2 files changed, 73 insertions, 0 deletions

diff --git a/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch
new file mode 100644
index 000000000000..77d74ee729e9
--- /dev/null
+++ b/dev-libs/crypto++/files/crypto++-5.6.4-nonative.patch
@@ -0,0 +1,28 @@
+Index: work/GNUmakefile
+===================================================================
+--- work.orig/GNUmakefile
++++ work/GNUmakefile
+@@ -125,23 +125,6 @@ ifeq ($(IS_X86)$(IS_X32)$(IS_CYGWIN)$(IS
+  endif
+ endif
+ 
+-# Guard use of -march=native
+-ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)
+-   CXXFLAGS += -march=native
+-else ifneq ($(CLANG_COMPILER)$(INTEL_COMPILER),00)
+-   CXXFLAGS += -march=native
+-else
+-  # GCC 3.3 and "unknown option -march="
+-  # Ubuntu GCC 4.1 compiler crash with -march=native
+-  # NetBSD GCC 4.8 compiler and "bad value (native) for -march= switch"
+-  # Sun compiler is handled below
+-  ifeq ($(SUN_COMPILER)$(IS_X64),01)
+-    CXXFLAGS += -m64
+-  else ifeq ($(SUN_COMPILER)$(IS_X86),01)
+-    CXXFLAGS += -m32
+-  endif # X86/X32/X64
+-endif
+-
+ # Aligned access required for -O3 and above due to vectorization
+ UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
+ ifneq ($(UNALIGNED_ACCESS),0)
diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
new file mode 100644
index 000000000000..428f48901a31
--- /dev/null
+++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch
@@ -0,0 +1,45 @@
+From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001
+From: Jeffrey Walton <noloader@gmail.com>
+Date: Wed, 10 May 2017 18:17:12 -0400
+Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The
+ improved validation and excpetion clears the Address Sanitizer and Undefined
+ Behavior Sanitizer findings
+
+---
+ zinflate.cpp | 8 +++++++-
+ zinflate.h   | 4 ++++
+ 3 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/zinflate.cpp b/zinflate.cpp
+index 664efe6..fbd7505 100644
+--- a/zinflate.cpp
++++ b/zinflate.cpp
+@@ -550,12 +550,16 @@ bool Inflator::DecodeBody()
+ 						break;

+ 					}

+ 		case DISTANCE_BITS:

++					if (m_distance >= COUNTOF(distanceExtraBits))

++						throw BadDistanceErr();

+ 					bits = distanceExtraBits[m_distance];

+ 					if (!m_reader.FillBuffer(bits))

+ 					{

+ 						m_nextDecode = DISTANCE_BITS;

+ 						break;

+ 					}

++					if (m_distance >= COUNTOF(distanceStarts))

++						throw BadDistanceErr();

+ 					m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];

+ 					OutputPast(m_literal, m_distance);

+ 				}

+diff --git a/zinflate.h b/zinflate.h
+index e2fd237..c47d2f6 100644
+--- a/zinflate.h
++++ b/zinflate.h
+@@ -96,6 +96,7 @@ public:
+ 	};

+ 	class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}};

+ 	class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}};

++	class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}};

+ 

+ 	//! \brief RFC 1951 Decompressor

+ 	//! \param attachment the filter's attached transformation