From 85acfc923452cfd7ee1e660d7080b005dee28848 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 18 May 2026 17:04:14 +0200 Subject: [PATCH] Update to 1.4.0 and fix CVE-2026-42784 Resolves: RHEL-172374 --- .gitignore | 2 ++ rust-sequoia-sq.spec | 16 +++------ sequoia-sq-fix-metadata.diff | 63 ------------------------------------ sources | 4 +-- vendor.toml | 17 ++++------ 5 files changed, 15 insertions(+), 87 deletions(-) delete mode 100644 sequoia-sq-fix-metadata.diff diff --git a/.gitignore b/.gitignore index 7c9a87b..3a6db22 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ /rust-sequoia-sq-1.3.0-vendor.tar.xz /sequoia-sq-vendor-1.3.1.1.tar.gz /sequoia-sq-1.3.1.1.tar.gz +/sequoia-sq-vendor-1.4.0.1.tar.gz +/sequoia-sq-1.4.0.1.tar.gz diff --git a/rust-sequoia-sq.spec b/rust-sequoia-sq.spec index d9f8c98..cc80c11 100644 --- a/rust-sequoia-sq.spec +++ b/rust-sequoia-sq.spec @@ -9,15 +9,15 @@ Name: rust-sequoia-sq -Version: 1.3.1.1 +Version: 1.4.0.1 Release: %autorelease Summary: Command-line frontends for Sequoia License: LGPL-2.0-or-later URL: https://crates.io/crates/sequoia-sq -# The version 1.3.1 upstream + patches from justus/pqc branch +# The version 1.4.0 upstream + patches from pqc branches # Generated using: -# git archive --format=tar.gz --prefix sequoia-sq-1.3.1.1/ -o sequoia-sq-1.3.1.1.tar.gz justus/pqc +# git archive --format=tar.gz --prefix sequoia-sq-1.4.0.1/ -o ../sequoia-sq-1.4.0.1.tar.gz pqc Source0: %{crate}-%{version}.tar.gz # Generated using cargo-vendor-filterer: @@ -27,15 +27,9 @@ Source0: %{crate}-%{version}.tar.gz # --platform i686-unknown-linux-gnu \ # --platform s390x-unknown-linux-gnu \ # --all-features -# tar -czf ../%%{crate}-vendor-%%{version}.tar.gz vendor +# tar -czf ../sequoia-sq-vendor-1.4.0.1.tar.gz vendor Source1: %{crate}-vendor-%{version}.tar.gz Source3: vendor.toml -# Manually created patch for downstream crate metadata changes -# * switch crypto backend from Nettle to OpenSSL -# * exclude files that are only useful for upstream development -# * drop automated generation of upstream integration tests -# * drop features for unsupported crypto backends -Patch: sequoia-sq-fix-metadata.diff %if 0%{?rhel} BuildRequires: rust-toolset @@ -51,6 +45,7 @@ BuildRequires: sqlite-devel BuildRequires: capnproto BuildRequires: capnproto-devel +BuildRequires: clang BuildRequires: cmake >= 3.1 %global _description %{expand: @@ -115,7 +110,6 @@ License: %{shrink: %prep %autosetup -n %{crate}-%{version} -N -a1 -%autopatch -M 99 -p1 %cargo_prep -N # include full configuration for vendored dependencies cat %{SOURCE3} >> .cargo/config.toml diff --git a/sequoia-sq-fix-metadata.diff b/sequoia-sq-fix-metadata.diff deleted file mode 100644 index 21b6e22..0000000 --- a/sequoia-sq-fix-metadata.diff +++ /dev/null @@ -1,63 +0,0 @@ -diff -up a/Cargo.toml.orig b/Cargo.toml ---- a/Cargo.toml.orig 2025-06-19 18:18:08.225290250 +0200 -+++ b/Cargo.toml 2025-06-19 18:20:29.142344871 +0200 -@@ -23,6 +23,12 @@ categories = ["cryptography", "authentic - license = "LGPL-2.0-or-later" - edition = "2021" - rust-version = "1.79" -+exclude = [ -+ "/deny.toml", -+ "/Dockerfile", -+ "/sq.subplot", -+ "/sq-subplot.md", -+] - - [badges] - gitlab = { repository = "sequoia-pgp/sequoia-sq" } -@@ -66,11 +72,6 @@ termcolor = "1.2.0" - textwrap = { version = ">=0.15, <0.17", default-features = false, features = ["smawk", "unicode-width"] } - typenum = "1" - --# This is for subplot only. If you don't enable the subplot feature, --# feel free to patch it out. --subplotlib = { version = ">=0.11, <0.13", optional = true } --culpa = { version = "1", optional = true } -- - [build-dependencies] - anyhow = "1.0.18" - buffered-reader = { version = "1.4", default-features = false, features = ["compression"] } -@@ -90,10 +91,6 @@ typenum = "1" - cfg-if = "1" - terminal_size = ">=0.2.6, <0.5" - --# This is for subplot only. If you don't enable the subplot feature, --# feel free to patch it out. --subplot-build = { version = ">=0.11, <0.13", optional = true } -- - [dev-dependencies] - assert_cmd = "2" - predicates = ">=2, <4" -@@ -105,22 +102,13 @@ name = "sq" - path = "src/main.rs" - bench = false - --[[test]] --name = "sq-subplot" --path = "tests/sq-subplot.rs" --required-features = ["subplot"] -- - [features] - default = [ -- "crypto-nettle", -+ "crypto-openssl", - ] - crypto-nettle = ["sequoia-openpgp/crypto-nettle"] - crypto-openssl = ["sequoia-openpgp/crypto-openssl"] --crypto-botan = ["sequoia-openpgp/crypto-botan"] --crypto-botan2 = ["sequoia-openpgp/crypto-botan2"] --crypto-cng = ["sequoia-openpgp/crypto-cng"] - crypto-rust = ["sequoia-openpgp/crypto-rust"] --subplot = ["culpa", "subplot-build", "subplotlib"] - - [profile.release] - debug = true diff --git a/sources b/sources index 762d6eb..6744a54 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (sequoia-sq-vendor-1.3.1.1.tar.gz) = 7e23b5466f8b951b4324c64d5a04807d5d2865d80b11c9be52ea48564984378e69501e8d67f387fa66bef0a874bb1588f31be63423a3f5ad2f04632f737e2fd8 -SHA512 (sequoia-sq-1.3.1.1.tar.gz) = 652549f83aba9e3dbe95b9bf16824e1bd0ac12922a14b5d5c78af88da6d333ea43b7f1922a1c12d4b4ccf659c7e2f731c1ad2fb42c91410f17fbb6a3e4d779bc +SHA512 (sequoia-sq-vendor-1.4.0.1.tar.gz) = 57cbdb583364dfa2c6b3c445677cc46f59e5cf723573e5813b686ef3cc8e5cd23f2b8f9bdff176eeb3187b9efe86f57b64afadcefa8508fef98f23f191d2cf6b +SHA512 (sequoia-sq-1.4.0.1.tar.gz) = 10d21460425e90e60f2842189387c8cb42a42d08ae04c29a6e0bedc6fefed73f24c3b6eff885becea593a2ee847c78ae3f8c8c52100bf3890160e62f51b2debc diff --git a/vendor.toml b/vendor.toml index 8333382..1519f24 100644 --- a/vendor.toml +++ b/vendor.toml @@ -1,19 +1,14 @@ [source.crates-io] replace-with = "vendored-sources" -[source."git+https://github.com/teythoon/rust-openssl?branch=justus/pqc"] -git = "https://github.com/teythoon/rust-openssl" -branch = "justus/pqc" +[source."git+https://gitlab.com/jjelen/sequoia-policy-config?branch=jjelen/pqc-ossl"] +git = "https://gitlab.com/jjelen/sequoia-policy-config" +branch = "jjelen/pqc-ossl" replace-with = "vendored-sources" -[source."git+https://gitlab.com/sequoia-pgp/sequoia-policy-config?branch=justus/pqc"] -git = "https://gitlab.com/sequoia-pgp/sequoia-policy-config" -branch = "justus/pqc" -replace-with = "vendored-sources" - -[source."git+https://gitlab.com/sequoia-pgp/sequoia?branch=justus/pqc"] -git = "https://gitlab.com/sequoia-pgp/sequoia" -branch = "justus/pqc" +[source."git+https://gitlab.com/jjelen/sequoia?branch=jjelen/pqc-ossl"] +git = "https://gitlab.com/jjelen/sequoia" +branch = "jjelen/pqc-ossl" replace-with = "vendored-sources" [source.vendored-sources]