diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 5fd63dc..0000000 --- a/.gitignore +++ /dev/null @@ -1,18 +0,0 @@ -gnupg-2.0.16.tar.bz2 -gnupg-2.0.16.tar.bz2.sig -/gnupg-2.0.17.tar.bz2 -/gnupg-2.0.17.tar.bz2.sig -/gnupg-2.0.18.tar.bz2 -/gnupg-2.0.18.tar.bz2.sig -/gnupg-2.0.19.tar.bz2 -/gnupg-2.0.19.tar.bz2.sig -/gnupg-2.0.20.tar.bz2 -/gnupg-2.0.20.tar.bz2.sig -/gnupg-2.0.21.tar.bz2 -/gnupg-2.0.21.tar.bz2.sig -/gnupg-2.0.22.tar.bz2 -/gnupg-2.0.22.tar.bz2.sig -/gnupg-2.0.24.tar.bz2 -/gnupg-2.0.24.tar.bz2.sig -/gnupg-2.0.25.tar.bz2 -/gnupg-2.0.25.tar.bz2.sig diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..95c5e17 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +now included in rhel5 diff --git a/gnupg-2.0.19-fips-algo.patch b/gnupg-2.0.19-fips-algo.patch deleted file mode 100644 index f7b4ae9..0000000 --- a/gnupg-2.0.19-fips-algo.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff -up gnupg-2.0.19/g10/encode.c.fips gnupg-2.0.19/g10/encode.c ---- gnupg-2.0.19/g10/encode.c.fips 2012-03-27 10:00:37.000000000 +0200 -+++ gnupg-2.0.19/g10/encode.c 2012-11-22 15:51:23.314371267 +0100 -@@ -732,7 +732,7 @@ encrypt_filter( void *opaque, int contro - if( efx->cfx.dek->algo == -1 ) { - /* because 3DES is implicitly in the prefs, this can only - * happen if we do not have any public keys in the list */ -- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; -+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO; - } - - /* In case 3DES has been selected, print a warning if -diff -up gnupg-2.0.19/g10/gpg.c.fips gnupg-2.0.19/g10/gpg.c ---- gnupg-2.0.19/g10/gpg.c.fips 2012-11-22 15:51:23.308371138 +0100 -+++ gnupg-2.0.19/g10/gpg.c 2012-11-22 15:51:23.315371289 +0100 -@@ -1973,7 +1973,7 @@ main (int argc, char **argv) - opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ - opt.s2k_mode = 3; /* iterated+salted */ - opt.s2k_count = 0; /* Auto-calibrate when needed. */ -- opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; -+ opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_CAST5; - opt.completes_needed = 1; - opt.marginals_needed = 3; - opt.max_cert_depth = 5; -diff -up gnupg-2.0.19/g10/mainproc.c.fips gnupg-2.0.19/g10/mainproc.c ---- gnupg-2.0.19/g10/mainproc.c.fips 2012-03-27 10:00:37.000000000 +0200 -+++ gnupg-2.0.19/g10/mainproc.c 2012-11-22 16:43:51.876084682 +0100 -@@ -685,9 +685,11 @@ proc_plaintext( CTX c, PACKET *pkt ) - often. There is no good way to specify what algorithms to - use in that case, so these three are the historical - answer. */ -- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); -+ if( !gcry_fips_mode_active() ) -+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); -- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); -+ if( !gcry_fips_mode_active() ) -+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); - } - if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) { - /* This is a kludge to work around a bug in pgp2. It does only -@@ -2157,24 +2159,30 @@ proc_tree( CTX c, KBNODE node ) - else if( !c->any.data ) { - /* detached signature */ - free_md_filter_context( &c->mfx ); -- if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) -- BUG (); -+ if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) { -+ log_error("Digest algorithm not available probably due to FIPS mode.\n"); -+ return; -+ } - - if( !opt.pgp2_workarounds ) - ; - else if( sig->digest_algo == DIGEST_ALGO_MD5 - && is_RSA( sig->pubkey_algo ) ) { - /* enable a workaround for a pgp2 bug */ -- if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) -- BUG (); -+ if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) { -+ log_error("Digest algorithm not available probably due to FIPS mode.\n"); -+ return; -+ } - } - else if( sig->digest_algo == DIGEST_ALGO_SHA1 - && sig->pubkey_algo == PUBKEY_ALGO_DSA - && sig->sig_class == 0x01 ) { - /* enable the workaround also for pgp5 when the detached - * signature has been created in textmode */ -- if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) -- BUG (); -+ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) { -+ log_error("Digest algorithm not available.\n"); -+ return; -+ } - } - #if 0 /* workaround disabled */ - /* Here we have another hack to work around a pgp 2 bug diff --git a/gnupg-2.0.20-insttools.patch b/gnupg-2.0.20-insttools.patch deleted file mode 100644 index 80b796d..0000000 --- a/gnupg-2.0.20-insttools.patch +++ /dev/null @@ -1,60 +0,0 @@ -diff -up gnupg-2.0.20/tools/Makefile.am.insttools gnupg-2.0.20/tools/Makefile.am ---- gnupg-2.0.20/tools/Makefile.am.insttools 2013-05-10 14:55:49.000000000 +0200 -+++ gnupg-2.0.20/tools/Makefile.am 2013-05-28 11:30:22.711552140 +0200 -@@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde - - bin_SCRIPTS = gpgsm-gencert.sh - if HAVE_USTAR --# bin_SCRIPTS += gpg-zip --noinst_SCRIPTS = gpg-zip -+bin_SCRIPTS += gpg-zip -+#noinst_SCRIPTS = gpg-zip - endif - - if BUILD_SYMCRYPTRUN -@@ -53,7 +53,7 @@ else - endif - - --bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar} -+bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} ${gpgtar} gpgsplit - if !HAVE_W32_SYSTEM - bin_PROGRAMS += watchgnupg gpgparsemail - endif -@@ -62,7 +62,7 @@ if !DISABLE_REGEX - libexec_PROGRAMS = gpg-check-pattern - endif - --noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit -+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgkey2ssh - - common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a - pwquery_libs = ../common/libsimple-pwquery.a -diff -up gnupg-2.0.20/tools/Makefile.in.insttools gnupg-2.0.20/tools/Makefile.in ---- gnupg-2.0.20/tools/Makefile.in.insttools 2013-05-10 15:56:30.000000000 +0200 -+++ gnupg-2.0.20/tools/Makefile.in 2013-05-28 11:29:48.556819325 +0200 -@@ -107,12 +107,12 @@ DIST_COMMON = $(srcdir)/Makefile.am $(sr - @GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\"" - @HAVE_W32_SYSTEM_TRUE@am__append_7 = gpg-connect-agent-w32info.o - bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \ -- gpgkey2ssh$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \ -- $(am__EXEEXT_3) -+ $(am__EXEEXT_1) $(am__EXEEXT_2) \ -+ $(am__EXEEXT_3) gpgsplit$(EXEEXT) - @HAVE_W32_SYSTEM_FALSE@am__append_8 = watchgnupg gpgparsemail - @DISABLE_REGEX_FALSE@libexec_PROGRAMS = gpg-check-pattern$(EXEEXT) - noinst_PROGRAMS = clean-sat$(EXEEXT) mk-tdata$(EXEEXT) \ -- make-dns-cert$(EXEEXT) gpgsplit$(EXEEXT) -+ make-dns-cert$(EXEEXT) gpgkey2ssh$(EXEEXT) - subdir = tools - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \ -@@ -488,7 +488,7 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER - sbin_SCRIPTS = addgnupghome applygnupgdefaults - bin_SCRIPTS = gpgsm-gencert.sh - # bin_SCRIPTS += gpg-zip --@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip -+@HAVE_USTAR_TRUE@bin_SCRIPTS += gpg-zip - @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = - @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun - @BUILD_GPGTAR_FALSE@gpgtar = diff --git a/gnupg-2.0.20-ocsp-keyusage.patch b/gnupg-2.0.20-ocsp-keyusage.patch deleted file mode 100644 index ad80887..0000000 --- a/gnupg-2.0.20-ocsp-keyusage.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up gnupg-2.0.20/sm/certlist.c.keyusage gnupg-2.0.20/sm/certlist.c ---- gnupg-2.0.20/sm/certlist.c.keyusage 2013-05-10 14:55:49.000000000 +0200 -+++ gnupg-2.0.20/sm/certlist.c 2013-05-15 14:15:57.420276618 +0200 -@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode - - if (mode == 5) - { -- if (use != ~0 -- && (have_ocsp_signing -- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN -- |KSBA_KEYUSAGE_CRL_SIGN)))) -+ if (have_ocsp_signing -+ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN -+ |KSBA_KEYUSAGE_CRL_SIGN))) - return 0; - log_info (_("certificate should not have " - "been used for OCSP response signing\n")); diff --git a/gnupg-2.0.20-secmem.patch b/gnupg-2.0.20-secmem.patch deleted file mode 100644 index 9b115d6..0000000 --- a/gnupg-2.0.20-secmem.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -up gnupg-2.0.20/g10/gpg.c.secmem gnupg-2.0.20/g10/gpg.c ---- gnupg-2.0.20/g10/gpg.c.secmem 2013-05-10 14:55:46.000000000 +0200 -+++ gnupg-2.0.20/g10/gpg.c 2013-05-15 14:13:50.989541530 +0200 -@@ -794,7 +794,7 @@ make_libversion (const char *libname, co - - if (maybe_setuid) - { -- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ -+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ - maybe_setuid = 0; - } - s = getfnc (NULL); -@@ -898,7 +898,7 @@ build_list (const char *text, char lette - char *string; - - if (maybe_setuid) -- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ -+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ - - indent = utf8_charcount (text); - len = 0; -diff -up gnupg-2.0.20/sm/gpgsm.c.secmem gnupg-2.0.20/sm/gpgsm.c ---- gnupg-2.0.20/sm/gpgsm.c.secmem 2013-05-10 14:55:49.000000000 +0200 -+++ gnupg-2.0.20/sm/gpgsm.c 2013-05-15 14:11:18.819249598 +0200 -@@ -493,7 +493,7 @@ make_libversion (const char *libname, co - - if (maybe_setuid) - { -- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ -+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ - maybe_setuid = 0; - } - s = getfnc (NULL); diff --git a/gnupg-2.0.25-file-is-digest.patch b/gnupg-2.0.25-file-is-digest.patch deleted file mode 100644 index dda2635..0000000 --- a/gnupg-2.0.25-file-is-digest.patch +++ /dev/null @@ -1,173 +0,0 @@ -diff -up gnupg-2.0.25/g10/gpg.c.file-is-digest gnupg-2.0.25/g10/gpg.c ---- gnupg-2.0.25/g10/gpg.c.file-is-digest 2014-08-05 16:46:28.865869320 +0200 -+++ gnupg-2.0.25/g10/gpg.c 2014-08-05 16:49:27.520063937 +0200 -@@ -345,6 +345,7 @@ enum cmd_and_opt_values - oTTYtype, - oLCctype, - oLCmessages, -+ oFileIsDigest, - oXauthority, - oGroup, - oUnGroup, -@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), - ARGPARSE_s_s (oPersonalCompressPreferences, - "personal-compress-preferences", "@"), -+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), - - /* Aliases. I constantly mistype these, and assume other people do - as well. */ -@@ -2003,6 +2005,7 @@ main (int argc, char **argv) - set_homedir ( default_homedir () ); - opt.passphrase_repeat=1; - opt.emit_version = 1; /* Limit to the major number. */ -+ opt.file_is_digest=0; - - opt.list_options |= LIST_SHOW_UID_VALIDITY; - opt.verify_options |= LIST_SHOW_UID_VALIDITY; -@@ -2493,6 +2496,7 @@ main (int argc, char **argv) - case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; - case oForceV3Sigs: opt.force_v3_sigs = 1; break; - case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; -+ case oFileIsDigest: opt.file_is_digest = 1; break; - case oForceV4Certs: opt.force_v4_certs = 1; break; - case oNoForceV4Certs: opt.force_v4_certs = 0; break; - case oForceMDC: opt.force_mdc = 1; break; -diff -up gnupg-2.0.25/g10/options.h.file-is-digest gnupg-2.0.25/g10/options.h ---- gnupg-2.0.25/g10/options.h.file-is-digest 2014-06-30 17:28:52.000000000 +0200 -+++ gnupg-2.0.25/g10/options.h 2014-08-05 16:46:28.869869414 +0200 -@@ -198,6 +198,7 @@ struct - int no_auto_check_trustdb; - int preserve_permissions; - int no_homedir_creation; -+ int file_is_digest; - struct groupitem *grouplist; - int mangle_dos_filenames; - int enable_progress_filter; -diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c ---- gnupg-2.0.25/g10/sign.c.file-is-digest 2014-06-30 17:28:52.000000000 +0200 -+++ gnupg-2.0.25/g10/sign.c 2014-08-05 16:46:28.870869438 +0200 -@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list - mk_notation_policy_etc (sig, NULL, sk); - } - -+ if (!opt.file_is_digest) { - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); -+ } else if (sig->version >= 4) { -+ log_bug("file-is-digest doesn't work with v4 sigs\n"); -+ } - - rc = do_sign( sk, sig, md, hash_for (sk) ); - gcry_md_close (md); -@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta - SK_LIST sk_rover = NULL; - int multifile = 0; - u32 duration=0; -+ int sigclass = 0x00; -+ u32 timestamp = 0; - - pfx = new_progress_context (); - afx = new_armor_context (); -@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta - fname = NULL; - - if( fname && filenames->next && (!detached || encryptflag) ) -- log_bug("multiple files can only be detached signed"); -+ log_bug("multiple files can only be detached signed\n"); -+ -+ if (opt.file_is_digest && (multifile || !fname)) -+ log_bug("file-is-digest only works with one file\n"); -+ if (opt.file_is_digest && !detached) -+ log_bug("file-is-digest can only write detached signatures\n"); -+ if (opt.file_is_digest && !opt.def_digest_algo) -+ log_bug("file-is-digest needs --digest-algo\n"); -+ if (opt.file_is_digest && opt.textmode) -+ log_bug("file-is-digest doesn't work with --textmode\n"); - - if(encryptflag==2 - && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta - goto leave; - - /* prepare iobufs */ -- if( multifile ) /* have list of filenames */ -+ if( multifile || opt.file_is_digest) /* have list of filenames */ - inp = NULL; /* we do it later */ - else { - inp = iobuf_open(fname); -@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta - gcry_md_enable (mfx.md, hash_for(sk)); - } - -- if( !multifile ) -+ if( !multifile && !opt.file_is_digest ) - iobuf_push_filter( inp, md_filter, &mfx ); - - if( detached && !encryptflag && !RFC1991 ) -@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta - - write_status_begin_signing (mfx.md); - -+ sigclass = opt.textmode && !outfile? 0x01 : 0x00; -+ - /* Setup the inner packet. */ - if( detached ) { - if( multifile ) { -@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta - if( opt.verbose ) - putc( '\n', stderr ); - } -+ else if (opt.file_is_digest) { -+ byte *mdb, ts[5]; -+ size_t mdlen; -+ const char *fp; -+ int c, d; -+ -+ gcry_md_final(mfx.md); -+ /* this assumes gcry_md_read returns the same buffer */ -+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); -+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); -+ if (strlen(fname) != mdlen * 2 + 11) -+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); -+ d = -1; -+ for (fp = fname ; *fp; ) { -+ c = *fp++; -+ if (c >= '0' && c <= '9') -+ c -= '0'; -+ else if (c >= 'a' && c <= 'f') -+ c -= 'a' - 10; -+ else if (c >= 'A' && c <= 'F') -+ c -= 'A' - 10; -+ else -+ log_bug("filename is not hex\n"); -+ if (d >= 0) { -+ *mdb++ = d << 4 | c; -+ c = -1; -+ if (--mdlen == 0) { -+ mdb = ts; -+ if (*fp++ != '@') -+ log_bug("missing time separator\n"); -+ } -+ } -+ d = c; -+ } -+ sigclass = ts[0]; -+ if (sigclass != 0x00 && sigclass != 0x01) -+ log_bug("bad cipher class\n"); -+ timestamp = buffer_to_u32(ts + 1); -+ } - else { - /* read, so that the filter can calculate the digest */ - while( iobuf_get(inp) != -1 ) -@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta - - /* write the signatures */ - rc = write_signature_packets (sk_list, out, mfx.md, -- opt.textmode && !outfile? 0x01 : 0x00, -- 0, duration, detached ? 'D':'S'); -+ sigclass, -+ timestamp, duration, detached ? 'D':'S'); - if( rc ) - goto leave; - diff --git a/gnupg2.spec b/gnupg2.spec deleted file mode 100644 index dea6126..0000000 --- a/gnupg2.spec +++ /dev/null @@ -1,586 +0,0 @@ -Summary: Utility for secure communication and data storage -Name: gnupg2 -Version: 2.0.25 -Release: 2%{?dist} - -License: GPLv3+ -Group: Applications/System -Source0: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2 -Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig -# svn export svn://cvs.gnupg.org/gnupg/trunk gnupg2; tar cjf gnupg-svn.tar.bz2 gnupg2 -#Source0: gnupg2-20090809svn.tar.bz2 -Patch1: gnupg-2.0.20-insttools.patch -Patch3: gnupg-2.0.20-secmem.patch -# non-upstreamable patch adding file-is-digest option needed for Copr -Patch4: gnupg-2.0.25-file-is-digest.patch -Patch5: gnupg-2.0.20-ocsp-keyusage.patch -Patch6: gnupg-2.0.19-fips-algo.patch - -URL: http://www.gnupg.org/ - -#BuildRequires: automake libtool texinfo transfig -BuildRequires: bzip2-devel -BuildRequires: curl-devel -BuildRequires: docbook-utils -BuildRequires: gettext -BuildRequires: libassuan-devel >= 2.0.0 -BuildRequires: libgcrypt-devel >= 1.4 -BuildRequires: libgpg-error-devel => 1.4 -BuildRequires: libksba-devel >= 1.0.2 -BuildRequires: openldap-devel -BuildRequires: libusb-devel -BuildRequires: pcsc-lite-libs -BuildRequires: pth-devel -BuildRequires: readline-devel ncurses-devel -BuildRequires: zlib-devel - -Requires(post): /sbin/install-info -Requires(postun): /sbin/install-info -Requires: pinentry - -%if 0%{?rhel} > 5 -# pgp-tools, perl-GnuPG-Interface requires 'gpg' (not sure why) -- Rex -Provides: gpg = %{version}-%{release} -# Obsolete GnuPG-1 package -Provides: gnupg = %{version}-%{release} -Obsoletes: gnupg <= 1.4.10 -%endif - -%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} - -%package smime -Summary: CMS encryption and signing tool and smart card support for GnuPG -Requires: gnupg2 = %{version}-%{release} -Group: Applications/Internet - - -%description -GnuPG is GNU's tool for secure communication and data storage. It can -be used to encrypt data and to create digital signatures. It includes -an advanced key management facility and is compliant with the proposed -OpenPGP Internet standard as described in RFC2440 and the S/MIME -standard as described by several RFCs. - -GnuPG 2.0 is a newer version of GnuPG with additional support for -S/MIME. It has a different design philosophy that splits -functionality up into several modules. The S/MIME and smartcard functionality -is provided by the gnupg2-smime package. - -%description smime -GnuPG is GNU's tool for secure communication and data storage. This -package adds support for smart cards and S/MIME encryption and signing -to the base GnuPG package - -%prep -%setup -q -n gnupg-%{version} - -%if 0%{?rhel} > 5 -%patch1 -p1 -b .insttools -%endif -%patch3 -p1 -b .secmem -%patch4 -p1 -b .file-is-digest -%patch5 -p1 -b .keyusage -%patch6 -p1 -b .fips - -# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) -# Note: this is just the name of the default shared lib to load in scdaemon, -# it can use other implementations too (including non-pcsc ones). -%global pcsclib %(basename $(ls -1 %{_libdir}/libpcsclite.so.? 2>/dev/null ) 2>/dev/null ) - -sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/{scdaemon,pcsc-wrapper}.c - - -%build - -%configure \ - --disable-rpath \ - --enable-standard-socket - -# need scratch gpg database for tests -mkdir -p $HOME/.gnupg - -make %{?_smp_mflags} - - -%install -make install DESTDIR=%{buildroot} \ - INSTALL="install -p" \ - docdir=%{_pkgdocdir} - -%if ! (0%{?rhel} > 5) -# drop file conflicting with gnupg-1.x -rm -f %{buildroot}%{_mandir}/man1/gpg-zip.1* -%endif - -%find_lang %{name} - -# gpgconf.conf -mkdir -p %{buildroot}%{_sysconfdir}/gnupg -touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf - -# more docs -install -m644 -p AUTHORS ChangeLog NEWS THANKS TODO \ - %{buildroot}%{_pkgdocdir} - -%if 0%{?rhel} > 5 -# compat symlinks -ln -sf gpg2 %{buildroot}%{_bindir}/gpg -ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv -ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 -ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 -%endif - -# info dir -rm -f %{buildroot}%{_infodir}/dir - - -%check -# need scratch gpg database for tests -mkdir -p $HOME/.gnupg -# some gpg2 tests (still) FAIL on non i386 platforms -make -k check - - -%post -/sbin/install-info %{_infodir}/gnupg.info %{_infodir}/dir ||: - -%preun -if [ $1 -eq 0 ]; then - /sbin/install-info --delete %{_infodir}/gnupg.info %{_infodir}/dir ||: -fi - - -%files -f %{name}.lang -%defattr(-,root,root,-) -%{!?_licensedir:%global license %%doc} -%license COPYING -#doc AUTHORS ChangeLog NEWS README THANKS TODO -%{_pkgdocdir} -%dir %{_sysconfdir}/gnupg -%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf -## docs say to install suid root, but fedora/rh security folk say not to -#attr(4755,root,root) %{_bindir}/gpg2 -%{_bindir}/gpg2 -%{_bindir}/gpgv2 -%{_bindir}/gpg-connect-agent -%{_bindir}/gpg-agent -%{_bindir}/gpgconf -%{_bindir}/gpgparsemail -%if 0%{?rhel} > 5 -%{_bindir}/gpg -%{_bindir}/gpgv -%{_bindir}/gpgsplit -%{_bindir}/gpg-zip -%else -%{_bindir}/gpgkey2ssh -%endif -%{_bindir}/watchgnupg -%{_sbindir}/* -%{_datadir}/gnupg/ -%{_libexecdir}/* -%{_infodir}/*.info* -%{_mandir}/man?/* -%exclude %{_datadir}/gnupg/com-certs.pem -%exclude %{_mandir}/man?/gpgsm* -%exclude %{_mandir}/man?/scdaemon* -%exclude %{_libexecdir}/scdaemon - -%files smime -%defattr(-,root,root,-) -%{_bindir}/gpgsm* -%{_bindir}/kbxutil -%{_libexecdir}/scdaemon -%{_mandir}/man?/gpgsm* -%{_mandir}/man?/scdaemon* -%{_datadir}/gnupg/com-certs.pem - - -%changelog -* Sat Aug 16 2014 Fedora Release Engineering - 2.0.25-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Tue Aug 5 2014 Tomáš Mráz - 2.0.25-1 -- new upstream release fixing a minor regression introduced by the previous one -- add --file-is-digest option needed for copr - -* Sat Jul 12 2014 Tom Callaway - 2.0.24-2 -- fix license handling - -* Wed Jun 25 2014 Tomáš Mráz - 2.0.24-1 -- new upstream release fixing CVE-2014-4617 - -* Sat Jun 07 2014 Fedora Release Engineering - 2.0.22-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Wed May 7 2014 Tomáš Mráz - 2.0.22-3 -- do not dump core if hash algorithm not available in the FIPS mode - -* Tue Mar 4 2014 Tomáš Mráz - 2.0.22-2 -- rebuilt against new libgcrypt - -* Tue Oct 8 2013 Tomáš Mráz - 2.0.22-1 -- new upstream release fixing CVE-2013-4402 - -* Fri Aug 23 2013 Tomáš Mráz - 2.0.21-1 -- new upstream release - -* Wed Aug 7 2013 Tomas Mraz - 2.0.20-3 -- adjust to the unversioned docdir change (#993785) - -* Sat Aug 03 2013 Fedora Release Engineering - 2.0.20-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed May 15 2013 Tomas Mraz - 2.0.20-1 -- new upstream release - -* Thu Feb 14 2013 Fedora Release Engineering - 2.0.19-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jan 2 2013 Tomas Mraz - 2.0.19-7 -- fix CVE-2012-6085 - skip invalid key packets (#891142) - -* Thu Nov 22 2012 Tomas Mraz - 2.0.19-6 -- use AES as default crypto algorithm in FIPS mode (#879047) - -* Fri Nov 16 2012 Jamie Nguyen - 2.0.19-5 -- rebuild for - 2.0.19-4 -- fix negated condition (#843842) - -* Thu Jul 26 2012 Tomas Mraz - 2.0.19-3 -- add compat symlinks and provides if built on RHEL - -* Thu Jul 19 2012 Fedora Release Engineering - 2.0.19-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Tue Apr 24 2012 Tomas Mraz - 2.0.19-1 -- new upstream release -- set environment in protect-tool (#548528) -- do not reject OCSP signing certs without keyUsage (#720174) - -* Fri Jan 13 2012 Fedora Release Engineering - 2.0.18-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Wed Oct 12 2011 Rex Dieter 2.0.18-2 -- build with --enable-standard-socket - -* Wed Aug 17 2011 Tomas Mraz - 2.0.18-1 -- new upstream release (#728481) - -* Mon Jul 25 2011 Tomas Mraz - 2.0.17-2 -- fix a bug that shows up with the new libgcrypt release (#725369) - -* Thu Jan 20 2011 Tomas Mraz - 2.0.17-1 -- new upstream release (#669611) - -* Tue Aug 17 2010 Tomas Mraz - 2.0.16-3 -- drop the provides/obsoletes for gnupg -- drop the man page file conflicting with gnupg-1.x - -* Fri Aug 13 2010 Tomas Mraz - 2.0.16-2 -- drop the compat symlinks as gnupg-1.x is revived - -* Tue Jul 27 2010 Rex Dieter - 2.0.16-1 -- gnupg-2.0.16 - -* Fri Jul 23 2010 Rex Dieter - 2.0.14-4 -- gpgsm realloc patch (#617706) - -* Fri Jun 18 2010 Tomas Mraz - 2.0.14-3 -- initialize small amount of secmem for list of algorithms in help (#598847) - (necessary in the FIPS mode of libgcrypt) - -* Tue Feb 9 2010 Tomas Mraz - 2.0.14-2 -- disable selinux support - it is too rudimentary and restrictive (#562982) - -* Mon Jan 11 2010 Tomas Mraz - 2.0.14-1 -- new upstream version -- fix a few tests so they do not need to execute gpg-agent - -* Tue Dec 8 2009 Michael Schwendt - 2.0.13-4 -- Explicitly BR libassuan-static in accordance with the Packaging - Guidelines (libassuan-devel is still static-only). - -* Fri Oct 23 2009 Tomas Mraz - 2.0.13-3 -- drop s390 specific ifnarchs as all the previously missing dependencies - are now there -- split out gpgsm into a smime subpackage to reduce main package dependencies - -* Wed Oct 21 2009 Tomas Mraz - 2.0.13-2 -- provide/obsolete gnupg-1 and add compat symlinks to be able to drop - gnupg-1 - -* Fri Sep 04 2009 Rex Dieter - 2.0.13-1 -- gnupg-2.0.13 -- Unable to use gpg-agent + input methods (#228953) - -* Fri Jul 24 2009 Fedora Release Engineering - 2.0.12-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Wed Jun 17 2009 Rex Dieter - 2.0.12-1 -- gnupg-2.0.12 - -* Wed Mar 04 2009 Rex Dieter - 2.0.11-1 -- gnupg-2.0.11 - -* Tue Feb 24 2009 Fedora Release Engineering - 2.0.10-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Sat Jan 31 2009 Karsten Hopp 2.0.10-1 -- don't require pcsc-lite-libs and libusb on mainframe where - we don't have those packages as there's no hardware for that - -* Tue Jan 13 2009 Rex Dieter 2.0.10-1 -- gnupg-2.0.10 - -* Mon Aug 04 2008 Rex Dieter 2.0.9-3 -- workaround rpm quirks - -* Sat May 24 2008 Tom "spot" Callaway 2.0.9-2 -- Patch from upstream to fix curl 7.18.1+ and gcc4.3+ compile error - -* Mon May 19 2008 Tom "spot" Callaway 2.0.9-1.1 -- minor release bump for sparc rebuild - -* Wed Mar 26 2008 Rex Dieter 2.0.9-1 -- gnupg2-2.0.9 -- drop Provides: openpgp -- versioned Provides: gpg -- own %%_sysconfdir/gnupg - -* Fri Feb 08 2008 Rex Dieter 2.0.8-3 -- respin (gcc43) - -* Wed Jan 23 2008 Rex Dieter 2.0.8-2 -- avoid kde-filesystem dep (#427316) - -* Thu Dec 20 2007 Rex Dieter 2.0.8-1 -- gnupg2-2.0.8 - -* Mon Dec 17 2007 Rex Dieter 2.0.8-0.1.rc1 -- gnupg2-2.0.8rc1 - -* Tue Dec 04 2007 Rex Dieter 2.0.7-5 -- respin for openldap - -* Mon Nov 12 2007 Rex Dieter 2.0.7-4 -- Requires: kde-filesystem (#377841) - -* Wed Oct 03 2007 Rex Dieter 2.0.7-3 -- %%build: (re)add mkdir -p $HOME/.gnupg - -* Wed Oct 03 2007 Rex Dieter 2.0.7-2 -- Requires: dirmngr (#312831) - -* Mon Sep 10 2007 Rex Dieter 2.0.7-1 -- gnupg-2.0.7 - -* Fri Aug 24 2007 Rex Dieter 2.0.6-2 -- respin (libassuan) - -* Thu Aug 16 2007 Rex Dieter 2.0.6-1 -- gnupg-2.0.6 -- License: GPLv3+ - -* Thu Aug 02 2007 Rex Dieter 2.0.5-4 -- License: GPLv3 - -* Mon Jul 16 2007 Rex Dieter 2.0.5-3 -- 2.0.5 too many open files fix - -* Fri Jul 06 2007 Rex Dieter 2.0.5-2 -- gnupg-2.0.5 -- gpg-agent not restarted after kde session crash/killed (#196327) -- BR: libassuan-devel > 1.0.2, libksba-devel > 1.0.2 - -* Fri May 18 2007 Rex Dieter 2.0.4-1 -- gnupg-2.0.4 - -* Thu Mar 08 2007 Rex Dieter 2.0.3-1 -- gnupg-2.0.3 - -* Fri Feb 02 2007 Rex Dieter 2.0.2-1 -- gnupg-2.0.2 - -* Wed Dec 06 2006 Rex Dieter 2.0.1-2 -- CVE-2006-6235 (#219934) - -* Wed Nov 29 2006 Rex Dieter 2.0.1-1 -- gnupg-2.0.1 -- CVE-2006-6169 (#217950) - -* Sat Nov 25 2006 Rex Dieter 2.0.1-0.3.rc1 -- gnupg-2.0.1rc1 - -* Thu Nov 16 2006 Rex Dieter 2.0.0-4 -- update %%description -- drop dearmor patch - -* Mon Nov 13 2006 Rex Dieter 2.0.0-3 -- BR: libassuan-static >= 1.0.0 - -* Mon Nov 13 2006 Rex Dieter 2.0.0-2 -- gnupg-2.0.0 - -* Fri Nov 10 2006 Rex Dieter 1.9.95-3 -- upstream 64bit patch - -* Mon Nov 06 2006 Rex Dieter 1.9.95-2 -- fix (more) file conflicts with gnupg - -* Mon Nov 06 2006 Rex Dieter 1.9.95-1 -- 1.9.95 - -* Wed Oct 25 2006 Rex Dieter 1.9.94-1 -- 1.9.94 - -* Wed Oct 18 2006 Rex Dieter 1.9.93-1 -- 1.9.93 - -* Wed Oct 11 2006 Rex Dieter 1.9.92-2 -- fix file conflicts with gnupg - -* Wed Oct 11 2006 Rex Dieter 1.9.92-1 -- 1.9.92 - -* Tue Oct 10 2006 Rex Dieter 1.9.91-4 -- make check ||: (apparently checks return err even on success?) - -* Tue Oct 10 2006 Rex Dieter 1.9.91-3 -- --enable-selinux-support -- x86_64: --disable-optimization (to avoid gpg2 segfaults), for now - -* Thu Oct 05 2006 Rex Dieter 1.9.91-1 -- 1.9.91 - -* Wed Oct 04 2006 Rex Dieter 1.9.22-8 -- respin - -* Tue Sep 26 2006 Rex Dieter 1.9.90-1 -- 1.9.90 (doesn't build, not released) - -* Mon Sep 18 2006 Rex Dieter 1.9.23-1 -- 1.9.23 (doesn't build, not released) - -* Mon Sep 18 2006 Rex Dieter 1.9.22-7 -- gpg-agent-startup.sh: fix case where valid .gpg-agent-info exists - -* Mon Sep 18 2006 Rex Dieter 1.9.22-6 -- fix "syntax error in gpg-agent-startup.sh" (#206887) - -* Thu Sep 07 2006 Rex Dieter 1.9.22-3 -- fc6 respin (for libksba-1.0) - -* Tue Aug 29 2006 Rex Dieter 1.9.22-2 -- fc6 respin - -* Fri Jul 28 2006 Rex Dieter 1.9.22-1 -- 1.9.22 - -* Thu Jun 22 2006 Rex Dieter 1.9.21-3 -- fix "gpg-agent not restarted after kde session crash/killed (#196327) - -* Thu Jun 22 2006 Rex Dieter 1.9.21-2 -- 1.9.21 -- omit gpg2 binary to address CVS-2006-3082 (#196190) - -* Mon Mar 6 2006 Ville Skyttä > 1.9.20-3 -- Don't hardcode pcsc-lite lib name (#184123) - -* Thu Feb 16 2006 Rex Dieter 1.9.20-2 -- fc4+: use /etc/kde/(env|shutdown) for scripts (#175744) - -* Fri Feb 10 2006 Rex Dieter -- fc5: gcc/glibc respin - -* Tue Dec 20 2005 Rex Dieter 1.9.20-1 -- 1.9.20 - -* Thu Dec 01 2005 Rex Dieter 1.9.19-8 -- include gpg-agent-(startup|shutdown) scripts (#136533) -- BR: libksba-devel >= 1.9.12 -- %%check: be permissive about failures (for now) - -* Wed Nov 30 2005 Rex Dieter 1.9.19-3 -- BR: libksba-devel >= 1.9.13 - -* Tue Oct 11 2005 Rex Dieter 1.9.19-2 -- back to BR: libksba-devel = 1.9.11 - -* Tue Oct 11 2005 Rex Dieter 1.9.19-1 -- 1.9.19 - -* Fri Aug 26 2005 Rex Dieter 1.9.18-9 -- configure: NEED_KSBA_VERSION=0.9.12 -> 0.9.11 - -* Fri Aug 26 2005 Rex Dieter 1.9.18-7 -- re-enable 'make check', rebuild against (older) libksba-0.9.11 - -* Tue Aug 9 2005 Rex Dieter 1.9.18-6 -- don't 'make check' by default (regular builds pass, but FC4/5+plague fails) - -* Mon Aug 8 2005 Rex Dieter 1.9.18-5 -- 1.9.18 -- drop pth patch (--enable-gpg build fixed) -- update description (from README) - -* Fri Jul 1 2005 Ville Skyttä - 1.9.17-1 -- 1.9.17, signal info patch applied upstream (#162264). -- Patch to fix lvalue build error with gcc4 (upstream #485). -- Patch scdaemon and pcsc-wrapper to load the versioned (non-devel) - pcsc-lite lib by default. - -* Fri May 13 2005 Michael Schwendt - 1.9.16-3 -- Include upstream's patch for signal.c. - -* Tue May 10 2005 Michael Schwendt - 1.9.16-1 -- Merge changes from Rex's 1.9.16-1 (Thu Apr 21): -- opensc support unconditional -- remove hard-coded .gz from %%post/%%postun -- add %%check section -- add pth patch -- Put back patch modified from 1.9.15-4 to make tests verbose - and change signal.c to describe received signals better. - -* Sun May 8 2005 Michael Schwendt -- Drop patch0 again. - -* Sun May 8 2005 Michael Schwendt - 1.9.15-4 -- Add patch0 temporarily to get some output from failing test. - -* Sat May 7 2005 David Woodhouse 1.9.15-3 -- Rebuild. - -* Thu Apr 7 2005 Michael Schwendt -- rebuilt - -* Tue Feb 1 2005 Michael Schwendt - 0:1.9.15-1 -- Make install-info in scriptlets less noisy. - -* Tue Jan 18 2005 Rex Dieter 1.9.15-0.fdr.1 -- 1.9.15 - -* Fri Jan 07 2005 Rex Dieter 1.9.14-0.fdr.2 -- note patch/hack to build against older ( <1.0) libgpg-error-devel - -* Thu Jan 06 2005 Rex Dieter 1.9.14-0.fdr.1 -- 1.9.14 -- enable opensc support -- BR: libassuan-devel >= 0.6.9 - -* Thu Oct 21 2004 Rex Dieter 1.9.11-0.fdr.4 -- remove suid. - -* Thu Oct 21 2004 Rex Dieter 1.9.11-0.fdr.3 -- remove Provides: newpg - -* Wed Oct 20 2004 Rex Dieter 1.9.11-0.fdr.2 -- Requires: pinentry -- gpg2 suid -- update description - -* Tue Oct 19 2004 Rex Dieter 1.9.11-0.fdr.1 -- first try -- leave out opensc support (for now), enable --with-opensc - diff --git a/sources b/sources deleted file mode 100644 index d20ccff..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -048d8de797125f1d8e6cf3bdff9e2d12 gnupg-2.0.25.tar.bz2 -d474ba42cba833734c6196b7e6f5d853 gnupg-2.0.25.tar.bz2.sig