new upstream release

- set environment in protect-tool (#548528)
- do not reject OCSP signing certs without keyUsage (#720174)

.gitignore

@@ -4,3 +4,5 @@ gnupg-2.0.16.tar.bz2.sig
 /gnupg-2.0.17.tar.bz2.sig
 /gnupg-2.0.18.tar.bz2
 /gnupg-2.0.18.tar.bz2.sig
+/gnupg-2.0.19.tar.bz2
+/gnupg-2.0.19.tar.bz2.sig

gnupg-2.0.16-ocsp-keyusage.patch

@@ -0,0 +1,17 @@
+diff -r -u gnupg-2.0.16.orig/sm/certlist.c gnupg-2.0.16/sm/certlist.c
+--- gnupg-2.0.16.orig/sm/certlist.c	2009-09-21 18:53:43.000000000 +0200
++++ gnupg-2.0.16/sm/certlist.c	2010-11-29 16:47:26.284497534 +0100
+@@ -146,10 +146,9 @@
+ 
+   if (mode == 5)
+     {
+-      if (use != ~0 
+-          && (have_ocsp_signing
+-              || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+-                         |KSBA_KEYUSAGE_CRL_SIGN))))
++      if (have_ocsp_signing
++          || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
++                     |KSBA_KEYUSAGE_CRL_SIGN)))
+         return 0;
+       log_info (_("certificate should have not "
+                   "been used for OCSP response signing\n"));

gnupg-2.0.18-protect-tool-env.patch

@@ -0,0 +1,28 @@
+diff -u -r gnupg-2.0.18.orig/agent/protect-tool.c gnupg-2.0.18/agent/protect-tool.c
+--- gnupg-2.0.18.orig/agent/protect-tool.c	2011-07-22 14:00:44.000000000 +0200
++++ gnupg-2.0.18/agent/protect-tool.c	2012-04-10 22:42:17.397613438 +0200
+@@ -102,6 +102,7 @@
+ static int opt_status_msg;
+ static const char *opt_p12_charset;
+ static const char *opt_agent_program; 
++static session_env_t opt_session_env;
+ 
+ static char *get_passphrase (int promptno);
+ static void release_passphrase (char *pw);
+@@ -1040,6 +1041,7 @@
+ 
+   opt_homedir = default_homedir ();
+ 
++  opt_session_env = session_env_new ();
+ 
+   pargs.argc = &argc;
+   pargs.argv = &argv;
+@@ -1091,7 +1093,7 @@
+                                 opt.verbose,
+                                 opt_homedir,
+                                 opt_agent_program,
+-                                NULL, NULL, NULL);
++                                NULL, NULL, opt_session_env);
+ 
+   if (opt_prompt)
+     opt_prompt = percent_plus_unescape (opt_prompt, 0);

gnupg2.spec

@@ -1,7 +1,7 @@
 Summary: Utility for secure communication and data storage
 Name:    gnupg2
-Version: 2.0.18
+Version: 2.0.19
-Release: 3%{?dist}
+Release: 1%{?dist}
 
 License: GPLv3+
 Group:   Applications/System
@@ -11,6 +11,8 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.
 #Source0: gnupg2-20090809svn.tar.bz2
 Patch2:  gnupg-2.0.16-tests-s2kcount.patch
 Patch3:  gnupg-2.0.18-secmem.patch
+Patch4:  gnupg-2.0.18-protect-tool-env.patch
+Patch5:  gnupg-2.0.16-ocsp-keyusage.patch
 
 URL:     http://www.gnupg.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -63,6 +65,8 @@ to the base GnuPG package
 
 %patch2 -p1 -b .s2k
 %patch3 -p1 -b .secmem
+%patch4 -p1 -b .ptool-env
+%patch5 -p1 -b .keyusage
 
 # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
 # Note: this is just the name of the default shared lib to load in scdaemon,
@@ -164,6 +168,11 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Apr 24 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-1
+- new upstream release
+- set environment in protect-tool (#548528)
+- do not reject OCSP signing certs without keyUsage (#720174)
+
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.18-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 

sources

@@ -1,2 +1,2 @@
-2f37e0722666a0fedbe4d9f9227ac4d7  gnupg-2.0.18.tar.bz2
+6a8589381ca1b0c1a921e9955f42b016  gnupg-2.0.19.tar.bz2
-ddca149279811a3a4572fc90f92bbcf6  gnupg-2.0.18.tar.bz2.sig
+7d4763596ac3d3c9f573493a31e44b26  gnupg-2.0.19.tar.bz2.sig