rpm/rnp
SHA256
1
0
Fork 0
forked from pool/rnp
Code Pull Requests Activity

Accepting request 1190048 from home:AndreasStieger:branches:security:privacy

Browse Source 
rnp 0.17.1

OBS-URL: https://build.opensuse.org/request/show/1190048
OBS-URL: https://build.opensuse.org/package/show/security:privacy/rnp?expand=0&rev=33
This commit is contained in:
Andreas Stieger 2024-07-28 18:32:27 +00:00 committed by Git OBS Bridge
commit d72be1f0f4
14 changed files with 763 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

20
rnp-v0.17.0-cpp14-googletest.patch Normal file
View File

@ -0,0 +1,20 @@
https://github.com/rnpgp/rnp/pull/2209
GoogleTest 1.14.0 requires C++ 14:
[ 26s] /usr/include/gtest/internal/gtest-port.h:279:2: error: #error C++ versions less than C++14 are not supported.
[ 26s] 279 | #error C++ versions less than C++14 are not supported.
[ 26s] | ^~~~~
Index: rnp-v0.17.0/CMakeLists.txt
===================================================================
--- rnp-v0.17.0.orig/CMakeLists.txt
+++ rnp-v0.17.0/CMakeLists.txt
@@ -137,7 +137,7 @@ endif(WIN32)
# set a few other things at the top level to prevent incompatibilities
set(CMAKE_C_STANDARD 99)
-set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD 14)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_EXTENSIONS OFF)
add_definitions(-D_GNU_SOURCE)

154
rnp-v0.17.0-disable-static.patch Normal file
View File

@ -0,0 +1,154 @@
From 8f7b2f27af277b0577ada7ecc54bb2db190eac85 Mon Sep 17 00:00:00 2001
From: "Maxim [maxirmx] Samsonov" <m.samsonov@computer.org>
Date: Wed, 3 May 2023 20:26:49 +0300
Subject: [PATCH] Not installing static libraries when BUILD_SHARED_LIBS=ON
---
ci/tests/deb-tests.sh | 2 --
ci/tests/pk-tests.sh | 27 ---------------------------
ci/tests/pkg-tests.sh | 2 --
ci/tests/rpm-tests.sh | 2 --
src/lib/CMakeLists.txt | 33 +++++++++++++--------------------
5 files changed, 13 insertions(+), 53 deletions(-)
diff --git a/ci/tests/deb-tests.sh b/ci/tests/deb-tests.sh
index 78057026..35630223 100755
--- a/ci/tests/deb-tests.sh
+++ b/ci/tests/deb-tests.sh
@@ -43,8 +43,6 @@ declare expected_libraries=(
declare expected_devlibraries=(
"$DIR_LIB/librnp.so"
- "$DIR_LIB/librnp.a"
- "$DIR_LIB/libsexp.a"
"$DIR_LIB/pkgconfig/librnp.pc"
)
diff --git a/ci/tests/pk-tests.sh b/ci/tests/pk-tests.sh
index 2b22df99..34f9b17c 100755
--- a/ci/tests/pk-tests.sh
+++ b/ci/tests/pk-tests.sh
@@ -101,33 +101,6 @@ test_shared_library() {
sudo yum -y erase $(rpm -qa | grep rnp)
}
-test_static_library() {
- sudo yum -y localinstall librnp0-0*.*.rpm librnp0-devel-0*.*.rpm
- pushd "$(mktemp -d)"
- create_source_file
- create_cmake_file 'rnp::librnp-static'
-
-# shellcheck disable=SC2251
-! cmake . -DCMAKE_MODULE_PATH="$DIR_CMAKE"/*
- assertEquals "cmake failed at static library test" 0 "${PIPESTATUS[0]}"
-
-# shellcheck disable=SC2251
-! make
- assertEquals "make failed at static library test" 0 "${PIPESTATUS[0]}"
-
-# shellcheck disable=SC2251
-! ./find_package_test
- assertEquals "test program failed at static library test" 0 "${PIPESTATUS[0]}"
-
-# shellcheck disable=SC2251
-! ldd find_package_test | grep librnp
- assertNotEquals "unexpected reference to shared rnp library at static library test" 0 "${PIPESTATUS[1]}"
-
- popd
-# shellcheck disable=SC2046
- sudo yum -y erase $(rpm -qa | grep rnp)
-}
-
test_no_library() {
pushd "$(mktemp -d)"
create_source_file
diff --git a/ci/tests/pkg-tests.sh b/ci/tests/pkg-tests.sh
index dbeaac6d..dcc4d014 100755
--- a/ci/tests/pkg-tests.sh
+++ b/ci/tests/pkg-tests.sh
@@ -43,8 +43,6 @@ declare expected_libraries=(
declare expected_devlibraries=(
"$DIR_LIB/librnp.so"
- "$DIR_LIB/librnp.a"
- "$DIR_LIB/libsexp.a"
"$DIR_LIB/pkgconfig/librnp.pc"
)
diff --git a/ci/tests/rpm-tests.sh b/ci/tests/rpm-tests.sh
index 39f8dd03..75b676e9 100755
--- a/ci/tests/rpm-tests.sh
+++ b/ci/tests/rpm-tests.sh
@@ -50,8 +50,6 @@ declare expected_libraries=(
declare expected_devlibraries=(
"$DIR_LIB/librnp.so"
- "$DIR_LIB/librnp.a"
- "$DIR_LIB/libsexp.a"
"$DIR_LIB/pkgconfig/librnp.pc"
)
diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
index 086ac57d..f6987967 100755
--- a/src/lib/CMakeLists.txt
+++ b/src/lib/CMakeLists.txt
@@ -414,11 +414,11 @@ else()
endif()
# add these to the rnp-targets export
-# On Unix like systems we will build/install/pack shared and static libraries librnp.so and librnp.a
-# On Windows we will build/install/pack dynamic, import and static libraries rnp.dll, rnp.lib and rnp-static.lib
+# On Unix like systems we will build/install/pack either shared library librnp.so or static librnp.a
+# On Windows we will build/install/pack either dynamic and import libraries rnp.dll, rnp.lib or static library rnp-static.lib
-# If a client application uses shared rnp library, sexp is statically linked to librnp.so
-# If a client application uses static rnp library, it still needs libsexp.a
+# If a client application uses shared rnp library, sexp is statically linked to librnp.so and libsexp.a is not installed
+# If a client application uses static rnp library, it still needs libsexp.a and it is installed
if (BUILD_SHARED_LIBS)
# both static and shared libraries
@@ -433,15 +433,17 @@ install(TARGETS librnp
COMPONENT development
)
- install(TARGETS librnp-static sexp
- EXPORT rnp-targets
- ARCHIVE
- DESTINATION "${CMAKE_INSTALL_LIBDIR}"
- COMPONENT development
- )
+# install dll only for windows
+ if (WIN32)
+ install(TARGETS librnp
+ RUNTIME
+ DESTINATION "${CMAKE_INSTALL_BINDIR}"
+ COMPONENT runtime
+ )
+ endif(WIN32)
else(BUILD_SHARED_LIBS)
# static libraries only
-install(TARGETS librnp sexp
+ install(TARGETS librnp sexp
EXPORT rnp-targets
ARCHIVE
DESTINATION "${CMAKE_INSTALL_LIBDIR}"
@@ -449,15 +451,6 @@ install(TARGETS librnp sexp
)
endif(BUILD_SHARED_LIBS)
-# install dll only for windows
-if (WIN32)
- install(TARGETS librnp
- RUNTIME
- DESTINATION "${CMAKE_INSTALL_BINDIR}"
- COMPONENT runtime
- )
-endif(WIN32)
-
# install headers
install(
FILES
--
2.41.0

131
rnp-v0.17.0-system-sexp.patch Normal file
View File

@ -0,0 +1,131 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0fa5aa14c..d64927540 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -58,6 +58,8 @@ option(ENABLE_COVERAGE "Enable code coverage testing.")
option(ENABLE_SANITIZERS "Enable ASan and other sanitizers.")
option(ENABLE_FUZZERS "Enable fuzz targets.")
option(DOWNLOAD_GTEST "Download Googletest" On)
+option(SYSTEM_LIBSEXPP "Use system sexpp library" OFF)
+
# crypto components
function(tristate_feature_auto NAME DESCRIPTION)
set(${NAME} Auto CACHE STRING ${DESCRIPTION})
@@ -182,10 +184,22 @@ if (ENABLE_FUZZERS)
endif()
add_subdirectory(src/common)
-set(WITH_SEXP_CLI OFF)
-set(WITH_SEXP_TESTS OFF)
-set(CMAKE_INSTALL_DEFAULT_COMPONENT_NAME development)
-add_subdirectory(src/libsexp EXCLUDE_FROM_ALL)
+if (SYSTEM_LIBSEXPP)
+ find_package(PkgConfig)
+ pkg_check_modules(REQUIRED sexpp>=0.8.7)
+else (SYSTEM_LIBSEXPP)
+# If we use system libsexpp is not used we build sexpp static library
+# If librnp is shared, libsexpp.a is a transient artifact which is hidden from
+# the end user.
+# If librnp is static we install libsexpp.a aside
+ set(SAVED_BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS})
+ set(BUILD_SHARED_LIBS OFF)
+ set(WITH_SEXP_CLI OFF)
+ set(WITH_SEXP_TESTS OFF)
+ set(CMAKE_INSTALL_DEFAULT_COMPONENT_NAME development)
+ add_subdirectory(src/libsexpp EXCLUDE_FROM_ALL)
+ set(BUILD_SHARED_LIBS ${SAVED_BUILD_SHARED_LIBS})
+endif (SYSTEM_LIBSEXPP)
add_subdirectory(src/lib)
add_subdirectory(src/rnp)
diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
index d931701a5..19059c2fa 100755
--- a/src/lib/CMakeLists.txt
+++ b/src/lib/CMakeLists.txt
@@ -342,7 +342,7 @@ elseif (CRYPTO_BACKEND_OPENSSL)
target_link_libraries(librnp-obj PRIVATE OpenSSL::Crypto)
endif()
-target_link_libraries(librnp-obj PRIVATE sexp)
+target_link_libraries(librnp-obj PRIVATE sexpp)
set_target_properties(librnp-obj PROPERTIES CXX_VISIBILITY_PRESET hidden)
if (TARGET BZip2::BZip2)
@@ -398,7 +398,7 @@ foreach (prop LINK_LIBRARIES INTERFACE_LINK_LIBRARIES INCLUDE_DIRECTORIES INTERF
get_target_property(val librnp-obj ${prop})
if (BUILD_SHARED_LIBS)
set_property(TARGET librnp-static PROPERTY ${prop} ${val})
- list(REMOVE_ITEM val "$<LINK_ONLY:sexp>")
+ list(REMOVE_ITEM val "$<LINK_ONLY:sexpp>")
set_property(TARGET librnp PROPERTY ${prop} ${val})
else()
set_property(TARGET librnp PROPERTY ${prop} ${val})
@@ -431,12 +431,11 @@ endif()
# On Unix like systems we will build/install/pack either shared library librnp.so or static librnp.a
# On Windows we will build/install/pack either dynamic and import libraries rnp.dll, rnp.lib or static library rnp-static.lib
-# If a client application uses shared rnp library, sexp is statically linked to librnp.so and libsexp.a is not installed
-# If a client application uses static rnp library, it still needs libsexp.a and it is installed
+# If a client application uses shared rnp library, sexpp is statically linked to librnp.so and libsexpp.a is not installed
+# If a client application uses static rnp library, it still needs libsexpp.a and it is installed
if (BUILD_SHARED_LIBS)
-# both static and shared libraries
-install(TARGETS librnp
+ install(TARGETS librnp
EXPORT rnp-targets
LIBRARY
DESTINATION "${CMAKE_INSTALL_LIBDIR}"
@@ -456,13 +455,23 @@ install(TARGETS librnp
)
endif(WIN32)
else(BUILD_SHARED_LIBS)
-# static libraries only
- install(TARGETS librnp sexp
+# static libraries
+# install libsexpp unless system-installed libsexpp is used
+ if (SYSTEM_LIBSEXPP)
+ install(TARGETS librnp
+ EXPORT rnp-targets
+ ARCHIVE
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+ COMPONENT development
+ )
+ else (SYSTEM_LIBSEXPP)
+ install(TARGETS librnp sexpp
EXPORT rnp-targets
ARCHIVE
DESTINATION "${CMAKE_INSTALL_LIBDIR}"
COMPONENT development
-)
+ )
+ endif (SYSTEM_LIBSEXPP)
endif(BUILD_SHARED_LIBS)
# install headers
diff --git a/src/librekey/g23_sexp.hpp b/src/librekey/g23_sexp.hpp
index b888680f5..b062c52f1 100644
--- a/src/librekey/g23_sexp.hpp
+++ b/src/librekey/g23_sexp.hpp
@@ -27,8 +27,8 @@
#ifndef RNP_G23_SEXP_HPP
#define RNP_G23_SEXP_HPP
-#include "sexp/sexp.h"
-#include "sexp/ext-key-format.h"
+#include "sexpp/sexp.h"
+#include "sexpp/ext-key-format.h"
#define SXP_MAX_DEPTH 30
--- a/src/tests/CMakeLists.txt
+++ b/src/tests/CMakeLists.txt
@@ -186,7 +186,7 @@ target_link_libraries(rnp_tests
PRIVATE
librnp-static
JSON-C::JSON-C
- sexp
+ sexpp
${GTestMain}
)
if (CRYPTO_BACKEND_LOWERCASE STREQUAL "openssl")

103
rnp-v0.17.0-test-SHA1-cutoff.patch Normal file
View File

@ -0,0 +1,103 @@
From eb1f10b003c2addf8098a764b823696d48b62c01 Mon Sep 17 00:00:00 2001
From: Nickolay Olshevsky <o.nickolay@gmail.com>
Date: Fri, 19 Jan 2024 16:05:32 +0200
Subject: [PATCH] Update tests to match SHA1 cutoff date for key signatures.
---
src/tests/cli_tests.py | 10 +++++-----
src/tests/ffi.cpp | 26 +++++++++++++++++---------
src/tests/key-add-userid.cpp | 2 ++
3 files changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
index bde7faf9d..634c88504 100755
--- a/src/tests/cli_tests.py
+++ b/src/tests/cli_tests.py
@@ -4862,12 +4862,16 @@ def do_test_encrypt(self, sign_key_size, enc_key_size):
self.operation_key_location = tuple((key_path(pfx, False), key_path(pfx, True)))
self.rnp.userid = self.gpg.userid = pfx + AT_EXAMPLE
# DSA 1024 key uses SHA-1 as hash but verification would succeed till 2024
+ if sign_key_size == 1024:
+ return
self._encrypt_decrypt(self.gpg, self.rnp)
def do_test_decrypt(self, sign_key_size, enc_key_size):
pfx = EncryptElgamal.key_pfx(sign_key_size, enc_key_size)
self.operation_key_location = tuple((key_path(pfx, False), key_path(pfx, True)))
self.rnp.userid = self.gpg.userid = pfx + AT_EXAMPLE
+ if sign_key_size == 1024:
+ return
self._encrypt_decrypt(self.rnp, self.gpg)
def test_encrypt_P1024_1024(self): self.do_test_encrypt(1024, 1024)
@@ -4878,11 +4882,7 @@ def test_decrypt_P1024_1024(self): self.do_test_decrypt(1024, 1024)
def test_decrypt_P2048_2048(self): self.do_test_decrypt(2048, 2048)
def test_decrypt_P1234_1234(self): self.do_test_decrypt(1234, 1234)
- def test_generate_elgamal_key1024_in_gpg_and_encrypt(self):
- cmd = EncryptElgamal.GPG_GENERATE_DSA_ELGAMAL_PATTERN.format(1024, 1024, self.gpg.userid)
- self.operation_key_gencmd = cmd
- # Will not fail till 2024 since 1024-bit DSA key uses SHA-1 as hash.
- self._encrypt_decrypt(self.gpg, self.rnp)
+ # 1024-bit key generation test was removed since it uses SHA1, which is not allowed for key signatures since Jan 19, 2024.
def test_generate_elgamal_key1536_in_gpg_and_encrypt(self):
cmd = EncryptElgamal.GPG_GENERATE_DSA_ELGAMAL_PATTERN.format(1536, 1536, self.gpg.userid)
diff --git a/src/tests/ffi.cpp b/src/tests/ffi.cpp
index 8f1694d9f..07b778f00 100644
--- a/src/tests/ffi.cpp
+++ b/src/tests/ffi.cpp
@@ -5976,11 +5976,16 @@ TEST_F(rnp_tests, test_ffi_security_profile)
assert_int_equal(flags, 0);
/* SHA1 - now, data verify disabled, key sig verify is enabled */
flags = 0;
- assert_rnp_success(rnp_get_security_rule(
- ffi, RNP_FEATURE_HASH_ALG, "SHA1", time(NULL), &flags, &from, &level));
- assert_int_equal(from, SHA1_DATA_FROM);
+ auto now = time(NULL);
+ bool sha1_cutoff = now > SHA1_KEY_FROM;
+ /* This would pick default rule closer to the date independent on usage */
+ assert_rnp_success(
+ rnp_get_security_rule(ffi, RNP_FEATURE_HASH_ALG, "SHA1", now, &flags, &from, &level));
+ auto expect_from = sha1_cutoff ? SHA1_KEY_FROM : SHA1_DATA_FROM;
+ auto expect_usage = sha1_cutoff ? RNP_SECURITY_VERIFY_KEY : RNP_SECURITY_VERIFY_DATA;
+ assert_int_equal(from, expect_from);
assert_int_equal(level, RNP_SECURITY_INSECURE);
- assert_int_equal(flags, RNP_SECURITY_VERIFY_DATA);
+ assert_int_equal(flags, expect_usage);
flags = 0;
assert_rnp_success(rnp_get_security_rule(
ffi, RNP_FEATURE_HASH_ALG, "SHA1", SHA1_DATA_FROM - 1, &flags, &from, &level));
@@ -5993,11 +5998,14 @@ TEST_F(rnp_tests, test_ffi_security_profile)
assert_int_equal(level, RNP_SECURITY_INSECURE);
assert_int_equal(flags, RNP_SECURITY_VERIFY_DATA);
flags = RNP_SECURITY_VERIFY_KEY;
- assert_rnp_success(rnp_get_security_rule(
- ffi, RNP_FEATURE_HASH_ALG, "SHA1", time(NULL), &flags, &from, &level));
- assert_int_equal(from, 0);
- assert_int_equal(level, RNP_SECURITY_DEFAULT);
- assert_int_equal(flags, 0);
+ assert_rnp_success(
+ rnp_get_security_rule(ffi, RNP_FEATURE_HASH_ALG, "SHA1", now, &flags, &from, &level));
+ expect_from = sha1_cutoff ? SHA1_KEY_FROM : 0;
+ auto expect_level = sha1_cutoff ? RNP_SECURITY_INSECURE : RNP_SECURITY_DEFAULT;
+ expect_usage = sha1_cutoff ? RNP_SECURITY_VERIFY_KEY : 0;
+ assert_int_equal(from, expect_from);
+ assert_int_equal(level, expect_level);
+ assert_int_equal(flags, expect_usage);
flags = RNP_SECURITY_VERIFY_KEY;
assert_rnp_success(rnp_get_security_rule(
ffi, RNP_FEATURE_HASH_ALG, "SHA1", SHA1_KEY_FROM + 5, &flags, &from, &level));
diff --git a/src/tests/key-add-userid.cpp b/src/tests/key-add-userid.cpp
index 5c2a4f71d..edd420573 100644
--- a/src/tests/key-add-userid.cpp
+++ b/src/tests/key-add-userid.cpp
@@ -68,6 +68,8 @@ TEST_F(rnp_tests, test_key_add_userid)
selfsig0.key_flags = 0x2;
selfsig0.key_expiration = base_expiry;
selfsig0.primary = false;
+ auto curtime = global_ctx.time();
+ global_ctx.set_time(curtime > SHA1_KEY_FROM ? SHA1_KEY_FROM - 100 : 0);
key->add_uid_cert(selfsig0, PGP_HASH_SHA1, global_ctx);
// attempt to add sha1-signed uid and make sure it succeeds now and fails after the cutoff
// date in 2024

34
rnp-v0.17.0-tests.patch Normal file
View File

@ -0,0 +1,34 @@
From e69da980c1bc3d6096db6446a5e14cac924146fa Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Mon, 19 Jun 2023 23:05:27 +0200
Subject: [PATCH] Increase key expiry seconds in tests from 10s to 60s
---
src/tests/cli_tests.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/tests/cli_tests.py b/src/tests/cli_tests.py
index e6f5ed76..f0bcc757 100755
--- a/src/tests/cli_tests.py
+++ b/src/tests/cli_tests.py
@@ -1997,14 +1997,14 @@ class Keystore(unittest.TestCase):
matches = re.findall(r'(key expiration time: 63072000 seconds \(730 days\))', out)
self.assertEqual(len(matches), 1)
- # Expires in 10 seconds
- ret, out, _ = run_proc(RNPK, ['--homedir', RNPDIR, '--edit-key', '--set-expire', '10', 'primary_with_empty_password@rnp'])
+ # Expires in 60 seconds
+ ret, out, _ = run_proc(RNPK, ['--homedir', RNPDIR, '--edit-key', '--set-expire', '60', 'primary_with_empty_password@rnp'])
self.assertEqual(ret, 0)
self.assertRegex(out, r'(?s)^.*\[EXPIRES .*')
ret, out, _ = run_proc(RNP, ['--list-packets', kpath])
self.assertEqual(ret, 0)
- self.assertRegex(out, r'(?s)^.*key expiration time: 10 seconds \(0 days\).*')
+ self.assertRegex(out, r'(?s)^.*key expiration time: 60 seconds \(0 days\).*')
# Expires in 10 hours
ret, out, _ = run_proc(RNPK, ['--homedir', RNPDIR, '--edit-key', '--set-expire', '10h', 'primary_with_empty_password@rnp'])
--
2.41.0

3
rnp-v0.17.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:04d29fe9a20c56bb7ff4d77bc761b91f1f96462efd3b29d4d1d40262ce4eb782
size 3083098

7
rnp-v0.17.0.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCZFI5oQAKCRD7gpq10P4B
f54nAP9diWXjNJWAAP/RT3pvz5vWD/bIsjfBtqKHkIp2zJin0gEAleb9Pd4Fxq5O
EtYr/e2qwH8B7rzma6vm4tjVOmSKywk=
=vwtT
-----END PGP SIGNATURE-----

3
rnp-v0.17.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3095e2439ecb7b65f0ab72b7bbfafeb39bb1dda3c24c2ae110719a41bbfbf37d
size 3563881

7
rnp-v0.17.1.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCZkMJgwUDAAAAAAAKCRD7gpq10P4Bf2jG
AQDO4DGfnXrnQ7fJhVGcUwM46hygc2mP/VX2G5qXazEyDQEAjGR5we4cD23zq5fHM4ITE040H4YG
bLwQuzo8RciwOQQ=
=oCnb
-----END PGP SIGNATURE-----

163
rnp.changes Normal file
View File

@ -0,0 +1,163 @@
-------------------------------------------------------------------
Sun Jul 28 18:20:34 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- rnp 0.17.1:
* Added support for Botan 3
* Updated support for OpenSSL 3
* Added support for mimemode in literal data packet
* Relaxed Base64 decoding to allow spaces after the checksum
* Added functions rnp_key_set_features() and
rnp_signature_get_features()
- drop patches no longer needed:
* rnp-v0.17.0-cpp14-googletest.patch
* rnp-v0.17.0-disable-static.patch
* rnp-v0.17.0-system-sexp.patch
* rnp-v0.17.0-test-SHA1-cutoff.patch
-------------------------------------------------------------------
Wed Apr 3 11:14:34 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- switch to C++14 to fix build with new GoogleTest 1.14.0
add rnp-v0.17.0-cpp14-googletest.patch
-------------------------------------------------------------------
Sat Jan 20 09:52:21 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- fix build after SHA-1 cutoff date
add rnp-v0.17.0-test-SHA1-cutoff.patch
-------------------------------------------------------------------
Mon Jun 26 20:21:55 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
- build with system sexpp library (renamed)
-------------------------------------------------------------------
Mon Jun 19 21:10:24 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
- fix s390x tests - add rnp-v0.17.0-tests.patch
-------------------------------------------------------------------
Wed Jun 14 21:01:38 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
- build with system sexp library
(add rnp-v0.17.0-system-sexp.patch)
- drop rnp-v0.17.0-gcc13.patch no longer needed
-------------------------------------------------------------------
Wed Jun 14 20:57:32 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
- fix build on Leap (json-c)
-------------------------------------------------------------------
Mon Jun 12 20:32:19 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
- rnp 0.17.0:
* Add support for hidden recipient during decryption
* Improve support for offline secret keys during default key
selection
* Support for GnuPG 2
* SExp parsing code is moved to separate library
* Mark subkeys as expired instead of invalid if primary key is
expired
* AEAD: use OCB by default instead of EAX
* Do not attempt to validate signatures of unexpected types
* Use thread-safe time and date handling functions
* Added ENABLE_BLOWFISH, ENABLE_CAST5 and ENABLE_RIPEMD160 build
time options
* Corrected usage of CEK/KEK algorithms if those differs
* Add default armor message type for --enarmor command
* Add command --set-filename to specify which file name should be stored in message
* Add --add-subkey subcommand to the --edit-key
* Add set-expire subcommand to the --edit-key
* Add --s2k-iterations and --s2k-msec options to the rnp
* dd --allow-weak-hash command to allow usage of weak hash algorithms
* Report number of new/updated keys during the key import
- add rnp-v0.17.0-disable-static.patch
- add rnp-v0.17.0-gcc13.patch
- uses bundled libsexp
-------------------------------------------------------------------
Mon Jun 12 17:16:52 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- rnp 0.16.3:
* CVE-2023-29479: Fix issue with possible hang on malformed
inputs (boo#1212253)
* CVE-2023-29480: Fix issue where in some cases, secret keys
remain unlocked after use (boo#1212254)
-------------------------------------------------------------------
Mon Sep 26 04:36:06 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- rnp 0.16.2:
* Support a number of additional key and encryption operations
* Now uses separate security rules for the data and key signatures,
extending SHA1 key signature support till the Jan, 19 2024.
* The default key expiration time was set to 2 years.
* The library got a number of developer visible updates,
and the command-line interface gained a number of additional
knobs, switches, and output improvements
-------------------------------------------------------------------
Sun May 22 08:14:29 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- add upstream signing key and verify source signature
-------------------------------------------------------------------
Sun Feb 13 18:12:53 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- rnp 0.16.0:
* Ability to disable certain features via compile-time switches
(ENABLE_AEAD, ENABLE_SM2, etc.)
* Mark signatures with SHA1/MD5 hash, produced after the specific
date (2019-01-19 and 2012-01-01) as invalid
* Fixed possible incompatibility with GnuPG on x25519 secret key
export
* Fixed export of non-FFI symbols from rnp.so/rnp.dylib
* Fixed key expiration time calculation in some edge cases
* Added security profile manipulation functions to the FFI
* Improved CLI tools help messages
* Improved CLI: stdin/stdout/env input/output specifiers, --notty
for batch processing, etc.
-------------------------------------------------------------------
Sat Jan 15 08:14:17 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- disable tests
-------------------------------------------------------------------
Mon Aug 9 20:44:23 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- rnp 0.15.2:
* Be less strict in userid validation: allow to use userids with
self-signature, which has key expiration in the past
* Do not mark signature as invalid if key which produced it is
expired now, but was valid during signing
* Fix incorrect key expiration calculation in some cases
* rnp: Show error message if encryption failed
* rnpkeys: Add --expiration option to specify expiration time
during key generation
- run tests
-------------------------------------------------------------------
Mon Jun 28 20:17:02 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- rnp 0.15.1:
* Fix updating of expiration time for a key with multiple user
IDs
* Fixed key expiry check for keys valid after the year 2038
* Pick up key expiration time from direct-key signature or primary
userid certification if available
* CVE-2021-33589: issue with cleartext key data after the
rnp_key_unprotect()/rnp_key_protect() calls (boo#1187759)
- includes changes from 0.15.0:
* Improve handling of cleartext signatures, when empty line
between headers and contents contains some whitespace
* Relax requirements for the armored messages CRC (allow absence
of the CRC, and issue warning instead of complete failure)
* documentation updates
* rnpkeys: add --remove-key command
-------------------------------------------------------------------
Sun Feb 21 21:44:24 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- initial package, 0.14.0

16
rnp.keyring Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYOUN0RYJKwYBBAHaRw8BAQdA3FRB/1WGnBDheAOEENZ1jnwOlzWyCGTmZi7u
d824hiW0LFJOUEdQIFJlbGVhc2UgU2lnbmluZyBLZXkgPHJucGdwQHJpYm9zZS5j
b20+iJYEExYIAD4WIQQxr1ok2GHvy3y3mhkkkAzgrvtUFwUCYOUN0QIbAQUJbeHV
gAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAkkAzgrvtUF42MAQDXfgjYWWqR
PkCvVhDQEjJVETNmwSgfhG/q3pMmGSlJFQD/ZJI9KhowbzGU0/qDXDERPoR2FYB5
xx4BwotTOwketw64MwRjGxr6FgkrBgEEAdpHDwEBB0B5WpvGuJLXoMdAAIyNfOjd
Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmFiEEMa9aJNhh78t8t5oZJJAM4K77VBcF
AmMbGvoCGwIFCQPCZwAAgQkQJJAM4K77VBd2IAQZFggAHRYhBFDaWdW5E0+i2x6y
DPuCmrXQ/gF/BQJjGxr6AAoJEPuCmrXQ/gF/Zi4A/RwEZ17ZrXyn0kiY/DP6BSIt
p/6Sk9hG7KpkRqC3aaWsAQD2P6eZV6pWbhQp1C/kQYtgBbLOMUqmAg+5fMduhmaw
BDfrAP9PXS/3/h4R2UWvQ8yDv4BXztrnf61rX6re4iGpfixBZAD9FalZDJmCrdQm
toOkvaIWylfh5HgTM3lxXcO3Dz6W6QQ=
=Towq
-----END PGP PUBLIC KEY BLOCK-----

98
rnp.spec Normal file
View File

@ -0,0 +1,98 @@
#
# spec file for package rnp
#
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define soname 0
Name: rnp
Version: 0.17.1
Release: 0
Summary: OpenPGP implementation fully compliant with RFC 4880
License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause
URL: https://www.rnpgp.com/
Source: https://github.com/rnpgp/rnp/releases/download/v%{version}/%{name}-v%{version}.tar.gz
Source2: https://github.com/rnpgp/rnp/releases/download/v%{version}/%{name}-v%{version}.tar.gz.asc
Source3: https://www.rnpgp.org/openpgp_keys/31AF5A24D861EFCB7CB79A1924900CE0AEFB5417-50DA59D5B9134FA2DB1EB20CFB829AB5D0FE017F.asc#/%{name}.keyring
BuildRequires: c++_compiler
BuildRequires: cmake >= 3.18
BuildRequires: gpg2 >= 2.2
BuildRequires: gtest
BuildRequires: pkgconfig
BuildRequires: pkgconfig(botan-2) >= 2.14.0
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(json-c) >= 0.11
BuildRequires: pkgconfig(sexpp) >= 0.8.7
BuildRequires: pkgconfig(zlib)
BuildRequires: rubygem(asciidoctor)
%description
RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG.
%package -n librnp%{soname}
Summary: OpenPGP implementation as a C++ library fully compliant with RFC 4880
%description -n librnp%{soname}
RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG.
librnp is the library used by RNP for all OpenPGP functions, useful for
developers to build against, different from GPGME.
%package devel
Summary: Development files for RNP
Requires: librnp%{soname} = %{version}
%description devel
RNP is a set of OpenPGP (RFC4880) tools, an alternative to GnuPG.
This package contains the files needed to build against librnp.
%prep
%autosetup -p1 -n %{name}-v%{version}
rm -rf src/libsexp
%build
%cmake \
-DDOWNLOAD_GTEST:BOOL=OFF \
-DBUILD_TESTING:BOOL=ON \
-DSYSTEM_LIBSEXPP:BOOL=ON \
%{nil}
%cmake_build
%install
%cmake_install
%check
%ctest
%ldconfig_scriptlets -n librnp%{soname}
%files
%license LICENSE*
%{_bindir}/*
%{_mandir}/man1/*.1%{?ext_man}
%files -n librnp%{soname}
%license LICENSE*
%{_libdir}/*.so.0*
%files devel
%license LICENSE*
%doc CHANGELOG.md README.adoc
%{_includedir}/*
%{_libdir}/cmake/rnp
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*.3%{?ext_man}
%changelog