X-Original-To: alpine-aports@mail.alpinelinux.org
Delivered-To: alpine-aports@mail.alpinelinux.org
Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1])
	by mail.alpinelinux.org (Postfix) with ESMTP id 990AADC0AF5
	for <alpine-aports@mail.alpinelinux.org>; Sat, 25 Jul 2015 12:09:20 +0000 (UTC)
Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 3D9E9DC0096
	for <alpine-aports@lists.alpinelinux.org>; Sat, 25 Jul 2015 12:09:18 +0000 (UTC)
Received: by wibud3 with SMTP id ud3so62082462wib.0
        for <alpine-aports@lists.alpinelinux.org>; Sat, 25 Jul 2015 05:09:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:to:subject:date:message-id;
        bh=Rw+htU70N3SbJhLDcvnLSM73WO9j0SIW9TprB+yCVwY=;
        b=CBSN2hH+8QhJ82/OZoECm1ctywONjugeXeFgN+NveHWTszOBdtAuVFd75NidyWc2aQ
         YYjo10RqRlPXJ+8xgTlVnIGBnlaS7QoonbD5m+MmhaRgdXmPGtxfmMKJVavhSdrkJaS+
         Ph/8gjXm1/SwGx9mEHkY3zCRoX6OYpvptdq9XPw084cYSin6QinPvCrI72ViNUXUGpnK
         bLgOPy6ZawQ5BWB59WdSnkbrvikaGTdttc22LVQ3AvviPF10XZ6Hz/LGgGWjmVnI72H7
         vMbeIdUPFmeTNEgZXum96el937mbj2yEXdZDXXeV/3JwVOaqdAXe+O2eWTLwyNLoF+Q7
         PWuw==
X-Received: by 10.180.77.115 with SMTP id r19mr6199612wiw.9.1437826157166;
        Sat, 25 Jul 2015 05:09:17 -0700 (PDT)
Received: from alpine.my.domain (84.127.133.51.dyn.user.ono.com. [84.127.133.51])
        by smtp.gmail.com with ESMTPSA id gc4sm3027386wib.23.2015.07.25.05.09.15
        for <alpine-aports@lists.alpinelinux.org>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sat, 25 Jul 2015 05:09:16 -0700 (PDT)
From: AmatCoder <amatcoder@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Subject: [alpine-aports] [PATCH] testing/crypto++: security fix for CVE-2015-2141
Date: Sat, 25 Jul 2015 12:02:35 +0000
Message-Id: <1437825755-3414-1-git-send-email-amatcoder@gmail.com>
X-Mailer: git-send-email 2.4.1
X-Virus-Scanned: ClamAV using ClamSMTP
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

---
 testing/crypto++/APKBUILD            | 14 +++++++++-----
 testing/crypto++/CVE-2015-2141.patch | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 5 deletions(-)
 create mode 100644 testing/crypto++/CVE-2015-2141.patch

diff --git a/testing/crypto++/APKBUILD b/testing/crypto++/APKBUILD
index 77fa512..6632f7c 100644
--- a/testing/crypto++/APKBUILD
+++ b/testing/crypto++/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: August Klein <amatcoder_at_gmail.com>
 pkgname=crypto++
 pkgver=5.6.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A free C++ class library of cryptographic schemes"
 url="http://www.cryptopp.com"
 arch="all"
@@ -12,7 +12,8 @@ depends_dev=""
 makedepends="$depends_dev"
 install=""
 subpackages="$pkgname-dev"
-source="http://downloads.sourceforge.net/cryptopp/cryptopp562.zip"
+source="http://downloads.sourceforge.net/cryptopp/cryptopp562.zip
+	CVE-2015-2141.patch"
 
 _builddir="$srcdir"
 prepare() {
@@ -41,6 +42,9 @@ package() {
 	cp *.h "$pkgdir"/usr/include/cryptopp || return 1
 }
 
-md5sums="7ed022585698df48e65ce9218f6c6a67  cryptopp562.zip"
-sha256sums="5cbfd2fcb4a6b3aab35902e2e0f3b59d9171fee12b3fc2b363e1801dfec53574  cryptopp562.zip"
-sha512sums="016ca7ebad1091d67ad0bc5ccb7549d96d4af6b563d9d5a612cae27b3d1a3514c41b954e319fed91c820e8c701e3aa43da186e0864bf959ce4afd1539248ebbe  cryptopp562.zip"
+md5sums="7ed022585698df48e65ce9218f6c6a67  cryptopp562.zip
+7ff9a215b9244b4f8a17c7185e27beda  CVE-2015-2141.patch"
+sha256sums="5cbfd2fcb4a6b3aab35902e2e0f3b59d9171fee12b3fc2b363e1801dfec53574  cryptopp562.zip
+611980b01fd4292bc40b929e62a0cdecf1ea87c8b4639bca7c286b83c8c948fc  CVE-2015-2141.patch"
+sha512sums="016ca7ebad1091d67ad0bc5ccb7549d96d4af6b563d9d5a612cae27b3d1a3514c41b954e319fed91c820e8c701e3aa43da186e0864bf959ce4afd1539248ebbe  cryptopp562.zip
+4407833fbfb44c3571edccd916323a97427ee3c0f37b49d5a6851a196e6913954801cb9df3b01b956e8d990904fb710a0a57918c44596e8218b4c08b1b729bf1  CVE-2015-2141.patch"
diff --git a/testing/crypto++/CVE-2015-2141.patch b/testing/crypto++/CVE-2015-2141.patch
new file mode 100644
index 0000000..32c5164
--- /dev/null
+++ b/testing/crypto++/CVE-2015-2141.patch
@@ -0,0 +1,32 @@
+From 9425e16437439e68c7d96abef922167d68fafaff Mon Sep 17 00:00:00 2001
+From: Jeffrey Walton <noloader@gmail.com>
+Date: Sat, 27 Jun 2015 17:56:01 -0400
+Subject: [PATCH] Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for
+ reporting. Squaring to satisfy Jacobi requirements suggested by JPM.
+
+---
+ rw.cpp | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/rw.cpp b/rw.cpp
+index cdd9f2d..0b9318b 100644
+--- a/rw.cpp
++++ b/rw.cpp
+@@ -126,10 +126,16 @@ Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const
+ 	DoQuickSanityCheck();
+ 	ModularArithmetic modn(m_n);
+ 	Integer r, rInv;
+-	do {	// do this in a loop for people using small numbers for testing
++
++	// do this in a loop for people using small numbers for testing
++	do {
+ 		r.Randomize(rng, Integer::One(), m_n - Integer::One());
++		// Fix for CVE-2015-2141. Thanks to Evgeny Sidorov for reporting.
++		// Squaring to satisfy Jacobi requirements suggested by JPM.
++		r = modn.Square(r);
+ 		rInv = modn.MultiplicativeInverse(r);
+ 	} while (rInv.IsZero());
++
+ 	Integer re = modn.Square(r);
+ 	re = modn.Multiply(re, x);			// blind
+ 
-- 
2.4.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---