Rebase to 1.10.2 and sequioa-openpgp with fixes for CVE-2026-42784

Resolves: RHEL-172373
2026-05-13 14:51:46 +02:00
5 changed files with 12 additions and 87 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,3 +18,5 @@
 /rpm-sequoia-vendor-1.9.0.3.tar.gz
 /rpm-sequoia-1.10.1.1.tar.gz
 /rpm-sequoia-vendor-1.10.1.1.tar.gz
+/rpm-sequoia-1.10.2.1.tar.gz
+/rpm-sequoia-vendor-1.10.2.1.tar.gz
--- a/rust-rpm-sequoia-1.10.1.1-sha1.patch
+++ b/rust-rpm-sequoia-1.10.1.1-sha1.patch
@ -1,74 +0,0 @@
-From 4a6e83c723b33e907a0943a3c7b1e262b6bec5ea Mon Sep 17 00:00:00 2001
-From: "Neal H. Walfield" <neal@pep.foundation>
-Date: Thu, 12 Mar 2026 09:55:20 +0100
-Subject: [PATCH] Improve lints.
-
-  - When including an error in a lint, don't just include the
-    top-level error, but also the causes.
-
-  - Fixes #110.
---
- src/lib.rs | 17 +++++++++++------
- 1 file changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/src/lib.rs b/src/lib.rs
-index 71b98aa..e2264cf 100644
--- a/src/lib.rs
-+++ b/src/lib.rs
-@@ -189,6 +189,10 @@ fn error_chain(err: &anyhow::Error) -> Vec<String> {
-     errs
- }
- 
-+fn error_chain_display(err: &anyhow::Error) -> String {
-+    error_chain(err).join(", because ")
-+}
-+
- // Generate macros for working with lints.
- //
- // Note: $dollar is a hack, which we use because nested macros with
-@@ -1727,7 +1731,8 @@ fn _pgpPubKeyLint(pkts: *const c_char,
-     let usable = 'done : loop {
-         match cert.with_policy(&*P.read().unwrap(), None) {
-             Err(err) => {
-                lint(&format!("Policy rejects {}: {}", cert.keyid(), err));
-+                lint(&format!("Policy rejects {}: {}",
-+                              cert.keyid(), error_chain_display(&err)));
-                 break 'done false;
-             }
-             Ok(vc) => {
-@@ -1757,10 +1762,10 @@ fn _pgpPubKeyLint(pkts: *const c_char,
-                     if let Some(e) = vc.primary_key().key_expiration_time() {
-                         if e <= SystemTime::now() {
-                             lint(&format!("The certificate is expired: {}",
-                                          err));
-+                                          error_chain_display(&err)));
-                         } else {
-                             lint(&format!("The certificate is not live: {}",
-                                          err));
-+                                          error_chain_display(&err)));
-                         }
-                     }
-                 }
-@@ -1774,7 +1779,7 @@ fn _pgpPubKeyLint(pkts: *const c_char,
-             match ka.with_policy(&*P.read().unwrap(), None) {
-                 Err(err) => {
-                     lint(&format!("Policy rejects subkey {}: {}",
-                                  keyid, err));
-+                                  keyid, error_chain_display(&err)));
-                     continue;
-                 }
-                 Ok(ka) => {
-@@ -1814,10 +1819,10 @@ fn _pgpPubKeyLint(pkts: *const c_char,
-                         if let Some(e) = ka.key_expiration_time() {
-                             if e <= SystemTime::now() {
-                                 lint(&format!("Subkey {} is expired: {}",
-                                              keyid, err));
-+                                              keyid, error_chain_display(&err)));
-                             } else {
-                                 lint(&format!("Subkey {} is not live: {}",
-                                              keyid, err));
-+                                              keyid, error_chain_display(&err)));
-                             }
-                         }
-                         continue;
-
--- a/rust-rpm-sequoia.spec
+++ b/rust-rpm-sequoia.spec
@ -4,15 +4,15 @@
 %global crate rpm-sequoia

 Name:           rust-rpm-sequoia
-Version:        1.10.1.1
+Version:        1.10.2.1
 Release:        %autorelease
 Summary:        Implementation of the RPM PGP interface using Sequoia

 License:        LGPL-2.0-or-later
 URL:            https://crates.io/crates/rpm-sequoia
-# The version 1.10.1 upstream + patches to use pqc branches in openpgp and pqc-ossl in policy-config
+# The version 1.10.2 upstream + patches to use pqc branches in openpgp and pqc-ossl in policy-config
 # Generated using:
-#  git archive --format=tar.gz --prefix rpm-sequoia-1.10.1.1/ -o ../rpm-sequoia-1.10.1.1.tar.gz pqc
+#  git archive --format=tar.gz --prefix rpm-sequoia-1.10.2.1/ -o ../rpm-sequoia-1.10.2.1.tar.gz pqc
 Source:         %{crate}-%{version}.tar.gz
 # Generated using cargo-vendor-filterer:
 #   cargo vendor-filterer --platform x86_64-unknown-linux-gnu \
@ -21,10 +21,9 @@ Source:         %{crate}-%{version}.tar.gz
 #                         --platform i686-unknown-linux-gnu \
 #                         --platform s390x-unknown-linux-gnu \
 #                         --all-features
-#   tar -czf ../rpm-sequoia-vendor-1.10.1.1.tar.gz vendor
+#   tar -czf ../rpm-sequoia-vendor-1.10.2.1.tar.gz vendor
 Source1:        %{crate}-vendor-%{version}.tar.gz
 Source2:        vendor.toml
-Patch:          rust-rpm-sequoia-1.10.1.1-sha1.patch

 %if 0%{?rhel}
 BuildRequires:  rust-toolset
@ -76,7 +75,7 @@ Requires:       %{crate}%{?_isa} = %{version}-%{release}
 %{_libdir}/pkgconfig/rpm-sequoia.pc

 %prep
-%autosetup -n %{crate}-%{version} -a1 -p1
+%autosetup -n %{crate}-%{version} -N -a1
 %cargo_prep -N
 # include full configuration for vendored dependencies
 cat %{SOURCE2} >> .cargo/config.toml
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (rpm-sequoia-1.10.1.1.tar.gz) = 6038343036b7b0317c202f046d146245363988ae2d52021246bdb4e560422b557b38e0b17f88de630e58afce43f29b32e2de15a011af769de2f2b27ba8fb434a
-SHA512 (rpm-sequoia-vendor-1.10.1.1.tar.gz) = fca5b244a1442056acd550dc9c1c19426c157a25f7a06849700319be775b6d57c379685edd1e2f596c10e987057a057d688a43e41e27a0f22b5f70987eaf2c02
+SHA512 (rpm-sequoia-1.10.2.1.tar.gz) = 1130aefcf21aab2ff86c4e9f2f2a8012312ae56a32205235a6720c747da4b192cb631dfc028416167379ff4b291eedcea7e11801496150ef371cd768c69f34ed
+SHA512 (rpm-sequoia-vendor-1.10.2.1.tar.gz) = bd13bacb80dc483e778137826716872b735529275dc1eda03fa36a8ac9b8cfc0dfa1810556d26c4cd72f846fab67c06236e3b5fc6095ab07ee33bf82b9f8c1ad
--- a/vendor.toml
+++ b/vendor.toml
@ -1,4 +1,3 @@
-
 [source.crates-io]
 replace-with = "vendored-sources"

@ -7,11 +6,10 @@ git = "https://gitlab.com/jjelen/sequoia-policy-config"
 branch = "jjelen/pqc-ossl"
 replace-with = "vendored-sources"

-[source."git+https://gitlab.com/sequoia-pgp/sequoia?branch=pqc"]
-git = "https://gitlab.com/sequoia-pgp/sequoia"
-branch = "pqc"
+[source."git+https://gitlab.com/jjelen/sequoia?branch=jjelen/pqc-ossl"]
+git = "https://gitlab.com/jjelen/sequoia"
+branch = "jjelen/pqc-ossl"
 replace-with = "vendored-sources"

 [source.vendored-sources]
 directory = "vendor"
-