From 0899c2ba91b1a7f1be0e6f26b5ef4f552e504f6b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 12 Apr 2021 14:58:52 +0200 Subject: [PATCH] gnupg2-2.3.1-1 --- .gitignore | 4 + gnupg-2.1.1-fips-algo.patch | 41 ++++ ...reviously-known-keys-even-without-UI.patch | 11 +- gnupg-2.2.20-file-is-digest.patch | 224 +++++++++--------- gnupg-2.2.21-coverity.patch | 22 +- gnupg-2.2.23-insttools.patch | 28 --- gnupg-2.2.27-shared.patch | 75 ------ gnupg2.spec | 23 +- sources | 4 +- 9 files changed, 179 insertions(+), 253 deletions(-) delete mode 100644 gnupg-2.2.23-insttools.patch delete mode 100644 gnupg-2.2.27-shared.patch diff --git a/.gitignore b/.gitignore index 59c9c2f..6ed5098 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,7 @@ gnupg-2.0.16.tar.bz2.sig /gnupg-2.2.26.tar.bz2.sig /gnupg-2.2.27.tar.bz2 /gnupg-2.2.27.tar.bz2.sig +/gnupg-2.3.0.tar.bz2 +/gnupg-2.3.0.tar.bz2.sig +/gnupg-2.3.1.tar.bz2 +/gnupg-2.3.1.tar.bz2.sig diff --git a/gnupg-2.1.1-fips-algo.patch b/gnupg-2.1.1-fips-algo.patch index fbb6d27..b8e0129 100644 --- a/gnupg-2.1.1-fips-algo.patch +++ b/gnupg-2.1.1-fips-algo.patch @@ -11,3 +11,44 @@ diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); } if (DBG_HASHING) +diff --git a/common/t-sexputil.c b/common/t-sexputil.c +index d75090c5b..be5eb2122 100644 +--- a/common/t-sexputil.c ++++ b/common/t-sexputil.c +@@ -291,36 +291,6 @@ test_ecc_uncompress (void) + const char *b; /* Compressed. */ + } + tests[] = { +- { +- "(public-key" +- " (ecc" +- " (curve brainpoolP256r1)" +- " (q #042ECD8679930BE2DB4AD42B8600BA3F80" +- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406" +- /* */"436DD11A1756AFE56CD93408410FCDA9" +- /* */"BA95024EB613BD481A14FCFEC27A448A#)))", +- /* The same in compressed form. */ +- "(public-key" +- " (ecc" +- " (curve brainpoolP256r1)" +- " (q #022ECD8679930BE2DB4AD42B8600BA3F80" +- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))" +- }, +- { +- "(public-key" +- " (ecc" +- " (curve brainpoolP256r1)" +- " (q #045B784CA008EE64AB3D85017EE0D2BE87" +- /* */"558762C7300E0C8E06B1F9AF7C031458" +- /* */"9EBBA41915313417BA54218EB0569C59" +- /* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))", +- /* The same in compressed form. */ +- "(public-key" +- " (ecc" +- " (curve brainpoolP256r1)" +- " (q #035B784CA008EE64AB3D85017EE0D2BE87" +- /* */"558762C7300E0C8E06B1F9AF7C031458#)))" +- }, + { /* A key which does not require a conversion. */ + "(public-key" + " (ecdsa" diff --git a/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch index 4b5690f..98dda54 100644 --- a/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch +++ b/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@ -33,7 +33,7 @@ index 5d3162c..f9acf95 100644 } - -- if (!uidnode ) +- if (!uidnode) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -43,16 +43,17 @@ index 5d3162c..f9acf95 100644 if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl, +@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl, } } -- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - { - if (!silent) - { -- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet ) +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; diff --git a/gnupg-2.2.20-file-is-digest.patch b/gnupg-2.2.20-file-is-digest.patch index f97ac9b..a85c9bd 100644 --- a/gnupg-2.2.20-file-is-digest.patch +++ b/gnupg-2.2.20-file-is-digest.patch @@ -10,25 +10,25 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c oGroup, oUnGroup, @@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_s (oPersonalCompressPreferences, - "personal-compress-preferences", "@"), - ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), + ARGPARSE_s_s (oTempDir, "temp-directory", "@"), + ARGPARSE_s_s (oExecPath, "exec-path", "@"), + ARGPARSE_s_n (oExpert, "expert", "@"), + ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), - ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), - ARGPARSE_s_n (oUnwrap, "unwrap", "@"), - ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), + ARGPARSE_s_n (oNoExpert, "no-expert", "@"), + ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), + ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"), @@ -2419,6 +2421,7 @@ main (int argc, char **argv) opt.keyid_format = KF_NONE; opt.def_sig_expire = "0"; opt.def_cert_expire = "0"; + opt.file_is_digest = 0; - gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; opt.emit_version = 0; + opt.weak_digests = NULL; @@ -2997,6 +3000,7 @@ main (int argc, char **argv) - opt.verify_options&=~VERIFY_SHOW_PHOTOS; - break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; + + case oForceAEAD: opt.force_aead = 1; break; + case oFileIsDigest: opt.file_is_digest = 1; break; case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; @@ -56,136 +56,140 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c #include "../common/compliance.h" @@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl, - if (duration || opt.sig_policy_url - || opt.sig_notations || opt.sig_keyserver_url) - sig->version = 4; -+ else if (opt.file_is_digest) + + if (pk->version >= 5) + sig->version = 5; /* Required for v5 keys. */ ++ else if (opt.file_is_digest) + sig->version = 3; else - sig->version = pk->version; + sig->version = 4; /* Required. */ @@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl, - } + err = mk_sig_subpkt_key_block (ctrl, sig, pk); else - err = 0; /* Actually never reached. */ -- hash_sigversion_to_magic (md, sig); + err = 0; +- hash_sigversion_to_magic (md, sig, extrahash); - gcry_md_final (md); + + if (!opt.file_is_digest) { -+ hash_sigversion_to_magic (md, sig); ++ hash_sigversion_to_magic (md, sig, extrahash); + gcry_md_final (md); + } if (!err) err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); @@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena - SK_LIST sk_rover = NULL; - int multifile = 0; - u32 duration=0; -+ int sigclass = 0x00; -+ u32 timestamp = 0; + SK_LIST sk_rover = NULL; + int multifile = 0; + u32 duration=0; ++ int sigclass = 0x00; ++ u32 timestamp = 0; + pt_extra_hash_data_t extrahash = NULL; - pfx = new_progress_context (); - afx = new_armor_context (); + pfx = new_progress_context (); @@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena - fname = NULL; + fname = NULL; - if( fname && filenames->next && (!detached || encryptflag) ) -- log_bug("multiple files can only be detached signed"); -+ log_bug("multiple files can only be detached signed\n"); + if (fname && filenames->next && (!detached || encryptflag)) +- log_bug ("multiple files can only be detached signed"); ++ log_bug ("multiple files can only be detached signed\n"); + -+ if (opt.file_is_digest && (multifile || !fname)) -+ log_bug("file-is-digest only works with one file\n"); -+ if (opt.file_is_digest && !detached) -+ log_bug("file-is-digest can only write detached signatures\n"); -+ if (opt.file_is_digest && !opt.def_digest_algo) -+ log_bug("file-is-digest needs --digest-algo\n"); -+ if (opt.file_is_digest && opt.textmode) -+ log_bug("file-is-digest doesn't work with --textmode\n"); ++ if (opt.file_is_digest && (multifile || !fname)) ++ log_bug ("file-is-digest only works with one file\n"); ++ if (opt.file_is_digest && !detached) ++ log_bug ("file-is-digest can only write detached signatures\n"); ++ if (opt.file_is_digest && !opt.def_digest_algo) ++ log_bug ("file-is-digest needs --digest-algo\n"); ++ if (opt.file_is_digest && opt.textmode) ++ log_bug ("file-is-digest doesn't work with --textmode\n"); - if(encryptflag==2 - && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) + if (encryptflag == 2 + && (rc = setup_symkey (&efx.symkey_s2k, &efx.symkey_dek))) @@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena - goto leave; + goto leave; - /* prepare iobufs */ -- if( multifile ) /* have list of filenames */ -+ if( multifile || opt.file_is_digest) /* have list of filenames */ - inp = NULL; /* we do it later */ - else { - inp = iobuf_open(fname); + /* Prepare iobufs. */ +- if (multifile) /* have list of filenames */ ++ if (multifile || opt.file_is_digest) /* have list of filenames */ + inp = NULL; /* we do it later */ + else + { @@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena - for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) - gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) + gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); -- if( !multifile ) -+ if( !multifile && !opt.file_is_digest ) - iobuf_push_filter( inp, md_filter, &mfx ); +- if (!multifile) ++ if (!multifile && !opt.file_is_digest) + iobuf_push_filter (inp, md_filter, &mfx); - if( detached && !encryptflag) + if (detached && !encryptflag) @@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena - write_status_begin_signing (mfx.md); + write_status_begin_signing (mfx.md); -+ sigclass = opt.textmode && !outfile? 0x01 : 0x00; ++ sigclass = opt.textmode && !outfile? 0x01 : 0x00; + - /* Setup the inner packet. */ - if( detached ) { - if( multifile ) { -@@ -1195,6 +1214,45 @@ sign_file (ctrl_t ctrl, strlist_t filena - if( opt.verbose ) - log_printf ("\n"); + /* Setup the inner packet. */ + if (detached) + { +@@ -1195,6 +1214,49 @@ sign_file (ctrl_t ctrl, strlist_t filena + if (opt.verbose) + log_printf ("\n"); } -+ else if (opt.file_is_digest) { -+ byte *mdb, ts[5]; -+ size_t mdlen; -+ const char *fp; -+ int c, d; -+ -+ gcry_md_final(mfx.md); -+ /* this assumes gcry_md_read returns the same buffer */ -+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); -+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); -+ if (strlen(fname) != mdlen * 2 + 11) -+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); -+ d = -1; -+ for (fp = fname ; *fp; ) { -+ c = *fp++; -+ if (c >= '0' && c <= '9') -+ c -= '0'; -+ else if (c >= 'a' && c <= 'f') -+ c -= 'a' - 10; -+ else if (c >= 'A' && c <= 'F') -+ c -= 'A' - 10; -+ else -+ log_bug("filename is not hex\n"); -+ if (d >= 0) { -+ *mdb++ = d << 4 | c; -+ c = -1; -+ if (--mdlen == 0) { -+ mdb = ts; -+ if (*fp++ != '@') -+ log_bug("missing time separator\n"); -+ } -+ } -+ d = c; -+ } -+ sigclass = ts[0]; -+ if (sigclass != 0x00 && sigclass != 0x01) -+ log_bug("bad cipher class\n"); -+ timestamp = buf32_to_u32(ts + 1); -+ } - else { - /* read, so that the filter can calculate the digest */ - while( iobuf_get(inp) != -1 ) ++ else if (opt.file_is_digest) ++ { ++ byte *mdb, ts[5]; ++ size_t mdlen; ++ const char *fp; ++ int c, d; ++ ++ gcry_md_final(mfx.md); ++ /* this assumes gcry_md_read returns the same buffer */ ++ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); ++ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); ++ if (strlen(fname) != mdlen * 2 + 11) ++ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); ++ d = -1; ++ for (fp = fname ; *fp; ) ++ { ++ c = *fp++; ++ if (c >= '0' && c <= '9') ++ c -= '0'; ++ else if (c >= 'a' && c <= 'f') ++ c -= 'a' - 10; ++ else if (c >= 'A' && c <= 'F') ++ c -= 'A' - 10; ++ else ++ log_bug("filename is not hex\n"); ++ if (d >= 0) ++ { ++ *mdb++ = d << 4 | c; ++ c = -1; ++ if (--mdlen == 0) ++ { ++ mdb = ts; ++ if (*fp++ != '@') ++ log_bug("missing time separator\n"); ++ } ++ } ++ d = c; ++ } ++ sigclass = ts[0]; ++ if (sigclass != 0x00 && sigclass != 0x01) ++ log_bug("bad cipher class\n"); ++ timestamp = buf32_to_u32(ts + 1); ++ } + else + { + /* Read, so that the filter can calculate the digest. */ @@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena - /* write the signatures */ - rc = write_signature_packets (ctrl, sk_list, out, mfx.md, -- opt.textmode && !outfile? 0x01 : 0x00, -- 0, duration, detached ? 'D':'S', NULL); -+ sigclass, -+ timestamp, duration, detached ? 'D':'S', NULL); - if( rc ) - goto leave; + /* Write the signatures. */ + rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash, +- opt.textmode && !outfile? 0x01 : 0x00, +- 0, duration, detached ? 'D':'S', NULL); ++ sigclass, ++ timestamp, duration, detached ? 'D':'S', NULL); + if (rc) + goto leave; diff --git a/gnupg-2.2.21-coverity.patch b/gnupg-2.2.21-coverity.patch index b4e65b6..7de8a3c 100644 --- a/gnupg-2.2.21-coverity.patch +++ b/gnupg-2.2.21-coverity.patch @@ -61,26 +61,6 @@ diff -up gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.21/dirmngr/ks-e unsigned int tries = SEND_REQUEST_RETRIES; unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; -diff -up gnupg-2.2.21/g10/card-util.c.coverity gnupg-2.2.21/g10/card-util.c ---- gnupg-2.2.21/g10/card-util.c.coverity 2020-04-15 15:17:48.000000000 +0200 -+++ gnupg-2.2.21/g10/card-util.c 2020-07-20 17:09:57.419148793 +0200 -@@ -667,7 +667,7 @@ card_status (ctrl_t ctrl, estream_t fp, - { - int err; - strlist_t card_list, sl; -- char *serialno0, *serialno1; -+ char *serialno0, *serialno1 = NULL; - int all_cards = 0; - int any_card = 0; - -@@ -712,6 +712,7 @@ card_status (ctrl_t ctrl, estream_t fp, - - current_card_status (ctrl, fp, NULL, 0); - xfree (serialno1); -+ serialno1 = NULL; - - if (!all_cards) - goto leave; diff -up gnupg-2.2.21/g10/import.c.coverity gnupg-2.2.21/g10/import.c --- gnupg-2.2.21/g10/import.c.coverity 2020-07-20 17:09:57.416148768 +0200 +++ gnupg-2.2.21/g10/import.c 2020-07-20 17:09:57.419148793 +0200 @@ -103,8 +83,8 @@ diff -up gnupg-2.2.21/g10/keygen.c.coverity gnupg-2.2.21/g10/keygen.c - unsigned int size; + unsigned int size = 0; int keyuse; + int keyversion = 4; int i; - const char *s; @@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i the self-signatures. */ err = agent_readkey (NULL, 1, keyid, &public); diff --git a/gnupg-2.2.23-insttools.patch b/gnupg-2.2.23-insttools.patch deleted file mode 100644 index 8c15871..0000000 --- a/gnupg-2.2.23-insttools.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -up gnupg-2.2.23/tools/Makefile.am.insttools gnupg-2.2.23/tools/Makefile.am ---- gnupg-2.2.23/tools/Makefile.am.insttools 2020-08-13 11:01:57.000000000 +0200 -+++ gnupg-2.2.23/tools/Makefile.am 2020-09-04 13:49:34.183246428 +0200 -@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER - sbin_SCRIPTS = addgnupghome applygnupgdefaults - - if HAVE_USTAR --# bin_SCRIPTS += gpg-zip --noinst_SCRIPTS = gpg-zip -+bin_PROGRAMS += gpg-zip -+#noinst_SCRIPTS = gpg-zip - endif - - if BUILD_WKS_TOOLS -diff -up gnupg-2.2.23/tools/Makefile.in.insttools gnupg-2.2.23/tools/Makefile.in ---- gnupg-2.2.23/tools/Makefile.in.insttools 2020-09-03 17:16:55.000000000 +0200 -+++ gnupg-2.2.23/tools/Makefile.in 2020-09-04 13:49:34.183246428 +0200 -@@ -618,8 +618,8 @@ libcommontlsnpth = ../common/libcommontl - AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) - sbin_SCRIPTS = addgnupghome applygnupgdefaults - --# bin_SCRIPTS += gpg-zip --@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip -+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip -+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip - @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = - @BUILD_WKS_TOOLS_TRUE@gpg_wks_server = gpg-wks-server - common_libs = $(libcommon) diff --git a/gnupg-2.2.27-shared.patch b/gnupg-2.2.27-shared.patch deleted file mode 100644 index dd0b6c7..0000000 --- a/gnupg-2.2.27-shared.patch +++ /dev/null @@ -1,75 +0,0 @@ -# Add the option "shared-access" to scdaemon. -# If set, pcsc_connect is called with PCSC_SHARE_SHARED instead of PCSC_SHARE_EXCLUSIVE. - - ---- a/scd/apdu.c -+++ b/scd/apdu.c -@@ -816,7 +816,7 @@ connect_pcsc_card (int slot) - - err = pcsc_connect (reader_table[slot].pcsc.context, - reader_table[slot].rdrname, -- PCSC_SHARE_EXCLUSIVE, -+ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE, - PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, - &reader_table[slot].pcsc.card, - &reader_table[slot].pcsc.protocol); ---- a/scd/scdaemon.c -+++ b/scd/scdaemon.c -@@ -99,6 +99,7 @@ enum cmd_and_opt_values - oDenyAdmin, - oDisableApplication, - oEnablePinpadVarlen, -+ oSharedAccess, - oListenBacklog, - - oNoop -@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = { - /* Stubs for options which are implemented by 2.3 or later. */ - ARGPARSE_s_s (oNoop, "application-priority", "@"), - -+ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")), -+ - ARGPARSE_end () - }; - -@@ -629,6 +632,8 @@ main (int argc, char **argv ) - - case oNoop: break; - -+ case oSharedAccess: opt.shared_access = 1; break; -+ - default: - if (configname) - pargs.err = ARGPARSE_PRINT_WARNING; -@@ -727,6 +732,7 @@ main (int argc, char **argv ) - es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE ); - es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); - es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE ); -+ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE ); - - scd_exit (0); - } ---- a/scd/scdaemon.h -+++ b/scd/scdaemon.h -@@ -62,6 +62,8 @@ struct - strlist_t disabled_applications; /* Card applications we do not - want to use. */ - unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */ -+ -+ int shared_access; - } opt; - - ---- a/tools/gpgconf-comp.c -+++ b/tools/gpgconf-comp.c -@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] = - { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, - "gnupg", "|N|disconnect the card after N seconds of inactivity", - GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON }, -+ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, -+ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect", -+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON }, - - { "Debug", - GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, - diff --git a/gnupg2.spec b/gnupg2.spec index 15be9ca..2d7764f 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -6,16 +6,16 @@ Summary: Utility for secure communication and data storage Name: gnupg2 -Version: 2.2.27 -Release: 4%{?dist} +Version: 2.3.1 +Release: 1%{?dist} License: GPLv3+ Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2 Source1: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig -Patch1: gnupg-2.2.23-insttools.patch # needed for compatibility with system FIPS mode Patch3: gnupg-2.1.10-secmem.patch # non-upstreamable patch adding file-is-digest option needed for Copr +# https://dev.gnupg.org/T1646 Patch4: gnupg-2.2.20-file-is-digest.patch # fix handling of missing key usage on ocsp replies - upstream T1333 Patch5: gnupg-2.2.16-ocsp-keyusage.patch @@ -29,8 +29,6 @@ Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI. Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch # Fixes for issues found in Coverity scan - reported upstream Patch30: gnupg-2.2.21-coverity.patch -# Do not require exclusive access to the pcsc -Patch31: gnupg-2.2.27-shared.patch URL: https://www.gnupg.org/ @@ -42,7 +40,7 @@ BuildRequires: curl-devel BuildRequires: docbook-utils BuildRequires: gettext BuildRequires: libassuan-devel >= 2.1.0 -BuildRequires: libgcrypt-devel >= 1.7.0 +BuildRequires: libgcrypt-devel >= 1.9.1 BuildRequires: libgpg-error-devel >= 1.38 BuildRequires: libksba-devel >= 1.3.0 BuildRequires: openldap-devel @@ -101,9 +99,6 @@ to the base GnuPG package %prep %setup -q -n gnupg-%{version} -%if %{with unversioned_gpg} -%patch1 -p1 -b .insttools -%endif %patch3 -p1 -b .secmem %patch4 -p1 -b .file-is-digest %patch5 -p1 -b .keyusage @@ -115,7 +110,6 @@ to the base GnuPG package %patch22 -p1 -b .good_revoc %patch30 -p1 -b .coverity -%patch31 -p1 -b .shared # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # Note: this is just the name of the default shared lib to load in scdaemon, @@ -126,7 +120,8 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c %build - +# can not regenerate makefiles because of automake-1.16.3 requirement +# ./autogen.sh %configure \ %if %{without unversioned_gpg} --enable-gpg-is-gpg2 \ @@ -195,8 +190,10 @@ make -k check ## docs say to install suid root, but fedora/rh security folk say not to %{_bindir}/gpg2 %{_bindir}/gpgv2 +%{_bindir}/gpg-card %{_bindir}/gpg-connect-agent %{_bindir}/gpg-agent +%{_bindir}/gpg-wks-client %{_bindir}/gpgconf %{_bindir}/gpgparsemail %{_bindir}/gpgtar @@ -207,7 +204,6 @@ make -k check %{_bindir}/gpg %{_bindir}/gpgv %{_bindir}/gpgsplit -%{_bindir}/gpg-zip %endif %{_bindir}/watchgnupg %{_bindir}/gpg-wks-server @@ -226,6 +222,9 @@ make -k check %changelog +* Wed Apr 21 2021 Jakub Jelen - 2.3.1-1 +- New upstream release (#1947159) + * Mon Mar 29 2021 Jakub Jelen - 2.2.27-4 - Add a configuration to not require exclusive access to PCSC diff --git a/sources b/sources index 1838a1e..43b3ef8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (gnupg-2.2.27.tar.bz2) = cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab -SHA512 (gnupg-2.2.27.tar.bz2.sig) = d8e951cd4d4db5da53b28647c61c07c05de7fedbc8014c869dee97d9014ac7041c4fcb165ff8ec1fb4f7a6cf3db67e5e4a391c7bda999c22286db6ed78f6e5a5 +SHA512 (gnupg-2.3.1.tar.bz2) = d2cc82c1b47bbd79acd6ef787c01684fb084b1c5507bbca6cf7ca8834ed978ae7a44c01d652cc3afbd70e2906583c8701aebc8d9fd3fc5e0401769ad4cd46af1 +SHA512 (gnupg-2.3.1.tar.bz2.sig) = 8641330ddc11c08a1a7db0042f70bad4daa74f03bb88204f0b47a05c82165559d249c019d8af757a5d37acd7a206be78f35a6c513627c01e106149ba5643f96f