2.4.5-1
Sync from fedora + backport of RHEL9 patches Resolves: RHEL-44673
This commit is contained in:
parent
4094489049
commit
e3dba8becf
162
gnupg-2.4.5-revert-default-eddsa.patch
Normal file
162
gnupg-2.4.5-revert-default-eddsa.patch
Normal file
@ -0,0 +1,162 @@
|
|||||||
|
From ff31dde456f32950f0df6c974b4c41f1d650d68f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Werner Koch <wk@gnupg.org>
|
||||||
|
Date: Mon, 5 Oct 2020 14:21:31 +0200
|
||||||
|
Subject: [PATCH GnuPG] gpg: Switch to ed25519+cv25519 as default algo.
|
||||||
|
|
||||||
|
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
|
||||||
|
default ago.
|
||||||
|
(ask_algo): Change default and also the way we indicate the default
|
||||||
|
algo in the list of algos.
|
||||||
|
(ask_curve): Indicate the default curve.
|
||||||
|
|
||||||
|
Signed-off-by: Werner Koch <wk@gnupg.org>
|
||||||
|
---
|
||||||
|
g10/keygen.c | 57 ++++++++++++++++++++++++++--------------------------
|
||||||
|
1 file changed, 29 insertions(+), 28 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/g10/keygen.c b/g10/keygen.c
|
||||||
|
index 16e4e58ea..b510525e3 100644
|
||||||
|
--- a/g10/keygen.c
|
||||||
|
+++ b/g10/keygen.c
|
||||||
|
@@ -47,10 +47,11 @@
|
||||||
|
#include "../common/mbox-util.h"
|
||||||
|
|
||||||
|
|
||||||
|
-/* The default algorithms. If you change them, you should ensure the value
|
||||||
|
- is inside the bounds enforced by ask_keysize and gen_xxx. See also
|
||||||
|
- get_keysize_range which encodes the allowed ranges. */
|
||||||
|
-#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr"
|
||||||
|
+/* The default algorithms. If you change them, you should ensure the
|
||||||
|
+ value is inside the bounds enforced by ask_keysize and gen_xxx.
|
||||||
|
+ See also get_keysize_range which encodes the allowed ranges. The
|
||||||
|
+ default answer in ask_algo also needs to be adjusted. */
|
||||||
|
+#define DEFAULT_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
|
||||||
|
#define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr"
|
||||||
|
|
||||||
|
/* When generating keys using the streamlined key generation dialog,
|
||||||
|
@@ -2112,50 +2113,49 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
|
||||||
|
|
||||||
|
#if GPG_USE_RSA
|
||||||
|
if (!addmode)
|
||||||
|
- tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 );
|
||||||
|
+ tty_printf (_(" (%d) RSA and RSA%s\n"), 1, "");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (!addmode && opt.compliance != CO_DE_VS)
|
||||||
|
- tty_printf (_(" (%d) DSA and Elgamal\n"), 2 );
|
||||||
|
+ tty_printf (_(" (%d) DSA and Elgamal%s\n"), 2, "");
|
||||||
|
|
||||||
|
if (opt.compliance != CO_DE_VS)
|
||||||
|
- tty_printf (_(" (%d) DSA (sign only)\n"), 3 );
|
||||||
|
+ tty_printf (_(" (%d) DSA (sign only)%s\n"), 3, "");
|
||||||
|
#if GPG_USE_RSA
|
||||||
|
- tty_printf (_(" (%d) RSA (sign only)\n"), 4 );
|
||||||
|
+ tty_printf (_(" (%d) RSA (sign only)%s\n"), 4, "");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (addmode)
|
||||||
|
{
|
||||||
|
if (opt.compliance != CO_DE_VS)
|
||||||
|
- tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 );
|
||||||
|
+ tty_printf (_(" (%d) Elgamal (encrypt only)%s\n"), 5, "");
|
||||||
|
#if GPG_USE_RSA
|
||||||
|
- tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 );
|
||||||
|
+ tty_printf (_(" (%d) RSA (encrypt only)%s\n"), 6, "");
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
if (opt.expert)
|
||||||
|
{
|
||||||
|
if (opt.compliance != CO_DE_VS)
|
||||||
|
- tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );
|
||||||
|
+ tty_printf (_(" (%d) DSA (set your own capabilities)%s\n"), 7, "");
|
||||||
|
#if GPG_USE_RSA
|
||||||
|
- tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );
|
||||||
|
+ tty_printf (_(" (%d) RSA (set your own capabilities)%s\n"), 8, "");
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
#if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA
|
||||||
|
- if (opt.expert && !addmode)
|
||||||
|
- tty_printf (_(" (%d) ECC and ECC\n"), 9 );
|
||||||
|
- if (opt.expert)
|
||||||
|
- tty_printf (_(" (%d) ECC (sign only)\n"), 10 );
|
||||||
|
+ if (!addmode)
|
||||||
|
+ tty_printf (_(" (%d) ECC (sign and encrypt)%s\n"), 9, _(" *default*") );
|
||||||
|
+ tty_printf (_(" (%d) ECC (sign only)\n"), 10 );
|
||||||
|
if (opt.expert)
|
||||||
|
- tty_printf (_(" (%d) ECC (set your own capabilities)\n"), 11 );
|
||||||
|
- if (opt.expert && addmode)
|
||||||
|
- tty_printf (_(" (%d) ECC (encrypt only)\n"), 12 );
|
||||||
|
+ tty_printf (_(" (%d) ECC (set your own capabilities)%s\n"), 11, "");
|
||||||
|
+ if (addmode)
|
||||||
|
+ tty_printf (_(" (%d) ECC (encrypt only)%s\n"), 12, "");
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (opt.expert && r_keygrip)
|
||||||
|
- tty_printf (_(" (%d) Existing key\n"), 13 );
|
||||||
|
+ tty_printf (_(" (%d) Existing key%s\n"), 13, "");
|
||||||
|
if (r_keygrip)
|
||||||
|
- tty_printf (_(" (%d) Existing key from card\n"), 14 );
|
||||||
|
+ tty_printf (_(" (%d) Existing key from card%s\n"), 14, "");
|
||||||
|
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
@@ -2164,7 +2164,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
|
||||||
|
xfree (answer);
|
||||||
|
answer = cpr_get ("keygen.algo", _("Your selection? "));
|
||||||
|
cpr_kill_prompt ();
|
||||||
|
- algo = *answer? atoi (answer) : 1;
|
||||||
|
+ algo = *answer? atoi (answer) : 9; /* Default algo is 9 */
|
||||||
|
|
||||||
|
if (opt.compliance == CO_DE_VS
|
||||||
|
&& (algo == 2 || algo == 3 || algo == 5 || algo == 7))
|
||||||
|
@@ -2220,13 +2220,13 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
|
||||||
|
- && opt.expert && !addmode)
|
||||||
|
+ && !addmode)
|
||||||
|
{
|
||||||
|
algo = PUBKEY_ALGO_ECDSA;
|
||||||
|
*r_subkey_algo = PUBKEY_ALGO_ECDH;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
|
||||||
|
+ else if ((algo == 10 || !strcmp (answer, "ecc/s")))
|
||||||
|
{
|
||||||
|
algo = PUBKEY_ALGO_ECDSA;
|
||||||
|
*r_usage = PUBKEY_USAGE_SIG;
|
||||||
|
@@ -2239,7 +2239,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else if ((algo == 12 || !strcmp (answer, "ecc/e"))
|
||||||
|
- && opt.expert && addmode)
|
||||||
|
+ && addmode)
|
||||||
|
{
|
||||||
|
algo = PUBKEY_ALGO_ECDH;
|
||||||
|
*r_usage = PUBKEY_USAGE_ENC;
|
||||||
|
@@ -2616,7 +2616,7 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
|
||||||
|
{ "NIST P-256", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
|
||||||
|
{ "NIST P-384", NULL, NULL, MY_USE_ECDSADH, 0, 0, 0 },
|
||||||
|
{ "NIST P-521", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
|
||||||
|
- { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 1, 0 },
|
||||||
|
+ { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 0, 0 },
|
||||||
|
{ "brainpoolP384r1", NULL, "Brainpool P-384", MY_USE_ECDSADH, 1, 1, 0 },
|
||||||
|
{ "brainpoolP512r1", NULL, "Brainpool P-512", MY_USE_ECDSADH, 1, 1, 0 },
|
||||||
|
{ "secp256k1", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 },
|
||||||
|
@@ -2672,9 +2672,10 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
|
||||||
|
}
|
||||||
|
|
||||||
|
curves[idx].available = 1;
|
||||||
|
- tty_printf (" (%d) %s\n", idx + 1,
|
||||||
|
+ tty_printf (" (%d) %s%s\n", idx + 1,
|
||||||
|
curves[idx].pretty_name?
|
||||||
|
- curves[idx].pretty_name:curves[idx].name);
|
||||||
|
+ curves[idx].pretty_name:curves[idx].name,
|
||||||
|
+ idx == 0? _(" *default*"):"");
|
||||||
|
}
|
||||||
|
gcry_sexp_release (keyparms);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
20
gnupg2.spec
20
gnupg2.spec
@ -2,8 +2,8 @@
|
|||||||
|
|
||||||
Summary: Utility for secure communication and data storage
|
Summary: Utility for secure communication and data storage
|
||||||
Name: gnupg2
|
Name: gnupg2
|
||||||
Version: 2.4.4
|
Version: 2.4.5
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
|
|
||||||
License: CC0-1.0 AND GPL-2.0-or-later AND GPL-3.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later AND (BSD-3-Clause OR LGPL-3.0-or-later OR GPL-2.0-or-later) AND CC-BY-4.0 AND MIT
|
License: CC0-1.0 AND GPL-2.0-or-later AND GPL-3.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later AND (BSD-3-Clause OR LGPL-3.0-or-later OR GPL-2.0-or-later) AND CC-BY-4.0 AND MIT
|
||||||
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
|
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
|
||||||
@ -28,6 +28,8 @@ Patch30: gnupg-2.2.21-coverity.patch
|
|||||||
Patch31: gnupg2-revert-rfc4880bis.patch
|
Patch31: gnupg2-revert-rfc4880bis.patch
|
||||||
# Mostly reverts https://dev.gnupg.org/rGeae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed
|
# Mostly reverts https://dev.gnupg.org/rGeae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed
|
||||||
Patch33: gnupg-2.4.3-restore-systemd-sockets.patch
|
Patch33: gnupg-2.4.3-restore-systemd-sockets.patch
|
||||||
|
# Revert default EdDSA key types -- they do not work in FIPS Mode
|
||||||
|
Patch34: gnupg-2.4.5-revert-default-eddsa.patch
|
||||||
|
|
||||||
URL: https://www.gnupg.org/
|
URL: https://www.gnupg.org/
|
||||||
|
|
||||||
@ -121,6 +123,7 @@ to the base GnuPG package
|
|||||||
%patch 30 -p1 -b .coverity
|
%patch 30 -p1 -b .coverity
|
||||||
%patch 31 -p1 -b .revert-rfc4880bis
|
%patch 31 -p1 -b .revert-rfc4880bis
|
||||||
%patch 33 -p1 -b .restore-systemd-sockets
|
%patch 33 -p1 -b .restore-systemd-sockets
|
||||||
|
%patch 34 -p1 -R -b .eddsa
|
||||||
|
|
||||||
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
|
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
|
||||||
# Note: this is just the name of the default shared lib to load in scdaemon,
|
# Note: this is just the name of the default shared lib to load in scdaemon,
|
||||||
@ -153,6 +156,9 @@ mkdir -p $HOME/.gnupg
|
|||||||
# gpgconf.conf
|
# gpgconf.conf
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/gnupg
|
mkdir -p %{buildroot}%{_sysconfdir}/gnupg
|
||||||
touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf
|
touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/profile.d
|
||||||
|
echo "export GPG_TTY=\$(tty)" > %{buildroot}%{_sysconfdir}/profile.d/gnupg2.sh
|
||||||
|
echo "setenv GPG_TTY \`tty\`" > %{buildroot}%{_sysconfdir}/profile.d/gnupg2.csh
|
||||||
|
|
||||||
# more docs
|
# more docs
|
||||||
install -m644 -p AUTHORS NEWS THANKS TODO \
|
install -m644 -p AUTHORS NEWS THANKS TODO \
|
||||||
@ -188,6 +194,8 @@ make -k check
|
|||||||
%{_pkgdocdir}
|
%{_pkgdocdir}
|
||||||
%dir %{_sysconfdir}/gnupg
|
%dir %{_sysconfdir}/gnupg
|
||||||
%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
|
%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
|
||||||
|
%{_sysconfdir}/profile.d/gnupg2.sh
|
||||||
|
%{_sysconfdir}/profile.d/gnupg2.csh
|
||||||
## docs say to install suid root, but fedora/rh security folk say not to
|
## docs say to install suid root, but fedora/rh security folk say not to
|
||||||
%{_bindir}/gpg2
|
%{_bindir}/gpg2
|
||||||
%{_bindir}/gpgv2
|
%{_bindir}/gpgv2
|
||||||
@ -206,7 +214,9 @@ make -k check
|
|||||||
%{_bindir}/gpgsplit
|
%{_bindir}/gpgsplit
|
||||||
%{_bindir}/watchgnupg
|
%{_bindir}/watchgnupg
|
||||||
%{_bindir}/gpg-wks-server
|
%{_bindir}/gpg-wks-server
|
||||||
%{_sbindir}/*
|
%{_sbindir}/addgnupghome
|
||||||
|
%{_sbindir}/applygnupgdefaults
|
||||||
|
%{_sbindir}/g13-syshelp
|
||||||
%{_datadir}/gnupg/
|
%{_datadir}/gnupg/
|
||||||
%{_libexecdir}/*
|
%{_libexecdir}/*
|
||||||
%{_infodir}/*.info*
|
%{_infodir}/*.info*
|
||||||
@ -221,6 +231,10 @@ make -k check
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 04 2024 Jakub Jelen <jjelen@redhat.com> - 2.4.5-1
|
||||||
|
- New upstream release (#2268461)
|
||||||
|
- Set GPG_TTY in profile.d (#2264985)
|
||||||
|
|
||||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.4.4-2
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.4.4-2
|
||||||
- Bump release for June 2024 mass rebuild
|
- Bump release for June 2024 mass rebuild
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (gnupg-2.4.4.tar.bz2) = 3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef
|
SHA512 (gnupg-2.4.5.tar.bz2) = 4d54744f09399c5899144d0cb5fdc2756e45b058db41b9ea9df3be03e80b914509e16ef35aa0248e7561185b80f7a5f9fd6afcab8ccff75ff82ed555448a38ff
|
||||||
SHA512 (gnupg-2.4.4.tar.bz2.sig) = 3ae7b6833576df851901a7619459b514bb82faeed350c864a57a782719d21f694d9ced5a3445c81dfa584a0302f87fedc660b08ea97bb8b861e76d7c5b46d07f
|
SHA512 (gnupg-2.4.5.tar.bz2.sig) = 53be0db371a98c930cbef9c844adcd06a8049d84dd71508f6f7427fc1736b374912c85ebf3a415748651260f65cf26f633697f4bdae2cc4a8d2c4b522db0bc71
|
||||||
|
Loading…
Reference in New Issue
Block a user