Hello community, here is the log from the commit of package password-store for openSUSE:Factory checked in at 2018-06-29 22:31:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/password-store (Old) and /work/SRC/openSUSE:Factory/.password-store.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "password-store" Fri Jun 29 22:31:24 2018 rev:7 rq:618071 version:1.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/password-store/password-store.changes 2017-11-15 17:01:46.183311519 +0100 +++ /work/SRC/openSUSE:Factory/.password-store.new/password-store.changes 2018-06-29 22:31:46.554238429 +0200 @@ -1,0 +2,11 @@ +Fri Jun 15 06:43:31 UTC 2018 - [email protected] + +- Update to 1.7.2 + * Large number of bug fixes + * Fixed the signature verification routine that parses the output of GnuPG. + Previously, it was prone to spoofing of file signatures and allowed + attackers to inject additional encryption keys (bsc#1097774 + CVE-2018-12356). +- Applied spec-cleaner + +------------------------------------------------------------------- Old: ---- password-store-1.7.1.tar.xz New: ---- password-store-1.7.2.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ password-store.spec ++++++ --- /var/tmp/diff_new_pack.1e0pz8/_old 2018-06-29 22:31:46.930238141 +0200 +++ /var/tmp/diff_new_pack.1e0pz8/_new 2018-06-29 22:31:46.934238138 +0200 @@ -1,7 +1,7 @@ # # spec file for package password-store # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,10 +17,10 @@ Name: password-store -Version: 1.7.1 +Version: 1.7.2 Release: 0 Summary: Stores, retrieves, generates, and synchronizes passwords -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Productivity/Other URL: http://zx2c4.com/projects/password-store/ Source: http://git.zx2c4.com/password-store/snapshot/%{name}-%{version}.tar.xz @@ -74,8 +74,9 @@ %endif %files -%doc README COPYING -%{_mandir}/man1/pass.1%{ext_man} +%license COPYING +%doc README +%{_mandir}/man1/pass.1%{?ext_man} %{_bindir}/pass %if 0%{?suse_version} <= 1320 %dir %{_datadir}/fish ++++++ password-store-1.7.1.tar.xz -> password-store-1.7.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/dmenu/passmenu new/password-store-1.7.2/contrib/dmenu/passmenu --- old/password-store-1.7.1/contrib/dmenu/passmenu 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/contrib/dmenu/passmenu 2018-06-14 16:58:28.000000000 +0200 @@ -20,6 +20,6 @@ if [[ $typeit -eq 0 ]]; then pass show -c "$password" 2>/dev/null else - pass show "$password" | { read -r pass; printf %s "$pass"; } | + pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | xdotool type --clearmodifiers --file - fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/emacs/CHANGELOG.md new/password-store-1.7.2/contrib/emacs/CHANGELOG.md --- old/password-store-1.7.1/contrib/emacs/CHANGELOG.md 1970-01-01 01:00:00.000000000 +0100 +++ new/password-store-1.7.2/contrib/emacs/CHANGELOG.md 2018-06-14 16:58:28.000000000 +0200 @@ -0,0 +1,11 @@ +# 1.0.1 + +* (bugfix) Quote shell arguments in async call + +# 1.0.0 + +* (feature) Call `pass edit` so that changes get committed to git + +# 0.1 + +* Initial release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/emacs/Cask new/password-store-1.7.2/contrib/emacs/Cask --- old/password-store-1.7.1/contrib/emacs/Cask 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/contrib/emacs/Cask 2018-06-14 16:58:28.000000000 +0200 @@ -4,9 +4,9 @@ (package-file "password-store.el") (development - (depends-on "dash") (depends-on "f") (depends-on "s") + (depends-on "with-editor") (depends-on "ecukes") (depends-on "ert-runner") (depends-on "el-mock")) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/emacs/password-store.el new/password-store-1.7.2/contrib/emacs/password-store.el --- old/password-store-1.7.1/contrib/emacs/password-store.el 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/contrib/emacs/password-store.el 2018-06-14 16:58:28.000000000 +0200 @@ -1,11 +1,12 @@ ;;; password-store.el --- Password store (pass) support -;; Copyright (C) 2014 Svend Sorensen <[email protected]> +;; Copyright (C) 2014-2017 Svend Sorensen <[email protected]> -;; Author: Svend Sorensen <[email protected]> -;; Version: 0.1 -;; Package-Requires: ((f "0.11.0") (s "1.9.0")) -;; Keywords: pass +;; Author: Svend Sorensen <[email protected]> +;; Version: 1.0.1 +;; URL: https://www.passwordstore.org/ +;; Package-Requires: ((emacs "24") (f "0.11.0") (s "1.9.0") (with-editor "2.5.11")) +;; Keywords: tools pass password password-store ;; This file is not part of GNU Emacs. @@ -33,6 +34,7 @@ (require 'f) (require 's) +(require 'with-editor) (defgroup password-store '() "Emacs mode for password-store." @@ -77,6 +79,16 @@ (s-chomp (buffer-string)) (error (s-chomp (buffer-string))))))) +(defun password-store--run-async (&rest args) + "Run pass asynchronously with ARGS. + +Nil arguments are ignored." + (let ((args (mapcar #'shell-quote-argument args))) + (with-editor-async-shell-command + (mapconcat 'identity + (cons password-store-executable + (delq nil args)) " ")))) + (defun password-store--run-init (gpg-ids &optional folder) (apply 'password-store--run "init" (if folder (format "--path=%s" folder)) @@ -99,7 +111,8 @@ (error "Not implemented")) (defun password-store--run-edit (entry) - (error "Not implemented")) + (password-store--run-async "edit" + entry)) (defun password-store--run-generate (entry password-length &optional force no-symbols) (password-store--run "generate" @@ -163,12 +176,9 @@ ;;;###autoload (defun password-store-edit (entry) - "Edit password for ENTRY. - -This edits the password file directly in Emacs, so changes will -need to be commited manually if git is being used." + "Edit password for ENTRY." (interactive (list (password-store--completing-read))) - (find-file (password-store--entry-to-file entry))) + (password-store--run-edit entry)) ;;;###autoload (defun password-store-get (entry) @@ -218,10 +228,11 @@ "Insert a new ENTRY containing PASSWORD." (interactive (list (read-string "Password entry: ") (read-passwd "Password: " t))) - (message "%s" (shell-command-to-string (format "echo %s | %s insert -m -f %s" - (shell-quote-argument password) - password-store-executable - (shell-quote-argument entry))))) + (message "%s" (shell-command-to-string + (format "echo %s | %s insert -m -f %s" + (shell-quote-argument password) + password-store-executable + (shell-quote-argument entry))))) ;;;###autoload (defun password-store-generate (entry &optional password-length) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/vim/noplaintext.vim new/password-store-1.7.2/contrib/vim/noplaintext.vim --- old/password-store-1.7.1/contrib/vim/noplaintext.vim 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/contrib/vim/noplaintext.vim 1970-01-01 01:00:00.000000000 +0100 @@ -1,46 +0,0 @@ -" -" Prevent various Vim features from keeping the contents of pass(1) password -" files (or any other purely temporary files) in plaintext on the system. -" -" Either append this to the end of your .vimrc, or install it as a plugin with -" a plugin manager like Tim Pope's Pathogen. -" -" Author: Tom Ryder <[email protected]> -" - -" Don't backup files in temp directories or shm -if exists('&backupskip') - set backupskip+=/tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* -endif - -" Don't keep swap files in temp directories or shm -if has('autocmd') - augroup swapskip - autocmd! - silent! autocmd BufNewFile,BufReadPre - \ /tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* - \ setlocal noswapfile - augroup END -endif - -" Don't keep undo files in temp directories or shm -if has('persistent_undo') && has('autocmd') - augroup undoskip - autocmd! - silent! autocmd BufWritePre - \ /tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* - \ setlocal noundofile - augroup END -endif - -" Don't keep viminfo for files in temp directories or shm -if has('viminfo') - if has('autocmd') - augroup viminfoskip - autocmd! - silent! autocmd BufNewFile,BufReadPre - \ /tmp/*,$TMPDIR/*,$TMP/*,$TEMP/*,*/shm/* - \ setlocal viminfo= - augroup END - endif -endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/vim/redact_pass.txt new/password-store-1.7.2/contrib/vim/redact_pass.txt --- old/password-store-1.7.1/contrib/vim/redact_pass.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/password-store-1.7.2/contrib/vim/redact_pass.txt 2018-06-14 16:58:28.000000000 +0200 @@ -0,0 +1,41 @@ +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10 + +DESCRIPTION *redact_pass* + +This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile', +and 'undofile' options globally when editing a password in `pass(1)`. + +This is to prevent anyone being able to extract passwords from your Vim cache +files in the event of a compromise. + +You should test this after installed to ensure you see this message is printed +whenever you `pass edit`: + +> Editing password file--disabled leaky options! + +REQUIREMENTS *redact_pass-requirements* + +This plugin is only available if 'compatible' is not set. It also requires the +|+autocmd| feature. + +IMPLEMENTATION *redact_pass-implementation* + +The options are disabled globally rather than attempting to set them local to +the buffer only, which was the flawed approach of previous versions. This is +mostly because of the 'viminfo' option; it's global, and there's no meaningful +way to exclude information from the sensitive buffer from appearing in it. + +Because the typical use case for editing a password file in Vim is that you +load and change a single short document, and then quit, it's more sensible to +just turn the relevant options off completely, and makes what the plugin is +doing more reliable and straightforward to understand. + +AUTHOR *redact_pass-author* + +Written and maintained by Tom Ryder <[email protected]>. + +LICENSE *redact_pass-license* + +Licensed for distribution under the same terms as the pass(1) project. + + vim:tw=78:ts=8:ft=help:norl: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/contrib/vim/redact_pass.vim new/password-store-1.7.2/contrib/vim/redact_pass.vim --- old/password-store-1.7.1/contrib/vim/redact_pass.vim 1970-01-01 01:00:00.000000000 +0100 +++ new/password-store-1.7.2/contrib/vim/redact_pass.vim 2018-06-14 16:58:28.000000000 +0200 @@ -0,0 +1,80 @@ +" +" redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup', +" 'swapfile', and 'undofile' globally when editing a password in pass(1). +" +" This is to prevent anyone being able to extract passwords from your Vim +" cache files in the event of a compromise. +" +" Author: Tom Ryder <[email protected]> +" License: Same as Vim itself +" +if exists('g:loaded_redact_pass') || &compatible + finish +endif +if !has('autocmd') + finish +endif +let g:loaded_redact_pass = 1 + +" Pattern to match for the portion of the path after the temporary dir, +" starting with the leading slash +let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$' + +" Check whether the given dir name is not an empty string, whether the first +" file in the argument list is within the named dir, and that the whole path +" matches the above pattern immediately after that dir name +function! s:PassPath(root) + + " Check we actually got a value, i.e. this wasn't an empty environment + " variable + if !strlen(a:root) + return 0 + endif + + " Full resolved path to the root dir with no trailing slashes + let l:root = fnamemodify(a:root, ':p:h') + + " Full resolved path to the first file in the arg list + let l:path = fnamemodify(argv(0), ':p') + + " Check the string all match and at the expected points + return stridx(l:path, l:root) == 0 + \ && strlen(l:root) == match(l:path, s:pattern) + +endfunction + +" Check whether we should set redacting options or not +function! s:CheckArgsRedact() + + " Short-circuit unless we're editing just one file and it looks like a path + " in one of the three expected directories; we're trying hard to make sure + " this really is a password file and we're not messing with the user's + " precious settings unnecessarily + if argc() != 1 + \ || !s:PassPath('/dev/shm') + \ && !s:PassPath($TMPDIR) + \ && !s:PassPath('/tmp') + return + endif + + " Disable all the leaky options globally + set nobackup + set nowritebackup + set noswapfile + set viminfo= + if has('persistent_undo') + set noundofile + endif + + " Tell the user what we're doing so they know this worked, via a message and + " a global variable they can check + echomsg 'Editing password file--disabled leaky options!' + let g:redact_pass_redacted = 1 + +endfunction + +" Auto function loads only when Vim starts up +augroup redact_pass + autocmd! + autocmd VimEnter * call s:CheckArgsRedact() +augroup END diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/man/pass.1 new/password-store-1.7.2/man/pass.1 --- old/password-store-1.7.1/man/pass.1 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/man/pass.1 2018-06-14 16:58:28.000000000 +0200 @@ -81,12 +81,13 @@ .BR tree (1) program. This command is alternatively named \fBlist\fP. .TP -\fBgrep\fP \fIsearch-string\fP +\fBgrep\fP [\fIGREPOPTIONS\fP] \fIsearch-string\fP Searches inside each decrypted password file for \fIsearch-string\fP, and displays line containing matched string along with filename. Uses .BR grep (1) -for matching. Make use of the \fIGREP_OPTIONS\fP environment variable to set particular -options. +for matching. \fIGREPOPTIONS\fP are passed to +.BR grep (1) +as-is. (Note: the \fIGREP_OPTIONS\fP environment variable functions as well.) .TP \fBfind\fP \fIpass-names\fP... List names of passwords inside the tree that match \fIpass-names\fP by using the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/src/completion/pass.fish-completion new/password-store-1.7.2/src/completion/pass.fish-completion --- old/password-store-1.7.1/src/completion/pass.fish-completion 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/src/completion/pass.fish-completion 2018-06-14 16:58:28.000000000 +0200 @@ -20,6 +20,7 @@ end return 1 end + function __fish_pass_uses_command set cmd (commandline -opc) if [ (count $cmd) -gt 1 ] @@ -33,24 +34,22 @@ function __fish_pass_print_gpg_keys gpg2 --list-keys | grep uid | sed 's/.*<\(.*\)>/\1/' end -function __fish_pass_print_entry_dirs + +function __fish_pass_print + set -l ext $argv[1] + set -l strip $argv[2] set -l prefix (__fish_pass_get_prefix) - set -l dirs - eval "set dirs "$prefix"/**/" - for dir in $dirs - set entry (echo "$dir" | sed "s#$prefix/\(.*\)#\1#") - echo "$entry" - end + printf '%s\n' "$prefix"/**"$ext" | sed "s#$prefix/\(.*\)$strip#\1#" end + +function __fish_pass_print_entry_dirs + __fish_pass_print "/" +end + function __fish_pass_print_entries - set -l prefix (__fish_pass_get_prefix) - set -l files - eval "set files "$prefix"/**.gpg" - for file in $files - set file (echo "$file" | sed "s#$prefix/\(.*\)\.gpg#\1#") - echo "$file" - end + __fish_pass_print ".gpg" ".gpg" end + function __fish_pass_print_entries_and_dirs __fish_pass_print_entry_dirs __fish_pass_print_entries diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/src/password-store.sh new/password-store-1.7.2/src/password-store.sh --- old/password-store-1.7.1/src/password-store.sh 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/src/password-store.sh 2018-06-14 16:58:28.000000000 +0200 @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (C) 2012 - 2017 Jason A. Donenfeld <[email protected]>. All Rights Reserved. +# Copyright (C) 2012 - 2018 Jason A. Donenfeld <[email protected]>. All Rights Reserved. # This file is licensed under the GPLv2+. Please see COPYING for more information. umask "${PASSWORD_STORE_UMASK:-077}" @@ -58,7 +58,7 @@ verify_file() { [[ -n $PASSWORD_STORE_SIGNING_KEY ]] || return 0 [[ -f $1.sig ]] || die "Signature for $1 does not exist." - local fingerprints="$($GPG $PASSWORD_STORE_GPG_OPTS --verify --status-fd=1 "$1.sig" "$1" 2>/dev/null | sed -n 's/\[GNUPG:\] VALIDSIG \([A-F0-9]\{40\}\) .* \([A-F0-9]\{40\}\)$/\1\n\2/p')" + local fingerprints="$($GPG $PASSWORD_STORE_GPG_OPTS --verify --status-fd=1 "$1.sig" "$1" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG \([A-F0-9]\{40\}\) .* \([A-F0-9]\{40\}\)$/\1\n\2/p')" local fingerprint found=0 for fingerprint in $PASSWORD_STORE_SIGNING_KEY; do [[ $fingerprint =~ ^[A-F0-9]{40}$ ]] || continue @@ -121,9 +121,9 @@ local group="$(sed -n "s/^cfg:group:$(sed 's/[\/&]/\\&/g' <<<"${GPG_RECIPIENTS[$index]}"):\\(.*\\)\$/\\1/p" <<<"$groups" | head -n 1)" [[ -z $group ]] && continue IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190 - unset GPG_RECIPIENTS[$index] + unset "GPG_RECIPIENTS[$index]" done - gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" + gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" fi current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | sed -n 's/^gpg: public key is \([A-F0-9]\+\)$/\1/p' | LC_ALL=C sort -u)" @@ -173,7 +173,7 @@ qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null echo "$before" | base64 -d | xclip -selection "$X_SELECTION" - ) 2>/dev/null & disown + ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } @@ -203,7 +203,7 @@ remove_tmpfile() { rm -rf "$SECURE_TMPDIR" } - trap remove_tmpfile INT TERM EXIT + trap remove_tmpfile EXIT else [[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF Your system does not have /dev/shm, which means that it may @@ -218,7 +218,7 @@ find "$SECURE_TMPDIR" -type f -exec $SHRED {} + rm -rf "$SECURE_TMPDIR" } - trap shred_tmpfile INT TERM EXIT + trap shred_tmpfile EXIT fi } @@ -241,7 +241,7 @@ ============================================ = pass: the standard unix password manager = = = - = v1.7.1 = + = v1.7.2 = = = = Jason A. Donenfeld = = [email protected] = @@ -266,7 +266,7 @@ $PROGRAM [show] [--clip[=line-number],-c[line-number]] pass-name Show existing password and optionally put it on the clipboard. If put on the clipboard, it will be cleared in $CLIP_TIME seconds. - $PROGRAM grep search-string + $PROGRAM grep [GREPOPTIONS] search-string Search for password files containing search-string when decrypted. $PROGRAM insert [--echo,-e | --multiline,-m] [--force,-f] pass-name Insert new password. Optionally, echo the password back to the console @@ -334,7 +334,7 @@ signing_keys+=( --default-key $key ) done $GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --detach-sign "$gpg_id" || die "Could not sign .gpg_id." - key="$($GPG --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')" + key="$($GPG --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')" [[ -n $key ]] || die "Signing of .gpg_id unsuccessful." git_add_file "$gpg_id.sig" "Signing new GPG id with ${key//[$IFS]/,}." fi @@ -357,15 +357,17 @@ [[ $err -ne 0 || ( $qrcode -eq 1 && $clip -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--clip[=line-number],-c[line-number]] [--qrcode[=line-number],-q[line-number]] [pass-name]" + local pass local path="$1" local passfile="$PREFIX/$path.gpg" check_sneaky_paths "$path" if [[ -f $passfile ]]; then if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then - $GPG -d "${GPG_OPTS[@]}" "$passfile" || exit $? + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile")" || exit $? + echo "$pass" else [[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number." - local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? [[ -n $pass ]] || die "There is no password to put on the clipboard at line ${selected_line}." if [[ $clip -eq 1 ]]; then clip "$pass" "$path" @@ -395,10 +397,10 @@ } cmd_grep() { - [[ $# -ne 1 ]] && die "Usage: $PROGRAM $COMMAND search-string" - local search="$1" passfile grepresults + [[ $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [GREPOPTIONS] search-string" + local passfile grepresults while read -r -d "" passfile; do - grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep --color=always "$search")" + grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep --color=always "$@")" [[ $? -ne 0 ]] && continue passfile="${passfile%.gpg}" passfile="${passfile#$PREFIX/}" @@ -430,8 +432,8 @@ [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" - mkdir -p -v "$PREFIX/$(dirname "$path")" - set_gpg_recipients "$(dirname "$path")" + mkdir -p -v "$PREFIX/$(dirname -- "$path")" + set_gpg_recipients "$(dirname -- "$path")" if [[ $multiline -eq 1 ]]; then echo "Enter contents of $path and press Ctrl+D when finished:" @@ -464,8 +466,8 @@ local path="${1%/}" check_sneaky_paths "$path" - mkdir -p -v "$PREFIX/$(dirname "$path")" - set_gpg_recipients "$(dirname "$path")" + mkdir -p -v "$PREFIX/$(dirname -- "$path")" + set_gpg_recipients "$(dirname -- "$path")" local passfile="$PREFIX/$path.gpg" set_git "$passfile" @@ -505,9 +507,10 @@ local path="$1" local length="${2:-$GENERATED_LENGTH}" check_sneaky_paths "$path" - [[ ! $length =~ ^[0-9]+$ ]] && die "Error: pass-length \"$length\" must be a number." - mkdir -p -v "$PREFIX/$(dirname "$path")" - set_gpg_recipients "$(dirname "$path")" + [[ $length =~ ^[0-9]+$ ]] || die "Error: pass-length \"$length\" must be a number." + [[ $length -gt 0 ]] || die "Error: pass-length must be greater than zero." + mkdir -p -v "$PREFIX/$(dirname -- "$path")" + set_gpg_recipients "$(dirname -- "$path")" local passfile="$PREFIX/$path.gpg" set_git "$passfile" @@ -519,7 +522,7 @@ $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" || die "Password encryption aborted." else local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--" - if $GPG -d "${GPG_OPTS[@]}" "$passfile" | sed $'1c \\\n'"$(sed 's/[\/&]/\\&/g' <<<"$pass")"$'\n' | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then + if { echo "$pass"; $GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +2; } | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then mv "$passfile_temp" "$passfile" else rm -f "$passfile_temp" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/src/platform/cygwin.sh new/password-store-1.7.2/src/platform/cygwin.sh --- old/password-store-1.7.1/src/platform/cygwin.sh 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/src/platform/cygwin.sh 2018-06-14 16:58:28.000000000 +0200 @@ -11,7 +11,7 @@ local now="$(base64 < /dev/clipboard)" [[ $now != $(echo -n "$1" | base64) ]] && before="$now" echo "$before" | base64 -d > /dev/clipboard - ) 2>/dev/null & disown + ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/src/platform/darwin.sh new/password-store-1.7.2/src/platform/darwin.sh --- old/password-store-1.7.1/src/platform/darwin.sh 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/src/platform/darwin.sh 2018-06-14 16:58:28.000000000 +0200 @@ -11,7 +11,7 @@ local now="$(pbpaste | openssl base64)" [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" echo "$before" | openssl base64 -d | pbcopy - ) 2>/dev/null & disown + ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/tests/t0300-reencryption.sh new/password-store-1.7.2/tests/t0300-reencryption.sh --- old/password-store-1.7.1/tests/t0300-reencryption.sh 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/tests/t0300-reencryption.sh 2018-06-14 16:58:28.000000000 +0200 @@ -10,7 +10,7 @@ $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u } gpg_keys_from_encrypted_file() { - $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u + $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | grep "public key is" | cut -d ' ' -f 5 | LC_ALL=C sort -u } gpg_keys_from_group() { local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.1/tests/t0400-grep.sh new/password-store-1.7.2/tests/t0400-grep.sh --- old/password-store-1.7.1/tests/t0400-grep.sh 2017-04-13 12:11:14.000000000 +0200 +++ new/password-store-1.7.2/tests/t0400-grep.sh 2018-06-14 16:58:28.000000000 +0200 @@ -18,4 +18,16 @@ grep -q "They are" <<<"$results" ' +test_expect_success 'Test passing the "-i" option to grep' ' + "$PASS" init $KEY1 && + "$PASS" insert -e blah1 <<<"I wonder..." && + "$PASS" insert -e blah2 <<<"Will it ignore" && + "$PASS" insert -e blah3 <<<"case when searching?" && + "$PASS" insert -e folder/blah4 <<<"Yes, it does. Wonderful!" && + results="$("$PASS" grep -i wonder)" && + [[ $(wc -l <<<"$results") -eq 4 ]] && + grep -q blah1 <<<"$results" && + grep -q blah4 <<<"$results" +' + test_done
