pool/gpgme
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 998039 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/998039
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpgme?expand=0&rev=90
This commit is contained in:
Dominique Leuenberger 2022-10-28 17:29:25 +00:00 committed by Git OBS Bridge
commit 2517118d44
11 changed files with 423 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
baselibs.conf
View File

@ -1,3 +1,3 @@
libgpgme11 libgpgme11
libgpgmepp6 libgpgmepp6
libqgpgme7 libqgpgme15

126
gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch
View File

@ -1,126 +0,0 @@
From 81a33ea5e1b86d586b956e893a5b25c4cd41c969 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Sat, 26 Jun 2021 18:02:47 +0200
Subject: [PATCH] core: Fix use-after-free issue in test
* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
(main): Factored out signing and verifying the result.
--
Factoring the two steps of the test into different functions fixes the
use-after-free issue that was caused by accidentaly using a variable
of the first step in the second step.
GnuPG-bug-id: 5509
---
tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++-------------
1 file changed, 37 insertions(+), 17 deletions(-)
diff --git a/tests/gpg/t-edit-sign.c b/tests/gpg/t-edit-sign.c
index 2f983622..e0494c54 100644
--- a/tests/gpg/t-edit-sign.c
+++ b/tests/gpg/t-edit-sign.c
@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd)
}
-int
-main (int argc, char **argv)
+void
+sign_key (const char *key_fpr, const char *signer_fpr)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t out = NULL;
- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
gpgme_key_t signing_key = NULL;
- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
gpgme_key_t key = NULL;
- gpgme_key_t signed_key = NULL;
- gpgme_user_id_t signed_uid = NULL;
- gpgme_key_sig_t key_sig = NULL;
char *agent_info;
- int mode;
-
- (void)argc;
- (void)argv;
-
- init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
- /* Sign the key */
agent_info = getenv("GPG_AGENT_INFO");
if (!(agent_info && strchr (agent_info, ':')))
gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
@@ -159,8 +147,23 @@ main (int argc, char **argv)
gpgme_data_release (out);
gpgme_key_unref (key);
gpgme_key_unref (signing_key);
+ gpgme_release (ctx);
+}
+
+
+void
+verify_key_signature (const char *key_fpr, const char *signer_keyid)
+{
+ gpgme_ctx_t ctx;
+ gpgme_error_t err;
+ gpgme_key_t signed_key = NULL;
+ gpgme_user_id_t signed_uid = NULL;
+ gpgme_key_sig_t key_sig = NULL;
+ int mode;
+
+ err = gpgme_new (&ctx);
+ fail_if_err (err);
- /* Verify the key signature */
mode = gpgme_get_keylist_mode (ctx);
mode |= GPGME_KEYLIST_MODE_SIGS;
err = gpgme_set_keylist_mode (ctx, mode);
@@ -168,7 +171,7 @@ main (int argc, char **argv)
err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
fail_if_err (err);
- signed_uid = key->uids;
+ signed_uid = signed_key->uids;
if (!signed_uid)
{
fprintf (stderr, "Signed key has no user IDs\n");
@@ -180,7 +183,7 @@ main (int argc, char **argv)
exit (1);
}
key_sig = signed_uid->signatures->next;
- if (strcmp ("2D727CC768697734", key_sig->keyid))
+ if (strcmp (signer_keyid, key_sig->keyid))
{
fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
key_sig->keyid);
@@ -196,6 +199,23 @@ main (int argc, char **argv)
gpgme_key_unref (signed_key);
gpgme_release (ctx);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
+ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+
+ (void)argc;
+ (void)argv;
+
+ init_gpgme (GPGME_PROTOCOL_OpenPGP);
+
+ sign_key (key_fpr, signer_fpr);
+ verify_key_signature (key_fpr, signer_keyid);
return 0;
}
--
2.32.0

33
gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch
View File

@ -1,33 +0,0 @@
From 6a79e90dedc19877ae1c520fed875b57089a5425 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Thu, 8 Jul 2021 11:54:06 +0200
Subject: [PATCH] Make sure expiration time is interpreted as unsigned number
* lang/qt/tests/t-various.cpp (testSignKeyWithExpiration): Convert
expiration time to uint_least32_t.
--
This fixes the test on 32-bit systems where time_t (the return type of
expirationTime()) is a signed 32-bit integer type.
GnuPG-bug-id: 5522
---
lang/qt/tests/t-various.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lang/qt/tests/t-various.cpp b/lang/qt/tests/t-various.cpp
index 8563b681..72a2487a 100644
--- a/lang/qt/tests/t-various.cpp
+++ b/lang/qt/tests/t-various.cpp
@@ -355,7 +355,7 @@ private Q_SLOTS:
target.update();
const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
QVERIFY(!keySignature.neverExpires());
- const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
+ const auto expirationDate = QDateTime::fromSecsSinceEpoch(uint_least32_t(keySignature.expirationTime())).date();
QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
}
--
2.11.0

3
gpgme-1.16.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6c8cc4aedb10d5d4c905894ba1d850544619ee765606ac43df7405865de29ed0
size 1718913

BIN
gpgme-1.16.0.tar.bz2.sig
View File

Binary file not shown.

363
gpgme-1.18.0-T6137-qt_test.patch Normal file
View File

@ -0,0 +1,363 @@
From c977424a1d39751fc5055131ad3f7819d421dcc8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Wed, 17 Aug 2022 14:51:19 +0200
Subject: [PATCH 1/1] qt: Make sure expiration time is interpreted as unsigned
number
* lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp (add_subkey): Convert
expiration time to uint_least32_t.
--
This fixes the corresponding test on 32-bit systems where time_t (the
return type of expirationTime()) is a signed 32-bit integer type.
GnuPG-bug-id: 6137
---
lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp b/lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp
index 32e2c292..b74e7a06 100644
--- a/lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp
+++ b/lang/qt/src/qgpgmeaddexistingsubkeyjob.cpp
@@ -64,7 +64,8 @@ static QGpgMEAddExistingSubkeyJob::result_type add_subkey(Context *ctx, const Ke
std::unique_ptr<GpgAddExistingSubkeyEditInteractor> interactor{new GpgAddExistingSubkeyEditInteractor{subkey.keyGrip()}};
if (!subkey.neverExpires()) {
- const auto expiry = QDateTime::fromSecsSinceEpoch(subkey.expirationTime(), Qt::UTC).toString(u"yyyyMMdd'T'hhmmss").toStdString();
+ const auto expiry = QDateTime::fromSecsSinceEpoch(uint_least32_t(subkey.expirationTime()),
+ Qt::UTC).toString(u"yyyyMMdd'T'hhmmss").toStdString();
interactor->setExpiry(expiry);
}
--
2.11.0
From 81d4b7f2d7077297d76af5728949d8f2bdff8cd5 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Wed, 17 Aug 2022 14:56:13 +0200
Subject: [PATCH] qt,tests: Log the actual error code if the assertion fails
* lang/qt/tests/t-addexistingsubkey.cpp (
AddExistingSubkeyJobTest::testAddExistingSubkeyAsync,
AddExistingSubkeyJobTest::testAddExistingSubkeySync,
AddExistingSubkeyJobTest::testAddExistingSubkeyWithExpiration): Use
QCOMPARE instead of QVERIFY for asserting equality.
--
GnuPG-bug-id: 6137
---
lang/qt/tests/t-addexistingsubkey.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lang/qt/tests/t-addexistingsubkey.cpp b/lang/qt/tests/t-addexistingsubkey.cpp
index 589c90bf..2e654cec 100644
--- a/lang/qt/tests/t-addexistingsubkey.cpp
+++ b/lang/qt/tests/t-addexistingsubkey.cpp
@@ -168,7 +168,7 @@ private Q_SLOTS:
QSignalSpy spy (this, SIGNAL(asyncDone()));
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
- QVERIFY(result.code() == GPG_ERR_NO_ERROR);
+ QCOMPARE(result.code(), static_cast<int>(GPG_ERR_NO_ERROR));
key.update();
QCOMPARE(key.numSubkeys(), 3u);
}
@@ -190,7 +190,7 @@ private Q_SLOTS:
const auto result = job->exec(key, sourceSubkey);
- QVERIFY(result.code() == GPG_ERR_NO_ERROR);
+ QCOMPARE(result.code(), static_cast<int>(GPG_ERR_NO_ERROR));
key.update();
QCOMPARE(key.numSubkeys(), 3u);
QCOMPARE(key.subkey(2).expirationTime(), 0);
@@ -213,7 +213,7 @@ private Q_SLOTS:
const auto result = job->exec(key, sourceSubkey);
- QVERIFY(result.code() == GPG_ERR_NO_ERROR);
+ QCOMPARE(result.code(), static_cast<int>(GPG_ERR_NO_ERROR));
key.update();
QCOMPARE(key.numSubkeys(), 3u);
--
2.11.0
From f2b48de26b8f8c48c293423eda712831544924f6 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Wed, 17 Aug 2022 15:22:29 +0200
Subject: [PATCH] qt,tests: Make sure expiration time is interpreted as
unsigned number
* lang/qt/tests/t-addexistingsubkey.cpp,
lang/qt/tests/t-changeexpiryjob.cpp: Convert expiration time to
uint_least32_t.
--
This doesn't change the outcome of the tests (they also pass without
this change because of the expiration dates of the test keys), but it's
still good practise to treat the expiration time as an unsigned number
if the assertions check that the expiration time is in some range.
GnuPG-bug-id: 6137
---
lang/qt/tests/t-addexistingsubkey.cpp | 6 +++---
lang/qt/tests/t-changeexpiryjob.cpp | 26 +++++++++++++-------------
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/lang/qt/tests/t-addexistingsubkey.cpp b/lang/qt/tests/t-addexistingsubkey.cpp
index 2e654cec..87eadf43 100644
--- a/lang/qt/tests/t-addexistingsubkey.cpp
+++ b/lang/qt/tests/t-addexistingsubkey.cpp
@@ -222,9 +222,9 @@ private Q_SLOTS:
// several times
const auto allowedDeltaTSeconds = 1;
const auto expectedExpirationRange = std::make_pair(
- sourceSubkey.expirationTime() - allowedDeltaTSeconds,
- sourceSubkey.expirationTime() + allowedDeltaTSeconds);
- const auto actualExpiration = key.subkey(2).expirationTime();
+ uint_least32_t(sourceSubkey.expirationTime()) - allowedDeltaTSeconds,
+ uint_least32_t(sourceSubkey.expirationTime()) + allowedDeltaTSeconds);
+ const auto actualExpiration = uint_least32_t(key.subkey(2).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
diff --git a/lang/qt/tests/t-changeexpiryjob.cpp b/lang/qt/tests/t-changeexpiryjob.cpp
index 090002f3..3da74d46 100644
--- a/lang/qt/tests/t-changeexpiryjob.cpp
+++ b/lang/qt/tests/t-changeexpiryjob.cpp
@@ -70,7 +70,7 @@ private Q_SLOTS:
QVERIFY(!key.isNull());
QVERIFY(!key.subkey(0).isNull());
QVERIFY(!key.subkey(1).isNull());
- const auto subkeyExpiration = key.subkey(1).expirationTime();
+ const auto subkeyExpiration = uint_least32_t(key.subkey(1).expirationTime());
{
// Create the job
@@ -101,7 +101,7 @@ private Q_SLOTS:
newExpirationDate.toSecsSinceEpoch() - 10,
QDateTime::currentDateTime().addDays(1).toSecsSinceEpoch());
{
- const auto actualExpiration = key.subkey(0).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(0).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
@@ -110,7 +110,7 @@ private Q_SLOTS:
"; expected: " + std::to_string(expectedExpirationRange.second)).c_str());
}
{
- const auto actualExpiration = key.subkey(1).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(1).expirationTime());
QCOMPARE(actualExpiration, subkeyExpiration); // unchanged
}
}
@@ -133,7 +133,7 @@ private Q_SLOTS:
QVERIFY(!key.isNull());
QVERIFY(!key.subkey(0).isNull());
QVERIFY(!key.subkey(1).isNull());
- const auto primaryKeyExpiration = key.subkey(0).expirationTime();
+ const auto primaryKeyExpiration = uint_least32_t(key.subkey(0).expirationTime());
{
// Create the job
@@ -164,11 +164,11 @@ private Q_SLOTS:
newExpirationDate.toSecsSinceEpoch() - 10,
QDateTime::currentDateTime().addDays(2).toSecsSinceEpoch());
{
- const auto actualExpiration = key.subkey(0).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(0).expirationTime());
QCOMPARE(actualExpiration, primaryKeyExpiration); // unchanged
}
{
- const auto actualExpiration = key.subkey(1).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(1).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
@@ -196,7 +196,7 @@ private Q_SLOTS:
QVERIFY(!key.isNull());
QVERIFY(!key.subkey(0).isNull());
QVERIFY(!key.subkey(1).isNull());
- const auto subkeyExpiration = key.subkey(1).expirationTime();
+ const auto subkeyExpiration = uint_least32_t(key.subkey(1).expirationTime());
{
// Create the job
@@ -228,7 +228,7 @@ private Q_SLOTS:
newExpirationDate.toSecsSinceEpoch() - 10,
QDateTime::currentDateTime().addDays(3).toSecsSinceEpoch());
{
- const auto actualExpiration = key.subkey(0).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(0).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
@@ -237,7 +237,7 @@ private Q_SLOTS:
"; expected: " + std::to_string(expectedExpirationRange.second)).c_str());
}
{
- const auto actualExpiration = key.subkey(1).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(1).expirationTime());
QCOMPARE(actualExpiration, subkeyExpiration); // unchanged
}
}
@@ -291,7 +291,7 @@ private Q_SLOTS:
newExpirationDate.toSecsSinceEpoch() - 10,
QDateTime::currentDateTime().addDays(4).toSecsSinceEpoch());
{
- const auto actualExpiration = key.subkey(0).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(0).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
@@ -300,7 +300,7 @@ private Q_SLOTS:
"; expected: " + std::to_string(expectedExpirationRange.second)).c_str());
}
{
- const auto actualExpiration = key.subkey(1).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(1).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
@@ -359,7 +359,7 @@ private Q_SLOTS:
newExpirationDate.toSecsSinceEpoch() - 10,
QDateTime::currentDateTime().addDays(5).toSecsSinceEpoch());
{
- const auto actualExpiration = key.subkey(0).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(0).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
@@ -368,7 +368,7 @@ private Q_SLOTS:
"; expected: " + std::to_string(expectedExpirationRange.second)).c_str());
}
{
- const auto actualExpiration = key.subkey(1).expirationTime();
+ const auto actualExpiration = uint_least32_t(key.subkey(1).expirationTime());
QVERIFY2(actualExpiration >= expectedExpirationRange.first,
("actual: " + std::to_string(actualExpiration) +
"; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
--
2.11.0
From 2fa5c80aeba4528b3bdf41ec5740e7db5d4b6d2b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Thu, 18 Aug 2022 10:43:19 +0200
Subject: [PATCH] cpp: Fix handling of "no key" or "invalid time" situations
* lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp
(GpgAddExistingSubkeyEditInteractor::Private::nextState): Fix inverted
logic of string comparisons.
--
This fixes the problem that the interactor didn't return the proper
error code if gpg didn't accept the key grip or the expiration date.
GnuPG-bug-id: 6137
---
lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp b/lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp
index 547e613d..8eec7460 100644
--- a/lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp
+++ b/lang/cpp/src/gpgaddexistingsubkeyeditinteractor.cpp
@@ -136,7 +136,7 @@ unsigned int GpgAddExistingSubkeyEditInteractor::Private::nextState(unsigned int
strcmp(args, "keygen.flags") == 0) {
return FLAGS;
} else if (status == GPGME_STATUS_GET_LINE &&
- strcmp(args, "keygen.keygrip")) {
+ strcmp(args, "keygen.keygrip") == 0) {
err = NO_KEY_ERROR;
return ERROR;
}
@@ -157,7 +157,7 @@ unsigned int GpgAddExistingSubkeyEditInteractor::Private::nextState(unsigned int
strcmp(args, "keyedit.prompt") == 0) {
return QUIT;
} else if (status == GPGME_STATUS_GET_LINE &&
- strcmp(args, "keygen.valid")) {
+ strcmp(args, "keygen.valid") == 0) {
err = INV_TIME_ERROR;
return ERROR;
}
--
2.11.0
From 2e7a61b898fccc1c20000b79dee83cd980901fa9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Thu, 18 Aug 2022 10:55:09 +0200
Subject: [PATCH] qt,tests: Make test pass on 32-bit systems
* lang/qt/tests/t-addexistingsubkey.cpp
(AddExistingSubkeyJobTest::testAddExistingSubkeyWithExpiration): Handle
negative expiration date.
--
On 32-bit systems the expiration date of the test key overflows. This
will cause the AddExistingSubkeyJob to fail. We expect it to fail with
an "invalid time" error.
GnuPG-bug-id: 6137
---
lang/qt/tests/t-addexistingsubkey.cpp | 42 ++++++++++++++++++++---------------
1 file changed, 24 insertions(+), 18 deletions(-)
diff --git a/lang/qt/tests/t-addexistingsubkey.cpp b/lang/qt/tests/t-addexistingsubkey.cpp
index 87eadf43..c0eee57b 100644
--- a/lang/qt/tests/t-addexistingsubkey.cpp
+++ b/lang/qt/tests/t-addexistingsubkey.cpp
@@ -213,24 +213,30 @@ private Q_SLOTS:
const auto result = job->exec(key, sourceSubkey);
- QCOMPARE(result.code(), static_cast<int>(GPG_ERR_NO_ERROR));
- key.update();
- QCOMPARE(key.numSubkeys(), 3u);
-
- // allow 1 second different expiration because gpg calculates with
- // expiration as difference to current time and takes current time
- // several times
- const auto allowedDeltaTSeconds = 1;
- const auto expectedExpirationRange = std::make_pair(
- uint_least32_t(sourceSubkey.expirationTime()) - allowedDeltaTSeconds,
- uint_least32_t(sourceSubkey.expirationTime()) + allowedDeltaTSeconds);
- const auto actualExpiration = uint_least32_t(key.subkey(2).expirationTime());
- QVERIFY2(actualExpiration >= expectedExpirationRange.first,
- ("actual: " + std::to_string(actualExpiration) +
- "; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
- QVERIFY2(actualExpiration <= expectedExpirationRange.second,
- ("actual: " + std::to_string(actualExpiration) +
- "; expected: " + std::to_string(expectedExpirationRange.second)).c_str());
+ if (sourceSubkey.expirationTime() > 0) {
+ QCOMPARE(result.code(), static_cast<int>(GPG_ERR_NO_ERROR));
+ key.update();
+ QCOMPARE(key.numSubkeys(), 3u);
+
+ // allow 1 second different expiration because gpg calculates with
+ // expiration as difference to current time and takes current time
+ // several times
+ const auto allowedDeltaTSeconds = 1;
+ const auto expectedExpirationRange = std::make_pair(
+ uint_least32_t(sourceSubkey.expirationTime()) - allowedDeltaTSeconds,
+ uint_least32_t(sourceSubkey.expirationTime()) + allowedDeltaTSeconds);
+ const auto actualExpiration = uint_least32_t(key.subkey(2).expirationTime());
+ QVERIFY2(actualExpiration >= expectedExpirationRange.first,
+ ("actual: " + std::to_string(actualExpiration) +
+ "; expected: " + std::to_string(expectedExpirationRange.first)).c_str());
+ QVERIFY2(actualExpiration <= expectedExpirationRange.second,
+ ("actual: " + std::to_string(actualExpiration) +
+ "; expected: " + std::to_string(expectedExpirationRange.second)).c_str());
+ } else {
+ // on 32-bit systems the expiration date of the test key overflows;
+ // in this case we expect an appropriate error code
+ QCOMPARE(result.code(), static_cast<int>(GPG_ERR_INV_TIME));
+ }
}
private:
--
2.11.0

3
gpgme-1.18.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:361d4eae47ce925dba0ea569af40e7b52c645c4ae2e65e5621bf1b6cdd8b0e9e
size 1762323

BIN
gpgme-1.18.0.tar.bz2.sig Normal file
View File

Binary file not shown.

32
gpgme-use-glibc-closefrom.patch
View File

@ -1,32 +0,0 @@
From 4b64774b6d13ffa4f59dddf947a97d61bcfa2f2e Mon Sep 17 00:00:00 2001
From: Jiri Kucera <sanczes@gmail.com>
Date: Sun, 25 Jul 2021 11:35:54 +0200
Subject: [PATCH] core: Support closefrom also for glibc.
* src/posix-io.c (_gpgme_io_spawn): Use glibc's closefrom.
--
Since 2.34, glibc introduces closefrom (the implementation
follows *BSD standard).
Signed-off-by: Werner Koch <wk@gnupg.org>
---
src/posix-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/posix-io.c b/src/posix-io.c
index e712ef28..2a3a81fc 100644
--- a/src/posix-io.c
+++ b/src/posix-io.c
@@ -570,7 +570,7 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags,
if (fd_list[i].fd > fd)
fd = fd_list[i].fd;
fd++;
-#if defined(__sun) || defined(__FreeBSD__)
+#if defined(__sun) || defined(__FreeBSD__) || defined(__GLIBC__)
closefrom (fd);
max_fds = fd;
#else /*!__sun */
--
2.11.0

44
gpgme.changes
View File

@ -1,3 +1,47 @@
-------------------------------------------------------------------
Thu Aug 18 20:30:13 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- gpgme 1.18.0
* New keylist mode to force refresh via external methods
* The keylist operations now create an import result to report the
result of the locate keylist modes
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure
* cpp, qt: Do not export internal symbols anymore
* cpp, qt: Support revocation of own OpenPGP keys
* qt: The file name of (signed and) encrypted data can now be set
* cpp, qt: Support setting the primary user ID
* python: Fix segv(NULL) when inspecting contect after exeception
- includes changes from version 1.17.1:
* qt: Fix a bug in the ABI compatibility of 1.17.0
- includes changes from 1.17.0:
* New context flag "key-origin"
* New context flag "import-filter"
* New export mode to export secret subkeys
* Detect errors during the export of secret keys
* New function gpgme_op_receive_keys to import keys from a keyserver
without first running a key listing
* Detect bad passphrase error in certificate import
* Allow setting --key-origin when importing keys
* Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr",
"pinentry", and "socketdir" in gpgme_get_dirinfo
* Under Unix use poll(2) instead of select(2), when available.
* Fix results returned by gpgme_data_* functions
* Support closefrom also for glibc
(drop upstream gpgme-use-glibc-closefrom.patch
* cpp,qt: Add support for export of secret keys and secret subkeys.
* cpp,qt: Support for adding existing subkeys to other keys
* qt: Extend ChangeExpiryJob to change expiration of primary key
and of subkeys at the same time
* qt: Support WKD lookup without implicit import
* qt: Allow specifying an import filter when importing keys
* qt: Allow retrieving the default value of a config entry
- drop patches included upstream
* gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch
* gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch
- add patches to fix tests:
* gpgme-1.18.0-T6137-qt_test.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Dec 24 13:05:32 UTC 2021 - Ben Greiner <code@bnavigator.de> Fri Dec 24 13:05:32 UTC 2021 - Ben Greiner <code@bnavigator.de>

28
gpgme.spec
View File

@ -1,7 +1,7 @@
# #
# spec file # spec file
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -30,7 +30,7 @@
%endif %endif
%{!?python_module:%define python_module() python-%{**} python3-{**}} %{!?python_module:%define python_module() python-%{**} python3-{**}}
Name: gpgme%{psuffix} Name: gpgme%{psuffix}
Version: 1.16.0 Version: 1.18.0
Release: 0 Release: 0
Summary: Programmatic library interface to GnuPG Summary: Programmatic library interface to GnuPG
License: GPL-3.0-or-later AND LGPL-2.1-or-later License: GPL-3.0-or-later AND LGPL-2.1-or-later
@ -43,14 +43,12 @@ Source2: baselibs.conf
Source3: gpgme.keyring Source3: gpgme.keyring
# used to have a fixed timestamp # used to have a fixed timestamp
Source99: gpgme.changes Source99: gpgme.changes
Patch0: gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch
Patch1: gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch
# PATCH-FIX-UPSTREAM bsc#1189089 Use glibc's closefrom
Patch2: gpgme-use-glibc-closefrom.patch
# PATCH-FIX-UPSTREAM support python 3.10 -- https://dev.gnupg.org/D545 # PATCH-FIX-UPSTREAM support python 3.10 -- https://dev.gnupg.org/D545
Patch3: gpgme-D545-python310.patch Patch3: gpgme-D545-python310.patch
# PATCH-FIX-UPSTREAM support python 3.10 -- https://dev.gnupg.org/D546 # PATCH-FIX-UPSTREAM support python 3.10 -- https://dev.gnupg.org/D546
Patch4: gpgme-D546-python310.patch Patch4: gpgme-D546-python310.patch
# PATCH-FIX-UPSTREAM fix qt tests -- https://dev.gnupg.org/T6137
Patch5: gpgme-1.18.0-T6137-qt_test.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -185,12 +183,12 @@ management.
This package contains the bindings to use the library from Python 3 applications. This package contains the bindings to use the library from Python 3 applications.
%endif %endif
%package -n libqgpgme7 %package -n libqgpgme15
Summary: Programmatic Qt library interface to GnuPG Summary: Programmatic Qt library interface to GnuPG
Group: System/Libraries Group: System/Libraries
Requires: gpg2 Requires: gpg2
%description -n libqgpgme7 %description -n libqgpgme15
GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
easier for applications. It provides a high-level crypto API for easier for applications. It provides a high-level crypto API for
encryption, decryption, signing, signature verification, and key encryption, decryption, signing, signature verification, and key
@ -203,7 +201,7 @@ Summary: Development files for libqgpgme, a Qt library for accessing GnuP
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libgpgme-devel = %{version} Requires: libgpgme-devel = %{version}
Requires: libgpgmepp-devel = %{version} Requires: libgpgmepp-devel = %{version}
Requires: libqgpgme7 = %{version} Requires: libqgpgme15 = %{version}
%description -n libqgpgme-devel %description -n libqgpgme-devel
GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
@ -215,14 +213,12 @@ This package contains the bindings to use the library in Qt C++ applications.
%prep %prep
%setup -q -n gpgme-%{version} %setup -q -n gpgme-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
./autogen.sh %patch5 -p1
%build %build
./autogen.sh
build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})
languages="cl cpp" languages="cl cpp"
@ -263,8 +259,8 @@ rm -r %{buildroot}%{_libdir}/pkgconfig/gpgme*
%endif %endif
%if %{with qt} %if %{with qt}
%post -n libqgpgme7 -p /sbin/ldconfig %post -n libqgpgme15 -p /sbin/ldconfig
%postun -n libqgpgme7 -p /sbin/ldconfig %postun -n libqgpgme15 -p /sbin/ldconfig
%endif %endif
%if !%{with qt} %if !%{with qt}
@ -323,7 +319,7 @@ rm -r %{buildroot}%{_libdir}/pkgconfig/gpgme*
%endif %endif
%if %{with qt} %if %{with qt}
%files -n libqgpgme7 %files -n libqgpgme15
%license COPYING COPYING.LESSER LICENSES %license COPYING COPYING.LESSER LICENSES
%{_libdir}/libqgpgme.so.* %{_libdir}/libqgpgme.so.*