From 06d0da04376dc930d2a7cfcdc168ce28614784ba Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 24 Apr 2012 15:46:42 +0200 Subject: [PATCH] new upstream release - set environment in protect-tool (#548528) - do not reject OCSP signing certs without keyUsage (#720174) --- .gitignore | 2 ++ gnupg-2.0.16-ocsp-keyusage.patch | 17 +++++++++++++++++ gnupg-2.0.18-protect-tool-env.patch | 28 ++++++++++++++++++++++++++++ gnupg2.spec | 13 +++++++++++-- sources | 4 ++-- 5 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 gnupg-2.0.16-ocsp-keyusage.patch create mode 100644 gnupg-2.0.18-protect-tool-env.patch diff --git a/.gitignore b/.gitignore index aa62450..5d0cf70 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ gnupg-2.0.16.tar.bz2.sig /gnupg-2.0.17.tar.bz2.sig /gnupg-2.0.18.tar.bz2 /gnupg-2.0.18.tar.bz2.sig +/gnupg-2.0.19.tar.bz2 +/gnupg-2.0.19.tar.bz2.sig diff --git a/gnupg-2.0.16-ocsp-keyusage.patch b/gnupg-2.0.16-ocsp-keyusage.patch new file mode 100644 index 0000000..4d406a6 --- /dev/null +++ b/gnupg-2.0.16-ocsp-keyusage.patch @@ -0,0 +1,17 @@ +diff -r -u gnupg-2.0.16.orig/sm/certlist.c gnupg-2.0.16/sm/certlist.c +--- gnupg-2.0.16.orig/sm/certlist.c 2009-09-21 18:53:43.000000000 +0200 ++++ gnupg-2.0.16/sm/certlist.c 2010-11-29 16:47:26.284497534 +0100 +@@ -146,10 +146,9 @@ + + if (mode == 5) + { +- if (use != ~0 +- && (have_ocsp_signing +- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN +- |KSBA_KEYUSAGE_CRL_SIGN)))) ++ if (have_ocsp_signing ++ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN ++ |KSBA_KEYUSAGE_CRL_SIGN))) + return 0; + log_info (_("certificate should have not " + "been used for OCSP response signing\n")); diff --git a/gnupg-2.0.18-protect-tool-env.patch b/gnupg-2.0.18-protect-tool-env.patch new file mode 100644 index 0000000..e0c6c48 --- /dev/null +++ b/gnupg-2.0.18-protect-tool-env.patch @@ -0,0 +1,28 @@ +diff -u -r gnupg-2.0.18.orig/agent/protect-tool.c gnupg-2.0.18/agent/protect-tool.c +--- gnupg-2.0.18.orig/agent/protect-tool.c 2011-07-22 14:00:44.000000000 +0200 ++++ gnupg-2.0.18/agent/protect-tool.c 2012-04-10 22:42:17.397613438 +0200 +@@ -102,6 +102,7 @@ + static int opt_status_msg; + static const char *opt_p12_charset; + static const char *opt_agent_program; ++static session_env_t opt_session_env; + + static char *get_passphrase (int promptno); + static void release_passphrase (char *pw); +@@ -1040,6 +1041,7 @@ + + opt_homedir = default_homedir (); + ++ opt_session_env = session_env_new (); + + pargs.argc = &argc; + pargs.argv = &argv; +@@ -1091,7 +1093,7 @@ + opt.verbose, + opt_homedir, + opt_agent_program, +- NULL, NULL, NULL); ++ NULL, NULL, opt_session_env); + + if (opt_prompt) + opt_prompt = percent_plus_unescape (opt_prompt, 0); diff --git a/gnupg2.spec b/gnupg2.spec index 0ba99e3..1937c56 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,7 +1,7 @@ Summary: Utility for secure communication and data storage Name: gnupg2 -Version: 2.0.18 -Release: 3%{?dist} +Version: 2.0.19 +Release: 1%{?dist} License: GPLv3+ Group: Applications/System @@ -11,6 +11,8 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}. #Source0: gnupg2-20090809svn.tar.bz2 Patch2: gnupg-2.0.16-tests-s2kcount.patch Patch3: gnupg-2.0.18-secmem.patch +Patch4: gnupg-2.0.18-protect-tool-env.patch +Patch5: gnupg-2.0.16-ocsp-keyusage.patch URL: http://www.gnupg.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -63,6 +65,8 @@ to the base GnuPG package %patch2 -p1 -b .s2k %patch3 -p1 -b .secmem +%patch4 -p1 -b .ptool-env +%patch5 -p1 -b .keyusage # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # Note: this is just the name of the default shared lib to load in scdaemon, @@ -164,6 +168,11 @@ rm -rf %{buildroot} %changelog +* Tue Apr 24 2012 Tomas Mraz - 2.0.19-1 +- new upstream release +- set environment in protect-tool (#548528) +- do not reject OCSP signing certs without keyUsage (#720174) + * Fri Jan 13 2012 Fedora Release Engineering - 2.0.18-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild diff --git a/sources b/sources index 0819651..3c1907b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -2f37e0722666a0fedbe4d9f9227ac4d7 gnupg-2.0.18.tar.bz2 -ddca149279811a3a4572fc90f92bbcf6 gnupg-2.0.18.tar.bz2.sig +6a8589381ca1b0c1a921e9955f42b016 gnupg-2.0.19.tar.bz2 +7d4763596ac3d3c9f573493a31e44b26 gnupg-2.0.19.tar.bz2.sig