From 190d66cdae039f81e55d57b5ed658d3975a87500e8f6d639316e6110d0767792 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Wed, 21 Jan 2026 09:46:54 +0100 Subject: [PATCH] Update submodules from pool/minisign#1 and create patchinfo.20260121084629327942.93181000773252/_patchinfo --- minisign | 2 +- .../_patchinfo | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20260121084629327942.93181000773252/_patchinfo diff --git a/minisign b/minisign index 0120e9a..e3f15b1 160000 --- a/minisign +++ b/minisign @@ -1 +1 @@ -Subproject commit 0120e9a39fe814c08d782fffe15be2c85560be13608d429fdb726e9c3cb1a017 +Subproject commit e3f15b140a95061d207eaf63db2e7b0bac7e0d067349268a18b16805e1f07119 diff --git a/patchinfo.20260121084629327942.93181000773252/_patchinfo b/patchinfo.20260121084629327942.93181000773252/_patchinfo new file mode 100644 index 0000000..5a86391 --- /dev/null +++ b/patchinfo.20260121084629327942.93181000773252/_patchinfo @@ -0,0 +1,28 @@ + + AndreasStieger + moderate + recommended + Recommended update for minisign + This update for minisign fixes the following issues: + +Changes in minisign: + +- Bugfix: + * bugfix: duplicate command-line arguments [7dfdb3c] + +- Security fix: [gpg.fail/trustcomment] + * Trusted comment injection (minisign) [6c59875] + * trim(): only trim trailing \r\n, reject straight \r characters + +- Security fix: [gpg.fail/minisign] + * Trusted comment injection (minisign) [a10dc92] + * Bail out if the signature file contains unprintable characters + +- Update to version 0.12 + * Libsodium is now an optional dependency. When using the Zig + toolchain to compile Minisign, you can specify the + -Dwithout-libsodium flag to build and run without libsodium. + * Key identifiers are now zero-padded when printed. + + minisign + -- 2.51.1