v32

Notable Changes

Changed

• Allow overriding the INSTALL Make variable to set the program used instead of install. Thanks to @robert-scheck for the patch.
• Updated sources from upstream OpenBSD and libbsd 0.12.1

Fixed

• Fixed the build with VERIFY_ONLY=1.

SHA-256 Checksum

6dd1b97fd9273d268b70c1be3c2592cbbe1488bca5e45c12c58f8c74362758d5

Checking Signatures

The release tarball can be checked with Signify itself, using the SHA256.sig file and the following public key saved into a signifyportable.pub file:

untrusted comment: Signify portable release signing public key
RWRQFCY809DUoWEHxWmoTNtxph6yUlWNsjfW54PqLI6S3dWfuZN4Ovj1

The signing key is also provided in the signifyportable.pub.asc file, signed with the same PGP key as the tarball, which can be itself verified and extracted using:

gpg --verify -o signifyportable.pub signifyportable.pub.asc

In order to check the package signature with Signify, use the following command:

signify -C -p signifyportable.pub -x SHA256.sig

v31

Changed

• Instead of downloading and building libbsd when the BUNDLED_LIBBSD build option is enabled, the sources now include a copy of the few sources needed.

SHA-256 Checksum

1155fd9eeed4a8aa20476b2333d251953ec5d52338d943a770db5b78dd8d2b74

Checking Signatures

The release tarball can be checked with Signify itself, using the SHA256.sig file and the following public key saved into a signifyportable.pub file:

untrusted comment: Signify portable release signing public key
RWRQFCY809DUoWEHxWmoTNtxph6yUlWNsjfW54PqLI6S3dWfuZN4Ovj1

The signing key is also provided in the signifyportable.pub.asc file, signed with the same PGP key as the tarball itself, which can be itself verified and extracted using:

gpg --verify -o signifyportable.pub signifyportable.pub.asc

In order to check the package signature with Signify, use the following command:

signify -C -p signifyportable.pub -x SHA256.sig

v30

Changed

• Silence a compiler warning produced by Clang 10.

SHA-256 Checksum

f68406c3085ef902e85500e6c0b90e4c3f56347e5efffc0da7b6fb47803c8686

Checking Signatures

The release tarball can be checked with Signify itself, using the SHA256.sig file and the following public key saved into a signifyportable.pub file:

untrusted comment: Signify portable release signing public key
RWRQFCY809DUoWEHxWmoTNtxph6yUlWNsjfW54PqLI6S3dWfuZN4Ovj1

The signing key is also provided in the signifyportable.pub.asc file, signed with the same PGP key as the tarball itself, which can be itself verified and extracted using:

gpg --verify -o signifyportable.pub signifyportable.pub.asc

In order to check the package signature with Signify, use the following command:

signify -C -p signifyportable.pub -x SHA256.sig

v29

Added

• Source packages now include a license. Thanks to Marcus Müller for the patch (#24).
• New convenience targets for static builds (make static & make static-musl). Thanks to @frink for the bug report.

Fixed

• Static builds should work again. Thanks to @frink for the bug report.

SHA-256 Checksum

a9c1c3c2647359a550a4a6d0fb7b13cbe00870c1b7e57a6b069992354b57ecaf

v28

Added

• In verification mode (with -C) it is now possible to use the -t command line flag to specify the key type.
• A copy of the regression tests from the OpenBSD CVS repository is now included.

Changed

• Bumped version of libbsd to 0.10.0, which is the most recent stable.

Fixed

• Ensure that release packages include the code for the libwaive/ submodule. Thanks to @mobinmob for reporting the issue.

SHA-256 Checksum

b841f3862aefd04a70cb3f33e1ac08576adb74772d5a462ad85d5d481f386917

v27

This release is a minor update.

Fixed

• Updated to the latest upstream sources, the size of a fixed buffer has been changed to use PATH_MAX instead to avoid potential overflows when using very long path names.

SHA-256 Checksum

ae09a45b1d319eb0e36bbe863c8c06c445caac1340ffc4a99d60f9923ed6f259

v26

This release is a minor update.

Added

• Provide a definition for the __dead marker when using GCC 4+ or Clang.

Fixed

• Adapted to the new pledge() definition in OpenBSD 6.3 and newer.
• Ensure that the prototype for asprintf() gets defined by system headers.

Changed

• Silence (harmless) compiler warnings enabled in more recent GCC/Clang releases when using -Wall.

SHA-256 Checksum

5c2d9414cb302f0b127d8a930843461dac305c5e0e28828b6e4aaf55b00f549b

v25

This release is a minor update.

Added

• Updated to the latest upstream sources, the -z command line flag can now be used to zero the timestamp when producing a signature.

v24

This is an important bugfix release. It is strongly encouraged to update from any of the previous versions.

Fixed

• Fixed memory corruption due to incorrect remapping of SHA-224, SHA-384, and SHA-512-256 to incompatible counterparts in compat.h. Thanks to Ori Bernstein (@oridb) for the bug report (#17) and Wolfgang Müller (@vehk) for submitting the fix (#18).

Changed

• Bumped version of libbsd to 0.9.1 for bundling, which does not need patching to work with Musl.

v23

This is a minor bugfix release.

Fixed

• Fixed handling of the errno variable.