Hello community,
here is the log from the commit of package opmsg for openSUSE:Factory checked in at 2017-11-14 12:57:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/opmsg (Old)
and /work/SRC/openSUSE:Factory/.opmsg.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opmsg"
Tue Nov 14 12:57:39 2017 rev:3 rq:541255 version:1.77s
Changes:
--------
--- /work/SRC/openSUSE:Factory/opmsg/opmsg.changes 2017-03-31 15:08:05.696197214 +0200
+++ /work/SRC/openSUSE:Factory/.opmsg.new/opmsg.changes 2017-11-14 12:57:43.157857865 +0100
@@ -1,0 +2,10 @@
+Mon Nov 13 10:45:36 UTC 2017 - astieger@suse.com
+
+- opmsg 1.77s:
+ * opmsg: correct error msg handling for libcrypto error queue
+ * opmsg: speeding up keystore load by introducing load flags
+ * opmsg: dont generate Kex keys in null crypto/signing case
+ * opmsg: allow to selfsign generated personas, so peer can also
+ --decrypt it and check sig
+
+-------------------------------------------------------------------
Old:
----
opmsg-1.75s.tar.gz
New:
----
opmsg-1.77s.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ opmsg.spec ++++++
--- /var/tmp/diff_new_pack.pol96j/_old 2017-11-14 12:57:44.277816915 +0100
+++ /var/tmp/diff_new_pack.pol96j/_new 2017-11-14 12:57:44.285816623 +0100
@@ -1,7 +1,7 @@
#
# spec file for package opmsg
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,18 @@
#
-%define gittag rel-1.75s
Name: opmsg
-Version: 1.75s
+Version: 1.77s
Release: 0
Summary: File encryption, sign and verify utility
License: GPL-3.0+
Group: Productivity/Security
Url: https://github.com/stealth/opmsg
-Source0: https://github.com/stealth/opmsg/archive/%{gittag}.tar.gz#/%{name}-%{version}.tar.gz
+Source0: https://github.com/stealth/opmsg/archive/rel-%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: gcc-c++
#BuildRequires: help2man
-BuildRequires: pkg-config
+BuildRequires: pkgconfig
BuildRequires: pkgconfig(openssl)
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
opmsg is a replacement for gpg which can encrypt/sign/verify your mails or
@@ -48,7 +46,7 @@
* Optional cross-domain ECDH Kex.
%prep
-%setup -q -n %{name}-%{gittag}
+%setup -q -n %{name}-rel-%{version}
%build
pushd src
@@ -64,7 +62,6 @@
#help2man ./%{name} --no-info --output %{buildroot}/%{_mandir}/man1/%{name}.1
%files
-%defattr(-,root,root)
%doc README.md LICENSE sample.config GPL3
%{_bindir}/%{name}
%{_bindir}/opmux
++++++ opmsg-1.75s.tar.gz -> opmsg-1.77s.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opmsg-rel-1.75s/README.md new/opmsg-rel-1.77s/README.md
--- old/opmsg-rel-1.75s/README.md 2016-11-11 11:48:40.000000000 +0100
+++ new/opmsg-rel-1.77s/README.md 2017-11-09 14:47:16.000000000 +0100
@@ -35,6 +35,8 @@
_opmsg_ builds fine with any of the OpenSSL, LibreSSL and BoringSSL libcrypto libraries.
Building against BoringSSL is not recommended due to missing blowfish and ripemd algorithms.
+You can use various transports with _opmsg_ such as Mail or [drops](https://github.com/stealth/drops).
+
Build
-----
@@ -376,7 +378,13 @@
MUA integration
---------------
-There are two ways to integrate _opmsg_ into your MUA. For cool
+First, add to your _~/.gnupg/options_ file the following line:
+
+```
+keyid-format long
+```
+
+Next, there are two possible ways to integrate _opmsg_ into your MUA. For cool
MUAs like __mutt__, you may build a dedicated _.muttrc_ by adding:
```
@@ -432,11 +440,18 @@
_opmux_ is a wrapper for _opmsg_ and _gpg_, which transparently forwards encryption and decryption
requests to the right program, by checking message markers and persona ids.
+This way you may use your _opmsg_ and _gpg_ setup in parallel and the correct (de)crypt program is
+automagically invoked. When you send a Mail and an _opmsg_ persona is found for the destination,
+_opmsg_ is used for encryption, otherwise _gpg_ is used.
This requires your personas to be properly `--link`ed or having a valid `my_id` in your
-_opmsg_ config. _opmux_ may miss recipients with Cc/Bcc for gpg in above mutt setup.
+_opmsg_ config.
+
+For __enigmail__ or other MUAs you would just configure the gpg-path to be `/path/to/opmux` and you
+are done (but dont forget the `keyid-format long` from the first step).
-For __enigmail__ or other MUAs you would just configure the gpg-path to be `/usr/local/bin/opmux` and add
-`keyid-format long` to your _~/.gnupg/config_ file and you are done.
+_opmux_ prefers the _gpg2_ over the _gpg_ binary if both gpg versions are installed. If you
+have both gpg versions installed in parallel but for whatever reason want to work with your (old) gpg1 keys,
+you have to change the call order in `opmux.c` _gpg()_ function.
All this however is just for convenience. The more GUI and layering you add to your
_opmsg_ setup, the more chance you have to use wrong destination or source personas. So
@@ -600,13 +615,8 @@
Meta data
---------
-As _opmsg_ adds additional ids to the mail, it is possible to send all
-mail to random address of the destination persona provider who then
-could route it to the real mailbox or even offer everything as a single
-blob to download for everyone.
-This may be useful to defeat mail meta data collection. op-messages are
-self contained and ASCII-armored, so they could also be pasted to OTR,
-newsgroups, chats or paste-sites and picked up by the target persona from within
-a swarm. Also see above discussion of persona linking.
-
+If you care about meta data collection and want to reduce your data-tracks
+even further, check out [drops](https://github.com/stealth/drops).
+_drops_ is a p2p transport network for _opmsg_. It allows you to anonymously
+drop end2end encrypted op-messages without leaking meta-data such as mail headers.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opmsg-rel-1.75s/src/Makefile new/opmsg-rel-1.77s/src/Makefile
--- old/opmsg-rel-1.75s/src/Makefile 2016-11-11 11:48:40.000000000 +0100
+++ new/opmsg-rel-1.77s/src/Makefile 2017-11-09 14:47:16.000000000 +0100
@@ -1,3 +1,9 @@
+# On most Linux distros, this should do. For BSD, please check
+# README.md about the defines that you have to pass when invoking "make".
+# For OSX or if you want to use non-default distro crypto libs (libressl,
+# openssl-dev, openssl-asan etc.), adjust the path names below accordingly.
+#
+
CXX=c++
DEFS=
INC=
@@ -8,8 +14,12 @@
# Cygwin was reported to require this:
#DEFS+=-U__STRICT_ANSI__
+# reported to work with OSX brew
+#INC+=-I/opt/local/include
+#LIBS+=-L/opt/local/lib
+
-# this worked for me on OSX
+# my alternate openssl path for 1.1.0
#INC+=-I/usr/local/ssl/include
#LIBS+=-L/usr/local/ssl/lib
#LIBS+=-Wl,--rpath=/usr/local/ssl/lib
@@ -36,6 +46,12 @@
# Enable chacha20-poly1305 if avail
#DEFS+=-DCHACHA20
+
+###
+### No editing should be needed below this line.
+###
+
+
CXXFLAGS=-Wall -O2 -pedantic -std=c++11 $(INC) $(DEFS)
LD=c++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opmsg-rel-1.75s/src/contrib/opmux.cc new/opmsg-rel-1.77s/src/contrib/opmux.cc
--- old/opmsg-rel-1.75s/src/contrib/opmux.cc 2016-11-11 11:48:40.000000000 +0100
+++ new/opmsg-rel-1.77s/src/contrib/opmux.cc 2017-11-09 14:47:16.000000000 +0100
@@ -168,7 +168,7 @@
// hash algo not relevant for searching
unique_ptr<keystore> ks(new (nothrow) keystore("sha256", cfg));
- if (!ks.get() || ks->load() < 0)
+ if (!ks.get() || ks->load("", LFLAGS_ALL & ~LFLAGS_KEX) < 0)
return 0;
// if hex id as rcpt, try right away
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opmsg-rel-1.75s/src/keystore.cc new/opmsg-rel-1.77s/src/keystore.cc
--- old/opmsg-rel-1.75s/src/keystore.cc 2016-11-11 11:48:40.000000000 +0100
+++ new/opmsg-rel-1.77s/src/keystore.cc 2017-11-09 14:47:16.000000000 +0100
@@ -1,7 +1,7 @@
/*
* This file is part of the opmsg crypto message framework.
*
- * (C) 2015-2016 by Sebastian Krahmer,
+ * (C) 2015-2017 by Sebastian Krahmer,
* sebastian [dot] krahmer [at] gmail [dot] com
*
* opmsg is free software: you can redistribute it and/or modify
@@ -165,7 +165,7 @@
}
-int keystore::load(const string &hex)
+int keystore::load(const string &hex, uint32_t how)
{
if (hex.size() > 0) {
if (!is_hex_hash(hex) || hex.size() < 16)
@@ -182,7 +182,7 @@
unique_ptr<persona> p(new (nothrow) persona(cfgbase, hex));
if (!p.get())
return build_error("keystore::load:: OOM", -1);
- if (p->load() < 0)
+ if (p->load("", how) < 0)
return build_error("keystore::load::" + string(p->why()), -1);
personas[hex] = p.release();
return 0;
@@ -195,14 +195,11 @@
if (!d)
return build_error("load::opendir:", -1);
- dirent de, *result = nullptr;
+ dirent *de = nullptr;
for (;;) {
- memset(&de, 0, sizeof(de));
- if (readdir_r(d, &de, &result) < 0)
+ if ((de = readdir(d)) == nullptr)
break;
- if (!result)
- break;
- dhex = result->d_name;
+ dhex = de->d_name;
if (!is_hex_hash(dhex))
continue;
@@ -218,7 +215,7 @@
break;
// might have stale DH keys or so, so dont abort on -1
- if (p->load() < 0) {
+ if (p->load("", how) < 0) {
delete p;
continue;
}
@@ -707,7 +704,7 @@
}
-int persona::load(const std::string &dh_hex)
+int persona::load(const std::string &dh_hex, uint32_t how)
{
size_t r = 0;
char buf[8192], *fr = nullptr;
@@ -785,7 +782,7 @@
unlockf(f.get());
}
- // load EC/RSA keys
+ // load EC/RSA persona key
string pub_pem = "", priv_pem = "";
file = dir + "/" + ptype + ".pub.pem";
@@ -831,26 +828,26 @@
}
// if a certain dh_hex was given, only load this one. A dh_hex of special kind, only
- // make us load RSA keys
+ // make us load persona keys
if (dh_hex.size() > 0) {
if (dh_hex == marker::rsa_kex_id || dh_hex == marker::ec_kex_id)
return 0;
return this->load_dh(dh_hex);
}
+ if (!(how & LFLAGS_KEX))
+ return 0;
+
// otherwise, add all DH keys that are available
DIR *d = opendir(dir.c_str());
if (!d)
return build_error("load_keys::opendir:", -1);
- dirent de, *result = nullptr;
+ dirent *de = nullptr;
for (;;) {
- memset(&de, 0, sizeof(de));
- if (readdir_r(d, &de, &result) < 0)
- break;
- if (!result)
+ if ((de = readdir(d)) == nullptr)
break;
- hex = result->d_name;
+ hex = de->d_name;
if (!is_hex_hash(hex))
continue;
this->load_dh(hex);
@@ -1145,8 +1142,8 @@
pub = "";
priv = "";
- BIGNUM *pub_key = nullptr;
- DH_get0_key(dh.get(), &pub_key, nullptr);
+ const BIGNUM *pub_key = nullptr;
+ opmsg::DH_get0_key(dh.get(), &pub_key, nullptr);
if (bn2hexhash(md, pub_key, hex) < 0)
return build_error("gen_dh_key::bn2hexhash: Error hashing DH key.", -1);
@@ -1240,8 +1237,8 @@
if (i > 0)
return build_error("add_dh_key:: Trying to add multiple DH keys as one.", v0);
unique_ptr