Download raw body.
Update devel/cjose
Hi,
devel/cjose fixed some issues some hours ago.
https://github.com/cisco/cjose/commits/master
I understand the tree is locked. I'll commit this after the lock is
released.
* * *
Update devel/cjose to db7d26ef2bd02572128c7cdaa4066f39af2b42da
51e8a23 Update function prototypes for current toolchains
b87064a Check ECDH secret allocation result
f4d65be Check base64 decode length bounds
b0c9a10 Guard JWK retain count overflow
bb9ef93 Enforce JOSE IV lengths
1ecb145 Check JOSE algorithms against key types
1daa23d Validate critical JOSE headers
f4106a7 Cleanse sensitive buffers before release
87537b6 Guard JWE buffer length calculations
e3113b5 Use OpenSSL constant-time comparisons
7881496 Validate EC inputs before key agreement
f12e1c5 Fix JWS import allocation handling
Index: Makefile
===================================================================
RCS file: /disk/cvs/openbsd/ports/devel/cjose/Makefile,v
diff -u -p -r1.7 Makefile
--- Makefile 9 Mar 2025 16:02:56 -0000 1.7
+++ Makefile 27 Apr 2026 23:33:13 -0000
@@ -1,9 +1,12 @@
COMMENT = Javascript Object Signing and Encryption library
+V = 0.6.1
+DISTNAME = ${GH_PROJECT}-${V}
+
GH_ACCOUNT = cisco
GH_PROJECT = cjose
-GH_TAGNAME = 0.6.1
-REVISION = 2
+GH_COMMIT = db7d26ef2bd02572128c7cdaa4066f39af2b42da
+REVISION = 3
SHARED_LIBS = cjose 0.0
Index: distinfo
===================================================================
RCS file: /disk/cvs/openbsd/ports/devel/cjose/distinfo,v
diff -u -p -r1.1.1.1 distinfo
--- distinfo 30 Jan 2019 07:58:19 -0000 1.1.1.1
+++ distinfo 27 Apr 2026 23:33:13 -0000
@@ -1,2 +1,2 @@
-SHA256 (cjose-0.6.1.tar.gz) = II6qD6YWtEpx2KoVXECxTHydD6K7kdFAiCRSDS/BtN0=
-SIZE (cjose-0.6.1.tar.gz) = 1586963
+SHA256 (cjose-0.6.1-db7d26ef.tar.gz) = //HJclJXJ+FzA9MPOKEDuDlSKhXA7yOshIXgkdu6UNM=
+SIZE (cjose-0.6.1-db7d26ef.tar.gz) = 1589696
Index: patches/patch-src_Makefile_am
===================================================================
RCS file: /disk/cvs/openbsd/ports/devel/cjose/patches/patch-src_Makefile_am,v
diff -u -p -r1.2 patch-src_Makefile_am
--- patches/patch-src_Makefile_am 11 Mar 2022 18:49:49 -0000 1.2
+++ patches/patch-src_Makefile_am 27 Apr 2026 23:33:13 -0000
@@ -1,9 +1,13 @@
Index: src/Makefile.am
--- src/Makefile.am.orig
+++ src/Makefile.am
-@@ -1,4 +1,4 @@
+@@ -1,7 +1,7 @@
-AM_CFLAGS =-std=gnu99 --pedantic -Wall -Werror -g -O2 -I$(top_builddir)/include
+AM_CFLAGS =-std=gnu99 --pedantic -Wall -I$(top_builddir)/include
lib_LTLIBRARIES=libcjose.la
- libcjose_la_CPPFLAGS= -I$(topdir)/include
+-libcjose_la_CPPFLAGS= -I$(topdir)/include
++libcjose_la_CPPFLAGS= -I$(top_builddir)/include
+ libcjose_la_LDFLAGS= -lm
+ libcjose_la_SOURCES=version.c \
+ util.c \
Index: patches/patch-src_concatkdf_c
===================================================================
RCS file: patches/patch-src_concatkdf_c
diff -N patches/patch-src_concatkdf_c
--- patches/patch-src_concatkdf_c 11 Mar 2022 18:49:49 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-Index: src/concatkdf.c
---- src/concatkdf.c.orig
-+++ src/concatkdf.c
-@@ -16,15 +16,9 @@
- ////////////////////////////////////////////////////////////////////////////////
- static uint8_t *_apply_uint32(const uint32_t value, uint8_t *buffer)
- {
-- const uint32_t formatted = htonl(value);
-- const uint8_t data[4] = {
-- (formatted >> 0) & 0xff,
-- (formatted >> 8) & 0xff,
-- (formatted >> 16) & 0xff,
-- (formatted >> 24) & 0xff
-- };
-- memcpy(buffer, data, 4);
-+ const uint32_t big_endian_int32 = htonl(value);
-
-+ memcpy(buffer, &big_endian_int32, 4);
- return buffer + 4;
- }
-
Index: patches/patch-src_jws_c
===================================================================
RCS file: /disk/cvs/openbsd/ports/devel/cjose/patches/patch-src_jws_c,v
diff -u -p -r1.2 patch-src_jws_c
--- patches/patch-src_jws_c 11 Mar 2022 18:49:49 -0000 1.2
+++ patches/patch-src_jws_c 27 Apr 2026 23:33:13 -0000
@@ -1,8 +1,8 @@
Index: src/jws.c
--- src/jws.c.orig
+++ src/jws.c
-@@ -171,6 +171,12 @@ static bool _cjose_jws_build_dig_sha(cjose_jws_t *jws,
- goto _cjose_jws_build_dig_sha_cleanup;
+@@ -192,6 +192,12 @@ static bool _cjose_jws_build_dig_sha(cjose_jws_t *jws,
+ jws->dig = NULL;
}
+ if (NULL != jws->dig)
Index: patches/patch-test_check_concatkdf_c
===================================================================
RCS file: patches/patch-test_check_concatkdf_c
diff -N patches/patch-test_check_concatkdf_c
--- patches/patch-test_check_concatkdf_c 11 Mar 2022 18:49:49 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-Index: test/check_concatkdf.c
---- test/check_concatkdf.c.orig
-+++ test/check_concatkdf.c
-@@ -60,14 +60,9 @@ _create_otherinfo_header_finish:
-
- static bool _cmp_uint32(uint8_t **actual, uint32_t expected)
- {
-- uint32_t value = htonl(expected);
-- uint8_t expectedData[] = {
-- (value >> 0) & 0xff,
-- (value >> 8) & 0xff,
-- (value >> 16) & 0xff,
-- (value >> 24) & 0xff
-- };
-- bool result = (0 == memcmp(*actual, expectedData, 4));
-+ uint32_t big_endian_int32 = htonl(expected);
-+
-+ bool result = (0 == memcmp(*actual, &big_endian_int32, 4));
- (*actual) += 4;
- return result;
- }
Update devel/cjose