summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2010-12-26 17:28:31 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2010-12-26 17:28:31 +0000
commitf03320408e516984fee4fcb89f86a19ed157bda8 (patch)
tree45e02fd044d7427de7896ae5f9d55d8d95bb7b15 /dev-libs/opensc
parentAdded ~mips, bug 263337 (diff)
downloadhistorical-f03320408e516984fee4fcb89f86a19ed157bda8.tar.gz
historical-f03320408e516984fee4fcb89f86a19ed157bda8.tar.bz2
historical-f03320408e516984fee4fcb89f86a19ed157bda8.zip
Add patch to fix possible buffer overflows; thanks to Tim Sammut (underling) for reporting in bug #349567.
Package-Manager: portage-2.2.0_alpha10/cvs/Linux x86_64
Diffstat (limited to 'dev-libs/opensc')
-rw-r--r--dev-libs/opensc/ChangeLog10
-rw-r--r--dev-libs/opensc/Manifest11
-rw-r--r--dev-libs/opensc/files/opensc-0.11.13-overflows.patch71
-rw-r--r--dev-libs/opensc/opensc-0.11.13-r2.ebuild (renamed from dev-libs/opensc/opensc-0.11.13-r1.ebuild)3
4 files changed, 88 insertions, 7 deletions
diff --git a/dev-libs/opensc/ChangeLog b/dev-libs/opensc/ChangeLog
index 02036cd82d41..297d921ac450 100644
--- a/dev-libs/opensc/ChangeLog
+++ b/dev-libs/opensc/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for dev-libs/opensc
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/opensc/ChangeLog,v 1.102 2010/11/29 13:43:03 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/opensc/ChangeLog,v 1.103 2010/12/26 17:28:31 flameeyes Exp $
+
+*opensc-0.11.13-r2 (26 Dec 2010)
+
+ 26 Dec 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+ -opensc-0.11.13-r1.ebuild, +opensc-0.11.13-r2.ebuild,
+ +files/opensc-0.11.13-overflows.patch:
+ Add patch to fix possible buffer overflows; thanks to Tim Sammut (underling)
+ for reporting in bug #349567.
*opensc-0.11.13-r1 (29 Nov 2010)
diff --git a/dev-libs/opensc/Manifest b/dev-libs/opensc/Manifest
index 80dd2f1e52b5..8119ba3c75d3 100644
--- a/dev-libs/opensc/Manifest
+++ b/dev-libs/opensc/Manifest
@@ -2,15 +2,16 @@
Hash: SHA1
AUX opensc-0.11.13+pcsc-lite-1.6.2.patch 2581 RMD160 ecff368edb374c1f5965b34f0e342fc5ac7e1e45 SHA1 969d4e9312b9056288d4699c4275a9d118d50443 SHA256 de08b3a968068ed600aa172891be59f0bb0b8a432bc6eea8fcc99a405ee309f5
+AUX opensc-0.11.13-overflows.patch 2463 RMD160 d5879f4f5acde30828904c78df5f8973d071d49b SHA1 701383d7df0ccf4e154361a43f23c552eee1b498 SHA256 fd2071a803ed34ec961ab7a4dcddedaf00180e2fc54a1b53f9af945f2960c921
DIST opensc-0.11.13.tar.gz 1513327 RMD160 cd900866e51cd64fa7c5a3287cd58193dec26528 SHA1 408b374286004c3df15ec17856f69fd4c2a1aceb SHA256 a9a42d6d51fb500f34248fcd0d4083c99d25bc5e74df60fe4efa19b5b4e6d890
-EBUILD opensc-0.11.13-r1.ebuild 1460 RMD160 d958f723fc37e1b444b98e238c17287345e527be SHA1 0d4df7abb33160ad1398377c9ab5486a7191970f SHA256 66a8d9c79f83ce851e5995872f34c16c5e286a32e8ce2fd6d840f7945339da7e
+EBUILD opensc-0.11.13-r2.ebuild 1503 RMD160 daaf90f071ea3665d6708533d6cf794f128ea76b SHA1 adf484899b7f6e6205ea8d9106728afd4d625019 SHA256 6e691274126ec7f062a5e175404e589a98b554162306960e880d269182de172e
EBUILD opensc-0.11.13.ebuild 1288 RMD160 e5266eda5f28fdbf5e089819b535e95a963de651 SHA1 88c390b973d87168b2c225ec06202f66ff56b057 SHA256 feda7102d4b9446ee2de8bd20e8d588ec078d07863fbb3080c4fe5bce9f7172e
-MISC ChangeLog 14230 RMD160 7dea7d733cca6e9997bde756008524a1d0a49fc6 SHA1 bf252d55e9c99af47e28fa18fcd1274745f2f93b SHA256 001a9a4c366109d19924e25588c06b8393fd3e70e2a5eb13cc1651cc7039e311
+MISC ChangeLog 14529 RMD160 b7ff2c624d923ada3cf4326c0138eeb0ffd8d66e SHA1 9c1510f85867286f3abf1abfc83cb552c563a8cf SHA256 1a22e813f2a49b0f1b97da7c9329f016ce1fc0b4fc7927a54fd0d248d7cbff3a
MISC metadata.xml 829 RMD160 1a574a0817d81d05bc4f59f937d0d61b9545e59e SHA1 081a453e313ceca31c4eaa3dbea1c69090b340fd SHA256 cde88ffbae200b6e98bbd2d0519c2bc7d0c2745ac0f59931e53db815ccd222dc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
-iEYEARECAAYFAkzzraAACgkQAiZjviIA2XjB7gCgyQRZniKNa4eCfFqeXp0wfYPR
-3zMAn1Vqr0LYbea2d6AMG6wuqZI6aqXJ
-=Yv61
+iEYEARECAAYFAk0Xex4ACgkQAiZjviIA2XgIRACguBh7/uBbvnN7hnaBkiKlQY+c
+4vkAn1hPBVBeeSW5kvRgiPhDsLUkywMG
+=pi26
-----END PGP SIGNATURE-----
diff --git a/dev-libs/opensc/files/opensc-0.11.13-overflows.patch b/dev-libs/opensc/files/opensc-0.11.13-overflows.patch
new file mode 100644
index 000000000000..3b83e2d45f37
--- /dev/null
+++ b/dev-libs/opensc/files/opensc-0.11.13-overflows.patch
@@ -0,0 +1,71 @@
+--- a/src/libopensc/internal.h
++++ b/src/libopensc/internal.h
+@@ -49,6 +49,13 @@ extern "C" {
+ #define sleep(t) Sleep((t) * 1000)
+ #endif
+
++#ifndef MAX
++#define MAX(x, y) (((x) > (y)) ? (x) : (y))
++#endif
++#ifndef MIN
++#define MIN(x, y) (((x) < (y)) ? (x) : (y))
++#endif
++
+ struct sc_atr_table {
+ /* The atr fields are required to
+ * be in aa:bb:cc hex format. */
+--- a/src/libopensc/muscle.c
++++ b/src/libopensc/muscle.c
+@@ -31,13 +31,6 @@
+ #define MSC_DSA_PUBLIC 0x04
+ #define MSC_DSA_PRIVATE 0x05
+
+-#ifndef MAX
+-#define MAX(x, y) (((x) > (y)) ? (x) : (y))
+-#endif
+-#ifndef MIN
+-#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+-#endif
+-
+ static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } };
+ static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } };
+
+--- a/src/libopensc/card-acos5.c
++++ b/src/libopensc/card-acos5.c
+@@ -138,8 +138,8 @@ static int acos5_get_serialnr(sc_card_t * card, sc_serial_number_t * serial)
+ /*
+ * Cache serial number.
+ */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+
+ /*
+ * Copy and return serial number.
+--- a/src/libopensc/card-atrust-acos.c
++++ b/src/libopensc/card-atrust-acos.c
+@@ -842,8 +842,8 @@ static int acos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
+ if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ return SC_ERROR_INTERNAL;
+ /* cache serial number */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ /* copy and return serial number */
+ memcpy(serial, &card->serialnr, sizeof(*serial));
+ return SC_SUCCESS;
+--- a/src/libopensc/card-starcos.c
++++ b/src/libopensc/card-starcos.c
+@@ -1279,8 +1279,8 @@ static int starcos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
+ if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ return SC_ERROR_INTERNAL;
+ /* cache serial number */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ /* copy and return serial number */
+ memcpy(serial, &card->serialnr, sizeof(*serial));
+ return SC_SUCCESS;
diff --git a/dev-libs/opensc/opensc-0.11.13-r1.ebuild b/dev-libs/opensc/opensc-0.11.13-r2.ebuild
index e342c041576a..6ad29aec7797 100644
--- a/dev-libs/opensc/opensc-0.11.13-r1.ebuild
+++ b/dev-libs/opensc/opensc-0.11.13-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/opensc/opensc-0.11.13-r1.ebuild,v 1.1 2010/11/29 13:43:03 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/opensc/opensc-0.11.13-r2.ebuild,v 1.1 2010/12/26 17:28:31 flameeyes Exp $
EAPI="2"
@@ -36,6 +36,7 @@ pkg_setup() {
src_prepare() {
epatch "${FILESDIR}"/${P}+pcsc-lite-1.6.2.patch
+ epatch "${FILESDIR}"/${P}-overflows.patch
eautoreconf
}