Crypto++ 5.6.5

The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes.

The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea.

Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.

7 files changed, 176 insertions, 98 deletions

diff --git a/security/crypto++/Makefile b/security/crypto++/Makefile
index d230c9a6dd4..faccceae474 100644
--- a/security/crypto++/Makefile
+++ b/security/crypto++/Makefile
@@ -1,34 +1,24 @@
-# $NetBSD: Makefile,v 1.20 2015/03/27 14:14:26 rodent Exp $
-#
+# $NetBSD: Makefile,v 1.21 2017/05/18 21:20:23 adam Exp $
 
-DISTNAME=		cryptopp562
-PKGNAME=		cryptopp-5.6.2
-PKGREVISION=		3
-CATEGORIES=		security
-MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=cryptopp/}
-EXTRACT_SUFX=		.zip
+DISTNAME=	cryptopp565
+PKGNAME=	cryptopp-5.6.5
+CATEGORIES=	security
+MASTER_SITES=	${HOMEPAGE}
+EXTRACT_SUFX=	.zip
 
-MAINTAINER=		pkgsrc-users@NetBSD.org
-HOMEPAGE=		http://www.cryptopp.com/
-COMMENT=		Free C++ class library of Cryptographic Primitives
-LICENSE=		boost-license
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	http://www.cryptopp.com/
+COMMENT=	Free C++ class library of Cryptographic Primitives
+LICENSE=	boost-license
 
+USE_LANGUAGES=		c++
 USE_TOOLS+=		gmake
 MAKE_FILE=		GNUmakefile
 WRKSRC=			${WRKDIR}
-USE_LANGUAGES=		c++
 CPPFLAGS+=		-DCRYPTOPP_DISABLE_ASM -fPIC
-BUILD_TARGET+=		all dynamic
-BUILDLINK_TRANSFORM+=	rm:-pipe rm:-msse2
-
-AUTO_MKDIRS=			yes
+BUILD_TARGET=		all static shared
 
-do-install:
-	${INSTALL_PROGRAM} ${WRKSRC}/cryptest.exe ${DESTDIR}${PREFIX}/bin/cryptest
-	${INSTALL_DATA} ${WRKSRC}/libcryptopp.a ${DESTDIR}${PREFIX}/lib
-	${INSTALL_LIB} ${WRKSRC}/libcryptopp.so ${DESTDIR}${PREFIX}/lib
-	${INSTALL_DATA} ${WRKSRC}/Readme.txt ${DESTDIR}${PREFIX}/share/doc/cryptopp/README
-	${INSTALL_DATA} ${WRKSRC}/License.txt ${DESTDIR}${PREFIX}/share/doc/cryptopp/License
-	cd ${WRKSRC} && ${INSTALL_DATA} *.h ${DESTDIR}${PREFIX}/include/cryptopp
+post-install:
+	${MV} ${DESTDIR}${PREFIX}/bin/cryptest.exe ${DESTDIR}${PREFIX}/bin/cryptest
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/crypto++/PLIST b/security/crypto++/PLIST
index 6ee34300d91..9270a3d04f4 100644
--- a/security/crypto++/PLIST
+++ b/security/crypto++/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2015/03/27 14:14:26 rodent Exp $
+@comment $NetBSD: PLIST,v 1.7 2017/05/18 21:20:23 adam Exp $
 bin/cryptest
 include/cryptopp/3way.h
 include/cryptopp/adler32.h
@@ -13,12 +13,14 @@ include/cryptopp/base32.h
 include/cryptopp/base64.h
 include/cryptopp/basecode.h
 include/cryptopp/bench.h
+include/cryptopp/blake2.h
 include/cryptopp/blowfish.h
 include/cryptopp/blumshub.h
 include/cryptopp/camellia.h
 include/cryptopp/cast.h
 include/cryptopp/cbcmac.h
 include/cryptopp/ccm.h
+include/cryptopp/chacha.h
 include/cryptopp/channels.h
 include/cryptopp/cmac.h
 include/cryptopp/config.h
@@ -41,6 +43,7 @@ include/cryptopp/emsa2.h
 include/cryptopp/eprecomp.h
 include/cryptopp/esign.h
 include/cryptopp/factory.h
+include/cryptopp/fhmqv.h
 include/cryptopp/files.h
 include/cryptopp/filters.h
 include/cryptopp/fips140.h
@@ -53,12 +56,15 @@ include/cryptopp/gfpcrypt.h
 include/cryptopp/gost.h
 include/cryptopp/gzip.h
 include/cryptopp/hex.h
+include/cryptopp/hkdf.h
 include/cryptopp/hmac.h
+include/cryptopp/hmqv.h
 include/cryptopp/hrtimer.h
 include/cryptopp/ida.h
 include/cryptopp/idea.h
 include/cryptopp/integer.h
 include/cryptopp/iterhash.h
+include/cryptopp/keccak.h
 include/cryptopp/lubyrack.h
 include/cryptopp/luc.h
 include/cryptopp/mars.h
@@ -66,6 +72,7 @@ include/cryptopp/md2.h
 include/cryptopp/md4.h
 include/cryptopp/md5.h
 include/cryptopp/mdc.h
+include/cryptopp/mersenne.h
 include/cryptopp/misc.h
 include/cryptopp/modarith.h
 include/cryptopp/modes.h
@@ -78,6 +85,7 @@ include/cryptopp/nr.h
 include/cryptopp/oaep.h
 include/cryptopp/oids.h
 include/cryptopp/osrng.h
+include/cryptopp/ossig.h
 include/cryptopp/panama.h
 include/cryptopp/pch.h
 include/cryptopp/pkcspad.h
@@ -91,6 +99,7 @@ include/cryptopp/randpool.h
 include/cryptopp/rc2.h
 include/cryptopp/rc5.h
 include/cryptopp/rc6.h
+include/cryptopp/rdrand.h
 include/cryptopp/resource.h
 include/cryptopp/rijndael.h
 include/cryptopp/ripemd.h
@@ -119,6 +128,7 @@ include/cryptopp/stdcpp.h
 include/cryptopp/strciphr.h
 include/cryptopp/tea.h
 include/cryptopp/tiger.h
+include/cryptopp/trap.h
 include/cryptopp/trdlocal.h
 include/cryptopp/trunhash.h
 include/cryptopp/ttmac.h
@@ -137,5 +147,109 @@ include/cryptopp/zinflate.h
 include/cryptopp/zlib.h
 lib/libcryptopp.a
 lib/libcryptopp.so
-share/doc/cryptopp/License
-share/doc/cryptopp/README
+share/cryptopp/TestData/3desval.dat
+share/cryptopp/TestData/3wayval.dat
+share/cryptopp/TestData/camellia.dat
+share/cryptopp/TestData/cast128v.dat
+share/cryptopp/TestData/cast256v.dat
+share/cryptopp/TestData/descert.dat
+share/cryptopp/TestData/dh1024.dat
+share/cryptopp/TestData/dh2048.dat
+share/cryptopp/TestData/dlie1024.dat
+share/cryptopp/TestData/dlie2048.dat
+share/cryptopp/TestData/dsa1024.dat
+share/cryptopp/TestData/dsa1024b.dat
+share/cryptopp/TestData/dsa512.dat
+share/cryptopp/TestData/elgc1024.dat
+share/cryptopp/TestData/esig1023.dat
+share/cryptopp/TestData/esig1536.dat
+share/cryptopp/TestData/esig2046.dat
+share/cryptopp/TestData/fhmqv160.dat
+share/cryptopp/TestData/fhmqv256.dat
+share/cryptopp/TestData/fhmqv384.dat
+share/cryptopp/TestData/fhmqv512.dat
+share/cryptopp/TestData/gostval.dat
+share/cryptopp/TestData/hmqv160.dat
+share/cryptopp/TestData/hmqv256.dat
+share/cryptopp/TestData/hmqv384.dat
+share/cryptopp/TestData/hmqv512.dat
+share/cryptopp/TestData/ideaval.dat
+share/cryptopp/TestData/luc1024.dat
+share/cryptopp/TestData/luc2048.dat
+share/cryptopp/TestData/lucc1024.dat
+share/cryptopp/TestData/lucc512.dat
+share/cryptopp/TestData/lucd1024.dat
+share/cryptopp/TestData/lucd512.dat
+share/cryptopp/TestData/lucs1024.dat
+share/cryptopp/TestData/lucs512.dat
+share/cryptopp/TestData/marsval.dat
+share/cryptopp/TestData/mqv1024.dat
+share/cryptopp/TestData/mqv2048.dat
+share/cryptopp/TestData/nr1024.dat
+share/cryptopp/TestData/nr2048.dat
+share/cryptopp/TestData/rabi1024.dat
+share/cryptopp/TestData/rabi2048.dat
+share/cryptopp/TestData/rc2val.dat
+share/cryptopp/TestData/rc5val.dat
+share/cryptopp/TestData/rc6val.dat
+share/cryptopp/TestData/rijndael.dat
+share/cryptopp/TestData/rsa1024.dat
+share/cryptopp/TestData/rsa2048.dat
+share/cryptopp/TestData/rsa400pb.dat
+share/cryptopp/TestData/rsa400pv.dat
+share/cryptopp/TestData/rsa512a.dat
+share/cryptopp/TestData/rw1024.dat
+share/cryptopp/TestData/rw2048.dat
+share/cryptopp/TestData/saferval.dat
+share/cryptopp/TestData/serpentv.dat
+share/cryptopp/TestData/shacal2v.dat
+share/cryptopp/TestData/sharkval.dat
+share/cryptopp/TestData/skipjack.dat
+share/cryptopp/TestData/squareva.dat
+share/cryptopp/TestData/twofishv.dat
+share/cryptopp/TestData/usage.dat
+share/cryptopp/TestData/xtrdh171.dat
+share/cryptopp/TestData/xtrdh342.dat
+share/cryptopp/TestVectors/Readme.txt
+share/cryptopp/TestVectors/aes.txt
+share/cryptopp/TestVectors/all.txt
+share/cryptopp/TestVectors/blake2.txt
+share/cryptopp/TestVectors/blake2b.txt
+share/cryptopp/TestVectors/blake2s.txt
+share/cryptopp/TestVectors/camellia.txt
+share/cryptopp/TestVectors/ccm.txt
+share/cryptopp/TestVectors/chacha.txt
+share/cryptopp/TestVectors/cmac.txt
+share/cryptopp/TestVectors/dlies.txt
+share/cryptopp/TestVectors/dsa.txt
+share/cryptopp/TestVectors/dsa_1363.txt
+share/cryptopp/TestVectors/dsa_rfc6979.txt
+share/cryptopp/TestVectors/eax.txt
+share/cryptopp/TestVectors/esign.txt
+share/cryptopp/TestVectors/gcm.txt
+share/cryptopp/TestVectors/hkdf.txt
+share/cryptopp/TestVectors/hmac.txt
+share/cryptopp/TestVectors/keccak.txt
+share/cryptopp/TestVectors/mars.txt
+share/cryptopp/TestVectors/nr.txt
+share/cryptopp/TestVectors/panama.txt
+share/cryptopp/TestVectors/rsa_oaep.txt
+share/cryptopp/TestVectors/rsa_pkcs1_1_5.txt
+share/cryptopp/TestVectors/rsa_pss.txt
+share/cryptopp/TestVectors/rw.txt
+share/cryptopp/TestVectors/salsa.txt
+share/cryptopp/TestVectors/seal.txt
+share/cryptopp/TestVectors/seed.txt
+share/cryptopp/TestVectors/sha.txt
+share/cryptopp/TestVectors/sha3_224_fips_202.txt
+share/cryptopp/TestVectors/sha3_256_fips_202.txt
+share/cryptopp/TestVectors/sha3_384_fips_202.txt
+share/cryptopp/TestVectors/sha3_512_fips_202.txt
+share/cryptopp/TestVectors/sha3_fips_202.txt
+share/cryptopp/TestVectors/shacal2.txt
+share/cryptopp/TestVectors/sosemanuk.txt
+share/cryptopp/TestVectors/tea.txt
+share/cryptopp/TestVectors/ttmac.txt
+share/cryptopp/TestVectors/vmac.txt
+share/cryptopp/TestVectors/wake.txt
+share/cryptopp/TestVectors/whrlpool.txt
diff --git a/security/crypto++/buildlink3.mk b/security/crypto++/buildlink3.mk
index 8b72cd9cd54..d0996140817 100644
--- a/security/crypto++/buildlink3.mk
+++ b/security/crypto++/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.12 2015/03/27 14:14:26 rodent Exp $
+# $NetBSD: buildlink3.mk,v 1.13 2017/05/18 21:20:23 adam Exp $
 
 BUILDLINK_TREE+=	cryptopp
 
@@ -7,7 +7,7 @@ CRYPTOPP_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.cryptopp+=	cryptopp>=5.6.2
 BUILDLINK_ABI_DEPENDS.cryptopp+=	cryptopp>=5.6.2
-BUILDLINK_PKGSRCDIR.cryptopp?=	../../security/crypto++
+BUILDLINK_PKGSRCDIR.cryptopp?=		../../security/crypto++
 .endif # CRYPTOPP_BUILDLINK3_MK
 
 BUILDLINK_TREE+=	-cryptopp
diff --git a/security/crypto++/distinfo b/security/crypto++/distinfo
index 10bb5e2ca23..99999c7b42a 100644
--- a/security/crypto++/distinfo
+++ b/security/crypto++/distinfo
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 01:17:42 agc Exp $
+$NetBSD: distinfo,v 1.12 2017/05/18 21:20:23 adam Exp $
 
-SHA1 (cryptopp562.zip) = ddc18ae41c2c940317cd6efe81871686846fa293
-RMD160 (cryptopp562.zip) = b41af768b3a5ba927dac44ec554dc2095e21b1bb
-SHA512 (cryptopp562.zip) = 016ca7ebad1091d67ad0bc5ccb7549d96d4af6b563d9d5a612cae27b3d1a3514c41b954e319fed91c820e8c701e3aa43da186e0864bf959ce4afd1539248ebbe
-Size (cryptopp562.zip) = 1137964 bytes
-SHA1 (patch-aa) = 9828c7da35f62bc696ee3c529b20ed3faee9b55b
-SHA1 (patch-config.h) = d89c38eeaa51494c14fd6b6e7e6f436177bcfe0f
+SHA1 (cryptopp565.zip) = a74f207a315b6a133af9640a45bde9d6e378af4d
+RMD160 (cryptopp565.zip) = 4c13bb99dd205d54598527386e88b0dd436fc524
+SHA512 (cryptopp565.zip) = f13718d02ca69b0129aaf9e767c9d2e0333aa7538355f9c63d9eaf1ff369062084a18dc01489439ebf37797b3ea81b01beb072057d47ec962bfb824ddc72abc7
+Size (cryptopp565.zip) = 4220843 bytes
+SHA1 (patch-GNUmakefile) = a83b221092685721c30ba00d152e11a73cf20f1e
diff --git a/security/crypto++/patches/patch-GNUmakefile b/security/crypto++/patches/patch-GNUmakefile
new file mode 100644
index 00000000000..c8c77f593b5
--- /dev/null
+++ b/security/crypto++/patches/patch-GNUmakefile
@@ -0,0 +1,37 @@
+$NetBSD: patch-GNUmakefile,v 1.1 2017/05/18 21:20:23 adam Exp $
+
+Avoid -march=native compiler flag.
+On Darwin, use absolute path to avoid conflict with devel/libtool.
+
+--- GNUmakefile.orig	2016-10-10 23:49:54.000000000 +0000
++++ GNUmakefile
+@@ -125,12 +125,6 @@ ifeq ($(IS_X86)$(IS_X32)$(IS_CYGWIN)$(IS
+  endif
+ endif
+ 
+-# Guard use of -march=native
+-ifeq ($(GCC42_OR_LATER)$(IS_NETBSD),10)
+-   CXXFLAGS += -march=native
+-else ifneq ($(CLANG_COMPILER)$(INTEL_COMPILER),00)
+-   CXXFLAGS += -march=native
+-else
+   # GCC 3.3 and "unknown option -march="
+   # Ubuntu GCC 4.1 compiler crash with -march=native
+   # NetBSD GCC 4.8 compiler and "bad value (native) for -march= switch"
+@@ -140,7 +134,6 @@ else
+   else ifeq ($(SUN_COMPILER)$(IS_X86),01)
+     CXXFLAGS += -m32
+   endif # X86/X32/X64
+-endif
+ 
+ # Aligned access required for -O3 and above due to vectorization
+ UNALIGNED_ACCESS := $(shell $(EGREP) -c "^[[:space:]]*//[[:space:]]*\#[[:space:]]*define[[:space:]]*CRYPTOPP_NO_UNALIGNED_DATA_ACCESS" config.h)
+@@ -271,7 +264,7 @@ endif # OpenMP
+ endif # IS_LINUX
+ 
+ ifneq ($(IS_DARWIN),0)
+-AR = libtool
++AR = /usr/bin/libtool
+ ARFLAGS = -static -o
+ CXX ?= c++
+ ifeq ($(IS_GCC_29),1)
diff --git a/security/crypto++/patches/patch-aa b/security/crypto++/patches/patch-aa
deleted file mode 100644
index 459a6f930b3..00000000000
--- a/security/crypto++/patches/patch-aa
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-aa,v 1.6 2013/08/22 13:15:04 ryoon Exp $
-
---- GNUmakefile.orig	2013-02-20 06:30:52.000000000 +0000
-+++ GNUmakefile
-@@ -1,4 +1,4 @@
--CXXFLAGS = -DNDEBUG -g -O2
-+CXXFLAGS = $(CPPFLAGS) -DNDEBUG -g -O2
- # -O3 fails to link on Cygwin GCC version 4.5.3
- # -fPIC is supported. Please report any breakage of -fPIC as a bug.
- # CXXFLAGS += -fPIC
-@@ -28,18 +28,16 @@ endif
- 
- ifeq ($(ISX86),1)
- 
--GCC42_OR_LATER = $(shell $(CXX) -v 2>&1 | $(EGREP) -c "^gcc version (4.[2-9]|[5-9])")
-+GCC46_OR_LATER = $(shell $(CXX) -v 2>&1 | $(EGREP) -c "^gcc version (4.[6-9]|[5-9])")
- INTEL_COMPILER = $(shell $(CXX) --version 2>&1 | $(EGREP) -c "\(ICC\)")
- ICC111_OR_LATER = $(shell $(CXX) --version 2>&1 | $(EGREP) -c "\(ICC\) ([2-9][0-9]|1[2-9]|11\.[1-9])")
- GAS210_OR_LATER = $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.[1-9][0-9]|[3-9])")
- GAS217_OR_LATER = $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.1[7-9]|2\.[2-9]|[3-9])")
- GAS219_OR_LATER = $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(EGREP) -c "GNU assembler version (2\.19|2\.[2-9]|[3-9])")
- 
--ifneq ($(GCC42_OR_LATER),0)
-+ifneq ($(GCC46_OR_LATER),0)
- ifeq ($(UNAME),Darwin)
- CXXFLAGS += -arch x86_64 -arch i386
--else
--CXXFLAGS += -march=native
- endif
- endif
- 
diff --git a/security/crypto++/patches/patch-config.h b/security/crypto++/patches/patch-config.h
deleted file mode 100644
index 6b8a857e9ee..00000000000
--- a/security/crypto++/patches/patch-config.h
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-config.h,v 1.1 2013/08/24 08:16:12 ryoon Exp $
-
---- config.h.orig	2013-02-20 06:30:54.000000000 +0000
-+++ config.h
-@@ -290,12 +290,6 @@ NAMESPACE_END
- 	#define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0
- #endif
- 
--#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
--	#define CRYPTOPP_BOOL_ALIGN16_ENABLED 1
--#else
--	#define CRYPTOPP_BOOL_ALIGN16_ENABLED 0
--#endif
--
- // how to allocate 16-byte aligned memory (for SSE2)
- #if defined(CRYPTOPP_MSVC6PP_OR_LATER)
- 	#define CRYPTOPP_MM_MALLOC_AVAILABLE
-@@ -307,6 +301,13 @@ NAMESPACE_END
- 	#define CRYPTOPP_NO_ALIGNED_ALLOC
- #endif
- 
-+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) || !defined(CPRYPTO_NO_ALIGNED_ALLOC)
-+	#define CRYPTOPP_BOOL_ALIGN16_ENABLED 1
-+#else
-+	#define CRYPTOPP_BOOL_ALIGN16_ENABLED 0
-+#endif
-+
-+
- // how to disable inlining
- #if defined(_MSC_VER) && _MSC_VER >= 1300
- #	define CRYPTOPP_NOINLINE_DOTDOTDOT