import gpgme-1.13.1-7.el8

2021-03-30 09:39:38 -04:00 · 2021-03-30 09:39:38 -04:00 · e779aca4f2
commit e779aca4f2
parent f3bf39d3f4
2 changed files with 49 additions and 2 deletions
--- a/SOURCES/gpgme-1.13.1-fix-null-deref.patch
+++ b/SOURCES/gpgme-1.13.1-fix-null-deref.patch
@ -0,0 +1,26 @@
+diff --git a/src/data-mem.c b/src/data-mem.c
+index 539b453..ae16bab 100644
+--- a/src/data-mem.c
+++ b/src/data-mem.c
+@@ -271,7 +271,7 @@ gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len)
+     }
+   else
+     {
+-      if (blankout && len)
+      if (str && blankout && len)
+         *str = 0;
+       /* Prevent mem_release from releasing the buffer memory.  We
+        * must not fail from this point.  */
+diff --git a/src/vfs-create.c b/src/vfs-create.c
+index 51b8307..445cd05 100644
+--- a/src/vfs-create.c
+++ b/src/vfs-create.c
+@@ -130,7 +130,7 @@ _gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[],
+     return err;
+ 
+   i = 0;
+-  while (!err && recp[i])
+  while (!err && recp && recp[i])
+     {
+       if (!recp[i]->subkeys || !recp[i]->subkeys->fpr)
+ 	{
--- a/SPECS/gpgme.spec
+++ b/SPECS/gpgme.spec
@ -17,9 +17,9 @@
 Name:           gpgme
 Summary:        GnuPG Made Easy - high level crypto API
 Version:        1.13.1
-Release:        3%{?dist}
+Release:        7%{?dist}

-License:        LGPLv2+
+License:        LGPLv2+ and MIT
 URL:            https://gnupg.org/related_software/gpgme/
 Source0:        https://gnupg.org/ftp/gcrypt/gpgme/gpgme-%{version}.tar.bz2
 Source2:        gpgme-multilib.h
@ -35,6 +35,8 @@ Patch1003:      0001-fix-stupid-ax_python_devel.patch
 Patch1004:      gpgme-1.13.1-fix-resource-leaks.patch
 # Make the make check work with gnupg-2.2.19 and above
 Patch1005:      gpgme-build-with-gnupg-2.2.19.patch
+# Fix NULL dereference
+Patch1006:      gpgme-1.13.1-fix-null-deref.patch

 #BuildRequires:  autoconf
 #BuildRequires:  automake
@ -102,6 +104,8 @@ BuildRequires:  cmake
 %package -n q%{name}
 Summary:        Qt API bindings/wrapper for GPGME
 Requires:       %{name}pp%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
+# This is probably redundant, but it satisfies RPMDIFF:
+Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 BuildRequires:  pkgconfig(Qt5Core)
 BuildRequires:  pkgconfig(Qt5Test)

@ -250,6 +254,23 @@ fi
 %{python3_sitearch}/gpg/

 %changelog
+* Wed Nov 18 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-7
+- Fix null dereference
+  Fix licence tag
+  Related: #1726861
+
+* Fri Nov 06 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-6
+- Try to fix RPMDIFF issues
+  Related: #1726861
+
+* Tue Nov 03 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-5
+- Rebuild
+  Related: #1726861
+
+* Tue Sep 29 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-4
+- Rebuild
+  Resolves: #1726861
+
 * Tue Jun 02 2020 Jiri Kucera <jkucera@redhat.com> - 1.13.1-3
 - Fix resource leaks found by static code analysis
  Related: #1829822