Hello community, here is the log from the commit of package signify for openSUSE:Factory checked in at 2019-11-06 14:06:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/signify (Old) and /work/SRC/openSUSE:Factory/.signify.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "signify" Wed Nov 6 14:06:10 2019 rev:3 rq:745407 version:27 Changes: -------- --- /work/SRC/openSUSE:Factory/signify/signify.changes 2019-07-26 12:44:25.665836930 +0200 +++ /work/SRC/openSUSE:Factory/.signify.new.2990/signify.changes 2019-11-06 14:06:11.488791401 +0100 @@ -1,0 +2,8 @@ +Mon Nov 4 22:11:03 UTC 2019 - Martin Hauke <[email protected]> + +- Update to version 27 + * Updated to the latest upstream sources, the size of a fixed + buffer has been changed to use `PATH_MAX` instead to avoid + potential overflows when using very long path names. + +------------------------------------------------------------------- Old: ---- v26.tar.gz New: ---- v27.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ signify.spec ++++++ --- /var/tmp/diff_new_pack.i9E8gu/_old 2019-11-06 14:06:12.328792281 +0100 +++ /var/tmp/diff_new_pack.i9E8gu/_new 2019-11-06 14:06:12.336792289 +0100 @@ -17,7 +17,7 @@ Name: signify -Version: 26 +Version: 27 Release: 0 Summary: OpenBSD tool to sign and verify signatures on files (portable version) License: BSD-3-Clause ++++++ v26.tar.gz -> v27.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-26/CHANGELOG.md new/signify-27/CHANGELOG.md --- old/signify-26/CHANGELOG.md 2019-07-25 13:28:37.000000000 +0200 +++ new/signify-27/CHANGELOG.md 2019-11-04 17:24:57.000000000 +0100 @@ -1,6 +1,12 @@ # Change Log All notable changes to this project will be documented in this file. +## [v27] - 2019-11-04 +### Fixed +- Updated to the latest upstream sources, the size of a fixed buffer has + been changed to use `PATH_MAX` instead to avoid potential overflows when + using very long path names. + ## [v26] - 2019-07-25 ### Added - Provide a definition for the `__dead` marker when using GCC 4+ or Clang. @@ -68,6 +74,7 @@ - Support using versions 0.8.2 and 0.8.3 of libbsd when `BUNDLED_LIBBSD=1` is specified. +[v27]: https://github.com/aperezdc/signify/compare/v26...v27 [v26]: https://github.com/aperezdc/signify/compare/v25...v26 [v25]: https://github.com/aperezdc/signify/compare/v24...v25 [v24]: https://github.com/aperezdc/signify/compare/v23...v24 @@ -77,4 +84,3 @@ [v20]: https://github.com/aperezdc/signify/compare/v19...v20 [v19]: https://github.com/aperezdc/signify/compare/v18...v19 [v18]: https://github.com/aperezdc/signify/compare/v17...v18 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-26/sha2.c new/signify-27/sha2.c --- old/signify-26/sha2.c 2019-07-25 13:28:37.000000000 +0200 +++ new/signify-27/sha2.c 2019-11-04 17:24:57.000000000 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: sha2.c,v 1.27 2019/06/07 22:56:36 dtucker Exp $ */ +/* $OpenBSD: sha2.c,v 1.28 2019/07/23 12:35:22 dtucker Exp $ */ /* * FILE: sha2.c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-26/signify.1 new/signify-27/signify.1 --- old/signify-26/signify.1 2019-07-25 13:28:37.000000000 +0200 +++ new/signify-27/signify.1 2019-11-04 17:24:57.000000000 +0100 @@ -1,4 +1,4 @@ -.\" $OpenBSD: signify.1,v 1.47 2019/05/08 17:55:41 tedu Exp $ +.\" $OpenBSD: signify.1,v 1.48 2019/08/10 03:56:02 deraadt Exp $ .\" .\"Copyright (c) 2013 Marc Espie <[email protected]> .\"Copyright (c) 2013 Ted Unangst <[email protected]> @@ -14,7 +14,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: May 8 2019 $ +.Dd $Mdocdate: August 10 2019 $ .Dt SIGNIFY 1 .Os .Sh NAME @@ -170,12 +170,12 @@ .Pa SHA256.sig and a full set of release files: .Bd -literal -offset indent -compact -$ signify -C -p /etc/signify/openbsd-66-base.pub -x SHA256.sig +$ signify -C -p /etc/signify/openbsd-67-base.pub -x SHA256.sig .Ed .Pp Verify a bsd.rd before an upgrade: .Bd -literal -offset indent -compact -$ signify -C -p /etc/signify/openbsd-66-base.pub -x SHA256.sig bsd.rd +$ signify -C -p /etc/signify/openbsd-67-base.pub -x SHA256.sig bsd.rd .Ed .Pp Sign a gzip archive: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/signify-26/signify.c new/signify-27/signify.c --- old/signify-26/signify.c 2019-07-25 13:28:37.000000000 +0200 +++ new/signify-27/signify.c 2019-11-04 17:24:57.000000000 +0100 @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.132 2019/07/03 03:24:02 deraadt Exp $ */ +/* $OpenBSD: signify.c,v 1.133 2019/09/09 13:50:06 deraadt Exp $ */ /* * Copyright (c) 2013 Ted Unangst <[email protected]> * @@ -507,7 +507,7 @@ const char *sigcomment, const char *keytype) { const char *safepath = "/etc/signify"; - char keypath[1024]; + char keypath[PATH_MAX]; if (!pubkeyfile) { pubkeyfile = strstr(sigcomment, VERIFYWITH);
