Summary: | sysutils/qtpass: Update to 1.2.1 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Anne Jan Brouwer <brouwer> | ||||||
Component: | Individual Port(s) | Assignee: | Yuri Victorovich <yuri> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Only Me | CC: | rm, yuri | ||||||
Priority: | --- | Flags: | rm:
maintainer-feedback+
|
||||||
Version: | Latest | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
The way QtPass prior to 1.2.1 generates passwords is insecure. --- All passwords generated with QtPass's built-in password generator are possibly predictable and enumerable by hackers. The generator used libc's random(), seeded with srand(msecs), where msecs is not the msecs since 1970 (not that that'd be secure anyway), but rather the msecs since the last second. This means there are only 1000 different sequences of generated passwords. All passwords that have been generated with QtPass prior to 1.2.1 should be regenerated and changed. * Insecure password generation #338 #342 * Version 1.2.0 leaks passwords #334 * When importing settings from 1.1.5 or older clipboard settings revert to No Clipboard #232 * Add Catalan translation #336 (rbuj) Comment on attachment 189966 [details]
patch from 1.1.6 to 1.2.1
Tested with portlint and poudriere
Comment on attachment 189966 [details]
patch from 1.1.6 to 1.2.1
Index: Makefile
===================================================================
--- Makefile (revision 459655)
+++ Makefile (working copy)
@@ -1,8 +1,7 @@
# $FreeBSD$
PORTNAME= qtpass
-PORTVERSION= 1.1.6
-PORTREVISION= 1
+PORTVERSION= 1.2.1
DISTVERSIONPREFIX=v
CATEGORIES= sysutils
@@ -19,7 +18,7 @@
GH_ACCOUNT= IJhack
GH_PROJECT= QtPass
-USE_QT5= buildtools_build core gui linguisttools_build network widgets
+USE_QT5= buildtools_build core gui linguisttools_build network widgets testlib
USE_GL= gl
PLIST_FILES= bin/qtpass \
Index: distinfo
===================================================================
--- distinfo (revision 459655)
+++ distinfo (working copy)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1483466358
-SHA256 (IJhack-QtPass-v1.1.6_GH0.tar.gz) = d24d95de129ce716b9b0fde6114407f860ce8c77106bd0ee6a12e8e4e0deb42b
-SIZE (IJhack-QtPass-v1.1.6_GH0.tar.gz) = 325329
+TIMESTAMP = 1516634686
+SHA256 (IJhack-QtPass-v1.2.1_GH0.tar.gz) = f2aa1a54ed273546aab8933e560218b7b59f7f07000d93c018ec8d6ccdedcd5d
+SIZE (IJhack-QtPass-v1.2.1_GH0.tar.gz) = 361147
Created attachment 189968 [details]
Patch from 1.1.6 to 1.2.1 (now with added testlib)
I'll take it. Hello, qtpass doesn't package with the latest patch: ====> Compressing man pages (compress-man) =========================================================================== ====> Running Q/A tests (stage-qa) ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: %%QT_TESTDIR%%/qtpass/util/tst_util ===> Checking for items in pkg-plist which are not in STAGEDIR ===> Error: Plist issues found. *** Error code 1 So or fix pkg-plist or remove the testlib component. And please do not include the windows carriage return chars into your patches - patch fails to apply with them inside: Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: Makefile |=================================================================== |--- Makefile (revision 459655) |+++ Makefile (working copy) -------------------------- Patching file Makefile using Plan A... patch: **** malformed patch at line 6: # $FreeBSD$ Thank you! I'll look into making it possible to disable `testlib` (currently not working from base source) > And please do not include the windows carriage return chars into your patches That must have been my `svn diff | mail diff@annejan.com` command, will take care of removing them next round. Great, looking forward to updated patch. Thank you! Hello, any news on this one? Back to the pool. Committed with small changes. Thank you for your update! A commit references this bug: Author: yuri Date: Thu Feb 22 07:07:10 UTC 2018 New revision: 462563 URL: https://svnweb.freebsd.org/changeset/ports/462563 Log: sysutils/qtpass: Update to 1.2.1 Changelog: https://github.com/IJHack/QtPass/blob/master/CHANGELOG.md Additional port changes: * Changed to DISTVERSION * Added to and sorted USE_QT5 PR: 225379 Submitted by: Anne Jan Brouwer <brouwer@annejan.com> (maintainer) Approved by: tcberner (mentor, implicit) Changes: head/sysutils/qtpass/Makefile head/sysutils/qtpass/distinfo |
Created attachment 189966 [details] patch from 1.1.6 to 1.2.1