From 974f2ce0957739197174e9f2a56901169e26054cf95690af2a870e52b4cd8ff9 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Mon, 29 Dec 2014 06:05:14 +0000 Subject: [PATCH] Accepting request 266475 from home:AndreasStieger:branches:Base:System gnupg 2.1.1 OBS-URL: https://build.opensuse.org/request/show/266475 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=90 --- gnupg-2.0.18-files-are-digests.patch | 44 +++++----- gnupg-2.0.4-install_tools.diff | 6 +- ...8-openpgp_oid_to_str-buffer-overflow.patch | 77 ------------------ gnupg-2.1.0.tar.bz2 | 3 - gnupg-2.1.0.tar.bz2.sig | Bin 861 -> 0 bytes gnupg-2.1.1.tar.bz2 | 3 + gnupg-2.1.1.tar.bz2.sig | Bin 0 -> 574 bytes gnupg-add_legacy_FIPS_mode_option.patch | 26 +++--- gnupg-detect_FIPS_mode.patch | 32 ++++---- gpg2.changes | 36 ++++++++ gpg2.spec | 6 +- 11 files changed, 93 insertions(+), 140 deletions(-) delete mode 100644 gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch delete mode 100644 gnupg-2.1.0.tar.bz2 delete mode 100644 gnupg-2.1.0.tar.bz2.sig create mode 100644 gnupg-2.1.1.tar.bz2 create mode 100644 gnupg-2.1.1.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 15e5153..939a1e3 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,10 +4,10 @@ g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 66 insertions(+), 5 deletions(-) -Index: gnupg-2.1.0/g10/gpg.c +Index: gnupg-2.1.1/g10/gpg.c =================================================================== ---- gnupg-2.1.0.orig/g10/gpg.c 2014-11-07 11:35:21.599605797 +0100 -+++ gnupg-2.1.0/g10/gpg.c 2014-11-07 16:50:14.742067262 +0100 +--- gnupg-2.1.1.orig/g10/gpg.c ++++ gnupg-2.1.1/g10/gpg.c @@ -349,6 +349,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, @@ -16,7 +16,7 @@ Index: gnupg-2.1.0/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -733,6 +734,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.0/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2126,6 +2128,7 @@ main (int argc, char **argv) +@@ -2125,6 +2127,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; set_homedir (default_homedir ()); opt.passphrase_repeat = 1; @@ -40,11 +40,11 @@ Index: gnupg-2.1.0/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.0/g10/options.h +Index: gnupg-2.1.1/g10/options.h =================================================================== ---- gnupg-2.1.0.orig/g10/options.h 2014-11-07 11:35:21.599605797 +0100 -+++ gnupg-2.1.0/g10/options.h 2014-11-07 16:49:59.770885017 +0100 -@@ -193,6 +193,7 @@ struct +--- gnupg-2.1.1.orig/g10/options.h ++++ gnupg-2.1.1/g10/options.h +@@ -192,6 +192,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,13 +52,13 @@ Index: gnupg-2.1.0/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.0/g10/sign.c +Index: gnupg-2.1.1/g10/sign.c =================================================================== ---- gnupg-2.1.0.orig/g10/sign.c 2014-11-07 11:35:21.599605797 +0100 -+++ gnupg-2.1.0/g10/sign.c 2014-11-07 17:13:40.128218081 +0100 -@@ -703,8 +703,12 @@ write_signature_packets (SK_LIST sk_list - build_sig_subpkt_from_sig (sig); - mk_notation_policy_etc (sig, pk, NULL); +--- gnupg-2.1.1.orig/g10/sign.c ++++ gnupg-2.1.1/g10/sign.c +@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list + mk_notation_policy_etc (sig, NULL, pk); + } + if (!opt.files_are_digests) { hash_sigversion_to_magic (md, sig); @@ -69,7 +69,7 @@ Index: gnupg-2.1.0/g10/sign.c rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -762,6 +766,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -78,7 +78,7 @@ Index: gnupg-2.1.0/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -778,7 +784,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -96,7 +96,7 @@ Index: gnupg-2.1.0/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -799,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -105,7 +105,7 @@ Index: gnupg-2.1.0/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -938,7 +953,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -114,7 +114,7 @@ Index: gnupg-2.1.0/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -993,6 +1008,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -123,7 +123,7 @@ Index: gnupg-2.1.0/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1033,6 +1050,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) putc( '\n', stderr ); } @@ -169,7 +169,7 @@ Index: gnupg-2.1.0/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1050,8 +1106,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index 218de8e..05f0031 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,7 +1,7 @@ Index: tools/Makefile.am =================================================================== ---- tools/Makefile.am.orig 2014-11-06 18:12:17.743916141 +0100 -+++ tools/Makefile.am 2014-11-06 18:13:17.073677366 +0100 +--- tools/Makefile.am.orig ++++ tools/Makefile.am @@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde bin_SCRIPTS = gpgsm-gencert.sh @@ -30,4 +30,4 @@ Index: tools/Makefile.am +noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert endif - common_libs = $(libcommon) ../gl/libgnu.a + common_libs = $(libcommon) diff --git a/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch b/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch deleted file mode 100644 index 9a46d79..0000000 --- a/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Werner Koch -Date: Tue, 25 Nov 2014 11:58:56 +0100 -Subject: [PATCH] Fix buffer overflow in openpgp_oid_to_str. -References: boo#907198 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da -Upstream: committed - -* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. - -* common/t-openpgp-oid.c (BADOID): New. -(test_openpgp_oid_to_str): Add test cases. --- - -The code has an obvious error by not considering invalid encoding for -arc-2. A first byte of 0x80 can be used to make a value of less then -80 and we then subtract 80 from that value as required by the OID -encoding rules. Due to the unsigned integer this results in a pretty -long value which won't fit anymore into the allocated buffer. - -The fix is obvious. Also added a few simple test cases. Note that we -keep on using sprintf instead of snprintf because managing the -remaining length of the buffer would probably be more error prone than -assuring that the buffer is large enough. Getting rid of sprintf -altogether by using direct conversion along with membuf_t like code -might be possible. - -Reported-by: Hanno Böck -Signed-off-by: Werner Koch - -Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 ---- - common/openpgp-oid.c | 2 ++ - common/t-openpgp-oid.c | 9 +++++++++ - 2 files changed, 11 insertions(+) - -diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c -index 010c23f..d3d1f2a 100644 ---- a/common/openpgp-oid.c -+++ b/common/openpgp-oid.c -@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a) - val <<= 7; - val |= buf[n] & 0x7f; - } -+ if (val < 80) -+ goto badoid; - val -= 80; - sprintf (p, "2.%lu", val); - p += strlen (p); -diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c -index 79e5a70..5cd778d 100644 ---- a/common/t-openpgp-oid.c -+++ b/common/t-openpgp-oid.c -@@ -32,6 +32,9 @@ - } while(0) - - -+#define BADOID "1.3.6.1.4.1.11591.2.12242973" -+ -+ - static void - test_openpgp_oid_from_str (void) - { -@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void) - { "1.3.132.0.35", - { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }}, - -+ { BADOID, -+ { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }}, -+ -+ { BADOID, -+ { 1, 0x80 }}, -+ - { NULL }}; - gcry_mpi_t a; - int idx; --- -1.7.10.4 - diff --git a/gnupg-2.1.0.tar.bz2 b/gnupg-2.1.0.tar.bz2 deleted file mode 100644 index 510940c..0000000 --- a/gnupg-2.1.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:16a8c3f50a15bf37d2dfb1c5e4bb3ec533e1d0b6a4043ff3680a376a3ad4058b -size 3111585 diff --git a/gnupg-2.1.0.tar.bz2.sig b/gnupg-2.1.0.tar.bz2.sig deleted file mode 100644 index 48b9d857fe4238792ee08ed5820a51bf116213e86b22f21dc55eedf3feddb5b3..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 861 zcmV-j1ETzi0UQJX0SEvF1p-uBMcV)h2@oWkInqxhnr-=OX@$|FC!e#X&6>73>y_MBSYk7e|1MCH1T zi9wR;_OTQQnq5(!bBp637qnc@$9q>=YoKmCMz7fDE7J!31y>EtP4zr2QVWZi9%~?Pqw!)R4aCz=(!l)<3IPqHOV1-* za)C)gGjw+;3bIFQNVl|;sGg}pUbI6oV;F~MLcBA(IRapmJ=qN+|B2v01`U!P~CXt@ce_L zYohWT+=^Q^FQo){C}+&LQdu~zT~VI{3=`i6>6tH@?LF-hhQUe9=_=&wo89o|eIf7e zM4pXgj$mm%iHQLm1ONdD00spDR9iW00162ZAaSsYGrd0sN{Cw7xu zG$sGgSLuGc9(SL>)s&JgvnRMY(h2!Mdsrd_H{^IpKg!#TFo6$ml`PQ>+bTxlcp6*x zxNoHCC7Ctcom%7##)s-3%!?(b&jToe5_=Cu2-kx%Bzs9Q`k&UX>2d;)!}arcc)&?B z>KaA+Tnq%Vyno|bIl`Dl-)jK6AAT%yBWMW`B?MyYN0n{#Bk)A9uozAAteX7+uq&1| n2F#pgpLH>iWLOBUjQRRz$u>5qaeUC`^}Z diff --git a/gnupg-2.1.1.tar.bz2 b/gnupg-2.1.1.tar.bz2 new file mode 100644 index 0000000..e165c4d --- /dev/null +++ b/gnupg-2.1.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:70ecd01d2875db62624c911c2fd815742f50aef5492698eb3bfc09a08690ce49 +size 4801472 diff --git a/gnupg-2.1.1.tar.bz2.sig b/gnupg-2.1.1.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..83cbbfc504f57ade3dd20fd845040f6606dda91beb6940b426c576541604d911 GIT binary patch literal 574 zcmV-E0>S->0UQJX0SEvF1p-u%PniG;2@oWkInqxh zJ03Y;ttz!nQUDqDB8rI%A@&6hTK`HuP6L@5E$vb$KiR6L{j_5d=9G`g$#(EOHIomDVvTzH zt-7XfF$b)-qXH8X8FmOIK!#8&og}LG2&p5~ZqxrFsqS|&rgPjnvySep17fHdcwufu zXT}5N%#@J5@1rC!fm7Us&I1N-dPq>?uT><^=M;_l-G2tEImjyR%xgv6aoxQ4_?5Ut M8pGsj$0{e+!Z(}=-2eap literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 2b53225..80c29ff 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.0/doc/gpg.texi +Index: gnupg-2.1.1/doc/gpg.texi =================================================================== ---- gnupg-2.1.0.orig/doc/gpg.texi 2014-11-06 18:31:32.218688065 +0100 -+++ gnupg-2.1.0/doc/gpg.texi 2014-11-06 18:31:33.871709178 +0100 -@@ -1828,6 +1828,24 @@ implies, this option is for experts only +--- gnupg-2.1.1.orig/doc/gpg.texi ++++ gnupg-2.1.1/doc/gpg.texi +@@ -1842,6 +1842,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.0/doc/gpg.texi @end table -Index: gnupg-2.1.0/g10/gpg.c +Index: gnupg-2.1.1/g10/gpg.c =================================================================== ---- gnupg-2.1.0.orig/g10/gpg.c 2014-11-06 18:31:32.220688090 +0100 -+++ gnupg-2.1.0/g10/gpg.c 2014-11-06 18:32:03.833091859 +0100 -@@ -380,6 +380,7 @@ enum cmd_and_opt_values - oNoAllowMultipleMessages, +--- gnupg-2.1.1.orig/g10/gpg.c ++++ gnupg-2.1.1/g10/gpg.c +@@ -381,6 +381,7 @@ enum cmd_and_opt_values oAllowWeakDigestAlgos, oFakedSystemTime, + oNoAutostart, + oSetLegacyFips, oNoop }; -@@ -772,6 +773,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -769,6 +770,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,9 +52,9 @@ Index: gnupg-2.1.0/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3138,6 +3140,13 @@ main (int argc, char **argv) - } - break; +@@ -3134,6 +3136,13 @@ main (int argc, char **argv) + + case oNoAutostart: opt.autostart = 0; break; + case oSetLegacyFips: + if(gcry_fips_mode_active()) diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch index efacf41..81aa96b 100644 --- a/gnupg-detect_FIPS_mode.patch +++ b/gnupg-detect_FIPS_mode.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.0/g10/encrypt.c +Index: gnupg-2.1.1/g10/encrypt.c =================================================================== ---- gnupg-2.1.0.orig/g10/encrypt.c 2014-11-06 18:27:35.176659675 +0100 -+++ gnupg-2.1.0/g10/encrypt.c 2014-11-06 18:29:10.987883901 +0100 +--- gnupg-2.1.1.orig/g10/encrypt.c ++++ gnupg-2.1.1/g10/encrypt.c @@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro /* Because 3DES is implicitly in the prefs, this can only happen if we do not have any public keys in @@ -14,25 +14,21 @@ Index: gnupg-2.1.0/g10/encrypt.c } /* In case 3DES has been selected, print a warning if -Index: gnupg-2.1.0/g10/mainproc.c +Index: gnupg-2.1.1/g10/mainproc.c =================================================================== ---- gnupg-2.1.0.orig/g10/mainproc.c 2014-11-06 18:27:33.243634973 +0100 -+++ gnupg-2.1.0/g10/mainproc.c 2014-11-06 18:27:35.178659700 +0100 -@@ -690,9 +690,15 @@ proc_plaintext( CTX c, PACKET *pkt ) - often. There is no good way to specify what algorithms to - use in that case, so these three are the historical - answer. */ -- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); +--- gnupg-2.1.1.orig/g10/mainproc.c ++++ gnupg-2.1.1/g10/mainproc.c +@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt ) + according to 2440, so hopefully it won't come up that often. + There is no good way to specify what algorithms to use in + that case, so these there are the historical answer. */ +- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + + /* Libgcrypt manual says that gcry_version_check must be called + before calling gcry_fips_mode_active. */ + gcry_check_version (NULL); + if( !gcry_fips_mode_active() ) + gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); -- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); -+ if( !gcry_fips_mode_active() ) -+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); - } - if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify - && opt.flags.allow_weak_digest_algos) { + gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); + } + if (DBG_HASHING) diff --git a/gpg2.changes b/gpg2.changes index a988a0f..a772267 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Fri Dec 26 21:15:55 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.1.1: + * gpg: Detect faulty use of --verify on detached signatures. + * gpg: New import option "keep-ownertrust". + * gpg: New sub-command "factory-reset" for --card-edit. + * gpg: A stub key for smartcards is now created by --card-status. + * gpg: Fixed regression in --refresh-keys. + * gpg: Fixed regresion in %g and %p codes for --sig-notation. + * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. + * gpg: Improved perceived speed of secret key listisngs. + * gpg: Print number of skipped PGP-2 keys on import. + * gpg: Removed the option aliases --throw-keyid and --notation-data; + use --throw-keyids and --set-notation instead. + * gpg: New import option "keep-ownertrust". + * gpg: Skip too large keys during import. + * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or + dirmngr. + * gpg-agent: New option --extra-socket to provide a restricted + command set for use with remote clients. + * gpgconf --kill does not anymore start a service only to kill it. + * gpg-pconnect-agent: Add convenience option --uiserver. + * More translations (but most of them are not complete). + * To support remotely mounted home directories, the IPC sockets may + now be redirected. This feature requires Libassuan 2.2.0. + * Improved portability and the usual bunch of bug fixes. +- removed patch not part of upstream release: + gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +- refresh for context changes: + gnupg-2.0.18-files-are-digests.patch + gnupg-2.0.4-install_tools.diff +- refresh for upstream code changes: + gnupg-add_legacy_FIPS_mode_option.patch + gnupg-detect_FIPS_mode.patch (MD5 removed) + ------------------------------------------------------------------- Thu Dec 25 18:09:11 UTC 2014 - dev@stellardeath.org diff --git a/gpg2.spec b/gpg2.spec index fe8863f..d90b53c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.0 +Version: 2.1.1 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -35,7 +35,6 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch -Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch Patch14: gnupg-large_keys.patch BuildRequires: automake >= 1.10 BuildRequires: expect @@ -48,7 +47,7 @@ BuildRequires: libcurl-devel >= 7.10 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.6.1 -BuildRequires: libgpg-error-devel >= 1.15 +BuildRequires: libgpg-error-devel >= 1.16 BuildRequires: libksba-devel >= 1.2.0 BuildRequires: libusb-devel BuildRequires: makeinfo @@ -87,7 +86,6 @@ gpg-agent, and a keybox library. %patch9 -p1 %patch11 -p1 %patch12 -p1 -%patch13 -p1 %patch14 -p1 %build