Skip to content

Update to github.com/mtrmac/gpgme v0.1.2#827

Merged
rhatdan merged 3 commits into
podman-container-tools:release-0.1.32-rhelfrom
mtrmac:gpgme-update-0.1.32
Feb 21, 2020
Merged

Update to github.com/mtrmac/gpgme v0.1.2#827
rhatdan merged 3 commits into
podman-container-tools:release-0.1.32-rhelfrom
mtrmac:gpgme-update-0.1.32

Conversation

@mtrmac

@mtrmac mtrmac commented Feb 21, 2020

Copy link
Copy Markdown
Contributor

This fixes CVE-2020-8945 by incorporating proglottis/gpgme#23 .

Other changes included by the rebase:

  • Support for gpgme_off_t (~no-op on Linux)
  • Wrapping a few more GPGME functions (irrelevant if we don't call them)

Given how invasive the CVE fix is (affecting basically all binding code), it seems safer to just update the package (and be verifiably equivalent with upstream) than to backport and try to back out the few other changes.

Performed by updating vendor conf,

$ vndr github.com/mtrmac/gpgme

and manually backing out unrelated deletions of files.

mtrmac and others added 3 commits February 21, 2020 14:21
This fixes CVE-2020-8945 by incorporating proglottis/gpgme#23 .

Other changes included by the rebase:
- Support for gpgme_off_t (~no-op on Linux)
- Wrapping a few more GPGME functions (irrelevant if we don't call them)

Given how invasive the CVE fix is (affecting basically all binding
code), it seems safer to just update the package (and be verifiably
equivalent with upstream) than to backport and try to back out the few
other changes.

Performed by updating vendor conf,
$ vndr github.com/mtrmac/gpgme
and manually backing out unrelated deletions of files.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
the package was renamed on Fedora 31.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Since GPG 2.1, GPG asks for a passphrase by default; opt out when
generating test keys to avoid
> gpg: agent_genkey failed: No pinentry
> gpg: key generation failed: No pinentry
which happens otherwise (and we can't use an interactive pinentry
in a batch process anyway).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@TomSweeneyRedHat

Copy link
Copy Markdown
Contributor

LGTM

@mtrmac

mtrmac commented Feb 21, 2020

Copy link
Copy Markdown
Contributor Author

NOTE: This backports test suite changes necessary for recent Fedoras, which may be inappropriate for the RHEL target.

@rhatdan
rhatdan merged commit e5c9d57 into podman-container-tools:release-0.1.32-rhel Feb 21, 2020
@mtrmac
mtrmac deleted the gpgme-update-0.1.32 branch February 21, 2020 16:38
@github-actions github-actions Bot locked as resolved and limited conversation to collaborators Sep 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants