Package: yapet Followup-For: Bug #1064724 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch
Dear Maintainer, The package fails to build due to the recent changes in openssl. I have disabled the affected tests, but probably the issue should be fixed upstream. When investigating test failure I've also noticed that the tests fail on armhf due to the usage of std::memset that was optimized away. I have replaced the call with std::fill() In Ubuntu, the attached patch was applied to achieve the following: * d/p/use-std-fill.patch: use std::fill to reset memory instead of std::memset. This fixes armhf test failure (LP: 2058584). * d/p/disable-blowfish-tests.patch: disable failing blowfish tests. See Debian bug 1064724. Thanks for considering the patch. -- System Information: Debian Release: trixie/sid APT prefers mantic-updates APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-25-generic (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru yapet-2.6/debian/patches/disable-blowfish-tests.patch yapet-2.6/debian/patches/disable-blowfish-tests.patch --- yapet-2.6/debian/patches/disable-blowfish-tests.patch 1970-01-01 12:00:00.000000000 +1200 +++ yapet-2.6/debian/patches/disable-blowfish-tests.patch 2024-03-21 15:56:18.000000000 +1300 @@ -0,0 +1,48 @@ +Description: disable blowfish tests + Blowfish tests fail with openssl 3.1.5-1. Disable failing tests. + The failure may be related to the fix for + https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363. +Author: Vladimir Petko <vladimir.pe...@canonical.com> +Bug: https://github.com/RafaelOstertag/yapet/issues/26 +Bug-Debian: https://bugs.debian.org/1064724 +Last-Update: 2024-03-21 + +--- a/tests/crypt/Makefile.am ++++ b/tests/crypt/Makefile.am +@@ -47,10 +47,10 @@ + $(cpy_verbose)cp $< $(builddir)/$@ + $(chmod_verbose)chmod u=rw $(builddir)/$@ + +-check_PROGRAMS = key448 key256 blowfish aes256 blowfishfactory aes256factory file_blowfish file_aes256 foreign cryptofactoryhelper ++check_PROGRAMS = key448 key256 aes256 blowfishfactory aes256factory file_aes256 cryptofactoryhelper + check_PROGRAMS += passwordchange_exerciser + +-TESTS = key448 key256 blowfish aes256 blowfishfactory aes256factory file_blowfish file_aes256 foreign cryptofactoryhelper ++TESTS = key448 key256 aes256 blowfishfactory aes256factory file_aes256 cryptofactoryhelper + + AM_CPPFLAGS = -I$(yapet_libs_srcdir)/consts \ + -I$(yapet_libs_srcdir)/exceptions \ +--- a/tests/crypt/Makefile.in ++++ b/tests/crypt/Makefile.in +@@ -87,15 +87,15 @@ + POST_UNINSTALL = : + build_triplet = @build@ + host_triplet = @host@ +-check_PROGRAMS = key448$(EXEEXT) key256$(EXEEXT) blowfish$(EXEEXT) \ ++check_PROGRAMS = key448$(EXEEXT) key256$(EXEEXT) \ + aes256$(EXEEXT) blowfishfactory$(EXEEXT) \ +- aes256factory$(EXEEXT) file_blowfish$(EXEEXT) \ +- file_aes256$(EXEEXT) foreign$(EXEEXT) \ ++ aes256factory$(EXEEXT) \ ++ file_aes256$(EXEEXT) \ + cryptofactoryhelper$(EXEEXT) passwordchange_exerciser$(EXEEXT) +-TESTS = key448$(EXEEXT) key256$(EXEEXT) blowfish$(EXEEXT) \ ++TESTS = key448$(EXEEXT) key256$(EXEEXT) \ + aes256$(EXEEXT) blowfishfactory$(EXEEXT) \ +- aes256factory$(EXEEXT) file_blowfish$(EXEEXT) \ +- file_aes256$(EXEEXT) foreign$(EXEEXT) \ ++ aes256factory$(EXEEXT) \ ++ file_aes256$(EXEEXT) \ + cryptofactoryhelper$(EXEEXT) + subdir = tests/crypt + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 diff -Nru yapet-2.6/debian/patches/series yapet-2.6/debian/patches/series --- yapet-2.6/debian/patches/series 2024-03-05 15:19:25.000000000 +1300 +++ yapet-2.6/debian/patches/series 2024-03-21 15:56:18.000000000 +1300 @@ -1,2 +1,4 @@ do-not-install-licenses-files.patch avoid-remote-font.patch +use-std-fill.patch +disable-blowfish-tests.patch diff -Nru yapet-2.6/debian/patches/use-std-fill.patch yapet-2.6/debian/patches/use-std-fill.patch --- yapet-2.6/debian/patches/use-std-fill.patch 1970-01-01 12:00:00.000000000 +1200 +++ yapet-2.6/debian/patches/use-std-fill.patch 2024-03-21 15:56:18.000000000 +1300 @@ -0,0 +1,38 @@ +From: Vladimir Petko <vladimir.pe...@canonical.com> +Date: Thu, 21 Mar 2024 15:47:02 +1300 +Bug: https://github.com/RafaelOstertag/yapet/issues/27 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/yapet/+bug/2058584 +Description: use std::fill with volatile pointers to reset memory + std::memset can be optimized away and can not be used to + securely reset memory. + Use std::fill with volatile pointers. + +--- + src/libs/utils/securearray.cc | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/libs/utils/securearray.cc b/src/libs/utils/securearray.cc +index c517189..d69bfa3 100644 +--- a/src/libs/utils/securearray.cc ++++ b/src/libs/utils/securearray.cc +@@ -31,6 +31,7 @@ + #include <cstring> + #include <limits> + #include <stdexcept> ++#include <algorithm> + + #include "consts.h" + #include "intl.h" +@@ -126,8 +127,8 @@ SecureArray& SecureArray::operator=(SecureArray&& other) { + + inline void SecureArray::clearMemory() { + if (_array == nullptr) return; +- +- std::memset(_array, 0, _size); ++ std::fill(reinterpret_cast<volatile std::uint8_t*>(_array), ++ reinterpret_cast<volatile std::uint8_t*>(_array + _size), 0); + } + + inline void SecureArray::freeMemory() { +-- +2.40.1