From e779aca4f2f5ad972138f75bc44bf3884d9f429d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 30 Mar 2021 09:39:38 -0400 Subject: [PATCH] import gpgme-1.13.1-7.el8 --- SOURCES/gpgme-1.13.1-fix-null-deref.patch | 26 +++++++++++++++++++++++ SPECS/gpgme.spec | 25 ++++++++++++++++++++-- 2 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 SOURCES/gpgme-1.13.1-fix-null-deref.patch diff --git a/SOURCES/gpgme-1.13.1-fix-null-deref.patch b/SOURCES/gpgme-1.13.1-fix-null-deref.patch new file mode 100644 index 0000000..b4837c2 --- /dev/null +++ b/SOURCES/gpgme-1.13.1-fix-null-deref.patch @@ -0,0 +1,26 @@ +diff --git a/src/data-mem.c b/src/data-mem.c +index 539b453..ae16bab 100644 +--- a/src/data-mem.c ++++ b/src/data-mem.c +@@ -271,7 +271,7 @@ gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len) + } + else + { +- if (blankout && len) ++ if (str && blankout && len) + *str = 0; + /* Prevent mem_release from releasing the buffer memory. We + * must not fail from this point. */ +diff --git a/src/vfs-create.c b/src/vfs-create.c +index 51b8307..445cd05 100644 +--- a/src/vfs-create.c ++++ b/src/vfs-create.c +@@ -130,7 +130,7 @@ _gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[], + return err; + + i = 0; +- while (!err && recp[i]) ++ while (!err && recp && recp[i]) + { + if (!recp[i]->subkeys || !recp[i]->subkeys->fpr) + { diff --git a/SPECS/gpgme.spec b/SPECS/gpgme.spec index 0d4ad6b..8319642 100644 --- a/SPECS/gpgme.spec +++ b/SPECS/gpgme.spec @@ -17,9 +17,9 @@ Name: gpgme Summary: GnuPG Made Easy - high level crypto API Version: 1.13.1 -Release: 3%{?dist} +Release: 7%{?dist} -License: LGPLv2+ +License: LGPLv2+ and MIT URL: https://gnupg.org/related_software/gpgme/ Source0: https://gnupg.org/ftp/gcrypt/gpgme/gpgme-%{version}.tar.bz2 Source2: gpgme-multilib.h @@ -35,6 +35,8 @@ Patch1003: 0001-fix-stupid-ax_python_devel.patch Patch1004: gpgme-1.13.1-fix-resource-leaks.patch # Make the make check work with gnupg-2.2.19 and above Patch1005: gpgme-build-with-gnupg-2.2.19.patch +# Fix NULL dereference +Patch1006: gpgme-1.13.1-fix-null-deref.patch #BuildRequires: autoconf #BuildRequires: automake @@ -102,6 +104,8 @@ BuildRequires: cmake %package -n q%{name} Summary: Qt API bindings/wrapper for GPGME Requires: %{name}pp%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} +# This is probably redundant, but it satisfies RPMDIFF: +Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} BuildRequires: pkgconfig(Qt5Core) BuildRequires: pkgconfig(Qt5Test) @@ -250,6 +254,23 @@ fi %{python3_sitearch}/gpg/ %changelog +* Wed Nov 18 2020 Jiri Kucera - 1.13.1-7 +- Fix null dereference + Fix licence tag + Related: #1726861 + +* Fri Nov 06 2020 Jiri Kucera - 1.13.1-6 +- Try to fix RPMDIFF issues + Related: #1726861 + +* Tue Nov 03 2020 Jiri Kucera - 1.13.1-5 +- Rebuild + Related: #1726861 + +* Tue Sep 29 2020 Jiri Kucera - 1.13.1-4 +- Rebuild + Resolves: #1726861 + * Tue Jun 02 2020 Jiri Kucera - 1.13.1-3 - Fix resource leaks found by static code analysis Related: #1829822