Fix non-OpenSSL SHA brokenness; fix OpenSolaris/OpenIndiana build issue; tweak filelist in touchconfig script; update ChangeLog, RPM spec, & MAINTAINERS

2016-03-26 01:08:03 -07:00 · 2016-03-26 01:08:03 -07:00 · 184bfe63eb
parent 82fbd232c8
commit 184bfe63eb
8 changed files with 130 additions and 67 deletions
--- a/13
+++ b/13
@ -1,3 +1,16 @@
 2016-03-25 Brian Cox <bcox@tripwire.com>
 	* Bumping version to 2.4.3.0
 	* Compilation fixes for gcc 4.7+ and LLVM/clang 
 	(see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html )
 	* Absorb fixes from FreeBSD ports patchset
 	(see http://svnweb.freebsd.org/ports/head/security/tripwire/ )
 	* Fix handling of SHA hashes when not built to use OpenSSL implementation
 	* Update GNU config.guess & config.sub to current versions
 	* Compilation fixes for assorted platforms
 	(Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable)  
 	* Added script to bump buildys file timestaps, to fix 
 	spurious aclocal/automake errors on a fresh clone/untar/etc.
 2011-11-21 Stephane Dudzinski <tripwire@frlinux.net>
 	* Bumping version to 2.4.2.2
--- a/3
+++ b/3
@ -1,6 +1,7 @@
 Open Source Tripwire Maintainers:
-tripwire@frlinux.net
+bcox@tripwire.com
 tripwire@frlinux.net (maintains the fork at github.com/frlinux/tripwire-open-source)
 Previous Maintainer:
--- a/src/core/sha.cpp
+++ b/src/core/sha.cpp
@ -319,7 +319,7 @@ void shsFinal(SHS_INFO *shsInfo)
    shsTransform( shsInfo );
 #ifndef WORDS_BIGENDIAN 
-    byteReverse( shsInfo->data, SHS_BLOCKSIZE );
+    byteReverse( shsInfo->data, SHS_DIGESTSIZE );
 #endif /* #ifndef WORDS_BIGENDIAN */
    }
--- a/src/cryptlib/integer.cpp
+++ b/src/cryptlib/integer.cpp
@ -13,6 +13,8 @@
 #include "algebra.cpp"
 #include "eprecomp.cpp"
 #include <string.h>
 #define MAKE_DWORD(lowWord, highWord) ((dword(highWord)<<WORD_BITS) | (lowWord))
 union dword_union
--- a/src/fco/signature.cpp
+++ b/src/fco/signature.cpp
@ -169,7 +169,7 @@ char* btob64(const register byte* pcbitvec, register char* pcout, int numbits)
    }
    *pcout = '\0';
-
+    
    return (char *) pcorig;
 }
@ -216,7 +216,7 @@ void cNullSignature::Init()
 {
 }
-void cNullSignature::Update( const byte* pbData, int cbDataLen )
+void cNullSignature::Update( const byte* const pbData, int cbDataLen )
 {
 }
@ -292,8 +292,9 @@ void cChecksumSignature::Init()
 {
 }
-void cChecksumSignature::Update( const byte* pbData, int cbDataLen )
+void cChecksumSignature::Update( const byte* const pbDataC, int cbDataLen )
 {
    byte* pbData = (byte*)pbDataC;
    for( int i = 0; i < cbDataLen; i++, pbData++ )
        mChecksum += *pbData;
 }
@ -382,7 +383,7 @@ void cCRC32Signature::Init()
    crcInit( mCRCInfo );
 }
-void cCRC32Signature::Update( const byte* pbData, int cbDataLen )
+void cCRC32Signature::Update( const byte* const pbData, int cbDataLen )
 {
    ASSERT( sizeof( byte ) == sizeof( uint8 ) );
    crcUpdate( mCRCInfo, (uint8*)pbData, cbDataLen );
@ -481,7 +482,7 @@ void cMD5Signature::Init()
 #endif
 }
-void cMD5Signature::Update( const byte* pbData, int cbDataLen )
+void cMD5Signature::Update( const byte* const pbData, int cbDataLen )
 {
 #ifdef HAVE_OPENSSL_MD5_H
    MD5_Update( &mMD5Info, (uint8*)pbData, cbDataLen );
@ -519,6 +520,7 @@ TSTRING cMD5Signature::AsString() const
 #else
 	ret.append(buf);
 #endif
 	return ret;
    //return ret;
 		//ret holds base64 representation of digest.
@ -583,7 +585,9 @@ IMPLEMENT_TYPEDSERIALIZABLE(cSHASignature,  _T("cSHASignature"), 0, 1)
 cSHASignature::cSHASignature()
 {
    memset( &mSHAInfo, 0, sizeof( mSHAInfo ) );
 #ifdef HAVE_OPENSSL_SHA_H
    memset( sha_digest, 0, SHA_DIGEST_LENGTH );
 #endif
 }
 cSHASignature::~cSHASignature()
@ -598,7 +602,7 @@ void cSHASignature::Init()
 #endif
 }
-void cSHASignature::Update( const byte* pbData, int cbDataLen )
+void cSHASignature::Update( const byte* const pbData, int cbDataLen )
 {    
    ASSERT( sizeof( byte ) == sizeof( uint8 ) );
 #ifdef HAVE_OPENSSL_SHA_H
@ -614,67 +618,94 @@ void cSHASignature::Finit()
    SHA1_Final( (unsigned char *)sha_digest, &mSHAInfo );
 #else
    shsFinal( &mSHAInfo );
    bcopy(&mSHAInfo.digest, sha_digest, SHA_DIGEST_LENGTH);
    {
 	/* sha_digest is a byte array, so can't be in
 	 * host order.
 	 */
    int i;
    uint32 *j = (uint32 *)sha_digest;
    uint32 *k = (uint32 *)&mSHAInfo.digest;
    for(int i=0; i<SIG_UINT32_SIZE; i++)
 # ifdef WORDS_BIGENDIAN
 	j[i] = k[i];
 # else
 	j[i] = (  (k[i] & 0x00ff) << 24 ) | ( (k[i] & 0xff00) << 8)| 
 		( (k[i] >> 8) & 0xff00  ) | ( (k[i] >> 24) & 0x00ff );
 # endif //WORDS_BIGENDIAN
    }
 #endif
 }
 ////////////////////////////////////////////////////////////////////////////////
 // AsString -- Converts to Base64 representation and returns a TSTRING
 #ifdef HAVE_OPENSSL_SHA_H
 TSTRING cSHASignature::AsString(void) const
 {
-	TSTRING ret;
+    TSTRING ret;
-	char* ps_signature;
+    char*
-	char buf[100];
+    char buf[100];
-	int length;
+    int length;
-
+    
-	ps_signature = btob64((uint8*)sha_digest, buf, SIG_UINT32_SIZE*sizeof(uint32)*8);
+    ps_signature = btob64((uint8*)sha_digest, buf, SIG_UINT32_SIZE*sizeof(uint32)*8);
-		//converting to base64 representation.
+    //converting to base64 representation.
-	length = strlen(ps_signature);
+    length = strlen(ps_signature);
-
+    
-#ifdef _UNICODE		//making it TSTRING sensitive
+#ifdef _UNICODE                //making it TSTRING sensitive
-	ret.resize(length);
+    ret.resize(length);
-	mbstowcs((TCHAR*) ret.data(), ps_signature, length);
+    mbstowcs((TCHAR*) ret.data(), ps_signature, length);
 #else
-	ret.append(ps_signature);
+    ret.append(ps_signature);
 #endif
-	return ret;
+    return ret;
    //return ret;
 }
-TSTRING cSHASignature::AsStringHex() const 
+TSTRING cSHASignature::AsStringHex() const
 {
-	TSTRING ret;
+    TSTRING ret;
 	TCHAR stringBuffer[128];
 	TCHAR sigStringOut[128];
 	sigStringOut[0] = '\0';
 	uint8		*dbuf = (uint8 *)sha_digest;
-	for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i)
+    TCHAR stringBuffer[128];
-	{
+    TCHAR sigStringOut[128];
-		_stprintf(stringBuffer, _T("%02x"), dbuf[i]);
+    sigStringOut[0] = '\0';
-		_tcscat(sigStringOut, stringBuffer);
+    uint8           *dbuf = (uint8 *)sha_digest;
-	}
+    
-	ret.append(sigStringOut);
+    for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i)
-
+    {
-	return ret;
+        _stprintf(stringBuffer, _T("%02x"), dbuf[i]);
        _tcscat(sigStringOut, stringBuffer);
    }
    ret.append(sigStringOut);
    return ret;
 }
 #else // HAVE_OPENSSL_SHA_H
 TSTRING cSHASignature::AsString(void) const
 {
    TSTRING ret;
    char* ps_signature;
    char buf[100];
    buf[99]=0;
    ps_signature = pltob64((uint32*)mSHAInfo.digest, buf, SIG_UINT32_SIZE);
    //converting to base64 representation.
 #ifdef _UNICODE		//making it TSTRING sensitive
    int length = strlen(ps_signature);
    ret.resize(length);
    mbstowcs((TCHAR*) ret.data(), ps_signature, length);
 #else
    ret.append(ps_signature);
 #endif
    return ret;
    //return ret;
 }
 TSTRING cSHASignature::AsStringHex() const
 {
    TSTRING ret;
    TCHAR stringBuffer[128];
    TCHAR sigStringOut[128];
    sigStringOut[0] = '\0';
    for (int i=0; i < SIG_UINT32_SIZE; ++i)
    {
        _stprintf(stringBuffer, _T("%08x"), mSHAInfo.digest[i]);
        _tcscat(sigStringOut, stringBuffer);
    }
    ret.append(sigStringOut);
    return ret;
 }
 #endif
 ///////////////////////////////////////////////////////////////////////////////
 // Copy -- Copies a new sig value from a base pointer
 void cSHASignature::Copy(const iFCOProp* rhs)
@ -732,7 +763,7 @@ void cHAVALSignature::Init()
    haval_start( &mHavalState );
 }
-void cHAVALSignature::Update( const byte* pbData, int cbDataLen )
+void cHAVALSignature::Update( const byte* const pbData, int cbDataLen )
 {
    haval_hash( &mHavalState, (uint8*)pbData, cbDataLen );
 }
@ -760,6 +791,7 @@ TSTRING cHAVALSignature::AsString() const
 #else
 	ret.append(buf);
 #endif
 	return ret;
    //return ret;
 		//ret holds base64 representation of digest.
--- a/src/fco/signature.h
+++ b/src/fco/signature.h
@ -98,7 +98,7 @@ public:
    //
    virtual void        Init  () = 0;
        // call before beginning hashing
-    virtual void        Update( const byte* pbData, int cbDataLen ) = 0;
+    virtual void        Update( const byte* const pbData, int cbDataLen ) = 0;
        // may be called multiple times -- best to call with blocks of size SUGGESTED_BLOCK_SIZE,
        // but can handle any size data.
    virtual void        Finit () = 0;
@ -168,7 +168,7 @@ public:
    virtual ~cNullSignature();
    virtual void    Init  ();
-    virtual void    Update( const byte* pbData, int cbDataLen );
+    virtual void    Update( const byte* const pbData, int cbDataLen );
    virtual void    Finit ();
    virtual TSTRING AsString() const;
 	virtual TSTRING AsStringHex() const;
@ -195,7 +195,7 @@ public:
    virtual ~cChecksumSignature();
    virtual void    Init  ();
-    virtual void    Update( const byte* pbData, int cbDataLen );
+    virtual void    Update( const byte* const pbData, int cbDataLen );
    virtual void    Finit ();
    virtual TSTRING AsString() const;
 	virtual TSTRING AsStringHex() const;
@ -223,7 +223,7 @@ public:
    virtual ~cCRC32Signature();
    virtual void    Init  ();
-    virtual void    Update( const byte* pbData, int cbDataLen );
+    virtual void    Update( const byte* const pbData, int cbDataLen );
    virtual void    Finit ();
    virtual TSTRING AsString() const;
@ -252,7 +252,7 @@ public:
    virtual ~cMD5Signature();
    virtual void    Init  ();
-    virtual void    Update( const byte* pbData, int cbDataLen );
+    virtual void    Update( const byte* const pbData, int cbDataLen );
    virtual void    Finit ();
    virtual TSTRING AsString() const;
 	virtual TSTRING AsStringHex() const;
@ -281,7 +281,7 @@ public:
 	virtual ~cSHASignature();
    virtual void    Init  ();
-    virtual void    Update( const byte* pbData, int cbDataLen );
+    virtual void    Update( const byte* const pbData, int cbDataLen );
    virtual void    Finit ();
 	virtual TSTRING	AsString() const;
 	virtual TSTRING AsStringHex() const;
@ -291,12 +291,17 @@ public:
 	virtual void	Write(iSerializer* pSerializer) const;
 protected:
-	enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 };
+    
    SHA_CTX		mSHAInfo;
    virtual bool	IsEqual(const iSignature& rhs) const;
 #ifdef HAVE_OPENSSL_SHA_H
 	enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 };
    SHA_CTX		mSHAInfo;
    uint32		sha_digest[SHA_DIGEST_LENGTH/4];
 #else
    enum { SIG_UINT32_SIZE = 5 };
    SHS_INFO mSHAInfo;
 #endif
 };
 ///////////////////////////////////////////////////////////////////////////////
@ -312,7 +317,7 @@ public:
 	virtual ~cHAVALSignature();
    virtual void    Init  ();
-    virtual void    Update( const byte* pbData, int cbDataLen );
+    virtual void    Update( const byte* const pbData, int cbDataLen );
    virtual void    Finit ();
 	virtual TSTRING	AsString() const;
 	virtual TSTRING AsStringHex() const;
--- a/touchconfig.sh
+++ b/touchconfig.sh
@ -4,5 +4,5 @@
 # and insists they need to be regenerated, though they really don't.
 # This script bumps the timestamps on the right files in the right order,
 # such that they don't all match, and make can proceed on its way.
-touch configure.ac aclocal.m4 configure Makefile.am Makefile.in
+touch configure.in acinclude.m4 aclocal.m4 configure Makefile.am Makefile.in
--- a/tripwire.spec
+++ b/tripwire.spec
@ -8,7 +8,7 @@ Summary:	IDS (Intrusion Detection System)
 License:	GPL
 Group:		Applications/System
-Source0:	http://download.sourceforge.net/tripwire/tripwire-%{version}-src.tar.bz2
+Source0:	https://github.com/Tripwire/tripwire-open-source/archive/master.zip
 Source1:	tripwire.cron.in
 Source3:	tripwire.gif
 Source4:	twcfg.txt.in
@ -144,6 +144,16 @@ post
 %changelog
 2016-03-25 
 * Fri Mar 25 2016 Brian Cox <bcox@tripwire.com> 2.4.3.0
 - Bumping version to 2.4.3.0
 - Compilation fixes for gcc 4.7+ and LLVM/clang (see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html )
 - Absorb fixes from FreeBSD ports patchset (see http://svnweb.freebsd.org/ports/head/security/tripwire/ )
 - Fix handling of SHA hashes when not using OpenSSL impl
 - Update GNU config.guess & config.sub to current versions
 - Compilation fixes for assorted platforms (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable)  
 - Added script to bump buildys file timestaps, to fix spurious aclocal/automake errors on a fresh clone/untar/etc.
 * Mon Nov 21 2011 Stephane Dudzinski <tripwire@frlinux.net> 2.4.2.2
 - Updated spec file
 - Updated version revision in reports and all