head 1.2; access; symbols pkgsrc-2026Q1:1.1.0.20 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.18 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.16 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.14 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.12 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.10 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.8 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.6 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.4 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.2 pkgsrc-2023Q4-base:1.1; locks; strict; comment @ * @; 1.2 date 2026.06.13.10.02.33; author markd; state dead; branches; next 1.1; commitid RRbPskgJPdukBCJG; 1.1 date 2023.11.12.16.50.10; author rillig; state Exp; branches; next ; commitid qr5p0Ajw00a8elME; desc @@ 1.2 log @cjose: update to 0.6.2.6 0.6.2.6 * **Security fix**: AES-CBC-HMAC JWE encryption used an all-zero content-encryption key. `_cjose_jwe_set_cek_aes_cbc` inverted the "random" flag and zero-filled the CEK instead of generating it from `RAND_bytes`. Every JWE produced with an AES-CBC-HMAC `enc` (A128CBC-HS256 / A192CBC-HS384 / A256CBC-HS512) combined with a non-`dir` key-management `alg` (A128/192/256KW, RSA-OAEP, RSA1_5) was encrypted and authenticated under an all-zero key, breaking confidentiality and integrity for those ciphertexts. The `dir` algorithm and all AES-GCM `enc` values were not affected. Adds a regression test. * Additional hardening from a security audit of `jwe.c` / `jwk.c` / `jws.c`: * Fix EVP_CIPHER_CTX leak in AES-CBC content encryption on authentication-tag failure * Avoid NULL dereference of the optional `cjose_err` in ECDH-ES key decryption * Use a constant-time comparison for the multi-recipient CEK consistency check * Cleanse private key material (RSA/EC/oct) on JWK import and export, and fix a leak of the base64url buffer in EC private-key export * Check the ephemeral-key allocation in ECDH key derivation * Use integer arithmetic (instead of floating-point) for the base64url length check on imported JWK fields * Harden JWS EC signature reconstruction against allocation failures (NULL checks on ECDSA_SIG_new and BN_new) * Enforce the RFC 7518 minimum HMAC key length (key >= hash size) for JWS sign/verify 0.6.2.5 * Fix heap buffer overflow in AES key unwrap by validating the encrypted_key length before AES_unwrap_key * Fix functions that rely on nonportable malloc behaviour * Merge fixes from cisco/cjose * Check ECDH secret allocation result * Check base64 decode length bounds * Guard JWK retain count overflow * Enforce JOSE IV lengths * Check JOSE algorithms against key types * Validate critical JOSE headers * Cleanse sensitive buffers before release * Guard JWE buffer length calculations * Use OpenSSL constant-time comparisons * Validate EC inputs before key agreement * Fix JWS import allocation handling 0.6.2.4 * fix memory leak in ECDH-ES JWE encryption/decryption * fix rsa_q = NULL initialization in _RSA_private_fields * fix memory allocation check (typo) in jwk.c * fix gcc10 errors for -Werror=ignored-qualifiers and remove unused includes * re-generate automake/autoconf files with automake v1.17 and libtool v2.5.4 0.6.2.3 * disable RSA PKCS 1.5 by default * avoid using empty prototypes; support Clang 15 and XCode 14.3 * build shared library on Cygwin by adding -no-undefined to LDFLAGS @ text @$NetBSD: patch-concatkdf.c,v 1.1 2023/11/12 16:50:10 rillig Exp $ Fix build on NetBSD. --- src/concatkdf.c.orig 2023-08-22 12:18:03.202602223 +0200 +++ src/concatkdf.c 2023-08-22 12:17:49.008381386 +0200 @@@@ -12,8 +12,12 @@@@ #include #else #include +#ifdef __NetBSD__ +#include +#else #include #endif +#endif #include #include #include @ 1.1 log @textproc/cjose: fix CVS keyword expansion in patch file @ text @d1 1 a1 1 $NetBSD$ @