Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-cal for openSUSE:Factory checked in at 2026-05-26 16:35:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-cal (Old) and /work/SRC/openSUSE:Factory/.aws-c-cal.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-cal" Tue May 26 16:35:01 2026 rev:26 rq:1355152 version:0.9.14 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-cal/aws-c-cal.changes 2025-12-01 11:15:30.740071229 +0100 +++ /work/SRC/openSUSE:Factory/.aws-c-cal.new.2084/aws-c-cal.changes 2026-05-26 16:35:15.011020946 +0200 @@ -1,0 +2,8 @@ +Fri May 22 07:53:24 UTC 2026 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.9.14 + * builder -> v0.9.92 and clang-latest by @sbSteveK in (#247) + * Add sanity checking on der empty bit string decoding + by @DmitriyMusatkin in (#248) + +------------------------------------------------------------------- Old: ---- v0.9.13.tar.gz New: ---- v0.9.14.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-cal.spec ++++++ --- /var/tmp/diff_new_pack.8gjZNV/_old 2026-05-26 16:35:16.275073242 +0200 +++ /var/tmp/diff_new_pack.8gjZNV/_new 2026-05-26 16:35:16.279073408 +0200 @@ -1,7 +1,7 @@ # # spec file for package aws-c-cal # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-cal -Version: 0.9.13 +Version: 0.9.14 Release: 0 Summary: AWS C99 wrapper for cryptography primitives License: Apache-2.0 @@ -29,12 +29,12 @@ Patch0: acc_add-so-version.patch BuildRequires: cmake BuildRequires: fdupes +BuildRequires: ninja +BuildRequires: pkgconfig BuildRequires: cmake(aws-c-common) BuildRequires: cmake(aws-checksums) -BuildRequires: pkgconfig(libcrypto) BuildRequires: cmake(s2n) -BuildRequires: ninja -BuildRequires: pkgconfig +BuildRequires: pkgconfig(libcrypto) %description AWS Crypto Abstraction Layer is a C99 wrapper for cryptography primitives. ++++++ v0.9.13.tar.gz -> v0.9.14.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.13/.github/workflows/ci.yml new/aws-c-cal-0.9.14/.github/workflows/ci.yml --- old/aws-c-cal-0.9.13/.github/workflows/ci.yml 2025-11-26 19:34:13.000000000 +0100 +++ new/aws-c-cal-0.9.14/.github/workflows/ci.yml 2026-05-20 01:22:31.000000000 +0200 @@ -6,7 +6,7 @@ - 'main' env: - BUILDER_VERSION: v0.9.79 + BUILDER_VERSION: v0.9.92 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-cal @@ -55,6 +55,7 @@ - clang-11 - clang-15 - clang-17 + - clang-latest - gcc-4.8 - gcc-5 - gcc-6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.13/source/der.c new/aws-c-cal-0.9.14/source/der.c --- old/aws-c-cal-0.9.13/source/der.c 2025-11-26 19:34:13.000000000 +0100 +++ new/aws-c-cal-0.9.14/source/der.c 2026-05-20 01:22:31.000000000 +0200 @@ -57,6 +57,19 @@ tlv->value += 1; } } else if (tlv->tag == AWS_DER_BIT_STRING) { + /* per X.690 8.6.2:"The contents octets for the primitive encoding shall contain an + * initial octet followed by zero, one, or more subsequent octets." + * Its invalid to have 0 len bit strings, so reject them. + */ + if (tlv->length == 0) { + return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); + } + + /* Its invalid for empty string to have non-zero padding value */ + if (tlv->length == 1 && tlv->value[0] != 0) { + return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); + } + /* skip over the trailing skipped bit count */ tlv->length -= 1; tlv->value += 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.13/tests/CMakeLists.txt new/aws-c-cal-0.9.14/tests/CMakeLists.txt --- old/aws-c-cal-0.9.13/tests/CMakeLists.txt 2025-11-26 19:34:13.000000000 +0100 +++ new/aws-c-cal-0.9.14/tests/CMakeLists.txt 2026-05-20 01:22:31.000000000 +0200 @@ -168,6 +168,9 @@ add_test_case(der_decode_zero_int) add_test_case(der_decode_bad_length) add_test_case(der_decode_zero_length_int) +add_test_case(der_decode_zero_length_bit_string) +add_test_case(der_decode_empty_bit_string) +add_test_case(der_decode_empty_bit_string_bad_padding) add_test_case(der_roundtrip_context_specific_tags) add_test_case(der_decode_integer) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.13/tests/der_test.c new/aws-c-cal-0.9.14/tests/der_test.c --- old/aws-c-cal-0.9.13/tests/der_test.c 2025-11-26 19:34:13.000000000 +0100 +++ new/aws-c-cal-0.9.14/tests/der_test.c 2026-05-20 01:22:31.000000000 +0200 @@ -688,6 +688,73 @@ } AWS_TEST_CASE(der_decode_zero_length_int, s_der_decode_zero_length_int) +static int s_der_decode_zero_length_bit_string(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + aws_cal_library_test_init(allocator); + + uint8_t zero_bitstring_der[] = {0x03 /*int*/, 0x00 /*len 0*/}; + + const size_t encoded_size = AWS_ARRAY_SIZE(zero_bitstring_der); + struct aws_byte_cursor input = aws_byte_cursor_from_array(zero_bitstring_der, encoded_size); + struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, input); + ASSERT_NULL(decoder); + + ASSERT_INT_EQUALS(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED, aws_last_error()); + + aws_der_decoder_destroy(decoder); + + aws_cal_library_clean_up(); + return 0; +} +AWS_TEST_CASE(der_decode_zero_length_bit_string, s_der_decode_zero_length_bit_string) + +static int s_der_decode_empty_bit_string(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + aws_cal_library_test_init(allocator); + + uint8_t zero_bitstring_der[] = {0x03 /*int*/, 0x01 /*len 1*/, 0x00}; + + const size_t encoded_size = AWS_ARRAY_SIZE(zero_bitstring_der); + struct aws_byte_cursor input = aws_byte_cursor_from_array(zero_bitstring_der, encoded_size); + struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, input); + ASSERT_NOT_NULL(decoder); + + ASSERT_TRUE(aws_der_decoder_next(decoder)); + + ASSERT_INT_EQUALS(AWS_DER_BIT_STRING, aws_der_decoder_tlv_type(decoder)); + + struct aws_byte_cursor cur = {0}; + ASSERT_SUCCESS(aws_der_decoder_tlv_string(decoder, &cur)); + + ASSERT_INT_EQUALS(0, cur.len); + + aws_der_decoder_destroy(decoder); + + aws_cal_library_clean_up(); + return 0; +} +AWS_TEST_CASE(der_decode_empty_bit_string, s_der_decode_empty_bit_string) + +static int s_der_decode_empty_bit_string_bad_padding(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + aws_cal_library_test_init(allocator); + + uint8_t zero_bitstring_der[] = {0x03 /*int*/, 0x01 /*len 1*/, 0x03}; + + const size_t encoded_size = AWS_ARRAY_SIZE(zero_bitstring_der); + struct aws_byte_cursor input = aws_byte_cursor_from_array(zero_bitstring_der, encoded_size); + struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, input); + ASSERT_NULL(decoder); + + ASSERT_INT_EQUALS(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED, aws_last_error()); + + aws_der_decoder_destroy(decoder); + + aws_cal_library_clean_up(); + return 0; +} +AWS_TEST_CASE(der_decode_empty_bit_string_bad_padding, s_der_decode_empty_bit_string_bad_padding) + static int s_der_roundtrip_context_specific_tags(struct aws_allocator *allocator, void *ctx) { (void)ctx; aws_cal_library_test_init(allocator);
