diff --git a/SOURCES/gpgme-1.13.1-fix-null-deref.patch b/SOURCES/gpgme-1.13.1-fix-null-deref.patch new file mode 100644 index 0000000..b4837c2 --- /dev/null +++ b/SOURCES/gpgme-1.13.1-fix-null-deref.patch @@ -0,0 +1,26 @@ +diff --git a/src/data-mem.c b/src/data-mem.c +index 539b453..ae16bab 100644 +--- a/src/data-mem.c ++++ b/src/data-mem.c +@@ -271,7 +271,7 @@ gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len) + } + else + { +- if (blankout && len) ++ if (str && blankout && len) + *str = 0; + /* Prevent mem_release from releasing the buffer memory. We + * must not fail from this point. */ +diff --git a/src/vfs-create.c b/src/vfs-create.c +index 51b8307..445cd05 100644 +--- a/src/vfs-create.c ++++ b/src/vfs-create.c +@@ -130,7 +130,7 @@ _gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[], + return err; + + i = 0; +- while (!err && recp[i]) ++ while (!err && recp && recp[i]) + { + if (!recp[i]->subkeys || !recp[i]->subkeys->fpr) + { diff --git a/SPECS/gpgme.spec b/SPECS/gpgme.spec index a9681dd..8319642 100644 --- a/SPECS/gpgme.spec +++ b/SPECS/gpgme.spec @@ -17,9 +17,9 @@ Name: gpgme Summary: GnuPG Made Easy - high level crypto API Version: 1.13.1 -Release: 6%{?dist} +Release: 7%{?dist} -License: LGPLv2+ +License: LGPLv2+ and MIT URL: https://gnupg.org/related_software/gpgme/ Source0: https://gnupg.org/ftp/gcrypt/gpgme/gpgme-%{version}.tar.bz2 Source2: gpgme-multilib.h @@ -35,6 +35,8 @@ Patch1003: 0001-fix-stupid-ax_python_devel.patch Patch1004: gpgme-1.13.1-fix-resource-leaks.patch # Make the make check work with gnupg-2.2.19 and above Patch1005: gpgme-build-with-gnupg-2.2.19.patch +# Fix NULL dereference +Patch1006: gpgme-1.13.1-fix-null-deref.patch #BuildRequires: autoconf #BuildRequires: automake @@ -252,6 +254,11 @@ fi %{python3_sitearch}/gpg/ %changelog +* Wed Nov 18 2020 Jiri Kucera - 1.13.1-7 +- Fix null dereference + Fix licence tag + Related: #1726861 + * Fri Nov 06 2020 Jiri Kucera - 1.13.1-6 - Try to fix RPMDIFF issues Related: #1726861