From 5970473ac8b486d619589840ab86276369f1606c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 01 2017 13:05:32 +0000
Subject: import libtomcrypt-1.17-26.el7


---

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c8e3c69
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/crypt-1.17.tar.bz2
diff --git a/.libtomcrypt.metadata b/.libtomcrypt.metadata
new file mode 100644
index 0000000..6fa3df3
--- /dev/null
+++ b/.libtomcrypt.metadata
@@ -0,0 +1 @@
+9c746822c84e4276e432b64964f94d1d5ddd13ad SOURCES/crypt-1.17.tar.bz2
diff --git a/README.md b/README.md
deleted file mode 100644
index 98f42b4..0000000
--- a/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/libtomcrypt-CVE-2016-6129.patch b/SOURCES/libtomcrypt-CVE-2016-6129.patch
new file mode 100644
index 0000000..32351da
--- /dev/null
+++ b/SOURCES/libtomcrypt-CVE-2016-6129.patch
@@ -0,0 +1,28 @@
+diff -Naur libtomcrypt-1.17.old/src/pk/rsa/rsa_verify_hash.c libtomcrypt-1.17/src/pk/rsa/rsa_verify_hash.c
+--- libtomcrypt-1.17.old/src/pk/rsa/rsa_verify_hash.c	2017-06-25 22:53:28.345381447 +0200
++++ libtomcrypt-1.17/src/pk/rsa/rsa_verify_hash.c	2017-06-25 22:53:33.766484337 +0200
+@@ -96,7 +96,7 @@
+   } else {
+     /* LTC_PKCS #1 v1.5 decode it */
+     unsigned char *out;
+-    unsigned long outlen, loid[16];
++    unsigned long outlen, loid[16], reallen;
+     int           decoded;
+     ltc_asn1_list digestinfo[2], siginfo[2];
+ 
+@@ -138,8 +138,14 @@
+        goto bail_2;
+     }
+ 
++    if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
++       XFREE(out);
++       goto bail_2;
++    }
++
+     /* test OID */
+-    if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
++    if ((reallen == outlen) &&
++        (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+         (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
+         (siginfo[1].size == hashlen) &&
+         (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
diff --git a/SOURCES/libtomcrypt-makefile.patch b/SOURCES/libtomcrypt-makefile.patch
new file mode 100644
index 0000000..c8b12e6
--- /dev/null
+++ b/SOURCES/libtomcrypt-makefile.patch
@@ -0,0 +1,17 @@
+--- libtomcrypt-1.17.orig/makefile.shared	2007-05-12 08:46:25.000000000 -0600
++++ libtomcrypt-1.17/makefile.shared	2007-06-27 21:56:29.000000000 -0600
+@@ -29,10 +29,12 @@
+ ifndef IGNORE_SPEED
+ 
+ # optimize for SPEED
+-CFLAGS += -O3 -funroll-loops
++#   removed for building in Fedora
++#CFLAGS += -O3 -funroll-loops
+ 
+ # add -fomit-frame-pointer.  hinders debugging!
+-CFLAGS += -fomit-frame-pointer
++#   removed for building in Fedora
++#CFLAGS += -fomit-frame-pointer
+ 
+ # optimize for SIZE
+ #CFLAGS += -Os -DLTC_SMALL_CODE
diff --git a/SOURCES/libtomcrypt-pkgconfig.patch b/SOURCES/libtomcrypt-pkgconfig.patch
new file mode 100644
index 0000000..d6ec814
--- /dev/null
+++ b/SOURCES/libtomcrypt-pkgconfig.patch
@@ -0,0 +1,34 @@
+--- libtomcrypt-1.17.orig/makefile.shared
++++ libtomcrypt-1.17/makefile.shared
+@@ -248,15 +248,16 @@
+ 
+ objs: $(OBJECTS)
+ 
+-$(LIBNAME): $(OBJECTS) testprof/$(LIBTEST)
++$(LIBNAME): $(OBJECTS)
+ 	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
+ 
+ install: $(LIBNAME)
+ 	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
+-	cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install
+ 	libtool --silent --mode=install install -c libtomcrypt.la $(DESTDIR)$(LIBPATH)/libtomcrypt.la
+ 	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+ 	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
++	install -d $(DESTDIR)$(LIBPATH)/pkgconfig
++	install -m 0644 -g $(GROUP) -o $(USER) libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
+ 
+ #This rule makes the hash program included with libtomcrypt
+ hashsum: library
+--- libtomcrypt-1.17.orig/libtomcrypt.pc
++++ libtomcrypt-1.17/libtomcrypt.pc
+@@ -0,0 +1,10 @@
++prefix=/usr
++exec_prefix=${prefix}
++libdir=${exec_prefix}/lib
++includedir=${prefix}/include
++
++Name: LibTomCrypt
++Description: public domain open source cryptographic toolkit
++Version: 1.17
++Libs: -L${libdir} -ltomcrypt
++Cflags: -I${includedir}
diff --git a/SOURCES/libtomcrypt-two-key-triple-des.patch b/SOURCES/libtomcrypt-two-key-triple-des.patch
new file mode 100644
index 0000000..9a48a20
--- /dev/null
+++ b/SOURCES/libtomcrypt-two-key-triple-des.patch
@@ -0,0 +1,53 @@
+From 445dfa67a64dcd30067dab823f6bae31d1019c1e Mon Sep 17 00:00:00 2001
+From: Paul Howarth <paul@city-fan.org>
+Date: Tue, 15 Apr 2014 11:25:18 +0100
+Subject: [PATCH] des.c: Add support for two-key Triple-DES
+
+Add two-key 3DES support, needed by pycrypto.
+
+This commit is based on the one for the bundled libtomcrypt 1.16
+code in pycrypto:
+
+https://github.com/dlitz/pycrypto/commit/65085f16
+---
+ src/ciphers/des.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/src/ciphers/des.c b/src/ciphers/des.c
+index af3a4d0..0034c80 100644
+--- a/src/ciphers/des.c
++++ b/src/ciphers/des.c
+@@ -1562,17 +1562,27 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
+         return CRYPT_INVALID_ROUNDS;
+     }
+ 
+-    if (keylen != 24) {
++    if (keylen != 24 && keylen != 16) {
+         return CRYPT_INVALID_KEYSIZE;
+     }
+ 
+     deskey(key,    EN0, skey->des3.ek[0]);
+     deskey(key+8,  DE1, skey->des3.ek[1]);
+-    deskey(key+16, EN0, skey->des3.ek[2]);
++    if (keylen == 24) {
++        deskey(key+16, EN0, skey->des3.ek[2]);
++    } else {
++        /* two-key 3DES: K3=K1 */
++        deskey(key, EN0, skey->des3.ek[2]);
++    }
+ 
+     deskey(key,    DE1, skey->des3.dk[2]);
+     deskey(key+8,  EN0, skey->des3.dk[1]);
+-    deskey(key+16, DE1, skey->des3.dk[0]);
++    if (keylen == 24) {
++        deskey(key+16, DE1, skey->des3.dk[0]);
++    } else {
++        /* two-key 3DES: K3=K1 */
++        deskey(key, DE1, skey->des3.dk[0]);
++    }
+ 
+     return CRYPT_OK;
+ }
+-- 
+1.9.0
+
diff --git a/SPECS/libtomcrypt.spec b/SPECS/libtomcrypt.spec
new file mode 100644
index 0000000..851250d
--- /dev/null
+++ b/SPECS/libtomcrypt.spec
@@ -0,0 +1,203 @@
+Name:           libtomcrypt
+Version:        1.17
+Release:        26%{?dist}
+Summary:        A comprehensive, portable cryptographic toolkit
+License:        Public Domain
+URL:            http://www.libtom.net/
+
+Source0:        https://github.com/libtom/%{name}/releases/download/%{version}/crypt-%{version}.tar.bz2
+Patch0:         %{name}-makefile.patch
+Patch1:         %{name}-pkgconfig.patch
+Patch2:         %{name}-two-key-triple-des.patch
+Patch3:         %{name}-CVE-2016-6129.patch
+
+BuildRequires:  ghostscript
+BuildRequires:  libtommath-devel >= 0.42.0-3
+BuildRequires:  libtool
+
+%if 0%{?fedora} || 0%{?rhel} >= 7
+BuildRequires:  tex(dvips)
+BuildRequires:  tex(latex)
+%else
+BuildRequires:  tetex-dvips
+BuildRequires:  tetex-latex
+%endif
+
+Requires:       libtommath >= 0.42.0
+
+%description
+A comprehensive, modular and portable cryptographic toolkit that provides
+developers with a vast array of well known published block ciphers, one-way hash
+functions, chaining modes, pseudo-random number generators, public key
+cryptography and a plethora of other routines.
+
+Designed from the ground up to be very simple to use. It has a modular and
+standard API that allows new ciphers, hashes and PRNGs to be added or removed
+without change to the overall end application. It features easy to use functions
+and a complete user manual which has many source snippet examples. 
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%package        doc
+Summary:        Documentation files for %{name}
+BuildArch:      noarch
+Provides:       %{name}-doc = %{version}-%{release}
+Obsoletes:      %{name}-doc < 1.17-19
+
+
+%description    doc
+The %{name}-doc package contains documentation for use with %{name}.
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+
+%build
+# No configure script ships with libtomcrypt. Its only requirement is ANSI C and
+# libtommath. Explicitly force it to be built against libtommath.
+export CFLAGS="$RPM_OPT_FLAGS -DLTM_DESC -fno-strict-aliasing"
+make %{?_smp_mflags} LIBPATH=%{_libdir} EXTRALIBS="-ltommath" -f makefile.shared 
+make %{?_smp_mflags} LIBPATH=%{_libdir} -f makefile docs
+
+%check
+export CFLAGS="$RPM_OPT_FLAGS -DLTM_DESC -DUSE_LTM -fno-strict-aliasing"
+make %{?_smp_mflags} LIBPATH=%{_libdir} EXTRALIBS="-ltommath" test
+./test
+
+%install
+# There is no configure script that ships with libtomcrypt but it does
+# understand DESTDIR and its installs via that and the INSTALL_USER and
+# INSTALL_GROUP environment variables.
+export INSTALL_USER=$(id -un)
+export INSTALL_GROUP=$(id -gn)
+export CFLAGS="$RPM_OPT_FLAGS -DLTM_DESC -DUSE_LTM -fno-strict-aliasing"
+
+make install DESTDIR=%{buildroot} LIBPATH=%{_libdir} EXTRALIBS="-ltommath" -f makefile.shared
+find %{buildroot} -name '*.h' -exec chmod 644 {} \;
+find %{buildroot} -name '*.c' -exec chmod 644 {} \;
+chmod 644 LICENSE
+
+# Remove unneeded files
+find %{buildroot} -name '*.la' -delete
+find %{buildroot} -name '*.a' -delete
+find %{buildroot} -name 'libtomcrypt_prof*' -delete
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%license LICENSE
+%{_libdir}/*.so.*
+
+%files devel
+%{_includedir}/*.h
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/libtomcrypt.pc
+
+%files doc
+%doc LICENSE doc/crypt.pdf
+
+%changelog
+* Tue Jun 27 2017 Pavel Cahyna <pcahyna@redhat.com> - 1.17-26
+- Merge EPEL changes: fix CVE-2016-6129 (#1370955, #1370957), update URLs (#1463608, #1463547)
+- Fix strict aliasing warnings by adding -fno-strict-aliasing
+    
+* Fri May 12 2017 Pavel Cahyna <pcahyna@redhat.com> - 1.17-25
+- Rebuild for RHEL 7.4 Extras
+
+* Mon May 08 2017 Yaakov Selkowitz <yselkowi@redhat.com> - 1.17-24
+- Build on multiple architectures
+
+* Tue Dec 08 2015 Jaromir Capik <jcapik@redhat.com> - 1.17-23
+- Workaround for ghostscript segfault on ppc64le
+
+* Thu May 15 2014 Paul Howarth <paul@city-fan.org> - 1.17-22
+- Add two-key 3DES support, needed by pycrypto.
+
+* Sun Sep 29 2013 Simone Caronni <negativo17@gmail.com> - 1.17-21
+- Move headers to default location.
+
+* Thu Aug 08 2013 Simone Caronni <negativo17@gmail.com> - 1.17-20
+- Make doc package noarch.
+- Remove executable bits from LICENSE file and source files.
+- Require isaed library for devel subpackage.
+- Require CVE fixed libtommath library.
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Jun 06 2013 Simone Caronni <negativo17@gmail.com> - 1.17-18
+- Fix build requirements for RHEL 6 and Fedora 17.
+
+* Tue Jun 04 2013 David Woodhouse <David.Woodhouse@intel.com> - 1.17-17
+- Fix tex/latex BuildRequires
+
+* Mon Jun 03 2013 Simone Caronni <negativo17@gmail.com> - 1.17-16
+- Update SPEC, remove obsolete tags, fix formatting.
+- Add patch for pkg config (libtomcrypt.pc).
+- Add correct build requirements for Fedora 19+ and RHEL 7+.
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.17-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.17-9
+- Autorebuild for GCC 4.3
+
+* Sun Nov 25 2007 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.17-8
+- Resolve multilib conflicts from Bug #342431 by splitting out 
+  documentation to libtomcrypt-docs subpackage
+- fix rpmlint Summary: warning
+
+* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 1.17-7
+- Rebuild for selinux ppc32 issue.
+
+* Tue Jul 10 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.17-6
+- turn off optimization for ppc64 to work around Bug #239003
+
+* Sat Jun 30 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.17-5
+- removed package name from summary
+- fixed URL and Source0 links
+- really fixed linkage flag this time, added it to the build section not
+  just the check.
+
+* Fri Jun 29 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.17-4
+- fixed linkage flag with correct tommath name
+- added check section
+- removed libtomcrypt_prof libraries from package
+- remove package name from summary
+
+* Wed Jun 27 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.17-3
+- create makefile patch to ensure RPM_OPT_FLAGS is honored
+- install headers into _includedir/tomcrypt
+- add location of libtommath headers to CFLAGS
+
+* Sat Jun 23 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.17-2
+- update build process to pass LIBPATH to make
+
+* Fri Jun 22 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.17-1
+- Initial spec file creation