diff options
Diffstat (limited to 'system/libsignal-protocol-c')
-rw-r--r-- | system/libsignal-protocol-c/README | 11 | ||||
-rw-r--r-- | system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch | 53 | ||||
-rw-r--r-- | system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild | 114 | ||||
-rw-r--r-- | system/libsignal-protocol-c/libsignal-protocol-c.info | 10 | ||||
-rw-r--r-- | system/libsignal-protocol-c/slack-desc | 19 |
5 files changed, 207 insertions, 0 deletions
diff --git a/system/libsignal-protocol-c/README b/system/libsignal-protocol-c/README new file mode 100644 index 0000000000..7923ac2069 --- /dev/null +++ b/system/libsignal-protocol-c/README @@ -0,0 +1,11 @@ +This is a ratcheting forward secrecy protocol that works +in synchronous and asynchronous messaging environments. +The code upstream has been marked as "archived" since February 2022. + +The default is to provide a shared library. However, one can build it +statically by passing STATIC=yes: + +# STATIC=yes sh libsignal-protocol-c.SlackBuild + +This way you can statically link it into your final program and +remove the library. diff --git a/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch b/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch new file mode 100644 index 0000000000..8b3706dd88 --- /dev/null +++ b/system/libsignal-protocol-c/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch @@ -0,0 +1,53 @@ +From 478dfe51552243b367cf2e9c5d047cbbd3c21635 Mon Sep 17 00:00:00 2001 +From: Randy Barlow <randy@electronsweatshop.com> +Date: Fri, 18 Mar 2022 12:42:57 -0400 +Subject: [PATCH] CVE-2022-48468: unsigned integer overflow + +This commit combines two upstream commits from protobuf-c[0][1]. +The first fixes an unsigned integer overflow, and the second fixes a +regression introduced by the first. I originally decided to amend the +commit message of the first to mention that it fixes a CVE, but then I +realized it would be better to bring the fix for the regression together +with it. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468 +https://bugzilla.redhat.com/show_bug.cgi?id=2186673 + +[0] +https://github.com/protobuf-c/protobuf-c/pull/513/commits/289f5c18b195aa43d46a619d1188709abbfa9c82 +[1] +https://github.com/protobuf-c/protobuf-c/pull/513/commits/0d1fd124a4e0a07b524989f6e64410ff648fba61 + +Co-authored-by: 10054172 <hui.zhang@thalesgroup.com> +Co-authored-by: "Todd C. Miller" <Todd.Miller@sudo.ws> +Signed-off-by: 10054172 <hui.zhang@thalesgroup.com> +Signed-off-by: Randy Barlow <randy@electronsweatshop.com> +--- + src/protobuf-c/protobuf-c.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/protobuf-c/protobuf-c.c b/src/protobuf-c/protobuf-c.c +index 4f2f5bc..6ae5287 100644 +--- a/src/protobuf-c/protobuf-c.c ++++ b/src/protobuf-c/protobuf-c.c +@@ -2456,10 +2456,13 @@ parse_required_member(ScannedMember *scanned_member, + return FALSE; + + def_mess = scanned_member->field->default_value; +- subm = protobuf_c_message_unpack(scanned_member->field->descriptor, +- allocator, +- len - pref_len, +- data + pref_len); ++ if (len >= pref_len) ++ subm = protobuf_c_message_unpack(scanned_member->field->descriptor, ++ allocator, ++ len - pref_len, ++ data + pref_len); ++ else ++ subm = NULL; + + if (maybe_clear && + *pmessage != NULL && +-- +2.39.2 + diff --git a/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild b/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild new file mode 100644 index 0000000000..742b7f532d --- /dev/null +++ b/system/libsignal-protocol-c/libsignal-protocol-c.SlackBuild @@ -0,0 +1,114 @@ +#!/bin/bash + +# Slackware build script for libsignal-protocol-c + +# Copyright 2019- CRTS +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +cd $(dirname $0) ; CWD=$(pwd) + +PRGNAM=libsignal-protocol-c +VERSION=${VERSION:-2.3.3} +BUILD=${BUILD:-2} +TAG=${TAG:-_SBo} +PKGTYPE=${PKGTYPE:-tgz} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" + exit 0 +fi + +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +[ "${STATIC:-no}" = "yes" ] && SHARED_LIBS_STATUS=OFF || SHARED_LIBS_STATUS=ON + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "aarch64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +# Patch for CVE-2022-48468 (obtained from the Gentoo package) +patch -p1 < $CWD/libsignal-protocol-c-2.3.3-CVE-2022-48468.patch + +mkdir -p build +cd build + cmake \ + -DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \ + -DCMAKE_CXX_FLAGS:STRING="$SLKCFLAGS" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLIB_SUFFIX=${LIBDIRSUFFIX} \ + -DBUILD_SHARED_LIBS=$SHARED_LIBS_STATUS \ + -DCMAKE_BUILD_TYPE=Release .. + make + make install/strip DESTDIR=$PKG +cd .. + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + ISSUE_TEMPLATE.md LICENSE README.md \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/system/libsignal-protocol-c/libsignal-protocol-c.info b/system/libsignal-protocol-c/libsignal-protocol-c.info new file mode 100644 index 0000000000..4ef8c569a2 --- /dev/null +++ b/system/libsignal-protocol-c/libsignal-protocol-c.info @@ -0,0 +1,10 @@ +PRGNAM="libsignal-protocol-c" +VERSION="2.3.3" +HOMEPAGE="https://signal.org" +DOWNLOAD="https://github.com/signalapp/libsignal-protocol-c/archive/v2.3.3/libsignal-protocol-c-2.3.3.tar.gz" +MD5SUM="68dae9b8da58f36dcbf9e10b0138d6f9" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="CRTS" +EMAIL="crts [at] gmx [dot] net" diff --git a/system/libsignal-protocol-c/slack-desc b/system/libsignal-protocol-c/slack-desc new file mode 100644 index 0000000000..0ba140fd2d --- /dev/null +++ b/system/libsignal-protocol-c/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +libsignal-protocol-c: libsignal-protocol-c (Forward Secrecy Protocol) +libsignal-protocol-c: +libsignal-protocol-c: This is a ratcheting forward secrecy protocol that works in +libsignal-protocol-c: synchronous and asynchronous messaging environments. +libsignal-protocol-c: +libsignal-protocol-c: +libsignal-protocol-c: +libsignal-protocol-c: +libsignal-protocol-c: +libsignal-protocol-c: +libsignal-protocol-c: |