From b8f07864720c205143f73064857a54afff68e58e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 7 May 2019 06:58:18 -0400 Subject: [PATCH] import gnupg2-2.2.9-1.el8 --- .gitignore | 1 + .gnupg2.metadata | 1 + SOURCES/gnupg-2.1.1-fips-algo.patch | 13 + SOURCES/gnupg-2.1.1-ocsp-keyusage.patch | 17 + SOURCES/gnupg-2.1.10-secmem.patch | 33 + SOURCES/gnupg-2.1.19-exponential.patch | 38 ++ SOURCES/gnupg-2.1.21-insttools.patch | 62 ++ SOURCES/gnupg-2.1.21-large-rsa.patch | 12 + SOURCES/gnupg-2.2.8-file-is-digest.patch | 190 ++++++ SOURCES/gnupg-2.2.9.tar.bz2.sig | Bin 0 -> 620 bytes SPECS/gnupg2.spec | 742 +++++++++++++++++++++++ 11 files changed, 1109 insertions(+) create mode 100644 .gitignore create mode 100644 .gnupg2.metadata create mode 100644 SOURCES/gnupg-2.1.1-fips-algo.patch create mode 100644 SOURCES/gnupg-2.1.1-ocsp-keyusage.patch create mode 100644 SOURCES/gnupg-2.1.10-secmem.patch create mode 100644 SOURCES/gnupg-2.1.19-exponential.patch create mode 100644 SOURCES/gnupg-2.1.21-insttools.patch create mode 100644 SOURCES/gnupg-2.1.21-large-rsa.patch create mode 100644 SOURCES/gnupg-2.2.8-file-is-digest.patch create mode 100644 SOURCES/gnupg-2.2.9.tar.bz2.sig create mode 100644 SPECS/gnupg2.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9bc1804 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/gnupg-2.2.9.tar.bz2 diff --git a/.gnupg2.metadata b/.gnupg2.metadata new file mode 100644 index 0000000..8b08632 --- /dev/null +++ b/.gnupg2.metadata @@ -0,0 +1 @@ +e6ef18c2e06175bbe563959c9acc682c02bcd572 SOURCES/gnupg-2.2.9.tar.bz2 diff --git a/SOURCES/gnupg-2.1.1-fips-algo.patch b/SOURCES/gnupg-2.1.1-fips-algo.patch new file mode 100644 index 0000000..fbb6d27 --- /dev/null +++ b/SOURCES/gnupg-2.1.1-fips-algo.patch @@ -0,0 +1,13 @@ +diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c +--- gnupg-2.1.1/g10/mainproc.c.fips 2015-01-29 17:19:49.266031504 +0100 ++++ gnupg-2.1.1/g10/mainproc.c 2015-01-29 17:27:13.938088122 +0100 +@@ -719,7 +719,8 @@ proc_plaintext( CTX c, PACKET *pkt ) + according to 2440, so hopefully it won't come up that often. + There is no good way to specify what algorithms to use in + that case, so these there are the historical answer. */ +- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); ++ if (!gcry_fips_mode_active()) ++ gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); + } + if (DBG_HASHING) diff --git a/SOURCES/gnupg-2.1.1-ocsp-keyusage.patch b/SOURCES/gnupg-2.1.1-ocsp-keyusage.patch new file mode 100644 index 0000000..3b7be41 --- /dev/null +++ b/SOURCES/gnupg-2.1.1-ocsp-keyusage.patch @@ -0,0 +1,17 @@ +diff -up gnupg-2.1.1/sm/certlist.c.keyusage gnupg-2.1.1/sm/certlist.c +--- gnupg-2.1.1/sm/certlist.c.keyusage 2014-11-27 11:51:36.000000000 +0100 ++++ gnupg-2.1.1/sm/certlist.c 2015-01-29 17:30:57.117135497 +0100 +@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode + + if (mode == 5) + { +- if (use != ~0 +- && (have_ocsp_signing +- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN +- |KSBA_KEYUSAGE_CRL_SIGN)))) ++ if (have_ocsp_signing ++ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN ++ |KSBA_KEYUSAGE_CRL_SIGN))) + return 0; + log_info (_("certificate should not have " + "been used for OCSP response signing\n")); diff --git a/SOURCES/gnupg-2.1.10-secmem.patch b/SOURCES/gnupg-2.1.10-secmem.patch new file mode 100644 index 0000000..e263509 --- /dev/null +++ b/SOURCES/gnupg-2.1.10-secmem.patch @@ -0,0 +1,33 @@ +diff -up gnupg-2.1.10/g10/gpg.c.secmem gnupg-2.1.10/g10/gpg.c +--- gnupg-2.1.10/g10/gpg.c.secmem 2015-12-04 10:53:27.000000000 +0100 ++++ gnupg-2.1.10/g10/gpg.c 2015-12-07 15:32:38.922812652 +0100 +@@ -889,7 +889,7 @@ make_libversion (const char *libname, co + + if (maybe_setuid) + { +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); +@@ -1041,7 +1041,7 @@ build_list (const char *text, char lette + char *string; + + if (maybe_setuid) +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + + indent = utf8_charcount (text, -1); + len = 0; +diff -up gnupg-2.1.10/sm/gpgsm.c.secmem gnupg-2.1.10/sm/gpgsm.c +--- gnupg-2.1.10/sm/gpgsm.c.secmem 2015-11-30 17:39:52.000000000 +0100 ++++ gnupg-2.1.10/sm/gpgsm.c 2015-12-07 15:31:17.226884207 +0100 +@@ -530,7 +530,7 @@ make_libversion (const char *libname, co + + if (maybe_setuid) + { +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); diff --git a/SOURCES/gnupg-2.1.19-exponential.patch b/SOURCES/gnupg-2.1.19-exponential.patch new file mode 100644 index 0000000..5f01767 --- /dev/null +++ b/SOURCES/gnupg-2.1.19-exponential.patch @@ -0,0 +1,38 @@ +diff -up gnupg-2.1.19/common/asshelp.c.exponential gnupg-2.1.19/common/asshelp.c +--- gnupg-2.1.19/common/asshelp.c.exponential 2017-03-01 14:04:33.000000000 +0100 ++++ gnupg-2.1.19/common/asshelp.c 2017-03-15 17:18:14.279792654 +0100 +@@ -434,12 +434,12 @@ start_new_gpg_agent (assuan_context_t *r + agent_program, gpg_strerror (err)); + else + { +- for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++) ++ for (i=2; i < SECS_TO_WAIT_FOR_AGENT*1000; i<<=1) /* start with 2 ms */ + { +- if (verbose) ++ if (verbose && i > 500) + log_info (_("waiting for the agent to come up ... (%ds)\n"), +- SECS_TO_WAIT_FOR_AGENT - i); +- gnupg_sleep (1); ++ SECS_TO_WAIT_FOR_AGENT - i/1000); ++ gnupg_usleep (i*1000); + err = assuan_socket_connect (ctx, sockname, 0, 0); + if (!err) + { +@@ -587,13 +587,13 @@ start_new_dirmngr (assuan_context_t *r_c + { + int i; + +- for (i=0; i < SECS_TO_WAIT_FOR_DIRMNGR; i++) ++ for (i=2; i < SECS_TO_WAIT_FOR_DIRMNGR*1000; i<<=1) /* start with 2 ms */ + { +- if (verbose) ++ if (verbose && i > 500) + log_info (_("waiting for the dirmngr " + "to come up ... (%ds)\n"), +- SECS_TO_WAIT_FOR_DIRMNGR - i); +- gnupg_sleep (1); ++ SECS_TO_WAIT_FOR_DIRMNGR - i/1000); ++ gnupg_usleep (i*1000); + err = assuan_socket_connect (ctx, sockname, 0, 0); + if (!err) + { diff --git a/SOURCES/gnupg-2.1.21-insttools.patch b/SOURCES/gnupg-2.1.21-insttools.patch new file mode 100644 index 0000000..e076dae --- /dev/null +++ b/SOURCES/gnupg-2.1.21-insttools.patch @@ -0,0 +1,62 @@ +diff -up gnupg-2.1.21/tools/Makefile.am.insttools gnupg-2.1.21/tools/Makefile.am +--- gnupg-2.1.21/tools/Makefile.am.insttools 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.21/tools/Makefile.am 2017-07-18 12:10:59.431729640 +0200 +@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER + sbin_SCRIPTS = addgnupghome applygnupgdefaults + + if HAVE_USTAR +-# bin_SCRIPTS += gpg-zip +-noinst_SCRIPTS = gpg-zip ++bin_PROGRAMS += gpg-zip ++#noinst_SCRIPTS = gpg-zip + endif + + if BUILD_SYMCRYPTRUN +@@ -53,7 +53,7 @@ endif + + libexec_PROGRAMS = gpg-wks-client + +-bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} ++bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} gpgsplit + if !HAVE_W32_SYSTEM + bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} + endif +@@ -63,7 +63,7 @@ libexec_PROGRAMS += gpg-check-pattern + endif + + if !HAVE_W32CE_SYSTEM +-noinst_PROGRAMS = clean-sat make-dns-cert gpgsplit ++noinst_PROGRAMS = clean-sat make-dns-cert + endif + + if !HAVE_W32CE_SYSTEM +diff -up gnupg-2.1.21/tools/Makefile.in.insttools gnupg-2.1.21/tools/Makefile.in +--- gnupg-2.1.21/tools/Makefile.in.insttools 2017-05-15 16:15:04.000000000 +0200 ++++ gnupg-2.1.21/tools/Makefile.in 2017-07-18 12:12:17.907734745 +0200 +@@ -137,13 +137,13 @@ DIST_COMMON = $(top_srcdir)/am/cmacros.a + @GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\"" + @HAVE_W32_SYSTEM_TRUE@am__append_8 = gpg-connect-agent-w32info.o + libexec_PROGRAMS = gpg-wks-client$(EXEEXT) $(am__EXEEXT_5) +-bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \ ++bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) gpgsplit$(EXEEXT) \ + $(am__EXEEXT_1) $(am__EXEEXT_3) $(am__EXEEXT_4) + @HAVE_W32_SYSTEM_FALSE@am__append_9 = watchgnupg gpgparsemail ${gpg_wks_server} + @DISABLE_REGEX_FALSE@am__append_10 = gpg-check-pattern + @HAVE_W32CE_SYSTEM_FALSE@noinst_PROGRAMS = clean-sat$(EXEEXT) \ + @HAVE_W32CE_SYSTEM_FALSE@ make-dns-cert$(EXEEXT) \ +-@HAVE_W32CE_SYSTEM_FALSE@ gpgsplit$(EXEEXT) $(am__EXEEXT_6) ++@HAVE_W32CE_SYSTEM_FALSE@ $(am__EXEEXT_6) + @BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_11 = gpgtar + @BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_12 = gpgtar + subdir = tools +@@ -582,8 +582,8 @@ libcommontlsnpth = ../common/libcommontl + AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) + sbin_SCRIPTS = addgnupghome applygnupgdefaults + +-# bin_SCRIPTS += gpg-zip +-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip ++@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip ++#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip + @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = + @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun + @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = diff --git a/SOURCES/gnupg-2.1.21-large-rsa.patch b/SOURCES/gnupg-2.1.21-large-rsa.patch new file mode 100644 index 0000000..96aad02 --- /dev/null +++ b/SOURCES/gnupg-2.1.21-large-rsa.patch @@ -0,0 +1,12 @@ +diff -up gnupg-2.1.21/g10/keygen.c.large-rsa gnupg-2.1.21/g10/keygen.c +--- gnupg-2.1.21/g10/keygen.c.large-rsa 2017-05-15 14:13:22.000000000 +0200 ++++ gnupg-2.1.21/g10/keygen.c 2017-07-18 16:12:37.738895016 +0200 +@@ -2091,7 +2091,7 @@ get_keysize_range (int algo, unsigned in + + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; +- *max = 4096; ++ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; + def = 2048; + break; + } diff --git a/SOURCES/gnupg-2.2.8-file-is-digest.patch b/SOURCES/gnupg-2.2.8-file-is-digest.patch new file mode 100644 index 0000000..49345cd --- /dev/null +++ b/SOURCES/gnupg-2.2.8-file-is-digest.patch @@ -0,0 +1,190 @@ +diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c +--- gnupg-2.2.8/g10/gpg.c.file-is-digest 2018-06-11 10:15:33.755167428 +0200 ++++ gnupg-2.2.8/g10/gpg.c 2018-06-11 10:17:36.352063501 +0200 +@@ -376,6 +376,7 @@ enum cmd_and_opt_values + oTTYtype, + oLCctype, + oLCmessages, ++ oFileIsDigest, + oXauthority, + oGroup, + oUnGroup, +@@ -821,6 +822,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_s (oPersonalCompressPreferences, + "personal-compress-preferences", "@"), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ++ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), + ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), + ARGPARSE_s_n (oUnwrap, "unwrap", "@"), + ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), +@@ -2390,6 +2392,7 @@ main (int argc, char **argv) + opt.keyid_format = KF_NONE; + opt.def_sig_expire = "0"; + opt.def_cert_expire = "0"; ++ opt.file_is_digest = 0; + gnupg_set_homedir (NULL); + opt.passphrase_repeat = 1; + opt.emit_version = 0; +@@ -2963,6 +2966,7 @@ main (int argc, char **argv) + opt.verify_options&=~VERIFY_SHOW_PHOTOS; + break; + case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; ++ case oFileIsDigest: opt.file_is_digest = 1; break; + + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + +diff -up gnupg-2.2.8/g10/options.h.file-is-digest gnupg-2.2.8/g10/options.h +--- gnupg-2.2.8/g10/options.h.file-is-digest 2018-05-31 12:03:06.000000000 +0200 ++++ gnupg-2.2.8/g10/options.h 2018-06-11 10:15:33.757167476 +0200 +@@ -210,6 +210,7 @@ struct + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; ++ int file_is_digest; + struct groupitem *grouplist; + int mangle_dos_filenames; + int enable_progress_filter; +diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c +--- gnupg-2.2.8/g10/sign.c.file-is-digest 2017-08-28 12:22:54.000000000 +0200 ++++ gnupg-2.2.8/g10/sign.c 2018-06-11 10:15:33.757167476 +0200 +@@ -40,6 +40,7 @@ + #include "pkglue.h" + #include "../common/sysutils.h" + #include "call-agent.h" ++#include "../common/host2net.h" + #include "../common/mbox-util.h" + #include "../common/compliance.h" + +@@ -727,6 +728,8 @@ write_signature_packets (ctrl_t ctrl, + if (duration || opt.sig_policy_url + || opt.sig_notations || opt.sig_keyserver_url) + sig->version = 4; ++ else if (opt.file_is_digest) ++ sig->version = 3; + else + sig->version = pk->version; + +@@ -750,8 +753,10 @@ write_signature_packets (ctrl_t ctrl, + mk_notation_policy_etc (sig, NULL, pk); + } + +- hash_sigversion_to_magic (md, sig); +- gcry_md_final (md); ++ if (!opt.file_is_digest) { ++ hash_sigversion_to_magic (md, sig); ++ gcry_md_final (md); ++ } + + rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); + gcry_md_close (md); +@@ -813,6 +818,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + SK_LIST sk_rover = NULL; + int multifile = 0; + u32 duration=0; ++ int sigclass = 0x00; ++ u32 timestamp = 0; + + pfx = new_progress_context (); + afx = new_armor_context (); +@@ -830,7 +837,16 @@ sign_file (ctrl_t ctrl, strlist_t filena + fname = NULL; + + if( fname && filenames->next && (!detached || encryptflag) ) +- log_bug("multiple files can only be detached signed"); ++ log_bug("multiple files can only be detached signed\n"); ++ ++ if (opt.file_is_digest && (multifile || !fname)) ++ log_bug("file-is-digest only works with one file\n"); ++ if (opt.file_is_digest && !detached) ++ log_bug("file-is-digest can only write detached signatures\n"); ++ if (opt.file_is_digest && !opt.def_digest_algo) ++ log_bug("file-is-digest needs --digest-algo\n"); ++ if (opt.file_is_digest && opt.textmode) ++ log_bug("file-is-digest doesn't work with --textmode\n"); + + if(encryptflag==2 + && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) +@@ -851,7 +867,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + goto leave; + + /* prepare iobufs */ +- if( multifile ) /* have list of filenames */ ++ if( multifile || opt.file_is_digest) /* have list of filenames */ + inp = NULL; /* we do it later */ + else { + inp = iobuf_open(fname); +@@ -989,7 +1005,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) + gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); + +- if( !multifile ) ++ if( !multifile && !opt.file_is_digest ) + iobuf_push_filter( inp, md_filter, &mfx ); + + if( detached && !encryptflag) +@@ -1044,6 +1060,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + + write_status_begin_signing (mfx.md); + ++ sigclass = opt.textmode && !outfile? 0x01 : 0x00; ++ + /* Setup the inner packet. */ + if( detached ) { + if( multifile ) { +@@ -1084,6 +1102,45 @@ sign_file (ctrl_t ctrl, strlist_t filena + if( opt.verbose ) + log_printf ("\n"); + } ++ else if (opt.file_is_digest) { ++ byte *mdb, ts[5]; ++ size_t mdlen; ++ const char *fp; ++ int c, d; ++ ++ gcry_md_final(mfx.md); ++ /* this assumes gcry_md_read returns the same buffer */ ++ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); ++ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); ++ if (strlen(fname) != mdlen * 2 + 11) ++ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); ++ d = -1; ++ for (fp = fname ; *fp; ) { ++ c = *fp++; ++ if (c >= '0' && c <= '9') ++ c -= '0'; ++ else if (c >= 'a' && c <= 'f') ++ c -= 'a' - 10; ++ else if (c >= 'A' && c <= 'F') ++ c -= 'A' - 10; ++ else ++ log_bug("filename is not hex\n"); ++ if (d >= 0) { ++ *mdb++ = d << 4 | c; ++ c = -1; ++ if (--mdlen == 0) { ++ mdb = ts; ++ if (*fp++ != '@') ++ log_bug("missing time separator\n"); ++ } ++ } ++ d = c; ++ } ++ sigclass = ts[0]; ++ if (sigclass != 0x00 && sigclass != 0x01) ++ log_bug("bad cipher class\n"); ++ timestamp = buf32_to_u32(ts + 1); ++ } + else { + /* read, so that the filter can calculate the digest */ + while( iobuf_get(inp) != -1 ) +@@ -1102,8 +1159,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + + /* write the signatures */ + rc = write_signature_packets (ctrl, sk_list, out, mfx.md, +- opt.textmode && !outfile? 0x01 : 0x00, +- 0, duration, detached ? 'D':'S', NULL); ++ sigclass, ++ timestamp, duration, detached ? 'D':'S', NULL); + if( rc ) + goto leave; + diff --git a/SOURCES/gnupg-2.2.9.tar.bz2.sig b/SOURCES/gnupg-2.2.9.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000..9972539f44d45212939a0de9c329b26f9c3ab38a GIT binary patch literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$WE_xBvy{ECPz=|b4*URR-*RZmI~am{h>_Bu3+bdbn<)wylDPq&cgx`{@$B=r5LoEw z>BmEE+`xR8Dd9Q<@tk=#%1!=WBR%k%(eH^;`B*vLarj!Pr-_Bj69{QoM1imsnfcxY-2Yh4QW z^vHNUM83}|xNtwoAC+mNxinZs@27uvyu~yTmRmnR$Nd*-hmDraVm?};ifNon6OT4D zWGhA;V~GJX1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6JNBLg>3JDM(aj=Rr zy*~z``v?D3yD{WWG= 2.1.0 +BuildRequires: libgcrypt-devel >= 1.7.0 +BuildRequires: libgpg-error-devel >= 1.31 +BuildRequires: libksba-devel >= 1.3.0 +BuildRequires: openldap-devel +BuildRequires: libusb-devel +BuildRequires: pcsc-lite-libs +BuildRequires: npth-devel +BuildRequires: readline-devel ncurses-devel +BuildRequires: zlib-devel +BuildRequires: gnutls-devel +BuildRequires: sqlite-devel +BuildRequires: fuse + +Requires: libgcrypt >= 1.7.0 +Requires: libgpg-error >= 1.31 + +Recommends: pinentry + +Recommends: gnupg2-smime + +%if 0%{?rhel} > 5 +# pgp-tools, perl-GnuPG-Interface requires 'gpg' (not sure why) -- Rex +Provides: gpg = %{version}-%{release} +# Obsolete GnuPG-1 package +Provides: gnupg = %{version}-%{release} +Obsoletes: gnupg <= 1.4.10 +%endif + +Provides: dirmngr = %{version}-%{release} +Obsoletes: dirmngr < 1.2.0-1 + +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} + +%package smime +Summary: CMS encryption and signing tool and smart card support for GnuPG +Requires: gnupg2 = %{version}-%{release} +Group: Applications/Internet + + +%description +GnuPG is GNU's tool for secure communication and data storage. It can +be used to encrypt data and to create digital signatures. It includes +an advanced key management facility and is compliant with the proposed +OpenPGP Internet standard as described in RFC2440 and the S/MIME +standard as described by several RFCs. + +GnuPG 2.0 is a newer version of GnuPG with additional support for +S/MIME. It has a different design philosophy that splits +functionality up into several modules. The S/MIME and smartcard functionality +is provided by the gnupg2-smime package. + +%description smime +GnuPG is GNU's tool for secure communication and data storage. This +package adds support for smart cards and S/MIME encryption and signing +to the base GnuPG package + +%prep +%setup -q -n gnupg-%{version} + +%if 0%{?rhel} > 5 +%patch1 -p1 -b .insttools +%endif +%patch2 -p1 -b .exponential +%patch3 -p1 -b .secmem +%patch4 -p1 -b .file-is-digest +%patch5 -p1 -b .keyusage +%patch6 -p1 -b .fips +%patch9 -p1 -b .large-rsa + +# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) +# Note: this is just the name of the default shared lib to load in scdaemon, +# it can use other implementations too (including non-pcsc ones). +%global pcsclib %(basename $(ls -1 %{_libdir}/libpcsclite.so.? 2>/dev/null ) 2>/dev/null ) + +sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c + + +%build + +%configure \ +%if ! (0%{?rhel} > 5) + --enable-gpg-is-gpg2 \ +%endif + --disable-gpgtar \ + --disable-rpath \ + --enable-g13 \ + --enable-large-secmem + +# need scratch gpg database for tests +mkdir -p $HOME/.gnupg + +make %{?_smp_mflags} + + +%install +make install DESTDIR=%{buildroot} \ + INSTALL="install -p" \ + docdir=%{_pkgdocdir} + +%if ! (0%{?rhel} > 5) +# rename file conflicting with gnupg-1.x +rename gnupg.7 gnupg2.7 %{buildroot}%{_mandir}/man7/gnupg.7* +%endif + +%find_lang %{name} + +# gpgconf.conf +mkdir -p %{buildroot}%{_sysconfdir}/gnupg +touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf + +# more docs +install -m644 -p AUTHORS NEWS THANKS TODO \ + %{buildroot}%{_pkgdocdir} + +%if 0%{?rhel} > 5 +# compat symlinks +ln -sf gpg %{buildroot}%{_bindir}/gpg2 +ln -sf gpgv %{buildroot}%{_bindir}/gpgv2 +ln -sf gpg.1 %{buildroot}%{_mandir}/man1/gpg2.1 +ln -sf gpgv.1 %{buildroot}%{_mandir}/man1/gpgv2.1 +ln -sf gnupg.7 %{buildroot}%{_mandir}/man7/gnupg2.7 +%endif + +# info dir +rm -f %{buildroot}%{_infodir}/dir + +# drop the gpg scheme interpreter +rm -f %{buildroot}%{_bindir}/gpgscm + +%check +# need scratch gpg database for tests +mkdir -p $HOME/.gnupg +make -k check + + +%files -f %{name}.lang +%{!?_licensedir:%global license %%doc} +%license COPYING +#doc AUTHORS NEWS README THANKS TODO +%{_pkgdocdir} +%dir %{_sysconfdir}/gnupg +%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf +## docs say to install suid root, but fedora/rh security folk say not to +%{_bindir}/gpg2 +%{_bindir}/gpgv2 +%{_bindir}/gpg-connect-agent +%{_bindir}/gpg-agent +%{_bindir}/gpgconf +%{_bindir}/gpgparsemail +%{_bindir}/g13 +%{_bindir}/dirmngr +%{_bindir}/dirmngr-client +%if 0%{?rhel} > 5 +%{_bindir}/gpg +%{_bindir}/gpgv +%{_bindir}/gpgsplit +%{_bindir}/gpg-zip +%endif +%{_bindir}/watchgnupg +%{_sbindir}/* +%{_datadir}/gnupg/ +%{_libexecdir}/* +%{_infodir}/*.info* +%{_mandir}/man?/* +%exclude %{_mandir}/man?/gpgsm* + +%files smime +%{_bindir}/gpgsm* +%{_bindir}/kbxutil +%{_mandir}/man?/gpgsm* + + +%changelog +* Wed Aug 1 2018 Tomáš Mráz - 2.2.9-1 +- upgrade to 2.2.9 + +* Mon Jun 11 2018 Tomáš Mráz - 2.2.8-1 +- upgrade to 2.2.8 fixing CVE 2018-12020 + +* Wed Apr 11 2018 Tomáš Mráz - 2.2.6-1 +- upgrade to 2.2.6 + +* Fri Mar 2 2018 Tomáš Mráz - 2.2.5-1 +- upgrade to 2.2.5 + +* Wed Feb 07 2018 Fedora Release Engineering - 2.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 12 2018 Tomáš Mráz - 2.2.4-1 +- upgrade to 2.2.4 + +* Tue Nov 21 2017 Tomáš Mráz - 2.2.3-1 +- upgrade to 2.2.3 + +* Wed Nov 8 2017 Tomáš Mráz - 2.2.2-1 +- upgrade to 2.2.2 + +* Tue Oct 3 2017 Tomáš Mráz - 2.2.1-1 +- upgrade to 2.2.1 + +* Tue Sep 5 2017 Tomáš Mráz - 2.2.0-1 +- upgrade to 2.2.0 + +* Wed Aug 9 2017 Tomáš Mráz - 2.1.22-1 +- upgrade to 2.1.22 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.1.21-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Fri Jul 28 2017 Tomáš Mráz - 2.1.21-4 +- explictly remove gpgscm from the buildroot + +* Tue Jul 18 2017 Tomáš Mráz - 2.1.21-3 +- rebase the insttools patch +- enable large secure memory support + +* Tue May 16 2017 Tomáš Mráz - 2.1.21-2 +- scdaemon is now needed by gpg + +* Tue May 16 2017 Tomáš Mráz - 2.1.21-1 +- upgrade to 2.1.21 + +* Tue Apr 25 2017 Tomáš Mráz - 2.1.20-2 +- libdns aliasing issues fixed + +* Mon Apr 24 2017 Tomáš Mráz - 2.1.20-1 +- upgrade to 2.1.20 +- disable bundled libdns for now (#1444352) + +* Fri Mar 24 2017 Tomáš Mráz - 2.1.19-1 +- upgrade to 2.1.19 +- shorten time waiting on gpg-agent/dirmngr to start by exponential + backoff (#1431749) + +* Wed Mar 1 2017 Tomáš Mráz - 2.1.18-2 +- upgrade to 2.1.18 + +* Fri Feb 10 2017 Fedora Release Engineering - 2.1.17-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 12 2017 Igor Gnatenko - 2.1.17-2 +- Rebuild for readline 7.x + +* Thu Dec 22 2016 Tomáš Mráz - 2.1.17-1 +- upgrade to 2.1.17 + +* Mon Nov 28 2016 Tomáš Mráz - 2.1.16-1 +- upgrade to 2.1.16 + +* Mon Aug 22 2016 Tomáš Mráz - 2.1.13-2 +- avoid using libgcrypt without initialization (#1366909) + +* Tue Jul 12 2016 Tomáš Mráz - 2.1.13-1 +- upgrade to 2.1.13 + +* Thu May 5 2016 Tomáš Mráz - 2.1.12-1 +- upgrade to 2.1.12 + +* Tue Apr 12 2016 Tomáš Mráz - 2.1.11-4 +- make the pinentry dependency weak as for the public-key operations it + is not needed (#1324595) + +* Mon Mar 7 2016 Tomáš Mráz - 2.1.11-3 +- add recommends weak dependency for gnupg2-smime + +* Sat Mar 5 2016 Peter Robinson 2.1.11-2 +- Don't ship ChangeLog, core details already covered in NEWS + +* Tue Feb 16 2016 Tomáš Mráz - 2.1.11-1 +- upgrade to 2.1.11 + +* Wed Feb 03 2016 Fedora Release Engineering - 2.1.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 13 2016 Dan Horák - 2.1.10-3 +- fix the insttools patch + +* Wed Jan 13 2016 Tomáš Mráz - 2.1.10-2 +- rebase the insttools patch needed for full gpgv1 replacement + +* Mon Dec 7 2015 Tomáš Mráz - 2.1.10-1 +- upgrade to 2.1.10 + +* Mon Oct 12 2015 Tomáš Mráz - 2.1.9-1 +- upgrade to 2.1.9 + +* Fri Sep 11 2015 Tomáš Mráz - 2.1.8-1 +- upgrade to 2.1.8 + +* Thu Aug 13 2015 Tomáš Mráz - 2.1.7-1 +- upgrade to 2.1.7 + +* Tue Aug 11 2015 Tomáš Mráz - 2.1.6-1 +- upgrade to 2.1.6 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.1.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 12 2015 Tomáš Mráz - 2.1.5-1 +- upgrade to 2.1.5 + +* Tue May 26 2015 Tomáš Mráz - 2.1.4-2 +- use gnutls for TLS support in dirmngr (#1224816) + +* Fri May 15 2015 Robert Scheck - 2.1.4-1 +- upgrade to 2.1.4 (#1192353) + +* Thu Apr 16 2015 Tomáš Mráz - 2.1.3-1 +- new upstream release fixing minor bugs + +* Sat Feb 21 2015 Till Maas - 2.1.2-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Wed Feb 18 2015 Tomáš Mráz - 2.1.2-1 +- new upstream release fixing two minor security issues + +* Fri Jan 30 2015 Tomáš Mráz - 2.1.1-2 +- resolve conflict with gnupg by renaming conflicting manual page (#1187472) + +* Thu Jan 29 2015 Tomáš Mráz - 2.1.1-1 +- new upstream release +- this release now includes the dirmngr which is obsoleted as separate package + +* Sat Aug 16 2014 Fedora Release Engineering - 2.0.25-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Aug 5 2014 Tomáš Mráz - 2.0.25-1 +- new upstream release fixing a minor regression introduced by the previous one +- add --file-is-digest option needed for copr + +* Sat Jul 12 2014 Tom Callaway - 2.0.24-2 +- fix license handling + +* Wed Jun 25 2014 Tomáš Mráz - 2.0.24-1 +- new upstream release fixing CVE-2014-4617 + +* Sat Jun 07 2014 Fedora Release Engineering - 2.0.22-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 7 2014 Tomáš Mráz - 2.0.22-3 +- do not dump core if hash algorithm not available in the FIPS mode + +* Tue Mar 4 2014 Tomáš Mráz - 2.0.22-2 +- rebuilt against new libgcrypt + +* Tue Oct 8 2013 Tomáš Mráz - 2.0.22-1 +- new upstream release fixing CVE-2013-4402 + +* Fri Aug 23 2013 Tomáš Mráz - 2.0.21-1 +- new upstream release + +* Wed Aug 7 2013 Tomas Mraz - 2.0.20-3 +- adjust to the unversioned docdir change (#993785) + +* Sat Aug 03 2013 Fedora Release Engineering - 2.0.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed May 15 2013 Tomas Mraz - 2.0.20-1 +- new upstream release + +* Thu Feb 14 2013 Fedora Release Engineering - 2.0.19-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 2 2013 Tomas Mraz - 2.0.19-7 +- fix CVE-2012-6085 - skip invalid key packets (#891142) + +* Thu Nov 22 2012 Tomas Mraz - 2.0.19-6 +- use AES as default crypto algorithm in FIPS mode (#879047) + +* Fri Nov 16 2012 Jamie Nguyen - 2.0.19-5 +- rebuild for - 2.0.19-4 +- fix negated condition (#843842) + +* Thu Jul 26 2012 Tomas Mraz - 2.0.19-3 +- add compat symlinks and provides if built on RHEL + +* Thu Jul 19 2012 Fedora Release Engineering - 2.0.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Apr 24 2012 Tomas Mraz - 2.0.19-1 +- new upstream release +- set environment in protect-tool (#548528) +- do not reject OCSP signing certs without keyUsage (#720174) + +* Fri Jan 13 2012 Fedora Release Engineering - 2.0.18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Oct 12 2011 Rex Dieter 2.0.18-2 +- build with --enable-standard-socket + +* Wed Aug 17 2011 Tomas Mraz - 2.0.18-1 +- new upstream release (#728481) + +* Mon Jul 25 2011 Tomas Mraz - 2.0.17-2 +- fix a bug that shows up with the new libgcrypt release (#725369) + +* Thu Jan 20 2011 Tomas Mraz - 2.0.17-1 +- new upstream release (#669611) + +* Tue Aug 17 2010 Tomas Mraz - 2.0.16-3 +- drop the provides/obsoletes for gnupg +- drop the man page file conflicting with gnupg-1.x + +* Fri Aug 13 2010 Tomas Mraz - 2.0.16-2 +- drop the compat symlinks as gnupg-1.x is revived + +* Tue Jul 27 2010 Rex Dieter - 2.0.16-1 +- gnupg-2.0.16 + +* Fri Jul 23 2010 Rex Dieter - 2.0.14-4 +- gpgsm realloc patch (#617706) + +* Fri Jun 18 2010 Tomas Mraz - 2.0.14-3 +- initialize small amount of secmem for list of algorithms in help (#598847) + (necessary in the FIPS mode of libgcrypt) + +* Tue Feb 9 2010 Tomas Mraz - 2.0.14-2 +- disable selinux support - it is too rudimentary and restrictive (#562982) + +* Mon Jan 11 2010 Tomas Mraz - 2.0.14-1 +- new upstream version +- fix a few tests so they do not need to execute gpg-agent + +* Tue Dec 8 2009 Michael Schwendt - 2.0.13-4 +- Explicitly BR libassuan-static in accordance with the Packaging + Guidelines (libassuan-devel is still static-only). + +* Fri Oct 23 2009 Tomas Mraz - 2.0.13-3 +- drop s390 specific ifnarchs as all the previously missing dependencies + are now there +- split out gpgsm into a smime subpackage to reduce main package dependencies + +* Wed Oct 21 2009 Tomas Mraz - 2.0.13-2 +- provide/obsolete gnupg-1 and add compat symlinks to be able to drop + gnupg-1 + +* Fri Sep 04 2009 Rex Dieter - 2.0.13-1 +- gnupg-2.0.13 +- Unable to use gpg-agent + input methods (#228953) + +* Fri Jul 24 2009 Fedora Release Engineering - 2.0.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 17 2009 Rex Dieter - 2.0.12-1 +- gnupg-2.0.12 + +* Wed Mar 04 2009 Rex Dieter - 2.0.11-1 +- gnupg-2.0.11 + +* Tue Feb 24 2009 Fedora Release Engineering - 2.0.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 31 2009 Karsten Hopp 2.0.10-1 +- don't require pcsc-lite-libs and libusb on mainframe where + we don't have those packages as there's no hardware for that + +* Tue Jan 13 2009 Rex Dieter 2.0.10-1 +- gnupg-2.0.10 + +* Mon Aug 04 2008 Rex Dieter 2.0.9-3 +- workaround rpm quirks + +* Sat May 24 2008 Tom "spot" Callaway 2.0.9-2 +- Patch from upstream to fix curl 7.18.1+ and gcc4.3+ compile error + +* Mon May 19 2008 Tom "spot" Callaway 2.0.9-1.1 +- minor release bump for sparc rebuild + +* Wed Mar 26 2008 Rex Dieter 2.0.9-1 +- gnupg2-2.0.9 +- drop Provides: openpgp +- versioned Provides: gpg +- own %%_sysconfdir/gnupg + +* Fri Feb 08 2008 Rex Dieter 2.0.8-3 +- respin (gcc43) + +* Wed Jan 23 2008 Rex Dieter 2.0.8-2 +- avoid kde-filesystem dep (#427316) + +* Thu Dec 20 2007 Rex Dieter 2.0.8-1 +- gnupg2-2.0.8 + +* Mon Dec 17 2007 Rex Dieter 2.0.8-0.1.rc1 +- gnupg2-2.0.8rc1 + +* Tue Dec 04 2007 Rex Dieter 2.0.7-5 +- respin for openldap + +* Mon Nov 12 2007 Rex Dieter 2.0.7-4 +- Requires: kde-filesystem (#377841) + +* Wed Oct 03 2007 Rex Dieter 2.0.7-3 +- %%build: (re)add mkdir -p $HOME/.gnupg + +* Wed Oct 03 2007 Rex Dieter 2.0.7-2 +- Requires: dirmngr (#312831) + +* Mon Sep 10 2007 Rex Dieter 2.0.7-1 +- gnupg-2.0.7 + +* Fri Aug 24 2007 Rex Dieter 2.0.6-2 +- respin (libassuan) + +* Thu Aug 16 2007 Rex Dieter 2.0.6-1 +- gnupg-2.0.6 +- License: GPLv3+ + +* Thu Aug 02 2007 Rex Dieter 2.0.5-4 +- License: GPLv3 + +* Mon Jul 16 2007 Rex Dieter 2.0.5-3 +- 2.0.5 too many open files fix + +* Fri Jul 06 2007 Rex Dieter 2.0.5-2 +- gnupg-2.0.5 +- gpg-agent not restarted after kde session crash/killed (#196327) +- BR: libassuan-devel > 1.0.2, libksba-devel > 1.0.2 + +* Fri May 18 2007 Rex Dieter 2.0.4-1 +- gnupg-2.0.4 + +* Thu Mar 08 2007 Rex Dieter 2.0.3-1 +- gnupg-2.0.3 + +* Fri Feb 02 2007 Rex Dieter 2.0.2-1 +- gnupg-2.0.2 + +* Wed Dec 06 2006 Rex Dieter 2.0.1-2 +- CVE-2006-6235 (#219934) + +* Wed Nov 29 2006 Rex Dieter 2.0.1-1 +- gnupg-2.0.1 +- CVE-2006-6169 (#217950) + +* Sat Nov 25 2006 Rex Dieter 2.0.1-0.3.rc1 +- gnupg-2.0.1rc1 + +* Thu Nov 16 2006 Rex Dieter 2.0.0-4 +- update %%description +- drop dearmor patch + +* Mon Nov 13 2006 Rex Dieter 2.0.0-3 +- BR: libassuan-static >= 1.0.0 + +* Mon Nov 13 2006 Rex Dieter 2.0.0-2 +- gnupg-2.0.0 + +* Fri Nov 10 2006 Rex Dieter 1.9.95-3 +- upstream 64bit patch + +* Mon Nov 06 2006 Rex Dieter 1.9.95-2 +- fix (more) file conflicts with gnupg + +* Mon Nov 06 2006 Rex Dieter 1.9.95-1 +- 1.9.95 + +* Wed Oct 25 2006 Rex Dieter 1.9.94-1 +- 1.9.94 + +* Wed Oct 18 2006 Rex Dieter 1.9.93-1 +- 1.9.93 + +* Wed Oct 11 2006 Rex Dieter 1.9.92-2 +- fix file conflicts with gnupg + +* Wed Oct 11 2006 Rex Dieter 1.9.92-1 +- 1.9.92 + +* Tue Oct 10 2006 Rex Dieter 1.9.91-4 +- make check ||: (apparently checks return err even on success?) + +* Tue Oct 10 2006 Rex Dieter 1.9.91-3 +- --enable-selinux-support +- x86_64: --disable-optimization (to avoid gpg2 segfaults), for now + +* Thu Oct 05 2006 Rex Dieter 1.9.91-1 +- 1.9.91 + +* Wed Oct 04 2006 Rex Dieter 1.9.22-8 +- respin + +* Tue Sep 26 2006 Rex Dieter 1.9.90-1 +- 1.9.90 (doesn't build, not released) + +* Mon Sep 18 2006 Rex Dieter 1.9.23-1 +- 1.9.23 (doesn't build, not released) + +* Mon Sep 18 2006 Rex Dieter 1.9.22-7 +- gpg-agent-startup.sh: fix case where valid .gpg-agent-info exists + +* Mon Sep 18 2006 Rex Dieter 1.9.22-6 +- fix "syntax error in gpg-agent-startup.sh" (#206887) + +* Thu Sep 07 2006 Rex Dieter 1.9.22-3 +- fc6 respin (for libksba-1.0) + +* Tue Aug 29 2006 Rex Dieter 1.9.22-2 +- fc6 respin + +* Fri Jul 28 2006 Rex Dieter 1.9.22-1 +- 1.9.22 + +* Thu Jun 22 2006 Rex Dieter 1.9.21-3 +- fix "gpg-agent not restarted after kde session crash/killed (#196327) + +* Thu Jun 22 2006 Rex Dieter 1.9.21-2 +- 1.9.21 +- omit gpg2 binary to address CVS-2006-3082 (#196190) + +* Mon Mar 6 2006 Ville Skyttä > 1.9.20-3 +- Don't hardcode pcsc-lite lib name (#184123) + +* Thu Feb 16 2006 Rex Dieter 1.9.20-2 +- fc4+: use /etc/kde/(env|shutdown) for scripts (#175744) + +* Fri Feb 10 2006 Rex Dieter +- fc5: gcc/glibc respin + +* Tue Dec 20 2005 Rex Dieter 1.9.20-1 +- 1.9.20 + +* Thu Dec 01 2005 Rex Dieter 1.9.19-8 +- include gpg-agent-(startup|shutdown) scripts (#136533) +- BR: libksba-devel >= 1.9.12 +- %%check: be permissive about failures (for now) + +* Wed Nov 30 2005 Rex Dieter 1.9.19-3 +- BR: libksba-devel >= 1.9.13 + +* Tue Oct 11 2005 Rex Dieter 1.9.19-2 +- back to BR: libksba-devel = 1.9.11 + +* Tue Oct 11 2005 Rex Dieter 1.9.19-1 +- 1.9.19 + +* Fri Aug 26 2005 Rex Dieter 1.9.18-9 +- configure: NEED_KSBA_VERSION=0.9.12 -> 0.9.11 + +* Fri Aug 26 2005 Rex Dieter 1.9.18-7 +- re-enable 'make check', rebuild against (older) libksba-0.9.11 + +* Tue Aug 9 2005 Rex Dieter 1.9.18-6 +- don't 'make check' by default (regular builds pass, but FC4/5+plague fails) + +* Mon Aug 8 2005 Rex Dieter 1.9.18-5 +- 1.9.18 +- drop pth patch (--enable-gpg build fixed) +- update description (from README) + +* Fri Jul 1 2005 Ville Skyttä - 1.9.17-1 +- 1.9.17, signal info patch applied upstream (#162264). +- Patch to fix lvalue build error with gcc4 (upstream #485). +- Patch scdaemon and pcsc-wrapper to load the versioned (non-devel) + pcsc-lite lib by default. + +* Fri May 13 2005 Michael Schwendt - 1.9.16-3 +- Include upstream's patch for signal.c. + +* Tue May 10 2005 Michael Schwendt - 1.9.16-1 +- Merge changes from Rex's 1.9.16-1 (Thu Apr 21): +- opensc support unconditional +- remove hard-coded .gz from %%post/%%postun +- add %%check section +- add pth patch +- Put back patch modified from 1.9.15-4 to make tests verbose + and change signal.c to describe received signals better. + +* Sun May 8 2005 Michael Schwendt +- Drop patch0 again. + +* Sun May 8 2005 Michael Schwendt - 1.9.15-4 +- Add patch0 temporarily to get some output from failing test. + +* Sat May 7 2005 David Woodhouse 1.9.15-3 +- Rebuild. + +* Thu Apr 7 2005 Michael Schwendt +- rebuilt + +* Tue Feb 1 2005 Michael Schwendt - 0:1.9.15-1 +- Make install-info in scriptlets less noisy. + +* Tue Jan 18 2005 Rex Dieter 1.9.15-0.fdr.1 +- 1.9.15 + +* Fri Jan 07 2005 Rex Dieter 1.9.14-0.fdr.2 +- note patch/hack to build against older ( <1.0) libgpg-error-devel + +* Thu Jan 06 2005 Rex Dieter 1.9.14-0.fdr.1 +- 1.9.14 +- enable opensc support +- BR: libassuan-devel >= 0.6.9 + +* Thu Oct 21 2004 Rex Dieter 1.9.11-0.fdr.4 +- remove suid. + +* Thu Oct 21 2004 Rex Dieter 1.9.11-0.fdr.3 +- remove Provides: newpg + +* Wed Oct 20 2004 Rex Dieter 1.9.11-0.fdr.2 +- Requires: pinentry +- gpg2 suid +- update description + +* Tue Oct 19 2004 Rex Dieter 1.9.11-0.fdr.1 +- first try +- leave out opensc support (for now), enable --with-opensc +