Hello community, here is the log from the commit of package password-store for openSUSE:Factory checked in at 2018-08-07 09:42:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/password-store (Old) and /work/SRC/openSUSE:Factory/.password-store.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "password-store" Tue Aug 7 09:42:47 2018 rev:9 rq:627621 version:1.7.3 Changes: -------- --- /work/SRC/openSUSE:Factory/password-store/password-store.changes 2018-08-03 12:39:26.703760784 +0200 +++ /work/SRC/openSUSE:Factory/.password-store.new/password-store.changes 2018-08-07 09:42:54.237291833 +0200 @@ -1,0 +2,10 @@ +Mon Aug 6 06:49:47 UTC 2018 - [email protected] + +- Update to 1.7.3 (bugfix release) + * Simplify filename matching in redact_pass.vim + * Do not put passwords in herestrings + * Do not set foreground color for generated password + * Add custom bash completion for extensions + * show: do not store binary data in bash vars + +------------------------------------------------------------------- Old: ---- password-store-1.7.2.tar.xz New: ---- password-store-1.7.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ password-store.spec ++++++ --- /var/tmp/diff_new_pack.jKzWo3/_old 2018-08-07 09:42:54.841292884 +0200 +++ /var/tmp/diff_new_pack.jKzWo3/_new 2018-08-07 09:42:54.841292884 +0200 @@ -17,7 +17,7 @@ Name: password-store -Version: 1.7.2 +Version: 1.7.3 Release: 0 Summary: Utility to store, retrieve, generate and synchronize passwords License: GPL-2.0-or-later ++++++ password-store-1.7.2.tar.xz -> password-store-1.7.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/contrib/vim/redact_pass.txt new/password-store-1.7.3/contrib/vim/redact_pass.txt --- old/password-store-1.7.2/contrib/vim/redact_pass.txt 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/contrib/vim/redact_pass.txt 2018-08-03 05:32:48.000000000 +0200 @@ -1,4 +1,4 @@ -*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10 +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 24 DESCRIPTION *redact_pass* @@ -8,8 +8,8 @@ This is to prevent anyone being able to extract passwords from your Vim cache files in the event of a compromise. -You should test this after installed to ensure you see this message is printed -whenever you `pass edit`: +You should test this after installation to ensure you see this message is +printed whenever you `pass edit`: > Editing password file--disabled leaky options! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/contrib/vim/redact_pass.vim new/password-store-1.7.3/contrib/vim/redact_pass.vim --- old/password-store-1.7.2/contrib/vim/redact_pass.vim 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/contrib/vim/redact_pass.vim 2018-08-03 05:32:48.000000000 +0200 @@ -11,49 +11,16 @@ if exists('g:loaded_redact_pass') || &compatible finish endif -if !has('autocmd') +if !has('autocmd') || v:version < 600 finish endif let g:loaded_redact_pass = 1 -" Pattern to match for the portion of the path after the temporary dir, -" starting with the leading slash -let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$' - -" Check whether the given dir name is not an empty string, whether the first -" file in the argument list is within the named dir, and that the whole path -" matches the above pattern immediately after that dir name -function! s:PassPath(root) - - " Check we actually got a value, i.e. this wasn't an empty environment - " variable - if !strlen(a:root) - return 0 - endif - - " Full resolved path to the root dir with no trailing slashes - let l:root = fnamemodify(a:root, ':p:h') - - " Full resolved path to the first file in the arg list - let l:path = fnamemodify(argv(0), ':p') - - " Check the string all match and at the expected points - return stridx(l:path, l:root) == 0 - \ && strlen(l:root) == match(l:path, s:pattern) - -endfunction - " Check whether we should set redacting options or not function! s:CheckArgsRedact() - " Short-circuit unless we're editing just one file and it looks like a path - " in one of the three expected directories; we're trying hard to make sure - " this really is a password file and we're not messing with the user's - " precious settings unnecessarily - if argc() != 1 - \ || !s:PassPath('/dev/shm') - \ && !s:PassPath($TMPDIR) - \ && !s:PassPath('/tmp') + " Ensure there's one argument and it's the matched file + if argc() != 1 || fnamemodify(argv(0), ':p') !=# expand('<afile>:p') return endif @@ -76,5 +43,9 @@ " Auto function loads only when Vim starts up augroup redact_pass autocmd! - autocmd VimEnter * call s:CheckArgsRedact() + autocmd VimEnter + \ /dev/shm/pass.?*/?*.txt + \,$TMPDIR/pass.?*/?*.txt + \,/tmp/pass.?*/?*.txt + \ call s:CheckArgsRedact() augroup END diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/src/completion/pass.bash-completion new/password-store-1.7.3/src/completion/pass.bash-completion --- old/password-store-1.7.2/src/completion/pass.bash-completion 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/src/completion/pass.bash-completion 2018-08-03 05:32:48.000000000 +0200 @@ -81,7 +81,7 @@ { COMPREPLY=() local cur="${COMP_WORDS[COMP_CWORD]}" - local commands="init ls find grep show insert generate edit rm mv cp git help version" + local commands="init ls find grep show insert generate edit rm mv cp git help version ${PASSWORD_STORE_EXTENSION_COMMANDS[*]}" if [[ $COMP_CWORD -gt 1 ]]; then local lastarg="${COMP_WORDS[$COMP_CWORD-1]}" case "${COMP_WORDS[1]}" in @@ -121,6 +121,17 @@ COMPREPLY+=($(compgen -W "init push pull config log reflog rebase" -- ${cur})) ;; esac + + # To add completion for an extension command define a function like this: + # __password_store_extension_complete_<COMMAND>() { + # COMPREPLY+=($(compgen -W "-o --option" -- ${cur})) + # _pass_complete_entries 1 + # } + # + # and add the command to the $PASSWORD_STORE_EXTENSION_COMMANDS array + if [[ " ${PASSWORD_STORE_EXTENSION_COMMANDS[*]} " == *" ${COMP_WORDS[1]} "* ]] && type "__password_store_extension_complete_${COMP_WORDS[1]}" &> /dev/null; then + "__password_store_extension_complete_${COMP_WORDS[1]}" + fi else COMPREPLY+=($(compgen -W "${commands}" -- ${cur})) _pass_complete_entries 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/src/password-store.sh new/password-store-1.7.3/src/password-store.sh --- old/password-store-1.7.2/src/password-store.sh 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/src/password-store.sh 2018-08-03 05:32:48.000000000 +0200 @@ -156,12 +156,12 @@ # trailing new lines. local sleep_argv0="password store sleep on display $DISPLAY" pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" + local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)" echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" ( ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" ) - local now="$(xclip -o -selection "$X_SELECTION" | base64)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" + local now="$(xclip -o -selection "$X_SELECTION" | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" # It might be nice to programatically check to see if klipper exists, # as well as checking for other common clipboard managers. But for now, @@ -172,7 +172,7 @@ # so we axe it here: qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null - echo "$before" | base64 -d | xclip -selection "$X_SELECTION" + echo "$before" | $BASE64 -d | xclip -selection "$X_SELECTION" ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } @@ -224,6 +224,7 @@ } GETOPT="getopt" SHRED="shred -f -z" +BASE64="base64" source "$(dirname "$0")/platform/$(uname | cut -d _ -f 1 | tr '[:upper:]' '[:lower:]').sh" 2>/dev/null # PLATFORM_FUNCTION_FILE @@ -241,7 +242,7 @@ ============================================ = pass: the standard unix password manager = = = - = v1.7.2 = + = v1.7.3 = = = = Jason A. Donenfeld = = [email protected] = @@ -363,8 +364,8 @@ check_sneaky_paths "$path" if [[ -f $passfile ]]; then if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then - pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile")" || exit $? - echo "$pass" + pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $? + echo "$pass" | $BASE64 -d else [[ $selected_line =~ ^[0-9]+$ ]] || die "Clip location '$selected_line' is not a number." pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? @@ -447,7 +448,7 @@ read -r -p "Retype password for $path: " -s password_again || exit 1 echo if [[ $password == "$password_again" ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" || die "Password encryption aborted." + echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." break else die "Error: the entered passwords do not match." @@ -456,7 +457,7 @@ else local password read -r -p "Enter password for $path: " -e password - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" || die "Password encryption aborted." + echo "$password" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." fi git_add_file "$passfile" "Add given password for $path to store." } @@ -474,7 +475,6 @@ tmpdir #Defines $SECURE_TMPDIR local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXXX")-${path//\//-}.txt" - local action="Add" if [[ -f $passfile ]]; then $GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1 @@ -519,7 +519,7 @@ read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom) [[ ${#pass} -eq $length ]] || die "Could not generate password from /dev/urandom." if [[ $inplace -eq 0 ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" || die "Password encryption aborted." + echo "$pass" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted." else local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--" if { echo "$pass"; $GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +2; } | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then @@ -538,7 +538,7 @@ elif [[ $qrcode -eq 1 ]]; then qrcode "$pass" "$path" else - printf "\e[1m\e[37mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass" + printf "\e[1mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass" fi } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/src/platform/cygwin.sh new/password-store-1.7.3/src/platform/cygwin.sh --- old/password-store-1.7.2/src/platform/cygwin.sh 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/src/platform/cygwin.sh 2018-08-03 05:32:48.000000000 +0200 @@ -4,13 +4,13 @@ clip() { local sleep_argv0="password store sleep on display $DISPLAY" pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(base64 < /dev/clipboard)" + local before="$($BASE64 < /dev/clipboard)" echo -n "$1" > /dev/clipboard ( ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) - local now="$(base64 < /dev/clipboard)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" - echo "$before" | base64 -d > /dev/clipboard + local now="$($BASE64 < /dev/clipboard)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d > /dev/clipboard ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/src/platform/darwin.sh new/password-store-1.7.3/src/platform/darwin.sh --- old/password-store-1.7.2/src/platform/darwin.sh 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/src/platform/darwin.sh 2018-08-03 05:32:48.000000000 +0200 @@ -4,13 +4,13 @@ clip() { local sleep_argv0="password store sleep for user $(id -u)" pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(pbpaste | openssl base64)" + local before="$(pbpaste | $BASE64)" echo -n "$1" | pbcopy ( ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) - local now="$(pbpaste | openssl base64)" - [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now" - echo "$before" | openssl base64 -d | pbcopy + local now="$(pbpaste | $BASE64)" + [[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now" + echo "$before" | $BASE64 -d | pbcopy ) >/dev/null 2>&1 & disown echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." } @@ -45,3 +45,4 @@ GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt" SHRED="srm -f -z" +BASE64="openssl base64" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/src/platform/freebsd.sh new/password-store-1.7.3/src/platform/freebsd.sh --- old/password-store-1.7.2/src/platform/freebsd.sh 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/src/platform/freebsd.sh 2018-08-03 05:32:48.000000000 +0200 @@ -3,3 +3,4 @@ GETOPT="/usr/local/bin/getopt" SHRED="rm -P -f" +BASE64="openssl base64" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/password-store-1.7.2/src/platform/openbsd.sh new/password-store-1.7.3/src/platform/openbsd.sh --- old/password-store-1.7.2/src/platform/openbsd.sh 2018-06-14 16:58:28.000000000 +0200 +++ new/password-store-1.7.3/src/platform/openbsd.sh 2018-08-03 05:32:48.000000000 +0200 @@ -38,3 +38,4 @@ GETOPT="gnugetopt" SHRED="rm -P -f" +BASE64="openssl base64"
