Ubuntu
yapet package

Merge ~vpa1977/ubuntu/+source/yapet:ubuntu/devel into ubuntu/+source/yapet:ubuntu/devel

  1. Git
  2. lp:~vpa1977/ubuntu/+source/yapet
  3. ubuntu/devel
  4. Merge into ubuntu/devel
Proposed by Vladimir Petko
Status: Merged
Merged at revision: 60ce824f58b38d9fa1fea789add083412ba8bdd3
Proposed branch: ~vpa1977/ubuntu/+source/yapet:ubuntu/devel
Merge into: ubuntu/+source/yapet:ubuntu/devel
Diff against target: 124 lines (+97/-0)
4 files modified
debian/changelog (+9/-0)
debian/patches/disable-blowfish-tests.patch (+48/-0)
debian/patches/series (+2/-0)
debian/patches/use-std-fill.patch (+38/-0)
Reviewer Review Type Date Requested Status
git-ubuntu import Pending
Review via email: mp+462833@code.launchpad.net

Description of the change

Changes:
 - disable failing blowfish tests (openssl regression)
 - clear memory when disposing SecureArray.

PPA: ppa:vpa1977/october-21[1]

Testing:
 - ppa rebuild [2]
 - autopkgtest
----
autopkgtest [16:05:17]: test smoke-test: -----------------------]
autopkgtest [16:05:17]: test smoke-test: - - - - - - - - - - results - - - - - - - - - -
smoke-test PASS (superficial)
autopkgtest [16:05:17]: @@@@@@@@@@@@@@@@@@@@ summary
smoke-test PASS (superficial)
----

[1] https://launchpad.net/~vpa1977/+archive/ubuntu/october-21
[2] https://launchpad.net/~vpa1977/+archive/ubuntu/october-21/+sourcepub/15868620/+listing-archive-extra

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 90d469d..3275feb 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+yapet (2.6-1ubuntu1) noble; urgency=medium
7+
8+ * d/p/use-std-fill.patch: use std::fill to reset memory instead of
9+ std::memset. This fixes armhf test failure (LP: #2058584).
10+ * d/p/disable-blowfish-tests.patch: disable failing blowfish tests.
11+ See Debian bug 1064724.
12+
13+ -- Vladimir Petko <vladimir.petko@canonical.com> Thu, 21 Mar 2024 15:56:18 +1300
14+
15 yapet (2.6-1build1) noble; urgency=medium
16
17 * No-change rebuild against libssl3t64
18diff --git a/debian/patches/disable-blowfish-tests.patch b/debian/patches/disable-blowfish-tests.patch
19new file mode 100644
20index 0000000..3f4112e
21--- /dev/null
22+++ b/debian/patches/disable-blowfish-tests.patch
23@@ -0,0 +1,48 @@
24+Description: disable blowfish tests
25+ Blowfish tests fail with openssl 3.1.5-1. Disable failing tests.
26+ The failure may be related to the fix for
27+ https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363.
28+Author: Vladimir Petko <vladimir.petko@canonical.com>
29+Bug: https://github.com/RafaelOstertag/yapet/issues/26
30+Bug-Debian: https://bugs.debian.org/1064724
31+Last-Update: 2024-03-21
32+
33+--- a/tests/crypt/Makefile.am
34++++ b/tests/crypt/Makefile.am
35+@@ -47,10 +47,10 @@
36+ $(cpy_verbose)cp $< $(builddir)/$@
37+ $(chmod_verbose)chmod u=rw $(builddir)/$@
38+
39+-check_PROGRAMS = key448 key256 blowfish aes256 blowfishfactory aes256factory file_blowfish file_aes256 foreign cryptofactoryhelper
40++check_PROGRAMS = key448 key256 aes256 blowfishfactory aes256factory file_aes256 cryptofactoryhelper
41+ check_PROGRAMS += passwordchange_exerciser
42+
43+-TESTS = key448 key256 blowfish aes256 blowfishfactory aes256factory file_blowfish file_aes256 foreign cryptofactoryhelper
44++TESTS = key448 key256 aes256 blowfishfactory aes256factory file_aes256 cryptofactoryhelper
45+
46+ AM_CPPFLAGS = -I$(yapet_libs_srcdir)/consts \
47+ -I$(yapet_libs_srcdir)/exceptions \
48+--- a/tests/crypt/Makefile.in
49++++ b/tests/crypt/Makefile.in
50+@@ -87,15 +87,15 @@
51+ POST_UNINSTALL = :
52+ build_triplet = @build@
53+ host_triplet = @host@
54+-check_PROGRAMS = key448$(EXEEXT) key256$(EXEEXT) blowfish$(EXEEXT) \
55++check_PROGRAMS = key448$(EXEEXT) key256$(EXEEXT) \
56+ aes256$(EXEEXT) blowfishfactory$(EXEEXT) \
57+- aes256factory$(EXEEXT) file_blowfish$(EXEEXT) \
58+- file_aes256$(EXEEXT) foreign$(EXEEXT) \
59++ aes256factory$(EXEEXT) \
60++ file_aes256$(EXEEXT) \
61+ cryptofactoryhelper$(EXEEXT) passwordchange_exerciser$(EXEEXT)
62+-TESTS = key448$(EXEEXT) key256$(EXEEXT) blowfish$(EXEEXT) \
63++TESTS = key448$(EXEEXT) key256$(EXEEXT) \
64+ aes256$(EXEEXT) blowfishfactory$(EXEEXT) \
65+- aes256factory$(EXEEXT) file_blowfish$(EXEEXT) \
66+- file_aes256$(EXEEXT) foreign$(EXEEXT) \
67++ aes256factory$(EXEEXT) \
68++ file_aes256$(EXEEXT) \
69+ cryptofactoryhelper$(EXEEXT)
70+ subdir = tests/crypt
71+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
72diff --git a/debian/patches/series b/debian/patches/series
73index b407841..2cac1d4 100644
74--- a/debian/patches/series
75+++ b/debian/patches/series
76@@ -1,2 +1,4 @@
77 do-not-install-licenses-files.patch
78 avoid-remote-font.patch
79+use-std-fill.patch
80+disable-blowfish-tests.patch
81diff --git a/debian/patches/use-std-fill.patch b/debian/patches/use-std-fill.patch
82new file mode 100644
83index 0000000..d88dbed
84--- /dev/null
85+++ b/debian/patches/use-std-fill.patch
86@@ -0,0 +1,38 @@
87+From: Vladimir Petko <vladimir.petko@canonical.com>
88+Date: Thu, 21 Mar 2024 15:47:02 +1300
89+Bug: https://github.com/RafaelOstertag/yapet/issues/27
90+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/yapet/+bug/2058584
91+Description: use std::fill with volatile pointers to reset memory
92+ std::memset can be optimized away and can not be used to
93+ securely reset memory.
94+ Use std::fill with volatile pointers.
95+
96+---
97+ src/libs/utils/securearray.cc | 5 +++--
98+ 1 file changed, 3 insertions(+), 2 deletions(-)
99+
100+diff --git a/src/libs/utils/securearray.cc b/src/libs/utils/securearray.cc
101+index c517189..d69bfa3 100644
102+--- a/src/libs/utils/securearray.cc
103++++ b/src/libs/utils/securearray.cc
104+@@ -31,6 +31,7 @@
105+ #include <cstring>
106+ #include <limits>
107+ #include <stdexcept>
108++#include <algorithm>
109+
110+ #include "consts.h"
111+ #include "intl.h"
112+@@ -126,8 +127,8 @@ SecureArray& SecureArray::operator=(SecureArray&& other) {
113+
114+ inline void SecureArray::clearMemory() {
115+ if (_array == nullptr) return;
116+-
117+- std::memset(_array, 0, _size);
118++ std::fill(reinterpret_cast<volatile std::uint8_t*>(_array),
119++ reinterpret_cast<volatile std::uint8_t*>(_array + _size), 0);
120+ }
121+
122+ inline void SecureArray::freeMemory() {
123+--
124+2.40.1

Subscribers

People subscribed via source and target branches