Package: yapet
Followup-For: Bug #1064724
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Control: tags -1 patch
Dear Maintainer,
The package fails to build due to the recent changes in openssl.
I have disabled the affected tests, but probably the issue should be fixed
upstream.
When investigating test failure I've also noticed that the tests fail on armhf
due to the usage of std::memset that was optimized away. I have replaced the
call with std::fill()
In Ubuntu, the attached patch was applied to achieve the following:
* d/p/use-std-fill.patch: use std::fill to reset memory instead of
std::memset. This fixes armhf test failure (LP: 2058584).
* d/p/disable-blowfish-tests.patch: disable failing blowfish tests.
See Debian bug 1064724.
Thanks for considering the patch.
-- System Information:
Debian Release: trixie/sid
APT prefers mantic-updates
APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500,
'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.5.0-25-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru yapet-2.6/debian/patches/disable-blowfish-tests.patch
yapet-2.6/debian/patches/disable-blowfish-tests.patch
--- yapet-2.6/debian/patches/disable-blowfish-tests.patch 1970-01-01
12:00:00.000000000 +1200
+++ yapet-2.6/debian/patches/disable-blowfish-tests.patch 2024-03-21
15:56:18.000000000 +1300
@@ -0,0 +1,48 @@
+Description: disable blowfish tests
+ Blowfish tests fail with openssl 3.1.5-1. Disable failing tests.
+ The failure may be related to the fix for
+ https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363.
+Author: Vladimir Petko <vladimir.pe...@canonical.com>
+Bug: https://github.com/RafaelOstertag/yapet/issues/26
+Bug-Debian: https://bugs.debian.org/1064724
+Last-Update: 2024-03-21
+
+--- a/tests/crypt/Makefile.am
++++ b/tests/crypt/Makefile.am
+@@ -47,10 +47,10 @@
+ $(cpy_verbose)cp $< $(builddir)/$@
+ $(chmod_verbose)chmod u=rw $(builddir)/$@
+
+-check_PROGRAMS = key448 key256 blowfish aes256 blowfishfactory aes256factory
file_blowfish file_aes256 foreign cryptofactoryhelper
++check_PROGRAMS = key448 key256 aes256 blowfishfactory aes256factory
file_aes256 cryptofactoryhelper
+ check_PROGRAMS += passwordchange_exerciser
+
+-TESTS = key448 key256 blowfish aes256 blowfishfactory aes256factory
file_blowfish file_aes256 foreign cryptofactoryhelper
++TESTS = key448 key256 aes256 blowfishfactory aes256factory file_aes256
cryptofactoryhelper
+
+ AM_CPPFLAGS = -I$(yapet_libs_srcdir)/consts \
+ -I$(yapet_libs_srcdir)/exceptions \
+--- a/tests/crypt/Makefile.in
++++ b/tests/crypt/Makefile.in
+@@ -87,15 +87,15 @@
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+-check_PROGRAMS = key448$(EXEEXT) key256$(EXEEXT) blowfish$(EXEEXT) \
++check_PROGRAMS = key448$(EXEEXT) key256$(EXEEXT) \
+ aes256$(EXEEXT) blowfishfactory$(EXEEXT) \
+- aes256factory$(EXEEXT) file_blowfish$(EXEEXT) \
+- file_aes256$(EXEEXT) foreign$(EXEEXT) \
++ aes256factory$(EXEEXT) \
++ file_aes256$(EXEEXT) \
+ cryptofactoryhelper$(EXEEXT) passwordchange_exerciser$(EXEEXT)
+-TESTS = key448$(EXEEXT) key256$(EXEEXT) blowfish$(EXEEXT) \
++TESTS = key448$(EXEEXT) key256$(EXEEXT) \
+ aes256$(EXEEXT) blowfishfactory$(EXEEXT) \
+- aes256factory$(EXEEXT) file_blowfish$(EXEEXT) \
+- file_aes256$(EXEEXT) foreign$(EXEEXT) \
++ aes256factory$(EXEEXT) \
++ file_aes256$(EXEEXT) \
+ cryptofactoryhelper$(EXEEXT)
+ subdir = tests/crypt
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
diff -Nru yapet-2.6/debian/patches/series yapet-2.6/debian/patches/series
--- yapet-2.6/debian/patches/series 2024-03-05 15:19:25.000000000 +1300
+++ yapet-2.6/debian/patches/series 2024-03-21 15:56:18.000000000 +1300
@@ -1,2 +1,4 @@
do-not-install-licenses-files.patch
avoid-remote-font.patch
+use-std-fill.patch
+disable-blowfish-tests.patch
diff -Nru yapet-2.6/debian/patches/use-std-fill.patch
yapet-2.6/debian/patches/use-std-fill.patch
--- yapet-2.6/debian/patches/use-std-fill.patch 1970-01-01 12:00:00.000000000
+1200
+++ yapet-2.6/debian/patches/use-std-fill.patch 2024-03-21 15:56:18.000000000
+1300
@@ -0,0 +1,38 @@
+From: Vladimir Petko <vladimir.pe...@canonical.com>
+Date: Thu, 21 Mar 2024 15:47:02 +1300
+Bug: https://github.com/RafaelOstertag/yapet/issues/27
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/yapet/+bug/2058584
+Description: use std::fill with volatile pointers to reset memory
+ std::memset can be optimized away and can not be used to
+ securely reset memory.
+ Use std::fill with volatile pointers.
+
+---
+ src/libs/utils/securearray.cc | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/libs/utils/securearray.cc b/src/libs/utils/securearray.cc
+index c517189..d69bfa3 100644
+--- a/src/libs/utils/securearray.cc
++++ b/src/libs/utils/securearray.cc
+@@ -31,6 +31,7 @@
+ #include <cstring>
+ #include <limits>
+ #include <stdexcept>
++#include <algorithm>
+
+ #include "consts.h"
+ #include "intl.h"
+@@ -126,8 +127,8 @@ SecureArray& SecureArray::operator=(SecureArray&& other) {
+
+ inline void SecureArray::clearMemory() {
+ if (_array == nullptr) return;
+-
+- std::memset(_array, 0, _size);
++ std::fill(reinterpret_cast<volatile std::uint8_t*>(_array),
++ reinterpret_cast<volatile std::uint8_t*>(_array + _size), 0);
+ }
+
+ inline void SecureArray::freeMemory() {
+--
+2.40.1
