[perl-Crypt-CipherSaber/f20] Fix parsing encrypted file
Petr Pisar
ppisar at fedoraproject.org
Wed Aug 27 14:31:50 UTC 2014
commit 5d13074c26ac545f3aa5f1f4d6b5a7d270de2c69
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Aug 27 15:53:55 2014 +0200
Fix parsing encrypted file
5C08E9C4.key | 29 -----
67C6FAA2.key | 60 ++++++++++
...Fix-reading-IV-with-new-lines-from-a-file.patch | 117 ++++++++++++++++++++
...-CipherSaber-1.00-Resign-the-distribution.patch | 66 +++++++++++
perl-Crypt-CipherSaber.spec | 9 ++-
5 files changed, 251 insertions(+), 30 deletions(-)
---
diff --git a/67C6FAA2.key b/67C6FAA2.key
new file mode 100644
index 0000000..6977532
--- /dev/null
+++ b/67C6FAA2.key
@@ -0,0 +1,60 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQMuBE2Dr8sRCACOwY182jHGQCVIw6N49HVpSKvswwNyZB05aLoz9fpSYf7Qrbrg
+RBKJgwYwQLoZ5eT/raZYWhEfeO8IQOV2TOLobtJoeKSCzIX0NiQCBzr9mkdb6/W7
+GDoZTPFMzZ9ECxr85srq6J5/QSfYjojCIUljOgFvgbwdFJL3+M3kmzRqS6mrU/Io
++1FNRIG2HS0OhKZwQiaP5ByYJAmymg/5/b6MbQ+xfrJ5KDcTiwHgPOG6ZBA9qMPS
+osjtFdZ2TBOVvMeu0wTHTNFaXno5cl7lR3ifUjr3wF4L5HFWMcNZ/r1Z8JL4UcIO
+zr2QfEsUczsnfV9QxsMPujOkBP3lAXvGD2CrAQCohutNr97q2xQO5hK9hFMCix53
+F6oEhd0BbXVutftrpwf+K/qwebwAuEdaCvsFWYLzW2X9/L5JRkjcCg6K+GPBuUxi
+DP6mwtkSu9dAomwThqJ4aMz1R15WOyc4fVGKjp4yjecVKP+wRT74JNIknqPVRCvS
+TU/VrU49EPNVP1ahqfpO81hzNZJfVls4KK4A84jYp5Z9NhJD0gpd1eNd/eVOazvZ
+u1FduLu54rFrMXfHxHCobg0WunxyCqNHLWvoip/QMERr+dk1NVYYTHGIuzMgMdX+
+lUimpVxMxGWrIE8oz4KdTLrhjRJCGL+56GSQxf0CU36i9MJq8V3Q/2p45lKlVEe4
+1nx0rt/vVnTaczoTpHtk6d7Mp2xwII8XBsdJtX4vWQf/fBtmxGhI7007FkMU4Gku
+jSmOEwErKO1633mTyTAaNpiQYIs8jVpn99srVKZoF4vxjNfRTEYTYF4c+xNsZzRk
+VnVz+Y008NRrGNaFym47SOfpKXQtBn9OhClCKB5oFUs0ZY+9JA8QrvL8pSLHAd1h
+wVMvZ8jWLeJ7bJPJSXIalRnPjSDgIjUma92zmnAU04+ln1ITAotchrwAQ8Z9AuQi
+ybZVkhxiYtUk24UEvQzgkWnfC2lLwkLh1tpwdXnEyuRvrGY/9oDi+ENSAW9RNz4e
+JQubRZ1zHiuPBD+6YDk/OmFByB1tpPQYgtXk3X3+IYz1bmfJcWOfv/v8q0k8GBDu
+dLQgUGV0ciBQaXNhciA8cGV0ci5waXNhckBhdGxhcy5jej6IgAQTEQgAKAUCTYOv
+ywIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEsnFx2fG+qKA
+uAEAgYvL25qe261doTM17Lem8GhEOoQ6SwrBcmI8TYIPE7IBAICQqQoMMcg1cPYq
+OO3YiBCv5rDjQw+J7Q5u8mMg1RgOiEYEEBECAAYFAk2Ds2gACgkQuR4f4nEwzHJv
+1QCgr89Gjuegt0NUmMeQF5e/8wqzkAQAoIZCvIrrN921v3X091gaOLhBPgF+iEYE
+EhECAAYFAlBjgkcACgkQ4J/vJdlkhKzPrQCeKILq7PnilsBDtXJ+6gxneEPR4nYA
+niG+aOjvXuLMuS8wstFWU/AufSwwtB5QZXRyIFBpc2FyIDxwcGlzYXJAcmVkaGF0
+LmNvbT6IgAQTEQgAKAUCTYOxfQIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQEsnFx2fG+qLfzwD8CCh6mJqkvZZcm287+0F6GI7v9Fvj8dbDzbgh
+IBs2uVsA/0IInDsRjuhfm5UdF6OpFRmtGGcrmA4U81E/7SxrlqCgiEYEEBECAAYF
+Ak2Ds14ACgkQuR4f4nEwzHLq9wCghRQ1H2BJl06qfWyQtbxK2RA1+jcAn2mGxDL/
+EOextp6kU/PtRQBV3TeGiEYEEhECAAYFAlBjgkcACgkQ4J/vJdlkhKzDzQCeNMtV
+ZGRasZttFSgH6ZeMn06tHFcAnAjC6ICk8tZa1BuEugpGeIVtY9yqiQIcBBABAgAG
+BQJQhTBfAAoJELy9dS57CHJBqrMQANvJq+go62SRTD+wgQw2ysZuU4rDCnSG7EWj
+djFeCstH74MEFh9RN73mAoefdAYtwbcDjXQb5JoHd6lKk20p088RMjNJqDnVz1yo
+rfIBY280de2iUFwvCeupYy08/KFCyJyXsSBNMXccTqpvHqO9s+rYMCoIBXKpxJzs
+zmr/nSgqPAHsExyTcNfn1BWh9g7ic/3+zrk/M5smZc2dCdYqHB+7RMAtcNTawuWd
+UHd1zRwSq4Fj2Xhf0TN3dEQBOXNoWS0GeiMolZytEHS/YXN09SeTQ4HG75Sdl4kS
+Y3b3FvvBoKhUuxC9/N+DB7cn2CwnxaE7NR918XEVuvy7GMUE++uW/SRi5SpFX9ZH
+uN5/8wgFIVtyOWOjvFyoR52dhSUfSSa3I+V/WclK8AM7dA0GoFDWZiMYpuK7tNG8
+6+SmXQzUX6h0H72tdFzmA6geUV6fLncKbp7iYnw3Npz94l9uJMWNNlfIhl4Icvz5
+4Xps0G+lXS8eounV1e9SGvsYGPoTYcKW4OExuhW7+ULfUYiQg1k8eYpsys5gKMmA
+1T27/5YNGioJGDTkNoYb5zEJI+ACKOpq6kqyhcAcxHMRNcl5eu8+tltMl9xKakIB
+0KtehXkEu+bsOmwxY72qWjWa5cbpTn6IwHv9OtJZb4TyNoQJD3tF3Yol8qhfkl9l
+ZwsNzP9+uQINBE2Dr8sQCACZoQuNfuraFQ9JRh7oakx7gRjh7TlYEhIkgosi1Bt5
+CDaHopHGi8Qg5XOlwfD7gkr8AXCIaTRdeBYAMeAsKctd99pHbNqNIgqV/QwccUFJ
++maaXAIX+2pklivC11HdWaAicERnSmugKCtt4GCnTUXjii6yNfl5NIAxLay0sYCU
+4FAKXUROLoLJBSVfcb0MbStgHYhJljbi8vMAYTy2pkfRD7ILRgp3y7i6Iz6jxMcD
+eiv+wubc3W32vYYNISJoQMmzJePGKwS1N3C+VSGqA5dXrt2nQDd/bSyvuojySeb9
+kKJEKJRS03SGN2HO0SGvfNy/3vssSL9xDZXYqr1oa5xDAAMFB/4+TVT2yHLRbvNO
+qlALP390S+8d9UoPs0/3t13QGIB/6ooD5MSzsurzRM4EDOCuQArHyGaRPGOuDn92
+KxlJiLxM0SCheW+uFkuNGJ6BifSVOtb51uj2w4AnsaeqlHHaXTAcJY/iZTKgBAF6
+43wCPw5WzJi5ExhT+G2ZGb4DKmQponOXpuPNI/aTwjvXa2ZMmPUnYmxnohryqB0e
+jmkFbBuyLM2V80xfhvqTP31Vvhs79f1dYMawrcnB12hcLNPgA4GTWgGsmKRoZICz
+5SjJJlvmsoH0tDc3MXbdZ9Lmv6J5kkXXeq6Y78XYTtQOH2xLbgf1yztaPW2MrCKr
+OjTYlBrziGcEGBEIAA8FAk2Dr8sCGwwFCQlmAYAACgkQEsnFx2fG+qKUVAD+NFZ0
+gWMyJET92tVNgpWhHd6L2QjPq9KBMtx8iuOnRrIA/RF8e0J971uJ/5PQYMB62/Ws
+g/yAQ9y/n3UQ416Tn5z9
+=jAGP
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/Crypt-CipherSaber-1.00-Fix-reading-IV-with-new-lines-from-a-file.patch b/Crypt-CipherSaber-1.00-Fix-reading-IV-with-new-lines-from-a-file.patch
new file mode 100644
index 0000000..7656ea9
--- /dev/null
+++ b/Crypt-CipherSaber-1.00-Fix-reading-IV-with-new-lines-from-a-file.patch
@@ -0,0 +1,117 @@
+From e72a35d3276239d98161f4818e764fc419635bc6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 27 Aug 2014 15:38:54 +0200
+Subject: [PATCH] Fix reading IV with new-lines from a file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Decrypting filehandle data by fh_crypt() could produce bad decrypted
+data if the initizalization vector read from the filehandle contained
+a new-line character. This caused random failures of 'autogenerating
+and autoreading IV should also round-trip' test in t/fh_encrypt.t.
+
+This patch fixes it by reading first 10 characters regardless of
+current line separator.
+
+CPAN RT #28370
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+---
+ lib/Crypt/CipherSaber.pm | 14 +++++++++-----
+ t/fh_encrypt.t | 40 +++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 48 insertions(+), 6 deletions(-)
+
+diff --git a/lib/Crypt/CipherSaber.pm b/lib/Crypt/CipherSaber.pm
+index 99f362b..2dd91f8 100644
+--- a/lib/Crypt/CipherSaber.pm
++++ b/lib/Crypt/CipherSaber.pm
+@@ -67,6 +67,15 @@ sub fh_crypt
+ $iv = $self->_gen_iv() if length($iv) == 1;
+ $self->_setup_key($iv);
+ print OUT $iv;
++ } else {
++ if ( 10 != $in->read($iv, 10) )
++ {
++ require Carp;
++ Carp::carp( 'Could not read IV from input filehandle' );
++ return;
++ }
++ ( $iv ) = unpack( "a10", $iv );
++ $self->_setup_key($iv);
+ }
+
+ my $state = $self->[1];
+@@ -75,11 +84,6 @@ sub fh_crypt
+
+ while (<$in>)
+ {
+- unless ($iv)
+- {
+- ( $iv, $_ ) = unpack( "a10a*", $_ );
+- $self->_setup_key($iv);
+- }
+ my $line;
+ ( $line, $state, @vars ) = _do_crypt( $state, $_, @vars );
+ print OUT $line;
+diff --git a/t/fh_encrypt.t b/t/fh_encrypt.t
+index 35a74fb..e595ff9 100644
+--- a/t/fh_encrypt.t
++++ b/t/fh_encrypt.t
+@@ -6,7 +6,7 @@ BEGIN
+ }
+
+ use strict;
+-use Test::More tests => 6;
++use Test::More tests => 7;
+ use_ok( 'Crypt::CipherSaber' );
+
+ # tests the fh_crypt() method
+@@ -114,6 +114,44 @@ while (<SOURCE>)
+
+ ok( ! $status, 'autogenerating and autoreading IV should also round-trip' );
+
++# IV retrieved from encrypted file can contain new-line characters. Check that
++# fh_encrypt can deal with it
++{
++ local $/ = "\012";
++
++ open( IN, 'smiles.png' ) or die "Cannot read smiles.png: $!";
++ open( OUT, '> smiles_2.cs1' ) or die "Cannot write to smiles_2.cs1: $!";
++ binmode( IN );
++ binmode( OUT );
++ $cs->fh_crypt( \*IN, \*OUT, $/ x 10 );
++ close IN;
++ close OUT;
++
++ open( IN, 'smiles_2.cs1' ) or die "Cannot read smiles_2.cs1: $!";
++ open( OUT, '> smiles_2.png' ) or die "Cannot write to smiles_2.png $!";
++ binmode( IN );
++ binmode( OUT );
++ $cs->fh_crypt( \*IN, \*OUT );
++ close IN;
++ close OUT;
++
++ open( SOURCE, 'smiles.png' ) or die "Cannot read smiles.png: $!";
++ open( DEST, 'smiles_2.png' ) or die "Cannot read smiles_2.png: $!";
++ binmode SOURCE;
++ binmode DEST;
++ $status = 0;
++ while (<SOURCE>)
++ {
++ unless ($_ eq <DEST>)
++ {
++ $status = 1;
++ last;
++ }
++ }
++ ok( ! $status, 'IV with new-lines in the encrypted file' );
++}
++
++
+ END
+ {
+ 1 while unlink qw( smiles_2.cs1 smiles_2.png outsmiles.cs1 outsmiles.png );
+--
+1.9.3
+
diff --git a/Crypt-CipherSaber-1.00-Resign-the-distribution.patch b/Crypt-CipherSaber-1.00-Resign-the-distribution.patch
new file mode 100644
index 0000000..d674380
--- /dev/null
+++ b/Crypt-CipherSaber-1.00-Resign-the-distribution.patch
@@ -0,0 +1,66 @@
+From 207dea8cf13880dc9b112652db9d0386ee21953e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 27 Aug 2014 15:56:12 +0200
+Subject: [PATCH] Resign the distribution
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+---
+ SIGNATURE | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/SIGNATURE b/SIGNATURE
+index 1a25cd4..8eaaebe 100644
+--- a/SIGNATURE
++++ b/SIGNATURE
+@@ -1,5 +1,5 @@
+ This file contains message digests of all files listed in MANIFEST,
+-signed via the Module::Signature module, version 0.44.
++signed via the Module::Signature module, version 0.73.
+
+ To verify the content in this distribution, first make sure you have
+ Module::Signature installed, then type:
+@@ -12,7 +12,7 @@ the distribution may already have been compromised, and you should
+ not run its Makefile.PL or Build.PL.
+
+ -----BEGIN PGP SIGNED MESSAGE-----
+-Hash: SHA1
++Hash: SHA256
+
+ SHA1 80bc94fb6bfcb7c680fb458b55e3b1301e19dc8d Build.PL
+ SHA1 8153f68a5a4725476b3e5b1460b1bf6d8c0e9b17 Changes
+@@ -20,7 +20,7 @@ SHA1 a21beaa3ee715f216db0dd42b2a3984f02896c91 MANIFEST
+ SHA1 c693376329238a7d4e66df3e5cadfbf8984271a5 META.yml
+ SHA1 89badd63f031ee283647f7a60ac24c2bdad4724f Makefile.PL
+ SHA1 01ab13d602962b3cece3ee21f4a94fa9f791089e README
+-SHA1 195b43a0cf4205d20c39ec9ae3ccf131337fc3dd lib/Crypt/CipherSaber.pm
++SHA1 9d90c8f3765a0867ae50b4da11d5917528684798 lib/Crypt/CipherSaber.pm
+ SHA1 f35a25f9883738be60f36b3ec2d0aeae9e2a9608 t/0-signature.t
+ SHA1 2a24fe5acc19ef82f476a2634856af8c4f02b479 t/CS2.t
+ SHA1 77a9031ccfd49486409f119daa5048c34542a29c t/base.t
+@@ -28,15 +28,15 @@ SHA1 2bd8b8faa4768bb323a3de9d9d333854b7240d18 t/bigfile.t
+ SHA1 c03dcb0143cb728fc51a5bade84fe0b60ed95fbe t/both_long.t
+ SHA1 3c9c40b67a46f4cbaf129468dbd55690d9d935cd t/create.t
+ SHA1 af740c6407da521170bf9ce67da5017d9952e41e t/encrypt.t
+-SHA1 526a6f5c3b05ece813b6f2bb7baf0c12966d5f08 t/fh_encrypt.t
++SHA1 12587526e1f3d62dcca29c658f81142124c5e904 t/fh_encrypt.t
+ SHA1 6da39b48ce64b584e4c3274bff96fc76ff484820 t/pod-coverage.t
+ SHA1 0190346d7072d458c8a10a45c19f86db641dcc48 t/pod.t
+ SHA1 6e204f97d2188ca6f1c8548fc615e9a797a6dcd5 t/smiles.cs1
+ SHA1 86ccaee51907f749d46bfba4ce5aa3ce9623ea7e t/smiles.png
+ -----BEGIN PGP SIGNATURE-----
+-Version: GnuPG v1.4.1 (GNU/Linux)
++Version: GnuPG v2
+
+-iD8DBQFC1HEbBd8Wn1wI6cQRAr/qAJ9GyiesUvi1bxn+uodxCHZBfnRTrQCdFNkI
+-4dIIEEIP4prHtDe/WPZRux4=
+-=swxm
++iF4EAREIAAYFAlP9404ACgkQEsnFx2fG+qIPjgEAkDyY517F4UkwzeMkkv6ZBtyR
++x3jng78uau0NkDqnH9kA+QGw05y/Kf/fjOtIJIIEezNPjo6NmFgBnp/pb3n3xUsf
++=kDef
+ -----END PGP SIGNATURE-----
+--
+1.9.3
+
diff --git a/perl-Crypt-CipherSaber.spec b/perl-Crypt-CipherSaber.spec
index 21c98ee..3996e1d 100644
--- a/perl-Crypt-CipherSaber.spec
+++ b/perl-Crypt-CipherSaber.spec
@@ -6,7 +6,11 @@ License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/Crypt-CipherSaber/
Source0: http://www.cpan.org/modules/by-module/Crypt/Crypt-CipherSaber-%{version}.tar.gz
-Source1: 5C08E9C4.key
+Source1: 67C6FAA2.key
+# Fix parsing encrypted file, bug #1104075, CPAN RT#28370
+Patch0: Crypt-CipherSaber-1.00-Fix-reading-IV-with-new-lines-from-a-file.patch
+# Resign the patched distribution, #1104075
+Patch1: Crypt-CipherSaber-1.00-Resign-the-distribution.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl(Module::Build)
@@ -25,6 +29,8 @@ relatively secure algorithm based on RC4.
%prep
%setup -q -n Crypt-CipherSaber-%{version}
+%patch0 -p1
+%patch1 -p1
%build
%{__perl} Build.PL installdirs=vendor
@@ -60,6 +66,7 @@ rm -rf $RPM_BUILD_ROOT
* Wed Aug 27 2014 Petr Pisar <ppisar at redhat.com> - 1.00-14
- Clean debuginfo generator temporary files that break manifest validation
- Import GPG key so we don't try to download it (bug #1109701)
+- Fix parsing encrypted file (bug #1104075)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.00-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list