rpms/gnupg2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

gnupg2-2.3.1-1

Browse Source
This commit is contained in:
Jakub Jelen 2021-04-12 14:58:52 +02:00
parent 240056b321
commit 0899c2ba91
9 changed files with 179 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -102,3 +102,7 @@ gnupg-2.0.16.tar.bz2.sig
/gnupg-2.2.26.tar.bz2.sig
/gnupg-2.2.27.tar.bz2
/gnupg-2.2.27.tar.bz2.sig
/gnupg-2.3.0.tar.bz2
/gnupg-2.3.0.tar.bz2.sig
/gnupg-2.3.1.tar.bz2
/gnupg-2.3.1.tar.bz2.sig

41
gnupg-2.1.1-fips-algo.patch
View File

@ -11,3 +11,44 @@ diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
}
if (DBG_HASHING)
diff --git a/common/t-sexputil.c b/common/t-sexputil.c
index d75090c5b..be5eb2122 100644
--- a/common/t-sexputil.c
+++ b/common/t-sexputil.c
@@ -291,36 +291,6 @@ test_ecc_uncompress (void)
const char *b; /* Compressed. */
}
tests[] = {
- {
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #042ECD8679930BE2DB4AD42B8600BA3F80"
- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406"
- /* */"436DD11A1756AFE56CD93408410FCDA9"
- /* */"BA95024EB613BD481A14FCFEC27A448A#)))",
- /* The same in compressed form. */
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #022ECD8679930BE2DB4AD42B8600BA3F80"
- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))"
- },
- {
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #045B784CA008EE64AB3D85017EE0D2BE87"
- /* */"558762C7300E0C8E06B1F9AF7C031458"
- /* */"9EBBA41915313417BA54218EB0569C59"
- /* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))",
- /* The same in compressed form. */
- "(public-key"
- " (ecc"
- " (curve brainpoolP256r1)"
- " (q #035B784CA008EE64AB3D85017EE0D2BE87"
- /* */"558762C7300E0C8E06B1F9AF7C031458#)))"
- },
{ /* A key which does not require a conversion. */
"(public-key"
" (ecdsa"

11
gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
View File

@ -33,7 +33,7 @@ index 5d3162c..f9acf95 100644
}
-
- if (!uidnode )
- if (!uidnode)
- {
- if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@ -43,16 +43,17 @@ index 5d3162c..f9acf95 100644
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl,
@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl,
}
}
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
- /* Delete invalid parts and bail out if there are no user ids left. */
- if (!delete_inv_parts (ctrl, keyblock, keyid, options))
- {
- if (!silent)
- {
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet )
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet)
- log_info(_("this may be caused by a missing self-signature\n"));
- }
- stats->no_user_id++;

222
gnupg-2.2.20-file-is-digest.patch
View File

@ -10,25 +10,25 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
oGroup,
oUnGroup,
@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
ARGPARSE_s_s (oExecPath, "exec-path", "@"),
ARGPARSE_s_n (oExpert, "expert", "@"),
+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
@@ -2419,6 +2421,7 @@ main (int argc, char **argv)
opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
+ opt.file_is_digest = 0;
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
opt.emit_version = 0;
opt.weak_digests = NULL;
@@ -2997,6 +3000,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceAEAD: opt.force_aead = 1; break;
+ case oFileIsDigest: opt.file_is_digest = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
@ -56,136 +56,140 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
#include "../common/compliance.h"
@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl,
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
+ else if (opt.file_is_digest)
if (pk->version >= 5)
sig->version = 5; /* Required for v5 keys. */
+ else if (opt.file_is_digest)
+ sig->version = 3;
else
sig->version = pk->version;
sig->version = 4; /* Required. */
@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl,
}
err = mk_sig_subpkt_key_block (ctrl, sig, pk);
else
err = 0; /* Actually never reached. */
- hash_sigversion_to_magic (md, sig);
err = 0;
- hash_sigversion_to_magic (md, sig, extrahash);
- gcry_md_final (md);
+
+ if (!opt.file_is_digest) {
+ hash_sigversion_to_magic (md, sig);
+ hash_sigversion_to_magic (md, sig, extrahash);
+ gcry_md_final (md);
+ }
if (!err)
err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
@@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
+ int sigclass = 0x00;
+ u32 timestamp = 0;
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
+ int sigclass = 0x00;
+ u32 timestamp = 0;
pt_extra_hash_data_t extrahash = NULL;
pfx = new_progress_context ();
afx = new_armor_context ();
pfx = new_progress_context ();
@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
- log_bug("multiple files can only be detached signed");
+ log_bug("multiple files can only be detached signed\n");
if (fname && filenames->next && (!detached || encryptflag))
- log_bug ("multiple files can only be detached signed");
+ log_bug ("multiple files can only be detached signed\n");
+
+ if (opt.file_is_digest && (multifile || !fname))
+ log_bug("file-is-digest only works with one file\n");
+ if (opt.file_is_digest && !detached)
+ log_bug("file-is-digest can only write detached signatures\n");
+ if (opt.file_is_digest && !opt.def_digest_algo)
+ log_bug("file-is-digest needs --digest-algo\n");
+ if (opt.file_is_digest && opt.textmode)
+ log_bug("file-is-digest doesn't work with --textmode\n");
+ if (opt.file_is_digest && (multifile || !fname))
+ log_bug ("file-is-digest only works with one file\n");
+ if (opt.file_is_digest && !detached)
+ log_bug ("file-is-digest can only write detached signatures\n");
+ if (opt.file_is_digest && !opt.def_digest_algo)
+ log_bug ("file-is-digest needs --digest-algo\n");
+ if (opt.file_is_digest && opt.textmode)
+ log_bug ("file-is-digest doesn't work with --textmode\n");
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
if (encryptflag == 2
&& (rc = setup_symkey (&efx.symkey_s2k, &efx.symkey_dek)))
@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
goto leave;
/* prepare iobufs */
- if( multifile ) /* have list of filenames */
+ if( multifile || opt.file_is_digest) /* have list of filenames */
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
/* Prepare iobufs. */
- if (multifile) /* have list of filenames */
+ if (multifile || opt.file_is_digest) /* have list of filenames */
inp = NULL; /* we do it later */
else
{
@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
- if( !multifile )
+ if( !multifile && !opt.file_is_digest )
iobuf_push_filter( inp, md_filter, &mfx );
- if (!multifile)
+ if (!multifile && !opt.file_is_digest)
iobuf_push_filter (inp, md_filter, &mfx);
if( detached && !encryptflag)
if (detached && !encryptflag)
@@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
write_status_begin_signing (mfx.md);
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00;
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00;
+
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
@@ -1195,6 +1214,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
/* Setup the inner packet. */
if (detached)
{
@@ -1195,6 +1214,49 @@ sign_file (ctrl_t ctrl, strlist_t filena
if (opt.verbose)
log_printf ("\n");
}
+ else if (opt.file_is_digest) {
+ byte *mdb, ts[5];
+ size_t mdlen;
+ const char *fp;
+ int c, d;
+ else if (opt.file_is_digest)
+ {
+ byte *mdb, ts[5];
+ size_t mdlen;
+ const char *fp;
+ int c, d;
+
+ gcry_md_final(mfx.md);
+ /* this assumes gcry_md_read returns the same buffer */
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
+ if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ d = -1;
+ for (fp = fname ; *fp; ) {
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0) {
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0) {
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ }
+ sigclass = ts[0];
+ if (sigclass != 0x00 && sigclass != 0x01)
+ log_bug("bad cipher class\n");
+ timestamp = buf32_to_u32(ts + 1);
+ }
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
+ gcry_md_final(mfx.md);
+ /* this assumes gcry_md_read returns the same buffer */
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
+ if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ d = -1;
+ for (fp = fname ; *fp; )
+ {
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0)
+ {
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0)
+ {
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ }
+ sigclass = ts[0];
+ if (sigclass != 0x00 && sigclass != 0x01)
+ log_bug("bad cipher class\n");
+ timestamp = buf32_to_u32(ts + 1);
+ }
else
{
/* Read, so that the filter can calculate the digest. */
@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
- opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S', NULL);
+ sigclass,
+ timestamp, duration, detached ? 'D':'S', NULL);
if( rc )
goto leave;
/* Write the signatures. */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash,
- opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S', NULL);
+ sigclass,
+ timestamp, duration, detached ? 'D':'S', NULL);
if (rc)
goto leave;

22
gnupg-2.2.21-coverity.patch
View File

@ -61,26 +61,6 @@ diff -up gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.21/dirmngr/ks-e
unsigned int tries = SEND_REQUEST_RETRIES;
unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES;
diff -up gnupg-2.2.21/g10/card-util.c.coverity gnupg-2.2.21/g10/card-util.c
--- gnupg-2.2.21/g10/card-util.c.coverity 2020-04-15 15:17:48.000000000 +0200
+++ gnupg-2.2.21/g10/card-util.c 2020-07-20 17:09:57.419148793 +0200
@@ -667,7 +667,7 @@ card_status (ctrl_t ctrl, estream_t fp,
{
int err;
strlist_t card_list, sl;
- char *serialno0, *serialno1;
+ char *serialno0, *serialno1 = NULL;
int all_cards = 0;
int any_card = 0;
@@ -712,6 +712,7 @@ card_status (ctrl_t ctrl, estream_t fp,
current_card_status (ctrl, fp, NULL, 0);
xfree (serialno1);
+ serialno1 = NULL;
if (!all_cards)
goto leave;
diff -up gnupg-2.2.21/g10/import.c.coverity gnupg-2.2.21/g10/import.c
--- gnupg-2.2.21/g10/import.c.coverity 2020-07-20 17:09:57.416148768 +0200
+++ gnupg-2.2.21/g10/import.c 2020-07-20 17:09:57.419148793 +0200
@ -103,8 +83,8 @@ diff -up gnupg-2.2.21/g10/keygen.c.coverity gnupg-2.2.21/g10/keygen.c
- unsigned int size;
+ unsigned int size = 0;
int keyuse;
int keyversion = 4;
int i;
const char *s;
@@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i
the self-signatures. */
err = agent_readkey (NULL, 1, keyid, &public);

28
gnupg-2.2.23-insttools.patch
View File

@ -1,28 +0,0 @@
diff -up gnupg-2.2.23/tools/Makefile.am.insttools gnupg-2.2.23/tools/Makefile.am
--- gnupg-2.2.23/tools/Makefile.am.insttools 2020-08-13 11:01:57.000000000 +0200
+++ gnupg-2.2.23/tools/Makefile.am 2020-09-04 13:49:34.183246428 +0200
@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER
sbin_SCRIPTS = addgnupghome applygnupgdefaults
if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
+bin_PROGRAMS += gpg-zip
+#noinst_SCRIPTS = gpg-zip
endif
if BUILD_WKS_TOOLS
diff -up gnupg-2.2.23/tools/Makefile.in.insttools gnupg-2.2.23/tools/Makefile.in
--- gnupg-2.2.23/tools/Makefile.in.insttools 2020-09-03 17:16:55.000000000 +0200
+++ gnupg-2.2.23/tools/Makefile.in 2020-09-04 13:49:34.183246428 +0200
@@ -618,8 +618,8 @@ libcommontlsnpth = ../common/libcommontl
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
sbin_SCRIPTS = addgnupghome applygnupgdefaults
-# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip
+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
@BUILD_WKS_TOOLS_FALSE@gpg_wks_server =
@BUILD_WKS_TOOLS_TRUE@gpg_wks_server = gpg-wks-server
common_libs = $(libcommon)

75
gnupg-2.2.27-shared.patch
View File

@ -1,75 +0,0 @@
# Add the option "shared-access" to scdaemon.
# If set, pcsc_connect is called with PCSC_SHARE_SHARED instead of PCSC_SHARE_EXCLUSIVE.
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -816,7 +816,7 @@ connect_pcsc_card (int slot)
err = pcsc_connect (reader_table[slot].pcsc.context,
reader_table[slot].rdrname,
- PCSC_SHARE_EXCLUSIVE,
+ opt.shared_access ? PCSC_SHARE_SHARED : PCSC_SHARE_EXCLUSIVE,
PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
&reader_table[slot].pcsc.card,
&reader_table[slot].pcsc.protocol);
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -99,6 +99,7 @@ enum cmd_and_opt_values
oDenyAdmin,
oDisableApplication,
oEnablePinpadVarlen,
+ oSharedAccess,
oListenBacklog,
oNoop
@@ -164,6 +165,8 @@ static ARGPARSE_OPTS opts[] = {
/* Stubs for options which are implemented by 2.3 or later. */
ARGPARSE_s_s (oNoop, "application-priority", "@"),
+ ARGPARSE_s_n (oSharedAccess, "shared-access", N_("use PCSC_SHARE_SHARED for pcsc_connect")),
+
ARGPARSE_end ()
};
@@ -629,6 +632,8 @@ main (int argc, char **argv )
case oNoop: break;
+ case oSharedAccess: opt.shared_access = 1; break;
+
default:
if (configname)
pargs.err = ARGPARSE_PRINT_WARNING;
@@ -727,6 +732,7 @@ main (int argc, char **argv )
es_printf ("disable-pinpad:%lu:\n", GC_OPT_FLAG_NONE );
es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
es_printf ("enable-pinpad-varlen:%lu:\n", GC_OPT_FLAG_NONE );
+ es_printf ("shared-access:%lu:\n", GC_OPT_FLAG_NONE );
scd_exit (0);
}
--- a/scd/scdaemon.h
+++ b/scd/scdaemon.h
@@ -62,6 +62,8 @@ struct
strlist_t disabled_applications; /* Card applications we do not
want to use. */
unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
+
+ int shared_access;
} opt;
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -653,6 +653,9 @@ static gc_option_t gc_options_scdaemon[] =
{ "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
"gnupg", "|N|disconnect the card after N seconds of inactivity",
GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
+ { "shared-access", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "use PCSC_SHARE_SHARED for pcsc_connect",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
{ "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,

23
gnupg2.spec
View File

@ -6,16 +6,16 @@
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.2.27
Release: 4%{?dist}
Version: 2.3.1
Release: 1%{?dist}
License: GPLv3+
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
Source1: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig
Patch1: gnupg-2.2.23-insttools.patch
# needed for compatibility with system FIPS mode
Patch3: gnupg-2.1.10-secmem.patch
# non-upstreamable patch adding file-is-digest option needed for Copr
# https://dev.gnupg.org/T1646
Patch4: gnupg-2.2.20-file-is-digest.patch
# fix handling of missing key usage on ocsp replies - upstream T1333
Patch5: gnupg-2.2.16-ocsp-keyusage.patch
@ -29,8 +29,6 @@ Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.
Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
# Fixes for issues found in Coverity scan - reported upstream
Patch30: gnupg-2.2.21-coverity.patch
# Do not require exclusive access to the pcsc
Patch31: gnupg-2.2.27-shared.patch
URL: https://www.gnupg.org/
@ -42,7 +40,7 @@ BuildRequires: curl-devel
BuildRequires: docbook-utils
BuildRequires: gettext
BuildRequires: libassuan-devel >= 2.1.0
BuildRequires: libgcrypt-devel >= 1.7.0
BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libgpg-error-devel >= 1.38
BuildRequires: libksba-devel >= 1.3.0
BuildRequires: openldap-devel
@ -101,9 +99,6 @@ to the base GnuPG package
%prep
%setup -q -n gnupg-%{version}
%if %{with unversioned_gpg}
%patch1 -p1 -b .insttools
%endif
%patch3 -p1 -b .secmem
%patch4 -p1 -b .file-is-digest
%patch5 -p1 -b .keyusage
@ -115,7 +110,6 @@ to the base GnuPG package
%patch22 -p1 -b .good_revoc
%patch30 -p1 -b .coverity
%patch31 -p1 -b .shared
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
@ -126,7 +120,8 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
%build
# can not regenerate makefiles because of automake-1.16.3 requirement
# ./autogen.sh
%configure \
%if %{without unversioned_gpg}
--enable-gpg-is-gpg2 \
@ -195,8 +190,10 @@ make -k check
## docs say to install suid root, but fedora/rh security folk say not to
%{_bindir}/gpg2
%{_bindir}/gpgv2
%{_bindir}/gpg-card
%{_bindir}/gpg-connect-agent
%{_bindir}/gpg-agent
%{_bindir}/gpg-wks-client
%{_bindir}/gpgconf
%{_bindir}/gpgparsemail
%{_bindir}/gpgtar
@ -207,7 +204,6 @@ make -k check
%{_bindir}/gpg
%{_bindir}/gpgv
%{_bindir}/gpgsplit
%{_bindir}/gpg-zip
%endif
%{_bindir}/watchgnupg
%{_bindir}/gpg-wks-server
@ -226,6 +222,9 @@ make -k check
%changelog
* Wed Apr 21 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-1
- New upstream release (#1947159)
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-4
- Add a configuration to not require exclusive access to PCSC

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (gnupg-2.2.27.tar.bz2) = cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab
SHA512 (gnupg-2.2.27.tar.bz2.sig) = d8e951cd4d4db5da53b28647c61c07c05de7fedbc8014c869dee97d9014ac7041c4fcb165ff8ec1fb4f7a6cf3db67e5e4a391c7bda999c22286db6ed78f6e5a5
SHA512 (gnupg-2.3.1.tar.bz2) = d2cc82c1b47bbd79acd6ef787c01684fb084b1c5507bbca6cf7ca8834ed978ae7a44c01d652cc3afbd70e2906583c8701aebc8d9fd3fc5e0401769ad4cd46af1
SHA512 (gnupg-2.3.1.tar.bz2.sig) = 8641330ddc11c08a1a7db0042f70bad4daa74f03bb88204f0b47a05c82165559d249c019d8af757a5d37acd7a206be78f35a6c513627c01e106149ba5643f96f