From 9a5275f84df8db677fbf147079cd9c19bfcdcd41 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 9 Aug 2017 16:50:55 +0200 Subject: [PATCH] upgrade to 2.1.22 --- .gitignore | 2 + gnupg-2.1.20-build.patch | 70 ------------------ gnupg-2.1.21-scdaemon-path.patch | 71 ------------------- gnupg-2.1.22-build.patch | 46 ++++++++++++ ...patch => gnupg-2.1.22-file-is-digest.patch | 48 ++++++------- gnupg2.spec | 13 ++-- sources | 4 +- 7 files changed, 81 insertions(+), 173 deletions(-) delete mode 100644 gnupg-2.1.20-build.patch delete mode 100644 gnupg-2.1.21-scdaemon-path.patch create mode 100644 gnupg-2.1.22-build.patch rename gnupg-2.1.20-file-is-digest.patch => gnupg-2.1.22-file-is-digest.patch (78%) diff --git a/.gitignore b/.gitignore index 93a1904..9a858cd 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,5 @@ gnupg-2.0.16.tar.bz2.sig /gnupg-2.1.20.tar.bz2.sig /gnupg-2.1.21.tar.bz2 /gnupg-2.1.21.tar.bz2.sig +/gnupg-2.1.22.tar.bz2 +/gnupg-2.1.22.tar.bz2.sig diff --git a/gnupg-2.1.20-build.patch b/gnupg-2.1.20-build.patch deleted file mode 100644 index 65b06e5..0000000 --- a/gnupg-2.1.20-build.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff -up gnupg-2.1.20/configure.ac.build gnupg-2.1.20/configure.ac ---- gnupg-2.1.20/configure.ac.build 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/configure.ac 2017-04-24 15:45:15.236829650 +0200 -@@ -89,8 +89,8 @@ AC_GNU_SOURCE - # CFLAGS (they are restored at the end of the configure script). This - # is because some configure checks don't work with -Werror, but we'd - # like to use -Werror with our build. --CFLAGS_orig=$CFLAGS --CFLAGS= -+#CFLAGS_orig=$CFLAGS -+#CFLAGS= - - # Some status variables. - have_gpg_error=no -@@ -1679,7 +1679,7 @@ fi - # - # Add user CFLAGS. - # --CFLAGS="$CFLAGS $CFLAGS_orig" -+# CFLAGS="$CFLAGS $CFLAGS_orig" - - # - # Decide what to build -diff -up gnupg-2.1.20/configure.build gnupg-2.1.20/configure ---- gnupg-2.1.20/configure.build 2017-04-03 21:03:13.000000000 +0200 -+++ gnupg-2.1.20/configure 2017-04-24 15:45:15.237829673 +0200 -@@ -5097,8 +5097,8 @@ $as_echo "$ac_cv_safe_to_define___extens - # CFLAGS (they are restored at the end of the configure script). This - # is because some configure checks don't work with -Werror, but we'd - # like to use -Werror with our build. --CFLAGS_orig=$CFLAGS --CFLAGS= -+#CFLAGS_orig=$CFLAGS -+#CFLAGS= - - # Some status variables. - have_gpg_error=no -@@ -15631,7 +15631,7 @@ fi - # - # Add user CFLAGS. - # --CFLAGS="$CFLAGS $CFLAGS_orig" -+# CFLAGS="$CFLAGS $CFLAGS_orig" - - # - # Decide what to build -diff -up gnupg-2.1.20/dirmngr/Makefile.am.build gnupg-2.1.20/dirmngr/Makefile.am ---- gnupg-2.1.20/dirmngr/Makefile.am.build 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/dirmngr/Makefile.am 2017-04-24 15:59:50.323444901 +0200 -@@ -151,7 +151,7 @@ t_ldap_parse_uri_SOURCES = \ - t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \ - http.c http-common.c dns-stuff.c \ - $(ldap_url) $(t_common_src) --t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(USE_C99_CFLAGS) \ -+t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(LIBASSUAN_CFLAGS) $(USE_C99_CFLAGS) \ - $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) - t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) - -diff -up gnupg-2.1.20/dirmngr/Makefile.in.build gnupg-2.1.20/dirmngr/Makefile.in ---- gnupg-2.1.20/dirmngr/Makefile.in.build 2017-04-03 21:03:11.000000000 +0200 -+++ gnupg-2.1.20/dirmngr/Makefile.in 2017-04-24 16:00:30.548390528 +0200 -@@ -682,7 +682,7 @@ t_ldap_parse_uri_SOURCES = \ - http.c http-common.c dns-stuff.c \ - $(ldap_url) $(t_common_src) - --t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(USE_C99_CFLAGS) \ -+t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(LIBASSUAN_CFLAGS) $(USE_C99_CFLAGS) \ - $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) - - t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) diff --git a/gnupg-2.1.21-scdaemon-path.patch b/gnupg-2.1.21-scdaemon-path.patch deleted file mode 100644 index f69eac1..0000000 --- a/gnupg-2.1.21-scdaemon-path.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 386a7bbb245dd3ab7c4156a554adbe75d82bdf49 Mon Sep 17 00:00:00 2001 -From: Justus Winter -Date: Tue, 16 May 2017 16:07:25 +0200 -Subject: [PATCH] tests: Configure the environments to use scdaemon from build - tree. - -* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree -when writing a 'gpg-agent.conf'. -* tests/gpgsm/gpgsm-defs.scm: Likewise. -* tests/openpgp/defs.scm: Likewise. --- - -As of 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 gpg may query the -scdaemon for a signing key to use. To make sure that the agent calls -the right scdaemon, we provide the path explicitly in the -'gpg-agent.conf' that is used in the tests, similar to what we do for -the agent itself and the pinentry. - -GnuPG-bug-id: 3165 -Signed-off-by: Justus Winter ---- - tests/gpgme/gpgme-defs.scm | 4 +++- - tests/gpgsm/gpgsm-defs.scm | 4 +++- - tests/openpgp/defs.scm | 1 + - 3 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm -index e24db25..0de589f 100644 ---- a/tests/gpgme/gpgme-defs.scm -+++ b/tests/gpgme/gpgme-defs.scm -@@ -66,7 +66,9 @@ - (string-append "agent-program " (tool 'gpg-agent) "|--debug-quick-random\n")) - (create-file - "gpg-agent.conf" -- (string-append "pinentry-program " (tool 'pinentry))) -+ (string-append "pinentry-program " (tool 'pinentry)) -+ (string-append "scdaemon-program " (tool 'scdaemon)) -+ ) - - (start-agent) - -diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm -index 711922a..d99d7da 100644 ---- a/tests/gpgsm/gpgsm-defs.scm -+++ b/tests/gpgsm/gpgsm-defs.scm -@@ -66,7 +66,9 @@ - "disable-crl-checks" - "faked-system-time 1008241200") - (create-file "gpg-agent.conf" -- (string-append "pinentry-program " (tool 'pinentry))) -+ (string-append "pinentry-program " (tool 'pinentry)) -+ (string-append "scdaemon-program " (tool 'scdaemon)) -+ ) - (start-agent) - (create-file - "trustlist.txt" -diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm -index 1531dc1..0cd45ad 100644 ---- a/tests/openpgp/defs.scm -+++ b/tests/openpgp/defs.scm -@@ -349,6 +349,7 @@ - "no-grab" - "enable-ssh-support" - (string-append "pinentry-program " (tool 'pinentry)) -+ (string-append "scdaemon-program " (tool 'scdaemon)) - )) - - ;; Initialize the test environment, install appropriate configuration --- -2.9.3 - diff --git a/gnupg-2.1.22-build.patch b/gnupg-2.1.22-build.patch new file mode 100644 index 0000000..4b9e423 --- /dev/null +++ b/gnupg-2.1.22-build.patch @@ -0,0 +1,46 @@ +diff -up gnupg-2.1.22/configure.ac.build gnupg-2.1.22/configure.ac +--- gnupg-2.1.22/configure.ac.build 2017-07-25 15:31:56.000000000 +0200 ++++ gnupg-2.1.22/configure.ac 2017-08-09 16:24:48.466263808 +0200 +@@ -89,8 +89,8 @@ AC_GNU_SOURCE + # CFLAGS (they are restored at the end of the configure script). This + # is because some configure checks don't work with -Werror, but we'd + # like to use -Werror with our build. +-CFLAGS_orig=$CFLAGS +-CFLAGS= ++#CFLAGS_orig=$CFLAGS ++#CFLAGS= + + # Some status variables. + have_gpg_error=no +@@ -1682,7 +1682,7 @@ fi + # + # Add user CFLAGS. + # +-CFLAGS="$CFLAGS $CFLAGS_orig" ++# CFLAGS="$CFLAGS $CFLAGS_orig" + + # + # Decide what to build +diff -up gnupg-2.1.22/configure.build gnupg-2.1.22/configure +--- gnupg-2.1.22/configure.build 2017-07-28 19:10:42.000000000 +0200 ++++ gnupg-2.1.22/configure 2017-08-09 16:24:48.467263833 +0200 +@@ -5100,8 +5100,8 @@ $as_echo "$ac_cv_safe_to_define___extens + # CFLAGS (they are restored at the end of the configure script). This + # is because some configure checks don't work with -Werror, but we'd + # like to use -Werror with our build. +-CFLAGS_orig=$CFLAGS +-CFLAGS= ++#CFLAGS_orig=$CFLAGS ++#CFLAGS= + + # Some status variables. + have_gpg_error=no +@@ -15676,7 +15676,7 @@ fi + # + # Add user CFLAGS. + # +-CFLAGS="$CFLAGS $CFLAGS_orig" ++# CFLAGS="$CFLAGS $CFLAGS_orig" + + # + # Decide what to build diff --git a/gnupg-2.1.20-file-is-digest.patch b/gnupg-2.1.22-file-is-digest.patch similarity index 78% rename from gnupg-2.1.20-file-is-digest.patch rename to gnupg-2.1.22-file-is-digest.patch index e0999c0..91f32a3 100644 --- a/gnupg-2.1.20-file-is-digest.patch +++ b/gnupg-2.1.22-file-is-digest.patch @@ -1,7 +1,7 @@ -diff -up gnupg-2.1.20/g10/gpg.c.file-is-digest gnupg-2.1.20/g10/gpg.c ---- gnupg-2.1.20/g10/gpg.c.file-is-digest 2017-04-24 15:39:44.279999738 +0200 -+++ gnupg-2.1.20/g10/gpg.c 2017-04-24 15:39:44.281999785 +0200 -@@ -374,6 +374,7 @@ enum cmd_and_opt_values +diff -up gnupg-2.1.22/g10/gpg.c.file-is-digest gnupg-2.1.22/g10/gpg.c +--- gnupg-2.1.22/g10/gpg.c.file-is-digest 2017-08-09 16:22:19.208599993 +0200 ++++ gnupg-2.1.22/g10/gpg.c 2017-08-09 16:22:19.210600042 +0200 +@@ -379,6 +379,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -9,7 +9,7 @@ diff -up gnupg-2.1.20/g10/gpg.c.file-is-digest gnupg-2.1.20/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -817,6 +818,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -825,6 +826,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), @@ -17,7 +17,7 @@ diff -up gnupg-2.1.20/g10/gpg.c.file-is-digest gnupg-2.1.20/g10/gpg.c ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), -@@ -2394,6 +2396,7 @@ main (int argc, char **argv) +@@ -2384,6 +2386,7 @@ main (int argc, char **argv) gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; opt.emit_version = 0; @@ -25,7 +25,7 @@ diff -up gnupg-2.1.20/g10/gpg.c.file-is-digest gnupg-2.1.20/g10/gpg.c opt.weak_digests = NULL; additional_weak_digest("MD5"); -@@ -2942,6 +2945,7 @@ main (int argc, char **argv) +@@ -2944,6 +2947,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -33,10 +33,10 @@ diff -up gnupg-2.1.20/g10/gpg.c.file-is-digest gnupg-2.1.20/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -diff -up gnupg-2.1.20/g10/options.h.file-is-digest gnupg-2.1.20/g10/options.h ---- gnupg-2.1.20/g10/options.h.file-is-digest 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/options.h 2017-04-24 15:39:44.281999785 +0200 -@@ -214,6 +214,7 @@ struct +diff -up gnupg-2.1.22/g10/options.h.file-is-digest gnupg-2.1.22/g10/options.h +--- gnupg-2.1.22/g10/options.h.file-is-digest 2017-07-24 20:57:50.000000000 +0200 ++++ gnupg-2.1.22/g10/options.h 2017-08-09 16:22:19.210600042 +0200 +@@ -212,6 +212,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -44,18 +44,18 @@ diff -up gnupg-2.1.20/g10/options.h.file-is-digest gnupg-2.1.20/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c ---- gnupg-2.1.20/g10/sign.c.file-is-digest 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/sign.c 2017-04-24 15:43:51.475847998 +0200 +diff -up gnupg-2.1.22/g10/sign.c.file-is-digest gnupg-2.1.22/g10/sign.c +--- gnupg-2.1.22/g10/sign.c.file-is-digest 2017-07-28 17:35:18.000000000 +0200 ++++ gnupg-2.1.22/g10/sign.c 2017-08-09 16:23:21.437127512 +0200 @@ -40,6 +40,7 @@ #include "pkglue.h" #include "../common/sysutils.h" #include "call-agent.h" +#include "../common/host2net.h" #include "../common/mbox-util.h" + #include "../common/compliance.h" - #ifdef HAVE_DOSISH_SYSTEM -@@ -695,6 +696,8 @@ write_signature_packets (ctrl_t ctrl, +@@ -727,6 +728,8 @@ write_signature_packets (ctrl_t ctrl, if (duration || opt.sig_policy_url || opt.sig_notations || opt.sig_keyserver_url) sig->version = 4; @@ -64,7 +64,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c else sig->version = pk->version; -@@ -718,8 +721,10 @@ write_signature_packets (ctrl_t ctrl, +@@ -750,8 +753,10 @@ write_signature_packets (ctrl_t ctrl, mk_notation_policy_etc (sig, NULL, pk); } @@ -77,7 +77,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -781,6 +786,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -813,6 +818,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -86,7 +86,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -798,7 +805,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -830,7 +837,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -104,7 +104,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -819,7 +835,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -851,7 +867,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -113,7 +113,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -957,7 +973,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -989,7 +1005,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -122,7 +122,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1012,6 +1028,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1044,6 +1060,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -131,7 +131,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1052,6 +1070,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1084,6 +1102,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -177,7 +177,7 @@ diff -up gnupg-2.1.20/g10/sign.c.file-is-digest gnupg-2.1.20/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1070,8 +1127,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1102,8 +1159,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, diff --git a/gnupg2.spec b/gnupg2.spec index ba102a7..3523cfe 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,7 +1,7 @@ Summary: Utility for secure communication and data storage Name: gnupg2 -Version: 2.1.21 -Release: 5%{?dist} +Version: 2.1.22 +Release: 1%{?dist} License: GPLv3+ Group: Applications/System @@ -15,11 +15,10 @@ Patch2: gnupg-2.1.19-exponential.patch # needed for compatibility with system FIPS mode Patch3: gnupg-2.1.10-secmem.patch # non-upstreamable patch adding file-is-digest option needed for Copr -Patch4: gnupg-2.1.20-file-is-digest.patch +Patch4: gnupg-2.1.22-file-is-digest.patch Patch5: gnupg-2.1.1-ocsp-keyusage.patch Patch6: gnupg-2.1.1-fips-algo.patch -Patch7: gnupg-2.1.20-build.patch -Patch8: gnupg-2.1.21-scdaemon-path.patch +Patch7: gnupg-2.1.22-build.patch # allow 8192 bit RSA keys in keygen UI with large RSA Patch9: gnupg-2.1.21-large-rsa.patch @@ -100,7 +99,6 @@ to the base GnuPG package %patch5 -p1 -b .keyusage %patch6 -p1 -b .fips %patch7 -p1 -b .build -%patch8 -p1 -b .scdaemon %patch9 -p1 -b .large-rsa # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) @@ -213,6 +211,9 @@ fi %changelog +* Wed Aug 9 2017 Tomáš Mráz - 2.1.22-1 +- upgrade to 2.1.22 + * Wed Aug 02 2017 Fedora Release Engineering - 2.1.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index 7c21cb8..81ba9bc 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (gnupg-2.1.21.tar.bz2) = ddced44c37a220af8371ba36357fc0f23b22b57daec1cba6d4a1a015d345eac7f6060c88b22a5cd457ee364d0ec1f02175644aed1970a97abfa84a3d285bc512 -SHA512 (gnupg-2.1.21.tar.bz2.sig) = 81175787730a191c4290ecec34f4b056082e6e76e959d4cf6f6f7f6b4c78bc2dd2a19ca86c329c0146ef8c451b457f12db4e1010d6bd17d205646b21964b4a5a +SHA512 (gnupg-2.1.22.tar.bz2) = d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 +SHA512 (gnupg-2.1.22.tar.bz2.sig) = 601d908348590314493f9ce7710944f798b42db7301e59aa3ed4ed1c30f56001396f9c7b2a389c6d7cb463b7839e73f43c862b8fa7c1e06c5fc47b15c1efde79