Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-84033

merge sequoia-sq 1.2.0 or 1.3.0 from ELN

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • rust-sequoia-sq-1.3.0-1.el10_0
    • No
    • Moderate
    • 0day
    • 2
    • rhel-security-crypto
    • ssg_security
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25Q1, Crypto25Q2
    • Hide

      Tested CLI Versions: 1.0.0, 1.1.0, 1.2.0, and 1.3.0

      For X in Tested CLI Versions:

      1. sq --cli-version X --help

        succeeds

      2. sq --cli-version X encrypt/sign

        can encrypt/sign messages; these can be decrypted/verified by sq decrypt/verify without --cli-version argument

      Show
      Tested CLI Versions: 1.0.0, 1.1.0, 1.2.0, and 1.3.0 For X in Tested CLI Versions: sq --cli-version X --help succeeds sq --cli-version X encrypt/sign can encrypt/sign messages; these can be decrypted/verified by sq decrypt/verify without --cli-version argument
    • Pass
    • Automated
    • Enhancement
    • Hide
      .New package: `sequoia-sq`

      The Sequoia PGP suite provides a memory-free implementation of the OpenPGP standard for ensuring confidentiality, key management, authentication, and digital signatures. The `sq` command-line tool is a front end for managing OpenPGP encryption and signatures.

      RHEL 10.0 contains the `sequoia-sq` package in version 1.3.0, which already supports the RFC 9580 standard and provides the `sq pki vouch` and `sq key rotate` subcommands.
      Show
      .New package: `sequoia-sq` The Sequoia PGP suite provides a memory-free implementation of the OpenPGP standard for ensuring confidentiality, key management, authentication, and digital signatures. The `sq` command-line tool is a front end for managing OpenPGP encryption and signatures. RHEL 10.0 contains the `sequoia-sq` package in version 1.3.0, which already supports the RFC 9580 standard and provides the `sq pki vouch` and `sq key rotate` subcommands.
    • Done
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      sequoia-sq 1.1.0 has a bug that breaks the functionality for "stable" command-line versioning (i.e. the `--cli-version` flag), which was fixed in version 1.2.0 - for reference, reproduction steps are included below (from upstream release notes).

      The 1.3.0 release adds support for the latest IETF OpenPGP standard, RFC 9580.

      As such, it would be great to get at least 1.2.0 (or eventually, 1.3.0) into CentOS 10 Stream, and 1.2.0 into RHEL 10.0 since it fixes the broken CLI compatibility functionality. I can file a separate ticket for RHEL 10.0, if needed.

      upstream release notes: https://gitlab.com/sequoia-pgp/sequoia-sq/-/blob/main/NEWS

      What is the impact of this issue to you?

      I am package maintainer for this package in Fedora Linux, ELN, and EPEL 9, where this issue has already been addressed. It would be great if c10s and RHEL 10.0 didn't ship a version a know bug.

      Please provide the package NVR for which the bug is seen:

      sequoia-sq-1.1.0-2.el10

      How reproducible is this bug?:

      Always.

      Steps to reproduce

      1.  Run `sq --cli-version 1.0.0 --help`
      2.  This returns an error, claiming 1.0.0 is not compatible with 1.1.0, when it should be.

      Expected results

      This should just print help output.

      Actual results

        Error: The required CLI version, 1.0.0, is not compatible with this version of
               sq, which implements version 1.1.0 of the CLI

              jjelen@redhat.com Jakub Jelen
              decathorpe_gmail Fabio Valentini (Inactive)
              Jakub Jelen Jakub Jelen
              Stanislav Zidek Stanislav Zidek
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: