Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-auth for openSUSE:Factory checked in at 2025-12-03 14:12:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-auth (Old) and /work/SRC/openSUSE:Factory/.aws-c-auth.new.14147 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-auth" Wed Dec 3 14:12:28 2025 rev:22 rq:1320830 version:0.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-auth/aws-c-auth.changes 2025-11-21 16:57:17.599915190 +0100 +++ /work/SRC/openSUSE:Factory/.aws-c-auth.new.14147/aws-c-auth.changes 2025-12-03 14:13:54.810075439 +0100 @@ -1,0 +2,7 @@ +Tue Dec 2 11:13:56 UTC 2025 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.9.3 + * Swap to use aws_ecc_decode_signature_der_to_raw_padded for login + provider by @sbiscigl in (#279) + +------------------------------------------------------------------- Old: ---- v0.9.2.tar.gz New: ---- v0.9.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-auth.spec ++++++ --- /var/tmp/diff_new_pack.Sxnkss/_old 2025-12-03 14:13:55.466103122 +0100 +++ /var/tmp/diff_new_pack.Sxnkss/_new 2025-12-03 14:13:55.466103122 +0100 @@ -20,7 +20,7 @@ %define library_pkg 1_0_0 %define library_soversion 1 Name: aws-c-auth -Version: 0.9.2 +Version: 0.9.3 Release: 0 Summary: AWS C99 library implementation of AWS client-side authentication License: Apache-2.0 ++++++ v0.9.2.tar.gz -> v0.9.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.9.2/source/credentials_provider_login.c new/aws-c-auth-0.9.3/source/credentials_provider_login.c --- old/aws-c-auth-0.9.2/source/credentials_provider_login.c 2025-11-19 18:08:33.000000000 +0100 +++ new/aws-c-auth-0.9.3/source/credentials_provider_login.c 2025-12-01 22:35:07.000000000 +0100 @@ -379,6 +379,12 @@ parameters->login_session, parameters->login_directory_override, &file_path_buf)) { + AWS_LOGF_ERROR( + AWS_LS_AUTH_CREDENTIALS_PROVIDER, + "(id=%p) failed to load login token with error: %s", + (void *)http_query_context->provider, + aws_error_debug_str(aws_last_error())); + goto on_finalize; } if (aws_login_token_write_token_file(request_data->token, http_query_context->allocator, &file_path_buf)) { AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "login: failed to write to token file"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.9.2/source/login_token_utils.c new/aws-c-auth-0.9.3/source/login_token_utils.c --- old/aws-c-auth-0.9.2/source/login_token_utils.c 2025-11-19 18:08:33.000000000 +0100 +++ new/aws-c-auth-0.9.3/source/login_token_utils.c 2025-12-01 22:35:07.000000000 +0100 @@ -17,6 +17,7 @@ #endif /* _MSC_VER */ static int TOKEN_BUFFER_SIZE = 2500; +static int PADDING_LENGTH = 32; /* Token JSON keys*/ AWS_STATIC_STRING_FROM_LITERAL(s_login_access_token_key, "accessToken"); @@ -723,26 +724,6 @@ return aws_ecc_key_pair_sign_message(ecc_input->private_key, ecc_input->message, output); } -struct private_key_rs_pair { - struct aws_byte_cursor *r; - struct aws_byte_cursor *s; -}; - -static void s_rs_buff(struct aws_allocator *allocator, void *input, struct aws_byte_buf *output) { - struct private_key_rs_pair *private_key_rs_pair = input; - aws_byte_buf_init(output, allocator, private_key_rs_pair->r->len + private_key_rs_pair->s->len); -} - -static int s_rs_combine(struct aws_allocator *allocator, void *input, struct aws_byte_buf *output) { - (void)allocator; - struct private_key_rs_pair *private_key_rs_pair = input; - if (aws_byte_buf_append_dynamic(output, private_key_rs_pair->r) || - aws_byte_buf_append_dynamic(output, private_key_rs_pair->s)) { - return AWS_OP_ERR; - } - return AWS_OP_SUCCESS; -} - static int s_encode_buff( struct aws_allocator *allocator, void *input, @@ -1004,31 +985,21 @@ } struct aws_byte_cursor signature_cursor = aws_byte_cursor_from_buf(&signature); - struct aws_byte_cursor r; - struct aws_byte_cursor s; - AWS_ZERO_STRUCT(r); - AWS_ZERO_STRUCT(s); - if (aws_ecc_decode_signature_der_to_raw(allocator, signature_cursor, &r, &s)) { + uint8_t decoded[64] = {0}; + struct aws_byte_buf decoded_buf = aws_byte_buf_from_empty_array(decoded, 64); + if (aws_ecc_decode_signature_der_to_raw_padded(allocator, signature_cursor, &decoded_buf, PADDING_LENGTH)) { AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "login token: failed to decode signature"); goto on_finish; } - struct private_key_rs_pair private_key_rs_pair = {.r = &r, .s = &s}; - struct aws_byte_buf rs_combination; - AWS_ZERO_STRUCT(rs_combination); - if (s_encode_buff(allocator, &private_key_rs_pair, &rs_combination, s_rs_buff, s_rs_combine)) { - AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "login token: failed combine r and s numbers"); - goto on_finish; - } - - struct aws_byte_cursor rs_combination_cursor = aws_byte_cursor_from_buf(&rs_combination); + struct aws_byte_cursor rs_combination_cursor = aws_byte_cursor_from_buf(&decoded_buf); s_encode_buff(allocator, &rs_combination_cursor, signature_encoded, s_base_64_url_length, s_encode_base64_url); success = true; on_finish: aws_byte_buf_clean_up_secure(&message_sha256); aws_byte_buf_clean_up_secure(&signature); - aws_byte_buf_clean_up_secure(&rs_combination); + aws_byte_buf_clean_up_secure(&decoded_buf); return success ? AWS_OP_SUCCESS : AWS_OP_ERR; } @@ -1058,7 +1029,6 @@ if (build_header(allocator, private_key, &header_buf) || build_payload(allocator, &host, &payload_buf)) { goto on_error; - ; } struct aws_byte_cursor header_cursor = aws_byte_cursor_from_buf(&header_buf);
