import libkcapi-1.2.0-2.el8

.gitignore

@@ -1 +1,2 @@
-SOURCES/libkcapi-1.1.5.tar.xz
+SOURCES/libkcapi-1.2.0.tar.xz
+SOURCES/libkcapi-1.2.0.tar.xz.asc

.libkcapi.metadata

@@ -1 +1,2 @@
-fb247c6f8c2d83e7e341ac56dd6eedc7f6fe5380 SOURCES/libkcapi-1.1.5.tar.xz
+c5bc2fdb8da1c567c1435096fed8937d4d3ce4f1 SOURCES/libkcapi-1.2.0.tar.xz
+c5bc2fdb8da1c567c1435096fed8937d4d3ce4f1 SOURCES/libkcapi-1.2.0.tar.xz.asc

SOURCES/100-fix-double-free-hasher.patch

@@ -0,0 +1,54 @@
+--- libkcapi-1.2.0/apps/kcapi-hasher.c.fix-double-free-hasher	2020-05-26 16:31:28.296332614 +0200
++++ libkcapi-1.2.0/apps/kcapi-hasher.c	2020-05-26 16:37:07.681011437 +0200
+@@ -301,7 +301,7 @@ static int hasher(struct kcapi_handle *h
+ 				fprintf(stderr,
+ 					"Use of mmap failed mapping %zu bytes at offset %" PRId64 " of file %s (%d)\n",
+ 					mapped, (int64_t)offset, filename, ret);
+-				goto out;
++				return ret;
+ 			}
+ 			/* Compute hash */
+ 			memblock_p = memblock;
+@@ -311,8 +311,10 @@ static int hasher(struct kcapi_handle *h
+ 						 INT_MAX : (uint32_t)left;
+ 
+ 				ret = kcapi_md_update(handle, memblock_p, todo);
+-				if (ret < 0)
+-					goto out;
++				if (ret < 0) {
++			        munmap(memblock, mapped);
++					return ret;
++                }
+ 				left -= todo;
+ 				memblock_p += todo;
+ 			} while (left);
+@@ -329,7 +331,7 @@ static int hasher(struct kcapi_handle *h
+ 
+ 			ret = kcapi_md_update(handle, tmpbuf, bufsize);
+ 			if (ret < 0)
+-				goto out;
++				return ret;
+ 		}
+ 		kcapi_memset_secure(tmpbuf, 0, sizeof(tmpbuf));
+ 	}
+@@ -340,7 +342,7 @@ static int hasher(struct kcapi_handle *h
+ 		if (hashlen > (uint32_t)ret) {
+ 			fprintf(stderr, "Invalid truncated hash size: %lu > %i\n",
+ 			        (unsigned long)hashlen, ret);
+-			goto out;
++			return ret;
+ 		}
+ 
+ 		if (!hashlen)
+@@ -376,11 +378,6 @@ static int hasher(struct kcapi_handle *h
+ 		fprintf(stderr, "Generation of hash for file %s failed (%d)\n",
+ 			filename ? filename : "stdin", ret);
+ 	}
+-
+-out:
+-	if (memblock)
+-		munmap(memblock, mapped);
+-
+ 	return ret;
+ }
+ 

SOURCES/100-workaround-cppcheck-bug.patch

@@ -1,13 +0,0 @@
-diff --git a/test/kcapi-main.c b/test/kcapi-main.c
-index 2ae0edb..6818e67 100644
---- a/test/kcapi-main.c
-+++ b/test/kcapi-main.c
-@@ -237,7 +237,7 @@ static inline uint64_t _time_delta(struct timespec *start, struct timespec *end)
- 
- static int get_random(uint8_t *buf, uint32_t buflen, unsigned int flags)
- {
--	int ret;
-+	int ret = 0;
- 
- 	if (buflen > INT_MAX)
- 		return 1;

SOURCES/110-fipshmac-compat.patch

@@ -1,30 +0,0 @@
-diff -up libkcapi-1.1.5/apps/kcapi-hasher.c.fipshmac-compat libkcapi-1.1.5/apps/kcapi-hasher.c
---- libkcapi-1.1.5/apps/kcapi-hasher.c.fipshmac-compat	2019-01-23 07:14:51.000000000 +0100
-+++ libkcapi-1.1.5/apps/kcapi-hasher.c	2020-04-23 14:37:59.518173594 +0200
-@@ -386,10 +386,16 @@ static char *paste(char *dst, const char
- static char *get_hmac_file(const char *filename, const char *checkdir)
- {
- 	size_t i, filelen, pathlen, namelen, basenamestart = 0;
--	size_t prefixlen = strlen(CHECK_PREFIX);
-+	const char *check_prefix = CHECK_PREFIX;
-+	size_t prefixlen = strlen(check_prefix);
- 	size_t suffixlen = strlen(CHECK_SUFFIX);
- 	char *cursor, *checkfile = NULL;
- 
-+	if (prefixlen == 0 && checkdir == NULL) {
-+		check_prefix = ".";
-+		prefixlen = 1;
-+	}
-+
- 	filelen = strlen(filename);
- 	if (filelen > 4096) {
- 		fprintf(stderr, "File too long\n");
-@@ -415,7 +421,7 @@ static char *get_hmac_file(const char *f
- 	} else if (pathlen > 0)
- 		cursor = paste(cursor, filename, pathlen);
- 
--	cursor = paste(cursor, CHECK_PREFIX, prefixlen);
-+	cursor = paste(cursor, check_prefix, prefixlen);
- 	cursor = paste(cursor, filename + basenamestart, namelen);
- 	cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
- 	strncpy(cursor, "\0", 1);

SOURCES/libkcapi-1.1.5.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq
-wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h
-Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK
-o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd
-XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4
-n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK
-7XMwTY3intV9FP3mhM/RPSLSOw7NLA==
-=UN86
------END PGP SIGNATURE-----

SPECS/libkcapi.spec

@@ -1,7 +1,7 @@
 # Shared object version of libkcapi.
 %global vmajor            1
-%global vminor            1
-%global vpatch            5
+%global vminor            2
+%global vpatch            0
 
 # Do we build the replacements packages?
 %bcond_with replace_coreutils
@@ -109,7 +109,7 @@ done                                                             \
 
 Name:           libkcapi
 Version:        %{vmajor}.%{vminor}.%{vpatch}
-Release:        3%{?dist}
+Release:        2%{?dist}
 Summary:        User space interface to the Linux Kernel Crypto API
 
 License:        BSD or GPLv2
@@ -119,8 +119,7 @@ Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
 Source2:        sha512hmac-openssl.sh
 Source3:        fipshmac-openssl.sh
 
-Patch100:       100-workaround-cppcheck-bug.patch
-Patch110:       110-fipshmac-compat.patch
+Patch100:       100-fix-double-free-hasher.patch
 
 BuildRequires:  bash
 BuildRequires:  clang
@@ -461,6 +460,12 @@ popd
 
 
 %changelog
+* Tue May 26 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-2
+- Fix double free issue in hasher()
+
+* Mon May 25 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-1
+- [RHEL] Update to upstream version 1.2.0
+
 * Thu Apr 30 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
 - Enables building on old kernels [sync fix in Fedora from omosnance].
 - This is required for covscans as they run on RHEL7 machines.