gnupg2-2.3.1-1

This commit is contained in:
Jakub Jelen 2021-04-12 14:58:52 +02:00
parent 240056b321
commit 0899c2ba91
9 changed files with 179 additions and 253 deletions

4
.gitignore vendored
View File

@ -102,3 +102,7 @@ gnupg-2.0.16.tar.bz2.sig
/gnupg-2.2.26.tar.bz2.sig /gnupg-2.2.26.tar.bz2.sig
/gnupg-2.2.27.tar.bz2 /gnupg-2.2.27.tar.bz2
/gnupg-2.2.27.tar.bz2.sig /gnupg-2.2.27.tar.bz2.sig
/gnupg-2.3.0.tar.bz2
/gnupg-2.3.0.tar.bz2.sig
/gnupg-2.3.1.tar.bz2
/gnupg-2.3.1.tar.bz2.sig

View File

@ -11,3 +11,44 @@ diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
} }
if (DBG_HASHING) if (DBG_HASHING)
diff --git a/common/t-sexputil.c b/common/t-sexputil.c
index d75090c5b..be5eb2122 100644
--- a/common/t-sexputil.c
+++ b/common/t-sexputil.c
@@ -291,36 +291,6 @@ test_ecc_uncompress (void)
const char *b; /* Compressed. */
}
tests[] = {
- {
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #042ECD8679930BE2DB4AD42B8600BA3F80"
- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406"
- /* */"436DD11A1756AFE56CD93408410FCDA9"
- /* */"BA95024EB613BD481A14FCFEC27A448A#)))",
- /* The same in compressed form. */
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #022ECD8679930BE2DB4AD42B8600BA3F80"
- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))"
- },
- {
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #045B784CA008EE64AB3D85017EE0D2BE87"
- /* */"558762C7300E0C8E06B1F9AF7C031458"
- /* */"9EBBA41915313417BA54218EB0569C59"
- /* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))",
- /* The same in compressed form. */
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #035B784CA008EE64AB3D85017EE0D2BE87"
- /* */"558762C7300E0C8E06B1F9AF7C031458#)))"
- },
{ /* A key which does not require a conversion. */
"(public-key"
" (ecdsa"

View File

@ -43,10 +43,11 @@ index 5d3162c..f9acf95 100644
if (screener && screener (keyblock, screener_arg)) if (screener && screener (keyblock, screener_arg))
{ {
log_error (_("key %s: %s\n"), keystr_from_pk (pk), log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl, @@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl,
} }
} }
- /* Delete invalid parts and bail out if there are no user ids left. */
- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - if (!delete_inv_parts (ctrl, keyblock, keyid, options))
- { - {
- if (!silent) - if (!silent)

View File

@ -10,25 +10,25 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
oGroup, oGroup,
oUnGroup, oUnGroup,
@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = { @@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences, ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
"personal-compress-preferences", "@"), ARGPARSE_s_s (oExecPath, "exec-path", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ARGPARSE_s_n (oExpert, "expert", "@"),
+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), + ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
@@ -2419,6 +2421,7 @@ main (int argc, char **argv) @@ -2419,6 +2421,7 @@ main (int argc, char **argv)
opt.keyid_format = KF_NONE; opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0"; opt.def_sig_expire = "0";
opt.def_cert_expire = "0"; opt.def_cert_expire = "0";
+ opt.file_is_digest = 0; + opt.file_is_digest = 0;
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1; opt.passphrase_repeat = 1;
opt.emit_version = 0; opt.emit_version = 0;
opt.weak_digests = NULL;
@@ -2997,6 +3000,7 @@ main (int argc, char **argv) @@ -2997,6 +3000,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceAEAD: opt.force_aead = 1; break;
+ case oFileIsDigest: opt.file_is_digest = 1; break; + case oFileIsDigest: opt.file_is_digest = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
@ -56,23 +56,23 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
#include "../common/compliance.h" #include "../common/compliance.h"
@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl, @@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl,
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url) if (pk->version >= 5)
sig->version = 4; sig->version = 5; /* Required for v5 keys. */
+ else if (opt.file_is_digest) + else if (opt.file_is_digest)
+ sig->version = 3; + sig->version = 3;
else else
sig->version = pk->version; sig->version = 4; /* Required. */
@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl, @@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl,
} err = mk_sig_subpkt_key_block (ctrl, sig, pk);
else else
err = 0; /* Actually never reached. */ err = 0;
- hash_sigversion_to_magic (md, sig); - hash_sigversion_to_magic (md, sig, extrahash);
- gcry_md_final (md); - gcry_md_final (md);
+ +
+ if (!opt.file_is_digest) { + if (!opt.file_is_digest) {
+ hash_sigversion_to_magic (md, sig); + hash_sigversion_to_magic (md, sig, extrahash);
+ gcry_md_final (md); + gcry_md_final (md);
+ } + }
@ -84,9 +84,9 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
u32 duration=0; u32 duration=0;
+ int sigclass = 0x00; + int sigclass = 0x00;
+ u32 timestamp = 0; + u32 timestamp = 0;
pt_extra_hash_data_t extrahash = NULL;
pfx = new_progress_context (); pfx = new_progress_context ();
afx = new_armor_context ();
@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena @@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL; fname = NULL;
@ -108,12 +108,12 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena @@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave; goto leave;
/* prepare iobufs */ /* Prepare iobufs. */
- if (multifile) /* have list of filenames */ - if (multifile) /* have list of filenames */
+ if (multifile || opt.file_is_digest) /* have list of filenames */ + if (multifile || opt.file_is_digest) /* have list of filenames */
inp = NULL; /* we do it later */ inp = NULL; /* we do it later */
else { else
inp = iobuf_open(fname); {
@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena @@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@ -130,13 +130,14 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00; + sigclass = opt.textmode && !outfile? 0x01 : 0x00;
+ +
/* Setup the inner packet. */ /* Setup the inner packet. */
if( detached ) { if (detached)
if( multifile ) { {
@@ -1195,6 +1214,45 @@ sign_file (ctrl_t ctrl, strlist_t filena @@ -1195,6 +1214,49 @@ sign_file (ctrl_t ctrl, strlist_t filena
if (opt.verbose) if (opt.verbose)
log_printf ("\n"); log_printf ("\n");
} }
+ else if (opt.file_is_digest) { + else if (opt.file_is_digest)
+ {
+ byte *mdb, ts[5]; + byte *mdb, ts[5];
+ size_t mdlen; + size_t mdlen;
+ const char *fp; + const char *fp;
@ -149,7 +150,8 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
+ if (strlen(fname) != mdlen * 2 + 11) + if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); + log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ d = -1; + d = -1;
+ for (fp = fname ; *fp; ) { + for (fp = fname ; *fp; )
+ {
+ c = *fp++; + c = *fp++;
+ if (c >= '0' && c <= '9') + if (c >= '0' && c <= '9')
+ c -= '0'; + c -= '0';
@ -159,10 +161,12 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
+ c -= 'A' - 10; + c -= 'A' - 10;
+ else + else
+ log_bug("filename is not hex\n"); + log_bug("filename is not hex\n");
+ if (d >= 0) { + if (d >= 0)
+ {
+ *mdb++ = d << 4 | c; + *mdb++ = d << 4 | c;
+ c = -1; + c = -1;
+ if (--mdlen == 0) { + if (--mdlen == 0)
+ {
+ mdb = ts; + mdb = ts;
+ if (*fp++ != '@') + if (*fp++ != '@')
+ log_bug("missing time separator\n"); + log_bug("missing time separator\n");
@ -175,13 +179,13 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
+ log_bug("bad cipher class\n"); + log_bug("bad cipher class\n");
+ timestamp = buf32_to_u32(ts + 1); + timestamp = buf32_to_u32(ts + 1);
+ } + }
else { else
/* read, so that the filter can calculate the digest */ {
while( iobuf_get(inp) != -1 ) /* Read, so that the filter can calculate the digest. */
@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena @@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */ /* Write the signatures. */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md, rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash,
- opt.textmode && !outfile? 0x01 : 0x00, - opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S', NULL); - 0, duration, detached ? 'D':'S', NULL);
+ sigclass, + sigclass,

View File

@ -61,26 +61,6 @@ diff -up gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.21/dirmngr/ks-e
unsigned int tries = SEND_REQUEST_RETRIES; unsigned int tries = SEND_REQUEST_RETRIES;
unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES;
diff -up gnupg-2.2.21/g10/card-util.c.coverity gnupg-2.2.21/g10/card-util.c
--- gnupg-2.2.21/g10/card-util.c.coverity 2020-04-15 15:17:48.000000000 +0200
+++ gnupg-2.2.21/g10/card-util.c 2020-07-20 17:09:57.419148793 +0200
@@ -667,7 +667,7 @@ card_status (ctrl_t ctrl, estream_t fp,
{
int err;
strlist_t card_list, sl;
- char *serialno0, *serialno1;
+ char *serialno0, *serialno1 = NULL;
int all_cards = 0;
int any_card = 0;
@@ -712,6 +712,7 @@ card_status (ctrl_t ctrl, estream_t fp,
current_card_status (ctrl, fp, NULL, 0);
xfree (serialno1);
+ serialno1 = NULL;
if (!all_cards)
goto leave;
diff -up gnupg-2.2.21/g10/import.c.coverity gnupg-2.2.21/g10/import.c diff -up gnupg-2.2.21/g10/import.c.coverity gnupg-2.2.21/g10/import.c
--- gnupg-2.2.21/g10/import.c.coverity 2020-07-20 17:09:57.416148768 +0200 --- gnupg-2.2.21/g10/import.c.coverity 2020-07-20 17:09:57.416148768 +0200
+++ gnupg-2.2.21/g10/import.c 2020-07-20 17:09:57.419148793 +0200 +++ gnupg-2.2.21/g10/import.c 2020-07-20 17:09:57.419148793 +0200
@ -103,8 +83,8 @@ diff -up gnupg-2.2.21/g10/keygen.c.coverity gnupg-2.2.21/g10/keygen.c
- unsigned int size; - unsigned int size;
+ unsigned int size = 0; + unsigned int size = 0;
int keyuse; int keyuse;
int keyversion = 4;
int i; int i;
const char *s;
@@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i @@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i
the self-signatures. */ the self-signatures. */
err = agent_readkey (NULL, 1, keyid, &public); err = agent_readkey (NULL, 1, keyid, &public);

View File

@ -1,28 +0,0 @@
diff -up gnupg-2.2.23/tools/Makefile.am.insttools gnupg-2.2.23/tools/Makefile.am
--- gnupg-2.2.23/tools/Makefile.am.insttools 2020-08-13 11:01:57.000000000 +0200
+++ gnupg-2.2.23/tools/Makefile.am 2020-09-04 13:49:34.183246428 +0200
@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER
sbin_SCRIPTS = addgnupghome applygnupgdefaults
if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
+bin_PROGRAMS += gpg-zip
+#noinst_SCRIPTS = gpg-zip
endif
if BUILD_WKS_TOOLS
diff -up gnupg-2.2.23/tools/Makefile.in.insttools gnupg-2.2.23/tools/Makefile.in
--- gnupg-2.2.23/tools/Makefile.in.insttools 2020-09-03 17:16:55.000000000 +0200
+++ gnupg-2.2.23/tools/Makefile.in 2020-09-04 13:49:34.183246428 +0200
@@ -618,8 +618,8 @@ libcommontlsnpth = ../common/libcommontl
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
sbin_SCRIPTS = addgnupghome applygnupgdefaults
-# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip
+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
@BUILD_WKS_TOOLS_FALSE@gpg_wks_server =
@BUILD_WKS_TOOLS_TRUE@gpg_wks_server = gpg-wks-server
common_libs = $(libcommon)

View File

@ -1,75 +0,0 @@
# Add the option "shared-access" to scdaemon.
# If set, pcsc_connect is called with PCSC_SHARE_SHARED instead of PCSC_SHARE_EXCLUSIVE.
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -816,7 +816,7 @@ connect_pcsc_card (int slot)
err = pcsc_connect (reader_table[slot].pcsc.context,
reader_table[slot].rdrname,
- PCSC_SHARE_EXCLUSIVE,
+ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE,
PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
&reader_table[slot].pcsc.card,
&reader_table[slot].pcsc.protocol);
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -99,6 +99,7 @@ enum cmd_and_opt_values
oDenyAdmin,
oDisableApplication,
oEnablePinpadVarlen,
+ oSharedAccess,
oListenBacklog,
oNoop
@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = {
/* Stubs for options which are implemented by 2.3 or later. */
ARGPARSE_s_s (oNoop, "application-priority", "@"),
+ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")),
+
ARGPARSE_end ()
};
@@ -629,6 +632,8 @@ main (int argc, char **argv )
case oNoop: break;
+ case oSharedAccess: opt.shared_access = 1; break;
+
default:
if (configname)
pargs.err = ARGPARSE_PRINT_WARNING;
@@ -727,6 +732,7 @@ main (int argc, char **argv )
es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE );
es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE );
+ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE );
scd_exit (0);
}
--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@@ -62,6 +62,8 @@ struct
strlist_t disabled_applications; /* Card applications we do not
want to use. */
unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
+
+ int shared_access;
} opt;
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] =
{ "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
"gnupg", "|N|disconnect the card after N seconds of inactivity",
GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
+ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
{ "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,

View File

@ -6,16 +6,16 @@
Summary: Utility for secure communication and data storage Summary: Utility for secure communication and data storage
Name: gnupg2 Name: gnupg2
Version: 2.2.27 Version: 2.3.1
Release: 4%{?dist} Release: 1%{?dist}
License: GPLv3+ License: GPLv3+
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2 Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
Source1: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig Source1: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig
Patch1: gnupg-2.2.23-insttools.patch
# needed for compatibility with system FIPS mode # needed for compatibility with system FIPS mode
Patch3: gnupg-2.1.10-secmem.patch Patch3: gnupg-2.1.10-secmem.patch
# non-upstreamable patch adding file-is-digest option needed for Copr # non-upstreamable patch adding file-is-digest option needed for Copr
# https://dev.gnupg.org/T1646
Patch4: gnupg-2.2.20-file-is-digest.patch Patch4: gnupg-2.2.20-file-is-digest.patch
# fix handling of missing key usage on ocsp replies - upstream T1333 # fix handling of missing key usage on ocsp replies - upstream T1333
Patch5: gnupg-2.2.16-ocsp-keyusage.patch Patch5: gnupg-2.2.16-ocsp-keyusage.patch
@ -29,8 +29,6 @@ Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.
Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
# Fixes for issues found in Coverity scan - reported upstream # Fixes for issues found in Coverity scan - reported upstream
Patch30: gnupg-2.2.21-coverity.patch Patch30: gnupg-2.2.21-coverity.patch
# Do not require exclusive access to the pcsc
Patch31: gnupg-2.2.27-shared.patch
URL: https://www.gnupg.org/ URL: https://www.gnupg.org/
@ -42,7 +40,7 @@ BuildRequires: curl-devel
BuildRequires: docbook-utils BuildRequires: docbook-utils
BuildRequires: gettext BuildRequires: gettext
BuildRequires: libassuan-devel >= 2.1.0 BuildRequires: libassuan-devel >= 2.1.0
BuildRequires: libgcrypt-devel >= 1.7.0 BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libgpg-error-devel >= 1.38 BuildRequires: libgpg-error-devel >= 1.38
BuildRequires: libksba-devel >= 1.3.0 BuildRequires: libksba-devel >= 1.3.0
BuildRequires: openldap-devel BuildRequires: openldap-devel
@ -101,9 +99,6 @@ to the base GnuPG package
%prep %prep
%setup -q -n gnupg-%{version} %setup -q -n gnupg-%{version}
%if %{with unversioned_gpg}
%patch1 -p1 -b .insttools
%endif
%patch3 -p1 -b .secmem %patch3 -p1 -b .secmem
%patch4 -p1 -b .file-is-digest %patch4 -p1 -b .file-is-digest
%patch5 -p1 -b .keyusage %patch5 -p1 -b .keyusage
@ -115,7 +110,6 @@ to the base GnuPG package
%patch22 -p1 -b .good_revoc %patch22 -p1 -b .good_revoc
%patch30 -p1 -b .coverity %patch30 -p1 -b .coverity
%patch31 -p1 -b .shared
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon, # Note: this is just the name of the default shared lib to load in scdaemon,
@ -126,7 +120,8 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
%build %build
# can not regenerate makefiles because of automake-1.16.3 requirement
# ./autogen.sh
%configure \ %configure \
%if %{without unversioned_gpg} %if %{without unversioned_gpg}
--enable-gpg-is-gpg2 \ --enable-gpg-is-gpg2 \
@ -195,8 +190,10 @@ make -k check
## docs say to install suid root, but fedora/rh security folk say not to ## docs say to install suid root, but fedora/rh security folk say not to
%{_bindir}/gpg2 %{_bindir}/gpg2
%{_bindir}/gpgv2 %{_bindir}/gpgv2
%{_bindir}/gpg-card
%{_bindir}/gpg-connect-agent %{_bindir}/gpg-connect-agent
%{_bindir}/gpg-agent %{_bindir}/gpg-agent
%{_bindir}/gpg-wks-client
%{_bindir}/gpgconf %{_bindir}/gpgconf
%{_bindir}/gpgparsemail %{_bindir}/gpgparsemail
%{_bindir}/gpgtar %{_bindir}/gpgtar
@ -207,7 +204,6 @@ make -k check
%{_bindir}/gpg %{_bindir}/gpg
%{_bindir}/gpgv %{_bindir}/gpgv
%{_bindir}/gpgsplit %{_bindir}/gpgsplit
%{_bindir}/gpg-zip
%endif %endif
%{_bindir}/watchgnupg %{_bindir}/watchgnupg
%{_bindir}/gpg-wks-server %{_bindir}/gpg-wks-server
@ -226,6 +222,9 @@ make -k check
%changelog %changelog
* Wed Apr 21 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-1
- New upstream release (#1947159)
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-4 * Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-4
- Add a configuration to not require exclusive access to PCSC - Add a configuration to not require exclusive access to PCSC

View File

@ -1,2 +1,2 @@
SHA512 (gnupg-2.2.27.tar.bz2) = cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab SHA512 (gnupg-2.3.1.tar.bz2) = d2cc82c1b47bbd79acd6ef787c01684fb084b1c5507bbca6cf7ca8834ed978ae7a44c01d652cc3afbd70e2906583c8701aebc8d9fd3fc5e0401769ad4cd46af1
SHA512 (gnupg-2.2.27.tar.bz2.sig) = d8e951cd4d4db5da53b28647c61c07c05de7fedbc8014c869dee97d9014ac7041c4fcb165ff8ec1fb4f7a6cf3db67e5e4a391c7bda999c22286db6ed78f6e5a5 SHA512 (gnupg-2.3.1.tar.bz2.sig) = 8641330ddc11c08a1a7db0042f70bad4daa74f03bb88204f0b47a05c82165559d249c019d8af757a5d37acd7a206be78f35a6c513627c01e106149ba5643f96f