Sync from SUSE:SLFO:Main sha1collisiondetection revision 0f0325108c83de54507f54d951e6cd82

2024-05-04 00:37:38 +02:00 · 2024-05-04 00:37:38 +02:00 · 7e02a6b17d
commit 7e02a6b17d
6 changed files with 252 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/sha1collisiondetection-1.0.3-io-fixes.patch
+++ b/sha1collisiondetection-1.0.3-io-fixes.patch
@ -0,0 +1,74 @@
+From: Andreas Stieger <astieger@suse.com>
+Date: Mon, 8 May 2017 21:51:28 +0200
+Subject: some IO improvements
+References: https://github.com/cr-marcstevens/sha1collisiondetection/pull/28
+
+---
+ src/main.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+Index: sha1collisiondetection-stable-v1.0.3/src/main.c
+===================================================================
+--- sha1collisiondetection-stable-v1.0.3.orig/src/main.c	2017-05-22 18:17:51.339889238 +0200
+++ sha1collisiondetection-stable-v1.0.3/src/main.c	2017-05-22 18:18:14.471988044 +0200
+@@ -8,6 +8,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+#include <errno.h>
+ #include <libgen.h>
+ 
+ #include "sha1.h"
+@@ -23,7 +24,7 @@ int main(int argc, char** argv)
+ 
+ 	if (argc < 2)
+ 	{
+-		printf("Usage: %s <file>\n", basename(argv[0]));
+		fprintf(stderr, "Usage: %s <file>\n", basename(argv[0]));
+ 		return 1;
+ 	}
+ 
+@@ -37,10 +38,14 @@ int main(int argc, char** argv)
+ 			SHA1DCSetDetectReducedRoundCollision(&ctx2, 1);
+ 		}
+ 
+-		fd = fopen(argv[i], "rb");
+		if(!strcmp(argv[i],"-")) {
+			fd = stdin;
+		} else {
+			fd = fopen(argv[i], "rb");
+		}
+ 		if (fd == NULL)
+ 		{
+-			printf("cannot open file: %s\n", argv[i]);
+			fprintf(stderr, "cannot open file: %s: %s\n", argv[i], strerror(errno));
+ 			return 1;
+ 		}
+ 
+@@ -53,12 +58,12 @@ int main(int argc, char** argv)
+ 		}
+ 		if (ferror(fd))
+ 		{
+-			printf("error while reading file: %s\n", argv[i]);
+			fprintf(stderr, "error while reading file: %s: %s\n", argv[i], strerror(errno));
+ 			return 1;
+ 		}
+ 		if (!feof(fd))
+ 		{
+-			printf("not end of file?: %s\n",argv[i]);
+			fprintf(stderr, "not end of file?: %s: %s\n", argv[i], strerror(errno));
+ 			return 1;
+ 		}
+ 
+Index: sha1collisiondetection-stable-v1.0.3/README.md
+===================================================================
+--- sha1collisiondetection-stable-v1.0.3.orig/README.md	2017-05-22 18:17:51.339889238 +0200
+++ sha1collisiondetection-stable-v1.0.3/README.md	2017-05-22 18:17:54.539902741 +0200
+@@ -51,6 +51,7 @@ Examples:
+ ```
+ bin/sha1dcsum test/sha1_reducedsha_coll.bin test/shattered-1.pdf
+ bin/sha1dcsum_partialcoll test/sha1reducedsha_coll.bin test/shattered-1.pdf
+pipe_data | bin/sha1dcsum -
+ ```
+ 
+ ## Library usage
--- a/sha1collisiondetection-1.0.3.tar.gz
+++ b/sha1collisiondetection-1.0.3.tar.gz
--- a/sha1collisiondetection-endian_detection.patch
+++ b/sha1collisiondetection-endian_detection.patch
@ -0,0 +1,10 @@
+--- lib/sha1.c
+++ lib/sha1.c
+@@ -9,6 +9,7 @@
+ #include <memory.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+#include <endian.h>
+ 
+ #include "sha1.h"
+ #include "ubc_check.h"
--- a/sha1collisiondetection.changes
+++ b/sha1collisiondetection.changes
@ -0,0 +1,41 @@
+-------------------------------------------------------------------
+Wed Jan 31 17:48:45 CET 2018 - ro@suse.de
+
+- cleaner solution for the endian detection issue:
+  include the proper header file 
+
+-------------------------------------------------------------------
+Wed Jan 31 17:33:48 CET 2018 - ro@suse.de
+
+- add sha1collisiondetection-endian_detection.patch
+  fix detection of endianness at compile time 
+
+-------------------------------------------------------------------
+Fri Aug  4 15:18:33 CEST 2017 - tiwai@suse.de
+
+- Fix include header path to /usr/include/sha1dc/sha1.h as supposed
+  by upstream installation
+- Remove conflicts with libmd-devel, as we changed the header path
+
+-------------------------------------------------------------------
+Mon May 22 16:20:43 UTC 2017 - astieger@suse.com
+
+- better printing of errors, and allow hashing stdin
+  add sha1collisiondetection-1.0.3-io-fixes.patch
+
+-------------------------------------------------------------------
+Mon Apr 10 13:29:43 UTC 2017 - astieger@suse.com
+
+- update to 1.0.3:
+  * SIMD code removed
+  * performance improvements
+- package library
+- conflicts with libmd-devel
+
+-------------------------------------------------------------------
+Tue Feb 28 20:59:56 UTC 2017 - astieger@suse.com
+
+- CLI to check for SHA-1 collisions bsc#1026646 - CVE-2005-4900
+- initial package (cli only)
+
+
--- a/sha1collisiondetection.spec
+++ b/sha1collisiondetection.spec
@ -0,0 +1,101 @@
+#
+# spec file for package sha1collisiondetection
+#
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 Andreas Stieger <astieger@suse.com>
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+Name:           sha1collisiondetection
+Version:        1.0.3
+Release:        0
+Summary:        Detection of SHA-1 collisions
+License:        MIT
+Group:          Productivity/Security
+Url:            https://github.com/cr-marcstevens/sha1collisiondetection
+Source:         https://github.com/cr-marcstevens/sha1collisiondetection/archive/stable-v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         sha1collisiondetection-1.0.3-io-fixes.patch
+Patch1:         sha1collisiondetection-endian_detection.patch
+BuildRequires:  libtool
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+This command line tool was designed as near drop-in replacements for other sha1sum
+implementations. It will compute the SHA-1 hash of any given file and additionally
+will detect cryptanalytic collision attacks against SHA-1 present in each file.
+It is very fast and takes less than twice the amount of time as regular SHA-1.
+
+%package -n libsha1detectcoll1
+Summary:        Library that can detect SHA-1 collisions
+Group:          System/Libraries
+
+%description -n libsha1detectcoll1
+This library was designed as near drop-in replacements for other sha1sum
+implementations. It will compute the SHA-1 hash of any given file and additionally
+will detect cryptanalytic collision attacks against SHA-1 present in each file.
+It is very fast and takes less than twice the amount of time as regular SHA-1.
+
+%package -n libsha1detectcoll-devel
+Summary:        Development files for
+Group:          Development/Libraries/C and C++
+Requires:       libsha1detectcoll1 = %{version}
+
+%description -n libsha1detectcoll-devel
+This library was designed as near drop-in replacements for other sha1sum
+implementations. It will compute the SHA-1 hash of any given file and additionally
+will detect cryptanalytic collision attacks against SHA-1 present in each file.
+It is very fast and takes less than twice the amount of time as regular SHA-1.
+
+%prep
+%setup -q -n %{name}-stable-v%{version}
+%patch0 -p1
+%patch1
+
+%build
+export TARGETCFLAGS="%{optflags}"
+make %{?_smp_mflags} PREFIX=%{_prefix}
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_libdir}
+%make_install \
+	PREFIX=%{buildroot}%{_prefix} \
+	LIBDIR=%{buildroot}%{_libdir}
+find %{buildroot} -type f -name "*.la" -delete -print
+find %{buildroot} -type f -name "*.a" -delete -print
+chmod -x %{buildroot}%{_includedir}/sha1dc/sha1.h
+
+%check
+make %{?_smp_mflags} test
+
+%post   -n libsha1detectcoll1 -p /sbin/ldconfig
+%postun -n libsha1detectcoll1 -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%doc LICENSE.txt README.md
+%{_bindir}/*
+
+%files -n libsha1detectcoll1
+%defattr(-,root,root)
+%doc LICENSE.txt README.md
+%{_libdir}/libsha1detectcoll.so.*
+
+%files -n libsha1detectcoll-devel
+%defattr(-,root,root)
+%doc LICENSE.txt README.md
+%{_includedir}/sha1dc
+%{_libdir}/libsha1detectcoll.so
+
+%changelog