mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-03 19:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity
905 commits 12 branches 25 tags 4.6 MiB
Commit graph

905 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jack Grigg
650081765f Merge branch 'bugfix-0.6.1' into bugfix-0.7.2 2024-11-18 05:30:01 +00:00
Jack Grigg
5501bb6220 v0.6.1 2024-11-18 05:24:53 +00:00
Jack Grigg
703152ecfa Restrict set of valid characters for plugin names 
Previously, plugin names were allowed to be `1*VCHAR`, which permits
path separators and parent directory syntax. Under certain conditions,
this could cause `rage` to execute a different binary than intended when
launching a plugin.

Plugin names are now restricted to alphanumeric characters or +-._ which
covers all binary names generally observed in practice.
 2024-11-18 04:58:13 +00:00
Jack Grigg
b6c8f06096 Add tests for invalid plugin name chars 2024-11-18 04:41:20 +00:00
str4d
c950780ebc
Merge pull request #281 from str4d/fuzzer-fixes 
Fix panic in `AgeStanza::body`
 2021-12-27 00:56:43 +00:00
Jack Grigg
7a2ff3ad4f v0.7.1 2021-12-27 00:30:42 +00:00
Jack Grigg
a23763cbc3 age-core: Reject last lines in AgeStanza bodies with trailing bits 
If a Base64 line has length 2 or 3 mod 4, there are more bits in the
encoding characters than can be decoded into bytes. RFC 4648 states:

   For example, if the input is only one octet for a base 64 encoding,
   then all six bits of the first symbol are used, but only the first
   two bits of the next symbol are used.  These pad bits MUST be set to
   zero by conforming encoders, which is described in the descriptions
   on padding below.

The `base64` crate enforces this check, but in the 0.7.0 refactor we
forgot to enforce it ourselves.
 2021-12-23 22:12:33 +00:00
Jack Grigg
97ac181d89 age-core: Add more fuzzer crash artifacts as test cases 2021-12-23 22:10:26 +00:00
Jack Grigg
8da15148fc age-core: Reject invalid last lines in AgeStanza bodies 
The length of a Base64 encoding can never be 1 mod 4, because that
only provides six of the eight bits necessary for encoding a byte.
Previously we checked that every line was valid Base64 (which works
because all lines except the last are 64 characters, which exactly
encodes 48 bytes).

In 0.7.0 we improved the parser efficiency by only running the Base64
decoder lazily. We replaced the per-line check with an `is_base64_char`
check, but forgot to reject the invalid subset of last-line lengths.
 2021-12-23 20:57:47 +00:00
Jack Grigg
349b4c31cb age-core: Add test case for fuzzer crash artifact 2021-12-23 20:57:47 +00:00
Jack Grigg
81f91581bf fuzz: Update fuzzer targets for recent changes 2021-12-23 17:01:46 +00:00
str4d
5207877992
Merge pull request #274 from str4d/rage-installation-methods 
Update rage installation methods
 2021-11-26 20:12:57 +00:00
Jack Grigg
c5dcd7bdea rage: Add README note about how to use the feature flags 2021-11-26 20:00:33 +00:00
Jack Grigg
a9fbe500e1 rage: Remove README note about binaries in age crate 
The binaries were moved out of the age crate in 0.3.0 in early 2020, so
we can assume users will find the rage crate now.
 2021-11-26 20:00:33 +00:00
Jack Grigg
29a0dceace rage: Add installation method for openSUSE Tumbleweed 
Closes str4d/rage#210.
 2021-11-26 20:00:33 +00:00
Jack Grigg
65a2e09b2d rage: Merge installation methods into a single table 2021-11-26 19:57:37 +00:00
Jack Grigg
456ce707f6 Update Homebrew formula to v0.7.0 2021-10-18 18:29:32 +01:00
str4d
c93b91484d
Merge pull request #268 from str4d/release-0.7.0 
Release 0.7.0
 2021-10-19 06:11:47 +13:00
Jack Grigg
4c79db3fe0 v0.7.0 2021-10-18 17:52:37 +01:00
Jack Grigg
3e5c7fa85d cargo update fuzz* 2021-10-18 17:52:37 +01:00
Jack Grigg
8507fbc39c Update lockfiles for fuzzers 2021-10-18 17:52:37 +01:00
str4d
d180372094
Merge pull request #269 from str4d/fix-deps 
CI: Add bitrot check to ensure examples and benchmarks still compile
 2021-10-19 05:52:20 +13:00
Jack Grigg
c8670acba9 rage: Pin clap to 3.0.0-beta.2 
clap 3.0.0-beta.4 onwards have MSRV of 1.54, while we currently have
MSRV of 1.51. We only use clap for generating completions, so we can
just pin the version that works for us.
 2021-10-18 17:43:50 +01:00
Jack Grigg
965db3e7d8 CI: Add bitrot check to ensure examples and benchmarks still compile 2021-10-18 17:43:50 +01:00
str4d
e300ad7dfd
Merge pull request #267 from str4d/more-cleanups 
More cleanups
 2021-10-19 02:44:51 +13:00
Jack Grigg
f49fbedb0c console 0.15 2021-10-18 14:31:09 +01:00
Jack Grigg
9e038dedf0 age: Re-export secrecy crate 2021-10-18 14:24:26 +01:00
Jack Grigg
e339d26e36 age-core: Improve crate documentation 2021-10-18 14:24:19 +01:00
Jack Grigg
c7a2e998c6 age-core: Re-export secrecy crate 2021-10-18 14:24:19 +01:00
Jack Grigg
bbe8d518fb age-core: Add plugin::Error enum 2021-10-18 13:13:37 +01:00
Jack Grigg
8bd5eb39e4 cargo update 2021-10-18 12:43:13 +01:00
str4d
013f18130c
Merge pull request #263 from str4d/dependabot/github_actions/codecov/codecov-action-2.1.0 
build(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0
 2021-10-18 06:18:46 +13:00
dependabot[bot]
a7981fc019
build(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.3...v2.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-17 16:54:30 +00:00
str4d
e57f433401
Merge pull request #262 from str4d/crate-cleanups 
Crate cleanups
 2021-10-17 22:13:27 +13:00
Jack Grigg
953cbae716 age: Simplify age::cli_common::read_identities with custom error 2021-10-17 02:23:16 +01:00
Jack Grigg
b29cc2ed80 age: Add age::cli_common::Passphrase::random 2021-10-17 02:03:15 +01:00
Jack Grigg
b4e54854d4 age: Add example to age::localizer method doc 2021-10-17 02:03:15 +01:00
Jack Grigg
36ca0c236e Fix various clippy lints 2021-09-12 19:53:20 +01:00
Jack Grigg
8cf431cd48 age: Add missing doc_cfg annotations 2021-09-12 18:59:52 +01:00
Jack Grigg
a27ce6d880 age: Configure docs.rs to use correct cfg flag 2021-09-12 18:38:33 +01:00
str4d
b095964f5c
Merge pull request #257 from str4d/dependabot/github_actions/actions/upload-artifact-2.2.4 
build(deps): bump actions/upload-artifact from 1 to 2.2.4
 2021-09-12 18:20:36 +01:00
str4d
729d9dada1
Merge pull request #259 from str4d/dependabot/github_actions/codecov/codecov-action-2.0.3 
build(deps): bump codecov/codecov-action from 1.0.3 to 2.0.3
 2021-09-12 02:11:57 +01:00
str4d
da6f044575
Merge pull request #256 from str4d/dependabot/github_actions/svenstaro/upload-release-action-2.2.1 
build(deps): bump svenstaro/upload-release-action from 2.2.0 to 2.2.1
 2021-09-12 01:55:07 +01:00
str4d
6d34306723
CI: Remove Codecov token from CI workflow 
Codecov now works automatically with GitHub Actions.
 2021-09-12 01:53:20 +01:00
dependabot[bot]
d6fc4c7b05
build(deps): bump codecov/codecov-action from 1.0.3 to 2.0.3 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1.0.3 to 2.0.3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1.0.3...v2.0.3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-12 00:49:28 +00:00
dependabot[bot]
88ef7988d7
build(deps): bump actions/upload-artifact from 1 to 2.2.4 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 2.2.4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v2.2.4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-12 00:49:21 +00:00
dependabot[bot]
0af1abbd11
build(deps): bump svenstaro/upload-release-action from 2.2.0 to 2.2.1 
Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/svenstaro/upload-release-action/compare/2.2.0...2.2.1)

---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-12 00:49:19 +00:00
str4d
9c39cd0679
Merge pull request #255 from str4d/ci-dependabot 
CI: Add Dependabot config to keep GitHub Actions up-to-date
 2021-09-12 01:39:21 +01:00
Jack Grigg
4555340d35 CI: Add Dependabot config to keep GitHub Actions up-to-date 2021-09-12 01:36:36 +01:00
str4d
3fd753cb64
Merge pull request #254 from str4d/ci-release-deps 
Updates to release workflow
 2021-09-12 01:34:16 +01:00