[Pkg-gnutls-commits] r1696 - in /packages/libgcrypt11/trunk/debian: ./ patches/

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Sun Feb 24 17:13:46 UTC 2013 

Author: ametzler
Date: Sun Feb 24 17:13:45 2013
New Revision: 1696

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1696
Log:
Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
  30_Avoid-dereferencing-pointer-right-after-the-end.patch
  31_Fix-segv-with-AES-NI-on-some-platforms.patch
     <https://bugs.g10code.com/gnupg/issue1452>
  32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
Closes: #699034

Added:
    packages/libgcrypt11/trunk/debian/patches/30_Avoid-dereferencing-pointer-right-after-the-end.patch
    packages/libgcrypt11/trunk/debian/patches/31_Fix-segv-with-AES-NI-on-some-platforms.patch
    packages/libgcrypt11/trunk/debian/patches/32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
Modified:
    packages/libgcrypt11/trunk/debian/changelog
    packages/libgcrypt11/trunk/debian/patches/series

Modified: packages/libgcrypt11/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/changelog?rev=1696&op=diff
==============================================================================
--- packages/libgcrypt11/trunk/debian/changelog (original)
+++ packages/libgcrypt11/trunk/debian/changelog Sun Feb 24 17:13:45 2013
@@ -1,8 +1,13 @@
-libgcrypt11 (1.5.0-4) UNRELEASED; urgency=low
-
-  * NOT RELEASED YET
-
- -- Andreas Metzler <ametzler at debian.org>  Thu, 01 Sep 2011 19:19:49 +0200
+libgcrypt11 (1.5.0-4) unstable; urgency=low
+
+  * Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
+      30_Avoid-dereferencing-pointer-right-after-the-end.patch
+      31_Fix-segv-with-AES-NI-on-some-platforms.patch
+         <https://bugs.g10code.com/gnupg/issue1452>
+      32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
+    Closes: #699034
+
+ -- Andreas Metzler <ametzler at debian.org>  Sun, 24 Feb 2013 17:43:09 +0100
 
 libgcrypt11 (1.5.0-3) unstable; urgency=low
 

Added: packages/libgcrypt11/trunk/debian/patches/30_Avoid-dereferencing-pointer-right-after-the-end.patch
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/patches/30_Avoid-dereferencing-pointer-right-after-the-end.patch?rev=1696&op=file
==============================================================================
--- packages/libgcrypt11/trunk/debian/patches/30_Avoid-dereferencing-pointer-right-after-the-end.patch (added)
+++ packages/libgcrypt11/trunk/debian/patches/30_Avoid-dereferencing-pointer-right-after-the-end.patch Sun Feb 24 17:13:45 2013
@@ -1,0 +1,29 @@
+From d020143792013295f20e75e18a2b75d5b2e90c43 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 5 Nov 2012 19:01:01 +0100
+Subject: [PATCH 10/17] Avoid dereferencing pointer right after the end
+
+* mpi/mpicoder.c (do_get_buffer): Check the length before derefing P.
+--
+
+Christian Grothoff found this bug using Valgrind.
+---
+ mpi/mpicoder.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
+index f499796..a3435ed 100644
+--- a/mpi/mpicoder.c
++++ b/mpi/mpicoder.c
+@@ -270,7 +270,7 @@ do_get_buffer (gcry_mpi_t a, unsigned int *nbytes, int *sign, int force_secure)
+ 
+   /* This is sub-optimal but we need to do the shift operation because
+      the caller has to free the returned buffer.  */
+-  for (p=buffer; !*p && *nbytes; p++, --*nbytes)
++  for (p=buffer; *nbytes && !*p; p++, --*nbytes)
+     ;
+   if (p != buffer)
+     memmove (buffer,p, *nbytes);
+-- 
+1.7.10.4
+

Added: packages/libgcrypt11/trunk/debian/patches/31_Fix-segv-with-AES-NI-on-some-platforms.patch
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/patches/31_Fix-segv-with-AES-NI-on-some-platforms.patch?rev=1696&op=file
==============================================================================
--- packages/libgcrypt11/trunk/debian/patches/31_Fix-segv-with-AES-NI-on-some-platforms.patch (added)
+++ packages/libgcrypt11/trunk/debian/patches/31_Fix-segv-with-AES-NI-on-some-platforms.patch Sun Feb 24 17:13:45 2013
@@ -1,0 +1,35 @@
+From d30c86465fef9531766fd7c124a5d87d7645850e Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 21 Nov 2012 10:35:28 +0100
+Subject: [PATCH 16/17] Fix segv with AES-NI on some platforms.
+
+* cipher/rijndael.c (RIJNDAEL_context): Align on 16 bytes.
+--
+
+The trigger for this problem is the allocation of the context in the
+selftest functions.  The other code paths use a 16 byte alignment
+anyway by means of the allocation of the context in cipher.c
+Thanks to Gentoo hacker Joakim Tjernlund for figuring out the reason
+of this problem.
+
+GnuPG-bug-id: 1452
+---
+ cipher/rijndael.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 2df8ea9..92fa31d 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -124,7 +124,7 @@ typedef struct
+ #ifdef USE_AESNI
+   int use_aesni;            /* AES-NI shall be used.  */
+ #endif /*USE_AESNI*/
+-} RIJNDAEL_context;
++} RIJNDAEL_context ATTR_ALIGNED_16;
+ 
+ /* Macros defining alias for the keyschedules.  */
+ #define keyschenc  u1.keyschedule
+-- 
+1.7.10.4
+

Added: packages/libgcrypt11/trunk/debian/patches/32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/patches/32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch?rev=1696&op=file
==============================================================================
--- packages/libgcrypt11/trunk/debian/patches/32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch (added)
+++ packages/libgcrypt11/trunk/debian/patches/32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch Sun Feb 24 17:13:45 2013
@@ -1,0 +1,84 @@
+From e0139f73600ed584f23d57a2baf768e32ea900ec Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna at mbnet.fi>
+Date: Tue, 29 Jan 2013 10:05:15 +0200
+Subject: [PATCH 17/17] libgcrypt-1.5: rinjdael: Fix use of SSE2 outside
+ USE_AESNI/ctx->use_aesni
+
+* cipher/rijndael.c (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): Check if
+AES-NI is enabled before calling aesni_prepare() and aesni_cleanup().
+--
+
+aesni_cleanup() contains SSE2 instructions that are interpreted as MMX on CPUs
+without SSE2 support (Pentium-III, etc). In above functions, aesni_cleanup()
+was called outside use_aesni checks. This causes x87 register state to be
+poisoned, causing crashes later on when program tries to use floating point
+registers.
+
+Add missing '#ifdef USE_AESNI' and 'if (ctx->use_aesni)' for aesni_cleanup()
+and, while at it, for aesni_prepare() too.
+
+Reported-by: Mitsutoshi NAKANO <bkbin005 at rinku.zaq.ne.jp>
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna at mbnet.fi>
+---
+ cipher/rijndael.c |   24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 92fa31d..9816280 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -1239,7 +1239,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv,
+   unsigned char *ivp;
+   int i;
+ 
+-  aesni_prepare ();
++#ifdef USE_AESNI
++  if (ctx->use_aesni)
++    aesni_prepare ();
++#endif /*USE_AESNI*/
++
+   for ( ;nblocks; nblocks-- )
+     {
+       for (ivp=iv, i=0; i < BLOCKSIZE; i++ )
+@@ -1263,7 +1267,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv,
+       if (!cbc_mac)
+         outbuf += BLOCKSIZE;
+     }
+-  aesni_cleanup ();
++
++#ifdef USE_AESNI
++  if (ctx->use_aesni)
++    aesni_cleanup ();
++#endif /*USE_AESNI*/
+ 
+   _gcry_burn_stack (48 + 2*sizeof(int));
+ }
+@@ -1575,7 +1583,11 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv,
+   int i;
+   unsigned char savebuf[BLOCKSIZE];
+ 
+-  aesni_prepare ();
++#ifdef USE_AESNI
++  if (ctx->use_aesni)
++    aesni_prepare ();
++#endif /*USE_AESNI*/
++
+   for ( ;nblocks; nblocks-- )
+     {
+       /* We need to save INBUF away because it may be identical to
+@@ -1601,7 +1613,11 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv,
+       inbuf += BLOCKSIZE;
+       outbuf += BLOCKSIZE;
+     }
+-  aesni_cleanup ();
++
++#ifdef USE_AESNI
++  if (ctx->use_aesni)
++    aesni_cleanup ();
++#endif /*USE_AESNI*/
+ 
+   _gcry_burn_stack (48 + 2*sizeof(int) + BLOCKSIZE + 4*sizeof (char*));
+ }
+-- 
+1.7.10.4
+

Modified: packages/libgcrypt11/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/libgcrypt11/trunk/debian/patches/series?rev=1696&op=diff
==============================================================================
--- packages/libgcrypt11/trunk/debian/patches/series (original)
+++ packages/libgcrypt11/trunk/debian/patches/series Sun Feb 24 17:13:45 2013
@@ -1,1 +1,4 @@
 12_lessdeps_libgcrypt-config.diff
+30_Avoid-dereferencing-pointer-right-after-the-end.patch
+31_Fix-segv-with-AES-NI-on-some-platforms.patch
+32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch

More information about the Pkg-gnutls-commits mailing list