Accepting request 821568 from home:AndreasStieger:branches:Base:System

gpgme 1.14.0 OBS-URL: https://build.opensuse.org/request/show/821568 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpgme?expand=0&rev=122
2020-07-20 08:51:43 +00:00 · 2020-07-20 08:51:43 +00:00 · ac611f9a27
commit ac611f9a27
parent ac04ef50a1
9 changed files with 32 additions and 143 deletions
--- a/0001-gpg-Avoid-error-diagnostics-with-override-session-ke.patch
+++ b/0001-gpg-Avoid-error-diagnostics-with-override-session-ke.patch
@ -1,49 +0,0 @@
-From ae4d7761a15b82eb98b0bcc72af2ae2e8973e1f9 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Wed, 29 May 2019 17:56:01 -0400
-Subject: [GPGME PATCH] gpg: Avoid error diagnostics with
- --override-session-key when verifying
-
-* src/engine-gpg.c (gpg_decrypt): only send --no-keyring when we are
-not verifying.
-
--
-
-Without this change, the signature verification would fail.  This
-problem was introduced in bded8ebc59c7fdad2617f4c9232a58047656834c in
-an attempt to avoid an error when *not* verifying.  Clearly more test
-suite coverage is needed to avoid introducing this sort of problem in
-the future.
-
-GnuPG-bug-id: 3464
-Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
- src/engine-gpg.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/src/engine-gpg.c b/src/engine-gpg.c
-index 5c335cb2..223404ed 100644
--- a/src/engine-gpg.c
-+++ b/src/engine-gpg.c
-@@ -1717,12 +1717,15 @@ gpg_decrypt (void *engine,
-                                          strlen (override_session_key), 1);
-           if (!err)
-             {
-              /* We add --no-keyring because a keyring is not required
-               * when we are overriding the session key.  It would
-+              /* When we are not trying to verify signatures as well,
-+               * we add --no-keyring because a keyring is not required
-+               * for decryption when overriding the session key.  It would
-                * work without that option but --no-keyring avoids that
-                * gpg return a failure due to a missing key log_error()
-                * diagnostic.  --no-keyring is supported since 2.1.14. */
-              err = add_arg (gpg, "--no-keyring");
-+
-+              if (!(flags & GPGME_DECRYPT_VERIFY))
-+                  err = add_arg (gpg, "--no-keyring");
-               if (!err)
-                 err = add_arg (gpg, "--override-session-key-fd");
-               if (!err)
-- 
-2.27.0
-
--- a/gpgme-1.13.1.tar.bz2
+++ b/gpgme-1.13.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c4e30b227682374c23cddc7fdb9324a99694d907e79242a25a4deeedb393be46
-size 1759616
--- a/gpgme-1.13.1.tar.bz2.sig
+++ b/gpgme-1.13.1.tar.bz2.sig
--- a/gpgme-1.14.0.tar.bz2
+++ b/gpgme-1.14.0.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cef1f710a6b0d28f5b44242713ad373702d1466dcbe512eb4e754d7f35cd4307
+size 1678910
--- a/gpgme-1.14.0.tar.bz2.sig
+++ b/gpgme-1.14.0.tar.bz2.sig
--- a/gpgme-t-json-test-Bravo-key-no-secret-key-material.patch
+++ b/gpgme-t-json-test-Bravo-key-no-secret-key-material.patch
@ -1,38 +0,0 @@
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Thu, 23 Jan 2020 16:43:13 -0500
-Subject: tests/json: Bravo key does not have secret key material
-
-* tests/json/t-keylist-secret.out.json: indicate correctly that the
-"Bravo" test key does not have secret key material.
-
--
-
-Some older versions of GnuPG are buggy, and will claim "secret: true"
-for this key, even though the keyring in question has no secret key
-material for it.
-
-The underlying call to gpg looks something like:
-
-    gpg --with-colons --with-secret --list-keys -- \
-        alpha@example.net bravo@example.net
-
-You can see the change in field 15 of the "pub" and "sub" output.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
- tests/json/t-keylist-secret.out.json | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/json/t-keylist-secret.out.json b/tests/json/t-keylist-secret.out.json
-index 5da20db..109eae3 100644
--- a/tests/json/t-keylist-secret.out.json
-+++ b/tests/json/t-keylist-secret.out.json
-@@ -91,7 +91,7 @@
-             "can_sign":     true,
-             "can_certify":  true,
-             "can_authenticate":     true,
-            "secret":       true,
-+            "secret":       false,
-             "is_qualified": false,
-             "protocol":     "OpenPGP",
-             "fingerprint":  "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2",
--- a/gpgme-t-json-test-with-keygrip-when-listing-keys.patch
+++ b/gpgme-t-json-test-with-keygrip-when-listing-keys.patch
@ -1,39 +0,0 @@
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Thu, 23 Jan 2020 17:04:43 -0500
-Subject: gpg: Send --with-keygrip when listing keys
-
-* src/engine-gpg.c (gpg_keylist_build_options): Always pass
--with-keygrip when listing keys.
-
--
-
-Some older versions of GnuPG (at least gpg in version
-2.2.12-1+deb10u1) appear to unilaterally emit the keygrip, and it's
-certainly useful to know that programmatically it will always be
-present in the output needed.
-
-However, as of GnuPG 2.2.19-1, the following command does not emit the
-keygrip for non-secret keys:
-
-   gpg --with-colons --with-secret --list-keys
-
-This change fixes tests/json/t-json by making the output comply with
-tests/json/t-keylist-secret.out.json correctly.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
- src/engine-gpg.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/engine-gpg.c b/src/engine-gpg.c
-index 4f4a06a..fc52a5d 100644
--- a/src/engine-gpg.c
-+++ b/src/engine-gpg.c
-@@ -2922,6 +2922,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only,
-   gpg_error_t err;
- 
-   err = add_arg (gpg, "--with-colons");
-+  err = add_arg (gpg, "--with-keygrip");
- 
-   /* Since gpg 2.1.15 fingerprints are always printed, thus there is
-    * no more need to explicitly request them.  */
--- a/gpgme.changes
+++ b/gpgme.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Fri Jul 17 20:26:35 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- gpgme 1.14.0:
+  * New keylist mode to force the engine to return the keygrip
+  * New export mode to export as OpenSSH public key
+  * New context flag "extended-edit" to enable expert key edit
+  * Deprecate the anyway non working trustlist functions
+  * cpp: Add convenience API to obtain remarks
+  * cpp: The sign key edit-interactor now supports multiple
+    signatures from the same key
+  * qt: Extended signkeyjob to handle remarks and multiple
+    signatures
+  * qt: Added job API for gpg-card
+  * qt: The logging category has been changed to gpg.qgpgme to be
+    more consistent with other qt logging categories
+- drop upstream patches:
+  * 0001-gpg-Avoid-error-diagnostics-with-override-session-ke.patch
+- drop patches no longer needed that now break tests:
+  * gpgme-t-json-test-Bravo-key-no-secret-key-material.patch
+  * gpgme-t-json-test-with-keygrip-when-listing-keys.patch
+
 -------------------------------------------------------------------
 Thu Jul  2 08:23:12 UTC 2020 - Dan Čermák <dcermak@suse.com>

--- a/gpgme.spec
+++ b/gpgme.spec
@ -18,35 +18,29 @@

 %global flavor @BUILD_FLAVOR@%{nil}
 %if "%{flavor}" == ""
+%define psuffix %{nil}
 %bcond_without python2
 %bcond_without python3
 %bcond_with qt
-%define psuffix %{nil}
 %else
+%define psuffix qt
 %bcond_with python2
 %bcond_with python3
 %bcond_without qt
-%define psuffix qt
 %endif
 Name:           gpgme%{psuffix}
-Version:        1.13.1
+Version:        1.14.0
 Release:        0
 Summary:        Programmatic library interface to GnuPG
 License:        LGPL-2.1-or-later AND GPL-3.0-or-later
 Group:          Productivity/Security
-URL:            http://www.gnupg.org/related_software/gpgme/
+URL:            https://www.gnupg.org/related_software/gpgme/
 Source:         ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-%{version}.tar.bz2
 Source1:        ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-%{version}.tar.bz2.sig
 Source2:        baselibs.conf
 Source3:        gpgme.keyring
 # used to have a fixed timestamp
 Source99:       gpgme.changes
-Patch1:         gpgme-t-json-test-Bravo-key-no-secret-key-material.patch
-Patch2:         gpgme-t-json-test-with-keygrip-when-listing-keys.patch
-# fix from https://dev.gnupg.org/rMae4d7761a15b82eb98b0bcc72af2ae2e8973e1f9
-# required to make notmuch's testsuite pass, see
-# id:87366av72u.fsf@fifthhorseman.net on notmuch@notmuchmail.org
-Patch3:         0001-gpg-Avoid-error-diagnostics-with-override-session-ke.patch
 BuildRequires:  gcc-c++
 BuildRequires:  gpg2 >= 2.0.10
 BuildRequires:  libassuan-devel >= 2.4.2
@ -188,7 +182,7 @@ management.
 This package contains the bindings to use the library in Qt C++ applications.

 %prep
-%autosetup -n gpgme-%{version} -p1
+%setup -q -n gpgme-%{version}

 %ifarch %{ix86}
 sed -i -e '/t-callbacks.py/d' lang/python/tests/Makefile.{am,in}
@ -212,7 +206,7 @@ languages="cpp qt"
 	--disable-fd-passing \
 	--enable-languages="${languages}" \
 	--enable-build-timestamp="${build_timestamp}"
-make %{?_smp_mflags}
+%make_build

 %install
 %make_install
@ -231,7 +225,7 @@ rm -r %{buildroot}%{_libdir}/pkgconfig/gpgme*

 %check
 %if ! 0%{?qemu_user_space_build}
-make %{?_smp_mflags} check
+%make_build check
 %endif

 %if %{with qt}
@ -244,7 +238,6 @@ make %{?_smp_mflags} check
 %postun -n libgpgme11 -p /sbin/ldconfig
 %post -n libgpgmepp6 -p /sbin/ldconfig
 %postun -n libgpgmepp6 -p /sbin/ldconfig
-
 %post
 %install_info --info-dir=%{_infodir} %{_infodir}/gpgme.info%{ext_info}