Accepting request 933499 from Base:System

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/933499 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=157
2021-11-26 23:50:50 +00:00 · 2021-11-26 23:50:50 +00:00 · 4b5604403c
commit 4b5604403c
parent fc18aa63e0
10 changed files with 234 additions and 93 deletions
--- a/gnupg-2.2.27.tar.bz2
+++ b/gnupg-2.2.27.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399
 size 7191555
--- a/gnupg-2.2.27.tar.bz2.sig
+++ b/gnupg-2.2.27.tar.bz2.sig
--- a/gnupg-2.3.3.tar.bz2
+++ b/gnupg-2.3.3.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5789b86da6a1a6752efb38598f16a77af51170a8494039c3842b085032e8e937
 size 7590874
--- a/gnupg-2.3.3.tar.bz2.sig
+++ b/gnupg-2.3.3.tar.bz2.sig
--- a/gnupg-add_legacy_FIPS_mode_option.patch
+++ b/gnupg-add_legacy_FIPS_mode_option.patch
@ -3,11 +3,11 @@
 g10/gpg.c    |    9 +++++++++
 2 files changed, 27 insertions(+)
-Index: gnupg-2.2.20/doc/gpg.texi
+Index: gnupg-2.3.0/doc/gpg.texi
 ===================================================================
--- gnupg-2.2.20.orig/doc/gpg.texi
+--- gnupg-2.3.0.orig/doc/gpg.texi
-+++ gnupg-2.2.20/doc/gpg.texi
+++ gnupg-2.3.0/doc/gpg.texi
-@@ -2133,6 +2133,24 @@ implies, this option is for experts only
+@@ -2178,6 +2178,24 @@ implies, this option is for experts only
 understand the implications of what it allows you to do, leave this
 off. @option{--no-expert} disables this option.
@ -32,36 +32,37 @@ Index: gnupg-2.2.20/doc/gpg.texi
 @end table
-Index: gnupg-2.2.20/g10/gpg.c
+Index: gnupg-2.3.0/g10/gpg.c
 ===================================================================
--- gnupg-2.2.20.orig/g10/gpg.c
+--- gnupg-2.3.0.orig/g10/gpg.c
-+++ gnupg-2.2.20/g10/gpg.c
+++ gnupg-2.3.0/g10/gpg.c
-@@ -429,6 +429,7 @@ enum cmd_and_opt_values
+@@ -437,6 +437,7 @@ enum cmd_and_opt_values
     oUseOnlyOpenPGPCard,
     oIncludeKeyBlock,
     oNoIncludeKeyBlock,
     oChUid,
     oForceSignKey,
 +    oSetLegacyFips,
     oNoop
   };
-@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = {
-   ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oAEADAlgo,   "aead-algo", "@"),
-   ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
-   ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
+   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
   ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
-@@ -3614,6 +3616,13 @@ main (int argc, char **argv)
+   ARGPARSE_header (NULL, N_("Options for unattended use")),
-             opt.flags.use_only_openpgp_card = 1;
+@@ -3688,6 +3690,14 @@ main (int argc, char **argv)
             opt.flags.full_timestrings = 1;
             break;
-+	  case oSetLegacyFips:
+         case oSetLegacyFips:
-+	    if(gcry_fips_mode_active())
+           if(gcry_fips_mode_active())
-+	      gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode");
+             gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG,
-+	    else
+                           "Enable legacy support in FIPS 140-2 mode");
-+	      log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
+           else
-+	    break;
+             log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
 +           break;
 +
 	  case oNoop: break;
--- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 g10/import.c | 49 +++++++++++--------------------------------------
 1 file changed, 11 insertions(+), 38 deletions(-)
-Index: gnupg-2.2.19/g10/import.c
+Index: gnupg-2.3.0/g10/import.c
 ===================================================================
--- gnupg-2.2.19.orig/g10/import.c
+--- gnupg-2.3.0.orig/g10/import.c
-+++ gnupg-2.2.19/g10/import.c
+++ gnupg-2.3.0/g10/import.c
-@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl,
   size_t an;
   char pkstrbuf[PUBKEY_STRING_SIZE];
   int merge_keys_done = 0;
@ -29,12 +29,12 @@ Index: gnupg-2.2.19/g10/import.c
   KEYDB_HANDLE hd = NULL;
   if (r_valid)
-@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl,
       log_printf ("\n");
     }
 -
-  if (!uidnode )
+-  if (!uidnode)
 -    {
 -      if (!silent)
 -        log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@ -44,16 +44,18 @@ Index: gnupg-2.2.19/g10/import.c
   if (screener && screener (keyblock, screener_arg))
     {
       log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl,
+@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl,
             xfree(user);
 	  }
     }
- 
+-
-  if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
+-  /* Delete invalid parts and bail out if there are no user ids left.  */
 -  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
 -    {
 -      if (!silent)
 -        {
-          log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+-          log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
-          if (!opt.quiet )
+-          if (!opt.quiet)
 -            log_info(_("this may be caused by a missing self-signature\n"));
 -        }
 -      stats->no_user_id++;
@ -66,7 +68,7 @@ Index: gnupg-2.2.19/g10/import.c
   /* Get rid of deleted nodes.  */
   commit_kbnode (&keyblock);
-@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl,
+@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl,
     {
       apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
       commit_kbnode (&keyblock);
@ -91,7 +93,7 @@ Index: gnupg-2.2.19/g10/import.c
     }
   /* The keyblock is valid and ready for real import.  */
-@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl,
       err = 0;
       stats->skipped_new_keys++;
     }
--- a/gnupg-dont-fail-with-seahorse-agent.patch
+++ b/gnupg-dont-fail-with-seahorse-agent.patch
@ -2,16 +2,16 @@
 g10/passphrase.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-Index: gnupg-2.1.0/g10/passphrase.c
+Index: gnupg-2.3.0/g10/passphrase.c
 ===================================================================
--- gnupg-2.1.0.orig/g10/passphrase.c	2014-11-07 16:52:11.080483153 +0100
+--- gnupg-2.3.0.orig/g10/passphrase.c
-+++ gnupg-2.1.0/g10/passphrase.c	2014-11-07 16:52:11.996494299 +0100
+++ gnupg-2.3.0/g10/passphrase.c
-@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations)
+@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac
-         {
+     }
-           /* Don't print an error if an older agent is used.  */
+   else
-           if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+     {
-            log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+-      log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
-+            log_info (_("problem with the agent: %s\n"), gpg_strerror (err));
+      log_info (_("problem with the agent: %s\n"), gpg_strerror (rc));
-           /* Default to 65536 which we used up to 2.0.13.  */
+       /* Due to limitations in the API of the upper layers they
-           return 96;
+          consider an error as no passphrase entered.  This works in
-         }
+          most cases but not during key creation where this should
--- a/gnupg-set_umask_before_open_outfile.patch
+++ b/gnupg-set_umask_before_open_outfile.patch
@ -1,7 +1,7 @@
-Index: gnupg-2.1.20/g10/plaintext.c
+Index: gnupg-2.3.0/g10/plaintext.c
 ===================================================================
--- gnupg-2.1.20.orig/g10/plaintext.c	2017-04-03 17:13:56.000000000 +0200
+--- gnupg-2.3.0.orig/g10/plaintext.c
-+++ gnupg-2.1.20/g10/plaintext.c	2017-04-04 09:53:31.541145727 +0200
+++ gnupg-2.3.0/g10/plaintext.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <errno.h>
@ -39,5 +39,5 @@ Index: gnupg-2.1.20/g10/plaintext.c
 +	}
 +	umask(saved_umask);
     }
- #else /* __riscos__ */
+ 
-   /* If no output filename was given, i.e. we constructed it, convert
+  leave:
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,151 @@
 -------------------------------------------------------------------
 Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
 - GnuPG 2.3.3:
  * agent: Fix segv in GET_PASSPHRASE (regression)
  * dirmngr: Fix Let's Encrypt certificate chain validation
  * gpg: Change default and maximum AEAD chunk size to 4 MiB
  * gpg: Print a warning when importing a bad cv25519 secret key
  * gpg: Fix --list-packets for undecryptable AEAD packets
  * gpg: Verify backsigs for v5 keys correctly
  * keyboxd: Fix checksum computation for no UBID entry on disk
  * keyboxd: Fix "invalid object" error with cv448 keys
  * dirmngr: New option --ignore-cert
  * agent: Fix calibrate_get_time use of clock_gettime
  * Support a gpgconf.ctl file under Unix and use this for the
    regression tests
 -------------------------------------------------------------------
 Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 - GnuPG 2.3.2:
  * gpg: Allow fingerprint based lookup with --locate-external-key.
  * gpg: Allow decryption w/o public key but with correct card inserted.
  * gpg: Auto import keys specified with --trusted-keys.
  * gpg: Do not use import-clean for LDAP keyserver imports.
  * gpg: Fix mailbox based search via AKL keyserver method.
  * gpg: Fix memory corruption with --clearsign introduced with 2.3.1.
  * gpg: Use a more descriptive prompt for symmetric decryption.
  * gpg: Improve speed of secret key listing.
  * gpg: Support keygrip search with traditional keyring.
  * gpg: Let --fetch-key return an exit code on failure.
  * gpg: Emit the NO_SECKEY status again for decryption.
  * gpgsm: Support decryption of password based encryption (pwri).
  * gpgsm: Support AES-GCM decryption.
  * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
  * gpgsm: Fix finding of issuer in use-keyboxd mode.
  * gpgsm: New option --ldapserver as an alias for --keyserver.
  * agent: Use SHA-256 for SSH fingerprint by default.
  * agent: Fix calling handle_pincache_put.
  * agent: Fix importing protected secret key.
  * agent: Fix a regression in agent_get_shadow_info_type.
  * agent: Add translatable text for Caps Lock hint.
  * agent: New option --pinentry-formatted-passphrase.
  * agent: Add checkpin inquiry for pinentry.
  * agent: New option --check-sym-passphrase-pattern.
  * agent: Use the sysconfdir for a pattern file.
  * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry.
  * dirmngr: LDAP search by a mailbox now ignores revoked keys.
  * dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
  * dirmngr: Allow for non-URL specified ldap keyservers.
  * dirmngr: New option --ldapserver.
  * dirmngr: Fix regression in KS_GET for mail address pattern.
  * card: New option --shadow for the list command.
  * tests: Make sure the built keyboxd is used.
  * scd: Fix computing shared secrets for 512 bit curves.
  * scd: Fix unblock PIN by a Reset Code with KDF.
  * scd: Fix PC/SC removed card problem.
  * scd: Recover the partial match for PORTSTR for PC/SC.
  * scd: Make sure to release the PC/SC context.
  * scd: Fix zero-byte handling in ECC.
  * scd: Fix serial number detection for Yubikey 5.
  * scd: Add basic support for AET JCOP cards.
  * scd: Detect external interference when --pcsc-shared is in use.
  * scd: Fix access to the list of cards.
  * gpgconf: Do not list a disabled tpm2d.
  * gpgconf: Make runtime changes with different homedir work.
  * keyboxd: Fix searching for exact mail adddress.
  * keyboxd: Fix searching with multiple patterns.
  * tools: Extend gpg-check-pattern.
  * wkd: Fix client issue with leading or trailing spaces in user-ids.
  * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
  * Change the default keyserver to keyserver.ubuntu.com. This is a
    temporary change due to the shutdown of the SKS keyserver pools.
 -------------------------------------------------------------------
 Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 - GnuPG 2.3.1:
  * The new configuration file common.conf is now used to enable
    the use of the key database daemon with "use-keyboxd". Using
    this option in gpg.conf and gpgsm.conf is supported for a
    transitional period. See doc/example/common.conf for more.
  * gpg: Force version 5 key creation for ed448 and cv448 algorithms.
  * gpg: By default do not use the self-sigs-only option when
    importing from an LDAP keyserver.
  * gpg: Lookup a missing public key of the active card via LDAP.
  * gpgsm: New command --show-certs.
  * scd: Fix CCID driver for SCM SPR332/SPR532.
  * scd: Further improvements for PKCS#15 cards.
  * New configure option --with-tss to allow the selection of the
    TSS library.
 - Rebase patches:
  * gnupg-add_legacy_FIPS_mode_option.patch
  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
  * gnupg-dont-fail-with-seahorse-agent.patch
  * gnupg-set_umask_before_open_outfile.patch
 -------------------------------------------------------------------
 Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
 - GnuPG 2.3.0:
  * A new experimental key database daemon is provided.  To enable
    it put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored
    in a SQLite database and make key lookup much faster.
  * New tool gpg-card as a flexible frontend for all types of
    supported smartcards.
  * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
    gpg-connect-agent.
  * The gpg-wks-client tool is now installed under bin; a wrapper for
    its old location at libexec is also installed.
  * tpm2d: New daemon to physically bind keys to the local machine.
  * gpg: Switch to ed25519/cv25519 as default public key algorithms.
  * gpg: Verification results now depend on the --sender option and
    the signer's UID subpacket.
  * gpg: Do not use any 64-bit block size cipher algorithm for
    encryption.  Use AES as last resort cipher preference instead of
    3DES.  This can be reverted using --allow-old-cipher-algos.
  * gpg: Support AEAD encryption mode using OCB or EAX.
  * gpg: Support v5 keys and signatures.
  * gpg: Support curve X448 (ed448, cv448).
  * gpg: Allow use of group names in key listings.
  * gpg: New option --full-timestrings to print date and time.
  * gpg: New option --force-sign-key.
  * gpg: New option --no-auto-trust-new-key.
  * gpg: The legacy key discovery method PKA is no longer supported.
    The command --print-pka-records and the PKA related import and
    export options have been removed.
  * gpg: Support export of Ed448 Secure Shell keys.
  * gpgsm: Add basic ECC support.
  * gpgsm: Support creation of EdDSA certificates.  [#4888]
  * agent: Allow the use of "Label:" in a key file to customize the
    pinentry prompt.
  * agent: Support ssh-agent extensions for environment variables.
    With a patched version of OpenSSH this avoids the need for the
    "updatestartuptty" kludge.
  * scd: Improve support for multiple card readers and tokens.
  * scd: Support PIV cards.
  * scd: Support for Rohde&Schwarz Cybersecurity cards.
  * scd: Support Telesec Signature Cards v2.0
  * scd: Support multiple application on certain smartcard.
  * scd: New option --application-priority.
  * scd: New option --pcsc-shared; see man page for important notes.
  * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
  * The symcryptrun tool, a wrapper for the now obsolete external
    Chiasmus tool, has been removed.
  * Full Unicode support for the command line.
 - dropped legacy commands: gpg-zip
 -------------------------------------------------------------------
 Wed Apr  7 20:56:23 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
--- a/gpg2.spec
+++ b/gpg2.spec
@ -17,34 +17,36 @@
 Name:           gpg2
-Version:        2.2.27
+Version:        2.3.3
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
 Group:          Productivity/Networking/Security
 URL:            https://www.gnupg.org
-Source:         ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
+Source:         https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2
-Source2:        ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
+Source2:        https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:        %{name}.keyring
 Source4:        scdaemon.udev
 Source99:       %{name}.changes
-Patch4:         gnupg-2.0.9-langinfo.patch
+Patch1:         gnupg-gpg-agent-ulimit.patch
-Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
+Patch2:         gnupg-2.0.9-langinfo.patch
-Patch8:         gnupg-set_umask_before_open_outfile.patch
+Patch3:         gnupg-dont-fail-with-seahorse-agent.patch
-Patch9:         gnupg-detect_FIPS_mode.patch
+Patch4:         gnupg-set_umask_before_open_outfile.patch
-Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch5:         gnupg-detect_FIPS_mode.patch
-Patch12:        gnupg-2.2.16-secmem.patch
+Patch6:         gnupg-add_legacy_FIPS_mode_option.patch
-Patch13:        gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
+Patch7:         gnupg-2.2.16-secmem.patch
-Patch14:        gnupg-add-test-cases-for-import-without-uid.patch
+Patch8:         gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
-Patch15:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+Patch9:         gnupg-add-test-cases-for-import-without-uid.patch
-Patch1124847:   gnupg-gpg-agent-ulimit.patch
+Patch10:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  ibmswtpm2
 BuildRequires:  ibmtss-devel
 BuildRequires:  libassuan-devel >= 2.5.0
-BuildRequires:  libgcrypt-devel >= 1.8.0
+BuildRequires:  libgcrypt-devel >= 1.9.1
-BuildRequires:  libgpg-error-devel >= 1.27
+BuildRequires:  libgpg-error-devel >= 1.41
-BuildRequires:  libksba-devel >= 1.3.5
+BuildRequires:  libksba-devel >= 1.3.4
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 1.2
 BuildRequires:  openldap2-devel
@ -53,12 +55,12 @@ BuildRequires:  readline-devel
 BuildRequires:  pkgconfig(bzip2)
 BuildRequires:  pkgconfig(gnutls) >= 3.0
 BuildRequires:  pkgconfig(libusb-1.0)
-BuildRequires:  pkgconfig(sqlite3) >= 3.7
+BuildRequires:  pkgconfig(sqlite3) >= 3.27
 BuildRequires:  pkgconfig(zlib)
 # runtime dependency to support devel repository users - boo#955982
 Requires:       libassuan0 >= 2.5.0
-Requires:       libgcrypt20 >= 1.8.0
+Requires:       libgcrypt20 >= 1.9.1
-Requires:       libksba >= 1.3.5
+Requires:       libksba >= 1.3.4
 Requires:       pinentry
 Recommends:     dirmngr = %{version}
 Provides:       gnupg = %{version}
@ -88,18 +90,11 @@ gpgsm, or via the gpg-connect-agent tool.
 %lang_package
 %prep
-%setup -q -n gnupg-%{version}
+%autosetup -p1 -n gnupg-%{version}
-%patch1124847 -p1
+
-%patch4 -p1
+# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch
-%patch6 -p1
+# to not have man pages and info files have the build date (boo#1047218)
-%patch8 -p1
+touch -d 2018-05-04 doc/gpg.texi
 %patch9 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218)
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
@ -112,7 +107,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
    --with-scdaemon-pgm=%{_bindir}/scdaemon \
    --enable-ldap \
    --enable-gpgsm=yes \
    --enable-gpg \
    --enable-gpgtar \
    --enable-g13 \
    --enable-large-secmem \
@ -120,8 +114,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
    --with-gnu-ld \
    --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
    --enable-build-timestamp=$date \
-    --enable-gpg-is-gpg2 \
+    --enable-gpg-is-gpg2
    --enable-Werror
 %make_build
@ -145,9 +138,6 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
 # install udev rules for scdaemon
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 # install legacy tools
 install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
 # install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir}
 %find_lang gnupg2
 %fdupes -s %{buildroot}