Accepting request 1092907 from security:privacy

rnp 0.17.0 OBS-URL: https://build.opensuse.org/request/show/1092907 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rnp?expand=0&rev=9
2023-06-14 14:29:25 +00:00 · 2023-06-14 14:29:25 +00:00 · 60f3fdf885
commit 60f3fdf885
parent e543923808 cb830a5e29
8 changed files with 228 additions and 22 deletions
--- a/rnp-0.16.3.tar.gz
+++ b/rnp-0.16.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5c4951e46cc29524a9eae90378414f88e6e0b54b59a1f44c75101b9022835e96
-size 2897854
--- a/rnp-0.16.3.tar.gz.asc
+++ b/rnp-0.16.3.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCZDdsqAAKCRD7gpq10P4B
-f0CMAPwPoJMAjVr9Hug1gJfjnNFBr/5VL9l4Em3VwIm88nx1lgEAqp6MDakAKNHj
-X70y2444WfpqgdxT8ICdzfql7Eqx/go=
-=oHWE
-----END PGP SIGNATURE-----
--- a/rnp-v0.17.0-disable-static.patch
+++ b/rnp-v0.17.0-disable-static.patch
@ -0,0 +1,154 @@
+From 8f7b2f27af277b0577ada7ecc54bb2db190eac85 Mon Sep 17 00:00:00 2001
+From: "Maxim [maxirmx] Samsonov" <m.samsonov@computer.org>
+Date: Wed, 3 May 2023 20:26:49 +0300
+Subject: [PATCH] Not installing static libraries when BUILD_SHARED_LIBS=ON
+
+---
+ ci/tests/deb-tests.sh  |  2 --
+ ci/tests/pk-tests.sh   | 27 ---------------------------
+ ci/tests/pkg-tests.sh  |  2 --
+ ci/tests/rpm-tests.sh  |  2 --
+ src/lib/CMakeLists.txt | 33 +++++++++++++--------------------
+ 5 files changed, 13 insertions(+), 53 deletions(-)
+
+diff --git a/ci/tests/deb-tests.sh b/ci/tests/deb-tests.sh
+index 78057026..35630223 100755
+--- a/ci/tests/deb-tests.sh
+++ b/ci/tests/deb-tests.sh
+@@ -43,8 +43,6 @@ declare expected_libraries=(
+ 
+ declare expected_devlibraries=(
+     "$DIR_LIB/librnp.so"
+-    "$DIR_LIB/librnp.a"
+-    "$DIR_LIB/libsexp.a"
+     "$DIR_LIB/pkgconfig/librnp.pc"
+ )
+ 
+diff --git a/ci/tests/pk-tests.sh b/ci/tests/pk-tests.sh
+index 2b22df99..34f9b17c 100755
+--- a/ci/tests/pk-tests.sh
+++ b/ci/tests/pk-tests.sh
+@@ -101,33 +101,6 @@ test_shared_library() {
+     sudo yum -y erase $(rpm -qa  | grep rnp)
+ }
+ 
+-test_static_library() {
+-    sudo yum -y localinstall librnp0-0*.*.rpm librnp0-devel-0*.*.rpm
+-    pushd "$(mktemp -d)"
+-    create_source_file
+-    create_cmake_file 'rnp::librnp-static'
+-
+-# shellcheck disable=SC2251
+-!   cmake . -DCMAKE_MODULE_PATH="$DIR_CMAKE"/*
+-    assertEquals "cmake failed at static library test" 0 "${PIPESTATUS[0]}"
+-
+-# shellcheck disable=SC2251
+-!   make
+-    assertEquals "make failed at static library test" 0 "${PIPESTATUS[0]}"
+-
+-# shellcheck disable=SC2251
+-!   ./find_package_test
+-    assertEquals "test program failed at static library test" 0 "${PIPESTATUS[0]}"
+-
+-# shellcheck disable=SC2251
+-!   ldd find_package_test | grep librnp
+-    assertNotEquals "unexpected reference to shared rnp library at static library test" 0 "${PIPESTATUS[1]}"
+-
+-    popd
+-# shellcheck disable=SC2046
+-    sudo yum -y erase $(rpm -qa  | grep rnp)
+-}
+-
+ test_no_library() {
+     pushd "$(mktemp -d)"
+     create_source_file
+diff --git a/ci/tests/pkg-tests.sh b/ci/tests/pkg-tests.sh
+index dbeaac6d..dcc4d014 100755
+--- a/ci/tests/pkg-tests.sh
+++ b/ci/tests/pkg-tests.sh
+@@ -43,8 +43,6 @@ declare expected_libraries=(
+ 
+ declare expected_devlibraries=(
+     "$DIR_LIB/librnp.so"
+-    "$DIR_LIB/librnp.a"
+-    "$DIR_LIB/libsexp.a"
+     "$DIR_LIB/pkgconfig/librnp.pc"
+ )
+ 
+diff --git a/ci/tests/rpm-tests.sh b/ci/tests/rpm-tests.sh
+index 39f8dd03..75b676e9 100755
+--- a/ci/tests/rpm-tests.sh
+++ b/ci/tests/rpm-tests.sh
+@@ -50,8 +50,6 @@ declare expected_libraries=(
+ 
+ declare expected_devlibraries=(
+     "$DIR_LIB/librnp.so"
+-    "$DIR_LIB/librnp.a"
+-    "$DIR_LIB/libsexp.a"
+     "$DIR_LIB/pkgconfig/librnp.pc"
+ )
+ 
+diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
+index 086ac57d..f6987967 100755
+--- a/src/lib/CMakeLists.txt
+++ b/src/lib/CMakeLists.txt
+@@ -414,11 +414,11 @@ else()
+ endif()
+ 
+ # add these to the rnp-targets export
+-# On Unix like systems we will build/install/pack shared and static libraries librnp.so and librnp.a
+-# On Windows we will build/install/pack dynamic, import and  static libraries rnp.dll, rnp.lib and rnp-static.lib
+# On Unix like systems we will build/install/pack either shared library librnp.so or static  librnp.a
+# On Windows we will build/install/pack either dynamic and import libraries rnp.dll, rnp.lib or static library rnp-static.lib
+ 
+-# If a client application uses shared rnp library, sexp is statically linked to librnp.so
+-# If a client application uses static rnp library, it still needs libsexp.a
+# If a client application uses shared rnp library, sexp is statically linked to librnp.so and libsexp.a is not installed
+# If a client application uses static rnp library, it still needs libsexp.a and it is installed
+ 
+ if (BUILD_SHARED_LIBS)
+ # both static and shared libraries
+@@ -433,15 +433,17 @@ install(TARGETS librnp
+       COMPONENT development
+   )
+ 
+-  install(TARGETS librnp-static sexp
+-    EXPORT rnp-targets
+-    ARCHIVE
+-      DESTINATION  "${CMAKE_INSTALL_LIBDIR}"
+-      COMPONENT development
+-  )
+# install dll only for windows
+  if (WIN32)
+    install(TARGETS librnp
+      RUNTIME
+        DESTINATION "${CMAKE_INSTALL_BINDIR}"
+        COMPONENT runtime
+    )
+  endif(WIN32)
+ else(BUILD_SHARED_LIBS)
+ # static libraries only
+-install(TARGETS librnp sexp
+  install(TARGETS librnp sexp
+     EXPORT rnp-targets
+     ARCHIVE
+       DESTINATION  "${CMAKE_INSTALL_LIBDIR}"
+@@ -449,15 +451,6 @@ install(TARGETS librnp sexp
+ )
+ endif(BUILD_SHARED_LIBS)
+ 
+-# install dll only for windows
+-if (WIN32)
+-  install(TARGETS librnp
+-    RUNTIME
+-      DESTINATION "${CMAKE_INSTALL_BINDIR}"
+-      COMPONENT runtime
+-  )
+-endif(WIN32)
+-
+ # install headers
+ install(
+   FILES
+-- 
+2.41.0
+
--- a/rnp-v0.17.0-gcc13.patch
+++ b/rnp-v0.17.0-gcc13.patch
@ -0,0 +1,21 @@
+From e665f81ef9568ac5dd4411d6814c75c06262b91c Mon Sep 17 00:00:00 2001
+From: Joonas Niilola <juippis@gentoo.org>
+Date: Wed, 3 May 2023 10:31:07 +0300
+Subject: [PATCH] include/sexp/sexp-error.h: fix missing cstdint include
+
+---
+ include/sexp/sexp-error.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+Index: rnp-v0.17.0/src/libsexp/include/sexp/sexp-error.h
+===================================================================
+--- rnp-v0.17.0.orig/src/libsexp/include/sexp/sexp-error.h
+++ rnp-v0.17.0/src/libsexp/include/sexp/sexp-error.h
+@@ -29,6 +29,7 @@
+ 
+ #pragma once
+ 
+#include <cstdint>
+ #include <exception>
+ #include <iostream>
+ #include <string>
--- a/rnp-v0.17.0.tar.gz
+++ b/rnp-v0.17.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:04d29fe9a20c56bb7ff4d77bc761b91f1f96462efd3b29d4d1d40262ce4eb782
+size 3083098
--- a/rnp-v0.17.0.tar.gz.asc
+++ b/rnp-v0.17.0.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCZFI5oQAKCRD7gpq10P4B
+f54nAP9diWXjNJWAAP/RT3pvz5vWD/bIsjfBtqKHkIp2zJin0gEAleb9Pd4Fxq5O
+EtYr/e2qwH8B7rzma6vm4tjVOmSKywk=
+=vwtT
+-----END PGP SIGNATURE-----
--- a/rnp.changes
+++ b/rnp.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Jun 12 20:32:19 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- rnp 0.17.0:
+  * Add support for hidden recipient during decryption
+  * Improve support for offline secret keys during default key
+     selection
+  * Support for GnuPG 2
+  * SExp parsing code is moved to separate library
+  * Mark subkeys as expired instead of invalid if primary key is
+    expired
+  * AEAD: use OCB by default instead of EAX
+  * Do not attempt to validate signatures of unexpected types
+  * Use thread-safe time and date handling functions
+  * Added ENABLE_BLOWFISH, ENABLE_CAST5 and ENABLE_RIPEMD160 build
+    time options
+  * Corrected usage of CEK/KEK algorithms if those differs
+  * Add default armor message type for --enarmor command
+  * Add command --set-filename to specify which file name should be stored in message
+  * Add --add-subkey subcommand to the --edit-key
+  * Add set-expire subcommand to the --edit-key
+  * Add --s2k-iterations and --s2k-msec options to the rnp
+  * dd --allow-weak-hash command to allow usage of weak hash algorithms
+  * Report number of new/updated keys during the key import
+- add rnp-v0.17.0-disable-static.patch
+- add rnp-v0.17.0-gcc13.patch
+- uses bundled libsexp
+
 -------------------------------------------------------------------
 Mon Jun 12 17:16:52 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/rnp.spec
+++ b/rnp.spec
@ -19,18 +19,18 @@

 %define soname 0
 Name:           rnp
-Version:        0.16.3
+Version:        0.17.0
 Release:        0
 Summary:        OpenPGP implementation fully compliant with RFC 4880
 License:        Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause
 URL:            https://www.rnpgp.com/
-Source:         https://github.com/rnpgp/rnp/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source2:        https://github.com/rnpgp/rnp/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
+Source:         https://github.com/rnpgp/rnp/releases/download/v%{version}/%{name}-v%{version}.tar.gz
+Source2:        https://github.com/rnpgp/rnp/releases/download/v%{version}/%{name}-v%{version}.tar.gz.asc
 Source3:        https://www.rnpgp.org/openpgp_keys/31AF5A24D861EFCB7CB79A1924900CE0AEFB5417-50DA59D5B9134FA2DB1EB20CFB829AB5D0FE017F.asc#/%{name}.keyring
-BuildRequires:  cmake >= 3.14
+Patch0:         rnp-v0.17.0-disable-static.patch
+Patch1:         rnp-v0.17.0-gcc13.patch
+BuildRequires:  cmake >= 3.18
 BuildRequires:  gcc-c++
-# https://github.com/rnpgp/rnp/issues/1579
-BuildRequires:  git
 BuildRequires:  gpg2 >= 2.2
 BuildRequires:  gtest
 BuildRequires:  pkgconfig
@ -44,7 +44,9 @@ BuildRequires:  rubygem(asciidoctor)
 RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG.

 %package -n librnp%{soname}
+%global libsexp_version 0.8.2
 Summary:        OpenPGP implementation as a C++ library fully compliant with RFC 4880
+Provides:       bundled(libsexp) = %{libsexp_version}

 %description -n librnp%{soname}
 RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG.
@ -60,15 +62,17 @@ RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG.
 This package contains the files needed to build against librnp.

 %prep
-%setup -q
+%autosetup -p1 -n %{name}-v%{version}
+pushd src/libsexp
+cp LICENSE.md ../../LICENSE-libsexp.md
+grep -q %{libsexp_version} version.txt
+popd

 %build
 %cmake \
-	-DBUILD_SHARED_LIBS=on \
 	-DDOWNLOAD_GTEST=off \
-	-DDOWNLOAD_RUBYRNP=off \
 	-DBUILD_TESTING=on \
-
+	%{nil}
 %cmake_build

 %install
@ -77,8 +81,7 @@ This package contains the files needed to build against librnp.
 %check
 %ctest

-%post -n librnp%{soname} -p /sbin/ldconfig
-%postun -n librnp%{soname} -p /sbin/ldconfig
+%ldconfig_scriptlets -n librnp%{soname}

 %files
 %license LICENSE*