new upstream release

2013-05-15 14:48:00 +02:00 · 2013-05-15 14:48:00 +02:00 · 32cc451d93
commit 32cc451d93
parent 7d81880da8
7 changed files with 51 additions and 145 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,5 @@ gnupg-2.0.16.tar.bz2.sig
 /gnupg-2.0.18.tar.bz2.sig
 /gnupg-2.0.19.tar.bz2
 /gnupg-2.0.19.tar.bz2.sig
+/gnupg-2.0.20.tar.bz2
+/gnupg-2.0.20.tar.bz2.sig
--- a/gnupg-2.0.16-tests-s2kcount.patch
+++ b/gnupg-2.0.16-tests-s2kcount.patch
@ -1,61 +0,0 @@
-diff -up gnupg-2.0.16/tests/openpgp/conventional-mdc.test.s2k gnupg-2.0.16/tests/openpgp/conventional-mdc.test
--- gnupg-2.0.16/tests/openpgp/conventional-mdc.test.s2k	2009-09-21 11:53:46.000000000 -0500
-+++ gnupg-2.0.16/tests/openpgp/conventional-mdc.test	2010-07-23 12:22:33.892728352 -0500
-@@ -21,9 +21,9 @@ for ciph in `all_cipher_algos`; do
-         dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
-     fi
-     echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
-	--force-mdc --cipher $ciph -c -o x --yes z
-+	--force-mdc --cipher $ciph -c -o x --yes --s2k-count 65536 z
-     echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
-	-o y --yes x
-+	-o y --yes --s2k-count 96 x
-     cmp z y || error "$ciph/$i: mismatch"
-   done
- done
-diff -up gnupg-2.0.16/tests/openpgp/conventional.test.s2k gnupg-2.0.16/tests/openpgp/conventional.test
--- gnupg-2.0.16/tests/openpgp/conventional.test.s2k	2009-09-21 11:53:46.000000000 -0500
-+++ gnupg-2.0.16/tests/openpgp/conventional.test	2010-07-23 12:22:33.892728352 -0500
-@@ -12,8 +12,8 @@
- 
- #info Checking conventional encryption
- for i in plain-2 data-32000 ; do
-    echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes $i
-    echo "Hier spricht HAL" | $GPG --passphrase-fd 0    -o y --yes x
-+    echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes --s2k-count 65536 $i
-+    echo "Hier spricht HAL" | $GPG --passphrase-fd 0    -o y --yes --s2k-count 65536 x
-     cmp $i y || error "$i: mismatch"
- done
- 
-@@ -21,8 +21,8 @@ for a in `all_cipher_algos`; do
-     echo_n "$a "
-     for i in plain-1 data-80000 ; do
-       echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
-					  --cipher-algo $a -c -o x --yes $i
-      echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x
-+					  --cipher-algo $a -c -o x --yes --s2k-count 65536 $i
-+      echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes --s2k-count 65536 x
-       cmp $i y || error "$i: ($a) mismatch"
-     done
- done
-diff -up gnupg-2.0.16/tests/openpgp/genkey1024.test.s2k gnupg-2.0.16/tests/openpgp/genkey1024.test
--- gnupg-2.0.16/tests/openpgp/genkey1024.test.s2k	2010-05-11 09:28:03.000000000 -0500
-+++ gnupg-2.0.16/tests/openpgp/genkey1024.test	2010-07-23 12:27:27.217718995 -0500
-@@ -10,7 +10,7 @@
- 
- . $srcdir/defs.inc || exit 3
- 
-$GPG --quiet --batch --debug-quick-random --gen-key <<EOF
-+$GPG --quiet --batch --debug-quick-random --s2k-count 65536 --gen-key <<EOF
- Key-Type: DSA
- Key-Length: 1024
- Subkey-Type: ELG
-@@ -24,7 +24,7 @@ Passphrase: abc
- EOF
- 
- if have_pubkey_algo "RSA"; then
-$GPG --quiet --batch --debug-quick-random --gen-key <<EOF
-+$GPG --quiet --batch --debug-quick-random --s2k-count 65536 --gen-key <<EOF
- Key-Type: RSA
- Key-Length: 1024
- Key-Usage: sign,encrypt
--- a/gnupg-2.0.19-cve-2012-6085.patch
+++ b/gnupg-2.0.19-cve-2012-6085.patch
@ -1,61 +0,0 @@
-From: Werner Koch <wk@gnupg.org>
-Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100)
-Subject: gpg: Import only packets which are allowed in a keyblock.
-X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471
-
-gpg: Import only packets which are allowed in a keyblock.
-
-* g10/import.c (valid_keyblock_packet): New.
-(read_block): Store only valid packets.
--
-
-A corrupted key, which for example included a mangled public key
-encrypted packet, used to corrupt the keyring.  This change skips all
-packets which are not allowed in a keyblock.
-
-GnuPG-bug-id: 1455
-
-(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
---
-
-diff --git a/g10/import.c b/g10/import.c
-index ba2439d..ad112d6 100644
--- a/g10/import.c
-+++ b/g10/import.c
-@@ -347,6 +347,27 @@ import_print_stats (void *hd)
- }
- 
- 
-+/* Return true if PKTTYPE is valid in a keyblock.  */
-+static int
-+valid_keyblock_packet (int pkttype)
-+{
-+  switch (pkttype)
-+    {
-+    case PKT_PUBLIC_KEY:
-+    case PKT_PUBLIC_SUBKEY:
-+    case PKT_SECRET_KEY:
-+    case PKT_SECRET_SUBKEY:
-+    case PKT_SIGNATURE:
-+    case PKT_USER_ID:
-+    case PKT_ATTRIBUTE:
-+    case PKT_RING_TRUST:
-+      return 1;
-+    default:
-+      return 0;
-+    }
-+}
-+
-+
- /****************
-  * Read the next keyblock from stream A.
-  * PENDING_PKT should be initialzed to NULL
-@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
- 	    }
- 	    in_cert = 1;
- 	  default:
-	    if( in_cert ) {
-+	    if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
- 		if( !root )
- 		    root = new_kbnode( pkt );
- 		else
--- a/gnupg-2.0.20-ocsp-keyusage.patch
+++ b/gnupg-2.0.20-ocsp-keyusage.patch
@ -1,7 +1,7 @@
-diff -r -u gnupg-2.0.16.orig/sm/certlist.c gnupg-2.0.16/sm/certlist.c
--- gnupg-2.0.16.orig/sm/certlist.c	2009-09-21 18:53:43.000000000 +0200
-+++ gnupg-2.0.16/sm/certlist.c	2010-11-29 16:47:26.284497534 +0100
-@@ -146,10 +146,9 @@
+diff -up gnupg-2.0.20/sm/certlist.c.keyusage gnupg-2.0.20/sm/certlist.c
+--- gnupg-2.0.20/sm/certlist.c.keyusage	2013-05-10 14:55:49.000000000 +0200
+++ gnupg-2.0.20/sm/certlist.c	2013-05-15 14:15:57.420276618 +0200
+@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode
 
   if (mode == 5)
     {
@ -13,5 +13,5 @@ diff -r -u gnupg-2.0.16.orig/sm/certlist.c gnupg-2.0.16/sm/certlist.c
 +          || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
 +                     |KSBA_KEYUSAGE_CRL_SIGN)))
         return 0;
-       log_info (_("certificate should have not "
+       log_info (_("certificate should not have "
                   "been used for OCSP response signing\n"));
--- a/gnupg-2.0.20-secmem.patch
+++ b/gnupg-2.0.20-secmem.patch
@ -0,0 +1,33 @@
+diff -up gnupg-2.0.20/g10/gpg.c.secmem gnupg-2.0.20/g10/gpg.c
+--- gnupg-2.0.20/g10/gpg.c.secmem	2013-05-10 14:55:46.000000000 +0200
+++ gnupg-2.0.20/g10/gpg.c	2013-05-15 14:13:50.989541530 +0200
+@@ -794,7 +794,7 @@ make_libversion (const char *libname, co
+ 
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
+@@ -898,7 +898,7 @@ build_list (const char *text, char lette
+   char *string;
+ 
+   if (maybe_setuid)
+-    gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+    gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+ 
+   indent = utf8_charcount (text);
+   len = 0;
+diff -up gnupg-2.0.20/sm/gpgsm.c.secmem gnupg-2.0.20/sm/gpgsm.c
+--- gnupg-2.0.20/sm/gpgsm.c.secmem	2013-05-10 14:55:49.000000000 +0200
+++ gnupg-2.0.20/sm/gpgsm.c	2013-05-15 14:11:18.819249598 +0200
+@@ -493,7 +493,7 @@ make_libversion (const char *libname, co
+ 
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
--- a/gnupg2.spec
+++ b/gnupg2.spec
@ -1,7 +1,7 @@
 Summary: Utility for secure communication and data storage
 Name:    gnupg2
-Version: 2.0.19
-Release: 8%{?dist}
+Version: 2.0.20
+Release: 1%{?dist}

 License: GPLv3+
 Group:   Applications/System
@ -10,15 +10,12 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.
 # svn export svn://cvs.gnupg.org/gnupg/trunk gnupg2; tar cjf gnupg-<date>svn.tar.bz2 gnupg2
 #Source0: gnupg2-20090809svn.tar.bz2
 Patch1:  gnupg-2.0.19-insttools.patch
-Patch2:  gnupg-2.0.16-tests-s2kcount.patch
-Patch3:  gnupg-2.0.18-secmem.patch
+Patch3:  gnupg-2.0.20-secmem.patch
 Patch4:  gnupg-2.0.18-protect-tool-env.patch
-Patch5:  gnupg-2.0.16-ocsp-keyusage.patch
+Patch5:  gnupg-2.0.20-ocsp-keyusage.patch
 Patch6:  gnupg-2.0.19-fips-algo.patch
-Patch7:  gnupg-2.0.19-cve-2012-6085.patch

 URL:     http://www.gnupg.org/
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 #BuildRequires: automake libtool texinfo transfig
 BuildRequires: bzip2-devel
@ -77,12 +74,10 @@ to the base GnuPG package
 %if 0%{?rhel} > 5
 %patch1 -p1 -b .insttools
 %endif
-%patch2 -p1 -b .s2k
 %patch3 -p1 -b .secmem
 %patch4 -p1 -b .ptool-env
 %patch5 -p1 -b .keyusage
 %patch6 -p1 -b .fips
-%patch7 -p1 -b .valid-packet

 # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
 # Note: this is just the name of the default shared lib to load in scdaemon,
@ -105,8 +100,6 @@ make %{?_smp_mflags}


 %install
-rm -rf %{buildroot}
-
 make install DESTDIR=%{buildroot} \
  INSTALL="install -p" \
  docdir=%{_docdir}/%{name}-%{version}
@ -184,22 +177,22 @@ fi
 %exclude %{_datadir}/gnupg/com-certs.pem
 %exclude %{_mandir}/man?/gpgsm*
 %exclude %{_mandir}/man?/scdaemon*
+%exclude %{_libexecdir}/scdaemon

 %files smime
 %defattr(-,root,root,-)
 %{_bindir}/gpgsm*
 %{_bindir}/kbxutil
-%{_bindir}/scdaemon
+%{_libexecdir}/scdaemon
 %{_mandir}/man?/gpgsm*
 %{_mandir}/man?/scdaemon*
 %{_datadir}/gnupg/com-certs.pem


-%clean
-rm -rf %{buildroot}
-
-
 %changelog
+* Wed May 15 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.20-1
+- new upstream release
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-6a8589381ca1b0c1a921e9955f42b016  gnupg-2.0.19.tar.bz2
-7d4763596ac3d3c9f573493a31e44b26  gnupg-2.0.19.tar.bz2.sig
+9d18ee71bb0b10d40d1c8a393bdd7a89  gnupg-2.0.20.tar.bz2
+2db3d906eb28db4fb2aa6b9a86cda075  gnupg-2.0.20.tar.bz2.sig