[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1109009: marked as done (unblock: rust-sequoia-octopus-librnp/1.11.1-1)

Your message dated Thu, 10 Jul 2025 11:42:30 +0000
with message-id <E1uZpfa-00EDrb-2a@respighi.debian.org>
and subject line unblock rust-sequoia-octopus-librnp
has caused the Debian Bug report #1109009,
regarding unblock: rust-sequoia-octopus-librnp/1.11.1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1109009: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109009
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package rust-sequoia-octopus-librnp.

[ Reason ]
It fixes a remote denial of service attack, see #1109001.

[ Impact ]
a thunderbird user can be DOSed with an email.

[ Tests ]
upstream CI tests, the package only has smoke autopkgtests atm.

[ Risks ]
not really, surely this could introduce some bug, but that would be
limited to it's users.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
There's quite some noise from debcargo in the diff, apologies for that. debian/patches
is unchanged (just refreshed), the changes are only in src/

$ debdiff rust-sequoia-octopus-librnp_1.11.0-1.dsc rust-sequoia-octopus-librnp_1.11.1-1.dsc|diffstat
 .cargo_vcs_info.json               |    2 +-
 Cargo.lock                         |   35 ++++++++++++++++++++++++-----------
 Cargo.toml                         |   16 +++++++++++++---
 Cargo.toml.orig                    |   13 +++++++++++--
 debian/changelog                   |    8 ++++++++
 debian/control                     |    2 +-
 debian/control.debcargo.hint       |   14 +++++++-------
 debian/patches/drop-windows.patch  |   10 +++++++++-
 debian/tests/control.debcargo.hint |   28 ++++++++++++++--------------
 src/dump_packets.rs                |   10 +++++++++-
 src/dump_packets/dump.rs           |   53 +++++++++++++++++++++++++++++++++++++++++++++++++++--
 src/lib.rs                         |   38 +++++++++++++++++++++++++++++++-------
 12 files changed, 179 insertions(+), 50 deletions(-)

& thanks for your work on trixie!

unblock rust-sequoia-octopus-librnp/1.11.1-1


-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Never waste a crisis.

diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.lock rust-sequoia-octopus-librnp-1.11.1/Cargo.lock
--- rust-sequoia-octopus-librnp-1.11.0/Cargo.lock	1970-01-01 01:00:01.000000000 +0100
+++ rust-sequoia-octopus-librnp-1.11.1/Cargo.lock	1970-01-01 01:00:01.000000000 +0100
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "addr2line"
@@ -482,9 +482,9 @@
 
 [[package]]
 name = "crossbeam-channel"
-version = "0.5.14"
+version = "0.5.15"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"
+checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2"
 dependencies = [
  "crossbeam-utils",
 ]
@@ -1576,6 +1576,17 @@
 ]
 
 [[package]]
+name = "io-uring"
+version = "0.7.8"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "b86e202f00093dcba4275d4636b93ef9dd75d025ae560d2521b45ea28ab49013"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "libc",
+]
+
+[[package]]
 name = "ipconfig"
 version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -2081,9 +2092,9 @@
 
 [[package]]
 name = "openssl"
-version = "0.10.71"
+version = "0.10.73"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "5e14130c6a98cd258fdcb0fb6d744152343ff729cbfcb28c656a9d12b999fbcd"
+checksum = "8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -2113,9 +2124,9 @@
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.106"
+version = "0.9.109"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "8bb61ea9811cc39e3c2069f40b8b8e2e70d8569b361f879786cc7ed48b777cdd"
+checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571"
 dependencies = [
  "cc",
  "libc",
@@ -2747,7 +2758,7 @@
 
 [[package]]
 name = "sequoia-octopus-librnp"
-version = "1.11.0"
+version = "1.11.1"
 dependencies = [
  "anyhow",
  "chrono",
@@ -2771,7 +2782,7 @@
  "serde",
  "serde_json",
  "tempfile",
- "thiserror 2.0.12",
+ "thiserror 1.0.69",
  "tokio",
  "vergen",
 ]
@@ -3223,15 +3234,17 @@
 
 [[package]]
 name = "tokio"
-version = "1.44.0"
+version = "1.46.1"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "9975ea0f48b5aa3972bf2d888c238182458437cc2a19374b81b25cdf1023fb3a"
+checksum = "0cc3a2344dafbe23a245241fe8b09735b521110d30fcefbbd5feb1797ca35d17"
 dependencies = [
  "backtrace",
  "bytes",
+ "io-uring",
  "libc",
  "mio",
  "pin-project-lite",
+ "slab",
  "socket2",
  "tokio-macros",
  "windows-sys 0.52.0",
diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.toml rust-sequoia-octopus-librnp-1.11.1/Cargo.toml
--- rust-sequoia-octopus-librnp-1.11.0/Cargo.toml	1970-01-01 01:00:01.000000000 +0100
+++ rust-sequoia-octopus-librnp-1.11.1/Cargo.toml	1970-01-01 01:00:01.000000000 +0100
@@ -11,9 +11,9 @@
 
 [package]
 edition = "2021"
-rust-version = "1.79"
+rust-version = "1.85"
 name = "sequoia-octopus-librnp"
-version = "1.11.0"
+version = "1.11.1"
 authors = [
     "Justus Winter <justus@sequoia-pgp.org>",
     "Neal H. Walfield <neal@sequoia-pgp.org>",
@@ -165,7 +165,9 @@
 [dependencies.tokio]
 version = "1"
 
-[build-dependencies.vergen]
+[build-dependencies]
+
+[target."cfg(not(windows))".build-dependencies.vergen]
 version = "8"
 features = [
     "git",
@@ -176,3 +178,11 @@
 [target."cfg(windows)".dependencies.rusqlite]
 version = ">=0.24, <0.32"
 features = ["bundled"]
+
+[target."cfg(windows)".build-dependencies.vergen]
+version = "8"
+features = [
+    "git",
+    "gitcl",
+]
+default-features = false
diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.toml.orig rust-sequoia-octopus-librnp-1.11.1/Cargo.toml.orig
--- rust-sequoia-octopus-librnp-1.11.0/Cargo.toml.orig	2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/Cargo.toml.orig	2006-07-24 03:21:28.000000000 +0200
@@ -1,7 +1,7 @@
 [package]
 name = "sequoia-octopus-librnp"
 description = "Reimplementation of RNP's interface using Sequoia for use with Thunderbird"
-version = "1.11.0"
+version = "1.11.1"
 authors = [
     "Justus Winter <justus@sequoia-pgp.org>",
     "Neal H. Walfield <neal@sequoia-pgp.org>",
@@ -16,7 +16,7 @@
 license = "LGPL-2.0-or-later"
 edition = "2021"
 build = "build.rs"
-rust-version = "1.79"
+rust-version = "1.85"
 
 [badges]
 gitlab = { repository = "sequoia-pgp/sequoia-octopus-librnp" }
@@ -52,6 +52,15 @@
 rusqlite = { version = ">=0.24, <0.32", features = ["bundled"] }
 
 [build-dependencies]
+
+[target.'cfg(windows)'.build-dependencies]
+# Use the git command line tool to get the version.
+# https://docs.rs/vergen/8.3.2/vergen/index.html
+vergen = { version = "8", default-features = false, features = ["git", "gitcl"] }
+
+[target.'cfg(not(windows))'.build-dependencies]
+# Use the git library to get the version.
+# https://docs.rs/vergen/8.3.2/vergen/index.html
 vergen = { version = "8", default-features = false, features = ["git", "git2"] }
 
 [lib]
diff -Nru rust-sequoia-octopus-librnp-1.11.0/.cargo_vcs_info.json rust-sequoia-octopus-librnp-1.11.1/.cargo_vcs_info.json
--- rust-sequoia-octopus-librnp-1.11.0/.cargo_vcs_info.json	1970-01-01 01:00:01.000000000 +0100
+++ rust-sequoia-octopus-librnp-1.11.1/.cargo_vcs_info.json	1970-01-01 01:00:01.000000000 +0100
@@ -1,6 +1,6 @@
 {
   "git": {
-    "sha1": "1064b5d4771a4c6f958d57276e799a6401b8b3fa"
+    "sha1": "2c903a4df4366ba3bbfcccd29cca68fe67735b8f"
   },
   "path_in_vcs": ""
 }
\ Kein Zeilenumbruch am Dateiende.
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/changelog rust-sequoia-octopus-librnp-1.11.1/debian/changelog
--- rust-sequoia-octopus-librnp-1.11.0/debian/changelog	2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/changelog	2025-07-09 14:49:09.000000000 +0200
@@ -1,3 +1,11 @@
+rust-sequoia-octopus-librnp (1.11.1-1) unstable; urgency=medium
+
+  * Package sequoia-octopus-librnp 1.11.1 from crates.io using debcargo 2.7.8
+    - Closes: #1109001.
+    - refresh patches.
+
+ -- Holger Levsen <holger@debian.org>  Wed, 09 Jul 2025 14:49:09 +0200
+
 rust-sequoia-octopus-librnp (1.11.0-1) unstable; urgency=medium
 
   * Package sequoia-octopus-librnp 1.11.0 from crates.io using debcargo 2.7.8
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/control rust-sequoia-octopus-librnp-1.11.1/debian/control
--- rust-sequoia-octopus-librnp-1.11.0/debian/control	2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/control	2025-07-09 14:49:09.000000000 +0200
@@ -4,7 +4,7 @@
 Build-Depends: debhelper-compat (= 13),
  dh-sequence-cargo
 Build-Depends-Arch: cargo:native <!nocheck>,
- rustc:native (>= 1.79) <!nocheck>,
+ rustc:native (>= 1.85) <!nocheck>,
  libstd-rust-dev <!nocheck>,
  librust-anyhow-1+default-dev <!nocheck>,
  librust-buffered-reader-1+default-dev <!nocheck>,
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/control.debcargo.hint rust-sequoia-octopus-librnp-1.11.1/debian/control.debcargo.hint
--- rust-sequoia-octopus-librnp-1.11.0/debian/control.debcargo.hint	2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/control.debcargo.hint	2025-07-09 14:49:09.000000000 +0200
@@ -4,7 +4,7 @@
 Build-Depends: debhelper-compat (= 13),
  dh-sequence-cargo
 Build-Depends-Arch: cargo:native <!nocheck>,
- rustc:native (>= 1.79) <!nocheck>,
+ rustc:native (>= 1.85) <!nocheck>,
  libstd-rust-dev <!nocheck>,
  librust-anyhow-1+default-dev <!nocheck>,
  librust-chrono-0.4+default-dev <!nocheck>,
@@ -108,11 +108,11 @@
  librust-sequoia-octopus-librnp-1.11+crypto-nettle-dev (= ${binary:Version}),
  librust-sequoia-octopus-librnp-1.11+crypto-openssl-dev (= ${binary:Version}),
  librust-sequoia-octopus-librnp-1.11+default-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-botan-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-botan2-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-nettle-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-openssl-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+default-dev (= ${binary:Version})
+ librust-sequoia-octopus-librnp-1.11.1-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-botan-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-botan2-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-nettle-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-openssl-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+default-dev (= ${binary:Version})
 Description: Reimplementation of librnp for Thunderbird by Sequoia - Rust source code
  Source code for Debianized Rust crate "sequoia-octopus-librnp"
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/patches/drop-windows.patch rust-sequoia-octopus-librnp-1.11.1/debian/patches/drop-windows.patch
--- rust-sequoia-octopus-librnp-1.11.0/debian/patches/drop-windows.patch	2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/patches/drop-windows.patch	2025-07-09 14:49:09.000000000 +0200
@@ -8,7 +8,7 @@
 ===================================================================
 --- sequoia-octopus-librnp.orig/Cargo.toml
 +++ sequoia-octopus-librnp/Cargo.toml
-@@ -172,7 +172,3 @@ features = [
+@@ -174,15 +174,3 @@ features = [
      "git2",
  ]
  default-features = false
@@ -16,3 +16,11 @@
 -[target."cfg(windows)".dependencies.rusqlite]
 -version = ">=0.24, <0.32"
 -features = ["bundled"]
+-
+-[target."cfg(windows)".build-dependencies.vergen]
+-version = "8"
+-features = [
+-    "git",
+-    "gitcl",
+-]
+-default-features = false
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/tests/control.debcargo.hint rust-sequoia-octopus-librnp-1.11.1/debian/tests/control.debcargo.hint
--- rust-sequoia-octopus-librnp-1.11.0/debian/tests/control.debcargo.hint	2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/tests/control.debcargo.hint	2025-07-09 14:49:09.000000000 +0200
@@ -1,34 +1,34 @@
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --all-features
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --all-features
 Features: test-name=rust-sequoia-octopus-librnp:@
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
 
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-botan
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-botan
 Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-botan
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
 
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-botan2
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-botan2
 Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-botan2
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
 
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-nettle
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-nettle
 Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-nettle
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
 
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-openssl
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-openssl
 Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-openssl
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
 
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets
 Features: test-name=librust-sequoia-octopus-librnp-dev:default
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
 
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features
 Features: test-name=librust-sequoia-octopus-librnp-dev:
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
 Restrictions: allow-stderr, skip-not-installable
diff -Nru rust-sequoia-octopus-librnp-1.11.0/src/dump_packets/dump.rs rust-sequoia-octopus-librnp-1.11.1/src/dump_packets/dump.rs
--- rust-sequoia-octopus-librnp-1.11.0/src/dump_packets/dump.rs	2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/src/dump_packets/dump.rs	2006-07-24 03:21:28.000000000 +0200
@@ -106,12 +106,20 @@
 #[allow(clippy::redundant_pattern_matching)]
 pub fn dump<W>(input: &mut (dyn io::Read + Sync + Send),
                output: &mut dyn io::Write,
+               max_decompressed_literal_data: Option<usize>,
                mpis: bool, hex: bool,
                sk: Option<&SessionKey>,
                width: W)
                -> Result<Kind>
     where W: Into<Option<usize>>
 {
+    rnp_function!(dump, crate::TRACE);
+
+    // If no limit is supplied, stop after 100 MB.
+    let max_decompressed_literal_data
+        = max_decompressed_literal_data.unwrap_or(100 * 1024 * 1024);
+    let mut saw_decompression_packet = false;
+
     let mut ppr
         = self::openpgp::parse::PacketParserBuilder::from_reader(input)?;
 
@@ -145,14 +153,55 @@
                 skesks.push(p.clone());
                 vec![]
             },
+            Packet::CompressedData(_) => {
+                t!("Encountered compressed data packet.  \
+                    Activating zip bomb protection.");
+                saw_decompression_packet = true;
+                Vec::new()
+            }
             Packet::Literal(_) => {
                 let mut prefix = vec![0; 40];
                 let n = pp.read(&mut prefix)?;
-                vec![
+                let summary = vec![
                     format!("Content: {:?}{}",
                             String::from_utf8_lossy(&prefix[..n]),
                             if n == prefix.len() { "..." } else { "" }),
-                ]
+                ];
+
+                if saw_decompression_packet {
+                    // Protect against a possible zip bomb.
+                    t!("Zip bomb protection activated.  Will abort after \
+                        reading more than {} bytes of literal data.",
+                       max_decompressed_literal_data);
+
+                    const BUFFER_SIZE: usize = 1024 * 1024;
+                    let mut buffer = vec![0; BUFFER_SIZE];
+                    let mut literal_data_read = prefix.len();
+                    while literal_data_read <= max_decompressed_literal_data {
+                        let remaining
+                            = max_decompressed_literal_data - literal_data_read + 1;
+
+                        let read = pp.read(
+                            &mut buffer[..remaining.min(BUFFER_SIZE)])?;
+                        if read == 0 {
+                            // EOF.
+                            break;
+                        }
+
+                        literal_data_read += read;
+                    }
+                    t!("Read {} bytes of literal data",
+                       literal_data_read);
+
+                    if literal_data_read > max_decompressed_literal_data {
+                        t!("Zip bomb detected");
+                        return Err(crate::Error::BadParameters.into());
+                    } else {
+                        t!("No zip bomb detected");
+                    }
+                }
+
+                summary
             },
             Packet::SEIP(ref s) => {
 		let version = s.version();
diff -Nru rust-sequoia-octopus-librnp-1.11.0/src/dump_packets.rs rust-sequoia-octopus-librnp-1.11.1/src/dump_packets.rs
--- rust-sequoia-octopus-librnp-1.11.0/src/dump_packets.rs	2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/src/dump_packets.rs	2006-07-24 03:21:28.000000000 +0200
@@ -30,7 +30,15 @@
     // Key grips are a proprietary GnuPG extension.  No.
     let _dump_grip = flags & RNP_DUMP_GRIP > 0;
 
-    rnp_try_or!(dump::dump(input, output, dump_mpis, dump_hex, None, None),
+    let max_decompressed_literal_data
+        = if let RnpOutput::Buf((_buf, Some(max))) = output {
+            Some(*max)
+        } else {
+            None
+        };
+
+    rnp_try_or!(dump::dump(input, output, max_decompressed_literal_data,
+                           dump_mpis, dump_hex, None, None),
                 RNP_ERROR_GENERIC);
     rnp_success!()
 }
diff -Nru rust-sequoia-octopus-librnp-1.11.0/src/lib.rs rust-sequoia-octopus-librnp-1.11.1/src/lib.rs
--- rust-sequoia-octopus-librnp-1.11.0/src/lib.rs	2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/src/lib.rs	2006-07-24 03:21:28.000000000 +0200
@@ -32,10 +32,12 @@
         UserID,
     },
     policy::{
+        HashAlgoSecurity,
         NullPolicy,
         StandardPolicy,
     },
     serialize::Serialize,
+    types::HashAlgorithm,
 };
 
 /// Controls tracing.
@@ -169,12 +171,12 @@
     plaintext_cache: recombine::PlaintextCache,
 }
 
-type RnpPasswordCb = unsafe extern fn(*mut RnpContext,
-                                      *mut c_void,
-                                      *const RnpKey,
-                                      *const c_char,
-                                      *mut c_char,
-                                      size_t) -> bool;
+type RnpPasswordCb = unsafe extern "C" fn(*mut RnpContext,
+                                          *mut c_void,
+                                          *const RnpKey,
+                                          *const c_char,
+                                          *mut c_char,
+                                          size_t) -> bool;
 
 #[no_mangle] pub unsafe extern "C"
 fn rnp_ffi_create(ctx: *mut *mut RnpContext,
@@ -252,7 +254,29 @@
     if let Err(e) = policy.parse_default_config() {
         global_warn!("Reading crypto policy: {}", e);
     }
-    let policy = policy.build();
+    let mut policy = policy.build();
+
+    // Thunderbird checks that MD5 and SHA-1 for self-signatures are
+    // disabled and refuses to fully initialize RNP otherwise.  Meet
+    // its expectations.
+
+    let now = std::time::SystemTime::now();
+    for (algo, prop) in [
+        (HashAlgorithm::MD5, HashAlgoSecurity::CollisionResistance),
+        (HashAlgorithm::MD5, HashAlgoSecurity::SecondPreImageResistance),
+        (HashAlgorithm::SHA1, HashAlgoSecurity::CollisionResistance),
+    ]
+    {
+        let cutoff = policy.hash_cutoff(algo, prop);
+        t!("{} for {:?}: {:?}", algo, prop, cutoff);
+        if cutoff.unwrap_or(now) >= now {
+            warn!("Your crypto policy enables {} in contexts where {:?} is \
+                   needed ({:?}).  Unconditionally rejecting it.",
+                  algo, prop, cutoff);
+            policy.reject_hash_property_at(
+                algo, prop, std::time::UNIX_EPOCH);
+        }
+    }
 
     *ctx = Box::into_raw(Box::new(RnpContext {
         policy: Arc::new(RwLock::new(policy)),

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Unblocked rust-sequoia-octopus-librnp.

--- End Message ---
Reply to: