[perl] Use stronger algorithm needed for FIPS in t/op/taint.t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



commit 55d8c0d4e2e1afa9e47a30ccb8cfb39b031f352e
Author: Petr Písař <ppisar@xxxxxxxxxx>
Date:   Mon Dec 1 16:14:00 2014 +0100

    Use stronger algorithm needed for FIPS in t/op/taint.t

 ...t-Perform-SHA-256-algorithm-by-crypt-if-d.patch |   47 ++++++++++++++++++++
 perl.spec                                          |    7 +++
 2 files changed, 54 insertions(+), 0 deletions(-)
---
diff --git a/perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch b/perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch
new file mode 100644
index 0000000..4a4fca1
--- /dev/null
+++ b/perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch
@@ -0,0 +1,47 @@
+From 0a370b8f77bd4b1be3f776257869e5c85eb9e8e2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@xxxxxxxxxx>
+Date: Mon, 1 Dec 2014 15:28:36 +0100
+Subject: [PATCH] t/op/taint.t: Perform SHA-256 algorithm by crypt() if default
+ one is disabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The crypt(3) call may return NULL. This is the case on FIPS-enabled
+platforms. Then "tainted crypt" test would fail.
+
+See RT#121591 for similar fix in t/op/crypt.t.
+
+Signed-off-by: Petr Písař <ppisar@xxxxxxxxxx>
+---
+ t/op/taint.t | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/t/op/taint.t b/t/op/taint.t
+index f9e8331..a13fde4 100644
+--- a/t/op/taint.t
++++ b/t/op/taint.t
+@@ -1967,7 +1967,19 @@ foreach my $ord (78, 163, 256) {
+   SKIP: {
+       skip 'No crypt function, skipping crypt tests', 4 if(!$Config{d_crypt});
+       # 59998
+-      sub cr { my $x = crypt($_[0], $_[1]); $x }
++      sub cr {
++          # On platforms implementing FIPS mode, using a weak algorithm
++          # (including the default triple-DES algorithm) causes crypt(3) to
++          # return a null pointer, which Perl converts into undef. We assume
++          # for now that all such platforms support glibc-style selection of
++          # a different hashing algorithm.
++          my $alg = '';       # Use default algorithm
++          if ( !defined(crypt("ab", "cd")) ) {
++              $alg = '$5$';   # Use SHA-256
++          }
++          my $x = crypt($_[0], $alg . $_[1]);
++          $x
++      }
+       sub co { my $x = ~$_[0]; $x }
+       my ($a, $b);
+       $a = cr('hello', 'foo' . $TAINT);
+-- 
+1.9.3
+
diff --git a/perl.spec b/perl.spec
index ac51a12..b886938 100644
--- a/perl.spec
+++ b/perl.spec
@@ -97,6 +97,10 @@ Patch26:        perl-5.18.2-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-
 # in upstream after 5.21.6
 Patch27:        perl-5.21.6-Report-inaccesible-file-on-failed-require.patch
 
+# Use stronger algorithm needed for FIPS in t/op/taint.t, bug #1128032,
+# RT#123338
+Patch28:        perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -1977,6 +1981,7 @@ tarball from perl.org.
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -1997,6 +2002,7 @@ perl -x patchlevel.h \
     'Fedora Patch25: Use stronger algorithm needed for FIPS in t/op/crypt.t (RT#121591)' \
     'Fedora Patch26: Make *DBM_File desctructors thread-safe (RT#61912)' \
     'Fedora Patch27: Report inaccesible file on failed require (RT#123270)' \
+    'Fedora Patch28: Use stronger algorithm needed for FIPS in t/op/taint.t (RT#123338)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -3789,6 +3795,7 @@ sed \
 %changelog
 * Mon Dec 01 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.20.1-315
 - Report inaccesible file on failed require (bug #1166504)
+- Use stronger algorithm needed for FIPS in t/op/taint.t (bug #1128032)
 
 * Wed Nov 19 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 4:5.20.1-314
 - Consider Filter::Util::Call dependency as mandatory (bug #1165183)
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel





[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]
  Powered by Linux