summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeah Neukirchen <leah@vuxu.org>2020-01-07 17:42:28 +0100
committerLeah Neukirchen <leah@vuxu.org>2020-01-07 17:42:28 +0100
commite52db9dae7275c0325cd203fa7039a4a33bf5a7e (patch)
treea9fea5bd0317e1128a08ab84d68415f50be63899
parent2a9d46ad206f7cb2f9d6acf0b01445851ea8b215 (diff)
downloadoutils-0.9.tar.gz
outils-0.9.tar.xz
outils-0.9.zip
cvs update v0.9
-rw-r--r--src/usr.bin/calendar/day.c14
-rw-r--r--src/usr.bin/signify/signify.18
-rw-r--r--src/usr.bin/signify/signify.c6
-rw-r--r--src/usr.bin/signify/zsig.c17
4 files changed, 24 insertions, 21 deletions
diff --git a/src/usr.bin/calendar/day.c b/src/usr.bin/calendar/day.c
index c94a844..e271250 100644
--- a/src/usr.bin/calendar/day.c
+++ b/src/usr.bin/calendar/day.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: day.c,v 1.36 2019/02/01 16:22:53 millert Exp $	*/
+/*	$OpenBSD: day.c,v 1.37 2019/08/12 20:03:28 millert Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993, 1994
@@ -323,10 +323,12 @@ isnow(char *endp, int bodun)
 		if (month == -1) {
 			month = tp->tm_mon + 1;
 			interval = MONTHLY;
-		} else if (calendar)
-			adjust_calendar(&day, &month);
-		if ((month > 12) || (month < 1))
-			return (NULL);
+		} else {
+			if ((month > 12) || (month < 1))
+				return (NULL);
+			if (calendar)
+				adjust_calendar(&day, &month);
+		}
 	}
 
 	/* 2. {Monthname} XYZ ... */
@@ -371,6 +373,8 @@ isnow(char *endp, int bodun)
 		else {
 			/* F_ISDAY set, v2 > 12, or no way to tell */
 			month = v1;
+			if ((month > 12) || (month < 1))
+				return (NULL);
 			/* if no recognizable day, assume the first */
 			day = v2 ? v2 : 1;
 			if ((flags & F_ISDAY)) {
diff --git a/src/usr.bin/signify/signify.1 b/src/usr.bin/signify/signify.1
index 4db0de2..fc76fa5 100644
--- a/src/usr.bin/signify/signify.1
+++ b/src/usr.bin/signify/signify.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: signify.1,v 1.47 2019/05/08 17:55:41 tedu Exp $
+.\" $OpenBSD: signify.1,v 1.48 2019/08/10 03:56:02 deraadt Exp $
 .\"
 .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
 .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
@@ -14,7 +14,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: May 8 2019 $
+.Dd $Mdocdate: August 10 2019 $
 .Dt SIGNIFY 1
 .Os
 .Sh NAME
@@ -170,12 +170,12 @@ Verify a release directory containing
 .Pa SHA256.sig
 and a full set of release files:
 .Bd -literal -offset indent -compact
-$ signify -C -p /etc/signify/openbsd-66-base.pub -x SHA256.sig
+$ signify -C -p /etc/signify/openbsd-67-base.pub -x SHA256.sig
 .Ed
 .Pp
 Verify a bsd.rd before an upgrade:
 .Bd -literal -offset indent -compact
-$ signify -C -p /etc/signify/openbsd-66-base.pub -x SHA256.sig bsd.rd
+$ signify -C -p /etc/signify/openbsd-67-base.pub -x SHA256.sig bsd.rd
 .Ed
 .Pp
 Sign a gzip archive:
diff --git a/src/usr.bin/signify/signify.c b/src/usr.bin/signify/signify.c
index 4829007..5c577e8 100644
--- a/src/usr.bin/signify/signify.c
+++ b/src/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.132 2019/07/03 03:24:02 deraadt Exp $ */
+/* $OpenBSD: signify.c,v 1.134 2019/12/22 06:37:25 espie Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -147,6 +147,8 @@ parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
 		errx(1, "unable to parse %s", filename);
 	if (memcmp(buf, PKALG, 2) != 0)
 		errx(1, "unsupported file %s", filename);
+	*commentend = '\n';
+	*b64end = '\n';
 	return b64end - b64 + 1;
 }
 
@@ -517,7 +519,7 @@ readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
     const char *sigcomment, const char *keytype)
 {
 	const char *safepath = "/etc/signify";
-	char keypath[1024];
+	char keypath[PATH_MAX];
 
 	if (!pubkeyfile) {
 		pubkeyfile = strstr(sigcomment, VERIFYWITH);
diff --git a/src/usr.bin/signify/zsig.c b/src/usr.bin/signify/zsig.c
index 35ab0cd..e3533fd 100644
--- a/src/usr.bin/signify/zsig.c
+++ b/src/usr.bin/signify/zsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: zsig.c,v 1.16 2019/03/23 07:10:06 tedu Exp $ */
+/* $OpenBSD: zsig.c,v 1.18 2019/12/22 06:37:25 espie Exp $ */
 /*
  * Copyright (c) 2016 Marc Espie <espie@openbsd.org>
  *
@@ -180,8 +180,8 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
     const char *keytype)
 {
 	struct gzheader h;
-	size_t bufsize;
-	char *p, *meta;
+	size_t bufsize, len;
+	char *p;
 	uint8_t *bufend;
 	int fdin, fdout;
 
@@ -197,13 +197,13 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 	if (!(h.flg & FCOMMENT_FLAG))
 		errx(1, "unsigned gzip archive");
 	fake[8] = h.xflg;
+	len = h.endcomment-h.comment;
 
-	p = verifyzdata(h.comment, h.endcomment-h.comment, sigfile,
+	p = verifyzdata(h.comment, len, sigfile,
 	    pubkeyfile, keytype);
 
 	bufsize = MYBUFSIZE;
 
-	meta = p;
 #define BEGINS_WITH(x, y) memcmp((x), (y), sizeof(y)-1) == 0
 
 	while (BEGINS_WITH(p, "algorithm=SHA512/256") ||
@@ -216,14 +216,11 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 
 	if (*p != '\n')
 		errx(1, "invalid signature");
-	*(p++) = 0;
 
 	fdout = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
-	/* we don't actually copy the header, but put in a fake one with about
-	 * zero useful information.
-	 */
 	writeall(fdout, fake, sizeof fake, msgfile);
-	writeall(fdout, meta, p - meta, msgfile);
+	writeall(fdout, h.comment, len+1, msgfile);
+	*(p++) = 0;
 	copy_blocks(fdout, fdin, p, h.endcomment, bufsize, bufend);
 	free(h.buffer);
 	close(fdout);