forked from pool/rage-encryption
- bsc#1229959 - RUSTSEC-2024-0006 - rust-shlex: Multiple issues involving quote API
OBS-URL: https://build.opensuse.org/package/show/security/rage-encryption?expand=0&rev=33
This commit is contained in:
commit
0492ad4c56
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
24
_service
Normal file
24
_service
Normal file
@ -0,0 +1,24 @@
|
||||
<services>
|
||||
<service mode="manual" name="obs_scm">
|
||||
<param name="url">https://github.com/str4d/rage.git</param>
|
||||
<param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.10.0</param>
|
||||
<param name="match-tag">*</param>
|
||||
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
|
||||
<param name="versionrewrite-replacement">\1</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
<param name="changesauthor">william.brown@suse.com</param>
|
||||
</service>
|
||||
<service mode="manual" name="tar" />
|
||||
<service mode="manual" name="recompress">
|
||||
<param name="file">*.tar</param>
|
||||
<param name="compression">gz</param>
|
||||
</service>
|
||||
<service mode="manual" name="set_version"/>
|
||||
<service name="cargo_vendor" mode="manual">
|
||||
<param name="srcdir">rage</param>
|
||||
<param name="compression">zst</param>
|
||||
<param name="update">true</param>
|
||||
</service>
|
||||
</services>
|
4
_servicedata
Normal file
4
_servicedata
Normal file
@ -0,0 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/str4d/rage.git</param>
|
||||
<param name="changesrevision">5c82b234c6ad3a537b80e8671ae59875464dd53f</param></service></servicedata>
|
3
rage-0.10.0+0.tar.gz
Normal file
3
rage-0.10.0+0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2a1eb1f73868b31bbb20e074b384f4b710572c98ebc1e31ad8fb3b35fdc234fd
|
||||
size 1646541
|
220
rage-encryption.changes
Normal file
220
rage-encryption.changes
Normal file
@ -0,0 +1,220 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 4 01:43:07 UTC 2024 - William Brown <william.brown@suse.com>
|
||||
|
||||
- bsc#1229959 - RUSTSEC-2024-0006 - rust-shlex: Multiple issues involving quote API
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 22 12:15:24 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
|
||||
|
||||
- Enable tests
|
||||
- Install all language manpages
|
||||
- Fix -keygen installing to -mount
|
||||
- Switch from obsoleted practices to modern ones:
|
||||
* %setup is now %autosetup
|
||||
* cargo_config is now part of vendor file
|
||||
* disabledrun is now manualrun
|
||||
- Update to version 0.10.0+0:
|
||||
Added:
|
||||
* Russian translation
|
||||
* rage-keygen -y IDENTITY_FILE to convert identity files to
|
||||
recipients.
|
||||
Changed:
|
||||
* MSRV is now 1.65.0.
|
||||
* Migrated from gumdrop to clap for argument parsing.
|
||||
* -R/--recipients-file and -i/--identity now support "read-once"
|
||||
files, like those used by process substitution (-i
|
||||
<(other_binary get-age-identity)) and named pipes.
|
||||
* The filename - (hyphen) is now treated as an explicit request
|
||||
to read from standard input when used with -R/--recipients-file
|
||||
or -i/--identity. It must only occur once across the
|
||||
-R/--recipients-file and -i/--identity flags, and the input
|
||||
file. It cannot be used if the input file is omitted.
|
||||
Fixed:
|
||||
* OpenSSH private keys passed to -i/--identity that contain
|
||||
invalid public keys are no longer ignored when encrypting, and
|
||||
instead cause an error.
|
||||
* Weak ssh-rsa public keys that are smaller than 2048 bits are
|
||||
now rejected.
|
||||
* rage-keygen no longer overwrites existing key files with the
|
||||
-o/--output flag. This was its behaviour prior to 0.6.0, but
|
||||
was unintentionally changed when rage was modified to overwrite
|
||||
existing files. Key file overwriting can still be achieved by
|
||||
omitting -o/--output and instead piping stdout to the file.
|
||||
* rage-keygen now prints fatal errors directly instead of them
|
||||
being hidden behind the RUST_LOG=error environment variable. It
|
||||
also now sets its return code appropriately instead of always
|
||||
returning 0.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 26 03:59:43 UTC 2023 - William Brown <william.brown@suse.com>
|
||||
|
||||
- bsc#1215657 - chosen ciphertext attack possible against aes-gcm
|
||||
* update vendor.tar.zst to contain aes-gcm >= 0.10.3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 26 01:06:56 UTC 2023 - william.brown@suse.com
|
||||
|
||||
- Update to version 0.9.2+0:
|
||||
* CI: Ensure `apt` repository is up-to-date before installing build deps
|
||||
* CI: Build Linux releases using `ubuntu-20.04` runner
|
||||
* CI: Remove most uses of `actions-rs` actions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 13 00:35:46 UTC 2023 - william.brown@suse.com
|
||||
|
||||
- Update to version 0.9.2+0:
|
||||
* v0.9.2
|
||||
* Fix changelog bugs and add missing entry
|
||||
* Document `PINENTRY_PROGRAM` environment variable
|
||||
* age: Add `Decryptor::new_async_buffered`
|
||||
* age: `impl AsyncBufRead for ArmoredReader`
|
||||
* Pre-initialize vectors when the capacity is known, or use arrays
|
||||
* Use `PINENTRY_PROGRAM` as environment variable for `pinentry`
|
||||
* Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely
|
||||
* cargo update
|
||||
* cargo vet prune
|
||||
* Migrate to `cargo-vet 0.7`
|
||||
* build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1
|
||||
* Correct spelling in documentation
|
||||
* build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4
|
||||
* StreamWriter AsyncWrite: fix usage with futures::io::copy()
|
||||
* rage: Use `Decryptor::new_buffered`
|
||||
* age: Add `Decryptor::new_buffered`
|
||||
* age: `impl BufRead for ArmoredReader`
|
||||
* Update Homebrew formula to v0.9.1
|
||||
* feat/pinentry: Use env var to define pinentry binary
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 11 11:13:29 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- As per https://en.opensuse.org/openSUSE:Package_description_guidelines
|
||||
mention distinctive characteristics that offset this solution
|
||||
from e.g. gpg.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 26 07:04:54 UTC 2023 - Soc Virnyl Estela <socvirnyl.estela@gmail.com>
|
||||
|
||||
- Update to version 0.9.1+0:
|
||||
* ssh: Fix parsing of OpenSSH private key format
|
||||
* ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys
|
||||
* ssh: Add `aes256-gcm@openssh.com` cipher to test cases
|
||||
* ssh: Extract common key material derivation logic for encrypted keys
|
||||
* ssh: Use associated constants for key and IV sizes
|
||||
* ssh: Add test cases for encrypted keys
|
||||
- Add shell completions for fish and zsh.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 13 03:23:28 UTC 2023 - William Brown <william.brown@suse.com>
|
||||
|
||||
- bsc#1207039 - CVE-2023-22895 - update bzip2 crate
|
||||
- Update of vendored dependencies
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 05 03:20:27 UTC 2023 - william.brown@suse.com
|
||||
|
||||
- Update of vendored dependencies
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 21 15:00:46 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Do not have the main package recommend the bash-completion
|
||||
sub-package, but rather have the subpackage supplement the
|
||||
combination of tage-encryption and bash-completion.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 31 02:20:35 UTC 2022 - william.brown@suse.com
|
||||
|
||||
- Update to version 0.9.0+0:
|
||||
* v0.9.0
|
||||
* use pkcs1 crate to parse RSAPrivateKey ASN.1 object
|
||||
* qa: Add workflow that runs `cargo vet --locked`
|
||||
* qa: Import `cargo vet` audits from Firefox and zcashd
|
||||
* qa: Add `crypto-reviewed` criteria or `cargo vet`
|
||||
* qa: `cargo vet init`
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 09 03:56:26 UTC 2022 - william.brown@suse.com
|
||||
|
||||
- Set minimum rust requirement to 1.59
|
||||
- Update to version 0.8.1+0:
|
||||
* v0.8.1
|
||||
* Revert updates to `dashmap` and `indexmap`
|
||||
* cargo update
|
||||
* age: Add passphrase to scrypt_work_factor_23 testkit test file
|
||||
* age: Reject invalid or non-canonical X25519 recipient stanzas
|
||||
* age: Require "contributory" behaviour for X25519 recipient stanzas
|
||||
* age: Add testkit test files from reference impl
|
||||
* Update Homebrew formula to v0.8.0
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 03 00:27:46 UTC 2022 - william.brown@suse.com
|
||||
|
||||
- Update to version 0.8.0+0:
|
||||
* v0.8.0
|
||||
* age: Allow ciphertexts that encrypt the empty plaintext
|
||||
* Update Italian translation
|
||||
* Don't allow -i/--identity with passphrase-encrypted files
|
||||
* age: Require the last STREAM chunk to be non-empty
|
||||
* age: Return correct response encoding for `confirm` command
|
||||
* age: Base64-decode metadata arguments to "confirm" message
|
||||
* age: Extract "confirm" command handling into a helper function
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 5 05:38:22 UTC 2022 - William Brown <william.brown@suse.com>
|
||||
|
||||
- Automatic update of vendored dependencies
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 14 22:53:25 UTC 2022 - william.brown@suse.com
|
||||
|
||||
- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 14 12:00:00 UTC 2022 - cunix@mail.de
|
||||
|
||||
- switched to vendored_licenses_packager as build dependency
|
||||
- define macro "rust_tier1_arches" if undefined
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 15 03:58:13 UTC 2022 - William Brown <william.brown@suse.com>
|
||||
|
||||
- Add specific lock file path to _service for cargo audit to prevent
|
||||
confusion with the lock files in the fuzz folders.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 31 12:00:00 UTC 2022 - cunix@mail.de
|
||||
|
||||
- Update to version 0.7.1
|
||||
* Fixed a bug where non-canonical recipient stanza bodies in an age
|
||||
file header would cause rage to crash instead of being rejected
|
||||
* vendor.tar.xz updated from source code Cargo.lock file
|
||||
|
||||
- Added:
|
||||
* binary rage-mount
|
||||
* bash-completion for rage, rage-keygen and rage-mount
|
||||
* manual pages for rage, rage-keygen and rage-mount
|
||||
* Licenses files
|
||||
* Licenses files of vendored crates extracted
|
||||
with script "vendored_licenses_packager.sh"
|
||||
* README and CHANGELOG files
|
||||
* possibility to build without cargo-packaging for "older" distros
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 19 01:08:01 UTC 2021 - william.brown@suse.com
|
||||
|
||||
- Update to version 0.7.0~git0.c93b914:
|
||||
* v0.7.0
|
||||
* cargo update fuzz*
|
||||
* Update lockfiles for fuzzers
|
||||
* rage: Pin clap to 3.0.0-beta.2
|
||||
* CI: Add bitrot check to ensure examples and benchmarks still compile
|
||||
* console 0.15
|
||||
* age: Re-export `secrecy` crate
|
||||
* age-core: Improve crate documentation
|
||||
* age-core: Re-export `secrecy` crate
|
||||
* age-core: Add `plugin::Error` enum
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 16 02:26:14 UTC 2021 - William Brown <william.brown@suse.com>
|
||||
|
||||
- Initial commit of rage
|
156
rage-encryption.spec
Normal file
156
rage-encryption.spec
Normal file
@ -0,0 +1,156 @@
|
||||
#
|
||||
# spec file for package rage-encryption
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%{?!rust_tier1_arches:%global rust_tier1_arches x86_64 aarch64}
|
||||
|
||||
Name: rage-encryption
|
||||
# This will be set by osc services, that will run after this.
|
||||
Version: 0.10.0+0
|
||||
Release: 0
|
||||
Summary: X25519-based, simple, modern, and secure file encryption tool
|
||||
# If you know the license, put it's SPDX string here.
|
||||
# Alternately, you can use cargo lock2rpmprovides to help generate this.
|
||||
License: (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND MIT
|
||||
# Select a group from this link:
|
||||
# https://en.opensuse.org/openSUSE:Package_group_guidelines
|
||||
Group: Productivity/Security
|
||||
URL: https://github.com/str4d/rage
|
||||
Source0: rage-%{version}.tar.gz
|
||||
Source1: vendor.tar.zst
|
||||
%if %{suse_version} > 1500
|
||||
BuildRequires: cargo-packaging
|
||||
%endif
|
||||
# Requires >1.59 for thread::available_parallelism
|
||||
BuildRequires: cargo >= 1.59
|
||||
BuildRequires: libzstd-devel
|
||||
BuildRequires: vendored_licenses_packager
|
||||
# for feature mount
|
||||
BuildRequires: fuse-devel
|
||||
Recommends: pinentry
|
||||
BuildRequires: zstd
|
||||
Conflicts: rage
|
||||
ExclusiveArch: %{rust_tier1_arches}
|
||||
|
||||
%description
|
||||
Rage is a simple, modern, and secure file encryption tool, using the
|
||||
age format. It features small explicit keys, no config options, and
|
||||
UNIX-style composability.
|
||||
|
||||
Keys are based on X25519 which are similar to the ones used by SSH.
|
||||
rage-encryption can also use ssh-ed25519 and ssh-rsa keys as
|
||||
alternatives to age1 keys.
|
||||
|
||||
%package bash-completion
|
||||
Summary: Bash completion for %{name}
|
||||
Group: Productivity/Security
|
||||
BuildArch: noarch
|
||||
Requires: %{name}
|
||||
Requires: bash-completion
|
||||
Supplements: (%{name} and bash-completion)
|
||||
Conflicts: rage
|
||||
|
||||
%description bash-completion
|
||||
Bash command line completion support for %{name}
|
||||
|
||||
%package fish-completion
|
||||
Summary: Fish Completion for %{name}
|
||||
Group: Productivity/Security
|
||||
Supplements: (%{name} and fish)
|
||||
Requires: fish
|
||||
BuildArch: noarch
|
||||
|
||||
%description fish-completion
|
||||
Fish command-line completion support for %{name}.
|
||||
|
||||
%package zsh-completion
|
||||
Summary: Zsh Completion for %{name}
|
||||
Group: Productivity/Security
|
||||
Supplements: (%{name} and zsh)
|
||||
Requires: zsh
|
||||
BuildArch: noarch
|
||||
|
||||
%description zsh-completion
|
||||
Zsh command-line completion support for %{name}.
|
||||
|
||||
%prep
|
||||
%autosetup -a 1 -n rage-%{version}
|
||||
%vendored_licenses_packager_prep
|
||||
|
||||
%build
|
||||
%define build_args --manifest-path rage/Cargo.toml --features "mount" --release %{?_smp_mflags}
|
||||
|
||||
%if %{suse_version} > 1500
|
||||
%{cargo_build} --features "mount"
|
||||
%else
|
||||
cargo build %{build_args}
|
||||
%endif
|
||||
|
||||
%check
|
||||
%if %{suse_version} > 1500
|
||||
%{cargo_test} --features "mount"
|
||||
%else
|
||||
cargo test %{build_args}
|
||||
%endif
|
||||
|
||||
%install
|
||||
pushd target/release
|
||||
|
||||
# Install each part of the tool and their respective completions.
|
||||
for i in "" -keygen -mount; do
|
||||
install -D -m 0755 rage$i %{buildroot}%{_bindir}/rage$i
|
||||
install -D -p -m 644 completions/rage$i.bash %{buildroot}%{_datadir}/bash-completion/completions/rage$i
|
||||
install -D -p -m 644 completions/_rage$i %{buildroot}%{_datadir}/zsh/site-functions/_rage$i
|
||||
install -D -p -m 644 completions/rage$i.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/rage$i.fish
|
||||
done
|
||||
|
||||
pushd manpages
|
||||
mv es_AR es # es_AR doesn't seem to be a correct manpage locale
|
||||
find . -name "*.1.gz" -exec install -Dpm644 {} %{buildroot}%{_mandir}/{} \;
|
||||
popd
|
||||
popd
|
||||
|
||||
%vendored_licenses_packager_install
|
||||
%find_lang rage{,-keygen,-mount} rage.lang --with-man --all-name
|
||||
|
||||
%files -f rage.lang
|
||||
%{_bindir}/rage
|
||||
%{_bindir}/rage-keygen
|
||||
%{_bindir}/rage-mount
|
||||
%doc README.md rage/CHANGELOG.md
|
||||
# accept duplicates here
|
||||
%license LICENSE-APACHE LICENSE-MIT
|
||||
%vendored_licenses_packager_files
|
||||
%{_mandir}/man1/rage*.1%{?ext_man}
|
||||
|
||||
%files bash-completion
|
||||
%license LICENSE-APACHE LICENSE-MIT
|
||||
%{_datadir}/bash-completion/completions/rage*
|
||||
|
||||
%files fish-completion
|
||||
%license LICENSE-APACHE LICENSE-MIT
|
||||
%dir %{_datadir}/fish
|
||||
%dir %{_datadir}/fish/vendor_completions.d
|
||||
%{_datadir}/fish/vendor_completions.d/rage*.fish
|
||||
|
||||
%files zsh-completion
|
||||
%license LICENSE-APACHE LICENSE-MIT
|
||||
%dir %{_datadir}/zsh
|
||||
%dir %{_datadir}/zsh/site-functions
|
||||
%{_datadir}/zsh/site-functions/_rage*
|
||||
|
||||
%changelog
|
3
vendor.tar.zst
Normal file
3
vendor.tar.zst
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:01bbc54ef2aff3935b8ef8c0462be718bceefa4e1076aa47ea43aff0b3b0bcbb
|
||||
size 28370756
|
Loading…
Reference in New Issue
Block a user