Compare commits

...

No commits in common. "c9s" and "c8-stream-2.3" have entirely different histories.

18 changed files with 94 additions and 390 deletions

1
.cjose.metadata Normal file
View File

@ -0,0 +1 @@
0dd6efca729f1190f66855523c3920c3f7ddd482 SOURCES/cjose-0.6.1.tar.gz

View File

@ -1 +0,0 @@
1

3
.gitignore vendored
View File

@ -1,2 +1 @@
/cjose-0.5.1.tar.gz
/cjose-0.6.1.tar.gz
SOURCES/cjose-0.6.1.tar.gz

View File

@ -1,53 +0,0 @@
From b339a18aa06c78d64ac33d891d400eac7b86fff3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 17 May 2021 13:30:24 +0200
Subject: [PATCH] Define OPENSSL_API_COMPAT to 0x10101000L
---
src/jwe.c | 2 ++
src/jwk.c | 2 ++
src/jws.c | 2 ++
3 files changed, 6 insertions(+)
diff --git a/src/jwe.c b/src/jwe.c
index 822d408..d6f3149 100644
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -5,6 +5,8 @@
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
+#define OPENSSL_API_COMPAT 0x10101000L
+
#include <cjose/base64.h>
#include <cjose/header.h>
#include <cjose/jwe.h>
diff --git a/src/jwk.c b/src/jwk.c
index 860f0e7..87408e9 100644
--- a/src/jwk.c
+++ b/src/jwk.c
@@ -5,6 +5,8 @@
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
+#define OPENSSL_API_COMPAT 0x10101000L
+
#include "include/jwk_int.h"
#include "include/util_int.h"
diff --git a/src/jws.c b/src/jws.c
index 4e03554..9d682a0 100644
--- a/src/jws.c
+++ b/src/jws.c
@@ -5,6 +5,8 @@
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
+#define OPENSSL_API_COMPAT 0x10101000L
+
#include <cjose/base64.h>
#include <cjose/header.h>
#include <cjose/jws.h>
--
2.31.1

92
SPECS/cjose.spec Normal file
View File

@ -0,0 +1,92 @@
Name: cjose
Version: 0.6.1
Release: 4%{?dist}
Summary: C library implementing the Javascript Object Signing and Encryption (JOSE)
License: MIT
URL: https://github.com/cisco/cjose
Source0: https://github.com/cisco/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: concatkdf.patch
Patch2: 0002-check-cjose_get_alloc.patch
Patch3: 0003-CVE-2023-37464.patch
BuildRequires: gcc
BuildRequires: doxygen
BuildRequires: openssl-devel
BuildRequires: jansson-devel
BuildRequires: check-devel
%description
Implementation of JOSE for C/C++
%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%prep
%autosetup -n %{name}-%{version} -p1
%build
%configure
%make_build
%install
%make_install
find %{buildroot} -name '*.a' -exec rm -f {} ';'
find %{buildroot} -name '*.la' -exec rm -f {} ';'
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%check
make check || (cat test/test-suite.log; exit 1)
%files
%license LICENSE
%doc CHANGELOG.md README.md
%doc /usr/share/doc/cjose
%{_libdir}/*.so.*
%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/cjose.pc
%changelog
* Wed Jul 19 2023 <thalman@redhat.com> - 0.6.1-4
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE
Resolves: rhbz#2223308
* Fri Mar 17 2023 <thalman@redhat.com> - 0.6.1-3
- Random memory override
Resolves: rhbz#2072469
* Thu Aug 2 2018 <jdennis@redhat.com> - 0.6.1-2
- fix concatkdf big endian architecture problem.
Upstream issue #77.
* Wed Aug 1 2018 <jdennis@redhat.com> - 0.6.1-1
- upgrade to latest upstream 0.6.1
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 26 2018 Patrick Uiterwijk <patrick@puiterwijk.org> - 0.5.1-1
- Initial packaging

View File

@ -1,137 +0,0 @@
Name: cjose
Version: 0.6.1
Release: 17%{?dist}
Summary: C library implementing the Javascript Object Signing and Encryption (JOSE)
License: MIT
URL: https://github.com/cisco/cjose
Source0: https://github.com/cisco/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: concatkdf.patch
Patch2: 0001-Define-OPENSSL_API_COMPAT-to-0x10101000L.patch
Patch3: 0002-check-cjose_get_alloc.patch
Patch4: 0003-CVE-2023-37464.patch
BuildRequires: gcc
BuildRequires: doxygen
BuildRequires: openssl-devel
BuildRequires: jansson-devel
BuildRequires: check-devel
BuildRequires: make
%description
Implementation of JOSE for C/C++
%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%prep
%autosetup -n %{name}-%{version} -p1
%build
%configure
%make_build
%install
%make_install
find %{buildroot} -name '*.a' -exec rm -f {} ';'
find %{buildroot} -name '*.la' -exec rm -f {} ';'
%ldconfig_scriptlets
%check
make check || (cat test/test-suite.log; exit 1)
%files
%license LICENSE
%doc CHANGELOG.md README.md
%doc /usr/share/doc/cjose
%{_libdir}/*.so.*
%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/cjose.pc
%changelog
* Tue May 14 2024 <thalman@redhat.com> - 0.6.1-17
- Publishing cjose devel package
Resolves: RHEL-18066
* Wed Jul 19 2023 <thalman@redhat.com> - 0.6.1-16
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE
Resolves: rhbz#2223308
* Wed May 3 2023 <spoore@redhat.com> - 0.6.1-15
- Rebuilt for gating
Related: rhbz#2180445
* Tue May 2 2023 <thalman@redhat.com> - 0.6.1-14
- Rebuilt for gating
Related: rhbz#2180445
* Tue Mar 21 2023 <thalman@redhat.com> - 0.6.1-13
- Random memory override
Resolves: rhbz#2180445
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-12
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 0.6.1-11
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-10
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon May 17 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.6.1-9
- enable build with openssl 3.0
- Resolves: rhbz#1958026
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.6.1-8
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Aug 2 2018 <jdennis@redhat.com> - 0.6.1-2
- fix concatkdf big endian architecture problem.
Upstream issue #77.
* Wed Aug 1 2018 <jdennis@redhat.com> - 0.6.1-1
- upgrade to latest upstream 0.6.1
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 26 2018 Patrick Uiterwijk <patrick@puiterwijk.org> - 0.5.1-1
- Initial packaging

View File

@ -1,7 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.revdeps.integration}
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,5 +0,0 @@
summary: Run gating tests
discover:
how: fmf
execute:
how: tmt

View File

@ -1 +0,0 @@
SHA512 (cjose-0.6.1.tar.gz) = 7ae67a6d19591b3d19b888270ec0ca17df399bea117e42686fc1de39b3741ed9a8816f96d33d090687c49c3123cdc95430a781835a525a02d22561ebf5aaa653

View File

View File

@ -1,5 +0,0 @@
---
standard-inventory-qcow2:
qemu:
m: 2G

View File

@ -1,72 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test
# Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
# Author: Ales Marecek <amarecek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Based on sudo rebuild test
export TEST=/CoreOS/cjose/Sanity/upstream-testsuite-execution-and-rebuild-test
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Scott Poore <spoore@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution." >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 30m" >> $(METADATA)
@echo "RunFor: sudo" >> $(METADATA)
@echo "Requires: sudo" >> $(METADATA)
@echo "Requires: sed" >> $(METADATA)
@echo "Requires: grep" >> $(METADATA)
@echo "Requires: rpm-build" >> $(METADATA)
@echo "Requires: yum-utils" >> $(METADATA)
@echo "Requires: make" >> $(METADATA)
@echo "Requires: libcap-devel" >> $(METADATA)
@echo "Requires: audit-libs-devel" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/cjose/Sanity/upstream-testsuite-execution-and-rebuild-test
Description: This test rebuild cjose source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
Author: Scott Poore <spoore@redhat.com>

View File

@ -1,8 +0,0 @@
summary: Run build tests with rpm source
require:
- wget
- dnf-utils
- rpm-build
- cjose
test: ./runtest.sh
framework: beakerlib

View File

@ -1,96 +0,0 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test
# Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
# Author: Ales Marecek <amarecek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Based on sudo rebuild test
# Include Beaker environment
#. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="cjose"
_SPEC_DIR="$(rpm --eval=%_specdir)"
_BUILD_DIR="$(rpm --eval=%_builddir)"
_LOG_REBUILD_F="${PACKAGE}-rebuild.log"
_LOG_TESTSUITE_F="${PACKAGE}-testsuite.log"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
# Enable CRB repo in RHEL
rlLog "Checking if OS is RHEL"
if [ -f /etc/os-release ]; then
source /etc/os-release
rlLog "$(echo /etc/os-release; cat /etc/os-release)"
if [ "$ID" = "rhel" ]; then
rlLog "OS is RHEL, enabling CRB repo for build deps"
rlRun "dnf config-manager --enable rhel-CRB"
elif [ "$ID" = "centos" ]; then
rlLog "OS is CentOS, enabling CRB repo for build deps"
rlRun "dnf config-manager --enable crb"
fi
fi
# Source package is needed for code inspection
rlFetchSrcForInstalled "${PACKAGE}" || dnf download --source "${PACKAGE}"
rlRun "find . -size 0 -delete" 0 "Remove empty src.rpm-s"
rlRun "dnf builddep -y --nogpgcheck ${PACKAGE}-*.src.rpm" 0 "Installing build dependencies"
[ -d ${_BUILD_DIR} ] && rlRun "rm -rf ${_BUILD_DIR}/*" 0 "Cleaning build directory"
rlRun "rpm -ivh ${PACKAGE}-*.src.rpm" 0 "Installing source rpm"
rlPhaseEnd
rlPhaseStartTest
rlRun "QA_RPATHS=0x0002 rpmbuild -ba ${_SPEC_DIR}/${PACKAGE}.spec" 0 "Test: Rebuild of source '${PACKAGE}' package"
rlGetPhaseState
if [ $? -eq 0 ]; then
cd ${_BUILD_DIR}/${PACKAGE}-*
rlRun -s "make check" 0 "Test: Upstream testsuite"
cd ${TmpDir}
while read -r I; do
if [[ "$I" =~ $(echo '([^:]+): .+ tests run, .+ errors, (.*)% success rate') ]]; then
[[ "${BASH_REMATCH[2]}" == "100" ]]
rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $?
elif [[ "$I" =~ $(echo "([^:]+): .+ tests passed; (.+)/.+ tests failed") ]]; then
[[ "${BASH_REMATCH[2]}" == "0" ]]
rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $?
fi
done < $rlRun_LOG
rm -f $rlRun_LOG
else
rlFail "Skipping testsuite part because rebuild part failed."
fi
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd