Age | Commit message (Collapse) | Author |
|
This reverts commit 6e555106da58e943a7f2a3091c89c282232fc968.
|
|
|
|
- Only emit the warning if we detect non-interactive use and are
emitting data that could be scraped resulting in fragile
constructs.
- Fixes #653.
|
|
- Make the create_or_stdout* functions available as methods on the
Config struct. Adapt callsites.
- Also, differentiate between data that is safe to redirect to a
file or pipe to the next program (e.g. OpenPGP data, decrypted or
authenticated payloads) and data that could possibly be
scraped (e.g. packet dumps).
|
|
- The `syn` crate really does not want users to refer to their private
re-exports (https://github.com/dtolnay/syn/commit/957840e, in 1.0.58).
- Pull in `ToTokens` from its original source, `quote`.
- Fixes building with `syn >= 1.0.58`.
|
|
|
|
- Fixes #667.
|
|
- See #667.
|
|
|
|
- Spaces in key ids and fingerprints make them awkward to copy and
pass as command line arguments. Change the default representation.
For the rare occasions that we expect users to manually verify
fingerprints, the previously introduced *::to_hex_pretty functions
can be used.
- Fixes #422.
|
|
|
|
- These are explicitly intended for manual comparison of key ids and
fingerprints.
- See #422.
|
|
- Use a more stable formatting when comparing fingerprints.
|
|
- Require at least one valid signature for `sq verify`. For `sq
decrypt`, require one if at least one signer cert is given.
- Document what happens if signature verification fails, or message
tampering is detected using the SEIP packet.
- Fixes #677.
|
|
- Fixes #273.
|
|
- Add 'Note:' and fix alignment.
|
|
- The conditional was inverted by mistake.
- Fixes 4df9befdb10cc336a9df49b65fdfef659296aa61.
- Fixes #662.
|
|
- See #677.
|
|
|
|
|
|
- Implement verification of messages using the Cleartext Signature
Framework by detecting them in the armor reader, and transforming
them on the fly to inline signed messages.
- The transformation is not perfect. We need to synthesize
one-pass-signatures, but we only know the hash algorithm(s) used.
Luckily, this is the only information the packet parser needs.
- We only enable the transformation when using stream::Verifier.
The transformation is transparent to the caller. Currently, there
is no way to disable this. In the next major revision, we may add
ways to control this behavior.
- Fixes #151.
|
|
- Previously, we called VerificationHelper::get_certs once we saw
the literal data packet. The classic OpenPGP rationale for having
the signer's keyid in the OPS packet is so that consuming
implementations can avoid hashing the body if they don't have the
certificate to verify the signature with.
- However, there is a better opportunity to do that: Just in time
before doing the actual verification when we have seen all the
signatures. This has the advantage that we may know fingerprints
instead of mere keyids.
- This is crucial for verifying messages using the Cleartext
Signature Framework where we do not know the issuers before
encountering the signatures.
- Also, deduplicate aliasing key handles, preferring fingerprints.
|
|
- See #151.
|
|
- See #151.
|
|
- Previously, armor::Reader implemented BufferedReader using the
Generic reader on top of IoReader's io::Read implementation.
However, that is no longer good enough, because we need to access
the cookie from (Io)Reader::initialize.
- The real fix is to directly implement the BufferedReader protocol.
That would have been the right thing to do from the beginning,
instead of using buffered_reader::Generic. This may actually
simplify the code and reduce buffering. However, implementing the
BufferedReader protocol is a bit error-prone, so we defer it once
again!
- Instead, manually inline the code from the Generic reader.
- In the following commits, we will take advantage of that and
access the cookie.
|
|
- In the next commit, we will inline buffered_reader::Generic, which
also hash a field called 'buffer'. To avoid changing any code
copied from the generic reader, rename this field first.
|
|
- Anything beyond 24 bits is masked off anyway, so this doesn't
change the result of the checksum.
|
|
- setuptools 52.0.0, which is not in Debian bullseye, requires pip.
Thus, transitively, we do to.
|
|
|
|
|
|
- Previously, Sequoia did not properly consume excess bytes in a
compression container that were not part of the compressed data.
This resulted in the parser erroneously trying to parse the excess
data into packets. Fix this by dropping any excess data.
- We do this by reverting a previous change that made dropping
excess data conditional. However, the reason for that change is
unclear, and reverting it does not seem to have adverse effects.
- This reverts commit c0f3de2e7fecc12717313900fdf4348e40ffb1f4.
- Fixes #675.
|
|
- Reorder fields so that the inner reader comes last. When looking
at the derived debug output, it is easier to see the fields
belonging to the current reader. With the inner reader coming
last, it also resembles walking up the stack.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- smallvec < 1.6.1 has a vulnerability in SmallVec::insert_many.
Our two dependencies that use smallvec, rusqlite 0.24.2 and
num-bigint-dig 0.6.1, do not seem to use that specific function.
Bumping the dependency to be safe.
- https://rustsec.org/advisories/RUSTSEC-2021-0003
- https://github.com/servo/rust-smallvec/issues/252
- Fixes #661
|
|
|
|
|
|
|
|
|
|
|
|
- It comes with preinstalled debian packages and /target.
|
|
|
|
|
|
- Fixes a crash in Decryptor::verify_detached when verifying
detached signatures by rejecting any non-signature packets when
parsing the alleged signatures.
|