rpms
/
libksba
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:cs10
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'cs10' have entirely different histories.
c9 ... cs10

7 changed files with 149 additions and 281 deletions
Show Stats

3
.gitignore vendored
Unescape View File

@ -1 +1,2 @@
SOURCES/libksba-1.5.1.tar.bz2
SOURCES/libksba-1.6.7.tar.bz2
SOURCES/libksba-1.6.7.tar.bz2.sig

3
.libksba.metadata
Unescape View File

@ -1 +1,2 @@
740ac2551b33110e879aff100c6a6749284daf97 SOURCES/libksba-1.5.1.tar.bz2
781acfb012cbb5328f41efcf82f723524e8d0128 SOURCES/libksba-1.6.7.tar.bz2
64940719237ad283d06e26305a3e5a39c8250064 SOURCES/libksba-1.6.7.tar.bz2.sig

157
SOURCES/libksba-1.5.1-coverity.patch
Unescape View File

@ -1,157 +0,0 @@
From f47ac49c068f1bc640f391b8b4a9594486ed0bb7 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 22:33:17 +0200
Subject: [PATCH 1/5] tests: reset freed pointer for next iteration
* tests/t-oid.c (main): reset freed pointer for next iteration
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/t-oid.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/t-oid.c b/tests/t-oid.c
index 0fe5944..04156b6 100644
--- a/tests/t-oid.c
+++ b/tests/t-oid.c
@@ -183,6 +183,7 @@ main (int argc, char **argv)
printf (" %02X", buffer[n]);
putchar ('\n');
free (buffer);
+ buffer = NULL;
}
}
else if (!strcmp (*argv, "--to-str"))
--
2.30.2
From 8c410c22a0366b4ce43d37b62598d8429c3ffc30 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 22:36:56 +0200
Subject: [PATCH 2/5] time: avoid buffer overrun
* src/time.c (_ksba_current_time): Use snprintf to avoid buffer overrun
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/time.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/time.c b/src/time.c
index d793476..f5f3a03 100644
--- a/src/time.c
+++ b/src/time.c
@@ -160,7 +160,7 @@ _ksba_current_time (ksba_isotime_t timebuf)
#else
tp = gmtime ( &epoch );
#endif
- sprintf (timebuf,"%04d%02d%02dT%02d%02d%02d",
- 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
- tp->tm_hour, tp->tm_min, tp->tm_sec);
+ snprintf (timebuf, sizeof(ksba_isotime_t), "%04d%02d%02dT%02d%02d%02d",
+ 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec);
}
--
2.30.2
From b8581032f492b4c17d20e966f11afd591ca177ef Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 22:44:43 +0200
Subject: [PATCH 3/5] asn1-func: Initialize buffer
* src/asn1-func.c (_ksba_asn_expand_object_id): Initialize name2 buffer
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/asn1-func.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/asn1-func.c b/src/asn1-func.c
index e64c479..05ec897 100755
--- a/src/asn1-func.c
+++ b/src/asn1-func.c
@@ -882,7 +882,7 @@ int
_ksba_asn_expand_object_id (AsnNode node)
{
AsnNode p, p2, p3, p4, p5;
- char name_root[129], name2[129*2+1];
+ char name_root[129], name2[129*2+1] = "";
/* Fixme: Make a cleaner implementation */
if (!node)
--
2.30.2
From ff510b0511443c181b9b9af87bd2596b6a5751fc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 Apr 2021 10:28:10 +0200
Subject: [PATCH 4/5] ber-decoder: Avoid null pointer dereference on error
* src/ber-decoder.c (_ksba_ber_decoder_dump): break on error
--
The above branches set err if stuff go wrong, but it is never checked
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/ber-decoder.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ber-decoder.c b/src/ber-decoder.c
index 755c1d7..87e58a9 100644
--- a/src/ber-decoder.c
+++ b/src/ber-decoder.c
@@ -1149,6 +1149,8 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp)
err = gpg_error_from_syserror ();
}
}
+ if (err)
+ break;
for (n=0; !err && n < d->val.length; n++)
{
--
2.30.2
From 0431c56f4e1b6d6c3ff302648730da36a18ae93c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 Apr 2021 10:30:59 +0200
Subject: [PATCH 5/5] Mark the idential branches as intentional for coverity
* src/ber-help.c (_ksba_ber_count_tl): Mark identical branches as
intentional for coverity
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/ber-help.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ber-help.c b/src/ber-help.c
index 1b72bf0..81c31ed 100644
--- a/src/ber-help.c
+++ b/src/ber-help.c
@@ -440,6 +440,7 @@ _ksba_ber_count_tl (unsigned long tag,
(void)constructed; /* Not used, but passed for uniformity of such calls. */
+ /* coverity[identical_branches] */
if (tag < 0x1f)
{
buflen++;
--
2.30.2

104
SOURCES/libksba-1.5.1-overflow.patch
Unescape View File

@ -1,104 +0,0 @@
From 4b7d9cd4a018898d7714ce06f3faf2626c14582b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 5 Oct 2022 14:19:06 +0200
Subject: [PATCH] Detect a possible overflow directly in the TLV parser.
* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
used sum.
--
It is quite common to have checks like
if (ti.nhdr + ti.length >= DIM(tmpbuf))
return gpg_error (GPG_ERR_TOO_LARGE);
This patch detects possible integer overflows immmediately when
creating the TI object.
Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
---
src/ber-help.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/ber-help.c b/src/ber-help.c
index 81c31ed..56efb6a 100644
--- a/src/ber-help.c
+++ b/src/ber-help.c
@@ -182,6 +182,12 @@ _ksba_ber_read_tl (ksba_reader_t reader, struct tag_info *ti)
ti->length = len;
}
+ if (ti->length > ti->nhdr && (ti->nhdr + ti->length) < ti->length)
+ {
+ ti->err_string = "header+length would overflow";
+ return gpg_error (GPG_ERR_EOVERFLOW);
+ }
+
/* Without this kludge some example certs can't be parsed */
if (ti->class == CLASS_UNIVERSAL && !ti->tag)
ti->length = 0;
--
2.37.3
commit f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
Author: Werner Koch <wk@gnupg.org>
Date: Tue Nov 22 16:36:46 2022 +0100
Fix an integer overflow in the CRL signature parser.
* src/crl.c (parse_signature): N+N2 now checked for overflow.
* src/ocsp.c (parse_response_extensions): Do not accept too large
values.
(parse_single_extensions): Ditto.
--
The second patch is an extra safegourd not related to the reported
bug.
GnuPG-bug-id: 6284
Reported-by: Joseph Surin, elttam
diff --git a/src/crl.c b/src/crl.c
index 9f71c85..2e6ca29 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -1349,7 +1349,7 @@ parse_signature (ksba_crl_t crl)
&& !ti.is_constructed) )
return gpg_error (GPG_ERR_INV_CRL_OBJ);
n2 = ti.nhdr + ti.length;
- if (n + n2 >= DIM(tmpbuf))
+ if (n + n2 >= DIM(tmpbuf) || (n + n2) < n)
return gpg_error (GPG_ERR_TOO_LARGE);
memcpy (tmpbuf+n, ti.buf, ti.nhdr);
err = read_buffer (crl->reader, tmpbuf+n+ti.nhdr, ti.length);
diff --git a/src/ocsp.c b/src/ocsp.c
index d4cba04..657d15f 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -721,6 +721,12 @@ parse_response_extensions (ksba_ocsp_t ocsp,
else
ocsp->good_nonce = 1;
}
+ if (ti.length > (1<<24))
+ {
+ /* Bail out on much too large objects. */
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{
@@ -788,6 +794,12 @@ parse_single_extensions (struct ocsp_reqitem_s *ri,
err = parse_octet_string (&data, &datalen, &ti);
if (err)
goto leave;
+ if (ti.length > (1<<24))
+ {
+ /* Bail out on much too large objects. */
+ err = gpg_error (GPG_ERR_BAD_BER);
+ goto leave;
+ }
ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
if (!ex)
{

BIN
SOURCES/libksba-1.5.1.tar.bz2.sig
View File

Binary file not shown.

86
SOURCES/signature_key.asc
Unescape View File

@ -0,0 +1,86 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

77
SPECS/libksba.spec
Unescape View File

@ -1,22 +1,26 @@
%bcond_with bootstrap
Summary: CMS and X.509 library
Name: libksba
Version: 1.5.1
Release: 6%{?dist}
Version: 1.6.7
Release: 2%{?dist}
# The library is licensed under LGPLv3+ or GPLv2+,
# the rest of the package under GPLv3+
License: (LGPLv3+ or GPLv2+) and GPLv3+
License: GPL-3.0-or-later AND LGPL-2.1-or-later AND (LGPL-3.0-or-later OR GPL-2.0-or-later)
URL: https://www.gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/libksba/libksba-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/libksba/libksba-%{version}.tar.bz2.sig
Source2: https://gnupg.org/signature_key.asc
Patch1: libksba-1.3.0-multilib.patch
Patch2: libksba-1.5.1-coverity.patch
# Fix for CVE-2022-3515
Patch3: libksba-1.5.1-overflow.patch
BuildRequires: gcc
BuildRequires: gawk
%if %{without bootstrap}
# Require gnupg2 to verify sources, unless bootstrapping
BuildRequires: gnupg2
%endif
BuildRequires: libgpg-error-devel >= 1.8
BuildRequires: libgcrypt-devel >= 1.2.0
BuildRequires: make
@ -36,11 +40,12 @@ Requires: pkgconfig
%prep
%if %{without bootstrap}
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%endif
%setup -q
%patch1 -p1 -b .multilib
%patch2 -p1 -b .coverity
%patch3 -p1 -b .overflow
%patch 1 -p1 -b .multilib
# Convert to utf-8
for file in THANKS; do
@ -85,18 +90,54 @@ make check
%changelog
* Wed Jan 25 2023 Jakub Jelen <jjelen@redhat.com> - 1.5.1-6
- Fix for CVE-2022-47629 (#2161571)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.6.7-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Jul 02 2024 Jakub Jelen <jjelen@redhat.com> - 1.6.7-1
- New upstream release (#2265627)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.6.5-4
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Nov 16 2023 Jakub Jelen <jjelen@redhat.com> - 1.6.5-1
- New upstream release (#2250046)
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jun 19 2023 Jakub Jelen <jjelen@redhat.com> - 1.6.4-1
- New upstream release (#2215873)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Dec 20 2022 Todd Zullinger <tmz@pobox.com> - 1.6.3-1
- New upstream release (#2155172)
* Fri Oct 07 2022 Jakub Jelen <jjelen@redhat.com> - 1.6.2-1
- New upstream release (#2132953)
* Mon Sep 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.6.1-1
- New upstream release (#2127464)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Oct 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.5.1-5
- Fix for CVE-2022-3515 (#2135703)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.1-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Jun 10 2021 Jakub Jelen <jjelen@redhat.com> - 1.6.0-1
- New upstream release (#1970445)
* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-2
- Address issues reported by coverity

Write Preview
Loading…
Cancel
Save