Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libcryptopp for openSUSE:Factory
checked in at 2023-12-22 22:41:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcryptopp (Old)
and /work/SRC/openSUSE:Factory/.libcryptopp.new.28375 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcryptopp"
Fri Dec 22 22:41:35 2023 rev:39 rq:1134568 version:8.9.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/libcryptopp/libcryptopp.changes 2023-07-18
21:55:04.470611711 +0200
+++ /work/SRC/openSUSE:Factory/.libcryptopp.new.28375/libcryptopp.changes
2023-12-22 22:41:49.277073566 +0100
@@ -1,0 +2,40 @@
+Thu Dec 21 13:48:35 UTC 2023 - pgaj...@suse.com
+
+- version update to 8.9.0
+ * Crypto++ 8.9 was released on October 1, 2023. The 8.9 release
+ was a minor, unplanned release. There were no CVEs and one
+ memory error.
+
+ * The 8.9 release was driven by the fix for `ProcessData`, and
+ the failures when `inString==outString`. Also see GH #1231,
+ Rabbit Produces null Keystream When inString == outString.
+
+ * Release notes
+ * ===========
+
+ * minor release, recompile of programs required
+ * expanded community input and support
+ * 88 unique contributors as of this release
+ * add additional tests to datatest.cpp
+ * fix SIMON128 Asan finding on POWER8
+ * fix AES/CFB and AES/CTR modes self test failures when using
+ Cryptogams AES on ARMv7
+ * fix ARIA/CTR mode self test failures when inString==outString
+ * fix HIGHT/CTR mode self test failures when
+ inString==outString
+ * fix Rabbit/CTR mode self test failures when
+ inString==outString
+ * fix HC128/CTR and HC256/CTR mode self test failures when
+ inString==outString
+ * fix Prime Table and dangling reference to a temporary
+ * fix Singleton::Ref() when using C++11 memory fences
+ * remove unneeded call to Crop() in Randomize()
+- modified patches
+ % libcryptopp-shared.patch (refreshed)
+- modified sources
+ % baselibs.conf
+- added patches
+ fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
+ + libcryptopp-CVE-2023-50980.patch
+
+-------------------------------------------------------------------
Old:
----
CRYPTOPP_8_8_0.tar.gz
New:
----
CRYPTOPP_8_9_0.tar.gz
libcryptopp-CVE-2023-50980.patch
BETA DEBUG BEGIN:
New: fix CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
+ libcryptopp-CVE-2023-50980.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcryptopp.spec ++++++
--- /var/tmp/diff_new_pack.xKNaXC/_old 2023-12-22 22:41:50.185106852 +0100
+++ /var/tmp/diff_new_pack.xKNaXC/_new 2023-12-22 22:41:50.185106852 +0100
@@ -17,7 +17,7 @@
%define major 8
-%define minor 8
+%define minor 9
%define patch 0
%define pkg_version %{major}%{minor}%patch
# There is no upstream interface version information.
@@ -36,6 +36,8 @@
Source2: baselibs.conf
# PATCH-FEATURE-OPENSUSE libcryptopp-shared.patch -- improve shared library
creation
Patch1: libcryptopp-shared.patch
+# CVE-2023-50980 [bsc#1218219], DoS via malformed DER public key file
+Patch2: libcryptopp-CVE-2023-50980.patch
BuildRequires: dos2unix
BuildRequires: gcc-c++
BuildRequires: pkgconfig
@@ -68,8 +70,7 @@
curve crypto. This package is used for crypto++ development.
%prep
-%setup -q -n "cryptopp-CRYPTOPP_%{major}_%{minor}_%patch"
-%autopatch -p1
+%autosetup -p1 -n "cryptopp-CRYPTOPP_%{major}_%{minor}_%patch"
%build
%ifarch %{arm} i586
++++++ CRYPTOPP_8_8_0.tar.gz -> CRYPTOPP_8_9_0.tar.gz ++++++
/work/SRC/openSUSE:Factory/libcryptopp/CRYPTOPP_8_8_0.tar.gz
/work/SRC/openSUSE:Factory/.libcryptopp.new.28375/CRYPTOPP_8_9_0.tar.gz differ:
char 13, line 1
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.xKNaXC/_old 2023-12-22 22:41:50.257109491 +0100
+++ /var/tmp/diff_new_pack.xKNaXC/_new 2023-12-22 22:41:50.261109637 +0100
@@ -1,2 +1,2 @@
-libcryptopp8_8_0
+libcryptopp8_9_0
++++++ libcryptopp-CVE-2023-50980.patch ++++++
diff --git a/gf2n.cpp b/gf2n.cpp
index 452e6982..8993baae 100644
--- a/gf2n.cpp
+++ b/gf2n.cpp
@@ -135,6 +135,9 @@ PolynomialMod2 PolynomialMod2::Monomial(size_t i)
PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
{
+ CRYPTOPP_ASSERT(t0 > t1);
+ CRYPTOPP_ASSERT(t1 > t2);
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
@@ -144,6 +147,11 @@ PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t
t1, size_t t2)
PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2,
size_t t3, size_t t4)
{
+ CRYPTOPP_ASSERT(t0 > t1);
+ CRYPTOPP_ASSERT(t1 > t2);
+ CRYPTOPP_ASSERT(t2 > t3);
+ CRYPTOPP_ASSERT(t3 > t4);
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
diff --git a/gf2n.h b/gf2n.h
index 4aef31ee..38e2a910 100644
--- a/gf2n.h
+++ b/gf2n.h
@@ -69,9 +69,11 @@ public:
static PolynomialMod2 CRYPTOPP_API Monomial(size_t i);
/// \brief Provides x^t0 + x^t1 + x^t2
/// \return x^t0 + x^t1 + x^t2
+ /// \pre The coefficients should be provided in descending
order. That is, <pre>t0 > t1 > t2<pre>.
static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t
t1, size_t t2);
/// \brief Provides x^t0 + x^t1 + x^t2 + x^t3 + x^t4
/// \return x^t0 + x^t1 + x^t2 + x^t3 + x^t4
+ /// \pre The coefficients should be provided in descending
order. That is, <pre>t0 > t1 > t2 > t3 > t4<pre>.
static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0,
size_t t1, size_t t2, size_t t3, size_t t4);
/// \brief Provides x^(n-1) + ... + x + 1
/// \return x^(n-1) + ... + x + 1
diff --git a/gf2n.cpp b/gf2n.cpp
index 8993baae..87d9961b 100644
--- a/gf2n.cpp
+++ b/gf2n.cpp
@@ -135,9 +135,14 @@ PolynomialMod2 PolynomialMod2::Monomial(size_t i)
PolynomialMod2 PolynomialMod2::Trinomial(size_t t0, size_t t1, size_t t2)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(t0 > t1);
CRYPTOPP_ASSERT(t1 > t2);
+ // The test is odd because of ECIES<EC2N>. The basis is t0, but the
other coefficients are not in descending order.
+ if (t1 > t0 || t2 > t0)
+ throw InvalidArgument("PolynomialMod2: coefficients must be in
descending order");
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
@@ -147,11 +152,16 @@ PolynomialMod2 PolynomialMod2::Trinomial(size_t t0,
size_t t1, size_t t2)
PolynomialMod2 PolynomialMod2::Pentanomial(size_t t0, size_t t1, size_t t2,
size_t t3, size_t t4)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(t0 > t1);
CRYPTOPP_ASSERT(t1 > t2);
CRYPTOPP_ASSERT(t2 > t3);
CRYPTOPP_ASSERT(t3 > t4);
+ // The test is odd because of ECIES<EC2N>. The basis is t0, but the
other coefficients are not in descending order.
+ if (t1 > t0 || t2 > t0 || t3 > t0 || t4 > t0)
+ throw InvalidArgument("PolynomialMod2: coefficients must be in
descending order");
+
PolynomialMod2 r((word)0, t0+1);
r.SetBit(t0);
r.SetBit(t1);
@@ -663,7 +673,12 @@ GF2NT::GF2NT(unsigned int c0, unsigned int c1, unsigned
int c2)
, t0(c0), t1(c1)
, result((word)0, m)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(c0 > c1 && c1 > c2 && c2==0);
+
+ // The test is odd because of ECIES<EC2N>. The basis is c0, but the
other coefficients are not in descending order.
+ if (c1 > c0 || c2 > c0)
+ throw InvalidArgument("GF2NT: coefficients must be in
descending order");
}
const GF2NT::Element& GF2NT::MultiplicativeInverse(const Element &a) const
@@ -972,7 +987,12 @@ GF2NP * BERDecodeGF2NP(BufferedTransformation &bt)
GF2NT233::GF2NT233(unsigned int c0, unsigned int c1, unsigned int c2)
: GF2NT(c0, c1, c2)
{
+ // Asserts and checks due to Bing Shi
CRYPTOPP_ASSERT(c0 > c1 && c1 > c2 && c2==0);
+
+ // The test is odd because of ECIES<EC2N>. The basis is c0, but the
other coefficients are not in descending order.
+ if (c1 > c0 || c2 > c0)
+ throw InvalidArgument("GF2NT: coefficients must be in
descending order");
}
const GF2NT::Element& GF2NT233::Multiply(const Element &a, const Element &b)
const
++++++ libcryptopp-shared.patch ++++++
--- /var/tmp/diff_new_pack.xKNaXC/_old 2023-12-22 22:41:50.289110664 +0100
+++ /var/tmp/diff_new_pack.xKNaXC/_new 2023-12-22 22:41:50.293110810 +0100
@@ -1,8 +1,8 @@
-Index: b/GNUmakefile
+Index: cryptopp-CRYPTOPP_8_9_0/GNUmakefile
===================================================================
---- a/GNUmakefile
-+++ b/GNUmakefile
-@@ -173,7 +173,7 @@ else
+--- cryptopp-CRYPTOPP_8_9_0.orig/GNUmakefile
++++ cryptopp-CRYPTOPP_8_9_0/GNUmakefile
+@@ -198,7 +198,7 @@ else
PC_PREFIX = $(PREFIX)
endif
ifeq ($(LIBDIR),)
@@ -11,7 +11,7 @@
PC_LIBDIR = $${prefix}/lib
else
PC_LIBDIR = $(LIBDIR)
-@@ -1128,7 +1128,7 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR)
+@@ -1151,7 +1151,7 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR)
ifneq ($(IS_LINUX)$(IS_HURD),00)
# Linux uses full version suffix for shared library
SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)
