now included in rhel5

This commit is contained in:
Rex Dieter 2014-09-27 13:51:26 -05:00
parent 29dd9ff404
commit 78cdb407b8
9 changed files with 1 additions and 967 deletions

18
.gitignore vendored
View File

@ -1,18 +0,0 @@
gnupg-2.0.16.tar.bz2
gnupg-2.0.16.tar.bz2.sig
/gnupg-2.0.17.tar.bz2
/gnupg-2.0.17.tar.bz2.sig
/gnupg-2.0.18.tar.bz2
/gnupg-2.0.18.tar.bz2.sig
/gnupg-2.0.19.tar.bz2
/gnupg-2.0.19.tar.bz2.sig
/gnupg-2.0.20.tar.bz2
/gnupg-2.0.20.tar.bz2.sig
/gnupg-2.0.21.tar.bz2
/gnupg-2.0.21.tar.bz2.sig
/gnupg-2.0.22.tar.bz2
/gnupg-2.0.22.tar.bz2.sig
/gnupg-2.0.24.tar.bz2
/gnupg-2.0.24.tar.bz2.sig
/gnupg-2.0.25.tar.bz2
/gnupg-2.0.25.tar.bz2.sig

1
dead.package Normal file
View File

@ -0,0 +1 @@
now included in rhel5

View File

@ -1,78 +0,0 @@
diff -up gnupg-2.0.19/g10/encode.c.fips gnupg-2.0.19/g10/encode.c
--- gnupg-2.0.19/g10/encode.c.fips 2012-03-27 10:00:37.000000000 +0200
+++ gnupg-2.0.19/g10/encode.c 2012-11-22 15:51:23.314371267 +0100
@@ -732,7 +732,7 @@ encrypt_filter( void *opaque, int contro
if( efx->cfx.dek->algo == -1 ) {
/* because 3DES is implicitly in the prefs, this can only
* happen if we do not have any public keys in the list */
- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
}
/* In case 3DES has been selected, print a warning if
diff -up gnupg-2.0.19/g10/gpg.c.fips gnupg-2.0.19/g10/gpg.c
--- gnupg-2.0.19/g10/gpg.c.fips 2012-11-22 15:51:23.308371138 +0100
+++ gnupg-2.0.19/g10/gpg.c 2012-11-22 15:51:23.315371289 +0100
@@ -1973,7 +1973,7 @@ main (int argc, char **argv)
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_count = 0; /* Auto-calibrate when needed. */
- opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+ opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_CAST5;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
diff -up gnupg-2.0.19/g10/mainproc.c.fips gnupg-2.0.19/g10/mainproc.c
--- gnupg-2.0.19/g10/mainproc.c.fips 2012-03-27 10:00:37.000000000 +0200
+++ gnupg-2.0.19/g10/mainproc.c 2012-11-22 16:43:51.876084682 +0100
@@ -685,9 +685,11 @@ proc_plaintext( CTX c, PACKET *pkt )
often. There is no good way to specify what algorithms to
use in that case, so these three are the historical
answer. */
- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
+ if( !gcry_fips_mode_active() )
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
+ if( !gcry_fips_mode_active() )
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
}
if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
/* This is a kludge to work around a bug in pgp2. It does only
@@ -2157,24 +2159,30 @@ proc_tree( CTX c, KBNODE node )
else if( !c->any.data ) {
/* detached signature */
free_md_filter_context( &c->mfx );
- if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
- BUG ();
+ if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) {
+ log_error("Digest algorithm not available probably due to FIPS mode.\n");
+ return;
+ }
if( !opt.pgp2_workarounds )
;
else if( sig->digest_algo == DIGEST_ALGO_MD5
&& is_RSA( sig->pubkey_algo ) ) {
/* enable a workaround for a pgp2 bug */
- if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
- BUG ();
+ if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) {
+ log_error("Digest algorithm not available probably due to FIPS mode.\n");
+ return;
+ }
}
else if( sig->digest_algo == DIGEST_ALGO_SHA1
&& sig->pubkey_algo == PUBKEY_ALGO_DSA
&& sig->sig_class == 0x01 ) {
/* enable the workaround also for pgp5 when the detached
* signature has been created in textmode */
- if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
- BUG ();
+ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) {
+ log_error("Digest algorithm not available.\n");
+ return;
+ }
}
#if 0 /* workaround disabled */
/* Here we have another hack to work around a pgp 2 bug

View File

@ -1,60 +0,0 @@
diff -up gnupg-2.0.20/tools/Makefile.am.insttools gnupg-2.0.20/tools/Makefile.am
--- gnupg-2.0.20/tools/Makefile.am.insttools 2013-05-10 14:55:49.000000000 +0200
+++ gnupg-2.0.20/tools/Makefile.am 2013-05-28 11:30:22.711552140 +0200
@@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde
bin_SCRIPTS = gpgsm-gencert.sh
if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
+bin_SCRIPTS += gpg-zip
+#noinst_SCRIPTS = gpg-zip
endif
if BUILD_SYMCRYPTRUN
@@ -53,7 +53,7 @@ else
endif
-bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar}
+bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} ${gpgtar} gpgsplit
if !HAVE_W32_SYSTEM
bin_PROGRAMS += watchgnupg gpgparsemail
endif
@@ -62,7 +62,7 @@ if !DISABLE_REGEX
libexec_PROGRAMS = gpg-check-pattern
endif
-noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit
+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgkey2ssh
common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
pwquery_libs = ../common/libsimple-pwquery.a
diff -up gnupg-2.0.20/tools/Makefile.in.insttools gnupg-2.0.20/tools/Makefile.in
--- gnupg-2.0.20/tools/Makefile.in.insttools 2013-05-10 15:56:30.000000000 +0200
+++ gnupg-2.0.20/tools/Makefile.in 2013-05-28 11:29:48.556819325 +0200
@@ -107,12 +107,12 @@ DIST_COMMON = $(srcdir)/Makefile.am $(sr
@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
@HAVE_W32_SYSTEM_TRUE@am__append_7 = gpg-connect-agent-w32info.o
bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \
- gpgkey2ssh$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \
- $(am__EXEEXT_3)
+ $(am__EXEEXT_1) $(am__EXEEXT_2) \
+ $(am__EXEEXT_3) gpgsplit$(EXEEXT)
@HAVE_W32_SYSTEM_FALSE@am__append_8 = watchgnupg gpgparsemail
@DISABLE_REGEX_FALSE@libexec_PROGRAMS = gpg-check-pattern$(EXEEXT)
noinst_PROGRAMS = clean-sat$(EXEEXT) mk-tdata$(EXEEXT) \
- make-dns-cert$(EXEEXT) gpgsplit$(EXEEXT)
+ make-dns-cert$(EXEEXT) gpgkey2ssh$(EXEEXT)
subdir = tools
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
@@ -488,7 +488,7 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER
sbin_SCRIPTS = addgnupghome applygnupgdefaults
bin_SCRIPTS = gpgsm-gencert.sh
# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
+@HAVE_USTAR_TRUE@bin_SCRIPTS += gpg-zip
@BUILD_SYMCRYPTRUN_FALSE@symcryptrun =
@BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun
@BUILD_GPGTAR_FALSE@gpgtar =

View File

@ -1,17 +0,0 @@
diff -up gnupg-2.0.20/sm/certlist.c.keyusage gnupg-2.0.20/sm/certlist.c
--- gnupg-2.0.20/sm/certlist.c.keyusage 2013-05-10 14:55:49.000000000 +0200
+++ gnupg-2.0.20/sm/certlist.c 2013-05-15 14:15:57.420276618 +0200
@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode
if (mode == 5)
{
- if (use != ~0
- && (have_ocsp_signing
- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
- |KSBA_KEYUSAGE_CRL_SIGN))))
+ if (have_ocsp_signing
+ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+ |KSBA_KEYUSAGE_CRL_SIGN)))
return 0;
log_info (_("certificate should not have "
"been used for OCSP response signing\n"));

View File

@ -1,33 +0,0 @@
diff -up gnupg-2.0.20/g10/gpg.c.secmem gnupg-2.0.20/g10/gpg.c
--- gnupg-2.0.20/g10/gpg.c.secmem 2013-05-10 14:55:46.000000000 +0200
+++ gnupg-2.0.20/g10/gpg.c 2013-05-15 14:13:50.989541530 +0200
@@ -794,7 +794,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);
@@ -898,7 +898,7 @@ build_list (const char *text, char lette
char *string;
if (maybe_setuid)
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
indent = utf8_charcount (text);
len = 0;
diff -up gnupg-2.0.20/sm/gpgsm.c.secmem gnupg-2.0.20/sm/gpgsm.c
--- gnupg-2.0.20/sm/gpgsm.c.secmem 2013-05-10 14:55:49.000000000 +0200
+++ gnupg-2.0.20/sm/gpgsm.c 2013-05-15 14:11:18.819249598 +0200
@@ -493,7 +493,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);

View File

@ -1,173 +0,0 @@
diff -up gnupg-2.0.25/g10/gpg.c.file-is-digest gnupg-2.0.25/g10/gpg.c
--- gnupg-2.0.25/g10/gpg.c.file-is-digest 2014-08-05 16:46:28.865869320 +0200
+++ gnupg-2.0.25/g10/gpg.c 2014-08-05 16:49:27.520063937 +0200
@@ -345,6 +345,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
+ oFileIsDigest,
oXauthority,
oGroup,
oUnGroup,
@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"),
+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
/* Aliases. I constantly mistype these, and assume other people do
as well. */
@@ -2003,6 +2005,7 @@ main (int argc, char **argv)
set_homedir ( default_homedir () );
opt.passphrase_repeat=1;
opt.emit_version = 1; /* Limit to the major number. */
+ opt.file_is_digest=0;
opt.list_options |= LIST_SHOW_UID_VALIDITY;
opt.verify_options |= LIST_SHOW_UID_VALIDITY;
@@ -2493,6 +2496,7 @@ main (int argc, char **argv)
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceV3Sigs: opt.force_v3_sigs = 1; break;
case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
+ case oFileIsDigest: opt.file_is_digest = 1; break;
case oForceV4Certs: opt.force_v4_certs = 1; break;
case oNoForceV4Certs: opt.force_v4_certs = 0; break;
case oForceMDC: opt.force_mdc = 1; break;
diff -up gnupg-2.0.25/g10/options.h.file-is-digest gnupg-2.0.25/g10/options.h
--- gnupg-2.0.25/g10/options.h.file-is-digest 2014-06-30 17:28:52.000000000 +0200
+++ gnupg-2.0.25/g10/options.h 2014-08-05 16:46:28.869869414 +0200
@@ -198,6 +198,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
+ int file_is_digest;
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
--- gnupg-2.0.25/g10/sign.c.file-is-digest 2014-06-30 17:28:52.000000000 +0200
+++ gnupg-2.0.25/g10/sign.c 2014-08-05 16:46:28.870869438 +0200
@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list
mk_notation_policy_etc (sig, NULL, sk);
}
+ if (!opt.file_is_digest) {
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
+ } else if (sig->version >= 4) {
+ log_bug("file-is-digest doesn't work with v4 sigs\n");
+ }
rc = do_sign( sk, sig, md, hash_for (sk) );
gcry_md_close (md);
@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
+ int sigclass = 0x00;
+ u32 timestamp = 0;
pfx = new_progress_context ();
afx = new_armor_context ();
@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
- log_bug("multiple files can only be detached signed");
+ log_bug("multiple files can only be detached signed\n");
+
+ if (opt.file_is_digest && (multifile || !fname))
+ log_bug("file-is-digest only works with one file\n");
+ if (opt.file_is_digest && !detached)
+ log_bug("file-is-digest can only write detached signatures\n");
+ if (opt.file_is_digest && !opt.def_digest_algo)
+ log_bug("file-is-digest needs --digest-algo\n");
+ if (opt.file_is_digest && opt.textmode)
+ log_bug("file-is-digest doesn't work with --textmode\n");
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta
goto leave;
/* prepare iobufs */
- if( multifile ) /* have list of filenames */
+ if( multifile || opt.file_is_digest) /* have list of filenames */
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta
gcry_md_enable (mfx.md, hash_for(sk));
}
- if( !multifile )
+ if( !multifile && !opt.file_is_digest )
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag && !RFC1991 )
@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta
write_status_begin_signing (mfx.md);
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00;
+
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta
if( opt.verbose )
putc( '\n', stderr );
}
+ else if (opt.file_is_digest) {
+ byte *mdb, ts[5];
+ size_t mdlen;
+ const char *fp;
+ int c, d;
+
+ gcry_md_final(mfx.md);
+ /* this assumes gcry_md_read returns the same buffer */
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
+ if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ d = -1;
+ for (fp = fname ; *fp; ) {
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0) {
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0) {
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ }
+ sigclass = ts[0];
+ if (sigclass != 0x00 && sigclass != 0x01)
+ log_bug("bad cipher class\n");
+ timestamp = buffer_to_u32(ts + 1);
+ }
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,
- opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S');
+ sigclass,
+ timestamp, duration, detached ? 'D':'S');
if( rc )
goto leave;

View File

@ -1,586 +0,0 @@
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.0.25
Release: 2%{?dist}
License: GPLv3+
Group: Applications/System
Source0: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig
# svn export svn://cvs.gnupg.org/gnupg/trunk gnupg2; tar cjf gnupg-<date>svn.tar.bz2 gnupg2
#Source0: gnupg2-20090809svn.tar.bz2
Patch1: gnupg-2.0.20-insttools.patch
Patch3: gnupg-2.0.20-secmem.patch
# non-upstreamable patch adding file-is-digest option needed for Copr
Patch4: gnupg-2.0.25-file-is-digest.patch
Patch5: gnupg-2.0.20-ocsp-keyusage.patch
Patch6: gnupg-2.0.19-fips-algo.patch
URL: http://www.gnupg.org/
#BuildRequires: automake libtool texinfo transfig
BuildRequires: bzip2-devel
BuildRequires: curl-devel
BuildRequires: docbook-utils
BuildRequires: gettext
BuildRequires: libassuan-devel >= 2.0.0
BuildRequires: libgcrypt-devel >= 1.4
BuildRequires: libgpg-error-devel => 1.4
BuildRequires: libksba-devel >= 1.0.2
BuildRequires: openldap-devel
BuildRequires: libusb-devel
BuildRequires: pcsc-lite-libs
BuildRequires: pth-devel
BuildRequires: readline-devel ncurses-devel
BuildRequires: zlib-devel
Requires(post): /sbin/install-info
Requires(postun): /sbin/install-info
Requires: pinentry
%if 0%{?rhel} > 5
# pgp-tools, perl-GnuPG-Interface requires 'gpg' (not sure why) -- Rex
Provides: gpg = %{version}-%{release}
# Obsolete GnuPG-1 package
Provides: gnupg = %{version}-%{release}
Obsoletes: gnupg <= 1.4.10
%endif
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
%package smime
Summary: CMS encryption and signing tool and smart card support for GnuPG
Requires: gnupg2 = %{version}-%{release}
Group: Applications/Internet
%description
GnuPG is GNU's tool for secure communication and data storage. It can
be used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.
%description smime
GnuPG is GNU's tool for secure communication and data storage. This
package adds support for smart cards and S/MIME encryption and signing
to the base GnuPG package
%prep
%setup -q -n gnupg-%{version}
%if 0%{?rhel} > 5
%patch1 -p1 -b .insttools
%endif
%patch3 -p1 -b .secmem
%patch4 -p1 -b .file-is-digest
%patch5 -p1 -b .keyusage
%patch6 -p1 -b .fips
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
# it can use other implementations too (including non-pcsc ones).
%global pcsclib %(basename $(ls -1 %{_libdir}/libpcsclite.so.? 2>/dev/null ) 2>/dev/null )
sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/{scdaemon,pcsc-wrapper}.c
%build
%configure \
--disable-rpath \
--enable-standard-socket
# need scratch gpg database for tests
mkdir -p $HOME/.gnupg
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot} \
INSTALL="install -p" \
docdir=%{_pkgdocdir}
%if ! (0%{?rhel} > 5)
# drop file conflicting with gnupg-1.x
rm -f %{buildroot}%{_mandir}/man1/gpg-zip.1*
%endif
%find_lang %{name}
# gpgconf.conf
mkdir -p %{buildroot}%{_sysconfdir}/gnupg
touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf
# more docs
install -m644 -p AUTHORS ChangeLog NEWS THANKS TODO \
%{buildroot}%{_pkgdocdir}
%if 0%{?rhel} > 5
# compat symlinks
ln -sf gpg2 %{buildroot}%{_bindir}/gpg
ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
%endif
# info dir
rm -f %{buildroot}%{_infodir}/dir
%check
# need scratch gpg database for tests
mkdir -p $HOME/.gnupg
# some gpg2 tests (still) FAIL on non i386 platforms
make -k check
%post
/sbin/install-info %{_infodir}/gnupg.info %{_infodir}/dir ||:
%preun
if [ $1 -eq 0 ]; then
/sbin/install-info --delete %{_infodir}/gnupg.info %{_infodir}/dir ||:
fi
%files -f %{name}.lang
%defattr(-,root,root,-)
%{!?_licensedir:%global license %%doc}
%license COPYING
#doc AUTHORS ChangeLog NEWS README THANKS TODO
%{_pkgdocdir}
%dir %{_sysconfdir}/gnupg
%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
## docs say to install suid root, but fedora/rh security folk say not to
#attr(4755,root,root) %{_bindir}/gpg2
%{_bindir}/gpg2
%{_bindir}/gpgv2
%{_bindir}/gpg-connect-agent
%{_bindir}/gpg-agent
%{_bindir}/gpgconf
%{_bindir}/gpgparsemail
%if 0%{?rhel} > 5
%{_bindir}/gpg
%{_bindir}/gpgv
%{_bindir}/gpgsplit
%{_bindir}/gpg-zip
%else
%{_bindir}/gpgkey2ssh
%endif
%{_bindir}/watchgnupg
%{_sbindir}/*
%{_datadir}/gnupg/
%{_libexecdir}/*
%{_infodir}/*.info*
%{_mandir}/man?/*
%exclude %{_datadir}/gnupg/com-certs.pem
%exclude %{_mandir}/man?/gpgsm*
%exclude %{_mandir}/man?/scdaemon*
%exclude %{_libexecdir}/scdaemon
%files smime
%defattr(-,root,root,-)
%{_bindir}/gpgsm*
%{_bindir}/kbxutil
%{_libexecdir}/scdaemon
%{_mandir}/man?/gpgsm*
%{_mandir}/man?/scdaemon*
%{_datadir}/gnupg/com-certs.pem
%changelog
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Aug 5 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.25-1
- new upstream release fixing a minor regression introduced by the previous one
- add --file-is-digest option needed for copr
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 2.0.24-2
- fix license handling
* Wed Jun 25 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.24-1
- new upstream release fixing CVE-2014-4617
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.22-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 7 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-3
- do not dump core if hash algorithm not available in the FIPS mode
* Tue Mar 4 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-2
- rebuilt against new libgcrypt
* Tue Oct 8 2013 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-1
- new upstream release fixing CVE-2013-4402
* Fri Aug 23 2013 Tomáš Mráz <tmraz@redhat.com> - 2.0.21-1
- new upstream release
* Wed Aug 7 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.20-3
- adjust to the unversioned docdir change (#993785)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed May 15 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.20-1
- new upstream release
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jan 2 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.19-7
- fix CVE-2012-6085 - skip invalid key packets (#891142)
* Thu Nov 22 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-6
- use AES as default crypto algorithm in FIPS mode (#879047)
* Fri Nov 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 2.0.19-5
- rebuild for <f18 (#877106)
* Fri Jul 27 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-4
- fix negated condition (#843842)
* Thu Jul 26 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-3
- add compat symlinks and provides if built on RHEL
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Apr 24 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-1
- new upstream release
- set environment in protect-tool (#548528)
- do not reject OCSP signing certs without keyUsage (#720174)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.18-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Oct 12 2011 Rex Dieter <rdieter@fedoraproject.org> 2.0.18-2
- build with --enable-standard-socket
* Wed Aug 17 2011 Tomas Mraz <tmraz@redhat.com> - 2.0.18-1
- new upstream release (#728481)
* Mon Jul 25 2011 Tomas Mraz <tmraz@redhat.com> - 2.0.17-2
- fix a bug that shows up with the new libgcrypt release (#725369)
* Thu Jan 20 2011 Tomas Mraz <tmraz@redhat.com> - 2.0.17-1
- new upstream release (#669611)
* Tue Aug 17 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.16-3
- drop the provides/obsoletes for gnupg
- drop the man page file conflicting with gnupg-1.x
* Fri Aug 13 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.16-2
- drop the compat symlinks as gnupg-1.x is revived
* Tue Jul 27 2010 Rex Dieter <rdieter@fedoraproject.org> - 2.0.16-1
- gnupg-2.0.16
* Fri Jul 23 2010 Rex Dieter <rdieter@fedoraproject.org> - 2.0.14-4
- gpgsm realloc patch (#617706)
* Fri Jun 18 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-3
- initialize small amount of secmem for list of algorithms in help (#598847)
(necessary in the FIPS mode of libgcrypt)
* Tue Feb 9 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-2
- disable selinux support - it is too rudimentary and restrictive (#562982)
* Mon Jan 11 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-1
- new upstream version
- fix a few tests so they do not need to execute gpg-agent
* Tue Dec 8 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 2.0.13-4
- Explicitly BR libassuan-static in accordance with the Packaging
Guidelines (libassuan-devel is still static-only).
* Fri Oct 23 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.13-3
- drop s390 specific ifnarchs as all the previously missing dependencies
are now there
- split out gpgsm into a smime subpackage to reduce main package dependencies
* Wed Oct 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.13-2
- provide/obsolete gnupg-1 and add compat symlinks to be able to drop
gnupg-1
* Fri Sep 04 2009 Rex Dieter <rdieter@fedoraproject.org> - 2.0.13-1
- gnupg-2.0.13
- Unable to use gpg-agent + input methods (#228953)
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Jun 17 2009 Rex Dieter <rdieter@fedoraproject.org> - 2.0.12-1
- gnupg-2.0.12
* Wed Mar 04 2009 Rex Dieter <rdieter@fedoraproject.org> - 2.0.11-1
- gnupg-2.0.11
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sat Jan 31 2009 Karsten Hopp <karsten@redhat.com> 2.0.10-1
- don't require pcsc-lite-libs and libusb on mainframe where
we don't have those packages as there's no hardware for that
* Tue Jan 13 2009 Rex Dieter <rdieter@fedoraproject.org> 2.0.10-1
- gnupg-2.0.10
* Mon Aug 04 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.9-3
- workaround rpm quirks
* Sat May 24 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.9-2
- Patch from upstream to fix curl 7.18.1+ and gcc4.3+ compile error
* Mon May 19 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.9-1.1
- minor release bump for sparc rebuild
* Wed Mar 26 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.9-1
- gnupg2-2.0.9
- drop Provides: openpgp
- versioned Provides: gpg
- own %%_sysconfdir/gnupg
* Fri Feb 08 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.8-3
- respin (gcc43)
* Wed Jan 23 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.8-2
- avoid kde-filesystem dep (#427316)
* Thu Dec 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.8-1
- gnupg2-2.0.8
* Mon Dec 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.8-0.1.rc1
- gnupg2-2.0.8rc1
* Tue Dec 04 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-5
- respin for openldap
* Mon Nov 12 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-4
- Requires: kde-filesystem (#377841)
* Wed Oct 03 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-3
- %%build: (re)add mkdir -p $HOME/.gnupg
* Wed Oct 03 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-2
- Requires: dirmngr (#312831)
* Mon Sep 10 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-1
- gnupg-2.0.7
* Fri Aug 24 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.6-2
- respin (libassuan)
* Thu Aug 16 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.6-1
- gnupg-2.0.6
- License: GPLv3+
* Thu Aug 02 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.5-4
- License: GPLv3
* Mon Jul 16 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.5-3
- 2.0.5 too many open files fix
* Fri Jul 06 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.5-2
- gnupg-2.0.5
- gpg-agent not restarted after kde session crash/killed (#196327)
- BR: libassuan-devel > 1.0.2, libksba-devel > 1.0.2
* Fri May 18 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.4-1
- gnupg-2.0.4
* Thu Mar 08 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.3-1
- gnupg-2.0.3
* Fri Feb 02 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.2-1
- gnupg-2.0.2
* Wed Dec 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-2
- CVE-2006-6235 (#219934)
* Wed Nov 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-1
- gnupg-2.0.1
- CVE-2006-6169 (#217950)
* Sat Nov 25 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-0.3.rc1
- gnupg-2.0.1rc1
* Thu Nov 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.0-4
- update %%description
- drop dearmor patch
* Mon Nov 13 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.0-3
- BR: libassuan-static >= 1.0.0
* Mon Nov 13 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.0-2
- gnupg-2.0.0
* Fri Nov 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.95-3
- upstream 64bit patch
* Mon Nov 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.95-2
- fix (more) file conflicts with gnupg
* Mon Nov 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.95-1
- 1.9.95
* Wed Oct 25 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.94-1
- 1.9.94
* Wed Oct 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.93-1
- 1.9.93
* Wed Oct 11 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.92-2
- fix file conflicts with gnupg
* Wed Oct 11 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.92-1
- 1.9.92
* Tue Oct 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.91-4
- make check ||: (apparently checks return err even on success?)
* Tue Oct 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.91-3
- --enable-selinux-support
- x86_64: --disable-optimization (to avoid gpg2 segfaults), for now
* Thu Oct 05 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.91-1
- 1.9.91
* Wed Oct 04 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-8
- respin
* Tue Sep 26 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.90-1
- 1.9.90 (doesn't build, not released)
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.23-1
- 1.9.23 (doesn't build, not released)
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-7
- gpg-agent-startup.sh: fix case where valid .gpg-agent-info exists
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-6
- fix "syntax error in gpg-agent-startup.sh" (#206887)
* Thu Sep 07 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-3
- fc6 respin (for libksba-1.0)
* Tue Aug 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-2
- fc6 respin
* Fri Jul 28 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-1
- 1.9.22
* Thu Jun 22 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.21-3
- fix "gpg-agent not restarted after kde session crash/killed (#196327)
* Thu Jun 22 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.21-2
- 1.9.21
- omit gpg2 binary to address CVS-2006-3082 (#196190)
* Mon Mar 6 2006 Ville Skyttä <ville.skytta at iki.fi>> 1.9.20-3
- Don't hardcode pcsc-lite lib name (#184123)
* Thu Feb 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.20-2
- fc4+: use /etc/kde/(env|shutdown) for scripts (#175744)
* Fri Feb 10 2006 Rex Dieter <rexdieter[AT]users.sf.net>
- fc5: gcc/glibc respin
* Tue Dec 20 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.20-1
- 1.9.20
* Thu Dec 01 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-8
- include gpg-agent-(startup|shutdown) scripts (#136533)
- BR: libksba-devel >= 1.9.12
- %%check: be permissive about failures (for now)
* Wed Nov 30 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-3
- BR: libksba-devel >= 1.9.13
* Tue Oct 11 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-2
- back to BR: libksba-devel = 1.9.11
* Tue Oct 11 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-1
- 1.9.19
* Fri Aug 26 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-9
- configure: NEED_KSBA_VERSION=0.9.12 -> 0.9.11
* Fri Aug 26 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-7
- re-enable 'make check', rebuild against (older) libksba-0.9.11
* Tue Aug 9 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-6
- don't 'make check' by default (regular builds pass, but FC4/5+plague fails)
* Mon Aug 8 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-5
- 1.9.18
- drop pth patch (--enable-gpg build fixed)
- update description (from README)
* Fri Jul 1 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.9.17-1
- 1.9.17, signal info patch applied upstream (#162264).
- Patch to fix lvalue build error with gcc4 (upstream #485).
- Patch scdaemon and pcsc-wrapper to load the versioned (non-devel)
pcsc-lite lib by default.
* Fri May 13 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.9.16-3
- Include upstream's patch for signal.c.
* Tue May 10 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.9.16-1
- Merge changes from Rex's 1.9.16-1 (Thu Apr 21):
- opensc support unconditional
- remove hard-coded .gz from %%post/%%postun
- add %%check section
- add pth patch
- Put back patch modified from 1.9.15-4 to make tests verbose
and change signal.c to describe received signals better.
* Sun May 8 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- Drop patch0 again.
* Sun May 8 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.9.15-4
- Add patch0 temporarily to get some output from failing test.
* Sat May 7 2005 David Woodhouse <dwmw2@infradead.org> 1.9.15-3
- Rebuild.
* Thu Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt
* Tue Feb 1 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:1.9.15-1
- Make install-info in scriptlets less noisy.
* Tue Jan 18 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.15-0.fdr.1
- 1.9.15
* Fri Jan 07 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.14-0.fdr.2
- note patch/hack to build against older ( <1.0) libgpg-error-devel
* Thu Jan 06 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.14-0.fdr.1
- 1.9.14
- enable opensc support
- BR: libassuan-devel >= 0.6.9
* Thu Oct 21 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.4
- remove suid.
* Thu Oct 21 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.3
- remove Provides: newpg
* Wed Oct 20 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.2
- Requires: pinentry
- gpg2 suid
- update description
* Tue Oct 19 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.1
- first try
- leave out opensc support (for now), enable --with-opensc

View File

@ -1,2 +0,0 @@
048d8de797125f1d8e6cf3bdff9e2d12 gnupg-2.0.25.tar.bz2
d474ba42cba833734c6196b7e6f5d853 gnupg-2.0.25.tar.bz2.sig