diff options
| author |   CRTS <crts [at] gmx [dot] net> | 2024-02-26 07:59:12 +0700 |
|---|---|---|
| committer |   Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2024-02-28 12:22:40 +0700 |
| commit | 1694337de79e237201d89acee86366764e38b1cd (patch) | |
| tree | 0ea4415c8355a4d2eb98f7f64be2c52b25166ca1 /system/libsignal-protocol-c | |
| parent | 58bbe3951a15acc69680c57e77a60f81427e98ea (diff) | |
| download | slackbuilds-1694337de79e237201d89acee86366764e38b1cd.tar.gz slackbuilds-1694337de79e237201d89acee86366764e38b1cd.tar.xz | |
system/libsignal-protocol-c: Update script.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/libsignal-protocol-c')
3 files changed, 73 insertions, 6 deletions
diff --git a/system/libsignal-protocol-c/README b/system/libsignal-protocol-c/README index d80dcb6efe..7923ac2069 100644 --- a/system/libsignal-protocol-c/README +++ b/system/libsignal-protocol-c/README @@ -1,2 +1,11 @@ This is a ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments. +The code upstream has been marked as "archived" since February 2022. + +The default is to provide a shared library. However, one can build it +statically by passing STATIC=yes: + +# STATIC=yes sh libsignal-protocol-c.SlackBuild + +This way you can statically link it into your final program and +remove the library. diff --git a/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch b/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch new file mode 100644 index 0000000000..8b3706dd88 --- /dev/null +++ b/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch @@ -0,0 +1,53 @@ +From 478dfe51552243b367cf2e9c5d047cbbd3c21635 Mon Sep 17 00:00:00 2001 +From: Randy Barlow <randy@electronsweatshop.com> +Date: Fri, 18 Mar 2022 12:42:57 -0400 +Subject: [PATCH] CVE-2022-48468: unsigned integer overflow + +This commit combines two upstream commits from protobuf-c[0][1]. +The first fixes an unsigned integer overflow, and the second fixes a +regression introduced by the first. I originally decided to amend the +commit message of the first to mention that it fixes a CVE, but then I +realized it would be better to bring the fix for the regression together +with it. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468 +https://bugzilla.redhat.com/show_bug.cgi?id=2186673 + +[0] +https://github.com/protobuf-c/protobuf-c/pull/513/commits/289f5c18b195aa43d46a619d1188709abbfa9c82 +[1] +https://github.com/protobuf-c/protobuf-c/pull/513/commits/0d1fd124a4e0a07b524989f6e64410ff648fba61 + +Co-authored-by: 10054172 <hui.zhang@thalesgroup.com> +Co-authored-by: "Todd C. Miller" <Todd.Miller@sudo.ws> +Signed-off-by: 10054172 <hui.zhang@thalesgroup.com> +Signed-off-by: Randy Barlow <randy@electronsweatshop.com> +--- + src/protobuf-c/protobuf-c.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/protobuf-c/protobuf-c.c b/src/protobuf-c/protobuf-c.c +index 4f2f5bc..6ae5287 100644 +--- a/src/protobuf-c/protobuf-c.c ++++ b/src/protobuf-c/protobuf-c.c +@@ -2456,10 +2456,13 @@ parse_required_member(ScannedMember *scanned_member, + return FALSE; + + def_mess = scanned_member->field->default_value; +- subm = protobuf_c_message_unpack(scanned_member->field->descriptor, +- allocator, +- len - pref_len, +- data + pref_len); ++ if (len >= pref_len) ++ subm = protobuf_c_message_unpack(scanned_member->field->descriptor, ++ allocator, ++ len - pref_len, ++ data + pref_len); ++ else ++ subm = NULL; + + if (maybe_clear && + *pmessage != NULL && +-- +2.39.2 + diff --git a/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild b/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild index 53167e23dc..742b7f532d 100644 --- a/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild +++ b/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=libsignal-protocol-c VERSION=${VERSION:-2.3.3} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} @@ -51,6 +51,8 @@ TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} +[ "${STATIC:-no}" = "yes" ] && SHARED_LIBS_STATUS=OFF || SHARED_LIBS_STATUS=ON + if [ "$ARCH" = "i586" ]; then SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" @@ -60,6 +62,9 @@ elif [ "$ARCH" = "i686" ]; then elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" LIBDIRSUFFIX="64" +elif [ "$ARCH" = "aarch64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" @@ -80,6 +85,9 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; +# Patch for CVE-2022-48468 (obtained from the Gentoo package) +patch -p1 < $CWD/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch + mkdir -p build cd build cmake \ @@ -87,15 +95,12 @@ cd build -DCMAKE_CXX_FLAGS:STRING="$SLKCFLAGS" \ -DCMAKE_INSTALL_PREFIX=/usr \ -DLIB_SUFFIX=${LIBDIRSUFFIX} \ - -DMAN_INSTALL_DIR=/usr/man \ + -DBUILD_SHARED_LIBS=$SHARED_LIBS_STATUS \ -DCMAKE_BUILD_TYPE=Release .. make - make install DESTDIR=$PKG + make install/strip DESTDIR=$PKG cd .. -find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a \ ISSUE_TEMPLATE.md LICENSE README.md \ |