Update to 1.2.4

2021-12-29 18:42:20 +08:00 · 2021-12-29 18:42:20 +08:00 · 0fe89b5a69
commit 0fe89b5a69
parent 92f155f560
7 changed files with 5 additions and 1407 deletions
--- a/backport-CVE-2020-7226-1.patch
+++ b/backport-CVE-2020-7226-1.patch
--- a/backport-CVE-2020-7226-2.patch
+++ b/backport-CVE-2020-7226-2.patch
@ -1,81 +0,0 @@
-From 132f15ead532d78d4c19d2bcb39ec8f319ad6945 Mon Sep 17 00:00:00 2001
-From: "Marvin S. Addison" <serac@vt.edu>
-Date: Mon, 27 Jan 2020 14:39:35 -0500
-Subject: [PATCH] Address code review feedback points.
-
---
- src/main/java/org/cryptacular/CiphertextHeader.java  |  6 +++---
- .../java/org/cryptacular/CiphertextHeaderV2.java     | 12 +++++++-----
- src/main/java/org/cryptacular/util/CipherUtil.java   |  1 -
- 3 files changed, 10 insertions(+), 9 deletions(-)
-
-diff --git a/src/main/java/org/cryptacular/CiphertextHeader.java b/src/main/java/org/cryptacular/CiphertextHeader.java
-index c17e735..d43bf9a 100644
--- a/src/main/java/org/cryptacular/CiphertextHeader.java
-+++ b/src/main/java/org/cryptacular/CiphertextHeader.java
-@@ -75,12 +75,12 @@ public CiphertextHeader(final byte[] nonce)
-    */
-   public CiphertextHeader(final byte[] nonce, final String keyName)
-   {
-    if (nonce.length > 255) {
-      throw new IllegalArgumentException("Nonce exceeds size limit in bytes (255)");
-+    if (nonce.length > MAX_NONCE_LEN) {
-+      throw new IllegalArgumentException("Nonce exceeds size limit in bytes (" + MAX_NONCE_LEN + ")");
-     }
-     if (keyName != null) {
-       if (ByteUtil.toBytes(keyName).length > MAX_KEYNAME_LEN) {
-        throw new IllegalArgumentException("Key name exceeds size limit in bytes (500)");
-+        throw new IllegalArgumentException("Key name exceeds size limit in bytes (" + MAX_KEYNAME_LEN + ")");
-       }
-     }
-     this.nonce = nonce;
-diff --git a/src/main/java/org/cryptacular/CiphertextHeaderV2.java b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
-index 8119f4e..1fe095b 100644
--- a/src/main/java/org/cryptacular/CiphertextHeaderV2.java
-+++ b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
-@@ -102,6 +102,9 @@ public void setKeyLookup(final Function<String, SecretKey> keyLookup)
-    */
-   public byte[] encode(final SecretKey hmacKey)
-   {
-+    if (hmacKey == null) {
-+      throw new IllegalArgumentException("Secret key cannot be null");
-+    }
-     final ByteBuffer bb = ByteBuffer.allocate(length);
-     bb.order(ByteOrder.BIG_ENDIAN);
-     bb.putInt(VERSION);
-@@ -109,10 +112,7 @@ public void setKeyLookup(final Function<String, SecretKey> keyLookup)
-     bb.put((byte) 0);
-     bb.put(ByteUtil.toUnsignedByte(nonce.length));
-     bb.put(nonce);
-    if (hmacKey != null) {
-      final byte[] hmac = hmac(bb.array(), 0, bb.limit() - HMAC_SIZE);
-      bb.put(hmac);
-    }
-+    bb.put(hmac(bb.array(), 0, bb.limit() - HMAC_SIZE));
-     return bb.array();
-   }
- 
-@@ -253,8 +253,10 @@ public static CiphertextHeaderV2 decode(final InputStream input, final Function<
-    *
-    * @param  input  Input stream.
-    * @param  output  Output buffer.
-+   *
-+   * @throws  StreamException  on stream IO errors.
-    */
-  private static void readInto(final InputStream input, final byte[] output)
-+  private static void readInto(final InputStream input, final byte[] output) throws StreamException
-   {
-     try {
-       input.read(output);
-diff --git a/src/main/java/org/cryptacular/util/CipherUtil.java b/src/main/java/org/cryptacular/util/CipherUtil.java
-index cdbac0d..40ef4d1 100644
--- a/src/main/java/org/cryptacular/util/CipherUtil.java
-+++ b/src/main/java/org/cryptacular/util/CipherUtil.java
-@@ -376,7 +376,6 @@ private static void process(final BlockCipherAdapter cipher, final InputStream i
-   }
- 
- 
-
-   /**
-    * Writes a ciphertext header to the output stream.
-    *
--- a/backport-CVE-2020-7226-3.patch
+++ b/backport-CVE-2020-7226-3.patch
@ -1,22 +0,0 @@
-From 00395c232cdc62d4292ce27999c026fc1f076b1d Mon Sep 17 00:00:00 2001
-From: "Marvin S. Addison" <serac@vt.edu>
-Date: Wed, 29 Jan 2020 16:51:35 -0500
-Subject: [PATCH] Remove runtime exception from method sig.
-
---
- src/main/java/org/cryptacular/CiphertextHeaderV2.java | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/main/java/org/cryptacular/CiphertextHeaderV2.java b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
-index 1fe095b..23d039e 100644
--- a/src/main/java/org/cryptacular/CiphertextHeaderV2.java
-+++ b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
-@@ -256,7 +256,7 @@ public static CiphertextHeaderV2 decode(final InputStream input, final Function<
-    *
-    * @throws  StreamException  on stream IO errors.
-    */
-  private static void readInto(final InputStream input, final byte[] output) throws StreamException
-+  private static void readInto(final InputStream input, final byte[] output)
-   {
-     try {
-       input.read(output);
--- a/change-version-to-Java8.patch
+++ b/change-version-to-Java8.patch
@ -1,37 +0,0 @@
-From 1972c658289468599bbb832bad03fe0a5a34713d Mon Sep 17 00:00:00 2001
-From: zhanghua1831 <zhanghua1831@163.com>
-Date: Fri, 26 Feb 2021 12:33:02 +0800
-Subject: [PATCH] fix build error by using Java8
-
-changes of CVE-2020-7226's patches require Java8
---
- pom.xml | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/pom.xml b/pom.xml
-index 1f83d44..9506e54 100644
--- a/pom.xml
-+++ b/pom.xml
-@@ -140,8 +140,8 @@
-           <showDeprecation>true</showDeprecation>
-           <showWarnings>true</showWarnings>
-           <compilerArgument>-Xlint:unchecked</compilerArgument>
-          <source>1.7</source>
-          <target>1.7</target>
-+          <source>1.8</source>
-+          <target>1.8</target>
-         </configuration>
-       </plugin>
-       <plugin>
-@@ -182,7 +182,7 @@
-         <version>2.10.3</version>
-         <configuration>
-           <links>
-            <link>http://download.oracle.com/javase/7/docs/api</link>
-+            <link>http://download.oracle.com/javase/8/docs/api</link>
-           </links>
-           <bottom><![CDATA[<i>Copyright &#169; 2003-2015 Virginia Tech. All Rights Reserved.</i>]]></bottom>
-         </configuration>
-- 
-2.23.0
-
--- a/cryptacular.spec
+++ b/cryptacular.spec
@ -1,14 +1,10 @@
 Name:                cryptacular
-Version:             1.1.0
-Release:             2
+Version:             1.2.4
+Release:             1
 Summary:             Java Library that complement to the Bouncy Castle crypto API
 License:             ASL 2.0 or LGPLv3
 URL:                 http://www.cryptacular.org/
 Source0:             https://github.com/vt-middleware/cryptacular/archive/v%{version}.tar.gz
-Patch0000:           backport-CVE-2020-7226-1.patch
-Patch0001:           backport-CVE-2020-7226-2.patch
-Patch0002:           backport-CVE-2020-7226-3.patch
-Patch0003:           change-version-to-Java8.patch
 BuildRequires:       maven-local mvn(org.apache.felix:maven-bundle-plugin)
 BuildRequires:       mvn(org.apache.maven.plugins:maven-assembly-plugin)
 BuildRequires:       mvn(org.apache.maven.plugins:maven-release-plugin)
@ -51,6 +47,9 @@ This package contains man pages and other related documents for %{name}.
 %license LICENSE LICENSE-apache2 LICENSE-lgpl NOTICE

 %changelog
+* Wed Dec 29 2021 wangkai <wangkai385@huawei.com> - 1.2.4-1
+* Update to 1.2.4
+
 * Thu Feb 25 2021 zhanghua <zhanghua40@huawei.com> - 1.1.0-2
 - fix CVE-2020-7226 and fix build error by using Java8

--- a/v1.1.0.tar.gz
+++ b/v1.1.0.tar.gz
--- a/v1.2.4.tar.gz
+++ b/v1.2.4.tar.gz