Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package otpclient for openSUSE:Factory
checked in at 2023-01-14 00:03:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/otpclient (Old)
and /work/SRC/openSUSE:Factory/.otpclient.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "otpclient"
Sat Jan 14 00:03:27 2023 rev:22 rq:1058252 version:3.1.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/otpclient/otpclient.changes 2022-12-30
11:09:08.201318769 +0100
+++ /work/SRC/openSUSE:Factory/.otpclient.new.32243/otpclient.changes
2023-01-14 00:04:14.394068133 +0100
@@ -1,0 +2,10 @@
+Fri Jan 13 13:31:48 UTC 2023 - Paolo Stivanin <i...@paolostivanin.com>
+
+- Update to 3.1.3:
+ * Fix Aegis import/export when using long pwds.
+ * Fix secret service cleanup
+ * Show the correct error message when import fails
+ * Use g_utf8_strlen instead of strlen
+ * Add libcotp >= 2.0 compatibility
+
+-------------------------------------------------------------------
Old:
----
v3.1.1.tar.gz
v3.1.1.tar.gz.asc
New:
----
v3.1.3.tar.gz
v3.1.3.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ otpclient.spec ++++++
--- /var/tmp/diff_new_pack.d9IdwH/_old 2023-01-14 00:04:14.962071441 +0100
+++ /var/tmp/diff_new_pack.d9IdwH/_new 2023-01-14 00:04:14.966071465 +0100
@@ -1,7 +1,7 @@
#
# spec file for package otpclient
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define uclname OTPClient
Name: otpclient
-Version: 3.1.1
+Version: 3.1.3
Release: 0
Summary: Simple GTK+ client for managing TOTP and HOTP
License: GPL-3.0-or-later
++++++ v3.1.1.tar.gz -> v3.1.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/CMakeLists.txt
new/OTPClient-3.1.3/CMakeLists.txt
--- old/OTPClient-3.1.1/CMakeLists.txt 2022-12-28 17:02:45.000000000 +0100
+++ new/OTPClient-3.1.3/CMakeLists.txt 2023-01-13 11:32:56.000000000 +0100
@@ -1,5 +1,5 @@
-cmake_minimum_required(VERSION 3.10)
-project(OTPClient VERSION "3.1.1" LANGUAGES "C")
+cmake_minimum_required(VERSION 3.16)
+project(OTPClient VERSION "3.1.3" LANGUAGES "C")
include(GNUInstallDirs)
configure_file("src/common/version.h.in" "version.h")
@@ -46,7 +46,10 @@
find_package(Protobuf 3.6.0 REQUIRED)
find_package(Gcrypt 1.6.0 REQUIRED)
pkg_check_modules(COTP REQUIRED cotp>=1.2.1)
-pkg_check_modules(BASEENCODE REQUIRED baseencode>=1.0.12)
+if(${COTP_VERSION} LESS 2.0.0)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DCOTP_OLD_LIB")
+ pkg_check_modules(BASEENCODE REQUIRED baseencode>=1.0.12)
+endif()
pkg_check_modules(PNG REQUIRED libpng>=1.2.0)
pkg_check_modules(JANSSON REQUIRED jansson>=2.10.0)
pkg_check_modules(ZBAR REQUIRED zbar>=0.20)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/SECURITY.md
new/OTPClient-3.1.3/SECURITY.md
--- old/OTPClient-3.1.1/SECURITY.md 2022-12-28 17:02:45.000000000 +0100
+++ new/OTPClient-3.1.3/SECURITY.md 2023-01-13 11:32:56.000000000 +0100
@@ -7,7 +7,7 @@
| Version | Supported | EOL |
|---------| ------------------ |-------------|
| 3.1.x | :heavy_check_mark: | - |
-| 3.0.x | :heavy_check_mark: | 31-Dec-2022 |
+| 3.0.x | :x: | 31-Dec-2022 |
| 2.6.x | :heavy_check_mark: | 15-Jan-2023 |
| 2.5.x | :x: | 31-Aug-2022 |
| 2.4.x | :x: | 15-May-2022 |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/OTPClient-3.1.1/data/com.github.paolostivanin.OTPClient.appdata.xml
new/OTPClient-3.1.3/data/com.github.paolostivanin.OTPClient.appdata.xml
--- old/OTPClient-3.1.1/data/com.github.paolostivanin.OTPClient.appdata.xml
2022-12-28 17:02:45.000000000 +0100
+++ new/OTPClient-3.1.3/data/com.github.paolostivanin.OTPClient.appdata.xml
2023-01-13 11:32:56.000000000 +0100
@@ -83,6 +83,25 @@
</content_rating>
<releases>
+ <release version="3.1.3" date="2023-01-12">
+ <description>
+ <p>OTPClient 3.1.3 brings some fixes</p>
+ <ul>
+ <li>Fix Aegis import/export when using long pwds (>64 chars)</li>
+ <li>Fix secret service cleanup</li>
+ <li>Show the correct error message when import fails</li>
+ <li>Use g_utf8_strlen instead of strlen</li>
+ </ul>
+ </description>
+ </release>
+ <release version="3.1.2" date="2023-01-10">
+ <description>
+ <p>OTPClient 3.1.2 brings compatibility with newer cotp.</p>
+ <ul>
+ <li>Add compatibility with libcotp >= 2.0.0</li>
+ </ul>
+ </description>
+ </release>
<release version="3.1.1" date="2022-12-29">
<description>
<p>OTPClient 3.1.1 brings lots of small under-the-hood changes:</p>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/app.c
new/OTPClient-3.1.3/src/app.c
--- old/OTPClient-3.1.1/src/app.c 2022-12-28 17:02:45.000000000 +0100
+++ new/OTPClient-3.1.3/src/app.c 2023-01-13 11:32:56.000000000 +0100
@@ -699,9 +699,6 @@
gpointer user_data)
{
AppData *app_data = (AppData *)user_data;
- if (app_data->disable_secret_service == TRUE) {
- secret_password_clear (OTPCLIENT_SCHEMA, NULL, on_password_cleared,
NULL, "string", "main_pwd", NULL, NULL);
- }
save_sort_order (app_data->tree_view);
g_source_remove (app_data->source_id);
g_source_remove (app_data->source_id_last_activity);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/common/aegis.c
new/OTPClient-3.1.3/src/common/aegis.c
--- old/OTPClient-3.1.1/src/common/aegis.c 2022-12-28 17:02:45.000000000
+0100
+++ new/OTPClient-3.1.3/src/common/aegis.c 2023-01-13 11:32:56.000000000
+0100
@@ -90,7 +90,7 @@
guchar *key_tag = hexstr_to_bytes (json_string_value (json_object_get (kp,
"tag")));
json_t *dbp = json_object_get(json_object_get(json, "header"), "params");
guchar *keybuf = gcry_malloc (KEY_SIZE);
- if (gcry_kdf_derive (password, strlen (password) + 1, GCRY_KDF_SCRYPT, n,
salt, SALT_SIZE, p, KEY_SIZE, keybuf) != 0) {
+ if (gcry_kdf_derive (password, g_utf8_strlen (password, -1),
GCRY_KDF_SCRYPT, n, salt, SALT_SIZE, p, KEY_SIZE, keybuf) != 0) {
g_printerr ("Error while deriving the key.\n");
g_free (salt);
g_free (enc_key);
@@ -122,7 +122,7 @@
gcry_cipher_close (hd);
return NULL;
}
- gpg_error_t gpg_err = gcry_cipher_checktag(hd, key_tag, TAG_SIZE);
+ gpg_error_t gpg_err = gcry_cipher_checktag (hd, key_tag, TAG_SIZE);
if (gpg_err != 0) {
g_set_error (err, bad_tag_gquark (), BAD_TAG_ERRCODE, "Invalid TAG
(master key). Either the password is wrong or the file is corrupted.");
g_free (salt);
@@ -231,7 +231,7 @@
gcry_create_nonce (key_nonce, NONCE_SIZE);
derived_master_key = gcry_calloc_secure(KEY_SIZE, 1);
- gpg_error_t gpg_err = gcry_kdf_derive (password, strlen (password) +
1, GCRY_KDF_SCRYPT, 32768, salt, SALT_SIZE, 1, KEY_SIZE, derived_master_key);
+ gpg_error_t gpg_err = gcry_kdf_derive (password, g_utf8_strlen
(password, -1), GCRY_KDF_SCRYPT, 32768, salt, SALT_SIZE, 1, KEY_SIZE,
derived_master_key);
if (gpg_err) {
g_printerr ("Error while deriving the key\n");
gcry_free (derived_master_key);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/common/common.c
new/OTPClient-3.1.3/src/common/common.c
--- old/OTPClient-3.1.1/src/common/common.c 2022-12-28 17:02:45.000000000
+0100
+++ new/OTPClient-3.1.3/src/common/common.c 2023-01-13 11:32:56.000000000
+0100
@@ -1,7 +1,9 @@
#include <glib.h>
#include <sys/resource.h>
#include <cotp.h>
+#ifdef COTP_OLD_LIB
#include <baseencode.h>
+#endif
#include <glib/gi18n.h>
#include "gcrypt.h"
#include "jansson.h"
@@ -91,7 +93,7 @@
json_object_foreach (obj, key, value) {
if (g_strcmp0 (key, "period") == 0 || g_strcmp0 (key, "counter") == 0
|| g_strcmp0 (key, "digits") == 0) {
json_int_t v = json_integer_value (value);
- g_snprintf (tmp_string + strlen (tmp_string), 256, "%ld", (gint64)
v);
+ g_snprintf (tmp_string + g_utf8_strlen (tmp_string, -1), 256,
"%ld", (gint64) v);
} else {
if (g_strlcat (tmp_string, json_string_value (value), 256) > 256) {
g_printerr ("%s\n", _("Truncation occurred."));
@@ -99,7 +101,7 @@
}
}
- guint32 hash = jenkins_one_at_a_time_hash (tmp_string, strlen (tmp_string)
+ 1);
+ guint32 hash = jenkins_one_at_a_time_hash (tmp_string, g_utf8_strlen
(tmp_string, -1) + 1);
gcry_free (tmp_string);
@@ -109,8 +111,8 @@
gchar *
secure_strdup (const gchar *src)
{
- gchar *sec_buf = gcry_calloc_secure (strlen (src) + 1, 1);
- memcpy (sec_buf, src, strlen (src) + 1);
+ gchar *sec_buf = gcry_calloc_secure (g_utf8_strlen (src, -1) + 1, 1);
+ memcpy (sec_buf, src, g_utf8_strlen (src, -1) + 1);
return sec_buf;
}
@@ -122,7 +124,7 @@
if (g_utf8_strlen (str, -1) == 0) {
return NULL;
}
- gchar *sec_buf = gcry_calloc_secure (strlen (str) + 1, 1);
+ gchar *sec_buf = gcry_calloc_secure (g_utf8_strlen (str, -1) + 1, 1);
int pos = 0;
for (int i = 0; str[i]; i++) {
if (str[i] != ' ') {
@@ -139,9 +141,9 @@
guchar *
hexstr_to_bytes (const gchar *hexstr)
{
- size_t len = strlen (hexstr);
+ size_t len = g_utf8_strlen (hexstr, -1);
size_t final_len = len / 2;
- guchar *chrs = (guchar *)g_malloc((final_len+1) * sizeof(*chrs));
+ guchar *chrs = (guchar *)g_malloc ((final_len+1) * sizeof(*chrs));
for (size_t i = 0, j = 0; j < final_len; i += 2, j++)
chrs[j] = (hexstr[i] % 32 + 9) % 25 * 16 + (hexstr[i+1] % 32 + 9) % 25;
chrs[final_len] = '\0';
@@ -187,8 +189,8 @@
g_return_val_if_fail (find != NULL, 0);
g_return_val_if_fail (replace != NULL, 0);
- f_len = strlen (find);
- r_len = strlen (replace);
+ f_len = g_utf8_strlen (find, -1);
+ r_len = g_utf8_strlen (replace, -1);
cur = string->str;
while ((next = strstr (cur, find)) != NULL)
@@ -242,7 +244,7 @@
if (escaped_string == NULL)
return NULL;
- const gchar *escaped_string_end = escaped_string + strlen (escaped_string);
+ const gchar *escaped_string_end = escaped_string + g_utf8_strlen
(escaped_string, -1);
gchar *result = gcry_calloc_secure (escaped_string_end - escaped_string +
1, 1);
gchar *out = result;
@@ -293,7 +295,7 @@
g_return_val_if_fail (text != NULL, NULL);
g_return_val_if_fail (out_len != NULL, NULL);
- input_length = strlen (text);
+ input_length = g_utf8_strlen (text, -1);
/* We can use a smaller limit here, since we know the saved state is 0,
+1 used to avoid calling g_malloc0(0), and hence returning NULL */
@@ -368,7 +370,11 @@
g_string_append (uri, "&");
}
+#ifdef COTP_OLD_LIB
baseencode_error_t b_err;
+#else
+ cotp_error_t b_err;
+#endif
gchar *b32_encoded_secret = base32_encode
(msg->otp_parameters[i]->secret.data, msg->otp_parameters[i]->secret.len,
&b_err);
if (b32_encoded_secret == NULL) {
g_printerr ("Error while encoding the secret (error code %d)\n",
b_err);
@@ -417,4 +423,4 @@
}
return hd;
-}
\ No newline at end of file
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/common/freeotp.c
new/OTPClient-3.1.3/src/common/freeotp.c
--- old/OTPClient-3.1.1/src/common/freeotp.c 2022-12-28 17:02:45.000000000
+0100
+++ new/OTPClient-3.1.3/src/common/freeotp.c 2023-01-13 11:32:56.000000000
+0100
@@ -45,7 +45,7 @@
json_array_foreach (json_db_data, index, db_obj) {
gchar *uri = get_otpauth_uri (NULL, db_obj);
- fwrite (uri, strlen (uri), 1, fp);
+ fwrite (uri, g_utf8_strlen (uri, -1), 1, fp);
g_free (uri);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/db-misc.c
new/OTPClient-3.1.3/src/db-misc.c
--- old/OTPClient-3.1.1/src/db-misc.c 2022-12-28 17:02:45.000000000 +0100
+++ new/OTPClient-3.1.3/src/db-misc.c 2023-01-13 11:32:56.000000000 +0100
@@ -223,7 +223,7 @@
return (gpointer)derived_key;
}
- gsize input_data_len = strlen (in_memory_json) + 1;
+ gsize input_data_len = g_utf8_strlen (in_memory_json, -1) + 1;
guchar *enc_buffer = g_malloc0 (input_data_len);
gcry_cipher_hd_t hd = open_cipher_and_set_data (derived_key,
header_data->iv, IV_SIZE);
@@ -409,7 +409,7 @@
HeaderData *header_data)
{
gsize key_len = gcry_cipher_get_algo_keylen (GCRY_CIPHER_AES256);
- gsize pwd_len = strlen (pwd) + 1;
+ gsize pwd_len = g_utf8_strlen (pwd, -1) + 1;
guchar *derived_key = gcry_malloc_secure (key_len);
if (derived_key == NULL) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/imports.c
new/OTPClient-3.1.3/src/imports.c
--- old/OTPClient-3.1.1/src/imports.c 2022-12-28 17:02:45.000000000 +0100
+++ new/OTPClient-3.1.3/src/imports.c 2023-01-13 11:32:56.000000000 +0100
@@ -118,7 +118,7 @@
if (err != NULL) {
msg_with_err = g_strconcat (msg, " The error is:\n", err->message,
NULL);
}
- show_message_dialog (app_data->main_window, msg, GTK_MESSAGE_ERROR);
+ show_message_dialog (app_data->main_window, err == NULL ? msg :
msg_with_err, GTK_MESSAGE_ERROR);
g_free (msg_with_err);
if (err != NULL){
g_clear_error (&err);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/parse-data.c
new/OTPClient-3.1.3/src/parse-data.c
--- old/OTPClient-3.1.1/src/parse-data.c 2022-12-28 17:02:45.000000000
+0100
+++ new/OTPClient-3.1.3/src/parse-data.c 2023-01-13 11:32:56.000000000
+0100
@@ -123,7 +123,7 @@
static gboolean
str_is_only_num_or_alpha (const gchar *string)
{
- size_t s_len = strlen (string);
+ size_t s_len = g_utf8_strlen (string, -1);
for (gint i = 0; i < s_len; i++) {
if (!g_ascii_isalnum (string[i])) {
return FALSE;
@@ -136,7 +136,7 @@
static gboolean
str_is_only_num (const gchar *string)
{
- size_t s_len = strlen (string);
+ size_t s_len = g_utf8_strlen (string, -1);
for (gint i = 0; i < s_len; i++) {
if (!g_ascii_isdigit (string[i])) {
return FALSE;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/password-cb.c
new/OTPClient-3.1.3/src/password-cb.c
--- old/OTPClient-3.1.1/src/password-cb.c 2022-12-28 17:02:45.000000000
+0100
+++ new/OTPClient-3.1.3/src/password-cb.c 2023-01-13 11:32:56.000000000
+0100
@@ -103,7 +103,7 @@
gchar *pwd = NULL;
if (entry_widgets->pwd != NULL) {
gcry_free (current_key);
- gsize len = strlen (entry_widgets->pwd) + 1;
+ gsize len = g_utf8_strlen (entry_widgets->pwd, -1) + 1;
pwd = gcry_calloc_secure (len, 1);
strncpy (pwd, entry_widgets->pwd, len);
gcry_free (entry_widgets->pwd);
@@ -152,7 +152,7 @@
gpointer *pwd)
{
const gchar *text = gtk_entry_get_text (GTK_ENTRY(entry));
- gsize len = strlen (text) + 1;
+ gsize len = g_utf8_strlen (text, -1) + 1;
*pwd = gcry_calloc_secure (len, 1);
strncpy (*pwd, text, len);
GtkWidget *top_level = gtk_widget_get_toplevel (entry);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/OTPClient-3.1.1/src/settings-cb.c
new/OTPClient-3.1.3/src/settings-cb.c
--- old/OTPClient-3.1.1/src/settings-cb.c 2022-12-28 17:02:45.000000000
+0100
+++ new/OTPClient-3.1.3/src/settings-cb.c 2023-01-13 11:32:56.000000000
+0100
@@ -1,8 +1,10 @@
#include <gtk/gtk.h>
#include <glib/gi18n.h>
+#include <libsecret/secret.h>
#include "otpclient.h"
#include "message-dialogs.h"
#include "get-builder.h"
+#include "secret-schema.h"
void
settings_dialog_cb (GSimpleAction *simple __attribute__((unused)),
@@ -65,6 +67,7 @@
gtk_widget_show_all (dialog);
+ gboolean old_ss_value = app_data->disable_secret_service;
switch (gtk_dialog_run (GTK_DIALOG(dialog))) {
case GTK_RESPONSE_OK:
app_data->show_next_otp = gtk_switch_get_active
(GTK_SWITCH(sno_switch));
@@ -81,6 +84,10 @@
g_key_file_set_integer (kf, "config", "inactivity_timeout",
app_data->inactivity_timeout);
g_key_file_set_boolean (kf, "config", "dark_theme",
app_data->use_dark_theme);
g_key_file_set_boolean (kf, "config", "disable_secret_service",
app_data->disable_secret_service);
+ if (old_ss_value == FALSE && app_data->disable_secret_service ==
TRUE) {
+ // secret service was just disabled, so we have to clear the
password from the keyring
+ secret_password_clear (OTPCLIENT_SCHEMA, NULL,
on_password_cleared, NULL, "string", "main_pwd", NULL);
+ }
if (!g_key_file_save_to_file (kf, cfg_file_path, NULL)) {
g_printerr ("%s\n", _("Error while saving the config file."));
}
