Accepting request 461023 from home:AndreasStieger

- CLI to check for SHA-1 collisions bsc#1026646 - CVE-2005-4900 OBS-URL: https://build.opensuse.org/request/show/461023 OBS-URL: https://build.opensuse.org/package/show/security/sha1collisiondetection?expand=0&rev=1
2017-03-07 15:35:32 +00:00 · 2017-03-07 15:35:32 +00:00 · bb47d439de
commit bb47d439de
7 changed files with 114 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+<services>
+  <service mode="disabled" name="tar_scm">
+    <param name="url">https://github.com/cr-marcstevens/sha1collisiondetection.git</param>
+    <param name="scm">git</param>
+    <param name="changesgenerate">enable</param>
+    <param name="filename">sha1collisiondetection</param>
+    <param name="versionformat">%cd.%h</param>
+  </service>
+  <service mode="disabled" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service mode="disabled" name="set_version"/>
+</services>
+
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+            <param name="url">https://github.com/cr-marcstevens/sha1collisiondetection.git</param>
+          <param name="changesrevision">ec0ddf3d6041989463a584fe2ca0d241f7248e43</param></service></servicedata>
--- a/sha1collisiondetection-20170228.ec0ddf3.tar.xz
+++ b/sha1collisiondetection-20170228.ec0ddf3.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:943388ca93f85c843e6346801ec4d6cce1c894caccb7a58eae59bf8a33344f74
+size 398424
--- a/sha1collisiondetection.changes
+++ b/sha1collisiondetection.changes
@ -0,0 +1,7 @@
+-------------------------------------------------------------------
+Tue Feb 28 20:59:56 UTC 2017 - astieger@suse.com
+
+- CLI to check for SHA-1 collisions bsc#1026646 - CVE-2005-4900
+- initial package (cli only)
+
+
--- a/sha1collisiondetection.spec
+++ b/sha1collisiondetection.spec
@ -0,0 +1,61 @@
+#
+# spec file for package sha1collisiondetection
+#
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 Andreas Stieger <astieger@suse.com>
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+Name:           sha1collisiondetection
+Version:        20170228.ec0ddf3
+Release:        0
+Summary:        Command line tool to detect SHA-1 collision in a file
+License:        MIT
+Group:          Productivity/Security
+Url:            https://github.com/cr-marcstevens/sha1collisiondetection
+Source:         %{name}-%{version}.tar.xz
+BuildRequires:  fdupes
+BuildRequires:  libtool
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+This command line tool was designed as near drop-in replacements for other sha1sum
+implementations. It will compute the SHA-1 hash of any given file and additionally
+will detect cryptanalytic collision attacks against SHA-1 present in each file.
+It is very fast and takes less than twice the amount of time as regular SHA-1.
+
+%prep
+%setup -q
+
+%build
+make %{?_smp_mflags} PREFIX=%{_prefix}
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_libdir}
+make install \
+	BINDIR=%{buildroot}%{_bindir} \
+	LIBDIR=%{buildroot}%{_libdir}
+find %{buildroot} -type f -name "*.la" -delete -print
+%fdupes %{buildroot}%{_bindir}
+
+%check
+make %{?_smp_mflags} test
+
+%files
+%defattr(-,root,root)
+%doc LICENSE.txt README.md
+%{_bindir}/*
+
+%changelog