Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package omemo-utils for openSUSE:Factory checked in at 2024-03-29 13:09:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/omemo-utils (Old) and /work/SRC/openSUSE:Factory/.omemo-utils.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "omemo-utils" Fri Mar 29 13:09:56 2024 rev:4 rq:1163338 version:1.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/omemo-utils/omemo-utils.changes 2024-02-21 17:58:18.527409124 +0100 +++ /work/SRC/openSUSE:Factory/.omemo-utils.new.1905/omemo-utils.changes 2024-03-29 13:10:47.834776502 +0100 @@ -1,0 +2,6 @@ +Thu Mar 21 13:57:31 UTC 2024 - Michael Vetter <mvetter@suse.com> + +- Add omemo-utils-1.0.0-fix-server-decryption.patch: + Add support for non optimal server configurations + +------------------------------------------------------------------- New: ---- omemo-utils-1.0.0-fix-server-decryption.patch BETA DEBUG BEGIN: New: - Add omemo-utils-1.0.0-fix-server-decryption.patch: Add support for non optimal server configurations BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ omemo-utils.spec ++++++ --- /var/tmp/diff_new_pack.wW2zLl/_old 2024-03-29 13:10:48.234791204 +0100 +++ /var/tmp/diff_new_pack.wW2zLl/_new 2024-03-29 13:10:48.238791351 +0100 @@ -25,6 +25,8 @@ URL: https://github.com/wstrm/omemo-utils Source: https://github.com/wstrm/omemo-utils/archive/v%{version}.tar.gz Patch0: https://github.com/wstrm/omemo-utils/commit/866db1fc3577c93e1be44d558feca5b5... +# PATCH-FIX-UPSTREAM gh#wstrm/omemo-utils#5 +Patch1: omemo-utils-1.0.0-fix-server-decryption.patch BuildRequires: libcurl-devel BuildRequires: libgcrypt-devel >= 1.7.0 ++++++ omemo-utils-1.0.0-fix-server-decryption.patch ++++++ From 154df193d71c095dc2f75ed70d852345679afdab Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel <s@jaeckel.eu> Date: Thu, 7 Dec 2023 14:53:41 +0100 Subject: [PATCH 1/2] Add `-k` flag to skip certificate check of server Signed-off-by: Steffen Jaeckel <s@jaeckel.eu> --- omut.c | 10 +++++++--- stream.c | 7 ++++++- stream.h | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/omut.c b/omut.c index e728065..7735509 100644 --- a/omut.c +++ b/omut.c @@ -38,13 +38,17 @@ void print_crypto_material(char *type, unsigned char *material, int len) { int main(int argc, char **argv) { int opt; int direction = ENCRYPT; + bool insecure = false; char *output_path = NULL; - while ((opt = getopt(argc, argv, ":do:")) != -1) { + while ((opt = getopt(argc, argv, ":dko:")) != -1) { switch (opt) { case 'd': direction = DECRYPT; continue; + case 'k': + insecure = true; + continue; case 'o': output_path = optarg; continue; @@ -97,9 +101,9 @@ int main(int argc, char **argv) { key = gcry_random_bytes_secure(AES256_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM); gcry_create_nonce(nonce, AES256_GCM_NONCE_LENGTH); - in_stream = stream_open(raw_url); + in_stream = stream_open(raw_url, insecure); } else { - in_stream = stream_open(parsed_url); + in_stream = stream_open(parsed_url, insecure); } free(parsed_url); diff --git a/stream.c b/stream.c index 44ecaa3..3fb72d0 100644 --- a/stream.c +++ b/stream.c @@ -134,7 +134,7 @@ char *parse_aesgcm_url(char *url, unsigned char *nonce, size_t nonce_size, return NULL; } -STREAM *stream_open(const char *url) { +STREAM *stream_open(const char *url, bool insecure) { CURLcode res; STREAM *stream; @@ -157,6 +157,11 @@ STREAM *stream_open(const char *url) { curl_easy_setopt(hd, CURLOPT_WRITEFUNCTION, write_callback); curl_easy_setopt(hd, CURLOPT_WRITEDATA, (void *)stream); + if (insecure) { + curl_easy_setopt(hd, CURLOPT_SSL_VERIFYHOST, 0L); + curl_easy_setopt(hd, CURLOPT_SSL_VERIFYPEER, 0L); + } + res = curl_easy_perform(hd); if (res != CURLE_OK) { free(stream); diff --git a/stream.h b/stream.h index f949da8..249ff5b 100644 --- a/stream.h +++ b/stream.h @@ -20,6 +20,6 @@ struct stream_data { typedef struct stream_data STREAM; size_t stream_read(void *buffer, size_t bytes, STREAM *stream); -STREAM *stream_open(const char *url); +STREAM *stream_open(const char *url, bool insecure); char *parse_aesgcm_url(char *url, unsigned char *nonce, size_t nonce_size, unsigned char *key, size_t key_size); From 97f36a8d3175bbe305815c9e0c1011110914bff1 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel <s@jaeckel.eu> Date: Thu, 7 Dec 2023 14:54:45 +0100 Subject: [PATCH 2/2] Use `actual_size` if `expected_size` is not set Otherwise decryption fails because the tag offset is calculated wrong. Signed-off-by: Steffen Jaeckel <s@jaeckel.eu> --- crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypt.c b/crypt.c index 684d573..09daf14 100644 --- a/crypt.c +++ b/crypt.c @@ -19,7 +19,7 @@ int aes256gcm_crypt(STREAM *in, FILE *out, unsigned char key[], abort(); } - off_t file_size = in->expected_size; + off_t file_size = in->expected_size ? in->expected_size : in->actual_size; if (!encrypt) { file_size -= AES256_GCM_TAG_LENGTH; }