diff --git a/pinentry-1.1.0.tar.bz2 b/pinentry-1.1.0.tar.bz2 deleted file mode 100644 index 76a7534b32b0fd9a604aabfe8065790a4a2f6d1b..0000000000000000000000000000000000000000 Binary files a/pinentry-1.1.0.tar.bz2 and /dev/null differ diff --git a/pinentry-1.1.0.tar.bz2.sig b/pinentry-1.1.0.tar.bz2.sig deleted file mode 100644 index 0e539df9b2aaad04bca6c80106e903b24e2c8585..0000000000000000000000000000000000000000 Binary files a/pinentry-1.1.0.tar.bz2.sig and /dev/null differ diff --git a/pinentry-1.1.1-coverity.patch b/pinentry-1.1.1-coverity.patch new file mode 100644 index 0000000000000000000000000000000000000000..2a8607549c553d4aada1d3fe128baab8afc92528 --- /dev/null +++ b/pinentry-1.1.1-coverity.patch @@ -0,0 +1,194 @@ +commit a87d9e8f89f946a733c756c72bf5ec41e0a738b8 +Author: Jakub Jelen +Date: Wed Apr 14 15:51:27 2021 +0900 + + core,emacs,tty,curses: Fix memory leaks, invalid accese, and mistake. + + * pinentry/pinentry-curses.c (dialog_create): Free NEW. + [HAVE_NCURSESW] (dialog_run): Free OLD_CTYPE on error. + * pinentry/pinentry.c (pinentry_inq_genpin): Free VALUE on error. + * tty/pinentry-tty.c (tty_cmd_handler): Don't access closed FDs. + * pinentry/pinentry-emacs.c (set_labels): Fix for ->default_cancel. + + -- + + GnuPG-bug-id: 5384 + Signed-off-by: Jakub Jelen + +diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c +index a3fe2e2..1c3008a 100644 +--- a/pinentry/pinentry-curses.c ++++ b/pinentry/pinentry-curses.c +@@ -315,6 +315,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) + } \ + dialog->which = pinentry_utf8_to_local (pinentry->lc_ctype, \ + new ? new : default); \ ++ free (new); \ + if (!dialog->which) \ + { \ + err = 1; \ +@@ -873,6 +874,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) + { + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "open_tty_for_read"; ++#ifdef HAVE_NCURSESW ++ free (old_ctype); ++#endif + return confirm_mode? 0 : -1; + } + ttyfo = fopen (tty_name, "w"); +@@ -883,6 +887,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) + errno = err; + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "open_tty_for_write"; ++#ifdef HAVE_NCURSESW ++ free (old_ctype); ++#endif + return confirm_mode? 0 : -1; + } + screen = newterm (tty_type, ttyfo, ttyfi); +@@ -897,6 +904,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) + errno = ENOTTY; + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "isatty"; ++#ifdef HAVE_NCURSESW ++ free (old_ctype); ++#endif + return confirm_mode? 0 : -1; + } + init_screen = 1; +diff --git a/pinentry/pinentry-emacs.c b/pinentry/pinentry-emacs.c +index 16ae1c2..9685b67 100644 +--- a/pinentry/pinentry-emacs.c ++++ b/pinentry/pinentry-emacs.c +@@ -498,7 +498,7 @@ set_labels (pinentry_t pe) + set_label (pe, "SETOK", pe->default_ok); + if (pe->cancel) + set_label (pe, "SETCANCEL", pe->cancel); +- else if (pe->default_ok) ++ else if (pe->default_cancel) + set_label (pe, "SETCANCEL", pe->default_cancel); + if (pe->notok) + set_label (pe, "SETNOTOK", pe->notok); +diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c +index ef81f12..26ec77a 100644 +--- a/pinentry/pinentry.c ++++ b/pinentry/pinentry.c +@@ -656,6 +656,7 @@ pinentry_inq_genpin (pinentry_t pin) + if (rc) + { + fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc); ++ free (value); + return 0; + } + } +diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c +index 403dd60..4a2b67f 100644 +--- a/tty/pinentry-tty.c ++++ b/tty/pinentry-tty.c +@@ -559,7 +559,7 @@ tty_cmd_handler (pinentry_t pinentry) + } + } + +- if (terminal_save (fileno (ttyfi)) < 0) ++ if (!rc && terminal_save (fileno (ttyfi)) < 0) + rc = -1; + + if (! rc) + +From 7f7fd8bcfd74919091cc318b27b8617a9ef2ac82 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Fri, 16 Apr 2021 12:54:43 +0900 +Subject: [PATCH] tty: Fix error return paths and its resource leaks. + +* tty/pinentry-tty.c (tty_cmd_handler): Only call do_touch_file +on successful interaction. Fix closing file. + +-- + +GnuPG-bug-id: 5384 +Co-authored-by: Jakub Jelen +Signed-off-by: NIIBE Yutaka +--- + tty/pinentry-tty.c | 34 +++++++++++++++++----------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c +index 4a2b67f..c4d85c6 100644 +--- a/tty/pinentry-tty.c ++++ b/tty/pinentry-tty.c +@@ -525,6 +525,7 @@ tty_cmd_handler (pinentry_t pinentry) + int rc = 0; + FILE *ttyfi = stdin; + FILE *ttyfo = stdout; ++ int saved_errno = 0; + + #ifndef HAVE_DOSISH_SYSTEM + timed_out = 0; +@@ -545,30 +546,27 @@ tty_cmd_handler (pinentry_t pinentry) + { + ttyfi = fopen (pinentry->ttyname, "r"); + if (!ttyfi) +- rc = -1; +- else ++ return -1; ++ ++ ttyfo = fopen (pinentry->ttyname, "w"); ++ if (!ttyfo) + { +- ttyfo = fopen (pinentry->ttyname, "w"); +- if (!ttyfo) +- { +- int err = errno; +- fclose (ttyfi); +- errno = err; +- rc = -1; +- } ++ saved_errno = errno; ++ fclose (ttyfi); ++ errno = saved_errno; ++ return -1; + } + } + +- if (!rc && terminal_save (fileno (ttyfi)) < 0) ++ if (terminal_save (fileno (ttyfi)) < 0) + rc = -1; +- +- if (! rc) ++ else + { + if (terminal_setup (fileno (ttyfi), !!pinentry->pin) == -1) + { +- int err = errno; ++ saved_errno = errno; + fprintf (stderr, "terminal_setup failure, exiting\n"); +- errno = err; ++ rc = -1; + } + else + { +@@ -578,17 +576,19 @@ tty_cmd_handler (pinentry_t pinentry) + rc = confirm (pinentry, ttyfi, ttyfo); + + terminal_restore (fileno (ttyfi)); ++ do_touch_file (pinentry); + } + } + +- do_touch_file (pinentry); +- + if (pinentry->ttyname) + { + fclose (ttyfi); + fclose (ttyfo); + } + ++ if (saved_errno) ++ errno = saved_errno; ++ + return rc; + } + +-- +2.30.2 diff --git a/pinentry-1.1.1-rpath.patch b/pinentry-1.1.1-rpath.patch new file mode 100644 index 0000000000000000000000000000000000000000..b21300e84f674fb50b94e5f95a2551d49acff9a2 --- /dev/null +++ b/pinentry-1.1.1-rpath.patch @@ -0,0 +1,41 @@ +commit 6e8ad3150566d16a20cb3b54267191bcb0c14208 +Author: Damien Goutte-Gattat +Date: Tue Feb 23 22:05:37 2021 +0000 + + qt: Honor the --disable-rpath option. + + * m4/qt.m4: Do not set rpath if --disable-rpath has been specified + at configure time. + -- + + GnuPG-bug-id: 5307 + Signed-off-by: Damien Goutte-Gattat + +diff --git a/m4/qt.m4 b/m4/qt.m4 +index f8ef3f6..5f9de3f 100644 +--- a/m4/qt.m4 ++++ b/m4/qt.m4 +@@ -59,7 +59,9 @@ AC_DEFUN([FIND_QT], + + qtlibdir=`"$PKG_CONFIG" --variable libdir Qt5Core` + if test -n "$qtlibdir"; then ++ if test "$enable_rpath" != "no"; then + PINENTRY_QT_LDFLAGS="$PINENTRY_QT_LDFLAGS -Wl,-rpath \"$qtlibdir\"" ++ fi + fi + + AC_CHECK_TOOL(MOC, moc) + +diff -up pinentry-1.1.1/configure.rpath pinentry-1.1.1/configure +--- pinentry-1.1.1/configure.rpath 2021-04-16 09:08:48.306479991 +0200 ++++ pinentry-1.1.1/configure 2021-04-16 09:09:29.365068549 +0200 +@@ -10765,7 +10776,9 @@ fi + + qtlibdir=`"$PKG_CONFIG" --variable libdir Qt5Core` + if test -n "$qtlibdir"; then ++ if test "$enable_rpath" != "no"; then + PINENTRY_QT_LDFLAGS="$PINENTRY_QT_LDFLAGS -Wl,-rpath \"$qtlibdir\"" ++ fi + fi + + if test -n "$ac_tool_prefix"; then diff --git a/pinentry-1.1.1.tar.bz2 b/pinentry-1.1.1.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..c729dc074f80d487da690cf2c4976a1e3dd02262 Binary files /dev/null and b/pinentry-1.1.1.tar.bz2 differ diff --git a/pinentry-1.1.1.tar.bz2.sig b/pinentry-1.1.1.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000..1b0d64bc52d7cdb7495c7f0b9cf46f279e6567ad Binary files /dev/null and b/pinentry-1.1.1.tar.bz2.sig differ diff --git a/pinentry-wrapper b/pinentry-wrapper index 2ea4677f6ee8e8bbf744bf764883674cba12a4f9..e4318dfec06a95b5d3d21f6b91114047c96405e2 100755 --- a/pinentry-wrapper +++ b/pinentry-wrapper @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/sh # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009 Fedora Project @@ -32,22 +32,20 @@ done # export DISPLAY if pinentry is meant to be run on a different display # check the KDE_FULL_SESSION variable otherwise -if [ -n "$display" -a "$DISPLAY" != "$display" ]; then +if [ -n "$display" ] && [ "$DISPLAY" != "$display" ]; then export DISPLAY="$display" elif [ -n "$KDE_FULL_SESSION" ]; then kde_running=1 - kde_ver="$KDE_SESSION_VERSION" fi # Check for presence of xprop binary type xprop >/dev/null 2>/dev/null XPROP=$? -if [ -n "$DISPLAY" -a $XPROP -eq 0 ]; then +if [ -n "$DISPLAY" ] && [ $XPROP -eq 0 ]; then xprop -root | grep "^KDE_FULL_SESSION" >/dev/null 2>/dev/null if test $? -eq 0; then kde_running=1 - kde_ver="`xprop -root | sed -n 's/KDE_SESSION_VERSION(CARDINAL) = //p'`" 2>/dev/null fi fi @@ -56,21 +54,25 @@ if [ -n "$PINENTRY_BINARY" ]; then export PINENTRY_BINARY="$PINENTRY_BINARY" # if KDE is detected and pinentry-qt exists, use pinentry-qt -elif [ -n "$kde_running" -a -x /usr/bin/pinentry-qt ] +elif [ -n "$kde_running" ] && [ -x /usr/bin/pinentry-qt ] then export PINENTRY_BINARY="/usr/bin/pinentry-qt" # otherwise test if pinentry-gnome3 is installed -elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gnome3 ] +elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gnome3 ] then export PINENTRY_BINARY="/usr/bin/pinentry-gnome3" # otherwise test if pinentry-gtk-2 is installed -elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gtk-2 ] +elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gtk-2 ] then export PINENTRY_BINARY="/usr/bin/pinentry-gtk-2" # otherwise test if pinentry-qt exists although KDE is not detected -elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-qt ] +elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-qt ] then export PINENTRY_BINARY="/usr/bin/pinentry-qt" +# use pinentry-tty if installed +elif [ -x /usr/bin/pinentry-tty ] +then + export PINENTRY_BINARY="/usr/bin/pinentry-tty" # pinentry-curses is installed by default else export PINENTRY_BINARY="/usr/bin/pinentry-curses" diff --git a/pinentry.spec b/pinentry.spec index af39299d19ab497a9ee961e8e9e5c53be2dd88fb..a2bdbdab61a1c008d94db32df2f7d9c614cd58c7 100644 --- a/pinentry.spec +++ b/pinentry.spec @@ -1,17 +1,22 @@ Name: pinentry -Version: 1.1.0 -Release: 2%{?dist} +Version: 1.1.1 +Release: 8%{?dist} Summary: Collection of simple PIN or passphrase entry dialogs License: GPLv2+ -URL: http://www.gnupg.org/aegypten/ -Source0: ftp://ftp.gnupg.org/gcrypt/pinentry/%{name}-%{version}.tar.bz2 -Source1: ftp://ftp.gnupg.org/gcrypt/pinentry/%{name}-%{version}.tar.bz2.sig +URL: https://www.gnupg.org/ +Source0: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2 +Source1: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2.sig + +Patch1: pinentry-1.1.1-coverity.patch +Patch2: pinentry-1.1.1-rpath.patch # borrowed from opensuse Source10: pinentry-wrapper +BuildRequires: make +BuildRequires: gcc BuildRequires: gcr-devel BuildRequires: gtk2-devel BuildRequires: libcap-devel @@ -22,8 +27,6 @@ BuildRequires: libsecret-devel BuildRequires: pkgconfig(Qt5Core) pkgconfig(Qt5Gui) pkgconfig(Qt5Widgets) Requires(pre): %{_sbindir}/update-alternatives -Requires(post): /sbin/install-info -Requires(preun): /sbin/install-info Provides: %{name}-curses = %{version}-%{release} @@ -75,8 +78,19 @@ utilize the Assuan protocol as described by the aegypten project; see http://www.gnupg.org/aegypten/ for details. This package contains the emacs based version of the PIN entry dialog. +%package tty +Summary: Passphrase/PIN entry dialog in tty +Requires: %{name} = %{version}-%{release} +%description tty +Pinentry is a collection of simple PIN or passphrase entry dialogs which +utilize the Assuan protocol as described by the aegypten project; see +http://www.gnupg.org/aegypten/ for details. +This package contains the tty version of the PIN entry dialog. + %prep %setup -q +%patch1 -p1 -b .coverity +%patch2 -p1 -b .rpath %build @@ -84,17 +98,19 @@ This package contains the emacs based version of the PIN entry dialog. --disable-rpath \ --disable-dependency-tracking \ --without-libcap \ + --disable-pinentry-fltk \ --enable-pinentry-gnome3 \ --enable-pinentry-gtk2 \ --enable-pinentry-qt5 \ --enable-pinentry-emacs \ + --enable-pinentry-tty \ --enable-libsecret -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT +%make_install # Symlink for Backward compatibility ln -s pinentry-gtk-2 $RPM_BUILD_ROOT%{_bindir}/pinentry-gtk @@ -105,17 +121,6 @@ install -p -m755 -D %{SOURCE10} $RPM_BUILD_ROOT%{_bindir}/pinentry # unpackaged files rm -fv $RPM_BUILD_ROOT%{_infodir}/dir - -%post -if [ -f %{_infodir}/pinentry.info* ]; then -/sbin/install-info %{_infodir}/pinentry.info %{_infodir}/dir ||: -fi - -%preun -if [ $1 -eq 0 -a -f %{_infodir}/pinentry.info* ] ; then - /sbin/install-info --delete %{_infodir}/pinentry.info %{_infodir}/dir ||: -fi - %files %license COPYING %doc AUTHORS ChangeLog NEWS README THANKS TODO @@ -139,7 +144,59 @@ fi %files emacs %{_bindir}/pinentry-emacs +%files tty +%{_bindir}/pinentry-tty + %changelog +* Mon Aug 09 2021 Mohan Boddu - 1.1.1-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Jakub Jelen - 1.1.1-7 +- Honor the disabled rpath +- Sync final version of coverity patches from upstream (#1938729) + +* Fri Apr 16 2021 Mohan Boddu - 1.1.1-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Apr 15 2021 Jakub Jelen - 1.1.1-5 +- Address few more minor issues reported by coverity + +* Wed Apr 14 2021 Jakub Jelen - 1.1.1-4 +- Fix issues reported by coverity + +* Wed Jan 27 2021 Fedora Release Engineering - 1.1.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 26 2021 Jakub Jelen - 1.1.1-2 +- Move pinentry-tty to separate subpackage (#1782442) +- Update the wrapper selecting the appropriate version (#1918969) + +* Fri Jan 22 2021 Jakub Jelen - 1.1.1-1 +- New upstream release (#1919127) + +* Wed Jan 06 2021 Boris Ranto - 1.1.0-9 +- enable pinentry-tty + +* Tue Jul 28 2020 Fedora Release Engineering - 1.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jan 30 2020 Fedora Release Engineering - 1.1.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 1.1.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering - 1.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 1.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Mar 07 2018 Rex Dieter - 1.1.0-3 +- BR: gcc, use %%make_build %%make_install +- explicitly disable fltk support (FTBFS) + * Fri Feb 09 2018 Fedora Release Engineering - 1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild