new upstream release

- this release now includes the dirmngr which is obsoleted as separate package

.gitignore

@@ -16,3 +16,5 @@ gnupg-2.0.16.tar.bz2.sig
 /gnupg-2.0.24.tar.bz2.sig
 /gnupg-2.0.25.tar.bz2
 /gnupg-2.0.25.tar.bz2.sig
+/gnupg-2.1.1.tar.bz2
+/gnupg-2.1.1.tar.bz2.sig

gnupg-2.0.19-fips-algo.patch

@@ -1,78 +0,0 @@
-diff -up gnupg-2.0.19/g10/encode.c.fips gnupg-2.0.19/g10/encode.c
---- gnupg-2.0.19/g10/encode.c.fips	2012-03-27 10:00:37.000000000 +0200
-+++ gnupg-2.0.19/g10/encode.c	2012-11-22 15:51:23.314371267 +0100
-@@ -732,7 +732,7 @@ encrypt_filter( void *opaque, int contro
- 		if( efx->cfx.dek->algo == -1 ) {
-                     /* because 3DES is implicitly in the prefs, this can only
-                      * happen if we do not have any public keys in the list */
--		    efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
-+		    efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
-                 }
- 
-                 /* In case 3DES has been selected, print a warning if
-diff -up gnupg-2.0.19/g10/gpg.c.fips gnupg-2.0.19/g10/gpg.c
---- gnupg-2.0.19/g10/gpg.c.fips	2012-11-22 15:51:23.308371138 +0100
-+++ gnupg-2.0.19/g10/gpg.c	2012-11-22 15:51:23.315371289 +0100
-@@ -1973,7 +1973,7 @@ main (int argc, char **argv)
-     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
-     opt.s2k_mode = 3; /* iterated+salted */
-     opt.s2k_count = 0; /* Auto-calibrate when needed.  */
--    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
-+    opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_CAST5;
-     opt.completes_needed = 1;
-     opt.marginals_needed = 3;
-     opt.max_cert_depth = 5;
-diff -up gnupg-2.0.19/g10/mainproc.c.fips gnupg-2.0.19/g10/mainproc.c
---- gnupg-2.0.19/g10/mainproc.c.fips	2012-03-27 10:00:37.000000000 +0200
-+++ gnupg-2.0.19/g10/mainproc.c	2012-11-22 16:43:51.876084682 +0100
-@@ -685,9 +685,11 @@ proc_plaintext( CTX c, PACKET *pkt )
- 	   often.  There is no good way to specify what algorithms to
- 	   use in that case, so these three are the historical
- 	   answer. */
--	gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
-+	if( !gcry_fips_mode_active() )
-+	  gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
- 	gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
--	gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
-+	if( !gcry_fips_mode_active() )
-+	  gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
-       }
-     if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
- 	/* This is a kludge to work around a bug in pgp2.  It does only
-@@ -2157,24 +2159,30 @@ proc_tree( CTX c, KBNODE node )
- 	else if( !c->any.data ) {
- 	    /* detached signature */
- 	    free_md_filter_context( &c->mfx );
--            if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
--              BUG ();
-+            if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) {
-+               log_error("Digest algorithm not available probably due to FIPS mode.\n");
-+               return;
-+	    }
- 
- 	    if( !opt.pgp2_workarounds )
- 		;
- 	    else if( sig->digest_algo == DIGEST_ALGO_MD5
- 		     && is_RSA( sig->pubkey_algo ) ) {
- 		/* enable a workaround for a pgp2 bug */
--                if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
--                  BUG ();
-+                if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) {
-+                   log_error("Digest algorithm not available probably due to FIPS mode.\n");
-+                   return;
-+	        }
- 	    }
- 	    else if( sig->digest_algo == DIGEST_ALGO_SHA1
- 		     && sig->pubkey_algo == PUBKEY_ALGO_DSA
- 		     && sig->sig_class == 0x01 ) {
- 		/* enable the workaround also for pgp5 when the detached
- 		 * signature has been created in textmode */
--              if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
--                BUG ();
-+              if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) {
-+                 log_error("Digest algorithm not available.\n");
-+                 return;
-+	      }
- 	    }
- #if 0 /* workaround disabled */
- 	    /* Here we have another hack to work around a pgp 2 bug

gnupg-2.1.1-file-is-digest.patch

@@ -1,7 +1,7 @@
-diff -up gnupg-2.0.25/g10/gpg.c.file-is-digest gnupg-2.0.25/g10/gpg.c
---- gnupg-2.0.25/g10/gpg.c.file-is-digest	2014-08-05 16:46:28.865869320 +0200
-+++ gnupg-2.0.25/g10/gpg.c	2014-08-05 16:49:27.520063937 +0200
-@@ -345,6 +345,7 @@ enum cmd_and_opt_values
+diff -up gnupg-2.1.1/g10/gpg.c.file-is-digest gnupg-2.1.1/g10/gpg.c
+--- gnupg-2.1.1/g10/gpg.c.file-is-digest	2015-01-29 16:56:43.043680964 +0100
++++ gnupg-2.1.1/g10/gpg.c	2015-01-29 16:59:20.875250453 +0100
+@@ -349,6 +349,7 @@ enum cmd_and_opt_values
      oTTYtype,
      oLCctype,
      oLCmessages,
@@ -9,34 +9,34 @@ diff -up gnupg-2.0.25/g10/gpg.c.file-is-digest gnupg-2.0.25/g10/gpg.c
      oXauthority,
      oGroup,
      oUnGroup,
-@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = {
-   ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
+@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_s (oPersonalCompressPreferences,
                                           "personal-compress-preferences", "@"),
+   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
 +  ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
  
    /* Aliases.  I constantly mistype these, and assume other people do
       as well. */
-@@ -2003,6 +2005,7 @@ main (int argc, char **argv)
-     set_homedir ( default_homedir () );
-     opt.passphrase_repeat=1;
+@@ -2126,6 +2128,7 @@ main (int argc, char **argv)
+     set_homedir (default_homedir ());
+     opt.passphrase_repeat = 1;
      opt.emit_version = 1; /* Limit to the major number.  */
 +    opt.file_is_digest=0;
  
-     opt.list_options   |= LIST_SHOW_UID_VALIDITY;
-     opt.verify_options |= LIST_SHOW_UID_VALIDITY;
-@@ -2493,6 +2496,7 @@ main (int argc, char **argv)
+     /* Check whether we have a config file on the command line.  */
+     orig_argc = argc;
+@@ -2630,6 +2633,7 @@ main (int argc, char **argv)
+ 	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
+ 	    break;
  	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
- 	  case oForceV3Sigs: opt.force_v3_sigs = 1; break;
- 	  case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
 +	  case oFileIsDigest: opt.file_is_digest = 1; break;
-           case oForceV4Certs: opt.force_v4_certs = 1; break;
-           case oNoForceV4Certs: opt.force_v4_certs = 0; break;
+ 
  	  case oForceMDC: opt.force_mdc = 1; break;
-diff -up gnupg-2.0.25/g10/options.h.file-is-digest gnupg-2.0.25/g10/options.h
---- gnupg-2.0.25/g10/options.h.file-is-digest	2014-06-30 17:28:52.000000000 +0200
-+++ gnupg-2.0.25/g10/options.h	2014-08-05 16:46:28.869869414 +0200
-@@ -198,6 +198,7 @@ struct
+ 	  case oNoForceMDC: opt.force_mdc = 0; break;
+diff -up gnupg-2.1.1/g10/options.h.file-is-digest gnupg-2.1.1/g10/options.h
+--- gnupg-2.1.1/g10/options.h.file-is-digest	2014-12-08 15:06:10.000000000 +0100
++++ gnupg-2.1.1/g10/options.h	2015-01-29 16:56:43.046681031 +0100
+@@ -192,6 +192,7 @@ struct
    int no_auto_check_trustdb;
    int preserve_permissions;
    int no_homedir_creation;
@@ -44,23 +44,25 @@ diff -up gnupg-2.0.25/g10/options.h.file-is-digest gnupg-2.0.25/g10/options.h
    struct groupitem *grouplist;
    int mangle_dos_filenames;
    int enable_progress_filter;
-diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
---- gnupg-2.0.25/g10/sign.c.file-is-digest	2014-06-30 17:28:52.000000000 +0200
-+++ gnupg-2.0.25/g10/sign.c	2014-08-05 16:46:28.870869438 +0200
-@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list
-             mk_notation_policy_etc (sig, NULL, sk);
-           }
+diff -up gnupg-2.1.1/g10/sign.c.file-is-digest gnupg-2.1.1/g10/sign.c
+--- gnupg-2.1.1/g10/sign.c.file-is-digest	2014-12-15 09:44:05.000000000 +0100
++++ gnupg-2.1.1/g10/sign.c	2015-01-29 17:12:20.820889554 +0100
+@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list
+           mk_notation_policy_etc (sig, NULL, pk);
+         }
  
-+	if (!opt.file_is_digest) {
-         hash_sigversion_to_magic (md, sig);
- 	gcry_md_final (md);
-+	} else if (sig->version >= 4) {
-+	    log_bug("file-is-digest doesn't work with v4 sigs\n");
-+	}
+-      hash_sigversion_to_magic (md, sig);
+-      gcry_md_final (md);
++      if (!opt.file_is_digest) {
++	hash_sigversion_to_magic (md, sig);
++	gcry_md_final (md);
++      } else if (sig->version >= 4) {
++	log_bug("file-is-digest doesn't work with v4 sigs\n");
++      }
  
- 	rc = do_sign( sk, sig, md, hash_for (sk) );
- 	gcry_md_close (md);
-@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta
+       rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
+       gcry_md_close (md);
+@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
      SK_LIST sk_rover = NULL;
      int multifile = 0;
      u32 duration=0;
@@ -69,7 +71,7 @@ diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
  
      pfx = new_progress_context ();
      afx = new_armor_context ();
-@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta
+@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	fname = NULL;
  
      if( fname && filenames->next && (!detached || encryptflag) )
@@ -87,7 +89,7 @@ diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
  
      if(encryptflag==2
         && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta
+@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
        goto leave;
  
      /* prepare iobufs */
@@ -96,16 +98,16 @@ diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
  	inp = NULL; /* we do it later */
      else {
        inp = iobuf_open(fname);
-@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta
- 	gcry_md_enable (mfx.md, hash_for(sk));
-     }
+@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+     for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
+       gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
  
 -    if( !multifile )
 +    if( !multifile && !opt.file_is_digest )
  	iobuf_push_filter( inp, md_filter, &mfx );
  
-     if( detached && !encryptflag && !RFC1991 )
-@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta
+     if( detached && !encryptflag)
+@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      write_status_begin_signing (mfx.md);
  
@@ -114,7 +116,7 @@ diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
      /* Setup the inner packet. */
      if( detached ) {
  	if( multifile ) {
-@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta
+@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	    if( opt.verbose )
  		putc( '\n', stderr );
  	}
@@ -160,14 +162,14 @@ diff -up gnupg-2.0.25/g10/sign.c.file-is-digest gnupg-2.0.25/g10/sign.c
  	else {
  	    /* read, so that the filter can calculate the digest */
  	    while( iobuf_get(inp) != -1 )
-@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta
+@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      /* write the signatures */
      rc = write_signature_packets (sk_list, out, mfx.md,
 -                                  opt.textmode && !outfile? 0x01 : 0x00,
--				  0, duration, detached ? 'D':'S');
+-				  0, duration, detached ? 'D':'S', NULL);
 +                                  sigclass,
-+				  timestamp, duration, detached ? 'D':'S');
++				  timestamp, duration, detached ? 'D':'S', NULL);
      if( rc )
          goto leave;
  

gnupg-2.1.1-fips-algo.patch

@@ -0,0 +1,13 @@
+diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c
+--- gnupg-2.1.1/g10/mainproc.c.fips	2015-01-29 17:19:49.266031504 +0100
++++ gnupg-2.1.1/g10/mainproc.c	2015-01-29 17:27:13.938088122 +0100
+@@ -719,7 +719,8 @@ proc_plaintext( CTX c, PACKET *pkt )
+          according to 2440, so hopefully it won't come up that often.
+          There is no good way to specify what algorithms to use in
+          that case, so these there are the historical answer. */
+-	gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
++	if (!gcry_fips_mode_active())
++            gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+ 	gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
+     }
+   if (DBG_HASHING)

gnupg-2.1.1-ocsp-keyusage.patch

@@ -1,11 +1,11 @@
-diff -up gnupg-2.0.20/sm/certlist.c.keyusage gnupg-2.0.20/sm/certlist.c
---- gnupg-2.0.20/sm/certlist.c.keyusage	2013-05-10 14:55:49.000000000 +0200
-+++ gnupg-2.0.20/sm/certlist.c	2013-05-15 14:15:57.420276618 +0200
+diff -up gnupg-2.1.1/sm/certlist.c.keyusage gnupg-2.1.1/sm/certlist.c
+--- gnupg-2.1.1/sm/certlist.c.keyusage	2014-11-27 11:51:36.000000000 +0100
++++ gnupg-2.1.1/sm/certlist.c	2015-01-29 17:30:57.117135497 +0100
 @@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode
  
    if (mode == 5)
      {
--      if (use != ~0 
+-      if (use != ~0
 -          && (have_ocsp_signing
 -              || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
 -                         |KSBA_KEYUSAGE_CRL_SIGN))))

gnupg2.spec

@@ -1,7 +1,7 @@
 Summary: Utility for secure communication and data storage
 Name:    gnupg2
-Version: 2.0.25
-Release: 2%{?dist}
+Version: 2.1.1
+Release: 1%{?dist}
 
 License: GPLv3+
 Group:   Applications/System
@@ -12,9 +12,9 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.
 Patch1:  gnupg-2.0.20-insttools.patch
 Patch3:  gnupg-2.0.20-secmem.patch
 # non-upstreamable patch adding file-is-digest option needed for Copr
-Patch4:  gnupg-2.0.25-file-is-digest.patch
-Patch5:  gnupg-2.0.20-ocsp-keyusage.patch
-Patch6:  gnupg-2.0.19-fips-algo.patch
+Patch4:  gnupg-2.1.1-file-is-digest.patch
+Patch5:  gnupg-2.1.1-ocsp-keyusage.patch
+Patch6:  gnupg-2.1.1-fips-algo.patch
 
 URL:     http://www.gnupg.org/
 
@@ -23,14 +23,14 @@ BuildRequires: bzip2-devel
 BuildRequires: curl-devel
 BuildRequires: docbook-utils
 BuildRequires: gettext
-BuildRequires: libassuan-devel >= 2.0.0
-BuildRequires: libgcrypt-devel >= 1.4
-BuildRequires: libgpg-error-devel => 1.4
-BuildRequires: libksba-devel >= 1.0.2
+BuildRequires: libassuan-devel >= 2.1.0
+BuildRequires: libgcrypt-devel >= 1.6.0
+BuildRequires: libgpg-error-devel >= 1.16
+BuildRequires: libksba-devel >= 1.3.0
 BuildRequires: openldap-devel
 BuildRequires: libusb-devel
 BuildRequires: pcsc-lite-libs
-BuildRequires: pth-devel
+BuildRequires: npth-devel
 BuildRequires: readline-devel ncurses-devel
 BuildRequires: zlib-devel
 
@@ -46,6 +46,9 @@ Provides: gnupg = %{version}-%{release}
 Obsoletes: gnupg <= 1.4.10
 %endif
 
+Provides: dirmngr = %{version}-%{release}
+Obsoletes: dirmngr < 1.2.0-1
+
 %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
 %package smime
@@ -87,13 +90,14 @@ to the base GnuPG package
 # it can use other implementations too (including non-pcsc ones).
 %global pcsclib %(basename $(ls -1 %{_libdir}/libpcsclite.so.? 2>/dev/null ) 2>/dev/null )
 
-sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/{scdaemon,pcsc-wrapper}.c
+sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
 
 
 %build
 
 %configure \
   --disable-rpath \
+  --disable-gpgtar \
   --enable-standard-socket
 
 # need scratch gpg database for tests
@@ -166,6 +170,9 @@ fi
 %{_bindir}/gpg-agent
 %{_bindir}/gpgconf
 %{_bindir}/gpgparsemail
+%{_bindir}/g13
+%{_bindir}/dirmngr
+%{_bindir}/dirmngr-client
 %if 0%{?rhel} > 5
 %{_bindir}/gpg
 %{_bindir}/gpgv
@@ -196,6 +203,10 @@ fi
 
 
 %changelog
+* Thu Jan 29 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.1-1
+- new upstream release
+- this release now includes the dirmngr which is obsoleted as separate package
+
 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.25-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 

sources

@@ -1,2 +1,2 @@
-048d8de797125f1d8e6cf3bdff9e2d12  gnupg-2.0.25.tar.bz2
-d474ba42cba833734c6196b7e6f5d853  gnupg-2.0.25.tar.bz2.sig
+9a314c3dcef0a091de90b6aa4d467db5  gnupg-2.1.1.tar.bz2
+90128fcb4a2fefa81576666361b36aab  gnupg-2.1.1.tar.bz2.sig