diff --git a/rnp-0.14.0.tar.gz b/rnp-0.14.0.tar.gz deleted file mode 100644 index 4c93ea9..0000000 --- a/rnp-0.14.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1d87d5826646ef003c95067fbe3e377bb8fd47a24c6a3227e6bce03ee9f49c28 -size 1343813 diff --git a/rnp-0.15.1.tar.gz b/rnp-0.15.1.tar.gz new file mode 100644 index 0000000..8747113 --- /dev/null +++ b/rnp-0.15.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ce14bec9d361f9606a2448096463b8a563692daf0c8a758424b1a0def9d3f787 +size 1452605 diff --git a/rnp.changes b/rnp.changes index 698922e..e3d9ba5 100644 --- a/rnp.changes +++ b/rnp.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon Jun 28 20:17:02 UTC 2021 - Andreas Stieger + +- rnp 0.15.1: + * Fix updating of expiration time for a key with multiple user + IDs + * Fixed key expiry check for keys valid after the year 2038 + * Pick up key expiration time from direct-key signature or primary + userid certification if available + * CVE-2021-33589: issue with cleartext key data after the + rnp_key_unprotect()/rnp_key_protect() calls (boo#1187759) +- includes changes from 0.15.0: + * Improve handling of cleartext signatures, when empty line + between headers and contents contains some whitespace + * Relax requirements for the armored messages CRC (allow absence + of the CRC, and issue warning instead of complete failure) + * documentation updates + * rnpkeys: add --remove-key command + ------------------------------------------------------------------- Sun Feb 21 21:44:24 UTC 2021 - Andreas Stieger diff --git a/rnp.spec b/rnp.spec index cde169d..4b6acb8 100644 --- a/rnp.spec +++ b/rnp.spec @@ -17,37 +17,37 @@ # -%define soname 0-0 +%define soname 0 Name: rnp -Version: 0.14.0 +Version: 0.15.1 Release: 0 Summary: OpenPGP implementation fully compliant with RFC 4880 -License: BSD-2-Clause AND BSD-3-Clause AND Apache-2.0 +License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause URL: https://www.rnpgp.com/ Source: https://github.com/rnpgp/rnp/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -Source2: https://raw.githubusercontent.com/riboseinc/cmake-versioning/c78a0be/version.cmake -BuildRequires: cmake +BuildRequires: cmake >= 3.14 BuildRequires: gcc-c++ BuildRequires: pkgconfig BuildRequires: cmake(json-c) >= 0.11 BuildRequires: pkgconfig(botan-2) >= 2.14.0 BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(zlib) +BuildRequires: rubygem(asciidoctor) %description RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG. -%package -n librnp-%{soname} +%package -n librnp%{soname} Summary: OpenPGP implementation as a C++ library fully compliant with RFC 4880 -%description -n librnp-%{soname} +%description -n librnp%{soname} RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG. librnp is the library used by RNP for all OpenPGP functions, useful for developers to build against, different from GPGME. %package devel Summary: Development files for RNP -Requires: librnp-%{soname} = %{version} +Requires: librnp%{soname} = %{version} %description devel RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG. @@ -55,32 +55,26 @@ This package contains the files needed to build against librnp. %prep %setup -q -# for determine_version -cp %{SOURCE2} cmake/ %build %cmake \ -DBUILD_SHARED_LIBS=on \ - -DBUILD_TESTING=off + -DBUILD_TESTING=off \ + %cmake_build %install %cmake_install -install -d %{buildroot}%{_mandir}/man1 -install -d %{buildroot}%{_mandir}/man3 -install -m0644 src/rnp/rnp.1 %{buildroot}%{_mandir}/man1/rnp.1 -install -m0644 src/rnpkeys/rnpkeys.1 %{buildroot}%{_mandir}/man1/rnpkeys.1 -install -m0644 src/lib/librnp.3 %{buildroot}%{_mandir}/man3/librnp.3 -%post -n librnp-%{soname} -p /sbin/ldconfig -%postun -n librnp-%{soname} -p /sbin/ldconfig +%post -n librnp%{soname} -p /sbin/ldconfig +%postun -n librnp%{soname} -p /sbin/ldconfig %files %license LICENSE* %{_bindir}/* -%{_mandir}/man1/* +%{_mandir}/man1/*.1%{?ext_man} -%files -n librnp-%{soname} +%files -n librnp%{soname} %license LICENSE* %{_libdir}/*.so.0* @@ -91,6 +85,6 @@ install -m0644 src/lib/librnp.3 %{buildroot}%{_mandir}/man3/librnp.3 %{_libdir}/cmake/rnp %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc -%{_mandir}/man3/* +%{_mandir}/man3/*.3%{?ext_man} %changelog diff --git a/version.cmake b/version.cmake deleted file mode 100644 index d4a76ff..0000000 --- a/version.cmake +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright (c) 2018 Ribose Inc. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS -# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -# desired length of commit hash -set(GIT_REV_LEN 7) - -# call git, store output in var (can fail) -macro(_git var) - execute_process( - COMMAND "${GIT_EXECUTABLE}" ${ARGN} - WORKING_DIRECTORY "${source_dir}" - RESULT_VARIABLE _git_ec - OUTPUT_VARIABLE ${var} - OUTPUT_STRIP_TRAILING_WHITESPACE - ERROR_QUIET - ) -endmacro() - -# call git, store output in var (can not fail) -macro(git var) - _git(${var} ${ARGN}) - if (NOT _git_ec EQUAL 0) - string(REPLACE ";" " " args "${ARGN}") - message(FATAL_ERROR "Failed to execute: git ${args}") - endif() -endmacro() - -function(extract_version_info version var_prefix) - # extract the main components - # v1.9.0-3-g5b92266+1546836556 - # v1.9.0-3-g5b92266-dirty+1546836556 - string(REGEX MATCH "^v?([0-9]+\\.[0-9]+\\.[0-9]+)(-([0-9]+)-g([0-9a-f]+)(-dirty)?)?(\\+([0-9]+))?$" matches "${version}") - if (NOT matches) - message(FATAL_ERROR "Failed to extract version components.") - endif() - set(${var_prefix}_VERSION "${CMAKE_MATCH_1}" PARENT_SCOPE) # 1.9.0 - if (NOT CMAKE_MATCH_3) - set(CMAKE_MATCH_3 "0") - endif() - set(${var_prefix}_VERSION_NCOMMITS "${CMAKE_MATCH_3}" PARENT_SCOPE) # 3 - if (NOT CMAKE_MATCH_4) - set(CMAKE_MATCH_4 "0") - endif() - set(${var_prefix}_VERSION_GIT_REV "${CMAKE_MATCH_4}" PARENT_SCOPE) # 5b92266 - if (CMAKE_MATCH_5 STREQUAL "-dirty") - set(${var_prefix}_VERSION_IS_DIRTY TRUE PARENT_SCOPE) - else() - set(${var_prefix}_VERSION_IS_DIRTY FALSE PARENT_SCOPE) - endif() - # timestamp is optional, default to 0 - if (NOT CMAKE_MATCH_7) - set(CMAKE_MATCH_7 "0") - endif() - set(${var_prefix}_VERSION_COMMIT_TIMESTAMP "${CMAKE_MATCH_7}" PARENT_SCOPE) # 1546836556 -endfunction() - -function(determine_version source_dir var_prefix) - if (EXISTS "${source_dir}/.git") - # for GIT_EXECUTABLE - find_package(Git REQUIRED) - # get a description of the version, something like: - # v1.9.1-0-g38ffe82 (a tagged release) - # v1.9.1-0-g38ffe82-dirty (a tagged release with local modifications) - # v1.9.0-3-g5b92266 (post-release snapshot) - # v1.9.0-3-g5b92266-dirty (post-release snapshot with local modifications) - _git(version describe --abbrev=${GIT_REV_LEN} --match "v[0-9]*" --long --dirty) - if (NOT _git_ec EQUAL 0) - # no annotated tags, fake one - git(revision rev-parse --short=${GIT_REV_LEN} --verify HEAD) - set(version "v0.0.0-0-g${revision}") - # check if dirty (this won't detect untracked files, but should be ok) - _git(changes diff-index --quiet HEAD --) - if (NOT _git_ec EQUAL 0) - string(APPEND version "-dirty") - endif() - # append the commit timestamp of the most recent commit (only - # in non-release branches -- typically master) - git(commit_timestamp show -s --format=%ct) - string(APPEND version "+${commit_timestamp}") - endif() - else() - # same as above, but used for snapshots - file(STRINGS "${source_dir}/version.txt" version) - endif() - set(local_prefix "_determine_ver") - extract_version_info("${version}" "${local_prefix}") - foreach(suffix VERSION VERSION_NCOMMITS VERSION_GIT_REV VERSION_IS_DIRTY VERSION_COMMIT_TIMESTAMP) - if (NOT DEFINED ${local_prefix}_${suffix}) - message(FATAL_ERROR "Unable to determine version.") - endif() - set(${var_prefix}_${suffix} "${${local_prefix}_${suffix}}" PARENT_SCOPE) - message(STATUS "${var_prefix}_${suffix}: ${${local_prefix}_${suffix}}") - endforeach() - # Set VERSION_SUFFIX and VERSION_FULL. When making changes, be aware that - # this is used in packaging as well and will affect ordering. - # | state | version_full | - # |------------------------------------------------| - # | exact tag | 0.9.0 | - # | exact tag, dirty | 0.9.0+git20180604 | - # | after tag | 0.9.0+git20180604.1.085039f | - # | no tag | 0.0.0+git20180604.2ee02af | - string(TIMESTAMP date "%Y%m%d" UTC) - set(version_suffix "") - if ((NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0) OR (${local_prefix}_VERSION STREQUAL "0.0.0")) - # 0.9.0+git20150604.4.289818b - string(APPEND version_suffix "+git${date}") - if (NOT ${local_prefix}_VERSION_NCOMMITS EQUAL 0) - string(APPEND version_suffix ".${${local_prefix}_VERSION_NCOMMITS}") - endif() - string(APPEND version_suffix ".${${local_prefix}_VERSION_GIT_REV}") - else() - if (${local_prefix}_VERSION_IS_DIRTY) - # 0.9.0+git20150604 - string(APPEND version_suffix "+git${date}") - endif() - endif() - set(version_full "${${local_prefix}_VERSION}${version_suffix}") - # set the results - set(${var_prefix}_VERSION_SUFFIX "${version_suffix}" PARENT_SCOPE) - set(${var_prefix}_VERSION_FULL "${version_full}" PARENT_SCOPE) - # for informational purposes - message(STATUS "${var_prefix}_VERSION_SUFFIX: ${version_suffix}") - message(STATUS "${var_prefix}_VERSION_FULL: ${version_full}") -endfunction() -