pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2007-01-15 23:15:33 +00:00 committed by Git OBS Bridge
parent 0ee86cb849
commit 0e9a3fd3dd
26 changed files with 425 additions and 3691 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
gnupg-1.9.18-tmpdir.diff Normal file
View File

@ -0,0 +1,43 @@
--- agent/gpg-agent.c
+++ agent/gpg-agent.c
@@ -789,6 +789,10 @@
int fd_ssh;
pid_t pid;
+ char *tmp1, *tmp;
+ char *tmp2 = "gpg-XXXXXX/S.gpg-agent";
+ size_t len;
+
/* Remove the DISPLAY variable so that a pinentry does not
default to a specific display. There is still a default
display when gpg-agent was started using --display or a
@@ -800,16 +804,26 @@
unsetenv ("DISPLAY");
#endif
+ if ((tmp1 = getenv("TMPDIR")) == NULL)
+ tmp1 = "/tmp";
+
+ len = strlen(tmp1) + strlen(tmp2) + 10;
+ tmp = malloc(len);
+
+ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2);
/* Create the sockets. */
socket_name = create_socket_name (standard_socket,
"S.gpg-agent",
- "/tmp/gpg-XXXXXX/S.gpg-agent");
- if (opt.ssh_support)
+ tmp);
+ if (opt.ssh_support) {
+ snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2);
socket_name_ssh = create_socket_name (standard_socket,
"S.gpg-agent.ssh",
- "/tmp/gpg-XXXXXX/S.gpg-agent.ssh");
+ tmp);
+ }
+ free(tmp);
fd = create_server_socket (standard_socket, socket_name);
if (opt.ssh_support)
fd_ssh = create_server_socket (standard_socket, socket_name_ssh);

42
gnupg-1.9.22-ccid-driver-fix.diff Normal file
View File

@ -0,0 +1,42 @@
Index: scd/ccid-driver.c
===================================================================
--- scd/ccid-driver.c.orig
+++ scd/ccid-driver.c
@@ -75,8 +75,6 @@
# include <config.h>
#endif
-#if defined(HAVE_LIBUSB) || defined(TEST)
-
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -91,7 +89,14 @@
#include "ccid-driver.h"
#define DRVNAME "ccid-driver: "
-
+static int debug_level; /* Flag to control the debug output.
+ 0 = No debugging
+ 1 = USB I/O info
+ 2 = T=1 protocol tracing
+ */
+
+#if defined(HAVE_LIBUSB) || defined(TEST)
+#include <usb.h>
/* Depending on how this source is used we either define our error
output to go to stderr or to the jnlib based logging functions. We
@@ -250,11 +255,7 @@ struct ccid_driver_s
static int initialized_usb; /* Tracks whether USB has been initialized. */
-static int debug_level; /* Flag to control the debug output.
- 0 = No debugging
- 1 = USB I/O info
- 2 = T=1 protocol tracing
- */
+
static unsigned int compute_edc (const unsigned char *data, size_t datalen,

66
gnupg-1.9.22-warnings-fix.diff Normal file
View File

@ -0,0 +1,66 @@
Index: agent/gpg-agent.c
===================================================================
--- agent/gpg-agent.c.orig
+++ agent/gpg-agent.c
@@ -1621,7 +1621,7 @@ check_for_running_agent (int mode)
int rc;
char *infostr, *p;
assuan_context_t ctx;
- int prot, pid;
+ int prot=0, pid=0;
if (!mode)
{
Index: g10/pubkey-enc.c
===================================================================
--- g10/pubkey-enc.c.orig
+++ g10/pubkey-enc.c
@@ -154,7 +154,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, P
int rc;
gcry_mpi_t plain_dek = NULL;
byte *frame = NULL;
- unsigned n, nframe;
+ size_t n, nframe;
u16 csum, csum2;
int card = 0;
@@ -166,7 +166,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, P
size_t rbuflen;
char *snbuf;
unsigned char *indata = NULL;
- unsigned int indatalen;
+ size_t int indatalen;
snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
Index: g10/seckey-cert.c
===================================================================
--- g10/seckey-cert.c.orig
+++ g10/seckey-cert.c
@@ -107,7 +107,7 @@ do_check( PKT_secret_key *sk, const char
csum = 0;
if( sk->version >= 4 ) {
- int ndata;
+ size_t ndata;
unsigned int ndatabits;
byte *p, *data;
u16 csumc = 0;
@@ -337,7 +337,7 @@ protect_secret_key( PKT_secret_key *sk,
{
int i,j, rc = 0;
byte *buffer;
- unsigned nbytes;
+ size_t nbytes;
u16 csum;
if( !dek )
@@ -370,7 +370,7 @@ protect_secret_key( PKT_secret_key *sk,
gcry_cipher_setiv (cipher_hd, sk->protect.iv, sk->protect.ivlen);
if( sk->version >= 4 ) {
byte *bufarr[PUBKEY_MAX_NSKEY];
- unsigned narr[PUBKEY_MAX_NSKEY];
+ size_t narr[PUBKEY_MAX_NSKEY];
unsigned nbits[PUBKEY_MAX_NSKEY];
int ndata=0;
byte *p, *data;

3
gnupg-1.9.22.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2e4472e00c14c881ee1f93deddbe91d3c520311839f30d336ca48a51939e45cf
size 1908546

17
gnupg-2.0.9-langinfo.patch
View File

@ -1,17 +0,0 @@
# fix [bnc#305725] - non latin characters displayed incorrectly by pinentry
---
# jnlib/utf8conv.c | 1 +
# 1 file changed, 1 insertion(+)
#
Index: gnupg-2.1.0/common/utf8conv.c
===================================================================
--- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200
+++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100
@@ -198,6 +198,7 @@ set_native_charset (const char *newset)
#else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/
#ifdef HAVE_LANGINFO_CODESET
+ setlocale(LC_ALL, "");
newset = nl_langinfo (CODESET);
#else /*!HAVE_LANGINFO_CODESET*/
/* Try to get the used charset from environment variables. */

35
gnupg-2.2.16-secmem.patch
View File

@ -1,35 +0,0 @@
Index: gnupg-2.2.16/g10/gpg.c
===================================================================
--- gnupg-2.2.16.orig/g10/gpg.c
+++ gnupg-2.2.16/g10/gpg.c
@@ -973,7 +973,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);
@@ -1125,7 +1125,7 @@ build_list (const char *text, char lette
char *string;
if (maybe_setuid)
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
indent = utf8_charcount (text, -1);
len = 0;
Index: gnupg-2.2.16/sm/gpgsm.c
===================================================================
--- gnupg-2.2.16.orig/sm/gpgsm.c
+++ gnupg-2.2.16/sm/gpgsm.c
@@ -533,7 +533,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);

3
gnupg-2.4.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76b71e5aeb443bfd910ce9cbc8281b617c8341687afb67bae455877972b59de8
size 7341338

BIN
gnupg-2.4.1.tar.bz2.sig
View File

Binary file not shown.

33
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
View File

@ -1,33 +0,0 @@
From f361141a44365ff7db2d2cfbf118d5b54b52c3d5 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:43 +0200
Subject: [PATCH] gpg: accept subkeys with a good revocation but no self-sig
during import
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.
--
This fixes the remaining test in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/g10/import.c b/g10/import.c
index 2be214e63..ae2453803 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -3536,6 +3536,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
/* It's valid, so is it newer? */
if (sig->timestamp >= rsdate)
{
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
if (rsnode)
{
/* Delete the last revocation sig since

202
gnupg-add-test-cases-for-import-without-uid.patch
View File

@ -1,202 +0,0 @@
From 4c40bfa90bda748e5dada0bb1cc8fae14d744f07 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:41 +0200
Subject: [PATCH] tests: add test cases for import without uid
This commit adds a test case that does the following, in order:
- Import of a primary key plus user id
- Check that import of a subkey works, without a user id present in the
imported key
- Check that import of a subkey revocation works, without a user id or
subkey binding signature present in the imported key
- Check that import of a primary key revocation works, without a user id
present in the imported key
--
Note that this test currently fails. The following changesets will
fix gpg so that the tests pass.
GnuPG-Bug-id: 4393
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
tests/openpgp/Makefile.am | 1 +
tests/openpgp/import-incomplete.scm | 68 +++++++++++++++++++
.../import-incomplete/primary+revocation.asc | 9 +++
.../primary+subkey+sub-revocation.asc | 10 +++
.../primary+subkey+sub-sig.asc | 10 +++
.../import-incomplete/primary+uid-sig.asc | 10 +++
.../openpgp/import-incomplete/primary+uid.asc | 10 +++
7 files changed, 118 insertions(+)
create mode 100755 tests/openpgp/import-incomplete.scm
create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc
create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index e5be42b41..d886bc8f7 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -78,6 +78,7 @@ XTESTS = \
gpgv-forged-keyring.scm \
armor.scm \
import.scm \
+ import-incomplete.scm \
import-revocation-certificate.scm \
ecc.scm \
4gb-packet.scm \
diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm
new file mode 100755
index 000000000..727a027c6
--- /dev/null
+++ b/tests/openpgp/import-incomplete.scm
@@ -0,0 +1,68 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+(setup-environment)
+
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc")))
+
+(info "Test import of new subkey, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "sub:")
+ (string-contains? line "573EA710367356BB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
+(info "Test import of a subkey revocation, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "sub:r:")
+ (string-contains? line "573EA710367356BB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
+(info "Test import of revocation, from a certificate without uid")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc")))
+(tr:do
+ (tr:pipe-do
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+ (lambda (c)
+ ;; XXX we do not have a regexp library
+ (unless (any (lambda (line)
+ (and (string-prefix? line "pub:r:")
+ (string-contains? line "0843DA969AA8DAFB")))
+ (string-split-newlines c))
+ (exit 1)))))
+
diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc
new file mode 100644
index 000000000..6b7b60802
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [E] primary key, revocation signature over primary (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ==
+=tM90
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
new file mode 100644
index 000000000..83a51a549
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [D] primary key, subkey, subkey revocation (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ=
+=dwx2
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
new file mode 100644
index 000000000..dc47a02d8
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [B] primary key, subkey, subkey binding sig (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg=
+=xuDu
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc
new file mode 100644
index 000000000..134607d0e
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN
+9ohXOEBWvdJgVv2YAg==
+=KWIK
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc
new file mode 100644
index 000000000..055f30086
--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [A] primary key, user ID, and self-sig expiring in 2021
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs=
+=1eII
+-----END PGP PUBLIC KEY BLOCK-----

68
gnupg-add_legacy_FIPS_mode_option.patch
View File

@ -1,68 +0,0 @@
---
doc/gpg.texi | 18 ++++++++++++++++++
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
Index: gnupg-2.4.1/doc/gpg.texi
===================================================================
--- gnupg-2.4.1.orig/doc/gpg.texi
+++ gnupg-2.4.1/doc/gpg.texi
@@ -2285,6 +2285,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
+@item --set-legacy-fips
+@itemx --set-legacy-fips
+@opindex set-legacy-fips
+Enable legacy support even when the libgcrypt library is in FIPS 140-2
+mode. The legacy mode of libgcrypt allows the use of all ciphers,
+including non-approved ciphers. This mode is needed when for legacy
+reasons a message must be encrypted or decrypted. Legacy reasons for
+decryptions include the decryption of old messages created with a
+public key that use cipher settings which do not meet FIPS 140-2
+requirements. Legacy reasons for encryption include the encryption
+of messages with a recipients public key where the recipient is not
+bound to FIPS 140-2 regulation and therefore provided a key using
+non-approved ciphers. Although the legacy mode is a violation of strict
+FIPS 140-2 rule interpretations, it is wise to use this mode or
+either not being able to access old messages or not being able
+to create encrypted messages to a recipient that is not adhering
+to FIPS 140-2 rules.
+
@end table
Index: gnupg-2.4.1/g10/gpg.c
===================================================================
--- gnupg-2.4.1.orig/g10/gpg.c
+++ gnupg-2.4.1/g10/gpg.c
@@ -444,6 +444,7 @@ enum cmd_and_opt_values
oForceSignKey,
oForbidGenKey,
oRequireCompliance,
+ oSetLegacyFips,
oCompatibilityFlags,
oAddDesigRevoker,
oAssertSigner,
@@ -978,6 +979,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
ARGPARSE_group (302, N_(
@@ -3743,6 +3745,13 @@ main (int argc, char **argv)
add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
break;
+ case oSetLegacyFips:
+ if(gcry_fips_mode_active())
+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG,
+ "Enable legacy support in FIPS 140-2 mode");
+ else
+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
+ break;
case oNoop: break;

108
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
View File

@ -1,108 +0,0 @@
From a1db83d8a3308277f01b96833c13693bd7e13ff9 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:42 +0200
Subject: [PATCH] gpg: allow import of previously known keys, even without UIDs
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
has no user id, as long as we already have a local variant of the cert
that matches the primary key.
--
This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 49 +++++++++++--------------------------------------
1 file changed, 11 insertions(+), 38 deletions(-)
Index: gnupg-2.4.0/g10/import.c
===================================================================
--- gnupg-2.4.0.orig/g10/import.c
+++ gnupg-2.4.0/g10/import.c
@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
- int any_filter = 0;
KEYDB_HANDLE hd = NULL;
if (r_valid)
@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
-
- if (!uidnode)
- {
- if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
- return 0;
- }
-
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
}
}
- /* Delete invalid parts and bail out if there are no user ids left. */
- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
- {
- if (!silent)
- {
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet)
- log_info(_("this may be caused by a missing self-signature\n"));
- }
- stats->no_user_id++;
- return 0;
- }
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
- any_filter = 1;
}
if (import_filter.drop_sig)
{
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock);
- any_filter = 1;
- }
-
- /* If we ran any filter we need to check that at least one user id
- * is left in the keyring. Note that we do not use log_error in
- * this case. */
- if (any_filter && !any_uid_left (keyblock))
- {
- if (!opt.quiet )
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
- stats->no_user_id++;
- return 0;
}
/* The keyblock is valid and ready for real import. */
@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}
+ else if (err && !any_uid_left (keyblock))
+ {
+ if (!silent)
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
+ err = 0;
+ stats->no_user_id++;
+ }
else if (err) /* Insert this key. */
{
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */

13
gnupg-allow-large-rsa.patch
View File

@ -1,13 +0,0 @@
Index: gnupg-2.4.1/g10/keygen.c
===================================================================
--- gnupg-2.4.1.orig/g10/keygen.c
+++ gnupg-2.4.1/g10/keygen.c
@@ -2456,7 +2456,7 @@ get_keysize_range (int algo, unsigned in
default:
*min = opt.compliance == CO_DE_VS ? 2048: 1024;
- *max = 4096;
+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
def = 3072;
break;
}

18
gnupg-detect_FIPS_mode.patch
View File

@ -1,18 +0,0 @@
Index: gnupg-2.3.8/g10/mainproc.c
===================================================================
--- gnupg-2.3.8.orig/g10/mainproc.c
+++ gnupg-2.3.8/g10/mainproc.c
@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt )
according to 2440, so hopefully it won't come up that often.
There is no good way to specify what algorithms to use in
that case, so these there are the historical answer. */
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+ /* Libgcrypt manual says that gcry_version_check must be called
+ * before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ if(!gcry_fips_mode_active())
+ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160);
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
}
if (DBG_HASHING)

17
gnupg-dont-fail-with-seahorse-agent.patch
View File

@ -1,17 +0,0 @@
---
g10/passphrase.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: gnupg-2.3.0/g10/passphrase.c
===================================================================
--- gnupg-2.3.0.orig/g10/passphrase.c
+++ gnupg-2.3.0/g10/passphrase.c
@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac
}
else
{
- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc));
/* Due to limitations in the API of the upper layers they
consider an error as no passphrase entered. This works in
most cases but not during key creation where this should

35
gnupg-gpg-agent-ulimit.patch
View File

@ -1,35 +0,0 @@
gpg-agent is in the chain of commands in xinitrc.
It receives a list of commands via argv[] which it is supposed to launch via exec.
In this mode all what matters is a bunch of setenv() of gpg related variables.
At no point it must fiddle with ulimit that was provided by its callers.
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
gpg-agent does fork a child in this mode.
That child has the liberty to tweak ulimit in every way it wants.
This is what this patch does.
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
As a result, crashes of desktop applications can not be debugged.
References: bsc#1124847
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
- disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
/*
This is the child
*/
+ disable_core_dumps ();
initialize_modules ();

202
gnupg-revert-rfc4880bis.patch
View File

@ -1,202 +0,0 @@
From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 31 Oct 2022 16:14:18 +0100
Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
* g10/gpg.c (oRFC4880bis): Remove.
(opts): Make --rfc4880bis a Noop.
(compliance_options): Make rfc4880bis to gnupg.
(set_compliance_option): Remove rfc4880bis stuff.
(main): Ditto. Note that this now activates the --mimemode option.
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
(keygen_upd_std_prefs): Always announce support for v5 keys.
(read_parameter_file): Activate the v4 and v5 keywords.
--
Index: gnupg-2.4.1/g10/gpg.c
===================================================================
--- gnupg-2.4.1.orig/g10/gpg.c
+++ gnupg-2.4.1/g10/gpg.c
@@ -247,6 +247,7 @@ enum cmd_and_opt_values
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP7,
oPGP8,
@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
@@ -977,7 +979,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
{
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
- { "rfc4880bis", oGnuPG },
+ { "rfc4880bis", oRFC4880bis },
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
{ "pgp6", oPGP7 },
@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
static void
set_compliance_option (enum cmd_and_opt_values option)
{
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
+
switch (option)
{
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+ break;
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
break;
case oDE_VS:
@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
/* Check special options given on the command line. */
orig_argc = argc;
@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
case oOpenPGP:
case oRFC2440:
case oRFC4880:
+ case oRFC4880bis:
case oPGP7:
case oPGP8:
case oGnuPG:
@@ -3867,6 +3891,11 @@ main (int argc, char **argv)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (!opt.flags.rfc4880bis)
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
@@ -4083,7 +4112,7 @@ main (int argc, char **argv)
/* Check our chosen algorithms against the list of legal
algorithms. */
- if(!GNUPG)
+ if(!GNUPG && !opt.flags.rfc4880bis)
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
Index: gnupg-2.4.1/g10/keygen.c
===================================================================
--- gnupg-2.4.1.orig/g10/keygen.c
+++ gnupg-2.4.1/g10/keygen.c
@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
strcat(dummy_string,"S7 ");
strcat(dummy_string,"S2 "); /* 3DES */
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
strcat(dummy_string,"A2 ");
if (personal)
@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
/* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available);
add_feature_aead (sig, aead_available);
- add_feature_v5 (sig, 1);
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
add_keyserver_modify (sig,ks_modify);
keygen_add_keyserver_url(sig,NULL);
@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
}
}
else if (!ascii_strcasecmp (s, "v5"))
- keyversion = 5;
+ {
+ if (opt.flags.rfc4880bis)
+ keyversion = 5;
+ }
else if (!ascii_strcasecmp (s, "v4"))
keyversion = 4;
else
@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
* ecdsa := Use algorithm ECDSA.
* eddsa := Use algorithm EdDSA.
* ecdh := Use algorithm ECDH.
- * v5 := Create version 5 key
+ * v5 := Create version 5 key (requires option --rfc4880bis)
*
* There are several defaults and fallbacks depending on the
* algorithm. PART can be used to select which part of STRING is
@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
}
}
- if ((keywords[i].key == pVERSION
- || keywords[i].key == pSUBVERSION))
- ; /* Ignore version. */
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+ || keywords[i].key == pSUBVERSION))
+ ; /* Ignore version unless --rfc4880bis is active. */
else
{
r = xmalloc_clear( sizeof *r + strlen( value ) );
@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
para = r;
}
- r = xmalloc_clear (sizeof *r + 20);
- r->key = for_subkey? pSUBVERSION : pVERSION;
- snprintf (r->u.value, 20, "%d", version);
- r->next = para;
- para = r;
+ if (opt.flags.rfc4880bis)
+ {
+ r = xmalloc_clear (sizeof *r + 20);
+ r->key = for_subkey? pSUBVERSION : pVERSION;
+ snprintf (r->u.value, 20, "%d", version);
+ r->next = para;
+ para = r;
+ }
if (keytime)
{

43
gnupg-set_umask_before_open_outfile.patch
View File

@ -1,43 +0,0 @@
Index: gnupg-2.3.0/g10/plaintext.c
===================================================================
--- gnupg-2.3.0.orig/g10/plaintext.c
+++ gnupg-2.3.0/g10/plaintext.c
@@ -24,6 +24,7 @@
#include <string.h>
#include <errno.h>
#include <sys/types.h>
+#include <sys/stat.h>
#ifdef HAVE_DOSISH_SYSTEM
# include <fcntl.h> /* for setmode() */
#endif
@@ -38,6 +39,9 @@
#include "../common/status.h"
#include "../common/i18n.h"
+/* define safe permissions for creating plaintext files */
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
/* Get the output filename. On success, the actual filename that is
used is set in *FNAMEP and a filepointer is returned in *FP.
@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na
log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
- else if (!(fp = es_fopen (fname, "wb")))
- {
- err = gpg_error_from_syserror ();
- log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
- goto leave;
+ else {
+ mode_t saved_umask = umask(GPG_SAFE_UMASK);
+ if( !(fp = es_fopen(fname,"wb")) ) {
+ err = gpg_error_from_syserror ();
+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+ umask(saved_umask);
+ goto leave;
+ }
+ umask(saved_umask);
}
leave:

13
gpg2-1.9.22-CVE-2006-6169.diff Normal file
View File

@ -0,0 +1,13 @@
--- g10/openfile.c
+++ g10/openfile.c
@@ -144,8 +144,8 @@
s = _("Enter new filename");
- n = strlen(s) + namelen + 10;
defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+ n = strlen(s) + (defname?strlen (defname):0) + 10;
prompt = xmalloc(n);
if( defname )
sprintf(prompt, "%s [%s]: ", s, defname );

2571
gpg2.changes
View File

File diff suppressed because it is too large Load Diff

86
gpg2.keyring
View File

@ -1,86 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

348
gpg2.spec
View File

@ -1,201 +1,199 @@
#
# spec file for package gpg2
# spec file for package gpg2 (Version 1.9.22)
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: gpg2
Version: 2.4.1
Release: 0
Summary: File encryption, decryption, signature creation and verification utility
License: GPL-3.0-or-later
BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite
URL: http://www.gnupg.org/aegypten2/
License: GNU General Public License (GPL)
Group: Productivity/Networking/Security
URL: https://www.gnupg.org
Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2
Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
# https://www.gnupg.org/signature_key.html
Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring
Source4: scdaemon.udev
Source99: %{name}.changes
Patch1: gnupg-gpg-agent-ulimit.patch
Patch2: gnupg-2.0.9-langinfo.patch
Patch3: gnupg-dont-fail-with-seahorse-agent.patch
Patch4: gnupg-set_umask_before_open_outfile.patch
Patch5: gnupg-detect_FIPS_mode.patch
Patch6: gnupg-add_legacy_FIPS_mode_option.patch
Patch7: gnupg-2.2.16-secmem.patch
Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch9: gnupg-add-test-cases-for-import-without-uid.patch
Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set
Patch11: gnupg-allow-large-rsa.patch
#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
Patch12: gnupg-revert-rfc4880bis.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: libassuan-devel >= 2.5.0
BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libgpg-error-devel >= 1.46
BuildRequires: libksba-devel >= 1.6.3
BuildRequires: makeinfo
BuildRequires: npth-devel >= 1.2
BuildRequires: openldap2-devel
BuildRequires: pkgconfig
BuildRequires: readline-devel
BuildRequires: swtpm
BuildRequires: tpm2-0-tss-devel
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(gnutls) >= 3.0
BuildRequires: pkgconfig(libusb-1.0)
BuildRequires: pkgconfig(sqlite3) >= 3.27
BuildRequires: pkgconfig(zlib)
# runtime dependency to support devel repository users - boo#955982
Requires: libassuan0 >= 2.5.0
Requires: libgcrypt20 >= 1.9.1
Requires: libgpg-error >= 1.46
Requires: libksba >= 1.3.4
Requires: pinentry
Recommends: dirmngr = %{version}
Provides: gnupg = %{version}
Provides: gpg = 1.4.9
PreReq: %install_info_prereq
Autoreqprov: on
Requires: pinentry, dirmngr, gpg
Provides: newpg
Obsoletes: gpg < 1.4.9
Obsoletes: newpg
Summary: GnuPG 2
Version: 1.9.22
Release: 20
%define pthversion 2.0.7
Source: gnupg-%{version}.tar.bz2
Source1: pth-%{pthversion}.tar.bz2
%define nld_build 0
Patch2: nld-build.diff
Patch4: gnupg-1.9.22-warnings-fix.diff
Patch5: gnupg-1.9.22-ccid-driver-fix.diff
Patch6: gnupg-1.9.18-tmpdir.diff
Patch7: %{name}-%{version}-CVE-2006-6169.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
GnuPG is a hybrid-encryption software program; it uses a combination
of symmetric-key and public-key cryptography to encrypt/decrypt
messages and/or to sign and verify them.
GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM,
gpg-agent, and a keybox library.
gpg2 provides GPGSM, gpg-agent, and a keybox library.
%package -n dirmngr
Summary: Keyserver, CRL, and OCSP access for GnuPG
Group: Productivity/Networking/Security
%description -n dirmngr
Since version 2.1 of GnuPG, dirmngr takes care of accessing the OpenPGP
keyservers. As with previous versions it is also used as a server for managing
and downloading certificate
revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates,
and providing access to OCSP providers. Dirmngr is invoked internally by gpg,
gpgsm, or via the gpg-connect-agent tool.
%package tpm
Summary: TPM2 support for GnuPG
Group: Productivity/Networking/Security
%description tpm
Version 2.3 of GnuPG introduced support for converting GPG private
keys to TPM2 wrapped form. This package enables that support. The
keytotpm command will not function unless this package is installed.
%lang_package
Authors:
--------
Werner Koch <wk@gnupg.org>
Neal H. Walfield <neal@g10code.de>
%prep
%autosetup -p1 -n gnupg-%{version}
# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch
# to not have man pages and info files have the build date (boo#1047218)
touch -d 2018-05-04 doc/gpg.texi
%setup -q -n gnupg-%{version} -b 1
%if %nld_build
%patch2
%endif
%patch4
%patch5
%patch6
%patch7
%build
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
%configure \
--libexecdir=%{_libdir} \
--docdir=%{_docdir}/%{name} \
--with-agent-pgm=%{_bindir}/gpg-agent \
--with-pinentry-pgm=%{_bindir}/pinentry \
--with-dirmngr-pgm=%{_bindir}/dirmngr \
--with-scdaemon-pgm=%{_bindir}/scdaemon \
--with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \
--disable-rpath \
--enable-ldap \
--enable-gpgsm=yes \
--enable-gpgtar \
--enable-g13 \
--enable-large-secmem \
--enable-wks-tools \
--with-gnu-ld \
--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
--with-tss=intel \
--enable-all-tests \
--enable-build-timestamp=${date} \
--enable-gpg-is-gpg2
%make_build
export CFLAGS="$RPM_OPT_FLAGS"
cd ../pth-%pthversion
./configure --disable-shared
make
make test
cd -
# opensc should be added to neededforbuild, but the support
# in gpg2 is broken atm.
export CFLAGS="$RPM_OPT_FLAGS -I$PWD/../pth-%pthversion"
export LDFLAGS="-L$PWD/../pth-%pthversion/.libs"
export PATH="$PWD/../pth-%pthversion/:$PATH"
autoreconf -fi
./configure \
--prefix=%{_prefix} \
--sysconfdir=/etc \
--libdir=%{_libdir} \
--infodir=%{_infodir} \
--with-agent-pgm=%{_prefix}/bin/gpg-agent \
--with-pinentry-pgm=%{_prefix}/bin/pinentry \
--with-dirmngr-pgm=%{_prefix}/bin/dirmngr \
--enable-ldap \
--enable-external-hkp \
--enable-shared \
--enable-gpgsm=yes \
--enable-gpg \
--enable-static-rnd=linux \
--with-gnu-ld \
--mandir=%{_mandir} \
--libexecdir=%{_libdir} \
--program-prefix="" %{_target_cpu}-suse-linux \
--with-scdaemon-pgm=%{_prefix}/bin/scdaemon
make
%install
%make_install
mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
# install gpgconf.conf bnc#391347
install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
# delete to prevent fdupes from creating cross-partition hardlink
rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
# remove info dir
rm %{buildroot}%{_infodir}/dir
# compat symlinks
ln -sf gpg2 %{buildroot}%{_bindir}/gpg
ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
# fix rpmlint invalid-lc-messages-dir:
rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
# install scdaemon to %%{_bindir} (bnc#863645)
mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
# install tpm2daemon
mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
# install udev rules for scdaemon
install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
%find_lang gnupg2
%fdupes -s %{buildroot}
%check
%make_build check || :
make DESTDIR=$RPM_BUILD_ROOT install
rm $RPM_BUILD_ROOT/usr/share/info/dir
%post
%udev_rules_update
%install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz
%files lang -f gnupg2.lang
%postun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz
%files
%license COPYING*
%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
%{_infodir}/gnupg*
%exclude %{_mandir}/*/dirmngr*%{ext_man}
%{_mandir}/*/*%{ext_man}
%doc %{_docdir}/%{name}
%exclude %{_bindir}/dirmngr*
%exclude %{_bindir}/tpm2daemon*
%{_bindir}/*
%{_libdir}/[^d]*
%{_sbindir}/addgnupghome
%{_sbindir}/applygnupgdefaults
%{_sbindir}/g13-syshelp
%{_udevrulesdir}/60-scdaemon.rules
%{_datadir}/gnupg
%dir %{_sysconfdir}/gnupg
%config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
%defattr(-,root,root)
%doc ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO VERSION
%doc %_infodir/gnupg*
/usr/bin/*
%{_libdir}/gnupg
%{_libdir}/gpg-protect-tool
%{_libdir}/gpg-preset-passphrase
/usr/sbin/addgnupghome
/usr/share/locale/de/LC_MESSAGES/gnupg2.mo
/usr/share/gnupg
%files -n dirmngr
%license COPYING*
%{_mandir}/*/dirmngr*%{ext_man}
%{_bindir}/dirmngr*
%files tpm
%{_bindir}/tpm2daemon*
%changelog
%changelog -n gpg2
* Thu Nov 30 2006 - anicka@suse.cz
- fix overflow in openfile.c (CVE-2006-6169, #224108)
* Mon Sep 11 2006 - pnemec@suse.cz
- updated gnupg to new version 1.9.22
Enhanced pkcs#12 support
Support for the CardMan 4040 PCMCIA
Collected bug fixes
- updated pth library to 2.0.7
- changed using pinetry-qt to pinentry
- removed -cfb.diff -signature.patch -cap_large_uid.patch patches
they are no longer needed
- change patch -warnings-fix.diff -ccid-driver-fix.diff
* Thu Aug 17 2006 - pnemec@suse.de
- remove unused package in build requires
* Wed Aug 09 2006 - pnemec@suse.cz
- fix spec file to build with new gettext 0.15
* Mon Aug 07 2006 - pnemec@suse.cz
- fixed security fix with large uid CVE-2006-3746 [#195569]
* Thu Feb 23 2006 - pnemec@suse.cz
- fixed signature security problem CVE-2006-0455 (bugzilla#150742)
* Thu Feb 02 2006 - pnemec@suse.cz
- fixed install info in spec file
* Thu Jan 26 2006 - sbrabec@suse.cz
- Added missing %%install_info.
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Aug 05 2005 - postadal@suse.cz
- updated to version to 1.9.18
- removed obsoleted gcc patch
- added patch tmpdir.diff for using $TMPDIR by gpg-agent [#bug95732]
* Tue Jul 12 2005 - postadal@suse.cz
- updated to version to 1.9.17
- updated pth to version 2.0.4
- removed obsoleted patch agent-cache-fix.diff
- fixed ccid-driver.c
- fixed gcc4
- explicitly enabled gpg building in configure
* Thu Mar 24 2005 - postadal@suse.cz
- fixed caching passphrase in gpg-agent [#71975]
* Tue Mar 22 2005 - postadal@suse.cz
- fixed on 64bit archs [#72440]
* Wed Feb 23 2005 - postadal@suse.cz
- security fix for cfb-cipher issue [#65862]
* Wed Jan 12 2005 - postadal@suse.cz
- update to version 1.9.14
- removed obsoleted patch automake-fixes.diff
* Tue Sep 28 2004 - adrian@suse.de
- link against libpth staticaly to make S/MIME support in kmail
usable. Hopefully we can convert this to a native thread implementation
later. (#46260)
* Sat Jul 31 2004 - adrian@suse.de
- update to version 1.9.10
* Tue Jul 20 2004 - adrian@suse.de
- remove openct and opensc packages from nfb
(we will need thread support, when enabling card reader support,
but it isn't anyway implemented yet in gpg2)
* Mon Jul 12 2004 - adrian@suse.de
- use GnuPG 2 sources version 1.9.9
- opensc support misses some functions atm, support disabled for now
- threading is disabled, since we do not have a pth package for now
- prepare for nld
* Thu Feb 26 2004 - postadal@suse.cz
- adapted some functions to the libgcrypt version 1.1.91 [#34987]
- added libgpg-error to needforbuild flag
* Wed Feb 18 2004 - kukuk@suse.de
- Don't build against libpth.
* Tue Feb 10 2004 - postadal@suse.cz
- fixed code that broke strict aliasing
* Fri Dec 05 2003 - garloff@suse.de
- disable core dumpe in child after forking. [#33499]
* Mon Aug 11 2003 - adrian@suse.de
- cleanup #neededforbuild and requires
* Mon Aug 04 2003 - ro@suse.de
- added openct to neededforbuild
* Fri Jul 18 2003 - mc@suse.de
- build against opensc
* Thu Jun 19 2003 - schwab@suse.de
- Add %%install_info.
* Mon Mar 17 2003 - adrian@suse.de
- add signal handler to check if the parent is still alive and
exit if not
- use pinentry-qt by default (/usr/bin/pinentry do not exist)
* Tue Feb 11 2003 - mc@suse.de
- initial release

82
nld-build.diff Normal file
View File

@ -0,0 +1,82 @@
--- agent/Makefile.am
+++ agent/Makefile.am
@@ -46,7 +46,7 @@
gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \
- -lgpg-error @LIBINTL@
+ -lgpg-error-nld @LIBINTL@
gpg_protect_tool_SOURCES = \
protect-tool.c \
@@ -55,7 +55,7 @@
gpg_protect_tool_LDADD = ../common/libsimple-pwquery.a \
../jnlib/libjnlib.a ../common/libcommon.a \
- $(LIBGCRYPT_LIBS) -lgpg-error @LIBINTL@
+ $(LIBGCRYPT_LIBS) -lgpg-error-nld @LIBINTL@
if HAVE_W32_SYSTEM
gpg_protect_tool_LDADD += -lwsock32
endif
@@ -65,7 +65,7 @@
gpg_preset_passphrase_LDADD = ../common/libsimple-pwquery.a \
../jnlib/libjnlib.a ../common/libcommon.a \
- $(LIBGCRYPT_LIBS) -lgpg-error @LIBINTL@
+ $(LIBGCRYPT_LIBS) -lgpg-error-nld @LIBINTL@
if HAVE_W32_SYSTEM
gpg_preset_passphrase_LDADD += -lwsock32
endif
--- g10/Makefile.am
+++ g10/Makefile.am
@@ -109,8 +109,8 @@
# $(common_source)
LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @W32LIBS@
-gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
-gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
+gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error-nld
+gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error-nld
$(PROGRAMS): $(needed_libs)
--- kbx/Makefile.am
+++ kbx/Makefile.am
@@ -46,5 +46,5 @@
# Note that libcommon is only required to resolve the LIBOBJS.
kbxutil_SOURCES = kbxutil.c $(common_sources)
kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
- -lgpg-error $(LIBINTL) ../common/libcommon.a
+ -lgpg-error-nld $(LIBINTL) ../common/libcommon.a
--- scd/Makefile.am
+++ scd/Makefile.am
@@ -54,7 +54,7 @@
scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(pth_libs) $(LIBASSUAN_LIBS) \
- $(LIBUSB_LIBS) $(OPENSC_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS)
+ $(LIBUSB_LIBS) $(OPENSC_LIBS) -lgpg-error-nld $(LIBINTL) $(DL_LIBS)
sc_copykeys_SOURCES = \
sc-copykeys.c scdaemon.h \
@@ -70,7 +70,7 @@
../common/libsimple-pwquery.a \
$(LIBGCRYPT_LIBS) $(pth_libs) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
$(LIBUSB_LIBS) $(OPENSC_LIBS) \
- -lgpg-error @LIBINTL@ @DL_LIBS@
+ -lgpg-error-nld @LIBINTL@ @DL_LIBS@
pcsc_wrapper_SOURCES = pcsc-wrapper.c
pcsc_wrapper_LDADD = $(DL_LIBS)
--- sm/Makefile.am
+++ sm/Makefile.am
@@ -53,7 +53,7 @@
gpgsm_LDADD = ../jnlib/libjnlib.a ../kbx/libkeybox.a \
../common/libcommon.a \
- $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error \
+ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error-nld \
$(LIBINTL)

3
pth-2.0.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:075705004ec9a6b19fe8b00af4f2c45ec2a0008d78cedea571265d0b544c7a90
size 507473

0
ready Normal file
View File

65
scdaemon.udev
View File

@ -1,65 +0,0 @@
# do not edit this file, it will be overwritten on update
SUBSYSTEM!="usb", GOTO="gnupg_rules_end"
ACTION!="add", GOTO="gnupg_rules_end"
# USB SmartCard Readers
## Cherry GmbH (XX33, ST2000)
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532)
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Omnikey AG (CardMan 3821, CardMan 6121)
SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Gemalto
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Reiner (SCT cyberJack)
SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Kobil (KAAN)
SUBSYSTEM=="usb", ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## VASCO (DIGIPASS 920)
SUBSYSTEM=="usb", ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Crypto Stick
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Nitrokey
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Gnuk Token
SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Alcor Micro Corp cardreader (in ThinkPad X250)
SUBSYSTEM=="usb", ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Fujitsu Siemens
SUBSYSTEM=="usb", ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Yubico
# Yubikey NEO OTP+CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey NEO CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0112", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey NEO U2F+CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey NEO OTP+U2F+CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey 4 CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0404", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey 4 OTP+CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey 4 U2F+CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
# Yubikey 4 OTP+U2F+CCID
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Trustica Cryptoucan
SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", ATTR{idProduct}=="81e6", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
LABEL="gnupg_rules_end"