travispaul
Repos
25
Followers
36
Following
71

Automatic conversion of the NetBSD pkgsrc CVS module, use with care

238
79

Work-in-progress packages for pkgsrc, the portable package system from NetBSD [mirror]

54
38

Events

travispaul delete branch TRITON-2327
Created at 1 day ago

TRITON-2327/TRITON-2325 Update sshpk for CVE-2018-3737 and vasync for CVE-2021-3918 (#18)

Reviewed by: Brian Bennett brian.bennett@mnx.io

Created at 1 day ago
TRITON-2327/TRITON-2325 Update sshpk for CVE-2018-3737 and vasync for CVE-2021-3918

Unit tests were failing before attempting the dependcy updates, using a git bisect it appears that they have been failing since 3f0b829a3e8a9e87b95b3e0fded48428b4762da6 that commit also had a failed Travis CI build but sadly the logs are no longer present.

Updating the SHA hash and replacing rsa-sha1 with rsa-sha256 resolves the failing tests.

After updating both sshpk and vasync all tests continue to pass. I also looked for any possible fallout from the vasync v2.0.0 breaking changes but no usage of the impacted functions were encountered. During that review I found that the vasync module was being required in 2 files where it was not being used and I removed the require statements.

Also added MIT license to package.json to silence NPM warnings about lack of license.

make check:

# make check
deps/javascriptlint/build/install/jsl --nologo --nosummary --conf=tools/jsl.node.conf lib/keypair.js lib/kr-agent.js lib/keyring.js lib/krplugin.js lib/kr-file.js lib/errors.js lib/index.js lib/kr-homedir.js
/root/node-smartdc-auth/lib/keypair.js
/root/node-smartdc-auth/lib/kr-agent.js
/root/node-smartdc-auth/lib/keyring.js
/root/node-smartdc-auth/lib/krplugin.js
/root/node-smartdc-auth/lib/kr-file.js
/root/node-smartdc-auth/lib/errors.js
/root/node-smartdc-auth/lib/index.js
/root/node-smartdc-auth/lib/kr-homedir.js
deps/jsstyle/jsstyle -f tools/jsstyle.conf lib/keypair.js lib/kr-agent.js lib/keyring.js lib/krplugin.js lib/kr-file.js lib/errors.js lib/index.js lib/kr-homedir.js
check ok

make test:

# make test
npm install
audited 109 packages in 4.793s
found 0 vulnerabilities

./node_modules/.bin/tape test/*.test.js
TAP version 13
# setup
# agentsigner throws with no agent
ok 1 should throw
# agent setup
# agentsigner with empty agent
ok 2 should be truthy
ok 3 should be truthy
ok 4 should be truthy
ok 5 should be truthy
# agentsigner rsa
ok 6 should be truthy
ok 7 null
ok 8 should be truthy
ok 9 null
ok 10 should be equal
ok 11 should be equal
ok 12 should be equal
ok 13 should be equal
# agentsigner dsa
ok 14 should be truthy
ok 15 null
ok 16 should be truthy
ok 17 null
ok 18 should be equal
ok 19 should be equal
ok 20 should be equal
ok 21 should be truthy
# agentsigner ecdsa + buffer
ok 22 should be truthy
ok 23 null
ok 24 should be truthy
ok 25 null
ok 26 should be equal
ok 27 should be equal
ok 28 should be equal
ok 29 should be truthy
# clisigner with only agent
ok 30 should be truthy
ok 31 should be truthy
ok 32 null
ok 33 should be equal
ok 34 should be equal
ok 35 should be equal
ok 36 should be equal
# generate 40 keys (for TOOLS-1214)
ok 37 should be truthy
ok 38 null
ok 39 null
# cliSigner using agent with lots of keys (TOOLS-1214)
ok 40 should be truthy
ok 41 should be truthy
ok 42 null
ok 43 should be equal
ok 44 should be equal
ok 45 should be equal
ok 46 should be truthy
# agent teardown
ok 47 should be truthy
# setup
ok 48 null
ok 49 null
# loadSSHKey full pair
ok 50 null
ok 51 should be equal
ok 52 should be equal
ok 53 should be equal
# loadSSHKey public only
ok 54 should be truthy
ok 55 should be truthy
# keyring cannot sign
ok 56 should be truthy
ok 57 null
ok 58 should be equal
ok 59 should be truthy
# loadSSHKey private only rsa
ok 60 null
# loadSSHKey private only dsa
ok 61 null
ok 62 should be equal
ok 63 should be equal
# keyring basic
ok 64 null
ok 65 should be truthy
ok 66 should be truthy
# setup encrypted
ok 67 null
# keyring unlock
ok 68 null
ok 69 should be truthy
ok 70 should be truthy
ok 71 should be truthy
# file plugin
ok 72 null
ok 73 should be truthy
ok 74 should be truthy
# loadSSHKey enc-private full pair
ok 75 should be truthy
ok 76 should not be equal
# loadSSHKey enc-private private only
ok 77 should be truthy
# loadSSHKey enc-private other key
ok 78 null
# teardown
# setup fs only
ok 79 null
ok 80 null
# basic cliSigner rsa
ok 81 should be truthy
ok 82 null
ok 83 should be equal
ok 84 should be equal
ok 85 should be equal
ok 86 should be equal
# KeyRing signer rsa
ok 87 null
ok 88 null
ok 89 should be equal
ok 90 should be equal
ok 91 should be equal
ok 92 should be truthy
# KeyRing list keys
ok 93 null
ok 94 should be equal
ok 95 should be equal
ok 96 should be truthy
ok 97 should be equal
ok 98 should be truthy
# requestSigner rsa
ok 99 should be truthy
ok 100 null
ok 101 should be equal
ok 102 should be equal
ok 103 should be equal
ok 104 should be truthy
# requestSigner with premade cliSigner
ok 105 should be truthy
ok 106 should be truthy
ok 107 null
ok 108 should be equal
ok 109 should be equal
ok 110 should be equal
ok 111 should be truthy
# requestSigner with custom signer
ok 112 should be truthy
ok 113 null
ok 114 should be equal
ok 115 should be equal
ok 116 should be equal
ok 117 should be equal
# basic cliSigner dsa
ok 118 should be truthy
ok 119 null
ok 120 should be equal
ok 121 should be equal
ok 122 should be equal
ok 123 should be truthy
# basic cliSigner with algorithm and subuser
ok 124 should be truthy
ok 125 null
ok 126 should be equal
ok 127 should be equal
ok 128 should be equal
ok 129 should be equal
ok 130 should be equal
# cliSigner unknown fp
ok 131 should be truthy
ok 132 should be truthy
ok 133 should be truthy
# cliSigner invalid fp
ok 134 should throw
ok 135 should throw
# teardown

1..135
# tests 135
# pass  135

# ok
Created at 1 day ago
TRITON-2327/TRITON-2325 Update sshpk for CVE-2018-3737 and vasync for CVE-2021-3918

Unit tests were failing before attempting the dependcy updates, using a git bisect it appears that they have been failing since 3f0b829a3e8a9e87b95b3e0fded48428b4762da6 that commit also had a failed Travis CI build but sadly the logs are no longer present.

Updating the SHA hash and replacing rsa-sha1 with rsa-sha256 resolves the failing tests.

After updating both sshpk and vasync all tests continue to pass. I also looked for any possible fallout from the vasync v2.0.0 breaking changes but no usage of the impacted functions were encountered. During that review I found that the vasync module was being required in 2 files where it was not being used and I removed the require statements.

Also added MIT license to package.json to silence NPM warnings about lack of license.

make check:

# make check
deps/javascriptlint/build/install/jsl --nologo --nosummary --conf=tools/jsl.node.conf lib/keypair.js lib/kr-agent.js lib/keyring.js lib/krplugin.js lib/kr-file.js lib/errors.js lib/index.js lib/kr-homedir.js
/root/node-smartdc-auth/lib/keypair.js
/root/node-smartdc-auth/lib/kr-agent.js
/root/node-smartdc-auth/lib/keyring.js
/root/node-smartdc-auth/lib/krplugin.js
/root/node-smartdc-auth/lib/kr-file.js
/root/node-smartdc-auth/lib/errors.js
/root/node-smartdc-auth/lib/index.js
/root/node-smartdc-auth/lib/kr-homedir.js
deps/jsstyle/jsstyle -f tools/jsstyle.conf lib/keypair.js lib/kr-agent.js lib/keyring.js lib/krplugin.js lib/kr-file.js lib/errors.js lib/index.js lib/kr-homedir.js
check ok

make test:

# make test
npm install
audited 109 packages in 4.793s
found 0 vulnerabilities

./node_modules/.bin/tape test/*.test.js
TAP version 13
# setup
# agentsigner throws with no agent
ok 1 should throw
# agent setup
# agentsigner with empty agent
ok 2 should be truthy
ok 3 should be truthy
ok 4 should be truthy
ok 5 should be truthy
# agentsigner rsa
ok 6 should be truthy
ok 7 null
ok 8 should be truthy
ok 9 null
ok 10 should be equal
ok 11 should be equal
ok 12 should be equal
ok 13 should be equal
# agentsigner dsa
ok 14 should be truthy
ok 15 null
ok 16 should be truthy
ok 17 null
ok 18 should be equal
ok 19 should be equal
ok 20 should be equal
ok 21 should be truthy
# agentsigner ecdsa + buffer
ok 22 should be truthy
ok 23 null
ok 24 should be truthy
ok 25 null
ok 26 should be equal
ok 27 should be equal
ok 28 should be equal
ok 29 should be truthy
# clisigner with only agent
ok 30 should be truthy
ok 31 should be truthy
ok 32 null
ok 33 should be equal
ok 34 should be equal
ok 35 should be equal
ok 36 should be equal
# generate 40 keys (for TOOLS-1214)
ok 37 should be truthy
ok 38 null
ok 39 null
# cliSigner using agent with lots of keys (TOOLS-1214)
ok 40 should be truthy
ok 41 should be truthy
ok 42 null
ok 43 should be equal
ok 44 should be equal
ok 45 should be equal
ok 46 should be truthy
# agent teardown
ok 47 should be truthy
# setup
ok 48 null
ok 49 null
# loadSSHKey full pair
ok 50 null
ok 51 should be equal
ok 52 should be equal
ok 53 should be equal
# loadSSHKey public only
ok 54 should be truthy
ok 55 should be truthy
# keyring cannot sign
ok 56 should be truthy
ok 57 null
ok 58 should be equal
ok 59 should be truthy
# loadSSHKey private only rsa
ok 60 null
# loadSSHKey private only dsa
ok 61 null
ok 62 should be equal
ok 63 should be equal
# keyring basic
ok 64 null
ok 65 should be truthy
ok 66 should be truthy
# setup encrypted
ok 67 null
# keyring unlock
ok 68 null
ok 69 should be truthy
ok 70 should be truthy
ok 71 should be truthy
# file plugin
ok 72 null
ok 73 should be truthy
ok 74 should be truthy
# loadSSHKey enc-private full pair
ok 75 should be truthy
ok 76 should not be equal
# loadSSHKey enc-private private only
ok 77 should be truthy
# loadSSHKey enc-private other key
ok 78 null
# teardown
# setup fs only
ok 79 null
ok 80 null
# basic cliSigner rsa
ok 81 should be truthy
ok 82 null
ok 83 should be equal
ok 84 should be equal
ok 85 should be equal
ok 86 should be equal
# KeyRing signer rsa
ok 87 null
ok 88 null
ok 89 should be equal
ok 90 should be equal
ok 91 should be equal
ok 92 should be truthy
# KeyRing list keys
ok 93 null
ok 94 should be equal
ok 95 should be equal
ok 96 should be truthy
ok 97 should be equal
ok 98 should be truthy
# requestSigner rsa
ok 99 should be truthy
ok 100 null
ok 101 should be equal
ok 102 should be equal
ok 103 should be equal
ok 104 should be truthy
# requestSigner with premade cliSigner
ok 105 should be truthy
ok 106 should be truthy
ok 107 null
ok 108 should be equal
ok 109 should be equal
ok 110 should be equal
ok 111 should be truthy
# requestSigner with custom signer
ok 112 should be truthy
ok 113 null
ok 114 should be equal
ok 115 should be equal
ok 116 should be equal
ok 117 should be equal
# basic cliSigner dsa
ok 118 should be truthy
ok 119 null
ok 120 should be equal
ok 121 should be equal
ok 122 should be equal
ok 123 should be truthy
# basic cliSigner with algorithm and subuser
ok 124 should be truthy
ok 125 null
ok 126 should be equal
ok 127 should be equal
ok 128 should be equal
ok 129 should be equal
ok 130 should be equal
# cliSigner unknown fp
ok 131 should be truthy
ok 132 should be truthy
ok 133 should be truthy
# cliSigner invalid fp
ok 134 should throw
ok 135 should throw
# teardown

1..135
# tests 135
# pass  135

# ok
Created at 1 day ago

TRITON-2327/TRITON-2325 Update sshpk for CVE-2018-3737 and vasync for CVE-2021-3918

Created at 1 day ago
travispaul create branch TRITON-2327
Created at 1 day ago
Update hookup guide link

Seems there is no interest in this PR, closing.

Created at 2 days ago
Update hookup guide link
Created at 2 days ago
started
Created at 1 week ago
opened issue
Delete branches after merge

prr should automatically delete branches after merging or provide an option to do so.

Created at 1 week ago
travispaul delete branch TRITON-2221
Created at 1 week ago
travispaul delete branch TRITON-2325
Created at 1 week ago
travispaul delete branch TRITON-2326
Created at 1 week ago
travispaul delete branch TRITON-2327
Created at 1 week ago
travispaul delete branch TRITON-2325
Created at 1 week ago
delete branch
travispaul delete branch TRITON-2325
Created at 1 week ago

TRITON-2327 Update sshpk to 1.13.2 for CVE-2018-3737 (#170)

Reviewed by: Brian Bennett brian.bennett@mnx.io

Created at 1 week ago
pull request closed
TRITON-2327 Update sshpk to 1.13.2 for CVE-2018-3737
Created at 1 week ago

TRITON-2325 - Update aperture to 0.0.4 for CVE-2021-3918 (#22)

Reviewed by: Brian Bennett brian.bennett@mnx.io

Created at 1 week ago
pull request closed
TRITON-2325 - Update aperture to 0.0.4 for CVE-2021-3918
Created at 1 week ago

TRITON-2325 - Update aperture to 0.0.4 for CVE-2021-3918 (#9)

Reviewed by: Brian Bennett brian.bennett@mnx.io

Created at 1 week ago
pull request closed
TRITON-2325 - Update aperture to 0.0.4 for CVE-2021-3918
Created at 1 week ago

Fix URL in package.json

Created at 1 week ago

Prefer inline code block instead of backslash escape of underscores.

Created at 1 week ago
pull request opened
TRITON-2325 - Update aperture to 0.0.4 for CVE-2021-3918
Created at 1 week ago
create branch
travispaul create branch TRITON-2325
Created at 1 week ago
pull request opened
TRITON-2325 - Update aperture to 0.0.4 for CVE-2021-3918
Created at 1 week ago
travispaul create branch TRITON-2325
Created at 1 week ago
pull request opened
TRITON-2327 Update sshpk to 1.13.2 for CVE-2018-3737
Created at 1 week ago

TRITON-2327 Update sshpk to 1.13.2 for CVE-2018-3737

Created at 1 week ago