diff --git a/ChangeLog b/ChangeLog index 469c352..ac14548 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2016-03-25 Brian Cox + * Bumping version to 2.4.3.0 + * Compilation fixes for gcc 4.7+ and LLVM/clang + (see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html ) + * Absorb fixes from FreeBSD ports patchset + (see http://svnweb.freebsd.org/ports/head/security/tripwire/ ) + * Fix handling of SHA hashes when not built to use OpenSSL implementation + * Update GNU config.guess & config.sub to current versions + * Compilation fixes for assorted platforms + (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable) + * Added script to bump buildys file timestaps, to fix + spurious aclocal/automake errors on a fresh clone/untar/etc. + 2011-11-21 Stephane Dudzinski * Bumping version to 2.4.2.2 diff --git a/MAINTAINERS b/MAINTAINERS index 9618a23..7c5b29c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1,6 +1,7 @@ Open Source Tripwire Maintainers: -tripwire@frlinux.net +bcox@tripwire.com +tripwire@frlinux.net (maintains the fork at github.com/frlinux/tripwire-open-source) Previous Maintainer: diff --git a/src/core/sha.cpp b/src/core/sha.cpp index 91c6b59..34b65c8 100644 --- a/src/core/sha.cpp +++ b/src/core/sha.cpp @@ -319,7 +319,7 @@ void shsFinal(SHS_INFO *shsInfo) shsTransform( shsInfo ); #ifndef WORDS_BIGENDIAN - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); + byteReverse( shsInfo->data, SHS_DIGESTSIZE ); #endif /* #ifndef WORDS_BIGENDIAN */ } diff --git a/src/cryptlib/integer.cpp b/src/cryptlib/integer.cpp index e7f4f15..1ba9b61 100644 --- a/src/cryptlib/integer.cpp +++ b/src/cryptlib/integer.cpp @@ -13,6 +13,8 @@ #include "algebra.cpp" #include "eprecomp.cpp" +#include + #define MAKE_DWORD(lowWord, highWord) ((dword(highWord)<> 8) & 0xff00 ) | ( (k[i] >> 24) & 0x00ff ); -# endif //WORDS_BIGENDIAN - } #endif } //////////////////////////////////////////////////////////////////////////////// // AsString -- Converts to Base64 representation and returns a TSTRING +#ifdef HAVE_OPENSSL_SHA_H TSTRING cSHASignature::AsString(void) const { - TSTRING ret; - char* ps_signature; - char buf[100]; - int length; - - ps_signature = btob64((uint8*)sha_digest, buf, SIG_UINT32_SIZE*sizeof(uint32)*8); - //converting to base64 representation. - length = strlen(ps_signature); - -#ifdef _UNICODE //making it TSTRING sensitive - ret.resize(length); - mbstowcs((TCHAR*) ret.data(), ps_signature, length); + TSTRING ret; + char* + char buf[100]; + int length; + + ps_signature = btob64((uint8*)sha_digest, buf, SIG_UINT32_SIZE*sizeof(uint32)*8); + //converting to base64 representation. + length = strlen(ps_signature); + +#ifdef _UNICODE //making it TSTRING sensitive + ret.resize(length); + mbstowcs((TCHAR*) ret.data(), ps_signature, length); #else - ret.append(ps_signature); + ret.append(ps_signature); #endif - return ret; + return ret; //return ret; } -TSTRING cSHASignature::AsStringHex() const +TSTRING cSHASignature::AsStringHex() const { - TSTRING ret; - - TCHAR stringBuffer[128]; - TCHAR sigStringOut[128]; - sigStringOut[0] = '\0'; - uint8 *dbuf = (uint8 *)sha_digest; + TSTRING ret; - for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i) - { - _stprintf(stringBuffer, _T("%02x"), dbuf[i]); - _tcscat(sigStringOut, stringBuffer); - } - ret.append(sigStringOut); - - return ret; + TCHAR stringBuffer[128]; + TCHAR sigStringOut[128]; + sigStringOut[0] = '\0'; + uint8 *dbuf = (uint8 *)sha_digest; + + for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i) + { + _stprintf(stringBuffer, _T("%02x"), dbuf[i]); + _tcscat(sigStringOut, stringBuffer); + } + ret.append(sigStringOut); + + return ret; } +#else // HAVE_OPENSSL_SHA_H + +TSTRING cSHASignature::AsString(void) const +{ + TSTRING ret; + char* ps_signature; + char buf[100]; + buf[99]=0; + + ps_signature = pltob64((uint32*)mSHAInfo.digest, buf, SIG_UINT32_SIZE); + //converting to base64 representation. + +#ifdef _UNICODE //making it TSTRING sensitive + int length = strlen(ps_signature); + ret.resize(length); + mbstowcs((TCHAR*) ret.data(), ps_signature, length); +#else + ret.append(ps_signature); +#endif + return ret; + //return ret; +} + +TSTRING cSHASignature::AsStringHex() const +{ + TSTRING ret; + + TCHAR stringBuffer[128]; + TCHAR sigStringOut[128]; + sigStringOut[0] = '\0'; + + for (int i=0; i < SIG_UINT32_SIZE; ++i) + { + _stprintf(stringBuffer, _T("%08x"), mSHAInfo.digest[i]); + _tcscat(sigStringOut, stringBuffer); + } + ret.append(sigStringOut); + + return ret; +} +#endif + /////////////////////////////////////////////////////////////////////////////// // Copy -- Copies a new sig value from a base pointer void cSHASignature::Copy(const iFCOProp* rhs) @@ -732,7 +763,7 @@ void cHAVALSignature::Init() haval_start( &mHavalState ); } -void cHAVALSignature::Update( const byte* pbData, int cbDataLen ) +void cHAVALSignature::Update( const byte* const pbData, int cbDataLen ) { haval_hash( &mHavalState, (uint8*)pbData, cbDataLen ); } @@ -760,6 +791,7 @@ TSTRING cHAVALSignature::AsString() const #else ret.append(buf); #endif + return ret; //return ret; //ret holds base64 representation of digest. diff --git a/src/fco/signature.h b/src/fco/signature.h index 8768c29..22343f5 100644 --- a/src/fco/signature.h +++ b/src/fco/signature.h @@ -98,7 +98,7 @@ public: // virtual void Init () = 0; // call before beginning hashing - virtual void Update( const byte* pbData, int cbDataLen ) = 0; + virtual void Update( const byte* const pbData, int cbDataLen ) = 0; // may be called multiple times -- best to call with blocks of size SUGGESTED_BLOCK_SIZE, // but can handle any size data. virtual void Finit () = 0; @@ -168,7 +168,7 @@ public: virtual ~cNullSignature(); virtual void Init (); - virtual void Update( const byte* pbData, int cbDataLen ); + virtual void Update( const byte* const pbData, int cbDataLen ); virtual void Finit (); virtual TSTRING AsString() const; virtual TSTRING AsStringHex() const; @@ -195,7 +195,7 @@ public: virtual ~cChecksumSignature(); virtual void Init (); - virtual void Update( const byte* pbData, int cbDataLen ); + virtual void Update( const byte* const pbData, int cbDataLen ); virtual void Finit (); virtual TSTRING AsString() const; virtual TSTRING AsStringHex() const; @@ -223,7 +223,7 @@ public: virtual ~cCRC32Signature(); virtual void Init (); - virtual void Update( const byte* pbData, int cbDataLen ); + virtual void Update( const byte* const pbData, int cbDataLen ); virtual void Finit (); virtual TSTRING AsString() const; @@ -252,7 +252,7 @@ public: virtual ~cMD5Signature(); virtual void Init (); - virtual void Update( const byte* pbData, int cbDataLen ); + virtual void Update( const byte* const pbData, int cbDataLen ); virtual void Finit (); virtual TSTRING AsString() const; virtual TSTRING AsStringHex() const; @@ -281,7 +281,7 @@ public: virtual ~cSHASignature(); virtual void Init (); - virtual void Update( const byte* pbData, int cbDataLen ); + virtual void Update( const byte* const pbData, int cbDataLen ); virtual void Finit (); virtual TSTRING AsString() const; virtual TSTRING AsStringHex() const; @@ -291,12 +291,17 @@ public: virtual void Write(iSerializer* pSerializer) const; protected: - enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 }; - - SHA_CTX mSHAInfo; - + virtual bool IsEqual(const iSignature& rhs) const; + +#ifdef HAVE_OPENSSL_SHA_H + enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 }; + SHA_CTX mSHAInfo; uint32 sha_digest[SHA_DIGEST_LENGTH/4]; +#else + enum { SIG_UINT32_SIZE = 5 }; + SHS_INFO mSHAInfo; +#endif }; /////////////////////////////////////////////////////////////////////////////// @@ -312,7 +317,7 @@ public: virtual ~cHAVALSignature(); virtual void Init (); - virtual void Update( const byte* pbData, int cbDataLen ); + virtual void Update( const byte* const pbData, int cbDataLen ); virtual void Finit (); virtual TSTRING AsString() const; virtual TSTRING AsStringHex() const; diff --git a/touchconfig.sh b/touchconfig.sh index 2a341bc..9e3fbb3 100755 --- a/touchconfig.sh +++ b/touchconfig.sh @@ -4,5 +4,5 @@ # and insists they need to be regenerated, though they really don't. # This script bumps the timestamps on the right files in the right order, # such that they don't all match, and make can proceed on its way. -touch configure.ac aclocal.m4 configure Makefile.am Makefile.in +touch configure.in acinclude.m4 aclocal.m4 configure Makefile.am Makefile.in diff --git a/tripwire.spec b/tripwire.spec index 5f26739..d50969a 100644 --- a/tripwire.spec +++ b/tripwire.spec @@ -8,7 +8,7 @@ Summary: IDS (Intrusion Detection System) License: GPL Group: Applications/System -Source0: http://download.sourceforge.net/tripwire/tripwire-%{version}-src.tar.bz2 +Source0: https://github.com/Tripwire/tripwire-open-source/archive/master.zip Source1: tripwire.cron.in Source3: tripwire.gif Source4: twcfg.txt.in @@ -144,6 +144,16 @@ post %changelog +2016-03-25 +* Fri Mar 25 2016 Brian Cox 2.4.3.0 +- Bumping version to 2.4.3.0 +- Compilation fixes for gcc 4.7+ and LLVM/clang (see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html ) +- Absorb fixes from FreeBSD ports patchset (see http://svnweb.freebsd.org/ports/head/security/tripwire/ ) +- Fix handling of SHA hashes when not using OpenSSL impl +- Update GNU config.guess & config.sub to current versions +- Compilation fixes for assorted platforms (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable) +- Added script to bump buildys file timestaps, to fix spurious aclocal/automake errors on a fresh clone/untar/etc. + * Mon Nov 21 2011 Stephane Dudzinski 2.4.2.2 - Updated spec file - Updated version revision in reports and all