Compare commits

...

No commits in common. 'epel9' and 'i9' have entirely different histories.
epel9 ... i9

3
.gitignore vendored

@ -1,2 +1 @@
/libbsd-*.tar.xz
/libbsd-*.tar.xz.asc
SOURCES/libbsd-0.11.7.tar.xz

@ -0,0 +1 @@
e5f5fffcc2094661a105074c1538f1e434990490 SOURCES/libbsd-0.11.7.tar.xz

@ -0,0 +1,83 @@
From d5865759f8698f1c75339451a26fa3ae00276a51 Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@hadrons.org>
Date: Thu, 25 Aug 2022 00:52:43 +0200
Subject: [PATCH] test: Fix explicit_bzero() test on the Hurd
On the Hurd a small read(3) might end up (indirectly) copying the data
on the stack, which we will end up finding even when we have cleared
the buffer.
To avoid these side effects, we add a new function, that we force not
to be inlined, so that we can reuse the same stack space, that will
blank any possible stack side effects. This should be portable
regardless of stack growing up or down.
Diagnosis-by: Samuel Thibault <sthibault@debian.org>
---
COPYING | 2 +-
test/explicit_bzero.c | 15 +++++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/COPYING b/COPYING
index 67223d4..cf43edd 100644
--- a/COPYING
+++ b/COPYING
@@ -369,7 +369,7 @@ Copyright:
Copyright © 2014 Theo de Raadt <deraadt@openbsd.org>
Copyright © 2014 Google Inc.
Copyright © 2015 Michael Felt <aixtools@gmail.com>
- Copyright © 2015 Guillem Jover <guillem@hadrons.org>
+ Copyright © 2015, 2022 Guillem Jover <guillem@hadrons.org>
License: ISC
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
diff --git a/test/explicit_bzero.c b/test/explicit_bzero.c
index 74993c2..bee29de 100644
--- a/test/explicit_bzero.c
+++ b/test/explicit_bzero.c
@@ -1,6 +1,7 @@
/* $OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $ */
/*
* Copyright (c) 2014 Google Inc.
+ * Copyright (c) 2022 Guillem Jover <guillem@hadrons.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -123,6 +124,18 @@ populate_secret(char *buf, ssize_t len)
ASSERT_EQ(0, close(fds[0]));
}
+static void __attribute__((__noinline__))
+blank_stack_side_effects(char *buf, size_t len)
+{
+ char scratch[SECRETBYTES * 4];
+
+ /* If the read(3) in populate_secret() wrote into the stack, as it
+ * might happen on the Hurd for small data, then we might incorrectly
+ * detect the wrong secret on the stack. */
+ memset(scratch, 0xFF, sizeof(scratch));
+ ASSERT_EQ(NULL, memmem(scratch, sizeof(scratch), buf, len));
+}
+
static int
count_secrets(const char *buf)
{
@@ -143,6 +156,7 @@ test_without_bzero(void)
char *res;
assert_on_stack();
populate_secret(buf, sizeof(buf));
+ blank_stack_side_effects(buf, sizeof(buf));
res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
ASSERT_NE(NULL, res);
return (res);
@@ -155,6 +169,7 @@ test_with_bzero(void)
char *res;
assert_on_stack();
populate_secret(buf, sizeof(buf));
+ blank_stack_side_effects(buf, sizeof(buf));
res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
ASSERT_NE(NULL, res);
explicit_bzero(buf, sizeof(buf));
--
GitLab

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAmM+OcMACgkQuXK/PqSu
V6N8dA/9HvRw8/1oxr7+3aIBFQ2bMFwxSojwID5KrBeRQH48vuAxouCtKNAHx4fv
VCSULx9AXwWxy+MV4Ib8fzeJaawJBjdnyN3Dfifyt3GsZESoBkvl0reJSOq3g9wt
LJydT9NNJqB2DNrOg9bemrDt2IeF4yinM6Yv4N2jBe+b1UOHXgdjYtGqchqvcAOi
h14o8MGjHxj3E6Q+m1i+nB2ILrxrJvsXa5M7UD/OHmAj3l1V8gf28g4iOc3WHKzx
nPfdk5h3ErAmxLlNYC875uhgFdCNje4U40xY0Zu492CxQzKUmTfQuNn1PDlRcWbD
aM02u7c9O8M+xTDbHmuedXDylwek2FfPEo8hhb6tgusq6wmPweeGnP1w3SfEcg7b
VxqHqjuumBfEAfUjTZ6gSKgygrFxxfz3liqfUJ35Ndf2vFjeq2kY+lsvdl8qZ+mK
QyDgSQTreZRPhlUEjbij+rAQbMj8sDA1+hIJFMF5iltrx5Q96kRAxpUbl45oR+l0
w70xz8QpJoY57n9InOUWDZEr/FINL9I2LGBumiPlBQnUOyLzcbOYzxown38gemkH
KdMbC99TCeUQNBnry4VtURQEoDLjWm99gfTgV4bBG9Mry5/Xnhw5Ybv+yPZUP5xJ
+bj7cN8T/g+aAdIgrlccQviLNAtzR4H5LRL5sKI3alnoY7wBIx4=
=oPWW
-----END PGP SIGNATURE-----

@ -1,20 +1,25 @@
Name: libbsd
Version: 0.12.2
Release: 1%{?dist}
Version: 0.11.7
Release: 2%{?dist}
Summary: Library providing BSD-compatible functions for portability
URL: https://libbsd.freedesktop.org/
# Breakdown in COPYING file of libbsd release tarball, see also:
# - https://gitlab.com/fedora/legal/fedora-license-data/-/issues/71
# - https://gitlab.com/fedora/legal/fedora-license-data/-/issues/73
License: Beerware AND BSD-2-Clause AND BSD-3-Clause AND ISC AND libutil-David-Nugent AND MIT AND LicenseRef-Fedora-Public-Domain
License: Beerware AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND ISC AND libutil-David-Nugent AND MIT AND LicenseRef-Fedora-Public-Domain
Source0: https://libbsd.freedesktop.org/releases/libbsd-%{version}.tar.xz
Source1: https://libbsd.freedesktop.org/releases/libbsd-%{version}.tar.xz.asc
Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/4F3E74F436050C10F5696574B972BF3EA4AE57A3
# https://gitlab.freedesktop.org/libbsd/libbsd/-/issues/14: Revert breaking commit in explicit_bzero test
Patch0: https://gitlab.freedesktop.org/libbsd/libbsd/-/commit/d5865759f8698f1c75339451a26fa3ae00276a51.patch#/libbsd-0.11.7-test-explicit_bzero.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: libmd-devel
BuildRequires: libtool
BuildRequires: make
%description
@ -45,27 +50,33 @@ configured using "pkg-config --libs libbsd-ctor".
%prep
%setup -q
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%patch0 -p1 -R -b .test-explicit_bzero
%build
autoreconf -fiv
%configure
%make_build
%make_build V=1
%check
%make_build check
%make_build check V=1
%install
%make_install
%make_install V=1
# don't want static library or libtool archive
rm %{buildroot}%{_libdir}/%{name}.a
rm %{buildroot}%{_libdir}/%{name}.la
# remove manual pages that conflict with man-pages package
rm %{buildroot}%{_mandir}/man3/explicit_bzero.3bsd
%ldconfig_scriptlets
%files
%license COPYING
%doc README ChangeLog
%{_libdir}/%{name}.so.0*
%doc README TODO ChangeLog
%{_libdir}/%{name}.so.*
%files devel
%{_mandir}/man3/*.3bsd.*
@ -80,23 +91,8 @@ rm %{buildroot}%{_libdir}/%{name}.la
%{_libdir}/pkgconfig/%{name}-ctor.pc
%changelog
* Mon Mar 25 2024 Robert Scheck <robert@fedoraproject.org> - 0.12.2-1
- Update to 0.12.2 (#2257217)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.7-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.7-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 12 2022 Florian Weimer <fweimer@redhat.com> - 0.11.7-3
- Port configure script to C99
* Fri Oct 13 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 0.11.7-2
- Rebuilt for MSVSphere 9.2
* Sun Dec 04 2022 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.11.7-2
- Add runtime requirement on libmd-devel to libbsd-devel (#2148612)

@ -1,2 +0,0 @@
SHA512 (libbsd-0.12.2.tar.xz) = ce43e4f0486d5f00d4a8119ee863eaaa2f968cae4aa3d622976bb31ad601dfc565afacef7ebade5eba33fff1c329b5296c6387c008d1e1805d878431038f8b21
SHA512 (libbsd-0.12.2.tar.xz.asc) = c2e56aa572ce50d6342c0e45622958eba40319e09d45dc3cff6296cb10eebc0c4154d6f758dd2470a1794251fc0273d05ac2d735698eae83183769df5f7d44c3
Loading…
Cancel
Save