commit signify for openSUSE:Factory

root Fri, 07 Feb 2020 06:58:49 -0800

Hello community,

here is the log from the commit of package signify for openSUSE:Factory checked 
in at 2020-02-07 15:57:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/signify (Old)
 and      /work/SRC/openSUSE:Factory/.signify.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "signify"

Fri Feb  7 15:57:24 2020 rev:4 rq:770792 version:28

Changes:
--------
--- /work/SRC/openSUSE:Factory/signify/signify.changes  2019-11-06 
14:06:11.488791401 +0100
+++ /work/SRC/openSUSE:Factory/.signify.new.26092/signify.changes       
2020-02-07 15:58:02.075623825 +0100
@@ -1,0 +2,16 @@
+Thu Feb  6 20:54:58 UTC 2020 - Martin Hauke <[email protected]>
+
+- Update to version 28
+  Added
+  * In verification mode (with -C) it is now possible to use the
+    -t command line flag to specify the key type.
+  * A copy of the regression tests from the OpenBSD CVS repository
+    is now included.
+  Changed
+  * Bumped version of libbsd to 0.10.0, which is the most recent
+    stable.
+  Fixed
+  * Ensure that release packages include the code for the libwaive/
+   submodule.
+
+-------------------------------------------------------------------

Old:
----
  v27.tar.gz

New:
----
  v28.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ signify.spec ++++++
--- /var/tmp/diff_new_pack.XAnYFg/_old  2020-02-07 15:58:03.659624634 +0100
+++ /var/tmp/diff_new_pack.XAnYFg/_new  2020-02-07 15:58:03.663624636 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package signify
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           signify
-Version:        27
+Version:        28
 Release:        0
 Summary:        OpenBSD tool to sign and verify signatures on files (portable 
version)
 License:        BSD-3-Clause

++++++ v27.tar.gz -> v28.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/.gitignore new/signify-28/.gitignore
--- old/signify-27/.gitignore   2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/.gitignore   1970-01-01 01:00:00.000000000 +0100
@@ -1,9 +0,0 @@
-*.o
-.*.sw[po]
-*.pyc
-signify
-signify.1.gz
-sha512hl.c
-sha512_256hl.c
-sha256hl.c
-/libbsd-*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/.gitmodules new/signify-28/.gitmodules
--- old/signify-27/.gitmodules  2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/.gitmodules  1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-[submodule "libwaive"]
-       path = libwaive
-       url = https://github.com/dimkr/libwaive
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/.travis.yml new/signify-28/.travis.yml
--- old/signify-27/.travis.yml  2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/.travis.yml  1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-dist: xenial
-language: c
-compiler:
-  - clang
-  - gcc
-script:
-  - gpg --keyserver hkp://pgp.key-server.io:11371/ --recv-keys A4AE57A3
-  - make BUNDLED_LIBBSD=1 LDLIBS='-lrt' WGET='wget --no-check-certificate'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/.ycm_extra_conf.py 
new/signify-28/.ycm_extra_conf.py
--- old/signify-27/.ycm_extra_conf.py   2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/.ycm_extra_conf.py   1970-01-01 01:00:00.000000000 +0100
@@ -1,11 +0,0 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -*-
-# vim:fenc=utf-8
-#
-# Copyright © 2014 Adrian Perez <[email protected]>
-#
-# Distributed under terms of the MIT license.
-
-def FlagsForFile(path, **kwarg):
-    return { 'flags': ['-Wall'], 'do_cache': True }
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/CHANGELOG.md new/signify-28/CHANGELOG.md
--- old/signify-27/CHANGELOG.md 2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/CHANGELOG.md 2020-02-06 14:43:11.000000000 +0100
@@ -1,6 +1,19 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [v28] - 2020-02-06
+### Added
+- In verification mode (with `-C`) it is now possible to use the `-t` command
+  line flag to specify the key type.
+- A copy of the regression tests from the OpenBSD CVS repository is now
+  included.
+
+### Changed
+- Bumped version of libbsd to 0.10.0, which is the most recent stable.
+
+### Fixed
+- Ensure that release packages include the code for the `libwaive/` submodule.
+
 ## [v27] - 2019-11-04
 ### Fixed
 - Updated to the latest upstream sources, the size of a fixed buffer has
@@ -74,6 +87,7 @@
 - Support using versions 0.8.2 and 0.8.3 of libbsd when `BUNDLED_LIBBSD=1` is
   specified.
 
+[v28]: https://github.com/aperezdc/signify/compare/v27...v28
 [v27]: https://github.com/aperezdc/signify/compare/v26...v27
 [v26]: https://github.com/aperezdc/signify/compare/v25...v26
 [v25]: https://github.com/aperezdc/signify/compare/v24...v25
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/Makefile new/signify-28/Makefile
--- old/signify-27/Makefile     2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/Makefile     2020-02-06 14:43:11.000000000 +0100
@@ -6,7 +6,7 @@
 BUNDLED_LIBBSD ?= 0
 PLEDGE         ?= noop
 WGET           ?= wget
-libbsd_VERSION ?= 0.9.1
+libbsd_VERSION ?= 0.10.0
 libbsd_BASEURL ?= http://libbsd.freedesktop.org/releases/
 #                                                                #
 ##################################################################
@@ -234,6 +234,12 @@
 dist: T := $(GIT_TAG)
 dist: V := $(patsubst v%,%,$T)
 dist:
-       git archive --prefix=signify-$V/ $T | xz -9c > signify-$V.tar.xz
+       git archive-all --force-submodules --prefix=signify-$V/ signify-$V.tar
+       xz -f9 signify-$V.tar
 
 .PHONY: dist
+
+check: signify
+       @sh regress/run
+
+.PHONY: check
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/README.md new/signify-28/README.md
--- old/signify-27/README.md    2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/README.md    2020-02-06 14:43:11.000000000 +0100
@@ -1,6 +1,6 @@
 # Signify - Sign and Verify
 
-[![Build 
Status](https://travis-ci.org/aperezdc/signify.svg?branch=master)](https://travis-ci.org/aperezdc/signify)
+[![Build 
Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Faperezdc%2Fsignify%2Fbadge&style=flat)](https://actions-badge.atrox.dev/aperezdc/signify/goto)
 
 OpenBSD tool to sign and verify signatures on files. This is a portable
 version which uses [libbsd](http://libbsd.freedesktop.org/wiki/) (version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/bcrypt_pbkdf.c 
new/signify-28/bcrypt_pbkdf.c
--- old/signify-27/bcrypt_pbkdf.c       2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/bcrypt_pbkdf.c       2020-02-06 14:43:11.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.15 2019/11/21 16:13:39 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <[email protected]>
  *
@@ -19,6 +19,7 @@
 
 #include <stdint.h>
 #include <stdlib.h>
+#include "crypto_api.h"
 #include "blf.h"
 #include "sha2.h"
 #include <string.h>
@@ -110,10 +111,10 @@
 
        /* nothing crazy */
        if (rounds < 1)
-               return -1;
+               goto bad;
        if (passlen == 0 || saltlen == 0 || keylen == 0 ||
            keylen > sizeof(out) * sizeof(out))
-               return -1;
+               goto bad;
        stride = (keylen + sizeof(out) - 1) / sizeof(out);
        amt = (keylen + stride - 1) / stride;
 
@@ -164,6 +165,12 @@
        /* zap */
        explicit_bzero(&ctx, sizeof(ctx));
        explicit_bzero(out, sizeof(out));
+       explicit_bzero(tmpout, sizeof(tmpout));
 
        return 0;
+
+bad:
+       /* overwrite with random in case caller doesn't check return code */
+       arc4random_buf(key, keylen);
+       return -1;
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/cvs-files new/signify-28/cvs-files
--- old/signify-27/cvs-files    2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/cvs-files    1970-01-01 01:00:00.000000000 +0100
@@ -1,28 +0,0 @@
-
-src/include/blf.h
-src/include/sha2.h
-
-src/lib/libc/crypt/blowfish.c
-src/lib/libc/hash/sha2.c
-src/lib/libc/hash/helper.c
-src/lib/libc/net/base64.c
-src/lib/libc/string/timingsafe_bcmp.c
-
-src/lib/libutil/ohash.h
-src/lib/libutil/ohash.c
-src/lib/libutil/bcrypt_pbkdf.c
-
-src/usr.bin/signify/crypto_api.c
-src/usr.bin/signify/crypto_api.h
-src/usr.bin/signify/fe25519.c
-src/usr.bin/signify/fe25519.h
-src/usr.bin/signify/ge25519.h
-src/usr.bin/signify/ge25519_base.data
-src/usr.bin/signify/mod_ed25519.c
-src/usr.bin/signify/mod_ge25519.c
-src/usr.bin/signify/sc25519.c
-src/usr.bin/signify/sc25519.h
-src/usr.bin/signify/signify.h
-src/usr.bin/signify/signify.c
-src/usr.bin/signify/signify.1
-src/usr.bin/signify/zsig.c
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/cvs-files 
new/signify-28/regress/cvs-files
--- old/signify-27/regress/cvs-files    1970-01-01 01:00:00.000000000 +0100
+++ new/signify-28/regress/cvs-files    2020-02-06 14:43:11.000000000 +0100
@@ -0,0 +1,7 @@
+src/regress/usr.bin/signify/forgery.txt
+src/regress/usr.bin/signify/forgery.txt.sig
+src/regress/usr.bin/signify/orders.txt
+src/regress/usr.bin/signify/orders.txt.sig
+src/regress/usr.bin/signify/regresskey.pub
+src/regress/usr.bin/signify/regresskey.sec
+src/regress/usr.bin/signify/signify.sh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/forgery.txt 
new/signify-28/regress/forgery.txt
--- old/signify-27/regress/forgery.txt  1970-01-01 01:00:00.000000000 +0100
+++ new/signify-28/regress/forgery.txt  2020-02-06 14:43:11.000000000 +0100
@@ -0,0 +1 @@
+Attack at dusk!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/forgery.txt.sig 
new/signify-28/regress/forgery.txt.sig
--- old/signify-27/regress/forgery.txt.sig      1970-01-01 01:00:00.000000000 
+0100
+++ new/signify-28/regress/forgery.txt.sig      2020-02-06 14:43:11.000000000 
+0100
@@ -0,0 +1,2 @@
+untrusted comment: signify signature
+RWTAeKJJ1MTF3UpxzBCu6NaM6HPJNTj5CZ+M5XNJKNeEHBLQSsstzHGbSo8rPYNgw3Z98pN7WKiIwBIyRrKuIdKBRA6qlaci6wI=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/orders.txt 
new/signify-28/regress/orders.txt
--- old/signify-27/regress/orders.txt   1970-01-01 01:00:00.000000000 +0100
+++ new/signify-28/regress/orders.txt   2020-02-06 14:43:11.000000000 +0100
@@ -0,0 +1 @@
+Attack at dawn!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/orders.txt.sig 
new/signify-28/regress/orders.txt.sig
--- old/signify-27/regress/orders.txt.sig       1970-01-01 01:00:00.000000000 
+0100
+++ new/signify-28/regress/orders.txt.sig       2020-02-06 14:43:11.000000000 
+0100
@@ -0,0 +1,2 @@
+untrusted comment: signature from signify secret key
+RWTAeKJJ1MTF3UpxzBCu6NaM6HPJNTj5CZ+M5XNJKNeEHBLQSsstzHGbSo8rPYNgw3Z98pN7WKiIwBIyRrKuIdKBRA6qlaci6wI=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/regresskey.pub 
new/signify-28/regress/regresskey.pub
--- old/signify-27/regress/regresskey.pub       1970-01-01 01:00:00.000000000 
+0100
+++ new/signify-28/regress/regresskey.pub       2020-02-06 14:43:11.000000000 
+0100
@@ -0,0 +1,2 @@
+untrusted comment: signify public key
+RWTAeKJJ1MTF3YCo0ivtKH8kuiFWJuLpNoUmpDd6iTFYhn6/tRu5qKJe
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/regresskey.sec 
new/signify-28/regress/regresskey.sec
--- old/signify-27/regress/regresskey.sec       1970-01-01 01:00:00.000000000 
+0100
+++ new/signify-28/regress/regresskey.sec       2020-02-06 14:43:11.000000000 
+0100
@@ -0,0 +1,2 @@
+untrusted comment: signify secret key
+RWRCSwAAAAASS6/J8yiU/PaMmMhlV4zqjMh4FlqOsG3AeKJJ1MTF3UpTLTAaUkS15G97BU/C+X2UCcR2fNfG68/1NpK0bh0pgKjSK+0ofyS6IVYm4uk2hSakN3qJMViGfr+1G7mool4=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/run new/signify-28/regress/run
--- old/signify-27/regress/run  1970-01-01 01:00:00.000000000 +0100
+++ new/signify-28/regress/run  2020-02-06 14:43:11.000000000 +0100
@@ -0,0 +1,65 @@
+#! /bin/sh
+#
+# Simple test harness for OpenBSD's Signify tests.
+# Copyright (C) 2019 Adrian Perez de Castro <[email protected]>
+#
+# Distributed under terms of the MIT license.
+#
+
+_th__dir_path=$(dirname "$0")
+
+_th__sha256_program=$(command -v sha256)
+if ! [ -x "$_th__sha256_program" ] ; then
+       # Try to use GNU coreutils' sha256sum as fallback.
+       _th__sha256_program=$(command -v sha256sum)
+       if ! [ -x "$_th__sha256_program" ] ; then
+               echo 'Cannot find sha256/sha256sum' 1>&2
+               exit 1
+       fi
+       if "$_th__sha256_program" --version 2> /dev/null | grep -q coreutils ; 
then
+               sha256 () {
+                       "$_th__sha256_program" --tag "$@"
+               }
+       else
+               echo 'The sha256sum program is not the GNU coreutils version' 
1>&2
+               exit 1
+       fi
+fi
+
+_th__sha512_program=$(command -v sha512)
+if ! [ -x "$_th__sha512_program" ] ; then
+       # Ditto, try for sha512sum.
+       _th__sha512_program=$(command -v sha512sum)
+       if ! [ -x "$_th__sha512_program" ] ; then
+               echo 'Cannot find sha512/sha512sum' 1>&2
+               exit 1
+       fi
+       if "$_th__sha512_program" --version 2> /dev/null | grep -q coreutils ; 
then
+               sha512 () {
+                       "$_th__sha512_program" --tag "$@"
+               }
+       else
+               echo 'The sha512sum program is not the GNU coreutils version' 
1>&2
+               exit 1
+       fi
+fi
+
+# Point to the locally-built signify program
+signify () {
+       echo " - signify $* ..." 1>&2
+       "../../signify" "$@"
+}
+
+# Harness configured. Go!
+echo 'Running tests:'
+cd "$_th__dir_path" || exit 2
+set -- "$(pwd)"
+test -d out || mkdir out
+cd out || exit 3
+. ../signify.sh ; rc=$?
+if [ $rc -eq 0 ] ; then
+       echo 'Tests passed.'
+else
+       echo 'Tests failed.'
+fi
+exit $rc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/regress/signify.sh 
new/signify-28/regress/signify.sh
--- old/signify-27/regress/signify.sh   1970-01-01 01:00:00.000000000 +0100
+++ new/signify-28/regress/signify.sh   2020-02-06 14:43:11.000000000 +0100
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# $OpenBSD: signify.sh,v 1.8 2016/09/03 12:23:02 espie Exp $
+
+srcdir=$1
+
+pubkey="$srcdir/regresskey.pub"
+seckey="$srcdir/regresskey.sec"
+orders="$srcdir/orders.txt"
+forgery="$srcdir/forgery.txt"
+
+set -e
+
+cat $seckey | signify -S -s - -x test.sig -m $orders 
+diff -u "$orders.sig" test.sig
+
+signify -V -q -p $pubkey -m $orders
+
+signify -V -q -p $pubkey -m $forgery 2> /dev/null && exit 1
+
+signify -S -s $seckey -x confirmorders.sig -e -m $orders 
+signify -V -q -p $pubkey -e -m confirmorders
+diff -u $orders confirmorders
+
+sha256 $pubkey $seckey > HASH
+sha512 $orders $forgery >> HASH
+signify -S -e -s $seckey -m HASH
+rm HASH
+signify -C -q -p $pubkey -x HASH.sig
+
+tar zcPf archive.tgz $srcdir 
+signify -zS -s $seckey -m archive.tgz -x signed.tgz
+# check it's still valid gzip
+gunzip -t signed.tgz
+# verify it
+signify -zV -p $pubkey <signed.tgz|gunzip -t
+true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/signify.1 new/signify-28/signify.1
--- old/signify-27/signify.1    2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/signify.1    2020-02-06 14:43:11.000000000 +0100
@@ -1,4 +1,4 @@
-.\" $OpenBSD: signify.1,v 1.48 2019/08/10 03:56:02 deraadt Exp $
+.\" $OpenBSD: signify.1,v 1.49 2020/01/21 12:13:21 tb Exp $
 .\"
 .\"Copyright (c) 2013 Marc Espie <[email protected]>
 .\"Copyright (c) 2013 Ted Unangst <[email protected]>
@@ -14,7 +14,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: August 10 2019 $
+.Dd $Mdocdate: January 21 2020 $
 .Dt SIGNIFY 1
 .Os
 .Sh NAME
@@ -24,7 +24,8 @@
 .Nm signify
 .Fl C
 .Op Fl q
-.Fl p Ar pubkey
+.Op Fl p Ar pubkey
+.Op Fl t Ar keytype
 .Fl x Ar sigfile
 .Op Ar
 .Nm signify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/signify.c new/signify-28/signify.c
--- old/signify-27/signify.c    2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/signify.c    2020-02-06 14:43:11.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.133 2019/09/09 13:50:06 deraadt Exp $ */
+/* $OpenBSD: signify.c,v 1.135 2020/01/21 12:13:21 tb Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <[email protected]>
  *
@@ -80,7 +80,7 @@
                fprintf(stderr, "%s\n", error);
        fprintf(stderr, "usage:"
 #ifndef VERIFYONLY
-           "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
+           "\t%1$s -C [-q] [-p pubkey] [-t keytype] -x sigfile [file ...]\n"
            "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
            "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
 #endif
@@ -147,6 +147,8 @@
                errx(1, "unable to parse %s", filename);
        if (memcmp(buf, PKALG, 2) != 0)
                errx(1, "unsupported file %s", filename);
+       *commentend = '\n';
+       *b64end = '\n';
        return b64end - b64 + 1;
 }
 
@@ -716,13 +718,13 @@
 }
 
 static void
-check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
-    char **argv)
+check(const char *pubkeyfile, const char *sigfile, const char *keytype,
+    int quiet, int argc, char **argv)
 {
        unsigned long long msglen;
        uint8_t *msg;
 
-       msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, NULL);
+       msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, keytype);
        verifychecksums((char *)msg, argc, argv, quiet);
 
        free(msg);
@@ -847,7 +849,7 @@
                        err(1, "pledge");
                if (!sigfile)
                        usage("must specify sigfile");
-               check(pubkeyfile, sigfile, quiet, argc, argv);
+               check(pubkeyfile, sigfile, keytype, quiet, argc, argv);
                return 0;
        }
 #endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/update-cvs-files 
new/signify-28/update-cvs-files
--- old/signify-27/update-cvs-files     2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/update-cvs-files     1970-01-01 01:00:00.000000000 +0100
@@ -1,21 +0,0 @@
-#! /bin/sh
-#
-# update-cvs-files
-# Copyright (C) 2014 Adrian Perez <[email protected]>
-#
-# Distributed under terms of the MIT license.
-#
-set -e
-
-: ${CVSWEB_URL:='http://cvsweb.openbsd.org/cgi-bin/cvsweb'}
-CVSWEB_URL="${CVSWEB_URL}/~checkout~"
-
-while read -r cvs_path ; do
-       filename=${cvs_path##*/}
-       if [[ -z ${filename} ]] ; then
-               continue
-       fi
-       echo "[32;1m*[0;0m[1;1m ${filename}[0;0m ($cvs_path)"
-       curl -\# -o "${filename}" "${CVSWEB_URL}/${cvs_path}"
-done
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/signify-27/zsig.c new/signify-28/zsig.c
--- old/signify-27/zsig.c       2019-11-04 17:24:57.000000000 +0100
+++ new/signify-28/zsig.c       2020-02-06 14:43:11.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: zsig.c,v 1.16 2019/03/23 07:10:06 tedu Exp $ */
+/* $OpenBSD: zsig.c,v 1.18 2019/12/22 06:37:25 espie Exp $ */
 /*
  * Copyright (c) 2016 Marc Espie <[email protected]>
  *
@@ -180,8 +180,8 @@
     const char *keytype)
 {
        struct gzheader h;
-       size_t bufsize;
-       char *p, *meta;
+       size_t bufsize, len;
+       char *p;
        uint8_t *bufend;
        int fdin, fdout;
 
@@ -197,13 +197,13 @@
        if (!(h.flg & FCOMMENT_FLAG))
                errx(1, "unsigned gzip archive");
        fake[8] = h.xflg;
+       len = h.endcomment-h.comment;
 
-       p = verifyzdata(h.comment, h.endcomment-h.comment, sigfile,
+       p = verifyzdata(h.comment, len, sigfile,
            pubkeyfile, keytype);
 
        bufsize = MYBUFSIZE;
 
-       meta = p;
 #define BEGINS_WITH(x, y) memcmp((x), (y), sizeof(y)-1) == 0
 
        while (BEGINS_WITH(p, "algorithm=SHA512/256") ||
@@ -216,14 +216,11 @@
 
        if (*p != '\n')
                errx(1, "invalid signature");
-       *(p++) = 0;
 
        fdout = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
-       /* we don't actually copy the header, but put in a fake one with about
-        * zero useful information.
-        */
        writeall(fdout, fake, sizeof fake, msgfile);
-       writeall(fdout, meta, p - meta, msgfile);
+       writeall(fdout, h.comment, len+1, msgfile);
+       *(p++) = 0;
        copy_blocks(fdout, fdin, p, h.endcomment, bufsize, bufend);
        free(h.buffer);
        close(fdout);

commit signify for openSUSE:Factory

Reply via email to