cjose
No description set
- Devel package for openSUSE:Factory
-
4
derived packages
- Links to openSUSE:Factory / cjose
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout devel:libraries:c_c++/cjose && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
cjose-0.6.2.2.tar.gz | 0000498461 487 KB | |
cjose.changes | 0000003162 3.09 KB | |
cjose.spec | 0000002431 2.37 KB |
Revision 9 (latest revision is 10)
Dirk Mueller (dirkmueller)
accepted
request 1099220
from
Danilo Spinella (dspinella)
(revision 9)
- Switch to OpenIDC fork of cjose - Update to 0.6.2.2: * use fixed authentication tag length of 16 octets in AES GCM decryption * avoid use of assert * fix make on srcdir != builddir - Update to 0.6.2.1: * preserve key order in cjose_header_get_raw as well * fix a memory leak in cjose_jws_import() for invalid JWS * don't use STACK_ALLOC in cjose_concatkdf_derive - Update to 0.6.2.0: * add support for A128GCM and A192GCM encryption * extract cjose_jwe_encrypt_iv to allow explicit IV * allow compilation against OpenSSL 3 with #define OPENSSL_API_COMPAT 0x10000000L * cleanup some warnings about \param lines in header files * preserve key order in order to be able to compare serialized JWTs * minor updates for conformance * check that JWE object has any CEK at all, return error if it doesn't * fix double free on decrypt ek rsa padding failure * replace calls to free() with cjose_get_dealloc() in _cjose_jws_build_hdr * fix buffer overflow in test_cjose_jwe_multiple_recipients * use fixed size of IV size of 16 bytes for AES-CBC * fix memory leak already addressed in cjose_jws_build_dig_sha when a JWS is reused for validation * compile against older versions of check * rename free() to free_func() in struct key_fntable for memory leak detectors * check result of cek = cjose_get_alloc()(cek_len) in jwe.c - Fix CVE-2023-37464, AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag, bsc#1213385 - Remove unneeded patches: * cjose-0.6.1-concatkdf.patch * cjose-ck_assert_bin_eq.patch
Comments 2
curious about how you built this for 42.3, I have warnings/errors regarding unsupported "#pragma GCC" entries in the tests
Yes, there are these warnings (but no errors) as well. It seems that gcc just doesn't support options used in pragmas here. Feel free to report it to upstream :)