.gitignore

@@ -1 +1 @@
-SOURCES/pinentry-1.1.0.tar.bz2
+SOURCES/pinentry-1.1.1.tar.bz2

.pinentry.metadata

@@ -1 +1 @@
-693bdf9f48dfb3e040d92f50b1bb464e268b9fb0 SOURCES/pinentry-1.1.0.tar.bz2
+b8b88cab4fd844e3616d55aeba8f084f2b98fb0f SOURCES/pinentry-1.1.1.tar.bz2

SOURCES/pinentry-1.1.1-coverity.patch

@@ -0,0 +1,194 @@
+commit a87d9e8f89f946a733c756c72bf5ec41e0a738b8
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Wed Apr 14 15:51:27 2021 +0900
+
+    core,emacs,tty,curses: Fix memory leaks, invalid accese, and mistake.
+    
+    * pinentry/pinentry-curses.c (dialog_create): Free NEW.
+    [HAVE_NCURSESW] (dialog_run): Free OLD_CTYPE on error.
+    * pinentry/pinentry.c (pinentry_inq_genpin): Free VALUE on error.
+    * tty/pinentry-tty.c (tty_cmd_handler): Don't access closed FDs.
+    * pinentry/pinentry-emacs.c (set_labels): Fix for ->default_cancel.
+    
+    --
+    
+    GnuPG-bug-id: 5384
+    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c
+index a3fe2e2..1c3008a 100644
+--- a/pinentry/pinentry-curses.c
++++ b/pinentry/pinentry-curses.c
+@@ -315,6 +315,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog)
+         }								\
+       dialog->which = pinentry_utf8_to_local (pinentry->lc_ctype,	\
+ 					      new ? new : default);	\
++      free (new);							\
+       if (!dialog->which)						\
+         {								\
+ 	  err = 1;							\
+@@ -873,6 +874,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
+         {
+           pinentry->specific_err = gpg_error_from_syserror ();
+           pinentry->specific_err_loc = "open_tty_for_read";
++#ifdef HAVE_NCURSESW
++          free (old_ctype);
++#endif
+           return confirm_mode? 0 : -1;
+         }
+       ttyfo = fopen (tty_name, "w");
+@@ -883,6 +887,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
+ 	  errno = err;
+           pinentry->specific_err = gpg_error_from_syserror ();
+           pinentry->specific_err_loc = "open_tty_for_write";
++#ifdef HAVE_NCURSESW
++          free (old_ctype);
++#endif
+ 	  return confirm_mode? 0 : -1;
+ 	}
+       screen = newterm (tty_type, ttyfo, ttyfi);
+@@ -897,6 +904,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
+               errno = ENOTTY;
+               pinentry->specific_err = gpg_error_from_syserror ();
+               pinentry->specific_err_loc = "isatty";
++#ifdef HAVE_NCURSESW
++              free (old_ctype);
++#endif
+               return confirm_mode? 0 : -1;
+             }
+ 	  init_screen = 1;
+diff --git a/pinentry/pinentry-emacs.c b/pinentry/pinentry-emacs.c
+index 16ae1c2..9685b67 100644
+--- a/pinentry/pinentry-emacs.c
++++ b/pinentry/pinentry-emacs.c
+@@ -498,7 +498,7 @@ set_labels (pinentry_t pe)
+     set_label (pe, "SETOK", pe->default_ok);
+   if (pe->cancel)
+     set_label (pe, "SETCANCEL", pe->cancel);
+-  else if (pe->default_ok)
++  else if (pe->default_cancel)
+     set_label (pe, "SETCANCEL", pe->default_cancel);
+   if (pe->notok)
+     set_label (pe, "SETNOTOK", pe->notok);
+diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
+index ef81f12..26ec77a 100644
+--- a/pinentry/pinentry.c
++++ b/pinentry/pinentry.c
+@@ -656,6 +656,7 @@ pinentry_inq_genpin (pinentry_t pin)
+           if (rc)
+             {
+               fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc);
++              free (value);
+               return 0;
+             }
+         }
+diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
+index 403dd60..4a2b67f 100644
+--- a/tty/pinentry-tty.c
++++ b/tty/pinentry-tty.c
+@@ -559,7 +559,7 @@ tty_cmd_handler (pinentry_t pinentry)
+         }
+     }
+ 
+-  if (terminal_save (fileno (ttyfi)) < 0)
++  if (!rc && terminal_save (fileno (ttyfi)) < 0)
+     rc = -1;
+ 
+   if (! rc)
+
+From 7f7fd8bcfd74919091cc318b27b8617a9ef2ac82 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Apr 2021 12:54:43 +0900
+Subject: [PATCH] tty: Fix error return paths and its resource leaks.
+
+* tty/pinentry-tty.c (tty_cmd_handler): Only call do_touch_file
+on successful interaction.  Fix closing file.
+
+--
+
+GnuPG-bug-id: 5384
+Co-authored-by: Jakub Jelen <jjelen@redhat.com>
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ tty/pinentry-tty.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
+index 4a2b67f..c4d85c6 100644
+--- a/tty/pinentry-tty.c
++++ b/tty/pinentry-tty.c
+@@ -525,6 +525,7 @@ tty_cmd_handler (pinentry_t pinentry)
+   int rc = 0;
+   FILE *ttyfi = stdin;
+   FILE *ttyfo = stdout;
++  int saved_errno = 0;
+ 
+ #ifndef HAVE_DOSISH_SYSTEM
+   timed_out = 0;
+@@ -545,30 +546,27 @@ tty_cmd_handler (pinentry_t pinentry)
+     {
+       ttyfi = fopen (pinentry->ttyname, "r");
+       if (!ttyfi)
+-        rc = -1;
+-      else
++        return -1;
++
++      ttyfo = fopen (pinentry->ttyname, "w");
++      if (!ttyfo)
+         {
+-          ttyfo = fopen (pinentry->ttyname, "w");
+-          if (!ttyfo)
+-            {
+-              int err = errno;
+-              fclose (ttyfi);
+-              errno = err;
+-              rc = -1;
+-            }
++          saved_errno = errno;
++          fclose (ttyfi);
++          errno = saved_errno;
++          return -1;
+         }
+     }
+ 
+-  if (!rc && terminal_save (fileno (ttyfi)) < 0)
++  if (terminal_save (fileno (ttyfi)) < 0)
+     rc = -1;
+-
+-  if (! rc)
++  else
+     {
+       if (terminal_setup (fileno (ttyfi), !!pinentry->pin) == -1)
+         {
+-          int err = errno;
++          saved_errno = errno;
+           fprintf (stderr, "terminal_setup failure, exiting\n");
+-          errno = err;
++          rc = -1;
+         }
+       else
+         {
+@@ -578,17 +576,19 @@ tty_cmd_handler (pinentry_t pinentry)
+             rc = confirm (pinentry, ttyfi, ttyfo);
+ 
+           terminal_restore (fileno (ttyfi));
++          do_touch_file (pinentry);
+         }
+     }
+ 
+-  do_touch_file (pinentry);
+-
+   if (pinentry->ttyname)
+     {
+       fclose (ttyfi);
+       fclose (ttyfo);
+     }
+ 
++  if (saved_errno)
++    errno = saved_errno;
++
+   return rc;
+ }
+ 
+-- 
+2.30.2

SOURCES/pinentry-1.1.1-rpath.patch

@@ -0,0 +1,41 @@
+commit 6e8ad3150566d16a20cb3b54267191bcb0c14208
+Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+Date:   Tue Feb 23 22:05:37 2021 +0000
+
+    qt: Honor the --disable-rpath option.
+    
+    * m4/qt.m4: Do not set rpath if --disable-rpath has been specified
+    at configure time.
+    --
+    
+    GnuPG-bug-id: 5307
+    Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+diff --git a/m4/qt.m4 b/m4/qt.m4
+index f8ef3f6..5f9de3f 100644
+--- a/m4/qt.m4
++++ b/m4/qt.m4
+@@ -59,7 +59,9 @@ AC_DEFUN([FIND_QT],
+ 
+     qtlibdir=`"$PKG_CONFIG" --variable libdir Qt5Core`
+     if test -n "$qtlibdir"; then
++      if test "$enable_rpath" != "no"; then
+         PINENTRY_QT_LDFLAGS="$PINENTRY_QT_LDFLAGS -Wl,-rpath \"$qtlibdir\""
++      fi
+     fi
+ 
+     AC_CHECK_TOOL(MOC, moc)
+
+diff -up pinentry-1.1.1/configure.rpath pinentry-1.1.1/configure
+--- pinentry-1.1.1/configure.rpath	2021-04-16 09:08:48.306479991 +0200
++++ pinentry-1.1.1/configure	2021-04-16 09:09:29.365068549 +0200
+@@ -10765,7 +10776,9 @@ fi
+ 
+     qtlibdir=`"$PKG_CONFIG" --variable libdir Qt5Core`
+     if test -n "$qtlibdir"; then
++      if test "$enable_rpath" != "no"; then
+         PINENTRY_QT_LDFLAGS="$PINENTRY_QT_LDFLAGS -Wl,-rpath \"$qtlibdir\""
++      fi
+     fi
+ 
+     if test -n "$ac_tool_prefix"; then

SOURCES/pinentry-wrapper

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/sh
 
 # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2009 Fedora Project
@@ -32,22 +32,20 @@ done
 
 # export DISPLAY if pinentry is meant to be run on a different display
 # check the KDE_FULL_SESSION variable otherwise
-if [ -n "$display" -a "$DISPLAY" != "$display" ]; then
+if [ -n "$display" ] && [ "$DISPLAY" != "$display" ]; then
     export DISPLAY="$display"
 elif [ -n "$KDE_FULL_SESSION" ]; then
     kde_running=1
-    kde_ver="$KDE_SESSION_VERSION"
 fi
 
 # Check for presence of xprop binary
 type xprop >/dev/null 2>/dev/null
 XPROP=$?
 
-if [ -n "$DISPLAY" -a $XPROP -eq 0 ]; then
+if [ -n "$DISPLAY" ] && [ $XPROP -eq 0 ]; then
     xprop -root | grep "^KDE_FULL_SESSION" >/dev/null 2>/dev/null
     if test $? -eq 0; then
         kde_running=1
-        kde_ver="`xprop -root | sed -n 's/KDE_SESSION_VERSION(CARDINAL) = //p'`" 2>/dev/null
     fi
 fi
 
@@ -56,21 +54,25 @@ if [ -n "$PINENTRY_BINARY" ];
 then
 	export PINENTRY_BINARY="$PINENTRY_BINARY"
 # if KDE is detected and pinentry-qt exists, use pinentry-qt
-elif [ -n "$kde_running" -a -x /usr/bin/pinentry-qt ]
+elif [ -n "$kde_running" ] && [ -x /usr/bin/pinentry-qt ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-qt"
 # otherwise test if pinentry-gnome3 is installed
-elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gnome3 ]
+elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gnome3 ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-gnome3"
 # otherwise test if pinentry-gtk-2 is installed
-elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gtk-2 ]
+elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gtk-2 ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-gtk-2"
 # otherwise test if pinentry-qt exists although KDE is not detected
-elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-qt ]
+elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-qt ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-qt"
+# use pinentry-tty if installed
+elif [ -x /usr/bin/pinentry-tty ]
+then
+	export PINENTRY_BINARY="/usr/bin/pinentry-tty"
 # pinentry-curses is installed by default
 else
 	export PINENTRY_BINARY="/usr/bin/pinentry-curses"

SPECS/pinentry.spec

@@ -1,17 +1,22 @@
 
 Name:    pinentry
-Version: 1.1.0
-Release: 2%{?dist}
+Version: 1.1.1
+Release: 8%{?dist}
 Summary: Collection of simple PIN or passphrase entry dialogs
 
 License: GPLv2+
-URL:     http://www.gnupg.org/aegypten/
-Source0: ftp://ftp.gnupg.org/gcrypt/pinentry/%{name}-%{version}.tar.bz2
-Source1: ftp://ftp.gnupg.org/gcrypt/pinentry/%{name}-%{version}.tar.bz2.sig
+URL:     https://www.gnupg.org/
+Source0: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2
+Source1: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2.sig
+
+Patch1: pinentry-1.1.1-coverity.patch
+Patch2: pinentry-1.1.1-rpath.patch
 
 # borrowed from opensuse
 Source10: pinentry-wrapper
 
+BuildRequires: make
+BuildRequires: gcc
 BuildRequires: gcr-devel
 BuildRequires: gtk2-devel
 BuildRequires: libcap-devel
@@ -22,8 +27,6 @@ BuildRequires: libsecret-devel
 BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5Gui) pkgconfig(Qt5Widgets)
 
 Requires(pre): %{_sbindir}/update-alternatives
-Requires(post): /sbin/install-info
-Requires(preun): /sbin/install-info
 
 Provides: %{name}-curses = %{version}-%{release}
 
@@ -75,8 +78,19 @@ utilize the Assuan protocol as described by the aegypten project; see
 http://www.gnupg.org/aegypten/ for details.
 This package contains the emacs based version of the PIN entry dialog.
 
+%package tty
+Summary: Passphrase/PIN entry dialog in tty
+Requires: %{name} = %{version}-%{release}
+%description tty
+Pinentry is a collection of simple PIN or passphrase entry dialogs which
+utilize the Assuan protocol as described by the aegypten project; see
+http://www.gnupg.org/aegypten/ for details.
+This package contains the tty version of the PIN entry dialog.
+
 %prep
 %setup -q
+%patch1 -p1 -b .coverity
+%patch2 -p1 -b .rpath
 
 
 %build
@@ -84,17 +98,19 @@ This package contains the emacs based version of the PIN entry dialog.
   --disable-rpath \
   --disable-dependency-tracking \
   --without-libcap \
+  --disable-pinentry-fltk \
   --enable-pinentry-gnome3 \
   --enable-pinentry-gtk2 \
   --enable-pinentry-qt5 \
   --enable-pinentry-emacs \
+  --enable-pinentry-tty \
   --enable-libsecret
 
-make %{?_smp_mflags}
+%make_build
 
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
+%make_install
 
 # Symlink for Backward compatibility
 ln -s pinentry-gtk-2 $RPM_BUILD_ROOT%{_bindir}/pinentry-gtk
@@ -105,17 +121,6 @@ install -p -m755 -D %{SOURCE10} $RPM_BUILD_ROOT%{_bindir}/pinentry
 # unpackaged files
 rm -fv $RPM_BUILD_ROOT%{_infodir}/dir
 
-
-%post
-if [ -f %{_infodir}/pinentry.info* ]; then
-/sbin/install-info %{_infodir}/pinentry.info %{_infodir}/dir ||:
-fi
-
-%preun
-if [ $1 -eq 0 -a -f %{_infodir}/pinentry.info* ] ; then
-  /sbin/install-info --delete %{_infodir}/pinentry.info %{_infodir}/dir ||:
-fi
-
 %files
 %license COPYING
 %doc AUTHORS ChangeLog NEWS README THANKS TODO
@@ -139,7 +144,59 @@ fi
 %files emacs
 %{_bindir}/pinentry-emacs
 
+%files tty
+%{_bindir}/pinentry-tty
+
 %changelog
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.1.1-8
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-7
+- Honor the disabled rpath
+- Sync final version of coverity patches from upstream (#1938729)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.1.1-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-5
+- Address few more minor issues reported by coverity
+
+* Wed Apr 14 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-4
+- Fix issues reported by coverity
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jan 26 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-2
+- Move pinentry-tty to separate subpackage (#1782442)
+- Update the wrapper selecting the appropriate version (#1918969)
+
+* Fri Jan 22 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-1
+- New upstream release (#1919127)
+
+* Wed Jan 06 2021 Boris Ranto <branto@redhat.com> - 1.1.0-9
+- enable pinentry-tty
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Mar 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 1.1.0-3
+- BR: gcc, use %%make_build %%make_install
+- explicitly disable fltk support (FTBFS)
+
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild