CVS commit: pkgsrc/security/libtomcrypt

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sat Jul 27 06:06:46 UTC 2024

Modified Files:
        pkgsrc/security/libtomcrypt: Makefile distinfo
Added Files:
        pkgsrc/security/libtomcrypt/patches:
            patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c

Log Message:
libtomcrypt: fix CVE-2019-17362 using upstream patch

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/libtomcrypt/Makefile \
    pkgsrc/security/libtomcrypt/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/libtomcrypt/patches/patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/libtomcrypt/Makefile
diff -u pkgsrc/security/libtomcrypt/Makefile:1.10 pkgsrc/security/libtomcrypt/Makefile:1.11
--- pkgsrc/security/libtomcrypt/Makefile:1.10   Fri Jul 26 16:02:08 2024
+++ pkgsrc/security/libtomcrypt/Makefile        Sat Jul 27 06:06:46 2024
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2024/07/26 16:02:08 wiz Exp $
+# $NetBSD: Makefile,v 1.11 2024/07/27 06:06:46 wiz Exp $
 
 DISTNAME=      crypt-1.18.2
 PKGNAME=       libtom${DISTNAME}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libtom/}
 GITHUB_RELEASE=        v${PKGVERSION_NOREV}
Index: pkgsrc/security/libtomcrypt/distinfo
diff -u pkgsrc/security/libtomcrypt/distinfo:1.10 pkgsrc/security/libtomcrypt/distinfo:1.11
--- pkgsrc/security/libtomcrypt/distinfo:1.10   Tue Oct 26 11:17:17 2021
+++ pkgsrc/security/libtomcrypt/distinfo        Sat Jul 27 06:06:46 2024
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.10 2021/10/26 11:17:17 nia Exp $
+$NetBSD: distinfo,v 1.11 2024/07/27 06:06:46 wiz Exp $
 
 BLAKE2s (crypt-1.18.2.tar.xz) = ec4318a9ff32931e3239b94d170c333c9f5a963af5772d4e597b257b3d22d89c
 SHA512 (crypt-1.18.2.tar.xz) = f6117a12a42b07f8de4a8aedbccf6ff4ee94b4b81cb7263af99627c32eae646ca8ead7d3063737918db4aa118673001fcf2cfa8e4ca8b528fb00045fda7cc893
 Size (crypt-1.18.2.tar.xz) = 2638064 bytes
 SHA1 (patch-ab) = 8c3750217ec90663a90f2b871e8eb8a940fe2fb0
+SHA1 (patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c) = 56bd2f004304611b388068dd2c7826622c02b03a

Added files:

Index: pkgsrc/security/libtomcrypt/patches/patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c
diff -u /dev/null pkgsrc/security/libtomcrypt/patches/patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c:1.1
--- /dev/null   Sat Jul 27 06:06:46 2024
+++ pkgsrc/security/libtomcrypt/patches/patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c  Sat Jul 27 06:06:46 2024
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_pk_asn1_der_utf8_der__decode__utf8__string.c,v 1.1 2024/07/27 06:06:46 wiz Exp $
+
+Fix CVE-2019-17362 using
+https://github.com/libtom/libtomcrypt/commit/25c26a3b7a9ad8192ccc923e15cf62bf0108ef94
+
+--- src/pk/asn1/der/utf8/der_decode_utf8_string.c.orig 2024-07-27 06:03:31.719515951 +0000
++++ src/pk/asn1/der/utf8/der_decode_utf8_string.c
+@@ -76,7 +76,7 @@ int der_decode_utf8_string(const unsigne
+       /* count number of bytes */
+       for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
+ 
+-      if (z > 4 || (x + (z - 1) > inlen)) {
++      if (z == 1 || z > 4 || (x + (z - 1) > inlen)) {
+          return CRYPT_INVALID_PACKET;
+       }
+