pool/minisign
SHA256
16
0
Fork 1
Code Issues Pull Requests 2 Activity

add minisign to openSUSE Leap boo#1256939 #2

Open
AndreasStieger wants to merge 4 commits from AndreasStieger/minisign:factory into leap-16.1
pull from: AndreasStieger/minisign:factory
merge into: pool:leap-16.1
Conversation 2 Commits 4 Files Changed 7 +202 -9
7 changed files with 202 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
0.11.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:74c2c78a1cd51a43a6c98f46a4eabefbc8668074ca9aa14115544276b663fc55
size 18410

3
minisign-0.12.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:796dce1376f9bcb1a19ece729c075c47054364355fe0c0c1ebe5104d508c7db0
size 20663

23
minisign-dup-command-line-args.patch Normal file
View File

@@ -0,0 +1,23 @@
From 7dfdb3c7bd4cc10e7e3bd52aec38a2052407fbc2 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 29 Dec 2025 23:06:30 +0100
Subject: [PATCH] bugfix: duplicate command-line arguments
Spotted by @two-heart, thanks!
---
src/minisign.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/minisign.c b/src/minisign.c
index 8f82304..df2160c 100644
--- a/src/minisign.c
+++ b/src/minisign.c
@@ -1002,7 +1002,7 @@ main(int argc, char **argv)
case '?':
usage();
}
- if (opt_flag > 0 && opt_flag <= (int) sizeof opt_seen / 8) {
+ if (opt_flag > 0 && opt_flag < (int) sizeof opt_seen * 8) {
if ((opt_seen[opt_flag / 8] & (1U << (opt_flag & 7))) != 0) {
fprintf(stderr, "Duplicate option: -- %c\n\n", opt_flag);
usage();

84
minisign-gpg.fail-minisign.patch Normal file
View File

@@ -0,0 +1,84 @@
From 6c5987575002b7b636f35120fa819fa990248898 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 29 Dec 2025 23:03:30 +0100
Subject: [PATCH] Bail out if the signature file contains unprintable
characters
Spotted by @two-heart, thanks!
---
src/minisign.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/src/minisign.c b/src/minisign.c
index 0444716..8f82304 100644
--- a/src/minisign.c
+++ b/src/minisign.c
@@ -72,6 +72,58 @@ usage(void)
exit(2);
}
+static int
+is_printable(const char *str)
+{
+ const unsigned char *p = (const unsigned char *) (const void *) str;
+
+ while (*p != 0U) {
+ const unsigned char c = *p++;
+
+ if (c == '\t') {
+ continue;
+ } else if (c >= 0x20U && c <= 0x7eU) {
+ continue;
+ } else if (c < 0x20U || c == 0x7fU) {
+ return 0;
+ } else {
+ size_t need;
+ size_t i;
+ uint32_t cp;
+
+ if (c >= 0xc2U && c <= 0xdfU) {
+ need = 1U;
+ } else if (c >= 0xe0U && c <= 0xefU) {
+ need = 2U;
+ } else if (c >= 0xf0U && c <= 0xf4U) {
+ need = 3U;
+ } else {
+ return 0;
+ }
+ for (i = 1U; i <= need; i++) {
+ const unsigned char cc = p[i - 1U];
+
+ if (cc == 0U || (cc & 0xc0U) != 0x80U) {
+ return 0;
+ }
+ }
+ if ((c == 0xe0U && p[0] < 0xa0U) || (c == 0xedU && p[0] > 0x9fU) ||
+ (c == 0xf0U && p[0] < 0x90U) || (c == 0xf4U && p[0] > 0x8fU)) {
+ return 0;
+ }
+ cp = (uint32_t) (c & (need == 1U ? 0x1fU : need == 2U ? 0x0fU : 0x07U));
+ for (i = 1U; i <= need; i++) {
+ cp = (cp << 6) | (uint32_t) (p[i - 1U] & 0x3fU);
+ }
+ if (cp <= 0x1fU || (cp >= 0x7fU && cp <= 0x9fU)) {
+ return 0;
+ }
+ p += need;
+ }
+ }
+ return 1;
+}
+
static unsigned char *
message_load_hashed(size_t *message_len, const char *message_file)
{
@@ -201,6 +253,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
if (trim(trusted_comment) == 0) {
exit_msg("Trusted comment too long");
}
+ if (is_printable(trusted_comment) == 0) {
+ exit_msg("Signature file contains unprintable characters");
+ }
global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U;
global_sig_s = xmalloc(global_sig_s_size);
if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) {

47
minisign-gpg.fail-trustcomment.patch Normal file
View File

@@ -0,0 +1,47 @@
From a10dc92b69cd549de8b691fdc32df866de9bd739 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 29 Dec 2025 23:00:30 +0100
Subject: [PATCH] trim(): only trim trailing \r\n, reject straight \r
characters
Spotted by @two-heart, thanks!
---
src/helpers.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/src/helpers.c b/src/helpers.c
index 9598b4e..4b8994f 100644
--- a/src/helpers.c
+++ b/src/helpers.c
@@ -158,16 +158,21 @@ xfclose(FILE *fp)
int
trim(char *str)
{
- size_t i = strlen(str);
- int t = 0;
-
- while (i-- > (size_t) 0U) {
- if (str[i] == '\n') {
- str[i] = 0;
- t = 1;
- } else if (str[i] == '\r') {
- str[i] = 0;
- }
+ size_t len = strlen(str);
+ int t = 0;
+
+ if (len == 0U) {
+ return 0;
+ }
+ if (str[len - 1U] == '\n') {
+ str[--len] = 0;
+ t = 1;
+ }
+ if (len > 0U && str[len - 1U] == '\r') {
+ str[--len] = 0;
+ }
+ if (memchr(str, '\r', len) != NULL) {
+ return 0;
}
return t;
}

32
minisign.changes
View File

@@ -1,3 +1,35 @@
-------------------------------------------------------------------
Mon Jan 12 09:24:25 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
- Bugfix:
* bugfix: duplicate command-line arguments [7dfdb3c]
* Add minisign-dup-command-line-args.patch
-------------------------------------------------------------------
Mon Jan 12 09:15:13 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
- Security fix: [gpg.fail/trustcomment]
* Trusted comment injection (minisign) [6c59875]
* trim(): only trim trailing \r\n, reject straight \r characters
* Add minisign-gpg.fail-trustcomment.patch
-------------------------------------------------------------------
Mon Jan 12 09:05:55 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
- Security fix: [gpg.fail/minisign]
* Trusted comment injection (minisign) [a10dc92]
* Bail out if the signature file contains unprintable characters
* Add minisign-gpg.fail-minisign.patch
-------------------------------------------------------------------
Sat Feb 1 11:18:41 UTC 2025 - Joshua Smith <smolsheep@opensuse.org>
- Update to version 0.12
* Libsodium is now an optional dependency. When using the Zig
toolchain to compile Minisign, you can specify the
-Dwithout-libsodium flag to build and run without libsodium.
* Key identifiers are now zero-padded when printed.
-------------------------------------------------------------------
Mon Jul 22 16:21:52 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>

19
minisign.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package minisign
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,14 +15,21 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: minisign
Version: 0.11
Version: 0.12
Release: 0
License: ISC
Summary: A dead simple tool to sign files and verify signatures
Url: https://jedisct1.github.io/minisign/
Group: Productivity/Networking/Security
Source0: https://github.com/jedisct1/minisign/archive/%{version}.tar.gz
URL: https://jedisct1.github.io/minisign/
Group: Productivity/Networking/Security
Source0: https://github.com/jedisct1/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
#PATCH-FIX-UPSTREAM gpg.fail/minisign Trusted comment injection
Patch1: minisign-gpg.fail-minisign.patch
#PATCH-FIX-UPSTREAM gpg.fail/trustcomment Trusted comment Injection
Patch2: minisign-gpg.fail-trustcomment.patch
#PATCH-FIX-UPSTREAM duplicate command-line arguments
Patch3: minisign-dup-command-line-args.patch
BuildRequires: cmake
BuildRequires: pkgconfig(libsodium)
@@ -32,7 +39,7 @@ Minisign is a dead simple tool to sign files and verify signatures.
It is portable, lightweight, and uses the highly secure Ed25519 public-key signature system.
%prep
%autosetup
%autosetup -p1
%build
%cmake -DCMAKE_STRIP:BOOL=OFF