From 09243bdf9032df8c6a1b3138a9c8a5464f8bbcf4 Mon Sep 17 00:00:00 2001 From: Ralf Senderek Date: Tue, 14 Jun 2016 19:59:44 +0200 Subject: [PATCH] Initial build cryptlib-3.4.3 (release 5) --- .gitignore | 3 + README-manual | 26 ++ ccflagspatch | 11 + cl343_fedora.zip.sig | 17 + cryptlib.spec | 354 ++++++++++++++++++ ...74CB29956498038A9C874BFBF6E2C28E9C98DD.asc | 34 ++ javapatch | 11 + sessionpatch | 11 + sonamepatch | 11 + sources | 3 + stackprotectorstrongpatch | 11 + testlibpatch | 15 + utilspatch | 11 + 13 files changed, 518 insertions(+) create mode 100644 README-manual create mode 100644 ccflagspatch create mode 100644 cl343_fedora.zip.sig create mode 100644 cryptlib.spec create mode 100644 gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc create mode 100644 javapatch create mode 100644 sessionpatch create mode 100644 sonamepatch create mode 100644 stackprotectorstrongpatch create mode 100644 testlibpatch create mode 100644 utilspatch diff --git a/.gitignore b/.gitignore index e69de29..9bb5ca1 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,3 @@ +/cl343_fedora.zip +/cryptlib-perlfiles.tar.gz +/cryptlib-tests.tar.gz diff --git a/README-manual b/README-manual new file mode 100644 index 0000000..bd3306c --- /dev/null +++ b/README-manual @@ -0,0 +1,26 @@ +Peter Gutmann has writen an excellent 374 page manual for Cryptlib. + +This manual provides code examples in C, Java, Python and other +languages and detailed descriptions of the cryptlib security +architecture, including the explanation of its High-, Medium- +and Low-level interface. All information needed to add security +services to existing applications is easily accessible with this +manual. + +The manual has a very liberal copyright notice, that allows commercial +use under the condition that the manual isn't distributed for a fee. + + +Unfortunately, due to this use restriction it cannot be included in +the Fedora distribution. + +But the good news is, that you can download this excellent manual as a +PDF file from Peter's web page. + +http://www.cypherpunks.to/~peter/manual.pdf + +If you refer to the numerous code examples, you will be able to use +cryptlib in your own (commercial) projects quite easily. + +Ralf Senderek + diff --git a/ccflagspatch b/ccflagspatch new file mode 100644 index 0000000..98ae123 --- /dev/null +++ b/ccflagspatch @@ -0,0 +1,11 @@ +--- cl-original/makefile 2016-03-25 03:33:28.000000000 +0000 ++++ cl-patched/makefile 2016-05-05 13:17:15.000000000 +0100 +@@ -90,7 +90,7 @@ + # Further cc flags are gathered dynamically at runtime via the ccopts.sh + # script. + +-CFLAGS = -c -D__UNIX__ -DNDEBUG -I. ++CFLAGS = -c -D__UNIX__ -DNDEBUG -I. $(ADDFLAGS) + CFLAGS_ANALYSE = -c -D__UNIX__ -I. + CFLAGS_COVERAGE = -c -D__UNIX__ -I. -ggdb3 -fno-omit-frame-pointer -O1 --coverage -fprofile-arcs -ftest-coverage + CFLAGS_DEBUG = -c -D__UNIX__ -I. -ggdb3 -fno-omit-frame-pointer -O0 diff --git a/cl343_fedora.zip.sig b/cl343_fedora.zip.sig new file mode 100644 index 0000000..6165cb5 --- /dev/null +++ b/cl343_fedora.zip.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJXTn2uAAoJEPv24sKOnJjdL9kP/Aygtz7zeidceTWZt6WZToou +IlLISVfUgQtr6NHBiDxEZwP+OWBaTh33fKP2na8wUy8qr99AjpRIjj9mX+qy7ED+ +AJPkaVK2yfB8CTK5ZLehlTWadLXAHIXNWsvjW2/foade6RsNdR/NjScQbDUxv3F/ +3oIZgGhNgKS+c83JTzdELc5/yN8Be5zeUJ7fZiGZKRS4kb5S7KSJ72eYyEspUvnY +cE7jA95NiAQg1QC9UeC4t/Iq6Cfp5ePh2p7NB5wzm4IJcANXIatmKbpWP5d0DvAd +wErcni7J9kK7OZnvkbLOmQaEiz2giz+snORT4gq/RxgkyFlbCTucM7cZXQ4zBAmS +gVA9EQOuJvyJRAAd+LN5/wxIJRNuoboXevCuU5zkmc7U8UXEyrX5A3ZAW9LDesDo +TKPH2pkkkFoYauMckD7AU1NGtaKOqKzt2heiy7AqzqoxblRF3k0Ka4Xd+nrUQuIa +t7SyYerclmAq8nyuftpvu6gng6N1JpPlinJkEGgJAs/TPJAW1F2n02bOS1Sx55rJ +v+4dbNZVRT+rsgizottGR+7RiR1S+kAtF0J5BbHDj8UVobJLIcD0i238GgNe8MVp +3DvgPJtD8ejZQzDcXEtWjv6aMG5s5d++sFBik2YP7pwJxaLYunxQRarCq/jGVMu9 +6BBULFfmMU7aHY4L5UsU +=WFzk +-----END PGP SIGNATURE----- diff --git a/cryptlib.spec b/cryptlib.spec new file mode 100644 index 0000000..bd70c54 --- /dev/null +++ b/cryptlib.spec @@ -0,0 +1,354 @@ +%global includetests 0 +# 0=no, 1=yes +%global cryptlibdir %{_libdir}/%{name} +# The python3 subpackage cannot be build, because DL_EXPORT is missing in Python.h +%global with_python3 0 + +Name: cryptlib +Version: 3.4.3 +Release: 5%{?dist} +Summary: Security library and toolkit for encryption and authentication services + +Group: System Environment/Libraries +License: Sleepycat +URL: https://www.cs.auckland.ac.nz/~pgut001/cryptlib +Source0: https://crypto-bone.com/fedora/cl343_fedora.zip +Source1: https://crypto-bone.com/fedora/cl343_fedora.zip.sig +# for security reasons a public signing key should always be stored in distgit +# and never be used with a URL to make impersonation attacks harder +# (verified: https://senderek.ie/keys/codesigningkey) +Source2: gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc +Source3: https://crypto-bone.com/fedora/README-manual +Source4: https://crypto-bone.com/fedora/cryptlib-tests.tar.gz +Source5: https://crypto-bone.com/fedora/cryptlib-perlfiles.tar.gz + +Patch1: sonamepatch +# soname is now libcl.so.3 +Patch2: ccflagspatch +Patch3: sessionpatch +Patch4: utilspatch +Patch5: stackprotectorstrongpatch +Patch6: javapatch +Patch7: testlibpatch + +ExclusiveArch: x86_64 %{ix86} %{arm} + +BuildRequires: gcc +BuildRequires: libbsd-devel +BuildRequires: gnupg2 +BuildRequires: coreutils +BuildRequires: python >= 2.7 +BuildRequires: python2-devel >= 2.7 +%if %{with_python3} + BuildRequires: python3-devel +%endif +BuildRequires: java-devel +BuildRequires: perl, perl-generators +BuildRequires: perl-ExtUtils-MakeMaker + + +# beignet provides a library libcl.so for OpenCL +Conflicts: beignet + +%description +Cryptlib is a powerful security toolkit that allows even inexperienced crypto +programmers to easily add encryption and authentication services to their +software. The high-level interface provides anyone with the ability to add +strong security capabilities to an application in as little as half an hour, +without needing to know any of the low-level details that make the encryption +or authentication work. Because of this, cryptlib dramatically reduces the +cost involved in adding security to new or existing applications. + +At the highest level, cryptlib provides implementations of complete security +services such as S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and +SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other +security operations such as secure time-stamping. Since cryptlib uses +industry-standard X.509, S/MIME, PGP/OpenPGP, and SSH/SSL/TLS data formats, +the resulting encrypted or signed data can be easily transported to other +systems and processed there, and cryptlib itself runs on virtually any +operating system - cryptlib doesn't tie you to a single system. +This allows email, files and EDI transactions to be authenticated with +digital signatures and encrypted in an industry-standard format. + + +%package devel +Summary: Cryptlib application development files +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Header files and code for application development in C (and C++) + + +%package test +Summary: Cryptlib test program +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description test +Cryptlib test programs for C, Java, Perl and Python + + +%package java +Summary: Cryptlib bindings for Java +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: java-headless + +%description java +Cryptlib module for application development in Java + + +%package javadoc +Summary: Cryptlib Java documentation +Buildarch : noarch + +%description javadoc +Cryptlib Javadoc information + + +%package python2 +Summary: Cryptlib bindings for python2 +Group: System Environment/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: python >= 2.7 + +%description python2 +Cryptlib module for application development in Python 2 + + +# The python3 subpackage cannot be build, because DL_EXPORT is missing in Python.h +# so python3 setup.py build fails + +%if %{with_python3} + %package python3 + Summary: Cryptlib bindings for python3 + Group: System Environment/Libraries + Requires: %{name}%{?_isa} = %{version}-%{release} + # specify the python3 version which first provides DL_EXPORT support below + Requires: python >= 3.x + + %description python3 + Cryptlib module for application development in Python 3 +%endif + +%package perl +Summary: Cryptlib bindings for perl +Group: System Environment/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: man + +%description perl +Cryptlib module for application development in Perl + + + +%prep +# source code signature check with GnuPG +KEYRING=$(echo %{SOURCE2}) +KEYRING=${KEYRING%%.asc}.gpg +mkdir -p .gnupg +gpg2 --homedir .gnupg --no-default-keyring --quiet --yes --output $KEYRING --dearmor %{SOURCE2} +gpg2 --homedir .gnupg --no-default-keyring --keyring $KEYRING --verify %{SOURCE1} %{SOURCE0} + +rm -rf %{name}-%{version} +mkdir %{name}-%{version} +cd %{name}-%{version} +/usr/bin/unzip -a %{SOURCE0} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +# remove pre-build jar file +rm %{_builddir}/%{name}-%{version}/bindings/cryptlib.jar +# adapt perl files in bindings +cd %{_builddir}/%{name}-%{version}/bindings +/usr/bin/tar xpzf %{SOURCE5} + + +%build +cd %{name}-%{version} +# build java bindings +chmod +x tools/mkhdr.sh +tools/mkhdr.sh +cp /etc/alternatives/java_sdk/include/jni.h . +cp /etc/alternatives/java_sdk/include/linux/jni_md.h . + +make clean +make shared %{?_smp_mflags} ADDFLAGS="%{optflags}" +make stestlib %{?_smp_mflags} ADDFLAGS="%{optflags}" + +# build python modules +ln -s libcl.so.3.4.3 libcl.so +cd bindings +python2 setup.py build + +# DL_EXPORT is missing in Python.h, so the following build fails. +# We need to disable the python3 subpackage until this problem is resolved. +%if %{with_python3} + python3 setup.py build +%endif + +# build javadoc +mkdir javadoc +cd javadoc +jar -xf ../cryptlib.jar +javadoc cryptlib + + +%install +mkdir -p %{buildroot}%{_libdir} +mkdir -p %{buildroot}%{_datadir}/licenses/%{name} +mkdir -p %{buildroot}%{_docdir}/%{name} +cp %{_builddir}/%{name}-%{version}/libcl.so.3.4.3 %{buildroot}%{_libdir} +cd %{buildroot}%{_libdir} +ln -s libcl.so.3.4.3 libcl.so.3 +ln -s libcl.so.3 libcl.so + +# install header files +mkdir -p %{buildroot}/%{_includedir}/%{name} +cp %{_builddir}/%{name}-%{version}/crypt.h %{buildroot}%{_includedir}/%{name} +cp %{_builddir}/%{name}-%{version}/cryptkrn.h %{buildroot}%{_includedir}/%{name} +cp %{_builddir}/%{name}-%{version}/cryptlib.h %{buildroot}%{_includedir}/%{name} + +# add Java bindings +mkdir -p %{buildroot}/%{cryptlibdir}/java +mkdir -p %{buildroot}/%{_jnidir} +cp %{_builddir}/%{name}-%{version}/bindings/cryptlib.jar %{buildroot}%{_jnidir} + +# install docs +cp %{_builddir}/%{name}-%{version}/COPYING %{buildroot}%{_datadir}/licenses/%{name} +cp %{_builddir}/%{name}-%{version}/README %{buildroot}%{_docdir}/%{name}/README +echo "No tests performed." > %{_builddir}/%{name}-%{version}/stestlib.log +cp %{_builddir}/%{name}-%{version}/stestlib.log %{buildroot}%{_docdir}/%{name}/stestlib.log +cp %{SOURCE3} %{buildroot}%{_docdir}/%{name} + +# install javadoc +mkdir -p %{buildroot}%{_javadocdir}/%{name} +rm -rf %{_builddir}/%{name}-%{version}/bindings/javadoc/META-INF +cp -r %{_builddir}/%{name}-%{version}/bindings/javadoc/* %{buildroot}%{_javadocdir}/%{name} + +# install python2 module +mkdir -p %{buildroot}%{python2_sitelib} +cp %{_builddir}/%{name}-%{version}/bindings/build/lib.linux-*%{python2_version}/cryptlib_py.so %{buildroot}%{python2_sitelib} + +# install python3 module +# add python3 installation code, when setup.py works in python3 + +# install Perl module +mkdir -p %{buildroot}/usr/local/lib64 +mkdir -p %{buildroot}%{_libdir}/perl5 +mkdir -p %{buildroot}%{_mandir}/man3 +cd %{_builddir}/%{name}-%{version}/bindings +mkdir -p %{_builddir}/include +cp ../cryptlib.h %{_builddir}/include +export PERL_CRYPT_LIB_HEADER=%{_builddir}/include/cryptlib.h +/usr/bin/perl Makefile.PL +sed -i '/LDLOADLIBS = /s/thread/thread -L.. -lcl/' Makefile +make +make pure_install DESTDIR=%{buildroot} +# clean the install +rm $(find %{buildroot}/usr/local/lib*/perl5 -name ".packlist") +chmod 0755 %{buildroot}/usr/local/lib*/perl5/auto/PerlCryptLib/PerlCryptLib.so +mv %{buildroot}/usr/local/lib*/perl5/* %{buildroot}%{_libdir}/perl5 +mv %{buildroot}/usr/local/share/man/man3/* %{buildroot}%{_mandir}/man3 + +# install test programs +cp %{_builddir}/%{name}-%{version}/stestlib %{buildroot}%{cryptlibdir} +cp -r %{_builddir}/%{name}-%{version}/test %{buildroot}%{cryptlibdir}/test +# remove all c code from the test directory +rm -rf $(find %{buildroot}%{cryptlibdir}/test -name "*.c") + +## remove all header files from the test directory +# these header files are needed by the test program stestlib to find test files! +#rm -rf $(find %%{buildroot}%%{cryptlibdir}/test -name "*.h") + +cd %{buildroot}%{cryptlibdir} +tar xpzf %{SOURCE4} + +%check +# checks are performed after install +# in KOJI tests must be disabled as there is no networking +%if %{includetests} + cd %{_builddir}/%{name}-%{version} + ln -s libcl.so.3.4.3 ./libcl.so.3 + export LD_LIBRARY_PATH=. + echo "Running tests on the cryptlib library. This will take a few minutes." + echo "Network access is necessary to complete all tests!" + ./stestlib > %{_builddir}/%{name}-%{version}/stestlib.log + cp %{_builddir}/%{name}-%{version}/stestlib.log %{buildroot}%{_docdir}/%{name}/stestlib.log +%endif + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%{_libdir}/libcl.so.3.4.3 +%{_libdir}/libcl.so.3 + +%license %{_datadir}/licenses/%{name}/COPYING +%doc %{_docdir}/%{name}/README +%doc %{_docdir}/%{name}/stestlib.log +%doc %{_docdir}/%{name}/README-manual + + +%files devel +%{_libdir}/libcl.so +%{_includedir}/%{name}/crypt.h +%{_includedir}/%{name}/cryptkrn.h +%{_includedir}/%{name}/cryptlib.h + +%files java +%{_jnidir}/cryptlib.jar + +%files javadoc +%{_javadocdir}/%{name} + +%files python2 +%{python2_sitelib}/cryptlib_py.so + +# at the moment the python3 subpackage cannot be build +%if %{with_python3} + %files python3 +%endif + +%files perl +%{_libdir}/perl5 +%{_mandir}/man3/PerlCryptLib.3pm.gz + +%files test +%{cryptlibdir} + + +%changelog + +* Tue Jun 14 2016 Senderek Web Security - 3.4.3-5 +- Fix source locations +- Clean up perl file installation +- Fix python3 module code in spec file + +* Thu Jun 9 2016 Senderek Web Security - 3.4.3-4 +- Removed the doc subpackage + +* Mon Jun 6 2016 Senderek Web Security - 3.4.3-3 +- Fixed Java subpackage dependency +- Made devel arch specific + +* Fri Jun 3 2016 Senderek Web Security - 3.4.3-2 +- Added javadoc subpackage and made docs noarch +- Added a perl subpackage +- Modified native stestlib program with two tests disabled + (testSessionSSH and testSessionSSHClientCert) + +* Wed Jun 1 2016 Senderek Web Security - 3.4.3-1 +- Added python2/python3 subpackage +- Source code signature check with GnuPG enabled + +* Sun May 29 2016 Senderek Web Security - 3.4-2 +- Added doc and java subpackage + +* Fri May 27 2016 Senderek Web Security - 3.4-1 +- Initial version of the rpm package build diff --git a/gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc b/gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc new file mode 100644 index 0000000..1e65900 --- /dev/null +++ b/gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc @@ -0,0 +1,34 @@ +pub 4096R/8E9C98DD 2013-08-16 + Key fingerprint = 3274 CB29 9564 9803 8A9C 874B FBF6 E2C2 8E9C 98DD + uid Senderek Web Security Codesigning Key + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQINBFINxvEBEADTSgWQT0/K85oZLKz4wEEaCThVyGbRWEk+Cv29nCuq4MFoIms6 +o44iO1n+VCeiw5uU+EBcrzaKu9zCXGql8N+MLngg+Tcb9tIexo17Pe0stCG18i8E +Nuezb1Vl4mEXUrTkrEV1cnVO2AaZhdH8yW5r5ZVyfOUSqM4ofIAajalwru4n+/p8 +d8q8qfQ2QMdFpXBXqt0FSWJgh7p9p7LTlV23LoMHN8i3tPwtM07sgghcBqLxnJH6 +qdfboDm24rsQxqc6azk5EXxAiJkAOLYuf6SEi9LljDVwglIzTjVsvWy7dJQsQTE0 +Z5Vj1uxu7yCH6myoeOYdnREXbsL5WyoQ+0Aux6/iv3BSftkxKNI3e27Oen+cyFFK +UoPYXIOMxS3SOGfRRPgiflutNIKxOBn0nWpjKbX8pTcq07fCRC9wX28OGzMlSqPB +Rp2Xdx9cxuAJsbI+TVKNjb91pCG9nOtWci66w8v9p9FTgu14jVFU+7K2b90mnM6n +4/PFSH0xXaR0xrBlDSVl8ZYf0UGIRN1Xp7MnXOJB9yA1odAkAhQXcpSeZBALn4r/ +z6ze7dAwZT++795qEV65qRotpr8OXcDvtBsbqT3+irHDDCvTygEGT4MpW5TBHpey +TqwhJusjKVeyohoOEdnW6CRadwJauuNZKOvV/Wp/TEVWqaNvk3eHbNHZSQARAQAB +tD5TZW5kZXJlayBXZWIgU2VjdXJpdHkgQ29kZXNpZ25pbmcgS2V5IDxvcGVuc291 +cmNlQHNlbmRlcmVrLmllPokCOAQTAQIAIgUCUg3G8QIbAwYLCQgHAwIGFQgCCQoL +BBYCAwECHgECF4AACgkQ+/biwo6cmN3YYw//aWvBwzwSQJXcrbbi8ewyh8rqgWRX +UgCOV1vUymdgWqRUBY3KE0xHSFpRVUkVsUEIuEhk2NZU8re1s2yCOZJRpdhHDdve +howKwQJEBP+ZUsQJZDnLvw2W1+OXfPiW9E7YrGGsm8gwZJgy0eEp9Tzj83UG00sP +oA6dflJsVapPXqBmCMlH0Gtcc2OpaFt+RphUIR/uLq+CYx++hMhXAh5Ru+oixTzR +kKThqar/6YUdRxeef5VsaE+IJHG8ku4u3tI/BMvaT7xG+Nz34xW8Zip2SP/eBLnn +AvADiROcTulBotYbc3VwLevQAKUC5BTU6BAUxdmKHJkjRqrQUUvOol9RVzWc5em9 +zL3KtiqAu1QzirX3Sk7NUM2VVj7CO7BVwfJYOU162Y6Q0HHMydl/RlpRcSUVVZQS +3OruerE+md+AhSBP813aY0jGhp/cs2qbJnvTelLi0sBizOJi8ZLT2TfY3tG87F5K +wszgVdxr8mzETolhAeOgSZj32R7BBGIOA/rDvuy/NrT95bSyTSfUbejvt/6jSMrs +VfNN7s9ExV2i5cchlkAJBkT0vO6qBr2IB6kMY4EkM6A2iOrdo7RqM1bUxrzrA42M +traiLm+zzeKWyk09JRe0OtRCAMY4pqL+60bwqIAD3UDM25eqpaIzx2PPdZB0+yj4 +pdMDlnMGSJK0q9U= +=4nc4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/javapatch b/javapatch new file mode 100644 index 0000000..cd18952 --- /dev/null +++ b/javapatch @@ -0,0 +1,11 @@ +--- cl-original/misc/config.h 2016-05-25 11:10:17.953572221 +0200 ++++ cl-patched/misc/config.h 2016-05-25 11:09:20.992950490 +0200 +@@ -141,7 +141,7 @@ + + /* Whether to build the Java/JNI interface or not */ + +-/* #define USE_JAVA */ ++#define USE_JAVA + + /* Whether to provide descriptive text messages for errors or not. + Disabling these can reduce code size, at the expense of making error diff --git a/sessionpatch b/sessionpatch new file mode 100644 index 0000000..563e453 --- /dev/null +++ b/sessionpatch @@ -0,0 +1,11 @@ +--- cl-original/session/ssh2_msg.c 2016-05-06 09:00:28.000000000 +0100 ++++ cl-patched/session/ssh2_msg.c 2016-05-06 10:00:03.000000000 +0100 +@@ -368,7 +368,7 @@ + totalLength += length; + } + retExt( CRYPT_ERROR_BADDATA, +- ( CRYPT_ERROR_BADDATA, SESSION_ERRINFO, stringBuffer ) ); ++ ( CRYPT_ERROR_BADDATA, SESSION_ERRINFO, "%s", stringBuffer ) ); + } + } + diff --git a/sonamepatch b/sonamepatch new file mode 100644 index 0000000..72875d3 --- /dev/null +++ b/sonamepatch @@ -0,0 +1,11 @@ +--- cryptlib-3.4.3/tools/buildsharedlib.sh 2013-11-23 01:35:10.000000000 +0100 ++++ cryptlib-3.4.3-patched/tools/buildsharedlib.sh 2016-03-05 12:28:06.162887153 +0100 +@@ -134,7 +134,7 @@ + *) + if [ `$LD -v 2>&1 | grep -c gcc` -gt 0 -a \ + `gcc -Wl,-Bsymbolic 2>&1 | grep -c unrecognized` = 0 ] ; then +- $LD -shared -Wl,-Bsymbolic -o $LIBNAME `cat $LINKFILE` `./tools/getlibs.sh autodetect` ; ++ $LD -shared -Wl,-soname=libcl.so.3 -Wl,-Bsymbolic -o $LIBNAME `cat $LINKFILE` `./tools/getlibs.sh autodetect` ; + else + $LD -shared -o $LIBNAME `cat $LINKFILE` `./tools/getlibs.sh autodetect` ; + fi diff --git a/sources b/sources index e69de29..1a5e8e9 100644 --- a/sources +++ b/sources @@ -0,0 +1,3 @@ +88f0c8dd9ef139d281dffc259c3f8cdc cl343_fedora.zip +e90177946732f82d820cbf0a37e90a05 cryptlib-perlfiles.tar.gz +ed30a5a5d0d99111fa4fc7915b670954 cryptlib-tests.tar.gz diff --git a/stackprotectorstrongpatch b/stackprotectorstrongpatch new file mode 100644 index 0000000..5be846a --- /dev/null +++ b/stackprotectorstrongpatch @@ -0,0 +1,11 @@ +--- cl-original/tools/ccopts.sh 2016-03-04 17:54:34.000000000 +0000 ++++ cl-patched/tools/ccopts.sh 2016-05-06 07:03:49.000000000 +0100 +@@ -604,7 +604,7 @@ + + if [ $GCC_VER -ge 42 ] ; then + if [ `$CC -fstack-protector -S -o /dev/null -xc /dev/null 2>&1 | grep -c "unrecog"` -eq 0 ] ; then +- CCARGS="$CCARGS -fstack-protector" ; ++ CCARGS="$CCARGS -fstack-protector-strong" ; + fi ; + CCARGS="$CCARGS -D_FORTIFY_SOURCE=2" ; + fi diff --git a/testlibpatch b/testlibpatch new file mode 100644 index 0000000..fd8834f --- /dev/null +++ b/testlibpatch @@ -0,0 +1,15 @@ +--- cl-original/test/testfunc.c 2016-06-03 13:23:35.294667665 +0200 ++++ cl-patched/test/testfunc.c 2016-06-03 13:26:42.320931385 +0200 +@@ -1111,10 +1111,12 @@ + } + if( !testSessionAttributes() ) + return( FALSE ); ++#if 0 + if( !testSessionSSH() ) + return( FALSE ); + if( !testSessionSSHClientCert() ) + return( FALSE ); ++#endif + if( !testSessionSSHPortforward() ) + return( FALSE ); + if( !testSessionSSHExec() ) diff --git a/utilspatch b/utilspatch new file mode 100644 index 0000000..d4a9aaa --- /dev/null +++ b/utilspatch @@ -0,0 +1,11 @@ +--- cl-original/test/utils.c 2016-05-06 10:13:04.000000000 +0100 ++++ cl-patched/test/utils.c 2016-05-06 09:25:20.000000000 +0100 +@@ -1489,7 +1489,7 @@ + const int innerLen = min( length - i, 16 ); + int j; + +- pos += sprintf( buffer + pos, prefix ); ++ pos += sprintf( buffer + pos, "%s", prefix ); + for( j = 0; j < innerLen; j++ ) + pos += sprintf( buffer + pos, "%02X ", value[ i + j ] ); + for( ; j < 16; j++ )