diff --git a/aeskeyfind-30_big-files-support.patch b/aeskeyfind-30_big-files-support.patch new file mode 100644 index 0000000..4e477a7 --- /dev/null +++ b/aeskeyfind-30_big-files-support.patch @@ -0,0 +1,55 @@ +Description: Support for files bigger than 4GB + aeskeyfind has a bug where it fails to process a file larger than 4GB properly. + Instead it will process only filesize & 0xffffffff. Sign confusion in entropy + function can also lead to a crash when processing a large file. Finally, on + 32-bit systems size parameter to mmap would get quietly truncated. + + PS. Due to the design limitations the application cannot scan very large files + on 32-bit systems. This patch doesn't address that limitation, it however makes + the application fail gracefully if the situation is met. + + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926786 +Author: Harry Sintonen +Index: aeskeyfind/aeskeyfind.c +=================================================================== +--- aeskeyfind.orig/aeskeyfind.c ++++ aeskeyfind/aeskeyfind.c +@@ -90,7 +90,7 @@ static void print_key(uint32_t* map, int + // more than 8 repeats of any byte. This is a primitive measure of + // entropy, but it works well enough. The function keeps track of a + // sliding window of byte counts. +-static int entropy(const uint8_t* bmap, int i) ++static int entropy(const uint8_t* bmap, size_t i) + { + static int new_call = 1; + static int byte_freq[256] = {0}; +@@ -208,7 +208,7 @@ static void find_keys(const uint8_t* bma + + // Memory maps filename and return a pointer on success, setting len + // to the length of the file (does not return on error) +-unsigned char *map_file(char *filename, unsigned int *len) { ++unsigned char *map_file(char *filename, size_t *len) { + int fd = open(filename, O_RDONLY); + if (fd < 0) + err(1, "image open failed"); +@@ -217,6 +217,11 @@ unsigned char *map_file(char *filename, + if (fstat(fd, &st) != 0) + err(1, "image fstat failed"); + ++ if (st.st_size > SIZE_MAX) { ++ errno = EINVAL; ++ err(1, "image too large to mmap"); ++ } ++ + unsigned char *map; + map = (unsigned char*)mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (map == MAP_FAILED) +@@ -265,7 +270,7 @@ int main(int argc, char * argv[]) + exit(1); + } + +- unsigned int len; ++ size_t len; + unsigned char *image = map_file(argv[0], &len); + if (len < 240) { + fprintf(stderr, "memory image too small\n"); diff --git a/aeskeyfind-40_fix-undefined-left-shift.patch b/aeskeyfind-40_fix-undefined-left-shift.patch new file mode 100644 index 0000000..69f0600 --- /dev/null +++ b/aeskeyfind-40_fix-undefined-left-shift.patch @@ -0,0 +1,17 @@ +Description: Fix bug caused by code with undefined behavior (left shift with negative exponent) +Bug-Debian: https://bugs.debian.org/989179 +Bug-Ubuntu: https://bugs.launchpad.net/debian/+source/aeskeyfind/+bug/1838334 +Author: Adrian Bunk +Index: aeskeyfind/aes.h +=================================================================== +--- aeskeyfind.orig/aes.h ++++ aeskeyfind/aes.h +@@ -12,7 +12,7 @@ extern uint8_t rcon[255]; + static inline uint32_t key_core(uint32_t k, int i) { + uint32_t t = 0; + for (int j=0; j<4; j++) +- t = set_byte(t, (j-1)%4, sbox[get_byte(k,j)]); ++ t = set_byte(t, (j-1+4)%4, sbox[get_byte(k,j)]); + return set_byte(t, 0, get_byte(t,0) ^ rcon[i]); + } + diff --git a/aeskeyfind.spec b/aeskeyfind.spec index 0663507..9406b80 100644 --- a/aeskeyfind.spec +++ b/aeskeyfind.spec @@ -1,8 +1,9 @@ Name: aeskeyfind Version: 1.0 -Release: 11%{?dist} +Release: 23%{?dist} # 3-clause BSD license -License: BSD +# Automatically converted from old format: BSD - review is highly recommended. +License: LicenseRef-Callaway-BSD Summary: Locate 128-bit and 256-bit AES keys in a captured memory image @@ -40,9 +41,17 @@ Source3: aeskeyfind.1 Patch1: aeskeyfind-10_add-GCC-hardening.patch # Original Debian patch to fix the size of the sbox -# Author: Samuel Henrique +# Author: Samuel Henrique Patch2: aeskeyfind-20_sbox-size.patch +# Original Debian patch to support for files bigger than 4GB +# Author: Harry Sintonen +Patch3: aeskeyfind-30_big-files-support.patch + +# Original Debian patch to fix silent regression caused by UC +# Author: Adrian Bunk +Patch4: aeskeyfind-40_fix-undefined-left-shift.patch + Buildrequires: gcc Buildrequires: make BuildRequires: gnupg2 @@ -88,6 +97,42 @@ install -p -m644 %{SOURCE3} %{buildroot}%{_mandir}/man1 %changelog +* Fri Jan 16 2026 Fedora Release Engineering - 1.0-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild + +* Wed Jul 23 2025 Fedora Release Engineering - 1.0-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jan 16 2025 Fedora Release Engineering - 1.0-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Aug 28 2024 Miroslav Suchý - 1.0-20 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 1.0-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 1.0-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.0-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Sep 07 2023 Samuel Henrique - 1.0-16 +- sync with the bugfix patches with Debian + +* Wed Jul 19 2023 Fedora Release Engineering - 1.0-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jan 18 2023 Fedora Release Engineering - 1.0-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 1.0-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 19 2022 Fedora Release Engineering - 1.0-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Wed Jul 21 2021 Fedora Release Engineering - 1.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild