From 7e02a6b17daa2d1423d13766d0e7ff8c140d86abd859d6162ef8a0cd334c067d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Sat, 4 May 2024 00:37:38 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main sha1collisiondetection revision 0f0325108c83de54507f54d951e6cd82 --- .gitattributes | 23 ++++ sha1collisiondetection-1.0.3-io-fixes.patch | 74 +++++++++++++ sha1collisiondetection-1.0.3.tar.gz | 3 + sha1collisiondetection-endian_detection.patch | 10 ++ sha1collisiondetection.changes | 41 +++++++ sha1collisiondetection.spec | 101 ++++++++++++++++++ 6 files changed, 252 insertions(+) create mode 100644 .gitattributes create mode 100644 sha1collisiondetection-1.0.3-io-fixes.patch create mode 100644 sha1collisiondetection-1.0.3.tar.gz create mode 100644 sha1collisiondetection-endian_detection.patch create mode 100644 sha1collisiondetection.changes create mode 100644 sha1collisiondetection.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/sha1collisiondetection-1.0.3-io-fixes.patch b/sha1collisiondetection-1.0.3-io-fixes.patch new file mode 100644 index 0000000..4553ee0 --- /dev/null +++ b/sha1collisiondetection-1.0.3-io-fixes.patch @@ -0,0 +1,74 @@ +From: Andreas Stieger +Date: Mon, 8 May 2017 21:51:28 +0200 +Subject: some IO improvements +References: https://github.com/cr-marcstevens/sha1collisiondetection/pull/28 + +--- + src/main.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +Index: sha1collisiondetection-stable-v1.0.3/src/main.c +=================================================================== +--- sha1collisiondetection-stable-v1.0.3.orig/src/main.c 2017-05-22 18:17:51.339889238 +0200 ++++ sha1collisiondetection-stable-v1.0.3/src/main.c 2017-05-22 18:18:14.471988044 +0200 +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + #include + + #include "sha1.h" +@@ -23,7 +24,7 @@ int main(int argc, char** argv) + + if (argc < 2) + { +- printf("Usage: %s \n", basename(argv[0])); ++ fprintf(stderr, "Usage: %s \n", basename(argv[0])); + return 1; + } + +@@ -37,10 +38,14 @@ int main(int argc, char** argv) + SHA1DCSetDetectReducedRoundCollision(&ctx2, 1); + } + +- fd = fopen(argv[i], "rb"); ++ if(!strcmp(argv[i],"-")) { ++ fd = stdin; ++ } else { ++ fd = fopen(argv[i], "rb"); ++ } + if (fd == NULL) + { +- printf("cannot open file: %s\n", argv[i]); ++ fprintf(stderr, "cannot open file: %s: %s\n", argv[i], strerror(errno)); + return 1; + } + +@@ -53,12 +58,12 @@ int main(int argc, char** argv) + } + if (ferror(fd)) + { +- printf("error while reading file: %s\n", argv[i]); ++ fprintf(stderr, "error while reading file: %s: %s\n", argv[i], strerror(errno)); + return 1; + } + if (!feof(fd)) + { +- printf("not end of file?: %s\n",argv[i]); ++ fprintf(stderr, "not end of file?: %s: %s\n", argv[i], strerror(errno)); + return 1; + } + +Index: sha1collisiondetection-stable-v1.0.3/README.md +=================================================================== +--- sha1collisiondetection-stable-v1.0.3.orig/README.md 2017-05-22 18:17:51.339889238 +0200 ++++ sha1collisiondetection-stable-v1.0.3/README.md 2017-05-22 18:17:54.539902741 +0200 +@@ -51,6 +51,7 @@ Examples: + ``` + bin/sha1dcsum test/sha1_reducedsha_coll.bin test/shattered-1.pdf + bin/sha1dcsum_partialcoll test/sha1reducedsha_coll.bin test/shattered-1.pdf ++pipe_data | bin/sha1dcsum - + ``` + + ## Library usage diff --git a/sha1collisiondetection-1.0.3.tar.gz b/sha1collisiondetection-1.0.3.tar.gz new file mode 100644 index 0000000..0b4daff --- /dev/null +++ b/sha1collisiondetection-1.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:77a1c2b2a4fbe4f78de288fa4831ca63938c3cb84a73a92c79f436238bd9ac07 +size 780306 diff --git a/sha1collisiondetection-endian_detection.patch b/sha1collisiondetection-endian_detection.patch new file mode 100644 index 0000000..7d47233 --- /dev/null +++ b/sha1collisiondetection-endian_detection.patch @@ -0,0 +1,10 @@ +--- lib/sha1.c ++++ lib/sha1.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + + #include "sha1.h" + #include "ubc_check.h" diff --git a/sha1collisiondetection.changes b/sha1collisiondetection.changes new file mode 100644 index 0000000..d83d332 --- /dev/null +++ b/sha1collisiondetection.changes @@ -0,0 +1,41 @@ +------------------------------------------------------------------- +Wed Jan 31 17:48:45 CET 2018 - ro@suse.de + +- cleaner solution for the endian detection issue: + include the proper header file + +------------------------------------------------------------------- +Wed Jan 31 17:33:48 CET 2018 - ro@suse.de + +- add sha1collisiondetection-endian_detection.patch + fix detection of endianness at compile time + +------------------------------------------------------------------- +Fri Aug 4 15:18:33 CEST 2017 - tiwai@suse.de + +- Fix include header path to /usr/include/sha1dc/sha1.h as supposed + by upstream installation +- Remove conflicts with libmd-devel, as we changed the header path + +------------------------------------------------------------------- +Mon May 22 16:20:43 UTC 2017 - astieger@suse.com + +- better printing of errors, and allow hashing stdin + add sha1collisiondetection-1.0.3-io-fixes.patch + +------------------------------------------------------------------- +Mon Apr 10 13:29:43 UTC 2017 - astieger@suse.com + +- update to 1.0.3: + * SIMD code removed + * performance improvements +- package library +- conflicts with libmd-devel + +------------------------------------------------------------------- +Tue Feb 28 20:59:56 UTC 2017 - astieger@suse.com + +- CLI to check for SHA-1 collisions bsc#1026646 - CVE-2005-4900 +- initial package (cli only) + + diff --git a/sha1collisiondetection.spec b/sha1collisiondetection.spec new file mode 100644 index 0000000..6c6177a --- /dev/null +++ b/sha1collisiondetection.spec @@ -0,0 +1,101 @@ +# +# spec file for package sha1collisiondetection +# +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 Andreas Stieger +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + +Name: sha1collisiondetection +Version: 1.0.3 +Release: 0 +Summary: Detection of SHA-1 collisions +License: MIT +Group: Productivity/Security +Url: https://github.com/cr-marcstevens/sha1collisiondetection +Source: https://github.com/cr-marcstevens/sha1collisiondetection/archive/stable-v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0: sha1collisiondetection-1.0.3-io-fixes.patch +Patch1: sha1collisiondetection-endian_detection.patch +BuildRequires: libtool +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +This command line tool was designed as near drop-in replacements for other sha1sum +implementations. It will compute the SHA-1 hash of any given file and additionally +will detect cryptanalytic collision attacks against SHA-1 present in each file. +It is very fast and takes less than twice the amount of time as regular SHA-1. + +%package -n libsha1detectcoll1 +Summary: Library that can detect SHA-1 collisions +Group: System/Libraries + +%description -n libsha1detectcoll1 +This library was designed as near drop-in replacements for other sha1sum +implementations. It will compute the SHA-1 hash of any given file and additionally +will detect cryptanalytic collision attacks against SHA-1 present in each file. +It is very fast and takes less than twice the amount of time as regular SHA-1. + +%package -n libsha1detectcoll-devel +Summary: Development files for +Group: Development/Libraries/C and C++ +Requires: libsha1detectcoll1 = %{version} + +%description -n libsha1detectcoll-devel +This library was designed as near drop-in replacements for other sha1sum +implementations. It will compute the SHA-1 hash of any given file and additionally +will detect cryptanalytic collision attacks against SHA-1 present in each file. +It is very fast and takes less than twice the amount of time as regular SHA-1. + +%prep +%setup -q -n %{name}-stable-v%{version} +%patch0 -p1 +%patch1 + +%build +export TARGETCFLAGS="%{optflags}" +make %{?_smp_mflags} PREFIX=%{_prefix} + +%install +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_libdir} +%make_install \ + PREFIX=%{buildroot}%{_prefix} \ + LIBDIR=%{buildroot}%{_libdir} +find %{buildroot} -type f -name "*.la" -delete -print +find %{buildroot} -type f -name "*.a" -delete -print +chmod -x %{buildroot}%{_includedir}/sha1dc/sha1.h + +%check +make %{?_smp_mflags} test + +%post -n libsha1detectcoll1 -p /sbin/ldconfig +%postun -n libsha1detectcoll1 -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%doc LICENSE.txt README.md +%{_bindir}/* + +%files -n libsha1detectcoll1 +%defattr(-,root,root) +%doc LICENSE.txt README.md +%{_libdir}/libsha1detectcoll.so.* + +%files -n libsha1detectcoll-devel +%defattr(-,root,root) +%doc LICENSE.txt README.md +%{_includedir}/sha1dc +%{_libdir}/libsha1detectcoll.so + +%changelog