diff --git a/.gitignore b/.gitignore index c4feeec..80fa0f6 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /sequoia-openpgp-1.10.0.crate /sequoia-openpgp-1.11.0.crate /sequoia-openpgp-1.12.0.crate +/sequoia-openpgp-1.13.0.crate diff --git a/aacdf9b.patch b/aacdf9b.patch new file mode 100644 index 0000000..0da7120 --- /dev/null +++ b/aacdf9b.patch @@ -0,0 +1,36 @@ +From aacdf9b232c383693fa0c6d9411d3ec168b9487a Mon Sep 17 00:00:00 2001 +From: Wiktor Kwapisiewicz +Date: Thu, 19 Jan 2023 09:55:34 +0100 +Subject: [PATCH] Fix EC curve detection. + + - Some systems have smaller set of supported curves and even though the + curve identifiers are compiled in the usage of the curve fails. + + - Try to construct an `EcGroup` using retrieved `Nid` as this is a cheap + check that will fail if the curve is truly unsupported. + + - Fixes #976. +--- + src/crypto/backend/openssl.rs | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/backend/openssl.rs b/src/crypto/backend/openssl.rs +index 4e610bfe8..aa5c9db7d 100644 +--- a/src/crypto/backend/openssl.rs ++++ b/src/crypto/backend/openssl.rs +@@ -43,7 +43,11 @@ impl Curve { + } else { + // the rest of EC algorithms are supported via the same + // codepath +- openssl::nid::Nid::try_from(self).is_ok() ++ if let Ok(nid) = openssl::nid::Nid::try_from(self) { ++ openssl::ec::EcGroup::from_curve_name(nid).is_ok() ++ } else { ++ false ++ } + } + } + } +-- +GitLab + diff --git a/rust-sequoia-openpgp.spec b/rust-sequoia-openpgp.spec index 107697c..c932e7e 100644 --- a/rust-sequoia-openpgp.spec +++ b/rust-sequoia-openpgp.spec @@ -5,7 +5,7 @@ %global crate sequoia-openpgp Name: rust-sequoia-openpgp -Version: 1.12.0 +Version: 1.13.0 Release: %autorelease Summary: OpenPGP data types and associated machinery @@ -19,6 +19,9 @@ Patch: sequoia-openpgp-fix-metadata-auto.diff # * drop unused, benchmark-only criterion dev-dependency to speed up builds # * drop example-only rpassword dev-dependency (currently too old in Fedora) Patch: sequoia-openpgp-fix-metadata.diff +# * upstream patch to improve detection of supported ECC algorithms in OpenSSL +# https://gitlab.com/sequoia-pgp/sequoia/-/commit/aacdf9b +Patch: aacdf9b.patch BuildRequires: rust-packaging >= 21 @@ -53,6 +56,18 @@ use the "default" feature of the "%{crate}" crate. %files -n %{name}+default-devel %ghost %{crate_instdir}/Cargo.toml +%package -n %{name}+__implicit-crypto-backend-for-tests-devel +Summary: %{summary} +BuildArch: noarch + +%description -n %{name}+__implicit-crypto-backend-for-tests-devel %{_description} + +This package contains library source intended for building other packages which +use the "__implicit-crypto-backend-for-tests" feature of the "%{crate}" crate. + +%files -n %{name}+__implicit-crypto-backend-for-tests-devel +%ghost %{crate_instdir}/Cargo.toml + %package -n %{name}+allow-experimental-crypto-devel Summary: %{summary} BuildArch: noarch @@ -137,6 +152,18 @@ use the "crypto-nettle" feature of the "%{crate}" crate. %files -n %{name}+crypto-nettle-devel %ghost %{crate_instdir}/Cargo.toml +%package -n %{name}+crypto-openssl-devel +Summary: %{summary} +BuildArch: noarch + +%description -n %{name}+crypto-openssl-devel %{_description} + +This package contains library source intended for building other packages which +use the "crypto-openssl" feature of the "%{crate}" crate. + +%files -n %{name}+crypto-openssl-devel +%ghost %{crate_instdir}/Cargo.toml + %package -n %{name}+flate2-devel Summary: %{summary} BuildArch: noarch @@ -149,6 +176,18 @@ use the "flate2" feature of the "%{crate}" crate. %files -n %{name}+flate2-devel %ghost %{crate_instdir}/Cargo.toml +%package -n %{name}+foreign-types-shared-devel +Summary: %{summary} +BuildArch: noarch + +%description -n %{name}+foreign-types-shared-devel %{_description} + +This package contains library source intended for building other packages which +use the "foreign-types-shared" feature of the "%{crate}" crate. + +%files -n %{name}+foreign-types-shared-devel +%ghost %{crate_instdir}/Cargo.toml + %package -n %{name}+nettle-devel Summary: %{summary} BuildArch: noarch @@ -161,6 +200,30 @@ use the "nettle" feature of the "%{crate}" crate. %files -n %{name}+nettle-devel %ghost %{crate_instdir}/Cargo.toml +%package -n %{name}+openssl-devel +Summary: %{summary} +BuildArch: noarch + +%description -n %{name}+openssl-devel %{_description} + +This package contains library source intended for building other packages which +use the "openssl" feature of the "%{crate}" crate. + +%files -n %{name}+openssl-devel +%ghost %{crate_instdir}/Cargo.toml + +%package -n %{name}+openssl-sys-devel +Summary: %{summary} +BuildArch: noarch + +%description -n %{name}+openssl-sys-devel %{_description} + +This package contains library source intended for building other packages which +use the "openssl-sys" feature of the "%{crate}" crate. + +%files -n %{name}+openssl-sys-devel +%ghost %{crate_instdir}/Cargo.toml + %prep %autosetup -n %{crate}-%{version_no_tilde} -p1 # remove examples which depend on rpassword @@ -168,7 +231,8 @@ rm examples/{notarize.rs,sign.rs,sign-detached.rs} %cargo_prep %generate_buildrequires -%cargo_generate_buildrequires +# * ensure all dependencies for tests are generated +%cargo_generate_buildrequires -f crypto-openssl,crypto-nettle,compression %build %cargo_build @@ -178,7 +242,10 @@ rm examples/{notarize.rs,sign.rs,sign-detached.rs} %if %{with check} %check -%cargo_test +# * run tests with nettle crypto backend (default) +%cargo_test -n -f crypto-nettle,compression +# * run tests with openssl crypto backend +%cargo_test -n -f crypto-openssl,compression %endif %changelog diff --git a/sequoia-openpgp-fix-metadata-auto.diff b/sequoia-openpgp-fix-metadata-auto.diff index 9e3fa51..16cb950 100644 --- a/sequoia-openpgp-fix-metadata-auto.diff +++ b/sequoia-openpgp-fix-metadata-auto.diff @@ -1,6 +1,6 @@ ---- sequoia-openpgp-1.12.0/Cargo.toml 1970-01-01T00:00:01+00:00 -+++ sequoia-openpgp-1.12.0/Cargo.toml 1970-01-01T00:00:01+00:00 -@@ -264,8 +264,6 @@ +--- sequoia-openpgp-1.13.0/Cargo.toml 1970-01-01T00:00:01+00:00 ++++ sequoia-openpgp-1.13.0/Cargo.toml 1970-01-01T00:00:01+00:00 +@@ -278,8 +278,6 @@ ] crypto-cng = [ "eax", @@ -9,7 +9,7 @@ "ed25519-dalek", "num-bigint-dig", ] -@@ -303,37 +301,6 @@ +@@ -322,37 +320,6 @@ "crypto-nettle", ] diff --git a/sequoia-openpgp-fix-metadata.diff b/sequoia-openpgp-fix-metadata.diff index 5b5e750..658c3aa 100644 --- a/sequoia-openpgp-fix-metadata.diff +++ b/sequoia-openpgp-fix-metadata.diff @@ -1,6 +1,6 @@ ---- sequoia-openpgp-1.12.0/Cargo.toml 1970-01-01T00:00:01+00:00 -+++ sequoia-openpgp-1.12.0/Cargo.toml 2022-12-14T14:13:28.983407+00:00 -@@ -50,10 +50,6 @@ +--- sequoia-openpgp-1.13.0/Cargo.toml 1970-01-01T00:00:01+00:00 ++++ sequoia-openpgp-1.13.0/Cargo.toml 2023-01-18T16:50:41.260880+00:00 +@@ -51,10 +51,6 @@ name = "pad" required-features = ["compression-deflate"] @@ -11,7 +11,7 @@ [dependencies.aes] version = "0.6.0" optional = true -@@ -229,19 +225,12 @@ +@@ -242,19 +238,12 @@ version = "0.8" features = ["xxh3"] @@ -31,7 +31,7 @@ [build-dependencies.lalrpop] version = ">=0.17" -@@ -261,11 +250,6 @@ +@@ -275,11 +264,6 @@ compression-deflate = [ "flate2", "buffered-reader/compression-deflate", @@ -42,4 +42,4 @@ - "num-bigint-dig", ] crypto-nettle = ["nettle"] - crypto-rust = [ + crypto-openssl = [ diff --git a/sources b/sources index e743b28..0ceecea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sequoia-openpgp-1.12.0.crate) = 688e86f1d59ffbb199f6acd0d69682b8597d7698c93ac33598c317747a491fe4dc37e0ff9ca09c0c175a624491e80033072da6cf6563e7a266e8f5085ec02b57 +SHA512 (sequoia-openpgp-1.13.0.crate) = 45ff000500e9919216a543981cc3b0eb6a2e354ff8bf76bf5829b0a98344766b88b7d25bc174649d85d92a14b6cbf12ce56f54f6fedd4ff9c79ba662a9e79ef1