rpms/gnupg2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import gnupg2-2.2.20-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-03 06:45:54 -05:00 committed by Andrew Lukoshko
parent b8f0786472
commit 2b6f421095
13 changed files with 746 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/gnupg-2.2.9.tar.bz2
SOURCES/gnupg-2.2.20.tar.bz2

2
.gnupg2.metadata
View File

@ -1 +1 @@
e6ef18c2e06175bbe563959c9acc682c02bcd572 SOURCES/gnupg-2.2.9.tar.bz2
d5290f0781df5dc83302127d6065fb59b35e53d7 SOURCES/gnupg-2.2.20.tar.bz2

17
SOURCES/gnupg-2.1.1-ocsp-keyusage.patch
View File

@ -1,17 +0,0 @@
diff -up gnupg-2.1.1/sm/certlist.c.keyusage gnupg-2.1.1/sm/certlist.c
--- gnupg-2.1.1/sm/certlist.c.keyusage 2014-11-27 11:51:36.000000000 +0100
+++ gnupg-2.1.1/sm/certlist.c 2015-01-29 17:30:57.117135497 +0100
@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode
if (mode == 5)
{
- if (use != ~0
- && (have_ocsp_signing
- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
- |KSBA_KEYUSAGE_CRL_SIGN))))
+ if (have_ocsp_signing
+ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+ |KSBA_KEYUSAGE_CRL_SIGN)))
return 0;
log_info (_("certificate should not have "
"been used for OCSP response signing\n"));

38
SOURCES/gnupg-2.1.19-exponential.patch
View File

@ -1,38 +0,0 @@
diff -up gnupg-2.1.19/common/asshelp.c.exponential gnupg-2.1.19/common/asshelp.c
--- gnupg-2.1.19/common/asshelp.c.exponential 2017-03-01 14:04:33.000000000 +0100
+++ gnupg-2.1.19/common/asshelp.c 2017-03-15 17:18:14.279792654 +0100
@@ -434,12 +434,12 @@ start_new_gpg_agent (assuan_context_t *r
agent_program, gpg_strerror (err));
else
{
- for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
+ for (i=2; i < SECS_TO_WAIT_FOR_AGENT*1000; i<<=1) /* start with 2 ms */
{
- if (verbose)
+ if (verbose && i > 500)
log_info (_("waiting for the agent to come up ... (%ds)\n"),
- SECS_TO_WAIT_FOR_AGENT - i);
- gnupg_sleep (1);
+ SECS_TO_WAIT_FOR_AGENT - i/1000);
+ gnupg_usleep (i*1000);
err = assuan_socket_connect (ctx, sockname, 0, 0);
if (!err)
{
@@ -587,13 +587,13 @@ start_new_dirmngr (assuan_context_t *r_c
{
int i;
- for (i=0; i < SECS_TO_WAIT_FOR_DIRMNGR; i++)
+ for (i=2; i < SECS_TO_WAIT_FOR_DIRMNGR*1000; i<<=1) /* start with 2 ms */
{
- if (verbose)
+ if (verbose && i > 500)
log_info (_("waiting for the dirmngr "
"to come up ... (%ds)\n"),
- SECS_TO_WAIT_FOR_DIRMNGR - i);
- gnupg_sleep (1);
+ SECS_TO_WAIT_FOR_DIRMNGR - i/1000);
+ gnupg_usleep (i*1000);
err = assuan_socket_connect (ctx, sockname, 0, 0);
if (!err)
{

17
SOURCES/gnupg-2.2.16-ocsp-keyusage.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up gnupg-2.2.16/sm/certlist.c.keyusage gnupg-2.2.16/sm/certlist.c
--- gnupg-2.2.16/sm/certlist.c.keyusage 2019-07-01 17:17:06.925254065 +0200
+++ gnupg-2.2.16/sm/certlist.c 2019-07-01 17:24:15.665759322 +0200
@@ -147,10 +147,9 @@ cert_usage_p (ksba_cert_t cert, int mode
if (mode == 5)
{
- if (use != ~0
- && (have_ocsp_signing
- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
- |KSBA_KEYUSAGE_CRL_SIGN))))
+ if (have_ocsp_signing
+ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+ |KSBA_KEYUSAGE_CRL_SIGN)))
return 0;
if (!silent)
log_info (_("certificate should not have "

32
SOURCES/gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch Normal file
View File

@ -0,0 +1,32 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:43 +0200
Subject: gpg: accept subkeys with a good revocation but no self-sig during
import
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.
--
This fixes the remaining test in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/g10/import.c b/g10/import.c
index f9acf95..9217911 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -3602,6 +3602,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
/* It's valid, so is it newer? */
if (sig->timestamp >= rsdate)
{
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
if (rsnode)
{
/* Delete the last revocation sig since

106
SOURCES/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch Normal file
View File

@ -0,0 +1,106 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:42 +0200
Subject: gpg: allow import of previously known keys, even without UIDs
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
has no user id, as long as we already have a local variant of the cert
that matches the primary key.
--
This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 44 +++++++++++---------------------------------
1 file changed, 11 insertions(+), 33 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index 5d3162c..f9acf95 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
- int any_filter = 0;
KEYDB_HANDLE hd = NULL;
if (r_valid)
@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
-
- if (!uidnode )
- {
- if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
- return 0;
- }
-
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl,
}
}
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
- {
- if (!silent)
- {
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet )
- log_info(_("this may be caused by a missing self-signature\n"));
- }
- stats->no_user_id++;
- return 0;
- }
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
+ delete_inv_parts (ctrl, keyblock, keyid, options);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
- any_filter = 1;
}
if (import_filter.drop_sig)
{
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock);
- any_filter = 1;
- }
-
- /* If we ran any filter we need to check that at least one user id
- * is left in the keyring. Note that we do not use log_error in
- * this case. */
- if (any_filter && !any_uid_left (keyblock))
- {
- if (!opt.quiet )
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
- stats->no_user_id++;
- return 0;
}
/* The keyblock is valid and ready for real import. */
@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}
+ else if (err && !any_uid_left (keyblock))
+ {
+ if (!silent)
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
+ err = 0;
+ stats->no_user_id++;
+ }
else if (err) /* Insert this key. */
{
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */

201
SOURCES/gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch Normal file
View File

@ -0,0 +1,201 @@
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:41 +0200
Subject: tests: add test cases for import without uid
This commit adds a test case that does the following, in order:
- Import of a primary key plus user id
- Check that import of a subkey works, without a user id present in the
imported key
- Check that import of a subkey revocation works, without a user id or
subkey binding signature present in the imported key
- Check that import of a primary key revocation works, without a user id
present in the imported key
--
Note that this test currently fails. The following changesets will
fix gpg so that the tests pass.
GnuPG-Bug-id: 4393
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
tests/openpgp/Makefile.am | 1 +
tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++
.../import-incomplete/primary+revocation.asc | 9 +++
.../primary+subkey+sub-revocation.asc | 10 ++++
.../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++
.../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++
tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++
7 files changed, 118 insertions(+)
create mode 100755 tests/openpgp/import-incomplete.scm
create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc
create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index f6014c9..6423da1 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -78,6 +78,7 @@ XTESTS = \
gpgv-forged-keyring.scm \
armor.scm \
import.scm \
+ import-incomplete.scm \
import-revocation-certificate.scm \
ecc.scm \
4gb-packet.scm \
diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm
new file mode 100755
index 0000000..727a027
--- /dev/null
+++ b/tests/openpgp/import-incomplete.scm
@@ -0,0 +1,68 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+(setup-environment)
+
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc")))
+
+(info "Test import of new subkey, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "sub:")
+ (string-contains? line "573EA710367356BB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
+(info "Test import of a subkey revocation, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "sub:r:")
+ (string-contains? line "573EA710367356BB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
+(info "Test import of revocation, from a certificate without uid")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "pub:r:")
+ (string-contains? line "0843DA969AA8DAFB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc
new file mode 100644
index 0000000..6b7b608
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [E] primary key, revocation signature over primary (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ==
+=tM90
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
new file mode 100644
index 0000000..83a51a5
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [D] primary key, subkey, subkey revocation (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ=
+=dwx2
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
new file mode 100644
index 0000000..dc47a02
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [B] primary key, subkey, subkey binding sig (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg=
+=xuDu
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc
new file mode 100644
index 0000000..134607d
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN
+9ohXOEBWvdJgVv2YAg==
+=KWIK
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc
new file mode 100644
index 0000000..055f300
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [A] primary key, user ID, and self-sig expiring in 2021
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs=
+=1eII
+-----END PGP PUBLIC KEY BLOCK-----

319
SOURCES/gnupg-2.2.20-coverity.patch Normal file
View File

@ -0,0 +1,319 @@
diff -up gnupg-2.2.20/common/server-help.c.coverity gnupg-2.2.20/common/server-help.c
--- gnupg-2.2.20/common/server-help.c.coverity 2019-02-11 10:59:34.000000000 +0100
+++ gnupg-2.2.20/common/server-help.c 2020-05-04 12:00:01.085945639 +0200
@@ -156,7 +156,7 @@ get_option_value (char *line, const char
*pend = 0;
*r_value = xtrystrdup (p);
*pend = c;
- if (!p)
+ if (!*r_value)
return my_error_from_syserror ();
return 0;
}
diff -up gnupg-2.2.20/dirmngr/dns.c.coverity gnupg-2.2.20/dirmngr/dns.c
--- gnupg-2.2.20/dirmngr/dns.c.coverity 2019-07-09 11:08:45.000000000 +0200
+++ gnupg-2.2.20/dirmngr/dns.c 2020-05-04 18:04:12.285521661 +0200
@@ -10106,9 +10106,8 @@ static const struct {
{ "AR", DNS_S_ADDITIONAL },
};
-const char *(dns_strsection)(enum dns_section section) {
- char _dst[DNS_STRMAXLEN + 1] = { 0 };
- struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst);
+const char *(dns_strsection)(enum dns_section section, void *_dst, size_t lim) {
+ struct dns_buf dst = DNS_B_INTO(_dst, lim);
unsigned i;
for (i = 0; i < lengthof(dns_sections); i++) {
@@ -10156,9 +10155,8 @@ static const struct {
{ "IN", DNS_C_IN },
};
-const char *(dns_strclass)(enum dns_class type) {
- char _dst[DNS_STRMAXLEN + 1] = { 0 };
- struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst);
+const char *(dns_strclass)(enum dns_class type, void *_dst, size_t lim) {
+ struct dns_buf dst = DNS_B_INTO(_dst, lim);
unsigned i;
for (i = 0; i < lengthof(dns_classes); i++) {
@@ -10193,9 +10191,8 @@ enum dns_class dns_iclass(const char *na
} /* dns_iclass() */
-const char *(dns_strtype)(enum dns_type type) {
- char _dst[DNS_STRMAXLEN + 1] = { 0 };
- struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst);
+const char *(dns_strtype)(enum dns_type type, void *_dst, size_t lim) {
+ struct dns_buf dst = DNS_B_INTO(_dst, lim);
unsigned i;
for (i = 0; i < lengthof(dns_rrtypes); i++) {
diff -up gnupg-2.2.20/dirmngr/dns.h.coverity gnupg-2.2.20/dirmngr/dns.h
--- gnupg-2.2.20/dirmngr/dns.h.coverity 2019-03-07 13:03:26.000000000 +0100
+++ gnupg-2.2.20/dirmngr/dns.h 2020-05-04 18:04:12.287521625 +0200
@@ -272,15 +272,25 @@ enum dns_rcode {
*/
#define DNS_STRMAXLEN 47 /* "QUESTION|ANSWER|AUTHORITY|ADDITIONAL" */
-DNS_PUBLIC const char *dns_strsection(enum dns_section);
+DNS_PUBLIC const char *dns_strsection(enum dns_section, void *, size_t);
+#define dns_strsection3(a, b, c) \
+ dns_strsection((a), (b), (c))
+#define dns_strsection1(a) dns_strsection((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1)
+#define dns_strsection(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strsection, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__)
DNS_PUBLIC enum dns_section dns_isection(const char *);
-DNS_PUBLIC const char *dns_strclass(enum dns_class);
+DNS_PUBLIC const char *dns_strclass(enum dns_class, void *, size_t);
+#define dns_strclass3(a, b, c) dns_strclass((a), (b), (c))
+#define dns_strclass1(a) dns_strclass((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1)
+#define dns_strclass(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strclass, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__)
DNS_PUBLIC enum dns_class dns_iclass(const char *);
-DNS_PUBLIC const char *dns_strtype(enum dns_type);
+DNS_PUBLIC const char *dns_strtype(enum dns_type, void *, size_t);
+#define dns_strtype3(a, b, c) dns_strtype((a), (b), (c))
+#define dns_strtype1(a) dns_strtype((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1)
+#define dns_strtype(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strtype, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__)
DNS_PUBLIC enum dns_type dns_itype(const char *);
diff -up gnupg-2.2.20/dirmngr/domaininfo.c.coverity gnupg-2.2.20/dirmngr/domaininfo.c
--- gnupg-2.2.20/dirmngr/domaininfo.c.coverity 2019-07-09 11:08:45.000000000 +0200
+++ gnupg-2.2.20/dirmngr/domaininfo.c 2020-05-04 17:54:30.800899152 +0200
@@ -193,6 +193,7 @@ insert_or_update (const char *domain,
log_error ("domaininfo: error allocating helper array: %s\n",
gpg_strerror (gpg_err_code_from_syserror ()));
drop_extra = bucket;
+ xfree (di_new);
goto leave;
}
narray = 0;
@@ -258,6 +259,8 @@ insert_or_update (const char *domain,
* sensible strategy. */
drop_extra = domainbuckets[hash];
domainbuckets[hash] = keep;
+
+ xfree (array);
}
/* Insert */
diff -up gnupg-2.2.20/dirmngr/http.c.coverity gnupg-2.2.20/dirmngr/http.c
--- gnupg-2.2.20/dirmngr/http.c.coverity 2019-11-18 18:44:33.000000000 +0100
+++ gnupg-2.2.20/dirmngr/http.c 2020-05-04 17:00:47.826878715 +0200
@@ -3656,7 +3656,6 @@ http_prepare_redirect (http_redir_info_t
if (!newurl)
{
err = gpg_error_from_syserror ();
- http_release_parsed_uri (locuri);
return err;
}
}
@@ -3675,7 +3674,6 @@ http_prepare_redirect (http_redir_info_t
if (!newurl)
{
err = gpg_error_from_syserror ();
- http_release_parsed_uri (locuri);
return err;
}
}
diff -up gnupg-2.2.20/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.20/dirmngr/ks-engine-hkp.c
--- gnupg-2.2.20/dirmngr/ks-engine-hkp.c.coverity 2019-11-18 18:44:33.000000000 +0100
+++ gnupg-2.2.20/dirmngr/ks-engine-hkp.c 2020-05-04 12:39:49.970920664 +0200
@@ -1426,7 +1426,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t
int reselect;
unsigned int httpflags;
char *httphost = NULL;
- unsigned int http_status;
+ unsigned int http_status = 0;
unsigned int tries = SEND_REQUEST_RETRIES;
unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES;
diff -up gnupg-2.2.20/g10/card-util.c.coverity gnupg-2.2.20/g10/card-util.c
--- gnupg-2.2.20/g10/card-util.c.coverity 2020-03-03 13:33:22.000000000 +0100
+++ gnupg-2.2.20/g10/card-util.c 2020-05-04 16:56:47.788157786 +0200
@@ -704,7 +704,7 @@ card_status (ctrl_t ctrl, estream_t fp,
{
int err;
strlist_t card_list, sl;
- char *serialno0, *serialno1;
+ char *serialno0, *serialno1 = NULL;
int all_cards = 0;
int any_card = 0;
@@ -749,6 +749,7 @@ card_status (ctrl_t ctrl, estream_t fp,
current_card_status (ctrl, fp, NULL, 0);
xfree (serialno1);
+ serialno1 = NULL;
if (!all_cards)
goto leave;
diff -up gnupg-2.2.20/g10/import.c.coverity gnupg-2.2.20/g10/import.c
--- gnupg-2.2.20/g10/import.c.coverity 2020-05-04 12:34:39.820379830 +0200
+++ gnupg-2.2.20/g10/import.c 2020-05-04 12:34:55.366106195 +0200
@@ -1888,7 +1888,7 @@ import_one_real (ctrl_t ctrl,
if (opt.interactive && !silent)
{
- if (is_status_enabled())
+ if (uidnode && is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
merge_keys_and_selfsig (ctrl, keyblock);
tty_printf ("\n");
diff -up gnupg-2.2.20/g10/keygen.c.coverity gnupg-2.2.20/g10/keygen.c
--- gnupg-2.2.20/g10/keygen.c.coverity 2020-05-04 12:23:04.852613017 +0200
+++ gnupg-2.2.20/g10/keygen.c 2020-05-04 17:33:18.923891110 +0200
@@ -3075,7 +3075,7 @@ parse_key_parameter_part (ctrl_t ctrl,
char *endp;
const char *curve = NULL;
int ecdh_or_ecdsa = 0;
- unsigned int size;
+ unsigned int size = 0;
int keyuse;
int i;
const char *s;
@@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i
the self-signatures. */
err = agent_readkey (NULL, 1, keyid, &public);
if (err)
- return err;
+ {
+ xfree (pkt);
+ xfree (pk);
+ return err;
+ }
err = gcry_sexp_sscan (&s_key, NULL, public,
gcry_sexp_canon_len (public, 0, NULL, NULL));
xfree (public);
if (err)
- return err;
+ {
+ xfree (pkt);
+ xfree (pk);
+ return err;
+ }
if (algo == PUBKEY_ALGO_RSA)
err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
@@ -5739,6 +5747,7 @@ gen_card_key (int keyno, int algo, int i
if (err)
{
log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
+ xfree (pkt);
free_public_key (pk);
return err;
}
diff -up gnupg-2.2.20/g10/sig-check.c.coverity gnupg-2.2.20/g10/sig-check.c
--- gnupg-2.2.20/g10/sig-check.c.coverity 2020-05-04 12:18:18.515653963 +0200
+++ gnupg-2.2.20/g10/sig-check.c 2020-05-04 12:18:33.599388425 +0200
@@ -902,6 +902,7 @@ check_signature_over_key_or_uid (ctrl_t
{
/* Issued by a subkey. */
signer = subk;
+ *is_selfsig = 1;
break;
}
}
diff -up gnupg-2.2.20/g10/sign.c.coverity gnupg-2.2.20/g10/sign.c
--- gnupg-2.2.20/g10/sign.c.coverity 2020-04-30 11:56:43.909360043 +0200
+++ gnupg-2.2.20/g10/sign.c 2020-05-04 12:08:56.651544958 +0200
@@ -823,7 +823,7 @@ write_signature_packets (ctrl_t ctrl,
PKT_public_key *pk;
PKT_signature *sig;
gcry_md_hd_t md;
- gpg_error_t err;
+ gpg_error_t err = 0;
pk = sk_rover->pk;
diff -up gnupg-2.2.20/kbx/keybox-dump.c.coverity gnupg-2.2.20/kbx/keybox-dump.c
--- gnupg-2.2.20/kbx/keybox-dump.c.coverity 2019-08-23 15:59:06.000000000 +0200
+++ gnupg-2.2.20/kbx/keybox-dump.c 2020-05-04 17:25:53.365946213 +0200
@@ -786,11 +786,15 @@ _keybox_dump_cut_records (const char *fi
while ( !(rc = _keybox_read_blob (&blob, fp, NULL)) )
{
if (recno > to)
- break; /* Ready. */
+ {
+ _keybox_release_blob (blob);
+ break; /* Ready. */
+ }
if (recno >= from)
{
if ((rc = _keybox_write_blob (blob, outfp)))
{
+ _keybox_release_blob (blob);
fprintf (stderr, "error writing output: %s\n",
gpg_strerror (rc));
goto leave;
diff -up gnupg-2.2.20/tools/gpg-wks-server.c.coverity gnupg-2.2.20/tools/gpg-wks-server.c
--- gnupg-2.2.20/tools/gpg-wks-server.c.coverity 2020-02-10 16:12:13.000000000 +0100
+++ gnupg-2.2.20/tools/gpg-wks-server.c 2020-05-04 11:52:42.547643198 +0200
@@ -890,15 +890,18 @@ store_key_as_pending (const char *dir, e
}
leave:
- if (err)
+ if (fname)
{
- es_fclose (outfp);
- gnupg_remove (fname);
- }
- else if (es_fclose (outfp))
- {
- err = gpg_error_from_syserror ();
- log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
+ if (err)
+ {
+ es_fclose (outfp);
+ gnupg_remove (fname);
+ }
+ else if (es_fclose (outfp))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
+ }
}
if (!err)
diff -up gnupg-2.2.20/tools/wks-util.c.coverity gnupg-2.2.20/tools/wks-util.c
--- gnupg-2.2.20/tools/wks-util.c.coverity 2020-05-04 12:02:21.839475031 +0200
+++ gnupg-2.2.20/tools/wks-util.c 2020-05-04 17:23:19.552726949 +0200
@@ -948,7 +948,7 @@ ensure_policy_file (const char *addrspec
static gpg_error_t
install_key_from_spec_file (const char *fname)
{
- gpg_error_t err;
+ gpg_error_t err = 0;
estream_t fp;
char *line = NULL;
size_t linelen = 0;
@@ -1195,10 +1195,8 @@ wks_cmd_print_wkd_hash (const char *user
char *addrspec, *fname;
err = wks_fname_from_userid (userid, 1, &fname, &addrspec);
- if (err)
- return err;
-
- es_printf ("%s %s\n", fname, addrspec);
+ if (!err)
+ es_printf ("%s %s\n", fname, addrspec);
xfree (fname);
xfree (addrspec);
@@ -1216,7 +1214,10 @@ wks_cmd_print_wkd_url (const char *useri
err = wks_fname_from_userid (userid, 1, &fname, &addrspec);
if (err)
- return err;
+ {
+ xfree (addrspec);
+ return err;
+ }
domain = strchr (addrspec, '@');
if (domain)

57
SOURCES/gnupg-2.2.8-file-is-digest.patch → SOURCES/gnupg-2.2.20-file-is-digest.patch
View File

@ -1,7 +1,7 @@
diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c
--- gnupg-2.2.8/g10/gpg.c.file-is-digest 2018-06-11 10:15:33.755167428 +0200
+++ gnupg-2.2.8/g10/gpg.c 2018-06-11 10:17:36.352063501 +0200
@@ -376,6 +376,7 @@ enum cmd_and_opt_values
diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
--- gnupg-2.2.20/g10/gpg.c.file-is-digest 2020-04-14 16:33:42.630269318 +0200
+++ gnupg-2.2.20/g10/gpg.c 2020-04-14 16:34:46.455100086 +0200
@@ -380,6 +380,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@ -9,7 +9,7 @@ diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c
oXauthority,
oGroup,
oUnGroup,
@@ -821,6 +822,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
@ -17,7 +17,7 @@ diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -2390,6 +2392,7 @@ main (int argc, char **argv)
@@ -2419,6 +2421,7 @@ main (int argc, char **argv)
opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
@ -25,18 +25,18 @@ diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
opt.emit_version = 0;
@@ -2963,6 +2966,7 @@ main (int argc, char **argv)
@@ -2997,6 +3000,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
+ case oFileIsDigest: opt.file_is_digest = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
diff -up gnupg-2.2.8/g10/options.h.file-is-digest gnupg-2.2.8/g10/options.h
--- gnupg-2.2.8/g10/options.h.file-is-digest 2018-05-31 12:03:06.000000000 +0200
+++ gnupg-2.2.8/g10/options.h 2018-06-11 10:15:33.757167476 +0200
@@ -210,6 +210,7 @@ struct
case oIncludeKeyBlock: opt.flags.include_key_block = 1; break;
diff -up gnupg-2.2.20/g10/options.h.file-is-digest gnupg-2.2.20/g10/options.h
--- gnupg-2.2.20/g10/options.h.file-is-digest 2020-03-14 19:54:05.000000000 +0100
+++ gnupg-2.2.20/g10/options.h 2020-04-14 16:33:42.634269245 +0200
@@ -202,6 +202,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@ -44,9 +44,9 @@ diff -up gnupg-2.2.8/g10/options.h.file-is-digest gnupg-2.2.8/g10/options.h
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
--- gnupg-2.2.8/g10/sign.c.file-is-digest 2017-08-28 12:22:54.000000000 +0200
+++ gnupg-2.2.8/g10/sign.c 2018-06-11 10:15:33.757167476 +0200
diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
--- gnupg-2.2.20/g10/sign.c.file-is-digest 2020-03-14 19:35:46.000000000 +0100
+++ gnupg-2.2.20/g10/sign.c 2020-04-14 16:36:54.661751422 +0200
@@ -40,6 +40,7 @@
#include "pkglue.h"
#include "../common/sysutils.h"
@ -55,7 +55,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
#include "../common/mbox-util.h"
#include "../common/compliance.h"
@@ -727,6 +728,8 @@ write_signature_packets (ctrl_t ctrl,
@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl,
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
@ -64,20 +64,21 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
else
sig->version = pk->version;
@@ -750,8 +753,10 @@ write_signature_packets (ctrl_t ctrl,
mk_notation_policy_etc (sig, NULL, pk);
@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl,
else
err = 0;
}
- hash_sigversion_to_magic (md, sig);
- gcry_md_final (md);
+
+ if (!opt.file_is_digest) {
+ hash_sigversion_to_magic (md, sig);
+ gcry_md_final (md);
+ }
rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md);
@@ -813,6 +818,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
if (!err)
err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
@@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@ -86,7 +87,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
pfx = new_progress_context ();
afx = new_armor_context ();
@@ -830,7 +837,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
@ -104,7 +105,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
@@ -851,7 +867,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
/* prepare iobufs */
@ -113,7 +114,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
@@ -989,7 +1005,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@ -122,7 +123,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag)
@@ -1044,6 +1060,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
@ -131,7 +132,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
@@ -1084,6 +1102,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1195,6 +1214,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
}
@ -177,7 +178,7 @@ diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
@@ -1102,8 +1159,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md,

BIN
SOURCES/gnupg-2.2.20.tar.bz2.sig Normal file
View File

Binary file not shown.

BIN
SOURCES/gnupg-2.2.9.tar.bz2.sig
View File

Binary file not shown.

55
SPECS/gnupg2.spec
View File

@ -1,23 +1,31 @@
%bcond_without unversioned_gpg
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.2.9
Release: 1%{?dist}
Version: 2.2.20
Release: 2%{?dist}
License: GPLv3+
Group: Applications/System
Source0: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig
Patch1: gnupg-2.1.21-insttools.patch
# exponential backoff when waiting on gpg-agent and dirmngr to save time
Patch2: gnupg-2.1.19-exponential.patch
# needed for compatibility with system FIPS mode
Patch3: gnupg-2.1.10-secmem.patch
# non-upstreamable patch adding file-is-digest option needed for Copr
Patch4: gnupg-2.2.8-file-is-digest.patch
Patch5: gnupg-2.1.1-ocsp-keyusage.patch
Patch4: gnupg-2.2.20-file-is-digest.patch
# fix handling of missing key usage on ocsp replies - upstream T1333
Patch5: gnupg-2.2.16-ocsp-keyusage.patch
Patch6: gnupg-2.1.1-fips-algo.patch
# allow 8192 bit RSA keys in keygen UI with large RSA
Patch9: gnupg-2.1.21-large-rsa.patch
# fix missing uid on refresh from keys.openpgp.org
# https://salsa.debian.org/debian/gnupg2/commit/f292beac1171c6c77faf41d1f88c2e0942ed4437
Patch20: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
# Fixes for issues found in Coverity scan - reported upstream
Patch30: gnupg-2.2.20-coverity.patch
URL: http://www.gnupg.org/
@ -48,7 +56,7 @@ Recommends: pinentry
Recommends: gnupg2-smime
%if 0%{?rhel} > 5
%if %{with unversioned_gpg}
# pgp-tools, perl-GnuPG-Interface requires 'gpg' (not sure why) -- Rex
Provides: gpg = %{version}-%{release}
# Obsolete GnuPG-1 package
@ -64,7 +72,6 @@ Obsoletes: dirmngr < 1.2.0-1
%package smime
Summary: CMS encryption and signing tool and smart card support for GnuPG
Requires: gnupg2 = %{version}-%{release}
Group: Applications/Internet
%description
@ -87,16 +94,21 @@ to the base GnuPG package
%prep
%setup -q -n gnupg-%{version}
%if 0%{?rhel} > 5
%if %{with unversioned_gpg}
%patch1 -p1 -b .insttools
%endif
%patch2 -p1 -b .exponential
%patch3 -p1 -b .secmem
%patch4 -p1 -b .file-is-digest
%patch5 -p1 -b .keyusage
%patch6 -p1 -b .fips
%patch9 -p1 -b .large-rsa
%patch20 -p1 -b .test_missing_uid
%patch21 -p1 -b .prev_known_key
%patch22 -p1 -b .good_revoc
%patch30 -p1 -b .coverity
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
# it can use other implementations too (including non-pcsc ones).
@ -108,7 +120,7 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
%build
%configure \
%if ! (0%{?rhel} > 5)
%if %{without unversioned_gpg}
--enable-gpg-is-gpg2 \
%endif
--disable-gpgtar \
@ -127,7 +139,7 @@ make install DESTDIR=%{buildroot} \
INSTALL="install -p" \
docdir=%{_pkgdocdir}
%if ! (0%{?rhel} > 5)
%if %{without unversioned_gpg}
# rename file conflicting with gnupg-1.x
rename gnupg.7 gnupg2.7 %{buildroot}%{_mandir}/man7/gnupg.7*
%endif
@ -142,7 +154,7 @@ touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf
install -m644 -p AUTHORS NEWS THANKS TODO \
%{buildroot}%{_pkgdocdir}
%if 0%{?rhel} > 5
%if %{with unversioned_gpg}
# compat symlinks
ln -sf gpg %{buildroot}%{_bindir}/gpg2
ln -sf gpgv %{buildroot}%{_bindir}/gpgv2
@ -157,6 +169,11 @@ rm -f %{buildroot}%{_infodir}/dir
# drop the gpg scheme interpreter
rm -f %{buildroot}%{_bindir}/gpgscm
# Move the systemd user units to appropriate directory
install -d -m755 %{buildroot}%{_userunitdir}
mv %{buildroot}%{_pkgdocdir}/examples/systemd-user/*.socket %{buildroot}%{_userunitdir}
mv %{buildroot}%{_pkgdocdir}/examples/systemd-user/*.service %{buildroot}%{_userunitdir}
%check
# need scratch gpg database for tests
mkdir -p $HOME/.gnupg
@ -180,18 +197,20 @@ make -k check
%{_bindir}/g13
%{_bindir}/dirmngr
%{_bindir}/dirmngr-client
%if 0%{?rhel} > 5
%if %{with unversioned_gpg}
%{_bindir}/gpg
%{_bindir}/gpgv
%{_bindir}/gpgsplit
%{_bindir}/gpg-zip
%endif
%{_bindir}/watchgnupg
%{_bindir}/gpg-wks-server
%{_sbindir}/*
%{_datadir}/gnupg/
%{_libexecdir}/*
%{_infodir}/*.info*
%{_mandir}/man?/*
%{_userunitdir}/*
%exclude %{_mandir}/man?/gpgsm*
%files smime
@ -201,6 +220,12 @@ make -k check
%changelog
* Mon May 4 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.20-2
- fixes for issues found in Coverity scan
* Thu Apr 30 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.20-1
- upgrade to 2.2.20
* Wed Aug 1 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.9-1
- upgrade to 2.2.9