Fix non-OpenSSL SHA brokenness; fix OpenSolaris/OpenIndiana build issue; tweak filelist in touchconfig script; update ChangeLog, RPM spec, & MAINTAINERS

This commit is contained in:
Brian Cox 2016-03-26 01:08:03 -07:00
parent 82fbd232c8
commit 184bfe63eb
8 changed files with 130 additions and 67 deletions

View File

@ -1,3 +1,16 @@
2016-03-25 Brian Cox <bcox@tripwire.com>
* Bumping version to 2.4.3.0
* Compilation fixes for gcc 4.7+ and LLVM/clang
(see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html )
* Absorb fixes from FreeBSD ports patchset
(see http://svnweb.freebsd.org/ports/head/security/tripwire/ )
* Fix handling of SHA hashes when not built to use OpenSSL implementation
* Update GNU config.guess & config.sub to current versions
* Compilation fixes for assorted platforms
(Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable)
* Added script to bump buildys file timestaps, to fix
spurious aclocal/automake errors on a fresh clone/untar/etc.
2011-11-21 Stephane Dudzinski <tripwire@frlinux.net> 2011-11-21 Stephane Dudzinski <tripwire@frlinux.net>
* Bumping version to 2.4.2.2 * Bumping version to 2.4.2.2

View File

@ -1,6 +1,7 @@
Open Source Tripwire Maintainers: Open Source Tripwire Maintainers:
tripwire@frlinux.net bcox@tripwire.com
tripwire@frlinux.net (maintains the fork at github.com/frlinux/tripwire-open-source)
Previous Maintainer: Previous Maintainer:

View File

@ -319,7 +319,7 @@ void shsFinal(SHS_INFO *shsInfo)
shsTransform( shsInfo ); shsTransform( shsInfo );
#ifndef WORDS_BIGENDIAN #ifndef WORDS_BIGENDIAN
byteReverse( shsInfo->data, SHS_BLOCKSIZE ); byteReverse( shsInfo->data, SHS_DIGESTSIZE );
#endif /* #ifndef WORDS_BIGENDIAN */ #endif /* #ifndef WORDS_BIGENDIAN */
} }

View File

@ -13,6 +13,8 @@
#include "algebra.cpp" #include "algebra.cpp"
#include "eprecomp.cpp" #include "eprecomp.cpp"
#include <string.h>
#define MAKE_DWORD(lowWord, highWord) ((dword(highWord)<<WORD_BITS) | (lowWord)) #define MAKE_DWORD(lowWord, highWord) ((dword(highWord)<<WORD_BITS) | (lowWord))
union dword_union union dword_union

View File

@ -169,7 +169,7 @@ char* btob64(const register byte* pcbitvec, register char* pcout, int numbits)
} }
*pcout = '\0'; *pcout = '\0';
return (char *) pcorig; return (char *) pcorig;
} }
@ -216,7 +216,7 @@ void cNullSignature::Init()
{ {
} }
void cNullSignature::Update( const byte* pbData, int cbDataLen ) void cNullSignature::Update( const byte* const pbData, int cbDataLen )
{ {
} }
@ -292,8 +292,9 @@ void cChecksumSignature::Init()
{ {
} }
void cChecksumSignature::Update( const byte* pbData, int cbDataLen ) void cChecksumSignature::Update( const byte* const pbDataC, int cbDataLen )
{ {
byte* pbData = (byte*)pbDataC;
for( int i = 0; i < cbDataLen; i++, pbData++ ) for( int i = 0; i < cbDataLen; i++, pbData++ )
mChecksum += *pbData; mChecksum += *pbData;
} }
@ -382,7 +383,7 @@ void cCRC32Signature::Init()
crcInit( mCRCInfo ); crcInit( mCRCInfo );
} }
void cCRC32Signature::Update( const byte* pbData, int cbDataLen ) void cCRC32Signature::Update( const byte* const pbData, int cbDataLen )
{ {
ASSERT( sizeof( byte ) == sizeof( uint8 ) ); ASSERT( sizeof( byte ) == sizeof( uint8 ) );
crcUpdate( mCRCInfo, (uint8*)pbData, cbDataLen ); crcUpdate( mCRCInfo, (uint8*)pbData, cbDataLen );
@ -481,7 +482,7 @@ void cMD5Signature::Init()
#endif #endif
} }
void cMD5Signature::Update( const byte* pbData, int cbDataLen ) void cMD5Signature::Update( const byte* const pbData, int cbDataLen )
{ {
#ifdef HAVE_OPENSSL_MD5_H #ifdef HAVE_OPENSSL_MD5_H
MD5_Update( &mMD5Info, (uint8*)pbData, cbDataLen ); MD5_Update( &mMD5Info, (uint8*)pbData, cbDataLen );
@ -519,6 +520,7 @@ TSTRING cMD5Signature::AsString() const
#else #else
ret.append(buf); ret.append(buf);
#endif #endif
return ret; return ret;
//return ret; //return ret;
//ret holds base64 representation of digest. //ret holds base64 representation of digest.
@ -583,7 +585,9 @@ IMPLEMENT_TYPEDSERIALIZABLE(cSHASignature, _T("cSHASignature"), 0, 1)
cSHASignature::cSHASignature() cSHASignature::cSHASignature()
{ {
memset( &mSHAInfo, 0, sizeof( mSHAInfo ) ); memset( &mSHAInfo, 0, sizeof( mSHAInfo ) );
#ifdef HAVE_OPENSSL_SHA_H
memset( sha_digest, 0, SHA_DIGEST_LENGTH ); memset( sha_digest, 0, SHA_DIGEST_LENGTH );
#endif
} }
cSHASignature::~cSHASignature() cSHASignature::~cSHASignature()
@ -598,7 +602,7 @@ void cSHASignature::Init()
#endif #endif
} }
void cSHASignature::Update( const byte* pbData, int cbDataLen ) void cSHASignature::Update( const byte* const pbData, int cbDataLen )
{ {
ASSERT( sizeof( byte ) == sizeof( uint8 ) ); ASSERT( sizeof( byte ) == sizeof( uint8 ) );
#ifdef HAVE_OPENSSL_SHA_H #ifdef HAVE_OPENSSL_SHA_H
@ -614,67 +618,94 @@ void cSHASignature::Finit()
SHA1_Final( (unsigned char *)sha_digest, &mSHAInfo ); SHA1_Final( (unsigned char *)sha_digest, &mSHAInfo );
#else #else
shsFinal( &mSHAInfo ); shsFinal( &mSHAInfo );
bcopy(&mSHAInfo.digest, sha_digest, SHA_DIGEST_LENGTH);
{
/* sha_digest is a byte array, so can't be in
* host order.
*/
int i;
uint32 *j = (uint32 *)sha_digest;
uint32 *k = (uint32 *)&mSHAInfo.digest;
for(int i=0; i<SIG_UINT32_SIZE; i++)
# ifdef WORDS_BIGENDIAN
j[i] = k[i];
# else
j[i] = ( (k[i] & 0x00ff) << 24 ) | ( (k[i] & 0xff00) << 8)|
( (k[i] >> 8) & 0xff00 ) | ( (k[i] >> 24) & 0x00ff );
# endif //WORDS_BIGENDIAN
}
#endif #endif
} }
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
// AsString -- Converts to Base64 representation and returns a TSTRING // AsString -- Converts to Base64 representation and returns a TSTRING
#ifdef HAVE_OPENSSL_SHA_H
TSTRING cSHASignature::AsString(void) const TSTRING cSHASignature::AsString(void) const
{ {
TSTRING ret; TSTRING ret;
char* ps_signature; char*
char buf[100]; char buf[100];
int length; int length;
ps_signature = btob64((uint8*)sha_digest, buf, SIG_UINT32_SIZE*sizeof(uint32)*8); ps_signature = btob64((uint8*)sha_digest, buf, SIG_UINT32_SIZE*sizeof(uint32)*8);
//converting to base64 representation. //converting to base64 representation.
length = strlen(ps_signature); length = strlen(ps_signature);
#ifdef _UNICODE //making it TSTRING sensitive #ifdef _UNICODE //making it TSTRING sensitive
ret.resize(length); ret.resize(length);
mbstowcs((TCHAR*) ret.data(), ps_signature, length); mbstowcs((TCHAR*) ret.data(), ps_signature, length);
#else #else
ret.append(ps_signature); ret.append(ps_signature);
#endif #endif
return ret; return ret;
//return ret; //return ret;
} }
TSTRING cSHASignature::AsStringHex() const TSTRING cSHASignature::AsStringHex() const
{ {
TSTRING ret; TSTRING ret;
TCHAR stringBuffer[128];
TCHAR sigStringOut[128];
sigStringOut[0] = '\0';
uint8 *dbuf = (uint8 *)sha_digest;
for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i) TCHAR stringBuffer[128];
{ TCHAR sigStringOut[128];
_stprintf(stringBuffer, _T("%02x"), dbuf[i]); sigStringOut[0] = '\0';
_tcscat(sigStringOut, stringBuffer); uint8 *dbuf = (uint8 *)sha_digest;
}
ret.append(sigStringOut); for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i)
{
return ret; _stprintf(stringBuffer, _T("%02x"), dbuf[i]);
_tcscat(sigStringOut, stringBuffer);
}
ret.append(sigStringOut);
return ret;
} }
#else // HAVE_OPENSSL_SHA_H
TSTRING cSHASignature::AsString(void) const
{
TSTRING ret;
char* ps_signature;
char buf[100];
buf[99]=0;
ps_signature = pltob64((uint32*)mSHAInfo.digest, buf, SIG_UINT32_SIZE);
//converting to base64 representation.
#ifdef _UNICODE //making it TSTRING sensitive
int length = strlen(ps_signature);
ret.resize(length);
mbstowcs((TCHAR*) ret.data(), ps_signature, length);
#else
ret.append(ps_signature);
#endif
return ret;
//return ret;
}
TSTRING cSHASignature::AsStringHex() const
{
TSTRING ret;
TCHAR stringBuffer[128];
TCHAR sigStringOut[128];
sigStringOut[0] = '\0';
for (int i=0; i < SIG_UINT32_SIZE; ++i)
{
_stprintf(stringBuffer, _T("%08x"), mSHAInfo.digest[i]);
_tcscat(sigStringOut, stringBuffer);
}
ret.append(sigStringOut);
return ret;
}
#endif
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
// Copy -- Copies a new sig value from a base pointer // Copy -- Copies a new sig value from a base pointer
void cSHASignature::Copy(const iFCOProp* rhs) void cSHASignature::Copy(const iFCOProp* rhs)
@ -732,7 +763,7 @@ void cHAVALSignature::Init()
haval_start( &mHavalState ); haval_start( &mHavalState );
} }
void cHAVALSignature::Update( const byte* pbData, int cbDataLen ) void cHAVALSignature::Update( const byte* const pbData, int cbDataLen )
{ {
haval_hash( &mHavalState, (uint8*)pbData, cbDataLen ); haval_hash( &mHavalState, (uint8*)pbData, cbDataLen );
} }
@ -760,6 +791,7 @@ TSTRING cHAVALSignature::AsString() const
#else #else
ret.append(buf); ret.append(buf);
#endif #endif
return ret; return ret;
//return ret; //return ret;
//ret holds base64 representation of digest. //ret holds base64 representation of digest.

View File

@ -98,7 +98,7 @@ public:
// //
virtual void Init () = 0; virtual void Init () = 0;
// call before beginning hashing // call before beginning hashing
virtual void Update( const byte* pbData, int cbDataLen ) = 0; virtual void Update( const byte* const pbData, int cbDataLen ) = 0;
// may be called multiple times -- best to call with blocks of size SUGGESTED_BLOCK_SIZE, // may be called multiple times -- best to call with blocks of size SUGGESTED_BLOCK_SIZE,
// but can handle any size data. // but can handle any size data.
virtual void Finit () = 0; virtual void Finit () = 0;
@ -168,7 +168,7 @@ public:
virtual ~cNullSignature(); virtual ~cNullSignature();
virtual void Init (); virtual void Init ();
virtual void Update( const byte* pbData, int cbDataLen ); virtual void Update( const byte* const pbData, int cbDataLen );
virtual void Finit (); virtual void Finit ();
virtual TSTRING AsString() const; virtual TSTRING AsString() const;
virtual TSTRING AsStringHex() const; virtual TSTRING AsStringHex() const;
@ -195,7 +195,7 @@ public:
virtual ~cChecksumSignature(); virtual ~cChecksumSignature();
virtual void Init (); virtual void Init ();
virtual void Update( const byte* pbData, int cbDataLen ); virtual void Update( const byte* const pbData, int cbDataLen );
virtual void Finit (); virtual void Finit ();
virtual TSTRING AsString() const; virtual TSTRING AsString() const;
virtual TSTRING AsStringHex() const; virtual TSTRING AsStringHex() const;
@ -223,7 +223,7 @@ public:
virtual ~cCRC32Signature(); virtual ~cCRC32Signature();
virtual void Init (); virtual void Init ();
virtual void Update( const byte* pbData, int cbDataLen ); virtual void Update( const byte* const pbData, int cbDataLen );
virtual void Finit (); virtual void Finit ();
virtual TSTRING AsString() const; virtual TSTRING AsString() const;
@ -252,7 +252,7 @@ public:
virtual ~cMD5Signature(); virtual ~cMD5Signature();
virtual void Init (); virtual void Init ();
virtual void Update( const byte* pbData, int cbDataLen ); virtual void Update( const byte* const pbData, int cbDataLen );
virtual void Finit (); virtual void Finit ();
virtual TSTRING AsString() const; virtual TSTRING AsString() const;
virtual TSTRING AsStringHex() const; virtual TSTRING AsStringHex() const;
@ -281,7 +281,7 @@ public:
virtual ~cSHASignature(); virtual ~cSHASignature();
virtual void Init (); virtual void Init ();
virtual void Update( const byte* pbData, int cbDataLen ); virtual void Update( const byte* const pbData, int cbDataLen );
virtual void Finit (); virtual void Finit ();
virtual TSTRING AsString() const; virtual TSTRING AsString() const;
virtual TSTRING AsStringHex() const; virtual TSTRING AsStringHex() const;
@ -291,12 +291,17 @@ public:
virtual void Write(iSerializer* pSerializer) const; virtual void Write(iSerializer* pSerializer) const;
protected: protected:
enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 };
SHA_CTX mSHAInfo;
virtual bool IsEqual(const iSignature& rhs) const; virtual bool IsEqual(const iSignature& rhs) const;
#ifdef HAVE_OPENSSL_SHA_H
enum { SIG_UINT32_SIZE = SHA_DIGEST_LENGTH/4 };
SHA_CTX mSHAInfo;
uint32 sha_digest[SHA_DIGEST_LENGTH/4]; uint32 sha_digest[SHA_DIGEST_LENGTH/4];
#else
enum { SIG_UINT32_SIZE = 5 };
SHS_INFO mSHAInfo;
#endif
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@ -312,7 +317,7 @@ public:
virtual ~cHAVALSignature(); virtual ~cHAVALSignature();
virtual void Init (); virtual void Init ();
virtual void Update( const byte* pbData, int cbDataLen ); virtual void Update( const byte* const pbData, int cbDataLen );
virtual void Finit (); virtual void Finit ();
virtual TSTRING AsString() const; virtual TSTRING AsString() const;
virtual TSTRING AsStringHex() const; virtual TSTRING AsStringHex() const;

View File

@ -4,5 +4,5 @@
# and insists they need to be regenerated, though they really don't. # and insists they need to be regenerated, though they really don't.
# This script bumps the timestamps on the right files in the right order, # This script bumps the timestamps on the right files in the right order,
# such that they don't all match, and make can proceed on its way. # such that they don't all match, and make can proceed on its way.
touch configure.ac aclocal.m4 configure Makefile.am Makefile.in touch configure.in acinclude.m4 aclocal.m4 configure Makefile.am Makefile.in

View File

@ -8,7 +8,7 @@ Summary: IDS (Intrusion Detection System)
License: GPL License: GPL
Group: Applications/System Group: Applications/System
Source0: http://download.sourceforge.net/tripwire/tripwire-%{version}-src.tar.bz2 Source0: https://github.com/Tripwire/tripwire-open-source/archive/master.zip
Source1: tripwire.cron.in Source1: tripwire.cron.in
Source3: tripwire.gif Source3: tripwire.gif
Source4: twcfg.txt.in Source4: twcfg.txt.in
@ -144,6 +144,16 @@ post
%changelog %changelog
2016-03-25
* Fri Mar 25 2016 Brian Cox <bcox@tripwire.com> 2.4.3.0
- Bumping version to 2.4.3.0
- Compilation fixes for gcc 4.7+ and LLVM/clang (see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html )
- Absorb fixes from FreeBSD ports patchset (see http://svnweb.freebsd.org/ports/head/security/tripwire/ )
- Fix handling of SHA hashes when not using OpenSSL impl
- Update GNU config.guess & config.sub to current versions
- Compilation fixes for assorted platforms (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable)
- Added script to bump buildys file timestaps, to fix spurious aclocal/automake errors on a fresh clone/untar/etc.
* Mon Nov 21 2011 Stephane Dudzinski <tripwire@frlinux.net> 2.4.2.2 * Mon Nov 21 2011 Stephane Dudzinski <tripwire@frlinux.net> 2.4.2.2
- Updated spec file - Updated spec file
- Updated version revision in reports and all - Updated version revision in reports and all