Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package signify for openSUSE:Factory checked in at 2024-03-13 22:16:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/signify (Old) and /work/SRC/openSUSE:Factory/.signify.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "signify" Wed Mar 13 22:16:38 2024 rev:8 rq:1157084 version:32 Changes: -------- --- /work/SRC/openSUSE:Factory/signify/signify.changes 2023-03-07 16:49:46.989410530 +0100 +++ /work/SRC/openSUSE:Factory/.signify.new.1770/signify.changes 2024-03-13 22:17:03.988934156 +0100 @@ -1,0 +2,11 @@ +Sun Mar 10 12:22:51 UTC 2024 - Martin Hauke <[email protected]> + +- Update to version 32 + Changed + * Allow overriding the INSTALL Make variable to set the program + used instead of install. + * Updated sources from upstream OpenBSD and libbsd 0.12.1 + Fixed + * Fixed the build with VERIFY_ONLY=1. + +------------------------------------------------------------------- Old: ---- signify-31.tar.xz signify-31.tar.xz.asc New: ---- signify-32.tar.xz signify-32.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ signify.spec ++++++ --- /var/tmp/diff_new_pack.ZglvYI/_old 2024-03-13 22:17:04.644958291 +0100 +++ /var/tmp/diff_new_pack.ZglvYI/_new 2024-03-13 22:17:04.644958291 +0100 @@ -1,7 +1,7 @@ # # spec file for package signify # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: signify -Version: 31 +Version: 32 Release: 0 Summary: OpenBSD tool to sign and verify signatures on files (portable version) License: BSD-3-Clause ++++++ signify-31.tar.xz -> signify-32.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/CHANGELOG.md new/signify-32/CHANGELOG.md --- old/signify-31/CHANGELOG.md 2022-03-13 22:29:26.446195600 +0100 +++ new/signify-32/CHANGELOG.md 2024-03-06 23:41:45.136625000 +0100 @@ -1,6 +1,15 @@ # Change Log All notable changes to this project will be documented in this file. +## [v32] - 2024-03-07 +### Changed +- Allow overriding the `INSTALL` Make variable to set the program used + instead of `install`. Thanks to @robert-scheck for the patch. +- Updated sources from upstream OpenBSD and libbsd 0.12.1 + +### Fixed +- Fixed the build with `VERIFY_ONLY=1`. + ## [v31] - 2022-03-13 ### Changed - Instead of downloading and building `libbsd` when the `BUNDLED_LIBBSD` @@ -107,6 +116,7 @@ - Support using versions 0.8.2 and 0.8.3 of libbsd when `BUNDLED_LIBBSD=1` is specified. +[v32]: https://github.com/aperezdc/signify/compare/v31...v32 [v31]: https://github.com/aperezdc/signify/compare/v30...v31 [v30]: https://github.com/aperezdc/signify/compare/v29...v30 [v29]: https://github.com/aperezdc/signify/compare/v28...v29 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/Makefile new/signify-32/Makefile --- old/signify-31/Makefile 2022-03-13 22:23:18.479056600 +0100 +++ new/signify-32/Makefile 2024-03-06 23:36:42.370278000 +0100 @@ -11,6 +11,7 @@ CFLAGS += $(EXTRA_CFLAGS) LDFLAGS += $(EXTRA_LDFLAGS) CPPFLAGS += -include compat.h +INSTALL ?= install S := crypto_api.c \ mod_ed25519.c \ @@ -21,6 +22,7 @@ timingsafe_bcmp.c \ blowfish.c \ base64.c \ + ohash.c \ sha2.c \ sha256hl.c \ sha512hl.c \ @@ -90,7 +92,7 @@ else -LIBBSD_PKG_VERSION := 0.7 +LIBBSD_PKG_VERSION := 0.8 LIBBSD_PKG_CHECK := $(shell pkg-config libbsd --atleast-version=$(LIBBSD_PKG_VERSION) && echo ok) ifneq ($(strip $(LIBBSD_PKG_CHECK)),ok) $(error libbsd is not installed or version is older than $(LIBBSD_PKG_VERSION)) @@ -119,9 +121,7 @@ endif endif -ifeq ($(strip $(VERIFY_ONLY)),) -S += ohash.c -else +ifeq ($(strip $(VERIFY_ONLY)),1) CPPFLAGS += -DVERIFY_ONLY=1 $(warning ) $(warning ******************************************************) @@ -175,10 +175,10 @@ -e 's/SHA512_256_CTX/SHA2_CTX/g' $< > $@ install: signify signify.1.gz - install -m 755 -d $(DESTDIR)$(PREFIX)/bin - install -m 755 -t $(DESTDIR)$(PREFIX)/bin signify - install -m 755 -d $(DESTDIR)$(PREFIX)/share/man/man1 - install -m 644 -t $(DESTDIR)$(PREFIX)/share/man/man1 signify.1.gz + $(INSTALL) -m 755 -d $(DESTDIR)$(PREFIX)/bin + $(INSTALL) -m 755 -t $(DESTDIR)$(PREFIX)/bin signify + $(INSTALL) -m 755 -d $(DESTDIR)$(PREFIX)/share/man/man1 + $(INSTALL) -m 644 -t $(DESTDIR)$(PREFIX)/share/man/man1 signify.1.gz .PHONY: install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/bcrypt_pbkdf.c new/signify-32/bcrypt_pbkdf.c --- old/signify-31/bcrypt_pbkdf.c 2022-03-13 20:37:00.844999000 +0100 +++ new/signify-32/bcrypt_pbkdf.c 2024-03-06 23:07:44.336075500 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.16 2020/08/02 18:35:48 tb Exp $ */ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.17 2022/12/27 17:10:08 jmc Exp $ */ /* * Copyright (c) 2013 Ted Unangst <[email protected]> * @@ -33,7 +33,7 @@ * function with the following modifications: * 1. The input password and salt are preprocessed with SHA512. * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modifed + * 3. Subsequently the magic string to be encrypted is lengthened and modified * to "OxychromaticBlowfishSwatDynamite" * 4. The hash function is defined to perform 64 rounds of initial state * expansion. (More rounds are performed by iterating the hash.) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/blowfish.c new/signify-32/blowfish.c --- old/signify-31/blowfish.c 2022-03-13 20:37:00.844999000 +0100 +++ new/signify-32/blowfish.c 2024-03-06 23:07:44.343075800 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: blowfish.c,v 1.20 2021/11/29 01:04:45 djm Exp $ */ +/* $OpenBSD: blowfish.c,v 1.21 2022/08/28 11:11:25 jsg Exp $ */ /* * Blowfish block cipher for OpenBSD * Copyright 1997 Niels Provos <[email protected]> @@ -44,13 +44,6 @@ #include <sys/types.h> #include "blf.h" -#undef inline -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ - /* Function for Feistel Networks */ #define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/arc4random.c new/signify-32/libbsd/arc4random.c --- old/signify-31/libbsd/arc4random.c 2018-10-26 11:05:24.000000000 +0200 +++ new/signify-32/libbsd/arc4random.c 2023-04-22 20:41:32.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.53 2015/09/10 18:53:50 bcook Exp $ */ +/* $OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $ */ /* * Copyright (c) 1996, David Mazieres <[email protected]> @@ -50,6 +50,8 @@ #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ static struct _rs { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -74,10 +76,10 @@ if (rs == NULL) { if (_rs_allocate(&rs, &rsx) == -1) - abort(); + _exit(1); } - chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8); chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); } @@ -108,6 +110,7 @@ _rs_stir(void) { unsigned char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; if (getentropy(rnd, sizeof rnd) == -1) _getentropy_fail(); @@ -122,7 +125,10 @@ rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/bsd/stdlib.h new/signify-32/libbsd/bsd/stdlib.h --- old/signify-31/libbsd/bsd/stdlib.h 2021-02-06 23:30:44.000000000 +0100 +++ new/signify-32/libbsd/bsd/stdlib.h 2024-02-11 19:30:03.000000000 +0100 @@ -51,16 +51,24 @@ #include <stdint.h> __BEGIN_DECLS +#if !defined(__APPLE__) && !defined(__sun) +#if !defined(__GLIBC__) || \ + !__GLIBC_PREREQ(2, 36) || \ + !defined(_DEFAULT_SOURCE) uint32_t arc4random(void); -void arc4random_stir(void); -void arc4random_addrandom(unsigned char *dat, int datlen); void arc4random_buf(void *_buf, size_t n); uint32_t arc4random_uniform(uint32_t upper_bound); +#endif +void arc4random_stir(void); +void arc4random_addrandom(unsigned char *dat, int datlen); +#endif int dehumanize_number(const char *str, int64_t *size); +#if !defined(__APPLE__) const char *getprogname(void); void setprogname(const char *); +#endif int heapsort(void *, size_t, size_t, int (*)(const void *, const void *)); int mergesort(void *base, size_t nmemb, size_t size, @@ -72,7 +80,9 @@ void *reallocf(void *ptr, size_t size); #if !defined(__GLIBC__) || \ - (defined(__GLIBC__) && (!__GLIBC_PREREQ(2, 26) || !defined(_GNU_SOURCE))) + !__GLIBC_PREREQ(2, 26) || \ + (__GLIBC_PREREQ(2, 26) && !__GLIBC_PREREQ(2, 29) && !defined(_GNU_SOURCE)) || \ + (__GLIBC_PREREQ(2, 29) && !defined(_DEFAULT_SOURCE)) void *reallocarray(void *ptr, size_t nmemb, size_t size); #endif void *recallocarray(void *ptr, size_t oldnmemb, size_t nmemb, size_t size); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/bsd/string.h new/signify-32/libbsd/bsd/string.h --- old/signify-31/libbsd/bsd/string.h 2018-03-21 23:01:33.000000000 +0100 +++ new/signify-32/libbsd/bsd/string.h 2024-02-11 19:30:03.000000000 +0100 @@ -41,13 +41,19 @@ #include <sys/types.h> __BEGIN_DECLS +#if !defined(__APPLE__) && \ + (!defined(__GLIBC__) || !__GLIBC_PREREQ(2, 38) || !defined(_DEFAULT_SOURCE)) size_t strlcpy(char *dst, const char *src, size_t siz); size_t strlcat(char *dst, const char *src, size_t siz); +#endif char *strnstr(const char *str, const char *find, size_t str_len); +#ifndef __APPLE__ void strmode(mode_t mode, char *str); +#endif #if !defined(__GLIBC__) || \ - (defined(__GLIBC__) && (!__GLIBC_PREREQ(2, 25) || !defined(_GNU_SOURCE))) + !__GLIBC_PREREQ(2, 25) || \ + !defined(_DEFAULT_SOURCE) void explicit_bzero(void *buf, size_t len); #endif __END_DECLS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/bsd/sys/cdefs.h new/signify-32/libbsd/bsd/sys/cdefs.h --- old/signify-31/libbsd/bsd/sys/cdefs.h 2021-12-01 04:34:10.000000000 +0100 +++ new/signify-32/libbsd/bsd/sys/cdefs.h 2024-02-27 05:50:38.000000000 +0100 @@ -37,6 +37,9 @@ #ifndef __is_identifier #define __is_identifier(x) 1 #endif +#ifndef __has_builtin +#define __has_builtin(x) !__is_identifier(x) +#endif #ifdef LIBBSD_OVERLAY /* @@ -83,6 +86,10 @@ #define _SYS_CDEFS_H #endif +/* Define the ABI for the current system. */ +//#define LIBBSD_SYS_TIME_BITS 0 +//#define LIBBSD_SYS_HAS_TIME64 0 + #define LIBBSD_CONCAT(x, y) x ## y #define LIBBSD_STRING(x) #x @@ -182,7 +189,7 @@ * require it. */ #ifndef __offsetof -# if LIBBSD_GCC_VERSION >= 0x0401 || !__is_identifier(__builtin_offsetof) +# if LIBBSD_GCC_VERSION >= 0x0401 || __has_builtin(__builtin_offsetof) # define __offsetof(type, field) __builtin_offsetof(type, field) # else # ifndef __cplusplus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/chacha_private.h new/signify-32/libbsd/chacha_private.h --- old/signify-31/libbsd/chacha_private.h 2018-05-22 17:58:24.000000000 +0200 +++ new/signify-32/libbsd/chacha_private.h 2024-02-26 04:32:28.000000000 +0100 @@ -4,7 +4,7 @@ Public domain. */ -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ +/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */ typedef unsigned char u8; typedef unsigned int u32; @@ -52,7 +52,7 @@ static const char tau[16] = "expand 16-byte k"; static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) { const char *constants; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/progname.c new/signify-32/libbsd/progname.c --- old/signify-31/libbsd/progname.c 2021-02-07 01:54:13.000000000 +0100 +++ new/signify-32/libbsd/progname.c 2024-03-06 23:23:23.484285600 +0100 @@ -35,6 +35,9 @@ #include <errno.h> #include <string.h> #include <stdlib.h> +#ifdef HAVE_PROCINFO_H +#include <procinfo.h> +#endif #ifdef _WIN32 #include <Windows.h> #include <shlwapi.h> @@ -62,6 +65,14 @@ /* getexecname(3) returns an absolute pathname, normalize it. */ if (__progname == NULL) setprogname(getexecname()); +#elif defined(_AIX) + if (__progname == NULL) { + struct procentry64 procs; + pid_t pid = getpid (); + + if (getprocs64(&procs, sizeof procs, NULL, 0, &pid, 1) > 0) + __progname = strdup(procs.pi_comm); + } #elif defined(_WIN32) if (__progname == NULL) { WCHAR *wpath = NULL; @@ -126,6 +137,8 @@ free(wpath); free(mbname); } +#elif !defined(HAVE___PROGNAME) +#error "Function getprogname() needs to be ported." #endif return __progname; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/libbsd/readpassphrase.c new/signify-32/libbsd/readpassphrase.c --- old/signify-31/libbsd/readpassphrase.c 2018-05-22 17:58:24.000000000 +0200 +++ new/signify-32/libbsd/readpassphrase.c 2024-02-11 19:30:03.000000000 +0100 @@ -36,6 +36,15 @@ #define TCSASOFT 0 #endif +#ifndef _NSIG +#if defined(NSIG) +#define _NSIG NSIG +#else +/* The SIGRTMAX define might be set to a function such as sysconf(). */ +#define _NSIG (SIGRTMAX + 1) +#endif +#endif + static volatile sig_atomic_t signo[_NSIG]; static void handler(int); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/signify.1 new/signify-32/signify.1 --- old/signify-31/signify.1 2022-03-13 20:36:39.662785500 +0100 +++ new/signify-32/signify.1 2024-03-06 23:06:18.624271200 +0100 @@ -1,4 +1,4 @@ -.\" $OpenBSD: signify.1,v 1.55 2022/02/20 17:11:05 deraadt Exp $ +.\" $OpenBSD: signify.1,v 1.59 2024/03/02 23:38:00 benno Exp $ .\" .\"Copyright (c) 2013 Marc Espie <[email protected]> .\"Copyright (c) 2013 Ted Unangst <[email protected]> @@ -14,7 +14,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: February 20 2022 $ +.Dd $Mdocdate: March 2 2024 $ .Dt SIGNIFY 1 .Os .Sh NAME @@ -171,12 +171,12 @@ .Pa SHA256.sig and a full set of release files: .Bd -literal -offset indent -compact -$ signify -C -p /etc/signify/openbsd-72-base.pub -x SHA256.sig +$ signify -C -p /etc/signify/openbsd-76-base.pub -x SHA256.sig .Ed .Pp Verify a bsd.rd before an upgrade: .Bd -literal -offset indent -compact -$ signify -C -p /etc/signify/openbsd-72-base.pub -x SHA256.sig bsd.rd +$ signify -C -p /etc/signify/openbsd-76-base.pub -x SHA256.sig bsd.rd .Ed .Pp Sign a gzip archive: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/signify.c new/signify-32/signify.c --- old/signify-31/signify.c 2022-03-13 20:37:00.846999200 +0100 +++ new/signify-32/signify.c 2024-03-06 23:07:44.350075700 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.135 2020/01/21 12:13:21 tb Exp $ */ +/* $OpenBSD: signify.c,v 1.136 2022/08/26 00:24:56 kn Exp $ */ /* * Copyright (c) 2013 Ted Unangst <[email protected]> * @@ -751,13 +751,14 @@ int main(int argc, char **argv) { - const char *pubkeyfile = NULL, *seckeyfile = NULL, *msgfile = NULL, - *sigfile = NULL; + const char *pubkeyfile = NULL, *msgfile = NULL, *sigfile = NULL; char sigfilebuf[PATH_MAX]; - const char *comment = "signify"; char *keytype = NULL; - int ch; +#ifndef VERIFYONLY + const char *seckeyfile = NULL, *comment = "signify"; int none = 0; +#endif + int ch; int embedded = 0; int quiet = 0; int gzip = 0; @@ -790,6 +791,15 @@ usage(NULL); verb = SIGN; break; + case 'c': + comment = optarg; + break; + case 'n': + none = 1; + break; + case 's': + seckeyfile = optarg; + break; case 'z': gzip = 1; break; @@ -799,27 +809,18 @@ usage(NULL); verb = VERIFY; break; - case 'c': - comment = optarg; - break; case 'e': embedded = 1; break; case 'm': msgfile = optarg; break; - case 'n': - none = 1; - break; case 'p': pubkeyfile = optarg; break; case 'q': quiet = 1; break; - case 's': - seckeyfile = optarg; - break; case 't': keytype = optarg; break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-31/zsig.c new/signify-32/zsig.c --- old/signify-31/zsig.c 2022-03-13 20:37:00.846999200 +0100 +++ new/signify-32/zsig.c 2024-03-06 23:07:44.350075700 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: zsig.c,v 1.18 2019/12/22 06:37:25 espie Exp $ */ +/* $OpenBSD: zsig.c,v 1.19 2023/04/29 10:08:18 espie Exp $ */ /* * Copyright (c) 2016 Marc Espie <[email protected]> * @@ -160,6 +160,8 @@ if (more == 0) break; } + if (n == 0) + break; SHA512_256Data(buffer, n, output); if (endsha - sha < SHA512_256_DIGEST_STRING_LENGTH-1) errx(4, "signature truncated"); @@ -172,6 +174,8 @@ if (n != bufsize) break; } + if (endsha != sha) + errx(4, "file truncated"); free(buffer); }
