[gentoo-commits] repo/gentoo:master commit in: dev-perl/Convert-ASN1/, dev-perl/Convert-ASN1/files/ - gentoo-commits

From:	Kent Fredric <kentnl@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-perl/Convert-ASN1/, dev-perl/Convert-ASN1/files/
Date:	Sun, 28 Jun 2020 16:37:43
Message-Id:	`1593362233.9dc32f9b7cf12ea92bbdca93405b602d06925dd2.kentnl@gentoo`

1

commit:     9dc32f9b7cf12ea92bbdca93405b602d06925dd2

2

Author:     Kent Fredric <kentnl <AT> gentoo <DOT> org>

3

AuthorDate: Sun Jun 28 16:30:58 2020 +0000

4

Commit:     Kent Fredric <kentnl <AT> gentoo <DOT> org>

5

CommitDate: Sun Jun 28 16:37:13 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc32f9b

7

8

dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680

9

10

- EAPI7

11

- Remove empty/unused variable assignments

12

- Add patch submitted to upstream repo to remedy CVE-2013-7488

13

14

Bug: https://bugs.gentoo.org/716680

15

Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15

16

Bug: https://github.com/gbarr/perl-Convert-ASN1/issues/14

17

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879

18

Package-Manager: Portage-2.3.100, Repoman-2.3.22

19

Signed-off-by: Kent Fredric <kentnl <AT> gentoo.org>

20

21

 .../Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild    | 27 +++++++++++++

22

 .../files/Convert-ASN1-0.270.0-CVE-2013-7488.patch | 45 ++++++++++++++++++++++

23

 2 files changed, 72 insertions(+)

24

25

diff --git a/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild b/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild

26

new file mode 100644

27

index 00000000000..99a786a4ec7

28

--- /dev/null

29

+++ b/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild

30

@@ -0,0 +1,27 @@

31

+# Copyright 1999-2020 Gentoo Authors

32

+# Distributed under the terms of the GNU General Public License v2

33

+

34

+EAPI=7

35

+

36

+DIST_AUTHOR=GBARR

37

+DIST_VERSION=0.27

38

+inherit perl-module

39

+

40

+DESCRIPTION="Standard en/decode of ASN.1 structures"

41

+

42

+SLOT="0"

43

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~x86-solaris"

44

+IUSE="test"

45

+RESTRICT="!test? ( test )"

46

+

47

+BDEPEND="

48

+	>=virtual/perl-ExtUtils-MakeMaker-6.300.0

49

+	test? (

50

+		>=virtual/perl-Math-BigInt-1.997.0

51

+		>=virtual/perl-Test-Simple-0.900.0

52

+	)

53

+"

54

+PATCHES=(

55

+	"${FILESDIR}/${P}-perl-526.patch"

56

+	"${FILESDIR}/${PN}-0.270.0-CVE-2013-7488.patch"

57

+)

58

59

diff --git a/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch

60

new file mode 100644

61

index 00000000000..1922eceaa30

62

--- /dev/null

63

+++ b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch

64

@@ -0,0 +1,45 @@

65

+From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001

66

+From: Dana Jacobsen <dana@×××.org>

67

+Date: Tue, 29 Oct 2013 08:37:48 -0700

68

+Subject: [PATCH 1/2] Fix unsafe decoding in indef case

69

+

70

+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15

71

+---

72

+ lib/Convert/ASN1/_decode.pm | 1 +

73

+ 1 file changed, 1 insertion(+)

74

+

75

+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm

76

+index e811e8d..eb2b584 100644

77

+--- a/lib/Convert/ASN1/_decode.pm

78

++++ b/lib/Convert/ASN1/_decode.pm

79

+@@ -685,6 +685,7 @@ sub _scan_indef {

80

+     if((ord($tag) & 0x1f) == 0x1f) {

81

+       my $b;

82

+       do {

83

++	return if $pos >= $end;

84

+ 	$tag .= substr($_[0],$pos++,1);

85

+ 	$b = ord substr($tag,-1);

86

+       } while($b & 0x80);

87

+

88

+From 8125d99e15596fee1b5f904ed74a76bccf54082d Mon Sep 17 00:00:00 2001

89

+From: Dana Jacobsen <dana@×××.org>

90

+Date: Tue, 29 Oct 2013 08:53:09 -0700

91

+Subject: [PATCH 2/2] Add second part of position check

92

+

93

+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15

94

+---

95

+ lib/Convert/ASN1/_decode.pm | 1 +

96

+ 1 file changed, 1 insertion(+)

97

+

98

+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm

99

+index eb2b584..67b95aa 100644

100

+--- a/lib/Convert/ASN1/_decode.pm

101

++++ b/lib/Convert/ASN1/_decode.pm

102

+@@ -679,6 +679,7 @@ sub _scan_indef {

103

+       $pos += 2;

104

+       next;

105

+     }

106

++    return if $pos >= $end;

107

+

108

+     my $tag = substr($_[0], $pos++, 1);

109

+

1	commit: 9dc32f9b7cf12ea92bbdca93405b602d06925dd2
2	Author: Kent Fredric <kentnl <AT> gentoo <DOT> org>
3	AuthorDate: Sun Jun 28 16:30:58 2020 +0000
4	Commit: Kent Fredric <kentnl <AT> gentoo <DOT> org>
5	CommitDate: Sun Jun 28 16:37:13 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc32f9b
7
8	dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680
9
10	- EAPI7
11	- Remove empty/unused variable assignments
12	- Add patch submitted to upstream repo to remedy CVE-2013-7488
13
14	Bug: https://bugs.gentoo.org/716680
15	Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
16	Bug: https://github.com/gbarr/perl-Convert-ASN1/issues/14
17	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879
18	Package-Manager: Portage-2.3.100, Repoman-2.3.22
19	Signed-off-by: Kent Fredric <kentnl <AT> gentoo.org>
20
21	.../Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild \| 27 +++++++++++++
22	.../files/Convert-ASN1-0.270.0-CVE-2013-7488.patch \| 45 ++++++++++++++++++++++
23	2 files changed, 72 insertions(+)
24
25	diff --git a/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild b/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild
26	new file mode 100644
27	index 00000000000..99a786a4ec7
28	--- /dev/null
29	+++ b/dev-perl/Convert-ASN1/Convert-ASN1-0.270.0-r1.ebuild
30	@@ -0,0 +1,27 @@
31	+# Copyright 1999-2020 Gentoo Authors
32	+# Distributed under the terms of the GNU General Public License v2
33	+
34	+EAPI=7
35	+
36	+DIST_AUTHOR=GBARR
37	+DIST_VERSION=0.27
38	+inherit perl-module
39	+
40	+DESCRIPTION="Standard en/decode of ASN.1 structures"
41	+
42	+SLOT="0"
43	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~x86-solaris"
44	+IUSE="test"
45	+RESTRICT="!test? ( test )"
46	+
47	+BDEPEND="
48	+ >=virtual/perl-ExtUtils-MakeMaker-6.300.0
49	+ test? (
50	+ >=virtual/perl-Math-BigInt-1.997.0
51	+ >=virtual/perl-Test-Simple-0.900.0
52	+ )
53	+"
54	+PATCHES=(
55	+ "${FILESDIR}/${P}-perl-526.patch"
56	+ "${FILESDIR}/${PN}-0.270.0-CVE-2013-7488.patch"
57	+)
58
59	diff --git a/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch
60	new file mode 100644
61	index 00000000000..1922eceaa30
62	--- /dev/null
63	+++ b/dev-perl/Convert-ASN1/files/Convert-ASN1-0.270.0-CVE-2013-7488.patch
64	@@ -0,0 +1,45 @@
65	+From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001
66	+From: Dana Jacobsen <dana@×××.org>
67	+Date: Tue, 29 Oct 2013 08:37:48 -0700
68	+Subject: [PATCH 1/2] Fix unsafe decoding in indef case
69	+
70	+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
71	+---
72	+ lib/Convert/ASN1/_decode.pm \| 1 +
73	+ 1 file changed, 1 insertion(+)
74	+
75	+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
76	+index e811e8d..eb2b584 100644
77	+--- a/lib/Convert/ASN1/_decode.pm
78	++++ b/lib/Convert/ASN1/_decode.pm
79	+@@ -685,6 +685,7 @@ sub _scan_indef {
80	+ if((ord($tag) & 0x1f) == 0x1f) {
81	+ my $b;
82	+ do {
83	++ return if $pos >= $end;
84	+ $tag .= substr($_[0],$pos++,1);
85	+ $b = ord substr($tag,-1);
86	+ } while($b & 0x80);
87	+
88	+From 8125d99e15596fee1b5f904ed74a76bccf54082d Mon Sep 17 00:00:00 2001
89	+From: Dana Jacobsen <dana@×××.org>
90	+Date: Tue, 29 Oct 2013 08:53:09 -0700
91	+Subject: [PATCH 2/2] Add second part of position check
92	+
93	+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
94	+---
95	+ lib/Convert/ASN1/_decode.pm \| 1 +
96	+ 1 file changed, 1 insertion(+)
97	+
98	+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
99	+index eb2b584..67b95aa 100644
100	+--- a/lib/Convert/ASN1/_decode.pm
101	++++ b/lib/Convert/ASN1/_decode.pm
102	+@@ -679,6 +679,7 @@ sub _scan_indef {
103	+ $pos += 2;
104	+ next;
105	+ }
106	++ return if $pos >= $end;
107	+
108	+ my $tag = substr($_[0], $pos++, 1);
109	+

Gentoo Archives: gentoo-commits