Accepting request 598532 from security:privacy

fix 1.11.0 submission

OBS-URL: https://build.opensuse.org/request/show/598532
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpgme?expand=0&rev=97

gpgme-1.11-fix-gpgme-json-rpath.patch

@@ -0,0 +1,28 @@
+From 7a226380b955f8390ee88ca9f4f1a3194af3d5cd Mon Sep 17 00:00:00 2001
+From: Andreas Stieger <astieger@suse.com>
+Date: Thu, 19 Apr 2018 11:55:31 +0200
+Subject: [PATCH] Fix gpgme-json rpath
+
+---
+ src/Makefile.am | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index c2d4a843..a1b2d7b7 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -103,10 +103,7 @@ gpgme_tool_SOURCES = gpgme-tool.c argparse.c argparse.h
+ gpgme_tool_LDADD = libgpgme.la @LIBASSUAN_LIBS@
+ 
+ gpgme_json_SOURCES = gpgme-json.c cJSON.c cJSON.h
+-gpgme_json_LDADD = -lm libgpgme.la $(GPG_ERROR_LIBS)
+-# We use -no-install temporary during development.
+-gpgme_json_LDFLAGS = -no-install
+-
++gpgme_json_LDADD = -lm libgpgme.la @GPG_ERROR_LIBS@
+ 
+ if HAVE_W32_SYSTEM
+ # Windows provides us with an endless stream of Tough Love.  To spawn
+-- 
+2.16.3
+

gpgme-1.11-fix-tests.patch

@@ -0,0 +1,46 @@
+From 3d8e5c07511938a0b30b4626530822338abd9ec0 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 19 Apr 2018 10:29:30 +0200
+Subject: [PATCH] tests: Fix t-verify test for GnuPG < 2.2.7.
+
+* tests/gpg/t-verify.c (check_result): Tweak for gnupg < 2.2.7.
+--
+
+The not yet releases 2.2.7-beta may print a full fingerprint in the
+ERRSIG status.  This is compliant with the dscription but the new
+t-verify test case did not took in account that older GnuPG versions
+print only a keyid.
+
+Fixes-commit: b99502274ae5efdf6df0d967900ec3d1e64373d7
+GnUPG-bug-id: 3920
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+ tests/gpg/t-verify.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/tests/gpg/t-verify.c b/tests/gpg/t-verify.c
+index 7c23406f..fa0164ac 100644
+--- a/tests/gpg/t-verify.c
++++ b/tests/gpg/t-verify.c
+@@ -126,9 +126,15 @@ check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs,
+     }
+   if (strcmp (sig->fpr, fpr))
+     {
+-      fprintf (stderr, "%s:%i:sig-%d: Unexpected fingerprint: %s\n",
+-	       PGM, __LINE__, skip_sigs, sig->fpr);
+-      exit (1);
++      if (strlen (sig->fpr) == 16 && strlen (fpr) == 40
++          && !strncmp (sig->fpr, fpr + 24, 16))
++        ; /* okay because gnupg < 2.2.6 only shows the keyid.  */
++      else
++        {
++          fprintf (stderr, "%s:%i:sig-%d: Unexpected fingerprint: %s\n",
++                   PGM, __LINE__, skip_sigs, sig->fpr);
++          exit (1);
++        }
+     }
+   if (gpgme_err_code (sig->status) != status)
+     {
+-- 
+2.16.3
+

gpgme.changes

@@ -1,5 +1,5 @@
 -------------------------------------------------------------------
-Thu Apr 19 06:50:39 UTC 2018 - kbabioch@suse.com
+Thu Apr 19 11:47:13 UTC 2018 - kbabioch@suse.com
 
 - Update to 1.11
  * New encryption API to support direct key specification including
@@ -7,19 +7,21 @@ Thu Apr 19 06:50:39 UTC 2018 - kbabioch@suse.com
    allows to enforce the use of a subkey.
  * New encryption flag for the new API to enforce the use of plain
    mail addresses (addr-spec).
- * The import API can now tell whether v3 keys are skipped.  These old
-   and basically broken keys are not anymore supported by GnuPG 2.1.
+ * The import API can now tell whether v3 keys are skipped. These
+   old and basically broken keys are not anymore supported by GnuPG
+   2.1.
  * The decrypt and verify API will now return the MIME flag as
    specified by RFC-4880bis.
- * The offline mode now has an effect on gpg by disabling all network
-   access.
+ * The offline mode now has an effect on gpg by disabling all
+   network access.
  * A failed OpenPGP verification how returns the fingerprint of the
-   intended key if a recent gpg version was used for signature creation.
- * Interface changes
+   intended key if a recent gpg version was used for signature
+   creation.
  * Various minor fixes.
-
 - Dropped patch 0001-core-Tweak-STATUS_FAILURE-handling.patch, since
   it is included upstream now. 
+- add gpgme-1.11-fix-gpgme-json-rpath.patch to remove rpath
+- add gpgme-1.11-fix-tests.patch to fix tests
 
 -------------------------------------------------------------------
 Mon Apr 16 13:22:48 UTC 2018 - astieger@suse.com

gpgme.spec

@@ -33,10 +33,17 @@ Source2:        baselibs.conf
 Source3:        gpgme.keyring
 # used to have a fixed timestamp
 Source99:       %{name}.changes
+Patch0:         gpgme-1.11-fix-tests.patch
+Patch1:         gpgme-1.11-fix-gpgme-json-rpath.patch
+# for patch0 gpgme-1.11-fix-gpgme-json-rpath.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+#
 BuildRequires:  gcc-c++
 BuildRequires:  gpg2 >= 2.0.10
 BuildRequires:  libassuan-devel >= 2.4.2
-BuildRequires:  libgpg-error-devel >= 1.24
+BuildRequires:  libgpg-error-devel >= 1.28
+BuildRequires:  libtool
 BuildRequires:  pkgconfig
 BuildRequires:  swig
 Requires(post): %{install_info_prereq}
@@ -176,8 +183,11 @@ This package contains the bindings to use the library in Qt C++ applications.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
+# for patch0 gpgme-1.11-fix-gpgme-json-rpath.patch
+autoreconf -fiv
 build_timestamp=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})
 languages="cl cpp"
 
@@ -234,8 +244,10 @@ make %{?_smp_mflags} check
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gpgme.info%{ext_info}
 
 %files
-%doc AUTHORS COPYING COPYING.LESSER ChangeLog ChangeLog-2011 README NEWS THANKS TODO VERSION
+%license COPYING COPYING.LESSER
+%doc AUTHORS ChangeLog ChangeLog-2011 README NEWS THANKS TODO VERSION
 %{_bindir}/gpgme-tool
+%{_bindir}/gpgme-json
 %{_datadir}/common-lisp
 %{_datadir}/common-lisp/source
 %{_infodir}/gpgme*