rpm/libtomcrypt
SHA256
1
0
Fork 0
forked from pool/libtomcrypt
Code Pull Requests Activity

Accepting request 620425 from home:deadpoint:branches:security

Browse Source 
- v1.18.2
  - Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
  - Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
  - Fix two-key 3DES (PR #390)
  - Fix accelerated CTR mode (PR #359)
  - Fix Fortuna PRNG (PR #363)
  - Fix compilation on platforms where cc doesn't point to gcc (PR #382)
  - Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
  - Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
  - Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
  - Minor fixes (PR's #350 #351 #375 #377 #378 #379)
` 
- Added libtommath-devl build requirement
- Added baselibs.conf
- v1.18.1
  - Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
  - Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
  - Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
  - Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
  - Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335)
  - Fix possible undefined behavior with LTC_PTHREAD (PR #337)
  - Fix some DER bugs (PR #339)
  - Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
  - Fix installation procedure (Issue #340) 
- udpate to version 1.18.0
- removed up upstream patches

OBS-URL: https://build.opensuse.org/request/show/620425
OBS-URL: https://build.opensuse.org/package/show/security/libtomcrypt?expand=0&rev=12
This commit is contained in:
Marcus Meissner 2018-07-12 12:33:03 +00:00 committed by Git OBS Bridge
parent 6e3dab8ec6
commit ac6baa1213
8 changed files with 60 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libtomcrypt1

3
crypt-1.17.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e33b47d77a495091c8703175a25c8228aff043140b2554c08a3c3cd71f79d116
size 1599215

7
crypt-1.17.tar.bz2.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
iD8DBQBGRdNFsP+tEsHHY0ARAjirAJ97qw0H+q4JIvLielG2F7787o2ZGgCfW7jb
Fa28B7W8juDRggQPH+gdoZY=
=NyyO
-----END PGP SIGNATURE-----

28
libtomcrypt-makefile.shared.patch
View File

@ -1,28 +0,0 @@
diff -Naurh makefile.shared libtomcrypt-1.17/makefile.shared
--- makefile.shared 2009-05-04 09:24:31.000000000 -0300
+++ libtomcrypt-1.17/makefile.shared 2009-05-04 09:25:06.000000000 -0300
@@ -244,7 +244,7 @@
library: $(LIBNAME)
testprof/$(LIBTEST):
- cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared
+ cd testprof ; CFLAGS="$(CFLAGS)" VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared
objs: $(OBJECTS)
@@ -252,11 +252,11 @@
libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
install: $(LIBNAME)
- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
- cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install
+ install -d $(DESTDIR)$(LIBPATH)
+ cd testprof ; CFLAGS="$(CFLAGS)" VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install
libtool --silent --mode=install install -c libtomcrypt.la $(DESTDIR)$(LIBPATH)/libtomcrypt.la
- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
- install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
+ install -d $(DESTDIR)$(INCPATH)
+ install $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule makes the hash program included with libtomcrypt
hashsum: library

39
libtomcrypt.changes
View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Mon Jul 2 23:47:09 UTC 2018 - darin@darins.net
- v1.18.2
- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
- Fix two-key 3DES (PR #390)
- Fix accelerated CTR mode (PR #359)
- Fix Fortuna PRNG (PR #363)
- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
- Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
- Minor fixes (PR's #350 #351 #375 #377 #378 #379)
`
- Added libtommath-devl build requirement
- Added baselibs.conf
-------------------------------------------------------------------
Fri Jun 22 11:47:21 UTC 2018 - darin@darins.net
- v1.18.1
- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
- Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
- Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
- Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
- Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335)
- Fix possible undefined behavior with LTC_PTHREAD (PR #337)
- Fix some DER bugs (PR #339)
- Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
- Fix installation procedure (Issue #340)
-------------------------------------------------------------------
Wed Jul 12 17:15:54 UTC 2017 - darin@darins.net
- udpate to version 1.18.0
- removed up upstream patches
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 29 13:08:06 UTC 2017 - bwiedemann@suse.com Mon May 29 13:08:06 UTC 2017 - bwiedemann@suse.com

45
libtomcrypt.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package libtomcrypt # spec file for package libtomcrypt
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2009 Exata T.I., Maringa, PR, Brasil. # Copyright (c) 2009 Exata T.I., Maringa, PR, Brasil.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
@ -17,25 +17,22 @@
# #
%define soname libtomcrypt0 %define soname libtomcrypt1
Name: libtomcrypt Name: libtomcrypt
Version: 1.17 Version: 1.18.2
Release: 0 Release: 0
Summary: Cryptographic Toolkit Written in Portable C Summary: Cryptographic Toolkit Written in Portable C
License: SUSE-Public-Domain License: SUSE-Public-Domain
Group: System/Libraries Group: System/Libraries
Url: http://libtom.org Url: http://libtom.org
Source0: https://github.com/libtom/libtomcrypt/releases/download/%{version}/crypt-%{version}.tar.bz2 Source0: https://github.com/libtom/libtomcrypt/archive/v%{version}.tar.gz
Source1: https://github.com/libtom/libtomcrypt/releases/download/%{version}/crypt-%{version}.tar.bz2.asc #Source2: %{name}.keyring
Source2: %{name}.keyring
Source3: %{name}.changes Source3: %{name}.changes
# PATCH-FIX-UPSTREAM libtomcrypt-makefile.shared.patch Source4: baselibs.conf
Patch0: %{name}-makefile.shared.patch BuildRequires: libtommath-devel
# PATCH-FIX-UPSTREAM https://github.com/libtom/libtomcrypt/pull/222
Patch1: reproducible.patch
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: texlive-latex BuildRequires: texlive-latex
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic LibTomCrypt is a fairly comprehensive, modular and portable cryptographic
@ -43,7 +40,6 @@ toolkit that provides developers with a vast array of well known published
block ciphers, one-way hash functions, chaining modes, pseudo-random number block ciphers, one-way hash functions, chaining modes, pseudo-random number
generators, public key cryptography and a plethora of other routines. generators, public key cryptography and a plethora of other routines.
%package -n %{soname} %package -n %{soname}
Summary: Libraries for %{name} Summary: Libraries for %{name}
Group: System/Libraries Group: System/Libraries
@ -69,7 +65,6 @@ numbergenerators, public key cryptography and a plethora of other routines.
This package contains headers and other development files. This package contains headers and other development files.
%package examples %package examples
Summary: Example Files for LibTomCrypt Summary: Example Files for LibTomCrypt
Group: Development/Libraries/Other Group: Development/Libraries/Other
@ -84,43 +79,37 @@ numbergenerators, public key cryptography and a plethora of other routines.
This package contains example *.c files showing how to use TomCrypt library. This package contains example *.c files showing how to use TomCrypt library.
%prep %prep
%setup -q %setup -q -n %{name}-%{version}
%patch0 -p1
%patch1 -p1
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE3}")" modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE3}")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\"" TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' | xargs sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" find . -name '*.[ch]' | xargs sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g"
%build %build
export CFLAGS="%{optflags}" export CFLAGS="%{optflags} -DLTM_DESC -DUSE_LTM"
make %{?_smp_mflags} LIBPATH=%{_libdir} -f makefile.shared make %{?_smp_mflags} LIBPATH=%{_libdir} EXTRALIBS="-ltommath" -f makefile.shared
%install %install
make DESTDIR=%{buildroot} LIBPATH=%{_libdir} NODOCS=0 -f makefile.shared install make DESTDIR=%{buildroot} LIBPATH=%{_libdir} NODOCS=0 PREFIX=%{_prefix} -f makefile.shared install
# Remove static libraries (It's upstream bug in makefile.shared I think.) # Remove static libraries (It's upstream bug in makefile.shared I think.)
rm %{buildroot}%{_libdir}/*.a rm %{buildroot}%{_libdir}/*.a
find %{buildroot} -type f -name "*.la" -delete -print find %{buildroot} -type f -name "*.la" -delete -print
%check
%post -n %{soname} -p /sbin/ldconfig %post -n %{soname} -p /sbin/ldconfig
%postun -n %{soname} -p /sbin/ldconfig %postun -n %{soname} -p /sbin/ldconfig
%files -n %{soname} %files -n %{soname}
%defattr(-,root,root) %{_libdir}/libtomcrypt.so.*
%{_libdir}/libtomcrypt.so.0 %doc LICENSE README.md
%{_libdir}/libtomcrypt.so.0.0.117
%{_libdir}/libtomcrypt_prof.so.0
%{_libdir}/libtomcrypt_prof.so.0.0.117
%doc LICENSE README TODO doc/crypt.pdf
%files devel %files devel
%defattr(-,root,root)
%attr(0644,root,root) %{_includedir}/tomcrypt*.h %attr(0644,root,root) %{_includedir}/tomcrypt*.h
%{_libdir}/libtomcrypt.so %{_libdir}/libtomcrypt.so
%{_libdir}/libtomcrypt_prof.so %{_libdir}/pkgconfig/libtomcrypt.pc
%files examples %files examples
%defattr(-,root,root)
%doc demos %doc demos
%changelog %changelog

36
reproducible.patch
View File

@ -1,36 +0,0 @@
https://github.com/libtom/libtomcrypt/pull/222
sort input files
when building packages (e.g. for openSUSE Linux)
(random) filesystem order of input files
influences ordering of functions in the output,
thus without the patch, builds (in disposable VMs) would differ.
See https://reproducible-builds.org/ for why this matters.
Index: libtomcrypt-1.17/makefile.shared
===================================================================
--- libtomcrypt-1.17.orig/makefile.shared
+++ libtomcrypt-1.17/makefile.shared
@@ -249,7 +249,7 @@ testprof/$(LIBTEST):
objs: $(OBJECTS)
$(LIBNAME): $(OBJECTS) testprof/$(LIBTEST)
- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
+ libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | sort | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
install: $(LIBNAME)
install -d $(DESTDIR)$(LIBPATH)
Index: libtomcrypt-1.17/testprof/makefile.shared
===================================================================
--- libtomcrypt-1.17.orig/testprof/makefile.shared
+++ libtomcrypt-1.17/testprof/makefile.shared
@@ -18,7 +18,7 @@ endif
default: $(LIBTEST)
$(LIBTEST): $(OBJECTS)
- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION)
+ libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | sort | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION)
install: $(LIBTEST)
libtool --silent --mode=install install -c $(LIBTEST) $(DESTDIR)$(LIBPATH)/$(LIBTEST)

3
v1.18.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d870fad1e31cb787c85161a8894abb9d7283c2a654a9d3d4c6d45a1eba59952c
size 2304218