import gpgme-1.13.1-7.el8

2021-03-30 09:39:38 -04:00 · 2021-03-30 09:39:38 -04:00 · e779aca4f2
commit e779aca4f2
parent f3bf39d3f4
2 changed files with 49 additions and 2 deletions
--- a/SOURCES/gpgme-1.13.1-fix-null-deref.patch
+++ b/SOURCES/gpgme-1.13.1-fix-null-deref.patch
@ -0,0 +1,26 @@
 diff --git a/src/data-mem.c b/src/data-mem.c
 index 539b453..ae16bab 100644
 --- a/src/data-mem.c
 +++ b/src/data-mem.c
@@ -271,7 +271,7 @@ gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len)
     }
   else
     {
 -      if (blankout && len)
 +      if (str && blankout && len)
         *str = 0;
       /* Prevent mem_release from releasing the buffer memory.  We
        * must not fail from this point.  */
 diff --git a/src/vfs-create.c b/src/vfs-create.c
 index 51b8307..445cd05 100644
 --- a/src/vfs-create.c
 +++ b/src/vfs-create.c
@@ -130,7 +130,7 @@ _gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[],
     return err;
   i = 0;
 -  while (!err && recp[i])
 +  while (!err && recp && recp[i])
     {
       if (!recp[i]->subkeys || !recp[i]->subkeys->fpr)
 	{
--- a/SPECS/gpgme.spec
+++ b/SPECS/gpgme.spec
@ -17,9 +17,9 @@
 Name:           gpgme
 Summary:        GnuPG Made Easy - high level crypto API
 Version:        1.13.1
-Release:        3%{?dist}
+Release:        7%{?dist}
-License:        LGPLv2+
+License:        LGPLv2+ and MIT
 URL:            https://gnupg.org/related_software/gpgme/
 Source0:        https://gnupg.org/ftp/gcrypt/gpgme/gpgme-%{version}.tar.bz2
 Source2:        gpgme-multilib.h
@ -35,6 +35,8 @@ Patch1003:      0001-fix-stupid-ax_python_devel.patch
 Patch1004:      gpgme-1.13.1-fix-resource-leaks.patch
 # Make the make check work with gnupg-2.2.19 and above
 Patch1005:      gpgme-build-with-gnupg-2.2.19.patch
 # Fix NULL dereference
 Patch1006:      gpgme-1.13.1-fix-null-deref.patch
 #BuildRequires:  autoconf
 #BuildRequires:  automake
@ -102,6 +104,8 @@ BuildRequires:  cmake
 %package -n q%{name}
 Summary:        Qt API bindings/wrapper for GPGME
 Requires:       %{name}pp%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 # This is probably redundant, but it satisfies RPMDIFF:
 Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 BuildRequires:  pkgconfig(Qt5Core)
 BuildRequires:  pkgconfig(Qt5Test)
@ -250,6 +254,23 @@ fi
 %{python3_sitearch}/gpg/
 %changelog
 * Wed Nov 18 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-7
 - Fix null dereference
  Fix licence tag
  Related: #1726861
 * Fri Nov 06 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-6
 - Try to fix RPMDIFF issues
  Related: #1726861
 * Tue Nov 03 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-5
 - Rebuild
  Related: #1726861
 * Tue Sep 29 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-4
 - Rebuild
  Resolves: #1726861
 * Tue Jun 02 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-3
 - Fix resource leaks found by static code analysis
  Related: #1829822