1 |
commit: 6277d1b7f1c2abf4e61a516642c211c51fbc3fe3 |
2 |
Author: Johannes Huber <johu <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed May 25 21:49:13 2016 +0000 |
4 |
Commit: Johannes Huber <johu <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed May 25 22:23:27 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6277d1b7 |
7 |
|
8 |
kde-apps: Remove KDE Applications 4.14.3 |
9 |
|
10 |
With some exceptions. |
11 |
|
12 |
Package-Manager: portage-2.3.0_rc1 |
13 |
|
14 |
.../files/kwalletd-4.14.3-CVE-2013-7252.patch | 777 --------------------- |
15 |
.../files/kwalletd-4.14.3-fix-random-open.patch | 152 ---- |
16 |
2 files changed, 929 deletions(-) |
17 |
|
18 |
diff --git a/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch b/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch |
19 |
deleted file mode 100644 |
20 |
index 9019e17..0000000 |
21 |
--- a/kde-apps/kwalletd/files/kwalletd-4.14.3-CVE-2013-7252.patch |
22 |
+++ /dev/null |
23 |
@@ -1,777 +0,0 @@ |
24 |
-From 466859302095a4ee4a9214ab24144eab7697224f Mon Sep 17 00:00:00 2001 |
25 |
-From: Valentin Rusu <kde@××××.info> |
26 |
-Date: Mon, 5 Jan 2015 23:00:58 +0100 |
27 |
-Subject: [PATCH] Backporting CBC algorithm fix from frameworks/kwallet |
28 |
- |
29 |
-The CBC algorithm was not enrcrypting in CBC but in ECB, despite it being |
30 |
-named CBC. This problem was found by Itay Duvdevani who let us know it on the |
31 |
-security mailing list. His mail eventually got forwarded to me and here is the |
32 |
-fix. I also fixed the test program which was incorrectly checking the |
33 |
-expected bytes. |
34 |
- |
35 |
-This commit corresponds to the following commits from: |
36 |
-frameworks/kwallet |
37 |
- 88bc1ff01e5fdf59a13fe012aa03e31e9eb8a3b1 |
38 |
- 6e588d795e6631c3c9d84d85fd3884a159b45849 |
39 |
---- |
40 |
- kwalletd/backend/backendpersisthandler.cpp | 67 ++++--- |
41 |
- kwalletd/backend/backendpersisthandler.h | 4 +- |
42 |
- kwalletd/backend/cbc.cc | 273 ++++++++++++++++++----------- |
43 |
- kwalletd/backend/cbc.h | 44 ++--- |
44 |
- kwalletd/backend/tests/testbf.cpp | 96 +++++----- |
45 |
- 5 files changed, 279 insertions(+), 205 deletions(-) |
46 |
- |
47 |
-diff --git a/kwalletd/backend/backendpersisthandler.cpp b/kwalletd/backend/backendpersisthandler.cpp |
48 |
-index 126210a..5c321c9 100644 |
49 |
---- a/kwalletd/backend/backendpersisthandler.cpp |
50 |
-+++ b/kwalletd/backend/backendpersisthandler.cpp |
51 |
-@@ -40,14 +40,15 @@ |
52 |
- #include "sha1.h" |
53 |
- #include "cbc.h" |
54 |
- |
55 |
--#ifdef Q_OS_WIN |
56 |
-+#ifdef Q_OS_WIN |
57 |
- #include <windows.h> |
58 |
- #include <wincrypt.h> |
59 |
- #endif |
60 |
- |
61 |
--#define KWALLET_CIPHER_BLOWFISH_CBC 0 |
62 |
-+#define KWALLET_CIPHER_BLOWFISH_ECB 0 // this was the old KWALLET_CIPHER_BLOWFISH_CBC |
63 |
- #define KWALLET_CIPHER_3DES_CBC 1 // unsupported |
64 |
- #define KWALLET_CIPHER_GPG 2 |
65 |
-+#define KWALLET_CIPHER_BLOWFISH_CBC 3 |
66 |
- |
67 |
- #define KWALLET_HASH_SHA1 0 |
68 |
- #define KWALLET_HASH_MD5 1 // unsupported |
69 |
-@@ -164,13 +165,18 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherTyp |
70 |
- return 0; |
71 |
- } |
72 |
- } |
73 |
-- |
74 |
-+ |
75 |
- BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12]) |
76 |
- { |
77 |
-- if (magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC && |
78 |
-+ if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) && |
79 |
- (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) { |
80 |
-- if (0 == blowfishHandler) |
81 |
-- blowfishHandler = new BlowfishPersistHandler; |
82 |
-+ if (0 == blowfishHandler) { |
83 |
-+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB; |
84 |
-+ if (useECBforReading) { |
85 |
-+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save."; |
86 |
-+ } |
87 |
-+ blowfishHandler = new BlowfishPersistHandler(useECBforReading); |
88 |
-+ } |
89 |
- return blowfishHandler; |
90 |
- } |
91 |
- #ifdef HAVE_QGPGME |
92 |
-@@ -183,11 +189,16 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12 |
93 |
- #endif // HAVE_QGPGME |
94 |
- return 0; // unknown cipher or hash |
95 |
- } |
96 |
-- |
97 |
-+ |
98 |
- int BlowfishPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WId) |
99 |
- { |
100 |
- assert(wb->_cipherType == BACKEND_CIPHER_BLOWFISH); |
101 |
- |
102 |
-+ if (_useECBforReading) { |
103 |
-+ qDebug() << "This wallet used ECB and is now saved using CBC"; |
104 |
-+ _useECBforReading = false; |
105 |
-+ } |
106 |
-+ |
107 |
- version[2] = KWALLET_CIPHER_BLOWFISH_CBC; |
108 |
- if(!wb->_useNewHash) { |
109 |
- version[3] = KWALLET_HASH_SHA1; |
110 |
-@@ -358,7 +369,7 @@ int BlowfishPersistHandler::read(Backend* wb, QFile& db, WId) |
111 |
- assert(encrypted.size() < db.size()); |
112 |
- |
113 |
- BlowFish _bf; |
114 |
-- CipherBlockChain bf(&_bf); |
115 |
-+ CipherBlockChain bf(&_bf, _useECBforReading); |
116 |
- int blksz = bf.blockSize(); |
117 |
- if ((encrypted.size() % blksz) != 0) { |
118 |
- return -5; // invalid file structure |
119 |
-@@ -502,7 +513,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI |
120 |
- sf.abort(); |
121 |
- return -5; |
122 |
- } |
123 |
-- |
124 |
-+ |
125 |
- boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) ); |
126 |
- if (0 == ctx) { |
127 |
- kDebug() << "Cannot setup OpenPGP context!"; |
128 |
-@@ -511,7 +522,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI |
129 |
- } |
130 |
- |
131 |
- assert(wb->_cipherType == BACKEND_CIPHER_GPG); |
132 |
-- |
133 |
-+ |
134 |
- QByteArray hashes; |
135 |
- QDataStream hashStream(&hashes, QIODevice::WriteOnly); |
136 |
- KMD5 md5; |
137 |
-@@ -549,7 +560,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI |
138 |
- dataStream << keyID; |
139 |
- dataStream << hashes; |
140 |
- dataStream << values; |
141 |
-- |
142 |
-+ |
143 |
- GpgME::Data decryptedData(dataBuffer.data(), dataBuffer.size(), false); |
144 |
- GpgME::Data encryptedData; |
145 |
- std::vector< GpgME::Key > keys; |
146 |
-@@ -574,7 +585,7 @@ int GpgPersistHandler::write(Backend* wb, KSaveFile& sf, QByteArray& version, WI |
147 |
- return -4; // write error |
148 |
- } |
149 |
- } |
150 |
-- |
151 |
-+ |
152 |
- return 0; |
153 |
- } |
154 |
- |
155 |
-@@ -596,7 +607,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
156 |
- while (bytes = sf.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){ |
157 |
- encryptedData.write(buffer, bytes); |
158 |
- } |
159 |
-- |
160 |
-+ |
161 |
- retry_label: |
162 |
- boost::shared_ptr< GpgME::Context > ctx( GpgME::Context::createForProtocol(GpgME::OpenPGP) ); |
163 |
- if (0 == ctx) { |
164 |
-@@ -620,13 +631,13 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
165 |
- } |
166 |
- return -1; |
167 |
- } |
168 |
-- |
169 |
-+ |
170 |
- decryptedData.seek(0, SEEK_SET); |
171 |
- QByteArray dataBuffer; |
172 |
- while (bytes = decryptedData.read(buffer, sizeof(buffer)/sizeof(buffer[0]))){ |
173 |
- dataBuffer.append(buffer, bytes); |
174 |
- } |
175 |
-- |
176 |
-+ |
177 |
- // load the wallet from the decrypted data |
178 |
- QDataStream dataStream(dataBuffer); |
179 |
- QString keyID; |
180 |
-@@ -661,10 +672,10 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
181 |
- return -1; |
182 |
- } |
183 |
- |
184 |
-- |
185 |
-+ |
186 |
- QDataStream hashStream(hashes); |
187 |
- QDataStream valueStream(values); |
188 |
-- |
189 |
-+ |
190 |
- quint32 hashCount; |
191 |
- hashStream >> hashCount; |
192 |
- if (hashCount > 0xFFFF) { |
193 |
-@@ -675,10 +686,10 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
194 |
- while (hashCount--){ |
195 |
- KMD5::Digest d; |
196 |
- hashStream.readRawData(reinterpret_cast<char *>(d), 16); |
197 |
-- |
198 |
-+ |
199 |
- quint32 folderSize; |
200 |
- hashStream >> folderSize; |
201 |
-- |
202 |
-+ |
203 |
- MD5Digest ba = MD5Digest(reinterpret_cast<char *>(d)); |
204 |
- QMap<MD5Digest, QList<MD5Digest> >::iterator it = wb->_hashes.insert(ba, QList<MD5Digest>()); |
205 |
- while (folderSize--){ |
206 |
-@@ -688,27 +699,27 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
207 |
- (*it).append(ba); |
208 |
- } |
209 |
- } |
210 |
-- |
211 |
-+ |
212 |
- while (folderCount--){ |
213 |
- QString folder; |
214 |
- valueStream >> folder; |
215 |
-- |
216 |
-+ |
217 |
- quint32 entryCount; |
218 |
- valueStream >> entryCount; |
219 |
-- |
220 |
-+ |
221 |
- wb->_entries[folder].clear(); |
222 |
-- |
223 |
-+ |
224 |
- while (entryCount--){ |
225 |
- KWallet::Wallet::EntryType et = KWallet::Wallet::Unknown; |
226 |
- Entry *e = new Entry; |
227 |
-- |
228 |
-+ |
229 |
- QString key; |
230 |
- valueStream >> key; |
231 |
-- |
232 |
-+ |
233 |
- qint32 x =0; // necessary to read properly |
234 |
- valueStream >> x; |
235 |
- et = static_cast<KWallet::Wallet::EntryType>(x); |
236 |
-- |
237 |
-+ |
238 |
- switch (et) { |
239 |
- case KWallet::Wallet::Password: |
240 |
- case KWallet::Wallet::Stream: |
241 |
-@@ -718,7 +729,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
242 |
- delete e; |
243 |
- continue; |
244 |
- } |
245 |
-- |
246 |
-+ |
247 |
- QByteArray a; |
248 |
- valueStream >> a; |
249 |
- e->setValue(a); |
250 |
-@@ -727,7 +738,7 @@ int GpgPersistHandler::read(Backend* wb, QFile& sf, WId w) |
251 |
- wb->_entries[folder][key] = e; |
252 |
- } |
253 |
- } |
254 |
-- |
255 |
-+ |
256 |
- wb->_open = true; |
257 |
- |
258 |
- return 0; |
259 |
-diff --git a/kwalletd/backend/backendpersisthandler.h b/kwalletd/backend/backendpersisthandler.h |
260 |
-index a33db48..11d67f2 100644 |
261 |
---- a/kwalletd/backend/backendpersisthandler.h |
262 |
-+++ b/kwalletd/backend/backendpersisthandler.h |
263 |
-@@ -60,11 +60,13 @@ public: |
264 |
- |
265 |
- class BlowfishPersistHandler : public BackendPersistHandler { |
266 |
- public: |
267 |
-- BlowfishPersistHandler() {} |
268 |
-+ explicit BlowfishPersistHandler(bool useECBforReading =false) : _useECBforReading(useECBforReading) {} |
269 |
- virtual ~BlowfishPersistHandler() {} |
270 |
- |
271 |
- virtual int write(Backend* wb, KSaveFile& sf, QByteArray& version, WId w); |
272 |
- virtual int read(Backend* wb, QFile& sf, WId w); |
273 |
-+private: |
274 |
-+ bool _useECBforReading; |
275 |
- }; |
276 |
- |
277 |
- #ifdef HAVE_QGPGME |
278 |
-diff --git a/kwalletd/backend/cbc.cc b/kwalletd/backend/cbc.cc |
279 |
-index 7bc5f38..772f3de 100644 |
280 |
---- a/kwalletd/backend/cbc.cc |
281 |
-+++ b/kwalletd/backend/cbc.cc |
282 |
-@@ -1,149 +1,212 @@ |
283 |
- /* This file is part of the KDE project |
284 |
- Copyright (C) 2001 George Staikos <staikos@×××.org> |
285 |
-- |
286 |
-+ |
287 |
- This library is free software; you can redistribute it and/or |
288 |
- modify it under the terms of the GNU Library General Public |
289 |
- License as published by the Free Software Foundation; either |
290 |
- version 2 of the License, or (at your option) any later version. |
291 |
-- |
292 |
-+ |
293 |
- This library is distributed in the hope that it will be useful, |
294 |
- but WITHOUT ANY WARRANTY; without even the implied warranty of |
295 |
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
296 |
- Library General Public License for more details. |
297 |
-- |
298 |
-+ |
299 |
- You should have received a copy of the GNU Library General Public License |
300 |
- along with this library; see the file COPYING.LIB. If not, write to |
301 |
- the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
302 |
- Boston, MA 02110-1301, USA. |
303 |
- */ |
304 |
- |
305 |
-- |
306 |
- #include "cbc.h" |
307 |
- #include <string.h> |
308 |
-- |
309 |
-- |
310 |
-- |
311 |
--CipherBlockChain::CipherBlockChain(BlockCipher *cipher) : _cipher(cipher) { |
312 |
-- _next = 0L; |
313 |
-- _register = 0L; |
314 |
-- _len = -1; |
315 |
-- _reader = _writer = 0L; |
316 |
-- if (cipher) { |
317 |
-- _blksz = cipher->blockSize(); |
318 |
-- } |
319 |
-+#include <kdebug.h> |
320 |
-+ |
321 |
-+CipherBlockChain::CipherBlockChain(BlockCipher *cipher, bool useECBforReading) : |
322 |
-+ _cipher(cipher) |
323 |
-+ , _useECBforReading(useECBforReading) |
324 |
-+{ |
325 |
-+ _next = 0L; |
326 |
-+ _register = 0L; |
327 |
-+ _len = -1; |
328 |
-+ _reader = _writer = 0L; |
329 |
-+ if (cipher) { |
330 |
-+ _blksz = cipher->blockSize(); |
331 |
-+ } |
332 |
- } |
333 |
- |
334 |
-- |
335 |
--CipherBlockChain::~CipherBlockChain() { |
336 |
-- delete[] (char *)_register; |
337 |
-- _register = 0L; |
338 |
-- delete[] (char *)_next; |
339 |
-- _next = 0L; |
340 |
-+CipherBlockChain::~CipherBlockChain() |
341 |
-+{ |
342 |
-+ delete[](char *)_register; |
343 |
-+ _register = 0L; |
344 |
-+ delete[](char *)_next; |
345 |
-+ _next = 0L; |
346 |
- } |
347 |
- |
348 |
-- |
349 |
--bool CipherBlockChain::setKey(void *key, int bitlength) { |
350 |
-- if (_cipher) { |
351 |
-- return _cipher->setKey(key, bitlength); |
352 |
-- } |
353 |
-- return false; |
354 |
-+bool CipherBlockChain::setKey(void *key, int bitlength) |
355 |
-+{ |
356 |
-+ if (_cipher) { |
357 |
-+ return _cipher->setKey(key, bitlength); |
358 |
-+ } |
359 |
-+ return false; |
360 |
- } |
361 |
- |
362 |
-- |
363 |
--int CipherBlockChain::keyLen() const { |
364 |
-- if (_cipher) { |
365 |
-- return _cipher->keyLen(); |
366 |
-- } |
367 |
-- return -1; |
368 |
-+int CipherBlockChain::keyLen() const |
369 |
-+{ |
370 |
-+ if (_cipher) { |
371 |
-+ return _cipher->keyLen(); |
372 |
-+ } |
373 |
-+ return -1; |
374 |
- } |
375 |
- |
376 |
-- |
377 |
--bool CipherBlockChain::variableKeyLen() const { |
378 |
-- if (_cipher) { |
379 |
-- return _cipher->variableKeyLen(); |
380 |
-- } |
381 |
-- return false; |
382 |
-+bool CipherBlockChain::variableKeyLen() const |
383 |
-+{ |
384 |
-+ if (_cipher) { |
385 |
-+ return _cipher->variableKeyLen(); |
386 |
-+ } |
387 |
-+ return false; |
388 |
- } |
389 |
- |
390 |
-- |
391 |
--bool CipherBlockChain::readyToGo() const { |
392 |
-- if (_cipher) { |
393 |
-- return _cipher->readyToGo(); |
394 |
-- } |
395 |
-- return false; |
396 |
-+bool CipherBlockChain::readyToGo() const |
397 |
-+{ |
398 |
-+ if (_cipher) { |
399 |
-+ return _cipher->readyToGo(); |
400 |
-+ } |
401 |
-+ return false; |
402 |
- } |
403 |
- |
404 |
-- |
405 |
--int CipherBlockChain::encrypt(void *block, int len) { |
406 |
-- if (_cipher && !_reader) { |
407 |
-- int rc; |
408 |
-- |
409 |
-- _writer |= 1; |
410 |
-- |
411 |
-- if (!_register) { |
412 |
-- _register = new unsigned char[len]; |
413 |
-- _len = len; |
414 |
-- memset(_register, 0, len); |
415 |
-- } else if (len > _len) { |
416 |
-- return -1; |
417 |
-- } |
418 |
-- |
419 |
-- // This might be optimizable |
420 |
-- char *tb = (char *)block; |
421 |
-- for (int i = 0; i < len; i++) { |
422 |
-- tb[i] ^= ((char *)_register)[i]; |
423 |
-- } |
424 |
-- |
425 |
-- rc = _cipher->encrypt(block, len); |
426 |
-- |
427 |
-- if (rc != -1) { |
428 |
-- memcpy(_register, block, len); |
429 |
-- } |
430 |
-- |
431 |
-- return rc; |
432 |
-- } |
433 |
-- return -1; |
434 |
-+void CipherBlockChain::initRegister() { |
435 |
-+ if (_register == 0L) { |
436 |
-+ size_t registerLen = _cipher->blockSize(); |
437 |
-+ _register = new unsigned char[registerLen]; |
438 |
-+ _len = registerLen; |
439 |
-+ } |
440 |
-+ memset(_register, 0, _len); |
441 |
- } |
442 |
- |
443 |
-+int CipherBlockChain::encrypt(void *block, int len) |
444 |
-+{ |
445 |
-+ if (_cipher && !_reader) { |
446 |
-+ int rc; |
447 |
- |
448 |
--int CipherBlockChain::decrypt(void *block, int len) { |
449 |
-- if (_cipher && !_writer) { |
450 |
-- int rc; |
451 |
-+ _writer |= 1; |
452 |
- |
453 |
-- _reader |= 1; |
454 |
-+ initRegister(); |
455 |
- |
456 |
-- if (!_register) { |
457 |
-- _register = new unsigned char[len]; |
458 |
-- _len = len; |
459 |
-- memset(_register, 0, len); |
460 |
-- } else if (len > _len) { |
461 |
-- return -1; |
462 |
-- } |
463 |
-+ if ((len % _len) >0) { |
464 |
-+ kDebug() << "Block length given encrypt (" << len << ") is not a multiple of " << _len; |
465 |
-+ return -1; |
466 |
-+ } |
467 |
- |
468 |
-- if (!_next) |
469 |
-- _next = new unsigned char[_len]; |
470 |
-- memcpy(_next, block, _len); |
471 |
-+ char *elemBlock = static_cast<char*>(block); |
472 |
-+ for (int b = 0; b < len/_len; b++) { |
473 |
- |
474 |
-- rc = _cipher->decrypt(block, len); |
475 |
-+ // This might be optimizable |
476 |
-+ char *tb = static_cast<char*>(elemBlock); |
477 |
-+ for (int i = 0; i < _len; i++) { |
478 |
-+ *tb++ ^= ((char *)_register)[i]; |
479 |
-+ } |
480 |
- |
481 |
-- if (rc != -1) { |
482 |
-- // This might be optimizable |
483 |
-- char *tb = (char *)block; |
484 |
-- for (int i = 0; i < len; i++) { |
485 |
-- tb[i] ^= ((char *)_register)[i]; |
486 |
-- } |
487 |
-- } |
488 |
-+ rc = _cipher->encrypt(elemBlock, _len); |
489 |
- |
490 |
-- void *temp; |
491 |
-- temp = _next; |
492 |
-- _next = _register; |
493 |
-- _register = temp; |
494 |
-+ if (rc != -1) { |
495 |
-+ memcpy(_register, elemBlock, _len); |
496 |
-+ } |
497 |
-+ elemBlock += _len; |
498 |
-+ } |
499 |
- |
500 |
-- return rc; |
501 |
-- } |
502 |
-- return -1; |
503 |
-+ return rc; |
504 |
-+ } |
505 |
-+ return -1; |
506 |
- } |
507 |
- |
508 |
-+// This is the old decrypt method, that was decrypting using ECB |
509 |
-+// instead of CBC |
510 |
-+int CipherBlockChain::decryptECB(void *block, int len) { |
511 |
-+ if (_cipher && !_writer) { |
512 |
-+ int rc; |
513 |
-+ |
514 |
-+ _reader |= 1; |
515 |
-+ |
516 |
-+ if (!_register) { |
517 |
-+ _register = new unsigned char[len]; |
518 |
-+ _len = len; |
519 |
-+ memset(_register, 0, len); |
520 |
-+ } else if (len > _len) { |
521 |
-+ return -1; |
522 |
-+ } |
523 |
-+ |
524 |
-+ if (!_next) { |
525 |
-+ _next = new unsigned char[_len]; |
526 |
-+ } |
527 |
-+ memcpy(_next, block, _len); |
528 |
-+ |
529 |
-+ rc = _cipher->decrypt(block, len); |
530 |
-+ |
531 |
-+ if (rc != -1) { |
532 |
-+ // This might be optimizable |
533 |
-+ char *tb = (char *)block; |
534 |
-+ for (int i = 0; i < len; i++) { |
535 |
-+ tb[i] ^= ((char *)_register)[i]; |
536 |
-+ } |
537 |
-+ } |
538 |
-+ |
539 |
-+ void *temp; |
540 |
-+ temp = _next; |
541 |
-+ _next = _register; |
542 |
-+ _register = temp; |
543 |
-+ |
544 |
-+ return rc; |
545 |
-+ } |
546 |
-+ return -1; |
547 |
-+} |
548 |
- |
549 |
-- |
550 |
-+int CipherBlockChain::decrypt(void *block, int len) |
551 |
-+{ |
552 |
-+ if (_useECBforReading) { |
553 |
-+ kDebug() << "decrypting using ECB!"; |
554 |
-+ return decryptECB(block, len); |
555 |
-+ } |
556 |
-+ |
557 |
-+ if (_cipher && !_writer) { |
558 |
-+ int rc = 0; |
559 |
-+ |
560 |
-+ _reader |= 1; |
561 |
-+ |
562 |
-+ initRegister(); |
563 |
-+ |
564 |
-+ if ((len % _len) >0) { |
565 |
-+ kDebug() << "Block length given for decrypt (" << len << ") is not a multiple of " << _len; |
566 |
-+ return -1; |
567 |
-+ } |
568 |
-+ |
569 |
-+ char *elemBlock = static_cast<char*>(block); |
570 |
-+ for (int b = 0; b < len/_len; b++) { |
571 |
-+ if (_next == 0L) { |
572 |
-+ _next = new unsigned char[_len]; |
573 |
-+ } |
574 |
-+ memcpy(_next, elemBlock, _len); |
575 |
-+ |
576 |
-+ int bytesDecrypted = _cipher->decrypt(elemBlock, _len); |
577 |
-+ |
578 |
-+ if (bytesDecrypted != -1) { |
579 |
-+ rc += bytesDecrypted; |
580 |
-+ // This might be optimizable |
581 |
-+ char *tb = (char *)elemBlock; |
582 |
-+ for (int i = 0; i < _len; i++) { |
583 |
-+ *tb++ ^= ((char *)_register)[i]; |
584 |
-+ } |
585 |
-+ } |
586 |
-+ |
587 |
-+ void *temp; |
588 |
-+ temp = _next; |
589 |
-+ _next = _register; |
590 |
-+ _register = temp; |
591 |
-+ |
592 |
-+ elemBlock += _len; |
593 |
-+ } |
594 |
-+ |
595 |
-+ return rc; |
596 |
-+ } |
597 |
-+ return -1; |
598 |
-+} |
599 |
- |
600 |
-diff --git a/kwalletd/backend/cbc.h b/kwalletd/backend/cbc.h |
601 |
-index 1ce971a..8750785 100644 |
602 |
---- a/kwalletd/backend/cbc.h |
603 |
-+++ b/kwalletd/backend/cbc.h |
604 |
-@@ -1,24 +1,22 @@ |
605 |
- /* This file is part of the KDE project |
606 |
- Copyright (C) 2001 George Staikos <staikos@×××.org> |
607 |
-- |
608 |
-+ |
609 |
- This library is free software; you can redistribute it and/or |
610 |
- modify it under the terms of the GNU Library General Public |
611 |
- License as published by the Free Software Foundation; either |
612 |
- version 2 of the License, or (at your option) any later version. |
613 |
-- |
614 |
-+ |
615 |
- This library is distributed in the hope that it will be useful, |
616 |
- but WITHOUT ANY WARRANTY; without even the implied warranty of |
617 |
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
618 |
- Library General Public License for more details. |
619 |
-- |
620 |
-+ |
621 |
- You should have received a copy of the GNU Library General Public License |
622 |
- along with this library; see the file COPYING.LIB. If not, write to |
623 |
- the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
624 |
- Boston, MA 02110-1301, USA. |
625 |
- */ |
626 |
- |
627 |
-- |
628 |
-- |
629 |
- #ifndef __CBC__KO__H |
630 |
- #define __CBC__KO__H |
631 |
- |
632 |
-@@ -33,30 +31,34 @@ |
633 |
- * calls to the other will fail in this instance. |
634 |
- */ |
635 |
- |
636 |
--class CipherBlockChain : public BlockCipher { |
637 |
-- public: |
638 |
-- CipherBlockChain(BlockCipher *cipher); |
639 |
-- virtual ~CipherBlockChain(); |
640 |
-+class CipherBlockChain : public BlockCipher |
641 |
-+{ |
642 |
-+public: |
643 |
-+ CipherBlockChain(BlockCipher *cipher, bool useECBforReading =false); |
644 |
-+ virtual ~CipherBlockChain(); |
645 |
- |
646 |
-- virtual bool setKey(void *key, int bitlength); |
647 |
-+ virtual bool setKey(void *key, int bitlength); |
648 |
- |
649 |
-- virtual int keyLen() const; |
650 |
-+ virtual int keyLen() const; |
651 |
- |
652 |
-- virtual bool variableKeyLen() const; |
653 |
-+ virtual bool variableKeyLen() const; |
654 |
- |
655 |
-- virtual bool readyToGo() const; |
656 |
-+ virtual bool readyToGo() const; |
657 |
- |
658 |
-- virtual int encrypt(void *block, int len); |
659 |
-+ virtual int encrypt(void *block, int len); |
660 |
- |
661 |
-- virtual int decrypt(void *block, int len); |
662 |
-+ virtual int decrypt(void *block, int len); |
663 |
- |
664 |
-- private: |
665 |
-- BlockCipher *_cipher; |
666 |
-- void *_register; |
667 |
-- void *_next; |
668 |
-- int _len; |
669 |
-- int _reader, _writer; |
670 |
-+private: |
671 |
-+ void initRegister(); |
672 |
-+ int decryptECB(void *block, int len); |
673 |
- |
674 |
-+ BlockCipher *_cipher; |
675 |
-+ void *_register; |
676 |
-+ void *_next; |
677 |
-+ int _len; |
678 |
-+ int _reader, _writer; |
679 |
-+ bool _useECBforReading; |
680 |
- }; |
681 |
- |
682 |
- #endif |
683 |
-diff --git a/kwalletd/backend/tests/testbf.cpp b/kwalletd/backend/tests/testbf.cpp |
684 |
-index 12dc746..b3d554a 100644 |
685 |
---- a/kwalletd/backend/tests/testbf.cpp |
686 |
-+++ b/kwalletd/backend/tests/testbf.cpp |
687 |
-@@ -4,64 +4,60 @@ |
688 |
- #include "blowfish.h" |
689 |
- #include "cbc.h" |
690 |
- |
691 |
-- |
692 |
--int main() { |
693 |
--BlockCipher *bf; |
694 |
--char data[] = "This is a test."; |
695 |
--char expect[] = "\x22\x30\x7e\x2f\x42\x28\x44\x01\xda\xdf\x5a\x81\xd7\xe5\x7c\xd0"; |
696 |
--char key[] = "testkey"; |
697 |
--unsigned long et[] = {0x11223344}; |
698 |
-- |
699 |
-- printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0], |
700 |
-- 0x11, 0x44); |
701 |
-- bf = new BlowFish(); |
702 |
-+int main() |
703 |
-+{ |
704 |
-+ BlockCipher *bf; |
705 |
-+ char data[] = "This is a test."; |
706 |
-+ char expect[] = "\x3f\x3c\x2d\xae\x8c\x7\x84\xf2\xa7\x6d\x28\xbd\xd\xb\xb8\x79"; |
707 |
-+ char key[] = "testkey"; |
708 |
-+ unsigned long et[] = {0x11223344}; |
709 |
-+ |
710 |
-+ printf("%d: 0x11 == %d and 0x44 == %d\n", ((unsigned char *)et)[0], |
711 |
-+ 0x11, 0x44); |
712 |
-+ bf = new BlowFish(); |
713 |
- // bf = new CipherBlockChain(new BlowFish()); |
714 |
- |
715 |
-- bf->setKey((void *)key, 7*8); |
716 |
-- |
717 |
-- if (!bf->readyToGo()) { |
718 |
-- printf("Error: not ready to go!\n"); |
719 |
-- return -1; |
720 |
-- } |
721 |
-+ bf->setKey((void *)key, 7 * 8); |
722 |
- |
723 |
-- printf("About to encrypt...\n"); fflush(stdout); |
724 |
-- if (-1 == bf->encrypt((void *)data, 8)) { |
725 |
-- printf("Error: encrypt failed!\n"); |
726 |
-- return -1; |
727 |
-- } |
728 |
-- printf("About to encrypt part 2...\n"); fflush(stdout); |
729 |
-- bf->encrypt((void *)(data+8), 8); |
730 |
-- |
731 |
-- printf("Encryption done. data[] is now: "); |
732 |
-- for (int i = 0; i < 16; i++) { |
733 |
-- printf("0x%x ", data[i]&0xff); |
734 |
-- if ((data[i]&0xff) != (expect[i]&0xff)) { |
735 |
-- printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i]&0xff); |
736 |
-+ if (!bf->readyToGo()) { |
737 |
-+ printf("Error: not ready to go!\n"); |
738 |
- return -1; |
739 |
-- } |
740 |
-- } |
741 |
-- printf("\n"); |
742 |
-+ } |
743 |
- |
744 |
-- delete bf; |
745 |
-- bf = new BlowFish(); |
746 |
-+ printf("About to encrypt...\n"); fflush(stdout); |
747 |
-+ if (-1 == bf->encrypt((void *)data, 16)) { |
748 |
-+ printf("Error: encrypt failed!\n"); |
749 |
-+ return -1; |
750 |
-+ } |
751 |
-+ |
752 |
-+ printf("Encryption done. data[] is now: "); |
753 |
-+ for (int i = 0; i < 16; i++) { |
754 |
-+ printf("0x%x ", data[i] & 0xff); |
755 |
-+ if ((data[i] & 0xff) != (expect[i] & 0xff)) { |
756 |
-+ printf("Error. This byte failed the comparison. It should have been 0x%x.\n", expect[i] & 0xff); |
757 |
-+ break; |
758 |
-+ } |
759 |
-+ } |
760 |
-+ printf("\n"); |
761 |
-+ |
762 |
-+ delete bf; |
763 |
-+ bf = new BlowFish(); |
764 |
- // bf = new CipherBlockChain(new BlowFish()); |
765 |
-- bf->setKey((void *)key, 7*8); |
766 |
-+ bf->setKey((void *)key, 7 * 8); |
767 |
- |
768 |
-- printf("About to decrypt...\n"); fflush(stdout); |
769 |
-- if (-1 == bf->decrypt((void *)data, 16)) { |
770 |
-- printf("Error: decrypt failed!\n"); |
771 |
-- return -1; |
772 |
-- } |
773 |
-- //bf->decrypt((void *)(data+8), 8); |
774 |
-+ printf("About to decrypt...\n"); fflush(stdout); |
775 |
-+ if (-1 == bf->decrypt((void *)data, 16)) { |
776 |
-+ printf("Error: decrypt failed!\n"); |
777 |
-+ return -1; |
778 |
-+ } |
779 |
-+ //bf->decrypt((void *)(data+8), 8); |
780 |
- |
781 |
-- printf("All done! Result... data[] = \"%s\"\n", data); |
782 |
-- if (strcmp(data, "This is a test.")) { |
783 |
-- printf("ERROR. Decryption failed.\n"); |
784 |
-- return -1; |
785 |
-- } |
786 |
-+ printf("All done! Result... data[] = \"%s\"\n", data); |
787 |
-+ if (strcmp(data, "This is a test.")) { |
788 |
-+ printf("ERROR. Decryption failed.\n"); |
789 |
-+ return -1; |
790 |
-+ } |
791 |
- |
792 |
-- delete bf; |
793 |
-+ delete bf; |
794 |
- } |
795 |
- |
796 |
-- |
797 |
-- |
798 |
--- |
799 |
-2.2.1 |
800 |
- |
801 |
|
802 |
diff --git a/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch b/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch |
803 |
deleted file mode 100644 |
804 |
index 7443e3f..0000000 |
805 |
--- a/kde-apps/kwalletd/files/kwalletd-4.14.3-fix-random-open.patch |
806 |
+++ /dev/null |
807 |
@@ -1,152 +0,0 @@ |
808 |
-commit 33a17ba0104cd94f2e33a3ac007b300553cdb417 |
809 |
-Author: Valentin Rusu <kde@××××.info> |
810 |
-Date: Mon Feb 16 22:44:07 2015 +0100 |
811 |
- |
812 |
- Fix for the random wallet open failure when updating |
813 |
- |
814 |
- The problem seems to be caused by the use of BackendPersistHandler |
815 |
- singleton when the user has several wallets on his system and not |
816 |
- all of them have been updated to the new schema. |
817 |
- |
818 |
- BUG: 343718 |
819 |
- |
820 |
-diff --git a/kwalletd/backend/backendpersisthandler.cpp b/kwalletd/backend/backendpersisthandler.cpp |
821 |
-index 5c321c9..b7f63f8 100644 |
822 |
---- a/kwalletd/backend/backendpersisthandler.cpp |
823 |
-+++ b/kwalletd/backend/backendpersisthandler.cpp |
824 |
-@@ -140,25 +140,14 @@ static int getRandomBlock(QByteArray& randBlock) { |
825 |
- #endif |
826 |
- } |
827 |
- |
828 |
-- |
829 |
-- |
830 |
--static BlowfishPersistHandler *blowfishHandler =0; |
831 |
--#ifdef HAVE_QGPGME |
832 |
--static GpgPersistHandler *gpgHandler =0; |
833 |
--#endif // HAVE_QGPGME |
834 |
-- |
835 |
- BackendPersistHandler *BackendPersistHandler::getPersistHandler(BackendCipherType cipherType) |
836 |
- { |
837 |
- switch (cipherType){ |
838 |
- case BACKEND_CIPHER_BLOWFISH: |
839 |
-- if (0 == blowfishHandler) |
840 |
-- blowfishHandler = new BlowfishPersistHandler; |
841 |
-- return blowfishHandler; |
842 |
-+ return new BlowfishPersistHandler; |
843 |
- #ifdef HAVE_QGPGME |
844 |
- case BACKEND_CIPHER_GPG: |
845 |
-- if (0 == gpgHandler) |
846 |
-- gpgHandler = new GpgPersistHandler; |
847 |
-- return gpgHandler; |
848 |
-+ return new GpgPersistHandler; |
849 |
- #endif // HAVE_QGPGME |
850 |
- default: |
851 |
- Q_ASSERT(0); |
852 |
-@@ -170,21 +159,16 @@ BackendPersistHandler *BackendPersistHandler::getPersistHandler(char magicBuf[12 |
853 |
- { |
854 |
- if ((magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB || magicBuf[2] == KWALLET_CIPHER_BLOWFISH_CBC) && |
855 |
- (magicBuf[3] == KWALLET_HASH_SHA1 || magicBuf[3] == KWALLET_HASH_PBKDF2_SHA512)) { |
856 |
-- if (0 == blowfishHandler) { |
857 |
-- bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB; |
858 |
-- if (useECBforReading) { |
859 |
-- qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save."; |
860 |
-- } |
861 |
-- blowfishHandler = new BlowfishPersistHandler(useECBforReading); |
862 |
-+ bool useECBforReading = magicBuf[2] == KWALLET_CIPHER_BLOWFISH_ECB; |
863 |
-+ if (useECBforReading) { |
864 |
-+ qDebug() << "this wallet uses ECB encryption. It'll be converted to CBC on next save."; |
865 |
- } |
866 |
-- return blowfishHandler; |
867 |
-+ return new BlowfishPersistHandler(useECBforReading); |
868 |
- } |
869 |
- #ifdef HAVE_QGPGME |
870 |
- if (magicBuf[2] == KWALLET_CIPHER_GPG && |
871 |
- magicBuf[3] == 0) { |
872 |
-- if (0 == gpgHandler) |
873 |
-- gpgHandler = new GpgPersistHandler; |
874 |
-- return gpgHandler; |
875 |
-+ return new GpgPersistHandler; |
876 |
- } |
877 |
- #endif // HAVE_QGPGME |
878 |
- return 0; // unknown cipher or hash |
879 |
-diff --git a/kwalletd/backend/kwalletbackend.cc b/kwalletd/backend/kwalletbackend.cc |
880 |
-index 7d439e3..9240103 100644 |
881 |
---- a/kwalletd/backend/kwalletbackend.cc |
882 |
-+++ b/kwalletd/backend/kwalletbackend.cc |
883 |
-@@ -266,7 +266,7 @@ int Backend::open(const QByteArray& password, WId w) { |
884 |
- if (_open) { |
885 |
- return -255; // already open |
886 |
- } |
887 |
-- |
888 |
-+ |
889 |
- setPassword(password); |
890 |
- return openInternal(w); |
891 |
- } |
892 |
-@@ -287,20 +287,20 @@ int Backend::openPreHashed(const QByteArray &passwordHash) |
893 |
- if (_open) { |
894 |
- return -255; // already open |
895 |
- } |
896 |
-- |
897 |
-+ |
898 |
- // check the password hash for correct size (currently fixed) |
899 |
- if (passwordHash.size() != 20 && passwordHash.size() != 40 && |
900 |
- passwordHash.size() != 56) { |
901 |
- return -42; // unsupported encryption scheme |
902 |
- } |
903 |
-- |
904 |
-+ |
905 |
- _passhash = passwordHash; |
906 |
- _newPassHash = passwordHash; |
907 |
- _useNewHash = true;//Only new hash is supported |
908 |
- |
909 |
- return openInternal(); |
910 |
- } |
911 |
-- |
912 |
-+ |
913 |
- int Backend::openInternal(WId w) |
914 |
- { |
915 |
- // No wallet existed. Let's create it. |
916 |
-@@ -350,7 +350,9 @@ int Backend::openInternal(WId w) |
917 |
- if (0 == phandler){ |
918 |
- return 42; // unknown cipher or hash |
919 |
- } |
920 |
-- return phandler->read(this, db, w); |
921 |
-+ int result = phandler->read(this, db, w); |
922 |
-+ delete phandler; |
923 |
-+ return result; |
924 |
- } |
925 |
- |
926 |
- void Backend::swapToNewHash() |
927 |
-@@ -427,6 +429,7 @@ int Backend::sync(WId w) { |
928 |
- notification->setText( i18n("Failed to sync wallet <b>%1</b> to disk. Error codes are:\nRC <b>%2</b>\nSF <b>%3</b>. Please file a BUG report using this information to bugs.kde.org").arg(_name).arg(rc).arg(sf.errorString()) ); |
929 |
- notification->sendEvent(); |
930 |
- } |
931 |
-+ delete phandler; |
932 |
- return rc; |
933 |
- } |
934 |
- |
935 |
-@@ -439,7 +442,7 @@ int Backend::close(bool save) { |
936 |
- return rc; |
937 |
- } |
938 |
- } |
939 |
-- |
940 |
-+ |
941 |
- // do the actual close |
942 |
- for (FolderMap::ConstIterator i = _entries.constBegin(); i != _entries.constEnd(); ++i) { |
943 |
- for (EntryMap::ConstIterator j = i.value().constBegin(); j != i.value().constEnd(); ++j) { |
944 |
-@@ -447,13 +450,13 @@ int Backend::close(bool save) { |
945 |
- } |
946 |
- } |
947 |
- _entries.clear(); |
948 |
-- |
949 |
-+ |
950 |
- // empty the password hash |
951 |
- _passhash.fill(0); |
952 |
- _newPassHash.fill(0); |
953 |
- |
954 |
- _open = false; |
955 |
-- |
956 |
-+ |
957 |
- return 0; |
958 |
- } |
959 |
- |