New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

kbpgp

Package Overview
Dependencies
Maintainers
3
Versions
170
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

kbpgp - npm Package Compare versions

Comparing version 2.0.60 to 2.0.61

test-stamp

5

CHANGELOG.md

@@ -0,1 +1,6 @@

## 2.0.61 (2016-12-12)
Security Bugfix:
- Handle key_revocation signatures on primaries, which were previously being ignored.
## 2.0.60 (2016-12-7)

@@ -2,0 +7,0 @@

29

lib/openpgp/packet/signature.js
// Generated by IcedCoffeeScript 108.0.11
(function() {
var C, CreationTime, EmbeddedSignature, Experimental, ExpirationTime, Exportable, Features, Issuer, IssuerFingerprint, KeyExpirationTime, KeyFlags, KeyServerPreferences, NotationData, Packet, Parser, PolicyURI, Preference, PreferredCompressionAlgorithms, PreferredHashAlgorithms, PreferredKeyServer, PreferredSymmetricAlgorithms, PrimaryUserId, ReasonForRevocation, RegularExpression, Revocable, RevocationKey, S, SHA1, SHA512, Signature, SignatureTarget, Signature_v2, Signature_v2_or_v3, Signature_v3, SignersUserID, SlicerBuffer, SubPacket, Time, Trust, alloc_or_throw, assert, asymmetric, encode_length, iced, make_esc, make_time_packet, packetsigs, uint_to_buffer, unix_time, util, __iced_k, __iced_k_noop, _ref, _ref1, _ref2,
var C, CreationTime, EmbeddedSignature, Experimental, ExpirationTime, Exportable, Features, Issuer, IssuerFingerprint, KeyExpirationTime, KeyFlags, KeyServerPreferences, NotationData, Packet, Parser, PolicyURI, Preference, PreferredCompressionAlgorithms, PreferredHashAlgorithms, PreferredKeyServer, PreferredSymmetricAlgorithms, PrimaryUserId, ReasonForRevocation, RegularExpression, Revocable, RevocationKey, S, SHA1, SHA512, Signature, SignatureTarget, Signature_v2, Signature_v2_or_v3, Signature_v3, SignersUserID, SlicerBuffer, SubPacket, Time, Trust, alloc_or_throw, assert, asymmetric, bufeq_secure, encode_length, iced, make_esc, make_time_packet, packetsigs, uint_to_buffer, unix_time, util, __iced_k, __iced_k_noop, _ref, _ref1, _ref2,
__hasProp = {}.hasOwnProperty,

@@ -18,3 +18,3 @@ __extends = function(child, parent) { for (var key in parent) { if (__hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; };

_ref1 = require('../../util'), unix_time = _ref1.unix_time, uint_to_buffer = _ref1.uint_to_buffer;
_ref1 = require('../../util'), unix_time = _ref1.unix_time, uint_to_buffer = _ref1.uint_to_buffer, bufeq_secure = _ref1.bufeq_secure;

@@ -451,3 +451,3 @@ _ref2 = require('../../hash'), alloc_or_throw = _ref2.alloc_or_throw, SHA512 = _ref2.SHA512, SHA1 = _ref2.SHA1;

Signature.prototype._verify = function(data_packets, cb, opts) {
var SKB, T, buffers, d, data, dp, err, hvalue, key_expiration, n, packets, payload, ps, sig, sig_expiration, subkey, user_attribute, userid, ___iced_passed_deferral, __iced_deferrals, __iced_k;
var SKB, T, buffers, d, data, dp, err, hvalue, iki, key_expiration, n, packets, payload, ps, sig, sig_expiration, subkey, user_attribute, userid, ___iced_passed_deferral, __iced_deferrals, __iced_k;
__iced_k = __iced_k_noop;

@@ -468,4 +468,5 @@ ___iced_passed_deferral = iced.findDeferral(arguments);

case T.certificate_revocation:
if ((n = data_packets.length) !== 1) {
err = new Error("Only expecting one UserID-style packet in a self-sig (got " + n + ")");
case T.key_revocation:
if ((n = data_packets.length) > 1) {
err = new Error("Only expecting one (or no) UserID-style packet(s) in a self-sig (got " + n + ")");
return [];

@@ -611,2 +612,10 @@ } else {

subkey.mark_revoked(sig);
break;
case T.key_revocation:
if (_this.issuer_matches_key(_this.primary)) {
_this.primary.mark_revoked(sig);
} else {
iki = _this.get_issuer_key_id();
err = new Error("can't revoke key ID " + (iki.toString('hex')) + " (!= " + (_this.primary.get_key_id().toString('hex')) + ")");
}
}

@@ -623,2 +632,12 @@ }

Signature.prototype.issuer_matches_key = function(key) {
var fp;
if ((fp = this.get_issuer_fingerprint()) != null) {
if (!bufeq_secure(fp, this.primary.get_fingerprint())) {
return false;
}
}
return bufeq_secure(this.get_issuer_key_id(), this.primary.get_key_id());
};
Signature.prototype.when_generated = function() {

@@ -625,0 +644,0 @@ var _ref3;

2

package.json

@@ -10,3 +10,3 @@ {

"author": "Maxwell Krohn",
"version": "2.0.60",
"version": "2.0.61",
"license": "BSD-3-Clause",

@@ -13,0 +13,0 @@ "main": "./lib/main.js",

build-stamp

Sorry, the diff of this file is not supported yet

src/openpgp/packet/signature.iced

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc