a817f0b2f2
- Update to version 0.11.1+0:
* Fixed a security vulnerability that could allow an attacker to
execute an arbitrary binary under certain conditions. Plugin
names are now required to only contain alphanumeric characters
or the four special characters +-._.
* Replace the test `NoCallbacks` with the library version
* Restrict set of valid characters for plugin names
* Add tests for invalid plugin name chars
- Update to 0.11.0+0:
Added:
* Partial French translation!
Fixed:
* [Unix] Files can now be encrypted with rage --passphrase when
piped over stdin, without requiring an explicit - argument as
INPUT.
- bsc#1229959 - RUSTSEC-2024-0006 - CVE-2024-43806
- rust-shlex: Multiple issues involving quote API
- bsc#1229959 - RUSTSEC-2024-0006 - rust-shlex: Multiple issues involving quote API
- Enable tests
- Install all language manpages
- Fix -keygen installing to -mount
- Switch from obsoleted practices to modern ones:
* %setup is now %autosetup
* cargo_config is now part of vendor file
* disabledrun is now manualrun
- Update to version 0.10.0+0:
Added:
* Russian translation
* rage-keygen -y IDENTITY_FILE to convert identity files to
recipients.
Changed:
* MSRV is now 1.65.0.
* Migrated from gumdrop to clap for argument parsing.
* -R/--recipients-file and -i/--identity now support "read-once"
files, like those used by process substitution (-i
<(other_binary get-age-identity)) and named pipes.
* The filename - (hyphen) is now treated as an explicit request
to read from standard input when used with -R/--recipients-file
or -i/--identity. It must only occur once across the
-R/--recipients-file and -i/--identity flags, and the input
file. It cannot be used if the input file is omitted.
Fixed:
* OpenSSH private keys passed to -i/--identity that contain
invalid public keys are no longer ignored when encrypting, and
instead cause an error.
* Weak ssh-rsa public keys that are smaller than 2048 bits are
now rejected.
* rage-keygen no longer overwrites existing key files with the
-o/--output flag. This was its behaviour prior to 0.6.0, but
was unintentionally changed when rage was modified to overwrite
existing files. Key file overwriting can still be achieved by
omitting -o/--output and instead piping stdout to the file.
* rage-keygen now prints fatal errors directly instead of them
being hidden behind the RUST_LOG=error environment variable. It
also now sets its return code appropriately instead of always
returning 0.
- bsc#1215657 - chosen ciphertext attack possible against aes-gcm
* update vendor.tar.zst to contain aes-gcm >= 0.10.3
- Update to version 0.9.2+0:
* CI: Ensure `apt` repository is up-to-date before installing build deps
* CI: Build Linux releases using `ubuntu-20.04` runner
* CI: Remove most uses of `actions-rs` actions
- Update to version 0.9.2+0:
* v0.9.2
* Fix changelog bugs and add missing entry
* Document `PINENTRY_PROGRAM` environment variable
* age: Add `Decryptor::new_async_buffered`
* age: `impl AsyncBufRead for ArmoredReader`
* Pre-initialize vectors when the capacity is known, or use arrays
* Use `PINENTRY_PROGRAM` as environment variable for `pinentry`
* Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely
* cargo update
* cargo vet prune
* Migrate to `cargo-vet 0.7`
* build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1
* Correct spelling in documentation
* build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4
* StreamWriter AsyncWrite: fix usage with futures::io::copy()
* rage: Use `Decryptor::new_buffered`
* age: Add `Decryptor::new_buffered`
* age: `impl BufRead for ArmoredReader`
* Update Homebrew formula to v0.9.1
* feat/pinentry: Use env var to define pinentry binary
- As per https://en.opensuse.org/openSUSE:Package_description_guidelines
mention distinctive characteristics that offset this solution
from e.g. gpg.
- Update to version 0.9.1+0:
* ssh: Fix parsing of OpenSSH private key format
* ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys
* ssh: Add `aes256-gcm@openssh.com` cipher to test cases
* ssh: Extract common key material derivation logic for encrypted keys
* ssh: Use associated constants for key and IV sizes
* ssh: Add test cases for encrypted keys
- Add shell completions for fish and zsh.
- bsc#1207039 - CVE-2023-22895 - update bzip2 crate
- Update of vendored dependencies
- Update of vendored dependencies
- Do not have the main package recommend the bash-completion
sub-package, but rather have the subpackage supplement the
combination of tage-encryption and bash-completion.
- Update to version 0.9.0+0:
* v0.9.0
* use pkcs1 crate to parse RSAPrivateKey ASN.1 object
* qa: Add workflow that runs `cargo vet --locked`
* qa: Import `cargo vet` audits from Firefox and zcashd
* qa: Add `crypto-reviewed` criteria or `cargo vet`
* qa: `cargo vet init`
- Set minimum rust requirement to 1.59
- Update to version 0.8.1+0:
* v0.8.1
* Revert updates to `dashmap` and `indexmap`
* cargo update
* age: Add passphrase to scrypt_work_factor_23 testkit test file
* age: Reject invalid or non-canonical X25519 recipient stanzas
* age: Require "contributory" behaviour for X25519 recipient stanzas
* age: Add testkit test files from reference impl
* Update Homebrew formula to v0.8.0
- Update to version 0.8.0+0:
* v0.8.0
* age: Allow ciphertexts that encrypt the empty plaintext
* Update Italian translation
* Don't allow -i/--identity with passphrase-encrypted files
* age: Require the last STREAM chunk to be non-empty
* age: Return correct response encoding for `confirm` command
* age: Base64-decode metadata arguments to "confirm" message
* age: Extract "confirm" command handling into a helper function
- Automatic update of vendored dependencies
- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
- switched to vendored_licenses_packager as build dependency
- define macro "rust_tier1_arches" if undefined
- Add specific lock file path to _service for cargo audit to prevent
confusion with the lock files in the fuzz folders.
- Update to version 0.7.1
* Fixed a bug where non-canonical recipient stanza bodies in an age
file header would cause rage to crash instead of being rejected
* vendor.tar.xz updated from source code Cargo.lock file
- Added:
* binary rage-mount
* bash-completion for rage, rage-keygen and rage-mount
* manual pages for rage, rage-keygen and rage-mount
* Licenses files
* Licenses files of vendored crates extracted
with script "vendored_licenses_packager.sh"
* README and CHANGELOG files
* possibility to build without cargo-packaging for "older" distros
- Update to version 0.7.0~git0.c93b914:
* v0.7.0
* cargo update fuzz*
* Update lockfiles for fuzzers
* rage: Pin clap to 3.0.0-beta.2
* CI: Add bitrot check to ensure examples and benchmarks still compile
* console 0.15
* age: Re-export `secrecy` crate
* age-core: Improve crate documentation
* age-core: Re-export `secrecy` crate
* age-core: Add `plugin::Error` enum
- Initial commit of rage
OBS-URL: https://build.opensuse.org/package/show/security/rage-encryption?expand=0&rev=39
251 lines
10 KiB
Plaintext
251 lines
10 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Dec 20 06:39:30 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
|
|
|
|
- Fixes GHSA-4fg7-vxc8-qx5w
|
|
- Update to version 0.11.1+0:
|
|
* Fixed a security vulnerability that could allow an attacker to
|
|
execute an arbitrary binary under certain conditions. Plugin
|
|
names are now required to only contain alphanumeric characters
|
|
or the four special characters +-._.
|
|
* Replace the test `NoCallbacks` with the library version
|
|
* Restrict set of valid characters for plugin names
|
|
* Add tests for invalid plugin name chars
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 3 19:04:23 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
|
|
|
|
- Update to 0.11.0+0:
|
|
Added:
|
|
* Partial French translation!
|
|
Fixed:
|
|
* [Unix] Files can now be encrypted with rage --passphrase when
|
|
piped over stdin, without requiring an explicit - argument as
|
|
INPUT.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 20 04:57:20 UTC 2024 - William Brown <william.brown@suse.com>
|
|
|
|
- bsc#1229959 - RUSTSEC-2024-0006 - CVE-2024-43806
|
|
- rust-shlex: Multiple issues involving quote API
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 4 01:43:07 UTC 2024 - William Brown <william.brown@suse.com>
|
|
|
|
- bsc#1229959 - RUSTSEC-2024-0006 - rust-shlex: Multiple issues involving quote API
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 22 12:15:24 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
|
|
|
|
- Enable tests
|
|
- Install all language manpages
|
|
- Fix -keygen installing to -mount
|
|
- Switch from obsoleted practices to modern ones:
|
|
* %setup is now %autosetup
|
|
* cargo_config is now part of vendor file
|
|
* disabledrun is now manualrun
|
|
- Update to version 0.10.0+0:
|
|
Added:
|
|
* Russian translation
|
|
* rage-keygen -y IDENTITY_FILE to convert identity files to
|
|
recipients.
|
|
Changed:
|
|
* MSRV is now 1.65.0.
|
|
* Migrated from gumdrop to clap for argument parsing.
|
|
* -R/--recipients-file and -i/--identity now support "read-once"
|
|
files, like those used by process substitution (-i
|
|
<(other_binary get-age-identity)) and named pipes.
|
|
* The filename - (hyphen) is now treated as an explicit request
|
|
to read from standard input when used with -R/--recipients-file
|
|
or -i/--identity. It must only occur once across the
|
|
-R/--recipients-file and -i/--identity flags, and the input
|
|
file. It cannot be used if the input file is omitted.
|
|
Fixed:
|
|
* OpenSSH private keys passed to -i/--identity that contain
|
|
invalid public keys are no longer ignored when encrypting, and
|
|
instead cause an error.
|
|
* Weak ssh-rsa public keys that are smaller than 2048 bits are
|
|
now rejected.
|
|
* rage-keygen no longer overwrites existing key files with the
|
|
-o/--output flag. This was its behaviour prior to 0.6.0, but
|
|
was unintentionally changed when rage was modified to overwrite
|
|
existing files. Key file overwriting can still be achieved by
|
|
omitting -o/--output and instead piping stdout to the file.
|
|
* rage-keygen now prints fatal errors directly instead of them
|
|
being hidden behind the RUST_LOG=error environment variable. It
|
|
also now sets its return code appropriately instead of always
|
|
returning 0.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 26 03:59:43 UTC 2023 - William Brown <william.brown@suse.com>
|
|
|
|
- bsc#1215657 - chosen ciphertext attack possible against aes-gcm
|
|
* update vendor.tar.zst to contain aes-gcm >= 0.10.3
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 26 01:06:56 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 0.9.2+0:
|
|
* CI: Ensure `apt` repository is up-to-date before installing build deps
|
|
* CI: Build Linux releases using `ubuntu-20.04` runner
|
|
* CI: Remove most uses of `actions-rs` actions
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 13 00:35:46 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 0.9.2+0:
|
|
* v0.9.2
|
|
* Fix changelog bugs and add missing entry
|
|
* Document `PINENTRY_PROGRAM` environment variable
|
|
* age: Add `Decryptor::new_async_buffered`
|
|
* age: `impl AsyncBufRead for ArmoredReader`
|
|
* Pre-initialize vectors when the capacity is known, or use arrays
|
|
* Use `PINENTRY_PROGRAM` as environment variable for `pinentry`
|
|
* Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely
|
|
* cargo update
|
|
* cargo vet prune
|
|
* Migrate to `cargo-vet 0.7`
|
|
* build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1
|
|
* Correct spelling in documentation
|
|
* build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4
|
|
* StreamWriter AsyncWrite: fix usage with futures::io::copy()
|
|
* rage: Use `Decryptor::new_buffered`
|
|
* age: Add `Decryptor::new_buffered`
|
|
* age: `impl BufRead for ArmoredReader`
|
|
* Update Homebrew formula to v0.9.1
|
|
* feat/pinentry: Use env var to define pinentry binary
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 11 11:13:29 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- As per https://en.opensuse.org/openSUSE:Package_description_guidelines
|
|
mention distinctive characteristics that offset this solution
|
|
from e.g. gpg.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 26 07:04:54 UTC 2023 - Soc Virnyl Estela <socvirnyl.estela@gmail.com>
|
|
|
|
- Update to version 0.9.1+0:
|
|
* ssh: Fix parsing of OpenSSH private key format
|
|
* ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys
|
|
* ssh: Add `aes256-gcm@openssh.com` cipher to test cases
|
|
* ssh: Extract common key material derivation logic for encrypted keys
|
|
* ssh: Use associated constants for key and IV sizes
|
|
* ssh: Add test cases for encrypted keys
|
|
- Add shell completions for fish and zsh.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 13 03:23:28 UTC 2023 - William Brown <william.brown@suse.com>
|
|
|
|
- bsc#1207039 - CVE-2023-22895 - update bzip2 crate
|
|
- Update of vendored dependencies
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 05 03:20:27 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update of vendored dependencies
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 21 15:00:46 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Do not have the main package recommend the bash-completion
|
|
sub-package, but rather have the subpackage supplement the
|
|
combination of tage-encryption and bash-completion.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 31 02:20:35 UTC 2022 - william.brown@suse.com
|
|
|
|
- Update to version 0.9.0+0:
|
|
* v0.9.0
|
|
* use pkcs1 crate to parse RSAPrivateKey ASN.1 object
|
|
* qa: Add workflow that runs `cargo vet --locked`
|
|
* qa: Import `cargo vet` audits from Firefox and zcashd
|
|
* qa: Add `crypto-reviewed` criteria or `cargo vet`
|
|
* qa: `cargo vet init`
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 09 03:56:26 UTC 2022 - william.brown@suse.com
|
|
|
|
- Set minimum rust requirement to 1.59
|
|
- Update to version 0.8.1+0:
|
|
* v0.8.1
|
|
* Revert updates to `dashmap` and `indexmap`
|
|
* cargo update
|
|
* age: Add passphrase to scrypt_work_factor_23 testkit test file
|
|
* age: Reject invalid or non-canonical X25519 recipient stanzas
|
|
* age: Require "contributory" behaviour for X25519 recipient stanzas
|
|
* age: Add testkit test files from reference impl
|
|
* Update Homebrew formula to v0.8.0
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 03 00:27:46 UTC 2022 - william.brown@suse.com
|
|
|
|
- Update to version 0.8.0+0:
|
|
* v0.8.0
|
|
* age: Allow ciphertexts that encrypt the empty plaintext
|
|
* Update Italian translation
|
|
* Don't allow -i/--identity with passphrase-encrypted files
|
|
* age: Require the last STREAM chunk to be non-empty
|
|
* age: Return correct response encoding for `confirm` command
|
|
* age: Base64-decode metadata arguments to "confirm" message
|
|
* age: Extract "confirm" command handling into a helper function
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 5 05:38:22 UTC 2022 - William Brown <william.brown@suse.com>
|
|
|
|
- Automatic update of vendored dependencies
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 22:53:25 UTC 2022 - william.brown@suse.com
|
|
|
|
- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 12:00:00 UTC 2022 - cunix@mail.de
|
|
|
|
- switched to vendored_licenses_packager as build dependency
|
|
- define macro "rust_tier1_arches" if undefined
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 15 03:58:13 UTC 2022 - William Brown <william.brown@suse.com>
|
|
|
|
- Add specific lock file path to _service for cargo audit to prevent
|
|
confusion with the lock files in the fuzz folders.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 31 12:00:00 UTC 2022 - cunix@mail.de
|
|
|
|
- Update to version 0.7.1
|
|
* Fixed a bug where non-canonical recipient stanza bodies in an age
|
|
file header would cause rage to crash instead of being rejected
|
|
* vendor.tar.xz updated from source code Cargo.lock file
|
|
|
|
- Added:
|
|
* binary rage-mount
|
|
* bash-completion for rage, rage-keygen and rage-mount
|
|
* manual pages for rage, rage-keygen and rage-mount
|
|
* Licenses files
|
|
* Licenses files of vendored crates extracted
|
|
with script "vendored_licenses_packager.sh"
|
|
* README and CHANGELOG files
|
|
* possibility to build without cargo-packaging for "older" distros
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 19 01:08:01 UTC 2021 - william.brown@suse.com
|
|
|
|
- Update to version 0.7.0~git0.c93b914:
|
|
* v0.7.0
|
|
* cargo update fuzz*
|
|
* Update lockfiles for fuzzers
|
|
* rage: Pin clap to 3.0.0-beta.2
|
|
* CI: Add bitrot check to ensure examples and benchmarks still compile
|
|
* console 0.15
|
|
* age: Re-export `secrecy` crate
|
|
* age-core: Improve crate documentation
|
|
* age-core: Re-export `secrecy` crate
|
|
* age-core: Add `plugin::Error` enum
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 16 02:26:14 UTC 2021 - William Brown <william.brown@suse.com>
|
|
|
|
- Initial commit of rage
|