: dev-libs/crypto++/files/, dev-libs/crypto++/ - gentoo-commits

From:	Alon Bar-Lev <alonbl@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/crypto++/files/, dev-libs/crypto++/
Date:	Tue, 30 Apr 2019 06:03:47
Message-Id:	`1556604205.34abb7faf744a76561db0e7c922e2c6f409da053.alonbl@gentoo`

1

commit:     34abb7faf744a76561db0e7c922e2c6f409da053

2

Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>

3

AuthorDate: Tue Apr 30 06:01:29 2019 +0000

4

Commit:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>

5

CommitDate: Tue Apr 30 06:03:25 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34abb7fa

7

8

Revert "dev-libs/crypto++: cleanup old"

9

10

This reverts commit 756f4a7c8eaf896507c32131037492bd1e26e2e5.

11

12

Used by <sys-cluster/ceph/ceph-13

13

14

Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>

15

16

 dev-libs/crypto++/Manifest                         |  1 +

17

 dev-libs/crypto++/crypto++-5.6.5-r1.ebuild         | 60 ++++++++++++++++++++++

18

 .../crypto++/files/crypto++-5.6.4-nonative.patch   | 28 ++++++++++

19

 .../files/crypto++-5.6.5-CVE-2017-9434.patch       | 45 ++++++++++++++++

20

 4 files changed, 134 insertions(+)

21

22

diff --git a/dev-libs/crypto++/Manifest b/dev-libs/crypto++/Manifest

23

index afb0e40685e..ddba9587a28 100644

24

--- a/dev-libs/crypto++/Manifest

25

+++ b/dev-libs/crypto++/Manifest

26

@@ -1 +1,2 @@

27

+DIST cryptopp565.zip 4220843 BLAKE2B 0c42da3564cdd175c2f2c5c4272caf826f21e47d2271c7f54acab86f5f79dcdad8d6cb946bc88f55fde6189bb2d24ad8fb03dda6b3b8c6f105434b55b8b217d0 SHA512 f13718d02ca69b0129aaf9e767c9d2e0333aa7538355f9c63d9eaf1ff369062084a18dc01489439ebf37797b3ea81b01beb072057d47ec962bfb824ddc72abc7

28

 DIST cryptopp700.zip 7296665 BLAKE2B 1b1a60e240a9d94b4edfea16beef0ec48ec26c61f7f9a3d89d29bd2e77b13a83ce942f81467bb90d3086253560a3c4acd6b89178dcb416ed4328340ad5222dfd SHA512 8fd8d680e5ceaf10b3c32cb1504bda4b32abc9fcaa2c6e61e3b5e67aca805c792579884bc6a749c29a99105304c421d03d7fe7909fc58f750b3155c7c5cec8ec

29

30

diff --git a/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild

31

new file mode 100644

32

index 00000000000..03281fc6285

33

--- /dev/null

34

+++ b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild

35

@@ -0,0 +1,60 @@

36

+# Copyright 1999-2018 Gentoo Foundation

37

+# Distributed under the terms of the GNU General Public License v2

38

+

39

+EAPI=7

40

+

41

+inherit flag-o-matic toolchain-funcs

42

+

43

+DESCRIPTION="C++ class library of cryptographic schemes"

44

+HOMEPAGE="https://cryptopp.com"

45

+SRC_URI="https://www.cryptopp.com/cryptopp${PV//.}.zip"

46

+

47

+LICENSE="Boost-1.0"

48

+SLOT="0/5.6" # subslot is so version

49

+KEYWORDS="alpha amd64 ~arm arm64 hppa ppc ppc64 sparc x86 ~x64-macos"

50

+IUSE="static-libs"

51

+

52

+BDEPEND="app-arch/unzip"

53

+

54

+S="${WORKDIR}"

55

+

56

+PATCHES=(

57

+	"${FILESDIR}/${PN}-5.6.4-nonative.patch"

58

+	"${FILESDIR}/${P}-CVE-2017-9434.patch"

59

+)

60

+

61

+pkg_setup() {

62

+	export CXX="$(tc-getCXX)"

63

+	export LIBDIR="${EPREFIX}/usr/$(get_libdir)"

64

+	export PREFIX="${EPREFIX}/usr"

65

+}

66

+

67

+src_compile() {

68

+	# higher optimizations cause problems

69

+	replace-flags -O3 -O2

70

+	# ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS

71

+	[[ ${CHOST} == *-darwin* ]] && append-cxxflags -DCRYPTOPP_DISABLE_ASM

72

+

73

+	emake -f GNUmakefile all shared

74

+}

75

+

76

+src_install() {

77

+	default

78

+

79

+	# remove leftovers as build system sucks

80

+	rm -fr "${ED}"/usr/bin "${ED}"/usr/share/cryptopp

81

+	use static-libs || rm -f "${ED}${EPREFIX}"/usr/$(get_libdir)/*.a

82

+

83

+	# compatibility

84

+	dosym cryptopp "${EPREFIX}"/usr/include/crypto++

85

+	for f in "${ED}${EPREFIX}"/usr/$(get_libdir)/*; do

86

+		ln -s "$(basename "${f}")" "$(echo "${f}" | sed 's/cryptopp/crypto++/')" || die

87

+	done

88

+}

89

+

90

+pkg_preinst() {

91

+	# we switched directory to symlink

92

+	# make sure portage digests that

93

+	rm -fr "${EROOT}/usr/include/crypto++"

94

+	rm -fr "${EROOT}/usr/include/cryptopp"

95

+}

96

97

diff --git a/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch

98

new file mode 100644

99

index 00000000000..77d74ee729e

100

--- /dev/null

101

+++ b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch

102

@@ -0,0 +1,28 @@

103

+Index: work/GNUmakefile

104

+===================================================================

105

+--- work.orig/GNUmakefile

106

++++ work/GNUmakefile

107

+@@ -125,23 +125,6 @@ ifeq ($(IS_X86)$(IS_X32)$(IS_CYGWIN)$(IS

108

+  endif

109

+ endif

110

+

111

+-# Guard use of -march=native

112

+-ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)

113

+-   CXXFLAGS += -march=native

114

+-else ifneq ($(CLANG_COMPILER)$(INTEL_COMPILER),00)

115

+-   CXXFLAGS += -march=native

116

+-else

117

+-  # GCC 3.3 and "unknown option -march="

118

+-  # Ubuntu GCC 4.1 compiler crash with -march=native

119

+-  # NetBSD GCC 4.8 compiler and "bad value (native) for -march= switch"

120

+-  # Sun compiler is handled below

121

+-  ifeq ($(SUN_COMPILER)$(IS_X64),01)

122

+-    CXXFLAGS += -m64

123

+-  else ifeq ($(SUN_COMPILER)$(IS_X86),01)

124

+-    CXXFLAGS += -m32

125

+-  endif # X86/X32/X64

126

+-endif

127

+-

128

+ # Aligned access required for -O3 and above due to vectorization

129

+ UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)

130

+ ifneq ($(UNALIGNED_ACCESS),0)

131

132

diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch

133

new file mode 100644

134

index 00000000000..428f48901a3

135

--- /dev/null

136

+++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch

137

@@ -0,0 +1,45 @@

138

+From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001

139

+From: Jeffrey Walton <noloader@×××××.com>

140

+Date: Wed, 10 May 2017 18:17:12 -0400

141

+Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The

142

+ improved validation and excpetion clears the Address Sanitizer and Undefined

143

+ Behavior Sanitizer findings

144

+

145

+---

146

+ zinflate.cpp | 8 +++++++-

147

+ zinflate.h   | 4 ++++

148

+ 3 files changed, 14 insertions(+), 4 deletions(-)

149

+

150

+diff --git a/zinflate.cpp b/zinflate.cpp

151

+index 664efe6..fbd7505 100644

152

+--- a/zinflate.cpp

153

++++ b/zinflate.cpp

154

+@@ -550,12 +550,16 @@ bool Inflator::DecodeBody()

155

+ 						break;

156

+ 					}

157

+ 		case DISTANCE_BITS:

158

++					if (m_distance >= COUNTOF(distanceExtraBits))

159

++						throw BadDistanceErr();

160

+ 					bits = distanceExtraBits[m_distance];

161

+ 					if (!m_reader.FillBuffer(bits))

162

+ 					{

163

+ 						m_nextDecode = DISTANCE_BITS;

164

+ 						break;

165

+ 					}

166

++					if (m_distance >= COUNTOF(distanceStarts))

167

++						throw BadDistanceErr();

168

+ 					m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];

169

+ 					OutputPast(m_literal, m_distance);

170

+ 				}

171

+diff --git a/zinflate.h b/zinflate.h

172

+index e2fd237..c47d2f6 100644

173

+--- a/zinflate.h

174

++++ b/zinflate.h

175

+@@ -96,6 +96,7 @@ public:

176

+ 	};

177

+ 	class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};

178

+ 	class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};

179

++	class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};

180

+

181

+ 	//! \brief RFC 1951 Decompressor

182

+ 	//! \param attachment the filter's attached transformation

1	commit: 34abb7faf744a76561db0e7c922e2c6f409da053
2	Author: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
3	AuthorDate: Tue Apr 30 06:01:29 2019 +0000
4	Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
5	CommitDate: Tue Apr 30 06:03:25 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34abb7fa
7
8	Revert "dev-libs/crypto++: cleanup old"
9
10	This reverts commit 756f4a7c8eaf896507c32131037492bd1e26e2e5.
11
12	Used by <sys-cluster/ceph/ceph-13
13
14	Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>
15
16	dev-libs/crypto++/Manifest \| 1 +
17	dev-libs/crypto++/crypto++-5.6.5-r1.ebuild \| 60 ++++++++++++++++++++++
18	.../crypto++/files/crypto++-5.6.4-nonative.patch \| 28 ++++++++++
19	.../files/crypto++-5.6.5-CVE-2017-9434.patch \| 45 ++++++++++++++++
20	4 files changed, 134 insertions(+)
21
22	diff --git a/dev-libs/crypto++/Manifest b/dev-libs/crypto++/Manifest
23	index afb0e40685e..ddba9587a28 100644
24	--- a/dev-libs/crypto++/Manifest
25	+++ b/dev-libs/crypto++/Manifest
26	@@ -1 +1,2 @@
27	+DIST cryptopp565.zip 4220843 BLAKE2B 0c42da3564cdd175c2f2c5c4272caf826f21e47d2271c7f54acab86f5f79dcdad8d6cb946bc88f55fde6189bb2d24ad8fb03dda6b3b8c6f105434b55b8b217d0 SHA512 f13718d02ca69b0129aaf9e767c9d2e0333aa7538355f9c63d9eaf1ff369062084a18dc01489439ebf37797b3ea81b01beb072057d47ec962bfb824ddc72abc7
28	DIST cryptopp700.zip 7296665 BLAKE2B 1b1a60e240a9d94b4edfea16beef0ec48ec26c61f7f9a3d89d29bd2e77b13a83ce942f81467bb90d3086253560a3c4acd6b89178dcb416ed4328340ad5222dfd SHA512 8fd8d680e5ceaf10b3c32cb1504bda4b32abc9fcaa2c6e61e3b5e67aca805c792579884bc6a749c29a99105304c421d03d7fe7909fc58f750b3155c7c5cec8ec
29
30	diff --git a/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
31	new file mode 100644
32	index 00000000000..03281fc6285
33	--- /dev/null
34	+++ b/dev-libs/crypto++/crypto++-5.6.5-r1.ebuild
35	@@ -0,0 +1,60 @@
36	+# Copyright 1999-2018 Gentoo Foundation
37	+# Distributed under the terms of the GNU General Public License v2
38	+
39	+EAPI=7
40	+
41	+inherit flag-o-matic toolchain-funcs
42	+
43	+DESCRIPTION="C++ class library of cryptographic schemes"
44	+HOMEPAGE="https://cryptopp.com"
45	+SRC_URI="https://www.cryptopp.com/cryptopp${PV//.}.zip"
46	+
47	+LICENSE="Boost-1.0"
48	+SLOT="0/5.6" # subslot is so version
49	+KEYWORDS="alpha amd64 ~arm arm64 hppa ppc ppc64 sparc x86 ~x64-macos"
50	+IUSE="static-libs"
51	+
52	+BDEPEND="app-arch/unzip"
53	+
54	+S="${WORKDIR}"
55	+
56	+PATCHES=(
57	+ "${FILESDIR}/${PN}-5.6.4-nonative.patch"
58	+ "${FILESDIR}/${P}-CVE-2017-9434.patch"
59	+)
60	+
61	+pkg_setup() {
62	+ export CXX="$(tc-getCXX)"
63	+ export LIBDIR="${EPREFIX}/usr/$(get_libdir)"
64	+ export PREFIX="${EPREFIX}/usr"
65	+}
66	+
67	+src_compile() {
68	+ # higher optimizations cause problems
69	+ replace-flags -O3 -O2
70	+ # ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS
71	+ [[ ${CHOST} == -darwin ]] && append-cxxflags -DCRYPTOPP_DISABLE_ASM
72	+
73	+ emake -f GNUmakefile all shared
74	+}
75	+
76	+src_install() {
77	+ default
78	+
79	+ # remove leftovers as build system sucks
80	+ rm -fr "${ED}"/usr/bin "${ED}"/usr/share/cryptopp
81	+ use static-libs \|\| rm -f "${ED}${EPREFIX}"/usr/$(get_libdir)/*.a
82	+
83	+ # compatibility
84	+ dosym cryptopp "${EPREFIX}"/usr/include/crypto++
85	+ for f in "${ED}${EPREFIX}"/usr/$(get_libdir)/*; do
86	+ ln -s "$(basename "${f}")" "$(echo "${f}" \| sed 's/cryptopp/crypto++/')" \|\| die
87	+ done
88	+}
89	+
90	+pkg_preinst() {
91	+ # we switched directory to symlink
92	+ # make sure portage digests that
93	+ rm -fr "${EROOT}/usr/include/crypto++"
94	+ rm -fr "${EROOT}/usr/include/cryptopp"
95	+}
96
97	diff --git a/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch
98	new file mode 100644
99	index 00000000000..77d74ee729e
100	--- /dev/null
101	+++ b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch
102	@@ -0,0 +1,28 @@
103	+Index: work/GNUmakefile
104	+===================================================================
105	+--- work.orig/GNUmakefile
106	++++ work/GNUmakefile
107	+@@ -125,23 +125,6 @@ ifeq ($(IS_X86)$(IS_X32)$(IS_CYGWIN)$(IS
108	+ endif
109	+ endif
110	+
111	+-# Guard use of -march=native
112	+-ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)
113	+- CXXFLAGS += -march=native
114	+-else ifneq ($(CLANG_COMPILER)$(INTEL_COMPILER),00)
115	+- CXXFLAGS += -march=native
116	+-else
117	+- # GCC 3.3 and "unknown option -march="
118	+- # Ubuntu GCC 4.1 compiler crash with -march=native
119	+- # NetBSD GCC 4.8 compiler and "bad value (native) for -march= switch"
120	+- # Sun compiler is handled below
121	+- ifeq ($(SUN_COMPILER)$(IS_X64),01)
122	+- CXXFLAGS += -m64
123	+- else ifeq ($(SUN_COMPILER)$(IS_X86),01)
124	+- CXXFLAGS += -m32
125	+- endif # X86/X32/X64
126	+-endif
127	+-
128	+ # Aligned access required for -O3 and above due to vectorization
129	+ UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]//[[:space:]]\#[[:space:]]define[[:space:]]CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
130	+ ifneq ($(UNALIGNED_ACCESS),0)
131
132	diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
133	new file mode 100644
134	index 00000000000..428f48901a3
135	--- /dev/null
136	+++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
137	@@ -0,0 +1,45 @@
138	+From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001
139	+From: Jeffrey Walton <noloader@×××××.com>
140	+Date: Wed, 10 May 2017 18:17:12 -0400
141	+Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The
142	+ improved validation and excpetion clears the Address Sanitizer and Undefined
143	+ Behavior Sanitizer findings
144	+
145	+---
146	+ zinflate.cpp \| 8 +++++++-
147	+ zinflate.h \| 4 ++++
148	+ 3 files changed, 14 insertions(+), 4 deletions(-)
149	+
150	+diff --git a/zinflate.cpp b/zinflate.cpp
151	+index 664efe6..fbd7505 100644
152	+--- a/zinflate.cpp
153	++++ b/zinflate.cpp
154	+@@ -550,12 +550,16 @@ bool Inflator::DecodeBody()
155	+ break;
156	+ }
157	+ case DISTANCE_BITS:
158	++ if (m_distance >= COUNTOF(distanceExtraBits))
159	++ throw BadDistanceErr();
160	+ bits = distanceExtraBits[m_distance];
161	+ if (!m_reader.FillBuffer(bits))
162	+ {
163	+ m_nextDecode = DISTANCE_BITS;
164	+ break;
165	+ }
166	++ if (m_distance >= COUNTOF(distanceStarts))
167	++ throw BadDistanceErr();
168	+ m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];
169	+ OutputPast(m_literal, m_distance);
170	+ }
171	+diff --git a/zinflate.h b/zinflate.h
172	+index e2fd237..c47d2f6 100644
173	+--- a/zinflate.h
174	++++ b/zinflate.h
175	+@@ -96,6 +96,7 @@ public:
176	+ };
177	+ class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};
178	+ class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};
179	++ class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};
180	+
181	+ //! \brief RFC 1951 Decompressor
182	+ //! \param attachment the filter's attached transformation

Gentoo Archives: gentoo-commits