development/pycrypto: Updated for version 2.0.1

1 files changed, 24 insertions, 0 deletions

diff --git a/development/pycrypto/pycrypto-CVE-2009-0544.patch b/development/pycrypto/pycrypto-CVE-2009-0544.patch
new file mode 100644
index 0000000000..7d2f11dcd2
--- /dev/null
+++ b/development/pycrypto/pycrypto-CVE-2009-0544.patch
@@ -0,0 +1,24 @@
+diff -p -up pycrypto-2.0.1/src/ARC2.c.orig pycrypto-2.0.1/src/ARC2.c
+--- pycrypto-2.0.1/src/ARC2.c.orig	2002-05-17 10:34:45.000000000 -0300
++++ pycrypto-2.0.1/src/ARC2.c	2009-02-20 13:50:28.000000000 -0300
+@@ -11,6 +11,7 @@
+  */
+ 
+ #include <string.h>  
++#include "Python.h"
+ 
+ #define MODULE_NAME ARC2
+ #define BLOCK_SIZE 8
+@@ -146,6 +147,12 @@ block_init(block_state *self, U8 *key, i
+ 	   We'll hardwire it to 1024. */
+ #define bits 1024
+ 
++        if ((U32)keylength > sizeof(self->xkey)) {
++                PyErr_SetString(PyExc_ValueError,
++                                "ARC2 key length must be less than 128 bytes");
++                return;
++        }
++ 
+ 	memcpy(self->xkey, key, keylength);
+   
+ 	/* Phase 1: Expand input key to 128 bytes */