import libkcapi-1.2.0-2.el8
This commit is contained in:
parent
a1f0e9b8fb
commit
b2d6773180
3
.gitignore
vendored
3
.gitignore
vendored
@ -1 +1,2 @@
|
||||
SOURCES/libkcapi-1.1.5.tar.xz
|
||||
SOURCES/libkcapi-1.2.0.tar.xz
|
||||
SOURCES/libkcapi-1.2.0.tar.xz.asc
|
||||
|
@ -1 +1,2 @@
|
||||
fb247c6f8c2d83e7e341ac56dd6eedc7f6fe5380 SOURCES/libkcapi-1.1.5.tar.xz
|
||||
c5bc2fdb8da1c567c1435096fed8937d4d3ce4f1 SOURCES/libkcapi-1.2.0.tar.xz
|
||||
c5bc2fdb8da1c567c1435096fed8937d4d3ce4f1 SOURCES/libkcapi-1.2.0.tar.xz.asc
|
||||
|
54
SOURCES/100-fix-double-free-hasher.patch
Normal file
54
SOURCES/100-fix-double-free-hasher.patch
Normal file
@ -0,0 +1,54 @@
|
||||
--- libkcapi-1.2.0/apps/kcapi-hasher.c.fix-double-free-hasher 2020-05-26 16:31:28.296332614 +0200
|
||||
+++ libkcapi-1.2.0/apps/kcapi-hasher.c 2020-05-26 16:37:07.681011437 +0200
|
||||
@@ -301,7 +301,7 @@ static int hasher(struct kcapi_handle *h
|
||||
fprintf(stderr,
|
||||
"Use of mmap failed mapping %zu bytes at offset %" PRId64 " of file %s (%d)\n",
|
||||
mapped, (int64_t)offset, filename, ret);
|
||||
- goto out;
|
||||
+ return ret;
|
||||
}
|
||||
/* Compute hash */
|
||||
memblock_p = memblock;
|
||||
@@ -311,8 +311,10 @@ static int hasher(struct kcapi_handle *h
|
||||
INT_MAX : (uint32_t)left;
|
||||
|
||||
ret = kcapi_md_update(handle, memblock_p, todo);
|
||||
- if (ret < 0)
|
||||
- goto out;
|
||||
+ if (ret < 0) {
|
||||
+ munmap(memblock, mapped);
|
||||
+ return ret;
|
||||
+ }
|
||||
left -= todo;
|
||||
memblock_p += todo;
|
||||
} while (left);
|
||||
@@ -329,7 +331,7 @@ static int hasher(struct kcapi_handle *h
|
||||
|
||||
ret = kcapi_md_update(handle, tmpbuf, bufsize);
|
||||
if (ret < 0)
|
||||
- goto out;
|
||||
+ return ret;
|
||||
}
|
||||
kcapi_memset_secure(tmpbuf, 0, sizeof(tmpbuf));
|
||||
}
|
||||
@@ -340,7 +342,7 @@ static int hasher(struct kcapi_handle *h
|
||||
if (hashlen > (uint32_t)ret) {
|
||||
fprintf(stderr, "Invalid truncated hash size: %lu > %i\n",
|
||||
(unsigned long)hashlen, ret);
|
||||
- goto out;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
if (!hashlen)
|
||||
@@ -376,11 +378,6 @@ static int hasher(struct kcapi_handle *h
|
||||
fprintf(stderr, "Generation of hash for file %s failed (%d)\n",
|
||||
filename ? filename : "stdin", ret);
|
||||
}
|
||||
-
|
||||
-out:
|
||||
- if (memblock)
|
||||
- munmap(memblock, mapped);
|
||||
-
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,13 +0,0 @@
|
||||
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||
index 2ae0edb..6818e67 100644
|
||||
--- a/test/kcapi-main.c
|
||||
+++ b/test/kcapi-main.c
|
||||
@@ -237,7 +237,7 @@ static inline uint64_t _time_delta(struct timespec *start, struct timespec *end)
|
||||
|
||||
static int get_random(uint8_t *buf, uint32_t buflen, unsigned int flags)
|
||||
{
|
||||
- int ret;
|
||||
+ int ret = 0;
|
||||
|
||||
if (buflen > INT_MAX)
|
||||
return 1;
|
@ -1,30 +0,0 @@
|
||||
diff -up libkcapi-1.1.5/apps/kcapi-hasher.c.fipshmac-compat libkcapi-1.1.5/apps/kcapi-hasher.c
|
||||
--- libkcapi-1.1.5/apps/kcapi-hasher.c.fipshmac-compat 2019-01-23 07:14:51.000000000 +0100
|
||||
+++ libkcapi-1.1.5/apps/kcapi-hasher.c 2020-04-23 14:37:59.518173594 +0200
|
||||
@@ -386,10 +386,16 @@ static char *paste(char *dst, const char
|
||||
static char *get_hmac_file(const char *filename, const char *checkdir)
|
||||
{
|
||||
size_t i, filelen, pathlen, namelen, basenamestart = 0;
|
||||
- size_t prefixlen = strlen(CHECK_PREFIX);
|
||||
+ const char *check_prefix = CHECK_PREFIX;
|
||||
+ size_t prefixlen = strlen(check_prefix);
|
||||
size_t suffixlen = strlen(CHECK_SUFFIX);
|
||||
char *cursor, *checkfile = NULL;
|
||||
|
||||
+ if (prefixlen == 0 && checkdir == NULL) {
|
||||
+ check_prefix = ".";
|
||||
+ prefixlen = 1;
|
||||
+ }
|
||||
+
|
||||
filelen = strlen(filename);
|
||||
if (filelen > 4096) {
|
||||
fprintf(stderr, "File too long\n");
|
||||
@@ -415,7 +421,7 @@ static char *get_hmac_file(const char *f
|
||||
} else if (pathlen > 0)
|
||||
cursor = paste(cursor, filename, pathlen);
|
||||
|
||||
- cursor = paste(cursor, CHECK_PREFIX, prefixlen);
|
||||
+ cursor = paste(cursor, check_prefix, prefixlen);
|
||||
cursor = paste(cursor, filename + basenamestart, namelen);
|
||||
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
|
||||
strncpy(cursor, "\0", 1);
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq
|
||||
wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h
|
||||
Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK
|
||||
o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd
|
||||
XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4
|
||||
n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK
|
||||
7XMwTY3intV9FP3mhM/RPSLSOw7NLA==
|
||||
=UN86
|
||||
-----END PGP SIGNATURE-----
|
@ -1,7 +1,7 @@
|
||||
# Shared object version of libkcapi.
|
||||
%global vmajor 1
|
||||
%global vminor 1
|
||||
%global vpatch 5
|
||||
%global vminor 2
|
||||
%global vpatch 0
|
||||
|
||||
# Do we build the replacements packages?
|
||||
%bcond_with replace_coreutils
|
||||
@ -109,7 +109,7 @@ done \
|
||||
|
||||
Name: libkcapi
|
||||
Version: %{vmajor}.%{vminor}.%{vpatch}
|
||||
Release: 3%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: User space interface to the Linux Kernel Crypto API
|
||||
|
||||
License: BSD or GPLv2
|
||||
@ -119,8 +119,7 @@ Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
|
||||
Source2: sha512hmac-openssl.sh
|
||||
Source3: fipshmac-openssl.sh
|
||||
|
||||
Patch100: 100-workaround-cppcheck-bug.patch
|
||||
Patch110: 110-fipshmac-compat.patch
|
||||
Patch100: 100-fix-double-free-hasher.patch
|
||||
|
||||
BuildRequires: bash
|
||||
BuildRequires: clang
|
||||
@ -461,6 +460,12 @@ popd
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue May 26 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-2
|
||||
- Fix double free issue in hasher()
|
||||
|
||||
* Mon May 25 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-1
|
||||
- [RHEL] Update to upstream version 1.2.0
|
||||
|
||||
* Thu Apr 30 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
|
||||
- Enables building on old kernels [sync fix in Fedora from omosnance].
|
||||
- This is required for covscans as they run on RHEL7 machines.
|
||||
|
Loading…
Reference in New Issue
Block a user