From 8edb81fb56c5f148a9da3658049751621679092a Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 21 Jul 2016 11:23:26 +0200 Subject: [PATCH] Update the leak patch. --- libgcrypt-1.6.1-leak.patch | 38 -------------------------------------- libgcrypt-1.6.5-leak.patch | 27 +++++++++++++++++++++++++++ libgcrypt.spec | 4 ++-- 3 files changed, 29 insertions(+), 40 deletions(-) delete mode 100644 libgcrypt-1.6.1-leak.patch create mode 100644 libgcrypt-1.6.5-leak.patch diff --git a/libgcrypt-1.6.1-leak.patch b/libgcrypt-1.6.1-leak.patch deleted file mode 100644 index df3cc08..0000000 --- a/libgcrypt-1.6.1-leak.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up libgcrypt-1.6.1/cipher/primegen.c.leak libgcrypt-1.6.1/cipher/primegen.c ---- libgcrypt-1.6.1/cipher/primegen.c.leak 2014-02-28 15:06:24.394464790 +0100 -+++ libgcrypt-1.6.1/cipher/primegen.c 2014-02-28 15:09:22.938591664 +0100 -@@ -1204,10 +1204,7 @@ _gcry_prime_group_generator (gcry_mpi_t - gcry_mpi_t prime, gcry_mpi_t *factors, - gcry_mpi_t start_g) - { -- gcry_mpi_t tmp = mpi_new (0); -- gcry_mpi_t b = mpi_new (0); -- gcry_mpi_t pmin1 = mpi_new (0); -- gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); -+ gcry_mpi_t tmp, b, pmin1, g; - int first = 1; - int i, n; - -@@ -1220,6 +1217,11 @@ _gcry_prime_group_generator (gcry_mpi_t - if (n < 2) - return GPG_ERR_INV_ARG; - -+ tmp = mpi_new (0); -+ b = mpi_new (0); -+ pmin1 = mpi_new (0); -+ g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); -+ - /* Extra sanity check - usually disabled. */ - /* mpi_set (tmp, factors[0]); */ - /* for(i = 1; i < n; i++) */ -diff -up libgcrypt-1.6.1/src/hmac256.c.leak libgcrypt-1.6.1/src/hmac256.c ---- libgcrypt-1.6.1/src/hmac256.c.leak 2013-12-16 18:44:32.000000000 +0100 -+++ libgcrypt-1.6.1/src/hmac256.c 2014-02-28 15:06:24.394464790 +0100 -@@ -427,7 +427,6 @@ _gcry_hmac256_finalize (hmac256_context_ - tmphd = _gcry_hmac256_new (NULL, 0); - if (!tmphd) - { -- free (hd); - return NULL; - } - _gcry_hmac256_update (tmphd, hd->opad, 64); diff --git a/libgcrypt-1.6.5-leak.patch b/libgcrypt-1.6.5-leak.patch new file mode 100644 index 0000000..df51187 --- /dev/null +++ b/libgcrypt-1.6.5-leak.patch @@ -0,0 +1,27 @@ +diff -up libgcrypt-1.6.5/cipher/primegen.c.leak libgcrypt-1.6.5/cipher/primegen.c +--- libgcrypt-1.6.5/cipher/primegen.c.leak 2016-07-21 11:06:32.783421204 +0200 ++++ libgcrypt-1.6.5/cipher/primegen.c 2016-07-21 11:06:32.789421337 +0200 +@@ -1208,10 +1208,7 @@ _gcry_prime_group_generator (gcry_mpi_t + gcry_mpi_t prime, gcry_mpi_t *factors, + gcry_mpi_t start_g) + { +- gcry_mpi_t tmp = mpi_new (0); +- gcry_mpi_t b = mpi_new (0); +- gcry_mpi_t pmin1 = mpi_new (0); +- gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); ++ gcry_mpi_t tmp, b, pmin1, g; + int first = 1; + int i, n; + +@@ -1224,6 +1221,11 @@ _gcry_prime_group_generator (gcry_mpi_t + if (n < 2) + return GPG_ERR_INV_ARG; + ++ tmp = mpi_new (0); ++ b = mpi_new (0); ++ pmin1 = mpi_new (0); ++ g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); ++ + /* Extra sanity check - usually disabled. */ + /* mpi_set (tmp, factors[0]); */ + /* for(i = 1; i < n; i++) */ diff --git a/libgcrypt.spec b/libgcrypt.spec index 415e068..ebd9f98 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -25,8 +25,8 @@ Patch5: libgcrypt-1.6.1-tests.patch Patch6: libgcrypt-1.6.1-fips-cfgrandom.patch # update the CAVS tests Patch7: libgcrypt-1.6.2-fips-cavs.patch -# fix for memory leaks an other errors found by Coverity scan -Patch9: libgcrypt-1.6.1-leak.patch +# fix for memory leaks and other errors found by Coverity scan +Patch9: libgcrypt-1.6.5-leak.patch # use poll instead of select when gathering randomness Patch11: libgcrypt-1.6.1-use-poll.patch # slight optimalization of mpicoder.c to silence Valgrind (#968288)