From ac6baa121395b911ce96f680ab352cbb43f921a38592ec94a652e420042f9892 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 12 Jul 2018 12:33:03 +0000 Subject: [PATCH] Accepting request 620425 from home:deadpoint:branches:security - v1.18.2 - Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408) - Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373) - Fix two-key 3DES (PR #390) - Fix accelerated CTR mode (PR #359) - Fix Fortuna PRNG (PR #363) - Fix compilation on platforms where cc doesn't point to gcc (PR #382) - Fix using the wrong environment variable LT instead of LIBTOOL (PR #392) - Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390) - Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414) - Minor fixes (PR's #350 #351 #375 #377 #378 #379) ` - Added libtommath-devl build requirement - Added baselibs.conf - v1.18.1 - Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329) - Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327) - Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326) - Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316) - Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335) - Fix possible undefined behavior with LTC_PTHREAD (PR #337) - Fix some DER bugs (PR #339) - Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086) - Fix installation procedure (Issue #340) - udpate to version 1.18.0 - removed up upstream patches OBS-URL: https://build.opensuse.org/request/show/620425 OBS-URL: https://build.opensuse.org/package/show/security/libtomcrypt?expand=0&rev=12 --- baselibs.conf | 1 + crypt-1.17.tar.bz2 | 3 --- crypt-1.17.tar.bz2.asc | 7 ----- libtomcrypt-makefile.shared.patch | 28 ------------------- libtomcrypt.changes | 39 +++++++++++++++++++++++++++ libtomcrypt.spec | 45 ++++++++++++------------------- reproducible.patch | 36 ------------------------- v1.18.2.tar.gz | 3 +++ 8 files changed, 60 insertions(+), 102 deletions(-) create mode 100644 baselibs.conf delete mode 100644 crypt-1.17.tar.bz2 delete mode 100644 crypt-1.17.tar.bz2.asc delete mode 100644 libtomcrypt-makefile.shared.patch delete mode 100644 reproducible.patch create mode 100644 v1.18.2.tar.gz diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..2b1f3d1 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libtomcrypt1 diff --git a/crypt-1.17.tar.bz2 b/crypt-1.17.tar.bz2 deleted file mode 100644 index 220306f..0000000 --- a/crypt-1.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e33b47d77a495091c8703175a25c8228aff043140b2554c08a3c3cd71f79d116 -size 1599215 diff --git a/crypt-1.17.tar.bz2.asc b/crypt-1.17.tar.bz2.asc deleted file mode 100644 index 9b8ad83..0000000 --- a/crypt-1.17.tar.bz2.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.4 (GNU/Linux) - -iD8DBQBGRdNFsP+tEsHHY0ARAjirAJ97qw0H+q4JIvLielG2F7787o2ZGgCfW7jb -Fa28B7W8juDRggQPH+gdoZY= -=NyyO ------END PGP SIGNATURE----- diff --git a/libtomcrypt-makefile.shared.patch b/libtomcrypt-makefile.shared.patch deleted file mode 100644 index 0535b13..0000000 --- a/libtomcrypt-makefile.shared.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -Naurh makefile.shared libtomcrypt-1.17/makefile.shared ---- makefile.shared 2009-05-04 09:24:31.000000000 -0300 -+++ libtomcrypt-1.17/makefile.shared 2009-05-04 09:25:06.000000000 -0300 -@@ -244,7 +244,7 @@ - library: $(LIBNAME) - - testprof/$(LIBTEST): -- cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared -+ cd testprof ; CFLAGS="$(CFLAGS)" VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared - - objs: $(OBJECTS) - -@@ -252,11 +252,11 @@ - libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) - - install: $(LIBNAME) -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH) -- cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install -+ install -d $(DESTDIR)$(LIBPATH) -+ cd testprof ; CFLAGS="$(CFLAGS)" VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install - libtool --silent --mode=install install -c libtomcrypt.la $(DESTDIR)$(LIBPATH)/libtomcrypt.la -- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH) -- install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH) -+ install -d $(DESTDIR)$(INCPATH) -+ install $(HEADERS) $(DESTDIR)$(INCPATH) - - #This rule makes the hash program included with libtomcrypt - hashsum: library diff --git a/libtomcrypt.changes b/libtomcrypt.changes index c713e71..9338f44 100644 --- a/libtomcrypt.changes +++ b/libtomcrypt.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Mon Jul 2 23:47:09 UTC 2018 - darin@darins.net + +- v1.18.2 + - Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408) + - Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373) + - Fix two-key 3DES (PR #390) + - Fix accelerated CTR mode (PR #359) + - Fix Fortuna PRNG (PR #363) + - Fix compilation on platforms where cc doesn't point to gcc (PR #382) + - Fix using the wrong environment variable LT instead of LIBTOOL (PR #392) + - Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390) + - Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414) + - Minor fixes (PR's #350 #351 #375 #377 #378 #379) +` +- Added libtommath-devl build requirement +- Added baselibs.conf + +------------------------------------------------------------------- +Fri Jun 22 11:47:21 UTC 2018 - darin@darins.net + +- v1.18.1 + - Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329) + - Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327) + - Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326) + - Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316) + - Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335) + - Fix possible undefined behavior with LTC_PTHREAD (PR #337) + - Fix some DER bugs (PR #339) + - Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086) + - Fix installation procedure (Issue #340) + +------------------------------------------------------------------- +Wed Jul 12 17:15:54 UTC 2017 - darin@darins.net + +- udpate to version 1.18.0 +- removed up upstream patches + + ------------------------------------------------------------------- Mon May 29 13:08:06 UTC 2017 - bwiedemann@suse.com diff --git a/libtomcrypt.spec b/libtomcrypt.spec index 3cc6ec9..c21190a 100644 --- a/libtomcrypt.spec +++ b/libtomcrypt.spec @@ -1,7 +1,7 @@ # # spec file for package libtomcrypt # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2009 Exata T.I., Maringa, PR, Brasil. # # All modifications and additions to the file contributed by third parties @@ -17,25 +17,22 @@ # -%define soname libtomcrypt0 +%define soname libtomcrypt1 Name: libtomcrypt -Version: 1.17 +Version: 1.18.2 Release: 0 Summary: Cryptographic Toolkit Written in Portable C License: SUSE-Public-Domain Group: System/Libraries Url: http://libtom.org -Source0: https://github.com/libtom/libtomcrypt/releases/download/%{version}/crypt-%{version}.tar.bz2 -Source1: https://github.com/libtom/libtomcrypt/releases/download/%{version}/crypt-%{version}.tar.bz2.asc -Source2: %{name}.keyring +Source0: https://github.com/libtom/libtomcrypt/archive/v%{version}.tar.gz +#Source2: %{name}.keyring Source3: %{name}.changes -# PATCH-FIX-UPSTREAM libtomcrypt-makefile.shared.patch -Patch0: %{name}-makefile.shared.patch -# PATCH-FIX-UPSTREAM https://github.com/libtom/libtomcrypt/pull/222 -Patch1: reproducible.patch +Source4: baselibs.conf +BuildRequires: libtommath-devel BuildRequires: libtool +BuildRequires: pkgconfig BuildRequires: texlive-latex -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description LibTomCrypt is a fairly comprehensive, modular and portable cryptographic @@ -43,7 +40,6 @@ toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. - %package -n %{soname} Summary: Libraries for %{name} Group: System/Libraries @@ -69,7 +65,6 @@ numbergenerators, public key cryptography and a plethora of other routines. This package contains headers and other development files. - %package examples Summary: Example Files for LibTomCrypt Group: Development/Libraries/Other @@ -84,43 +79,37 @@ numbergenerators, public key cryptography and a plethora of other routines. This package contains example *.c files showing how to use TomCrypt library. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 +%setup -q -n %{name}-%{version} modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE3}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' | xargs sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" %build -export CFLAGS="%{optflags}" -make %{?_smp_mflags} LIBPATH=%{_libdir} -f makefile.shared +export CFLAGS="%{optflags} -DLTM_DESC -DUSE_LTM" +make %{?_smp_mflags} LIBPATH=%{_libdir} EXTRALIBS="-ltommath" -f makefile.shared %install -make DESTDIR=%{buildroot} LIBPATH=%{_libdir} NODOCS=0 -f makefile.shared install +make DESTDIR=%{buildroot} LIBPATH=%{_libdir} NODOCS=0 PREFIX=%{_prefix} -f makefile.shared install # Remove static libraries (It's upstream bug in makefile.shared I think.) rm %{buildroot}%{_libdir}/*.a find %{buildroot} -type f -name "*.la" -delete -print +%check + %post -n %{soname} -p /sbin/ldconfig %postun -n %{soname} -p /sbin/ldconfig %files -n %{soname} -%defattr(-,root,root) -%{_libdir}/libtomcrypt.so.0 -%{_libdir}/libtomcrypt.so.0.0.117 -%{_libdir}/libtomcrypt_prof.so.0 -%{_libdir}/libtomcrypt_prof.so.0.0.117 -%doc LICENSE README TODO doc/crypt.pdf +%{_libdir}/libtomcrypt.so.* +%doc LICENSE README.md %files devel -%defattr(-,root,root) %attr(0644,root,root) %{_includedir}/tomcrypt*.h %{_libdir}/libtomcrypt.so -%{_libdir}/libtomcrypt_prof.so +%{_libdir}/pkgconfig/libtomcrypt.pc %files examples -%defattr(-,root,root) %doc demos %changelog diff --git a/reproducible.patch b/reproducible.patch deleted file mode 100644 index b5e4081..0000000 --- a/reproducible.patch +++ /dev/null @@ -1,36 +0,0 @@ -https://github.com/libtom/libtomcrypt/pull/222 -sort input files - -when building packages (e.g. for openSUSE Linux) -(random) filesystem order of input files -influences ordering of functions in the output, -thus without the patch, builds (in disposable VMs) would differ. - -See https://reproducible-builds.org/ for why this matters. - -Index: libtomcrypt-1.17/makefile.shared -=================================================================== ---- libtomcrypt-1.17.orig/makefile.shared -+++ libtomcrypt-1.17/makefile.shared -@@ -249,7 +249,7 @@ testprof/$(LIBTEST): - objs: $(OBJECTS) - - $(LIBNAME): $(OBJECTS) testprof/$(LIBTEST) -- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) -+ libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | sort | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) - - install: $(LIBNAME) - install -d $(DESTDIR)$(LIBPATH) -Index: libtomcrypt-1.17/testprof/makefile.shared -=================================================================== ---- libtomcrypt-1.17.orig/testprof/makefile.shared -+++ libtomcrypt-1.17/testprof/makefile.shared -@@ -18,7 +18,7 @@ endif - default: $(LIBTEST) - - $(LIBTEST): $(OBJECTS) -- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION) -+ libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | sort | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION) - - install: $(LIBTEST) - libtool --silent --mode=install install -c $(LIBTEST) $(DESTDIR)$(LIBPATH)/$(LIBTEST) diff --git a/v1.18.2.tar.gz b/v1.18.2.tar.gz new file mode 100644 index 0000000..9f23f70 --- /dev/null +++ b/v1.18.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d870fad1e31cb787c85161a8894abb9d7283c2a654a9d3d4c6d45a1eba59952c +size 2304218