From 4eafdb296ba0fc12089801e897afd45fc260951927c30666831b3c08cb2ae72b Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Tue, 10 Oct 2023 15:00:55 +0000 Subject: [PATCH] Accepting request 1116649 from security:privacy - Install the internal executables in the /usr/libexec dir instead of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase, gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon. - Provide the systemd-user files since they have been removed upstream since version 2.4.1. [bsc#1201564] * Add gpg2-systemd-user.tar.xz - Revert back to use the IBM TPM Software stack. - Update to 2.4.3: * gpg: Set default expiration date to 3 years. [T2701] * gpg: Add --list-filter properties "key_expires" and "key_expires_d". [T6529] * gpg: Emit status line and proper diagnostics for write errors. [T6528] * gpg: Make progress work for large files on Windows. [T6534] * gpg: New option --no-compress as alias for -z0. * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgtar: New option --no-compress. * dirmngr: Extend the AD_QUERY command. [rG207c99567c] * dirmngr: Disable the HTTP redirect rewriting. [T6477] * dirmngr: New option --compatibility-flags. [rGbf04b07327] * dirmngr: New option --ignore-crl-extensions. [T6545] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a27] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] OBS-URL: https://build.opensuse.org/request/show/1116649 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=292 --- gnupg-2.4.0.tar.bz2 | 3 - gnupg-2.4.0.tar.bz2.sig | Bin 238 -> 0 bytes gnupg-2.4.3.tar.bz2 | 3 + gnupg-2.4.3.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 28 +-- gnupg-revert-rfc4880bis.patch | 46 ++--- ...ests-gpgme-for-in-source-tree-builds.patch | 168 ------------------ gpg2-systemd-user.tar.xz | 3 + gpg2.changes | 108 +++++++++++ gpg2.spec | 51 ++---- 10 files changed, 167 insertions(+), 243 deletions(-) delete mode 100644 gnupg-2.4.0.tar.bz2 delete mode 100644 gnupg-2.4.0.tar.bz2.sig create mode 100644 gnupg-2.4.3.tar.bz2 create mode 100644 gnupg-2.4.3.tar.bz2.sig delete mode 100644 gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch create mode 100644 gpg2-systemd-user.tar.xz diff --git a/gnupg-2.4.0.tar.bz2 b/gnupg-2.4.0.tar.bz2 deleted file mode 100644 index 0389e0d..0000000 --- a/gnupg-2.4.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483 -size 7666935 diff --git a/gnupg-2.4.0.tar.bz2.sig b/gnupg-2.4.0.tar.bz2.sig deleted file mode 100644 index d9d3aeb7b1ef62d20ab58e6d36afb3be5d5b6f1c7f45491e07a56a2f80030d2d..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 238 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$#YiTVBq2ufQhiVGcqjC zlM4U$+1o?O*Su-k@n!eBqd)Dvth2gx>-wn5i(BLE82)Fp_}}43=C)%fU2`K$EX_mt zU9!o_0^P_ze%IvZt8jC4Ago=}Cm8+RPPf=fXsy>TpS$@)+w#{AvM+c547X&H diff --git a/gnupg-2.4.3.tar.bz2 b/gnupg-2.4.3.tar.bz2 new file mode 100644 index 0000000..0e5790c --- /dev/null +++ b/gnupg-2.4.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a271ae6d732f6f4d80c258ad9ee88dd9c94c8fdc33c3e45328c4d7c126bd219d +size 7351327 diff --git a/gnupg-2.4.3.tar.bz2.sig b/gnupg-2.4.3.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..db3221bffc5c979ecff39de4b43c4c6b0c70b053a75f1c2ebce1400682495c8d GIT binary patch literal 119 zcmeAuWnmEGVvrS6WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0DND3>GH`JUz(nFsF#HwU z|KauN-yQKrCzEP7JrOdxIO%ZTrS%o>58m&4Y<*$vE}yMJ7Lqy7y%Y4He>(* literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index e3c7cf8..83c5139 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.4.0/doc/gpg.texi +Index: gnupg-2.4.2/doc/gpg.texi =================================================================== ---- gnupg-2.4.0.orig/doc/gpg.texi -+++ gnupg-2.4.0/doc/gpg.texi -@@ -2218,6 +2218,24 @@ implies, this option is for experts only +--- gnupg-2.4.2.orig/doc/gpg.texi ++++ gnupg-2.4.2/doc/gpg.texi +@@ -2285,6 +2285,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,28 +32,28 @@ Index: gnupg-2.4.0/doc/gpg.texi @end table -Index: gnupg-2.4.0/g10/gpg.c +Index: gnupg-2.4.2/g10/gpg.c =================================================================== ---- gnupg-2.4.0.orig/g10/gpg.c -+++ gnupg-2.4.0/g10/gpg.c -@@ -443,6 +443,7 @@ enum cmd_and_opt_values +--- gnupg-2.4.2.orig/g10/gpg.c ++++ gnupg-2.4.2/g10/gpg.c +@@ -446,6 +446,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, oRequireCompliance, + oSetLegacyFips, oCompatibilityFlags, - - oNoop -@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = { + oAddDesigRevoker, + oAssertSigner, +@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), - ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3711,6 +3714,14 @@ main (int argc, char **argv) - opt.flags.require_compliance = 1; +@@ -3756,6 +3758,14 @@ main (int argc, char **argv) + keybox_set_buffersize (pargs.r.ret_ulong, 0); break; + case oSetLegacyFips: diff --git a/gnupg-revert-rfc4880bis.patch b/gnupg-revert-rfc4880bis.patch index 4d70894..6693bbd 100644 --- a/gnupg-revert-rfc4880bis.patch +++ b/gnupg-revert-rfc4880bis.patch @@ -13,11 +13,11 @@ Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg (read_parameter_file): Activate the v4 and v5 keywords. -- -Index: gnupg-2.4.0/g10/gpg.c +Index: gnupg-2.4.1/g10/gpg.c =================================================================== ---- gnupg-2.4.0.orig/g10/gpg.c -+++ gnupg-2.4.0/g10/gpg.c -@@ -246,6 +246,7 @@ enum cmd_and_opt_values +--- gnupg-2.4.1.orig/g10/gpg.c ++++ gnupg-2.4.1/g10/gpg.c +@@ -247,6 +247,7 @@ enum cmd_and_opt_values oGnuPG, oRFC2440, oRFC4880, @@ -25,7 +25,7 @@ Index: gnupg-2.4.0/g10/gpg.c oOpenPGP, oPGP7, oPGP8, -@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = { +@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), @@ -33,15 +33,15 @@ Index: gnupg-2.4.0/g10/gpg.c ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), ARGPARSE_s_n (oPGP7, "pgp6", "@"), ARGPARSE_s_n (oPGP7, "pgp7", "@"), -@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = { +@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), - ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), - ARGPARSE_group (302, N_( -@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co +@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co { { "gnupg", oGnuPG }, { "openpgp", oOpenPGP }, @@ -50,7 +50,7 @@ Index: gnupg-2.4.0/g10/gpg.c { "rfc4880", oRFC4880 }, { "rfc2440", oRFC2440 }, { "pgp6", oPGP7 }, -@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co +@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co static void set_compliance_option (enum cmd_and_opt_values option) { @@ -79,7 +79,7 @@ Index: gnupg-2.4.0/g10/gpg.c case oOpenPGP: case oRFC4880: /* This is effectively the same as RFC2440, but with -@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_ +@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_ case oPGP8: opt.compliance = CO_PGP8; break; case oGnuPG: opt.compliance = CO_GNUPG; @@ -87,7 +87,7 @@ Index: gnupg-2.4.0/g10/gpg.c break; case oDE_VS: -@@ -2470,6 +2492,7 @@ main (int argc, char **argv) +@@ -2490,6 +2512,7 @@ main (int argc, char **argv) opt.emit_version = 0; opt.weak_digests = NULL; opt.compliance = CO_GNUPG; @@ -95,7 +95,7 @@ Index: gnupg-2.4.0/g10/gpg.c /* Check special options given on the command line. */ orig_argc = argc; -@@ -3008,6 +3031,7 @@ main (int argc, char **argv) +@@ -3032,6 +3055,7 @@ main (int argc, char **argv) case oOpenPGP: case oRFC2440: case oRFC4880: @@ -103,7 +103,7 @@ Index: gnupg-2.4.0/g10/gpg.c case oPGP7: case oPGP8: case oGnuPG: -@@ -3832,6 +3856,11 @@ main (int argc, char **argv) +@@ -3868,6 +3892,11 @@ main (int argc, char **argv) if( may_coredump && !opt.quiet ) log_info(_("WARNING: program may create a core file!\n")); @@ -115,7 +115,7 @@ Index: gnupg-2.4.0/g10/gpg.c if (eyes_only) { if (opt.set_filename) log_info(_("WARNING: %s overrides %s\n"), -@@ -4057,7 +4086,7 @@ main (int argc, char **argv) +@@ -4084,7 +4113,7 @@ main (int argc, char **argv) /* Check our chosen algorithms against the list of legal algorithms. */ @@ -124,11 +124,11 @@ Index: gnupg-2.4.0/g10/gpg.c { const char *badalg=NULL; preftype_t badtype=PREFTYPE_NONE; -Index: gnupg-2.4.0/g10/keygen.c +Index: gnupg-2.4.1/g10/keygen.c =================================================================== ---- gnupg-2.4.0.orig/g10/keygen.c -+++ gnupg-2.4.0/g10/keygen.c -@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string +--- gnupg-2.4.1.orig/g10/keygen.c ++++ gnupg-2.4.1/g10/keygen.c +@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string strcat(dummy_string,"S7 "); strcat(dummy_string,"S2 "); /* 3DES */ @@ -137,7 +137,7 @@ Index: gnupg-2.4.0/g10/keygen.c strcat(dummy_string,"A2 "); if (personal) -@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig +@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig /* Make sure that the MDC feature flag is set if needed. */ add_feature_mdc (sig,mdc_available); add_feature_aead (sig, aead_available); @@ -146,7 +146,7 @@ Index: gnupg-2.4.0/g10/keygen.c add_keyserver_modify (sig,ks_modify); keygen_add_keyserver_url(sig,NULL); -@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl, +@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, } } else if (!ascii_strcasecmp (s, "v5")) @@ -158,7 +158,7 @@ Index: gnupg-2.4.0/g10/keygen.c else if (!ascii_strcasecmp (s, "v4")) keyversion = 4; else -@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl, +@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, * ecdsa := Use algorithm ECDSA. * eddsa := Use algorithm EdDSA. * ecdh := Use algorithm ECDH. @@ -167,7 +167,7 @@ Index: gnupg-2.4.0/g10/keygen.c * * There are several defaults and fallbacks depending on the * algorithm. PART can be used to select which part of STRING is -@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const +@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const } } @@ -180,7 +180,7 @@ Index: gnupg-2.4.0/g10/keygen.c else { r = xmalloc_clear( sizeof *r + strlen( value ) ); -@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p +@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p para = r; } diff --git a/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch b/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch deleted file mode 100644 index 41a084f..0000000 --- a/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch +++ /dev/null @@ -1,168 +0,0 @@ -From e89d57a2cb10bd04d266165015f159be2ab48984 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 21 Dec 2022 10:52:24 +0900 -Subject: tests: Fix tests/gpgme for in-source-tree builds. - -* tests/gpgme/Makefile.am: Don't use setup.scm/ dir. -* tests/gpgme/Makefile.in: Don't use setup.scm/ dir. -* tests/gpgme/all-tests.scm: Fix the name of the environment. - --- - -GnuPG-bug-id: 6313 -Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d -Signed-off-by: NIIBE Yutaka - -Index: gnupg-2.4.0/tests/gpgme/Makefile.am -=================================================================== ---- gnupg-2.4.0.orig/tests/gpgme/Makefile.am -+++ gnupg-2.4.0/tests/gpgme/Makefile.am -@@ -47,8 +47,7 @@ check: xcheck - - .PHONY: xcheck - xcheck: -- @$(MKDIR_P) setup.scm/tests \ -- tests/gpg lang/qt/tests lang/python/tests -+ @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests - $(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \ - $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS) - -@@ -61,4 +60,4 @@ CLEANFILES = *.log report.xml - all-local: $(required_pgms) - - clean-local: -- -rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests -+ -rm -rf tests lang -Index: gnupg-2.4.0/tests/gpgme/Makefile.in -=================================================================== ---- gnupg-2.4.0.orig/tests/gpgme/Makefile.in -+++ gnupg-2.4.0/tests/gpgme/Makefile.in -@@ -614,8 +614,7 @@ check: xcheck - - .PHONY: xcheck - xcheck: -- @$(MKDIR_P) setup.scm/tests \ -- tests/gpg lang/qt/tests lang/python/tests -+ @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests - $(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \ - $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS) - -@@ -624,7 +623,7 @@ xcheck: - all-local: $(required_pgms) - - clean-local: -- -rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests -+ -rm -rf tests lang - - # Tell versions [3.59,3.63) of GNU make to not export all variables. - # Otherwise a system limit (for SysV at least) may be exceeded. -Index: gnupg-2.4.0/tests/gpgme/all-tests.scm -=================================================================== ---- gnupg-2.4.0.orig/tests/gpgme/all-tests.scm -+++ gnupg-2.4.0/tests/gpgme/all-tests.scm -@@ -41,7 +41,7 @@ - (test::scm - #f - #f -- (path-join "tests" "gpgme" "setup.scm" "tests" "gpg") -+ (path-join "tests" "gpgme" "tests" "gpg") - (in-srcdir "tests" "gpgme" "setup.scm") - "--" "tests" "gpg"))) - (define setup-py -@@ -49,7 +49,7 @@ - (test::scm - #f - #f -- (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests") -+ (path-join "tests" "gpgme" "lang" "python" "tests") - (in-srcdir "tests" "gpgme" "setup.scm") - "--" "lang" "python" "tests"))) - -From 658daae34aa3b2b40e6473d44d41abcf175f1ab2 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Tue, 21 Mar 2023 09:15:20 +0100 -Subject: [PATCH 0787/1000] doc: Suggest the use of out-of-source builds. - --- - -GnuPG-bug-id: 6313 - -diff --git a/INSTALL b/INSTALL -index 5458714e1..9e9642898 100644 ---- a/INSTALL -+++ b/INSTALL -@@ -42,10 +42,12 @@ may remove or edit it. - you want to change it or regenerate `configure' using a newer version - of `autoconf'. - --The simplest way to compile this package is: -+The suggested way to compile this package is: - -- 1. `cd' to the directory containing the package's source code and type -- `./configure' to configure the package for your system. -+ 1. `cd' to the directory containing the package's source code and -+ create a new directory named `build'. Then `cd' to that -+ directory and type `../configure' to configure the package for -+ your system. - - Running `configure' might take a while. While running, it prints - some messages telling which features it is checking for. -@@ -58,14 +60,17 @@ The simplest way to compile this package is: - 4. Type `make install' to install the programs and any data files and - documentation. - -- 5. You can remove the program binaries and object files from the -- source code directory by typing `make clean'. To also remove the -- files that `configure' created (so you can compile the package for -- a different kind of computer), type `make distclean'. There is -- also a `make maintainer-clean' target, but that is intended mainly -- for the package's developers. If you use it, you may have to get -- all sorts of other programs in order to regenerate files that came -- with the distribution. -+ 5. You can remove the program binaries and object files by deleting -+ all files from the `build' directory. In case you did not used a -+ dedicated build directory but build the software directly in the -+ source tree, you can remove the program binaries and object files -+ from the source code directory by typing `make clean'. To also -+ remove the files that `configure' created (so you can compile the -+ package for a different kind of computer), type `make distclean'. -+ There is also a `make maintainer-clean' target, but that is -+ intended mainly for the package's developers. If you use it, you -+ may have to get all sorts of other programs in order to -+ regenerate files that came with the distribution. - - Compilers and Options - ===================== -@@ -231,4 +236,3 @@ an Autoconf bug. Until the bug is fixed you can use this workaround: - - `configure' also accepts some other, not widely useful, options. Run - `configure --help' for more details. -- -diff --git a/README b/README -index 42eed238f..b9bf7805e 100644 ---- a/README -+++ b/README -@@ -53,7 +53,9 @@ - - As with all packages, you just have to do - -- ./configure -+ mkdir build -+ cd build -+ ../configure - make - make check - make install -@@ -81,7 +83,8 @@ - To quickly build all required software without installing it, the - Speedo method may be used: - -- make -f build-aux/speedo.mk native -+ cd build -+ make -f ../build-aux/speedo.mk native - - This method downloads all required libraries and does a native build - of GnuPG to PLAY/inst/. GNU make is required and you need to set --- -2.42.0 - diff --git a/gpg2-systemd-user.tar.xz b/gpg2-systemd-user.tar.xz new file mode 100644 index 0000000..c2fe16f --- /dev/null +++ b/gpg2-systemd-user.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3f9243d1bb781cd5da3c4c41dccfecd62e0a78aa3fd0e2edd18d766bd4b1cfc3 +size 1812 diff --git a/gpg2.changes b/gpg2.changes index 6beaa88..aa73187 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Oct 10 06:46:08 UTC 2023 - Pedro Monreal + +- Install the internal executables in the /usr/libexec dir instead + of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth + gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase, + gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon. + +------------------------------------------------------------------- +Mon Oct 9 12:33:12 UTC 2023 - Pedro Monreal + +- Provide the systemd-user files since they have been removed + upstream since version 2.4.1. [bsc#1201564] + * Add gpg2-systemd-user.tar.xz + ------------------------------------------------------------------- Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal @@ -5,6 +20,92 @@ Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal * Note that, there is no activation by default. * Rework excludes in the spec's files section. +------------------------------------------------------------------- +Thu Aug 3 16:24:19 UTC 2023 - Pedro Monreal + +- Revert back to use the IBM TPM Software stack. + +------------------------------------------------------------------- +Wed Jul 5 09:10:55 UTC 2023 - Pedro Monreal + +- Update to 2.4.3: + * gpg: Set default expiration date to 3 years. [T2701] + * gpg: Add --list-filter properties "key_expires" and + "key_expires_d". [T6529] + * gpg: Emit status line and proper diagnostics for write errors. [T6528] + * gpg: Make progress work for large files on Windows. [T6534] + * gpg: New option --no-compress as alias for -z0. + * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] + * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] + * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] + * gpgtar: New option --no-compress. + * dirmngr: Extend the AD_QUERY command. [rG207c99567c] + * dirmngr: Disable the HTTP redirect rewriting. [T6477] + * dirmngr: New option --compatibility-flags. [rGbf04b07327] + * dirmngr: New option --ignore-crl-extensions. [T6545] + * wkd: Use export-clean for gpg-wks-client's --mirror and --create + commands. [rG2c7f7a5a27] + * wkd: Make --add-revocs the default in gpg-wks-client. New option + --no-add-revocs. [rG10c937ee68] + * scd: Make signing work for Nexus cards. [rGb83d86b988] + * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce] + +------------------------------------------------------------------- +Tue May 30 19:37:39 UTC 2023 - Pedro Monreal + +- Update to 2.4.2: + * gpg: Print a warning if no more encryption subkeys are left over + after changing the expiration date. [rGef2c3d50fa] + * gpg: Fix searching for the ADSK key when adding an ADSK. [T6504] + * gpgsm: Speed up key listings on Windows. [rG08ff55bd44] + * gpgsm: Reduce the number of "failed to open policy file" + diagnostics. [rG68613a6a9d] + * agent: Make updating of private key files more robust and track + display S/N. [T6135] + * keyboxd: Avoid longish delays on Windows when listing keys. + [rG6944aefa3c] + * gpgtar: Emit extra status lines to help GPGME. [T6497] + * w32: Avoid using the VirtualStore. [T6403] + * Rebase gnupg-add_legacy_FIPS_mode_option.patch + +------------------------------------------------------------------- +Fri Apr 28 11:58:06 UTC 2023 - Pedro Monreal + +- Update to 2.4.1: + * If the ~/.gnupg directory does not exist, the keyboxd is now + automagically enabled. [rGd9e7488b17] + * gpg: New option --add-desig-revoker. [rG3d094e2bcf] + * gpg: New option --assert-signer. [rGc9e95b8dee] + * gpg: New command --quick-add-adsk and other ADSK features. + [T6395, https://gnupg.org/blog/20230321-adsk.html] + * gpg: New list-option "show-unusable-sigs". Also show "[self-signature]" + instead of the user-id in key signature listings. [rG103acfe9ca] + * gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367] + * gpg: Detect already compressed data also when using a pipe. Also + detect JPEG and PNG file formats. [T6332] + * gpg: New subcommand "openpgp" for --card-edit. [T6462] + * gpgsm: Verification of detached signatures does now strip trailing + zeroes from the input if --assume-binary is used. [rG2a13f7f9dc] + * gpgsm: Non-armored detached signature are now created without + using indefinite form length octets. This improves compatibility + with some PDF signature verification software. [rG8996b0b655] + * gpgtar: Emit progress status lines in create mode. [T6363] + * dirmngr: The LDAP modifyTimestamp is now returned by some + keyserver commands. [rG56d309133f] + * ssh: Allow specification of the order keys are presented to ssh. + See the man page entry for --enable-ssh-support. [T5996, T6212] + * gpg: Make list-options "show-sig-subpackets" work again. + Fixes regression in 2.4.0. [rG5a223303d7] + * gpg: Fix the keytocard command for Yubikeys. [T6378] + * gpg: Do not continue an export after a cancel for the primary key. [T6093] + * gpg: Replace the --override-compliance-check hack by a real fix. [T5655] + * gpgtar: Fix decryption with input taken from stdin. [T6355] + * Rebase patches: + - gnupg-revert-rfc4880bis.patch + - gnupg-add_legacy_FIPS_mode_option.patch + * Remove patch fixed upstream: + - gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch + ------------------------------------------------------------------- Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal @@ -23,6 +124,13 @@ Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal - Allow 8192 bit RSA keys in keygen UI when large_rsa is set * Add gnupg-allow-large-rsa.patch +------------------------------------------------------------------- +Tue Feb 7 08:58:03 UTC 2023 - Pedro Monreal + +- Fix the regression test suite fails with the IBM TPM Software + stack. Builds fine using the Intel TPM; use the swtpm and + tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel. + ------------------------------------------------------------------- Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index e570ffb..6dace4a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.4.0 +Version: 2.4.3 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -28,6 +28,7 @@ Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring Source4: scdaemon.udev +Source5: gpg2-systemd-user.tar.xz Source99: %{name}.changes Patch1: gnupg-gpg-agent-ulimit.patch Patch2: gnupg-2.0.9-langinfo.patch @@ -43,8 +44,6 @@ Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.pa Patch11: gnupg-allow-large-rsa.patch #PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation Patch12: gnupg-revert-rfc4880bis.patch -#PATCH-FIX-UPSTREAM Fix tests/gpgme for in-source-tree builds -Patch13: gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 @@ -66,6 +65,7 @@ BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 Requires: libgcrypt20 >= 1.9.1 +Requires: libgpg-error >= 1.46 Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} @@ -105,7 +105,7 @@ keytotpm command will not function unless this package is installed. %lang_package %prep -%autosetup -p1 -n gnupg-%{version} +%autosetup -p1 -a5 -n gnupg-%{version} # In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch # to not have man pages and info files have the build date (boo#1047218) @@ -114,19 +114,10 @@ touch -d 2018-05-04 doc/gpg.texi %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %configure \ - --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ - --with-agent-pgm=%{_bindir}/gpg-agent \ - --with-pinentry-pgm=%{_bindir}/pinentry \ - --with-dirmngr-pgm=%{_bindir}/dirmngr \ - --with-scdaemon-pgm=%{_bindir}/scdaemon \ - --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ - --enable-ldap \ - --enable-gpgsm=yes \ - --enable-gpgtar \ + --disable-rpath \ --enable-g13 \ --enable-large-secmem \ - --enable-wks-tools \ --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ @@ -137,6 +128,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %install %make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ + # install gpgconf.conf bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink @@ -151,31 +143,20 @@ ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 -# fix rpmlint invalid-lc-messages-dir: -rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot - -# install scdaemon to %%{_bindir} (bnc#863645) -mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} -mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} - -# install tpm2daemon -mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir} - # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules -# Move the systemd user units to appropriate directory +# Move the systemd user units to the appropriate directory install -d -m 755 %{buildroot}%{_userunitdir} -mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_userunitdir} +cp systemd-user/gpg-agent*.s* %{buildroot}%{_userunitdir} +cp systemd-user/dirmngr.s* %{buildroot}%{_userunitdir} +cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/ %find_lang gnupg2 %fdupes -s %{buildroot} %check -# Run only localy, fails in OBS -%if ! 0%{?qemu_user_space_build} -%make_build -j1 check || : -%endif +%make_build check || : %post %udev_rules_update @@ -184,13 +165,12 @@ mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_user %files %license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ README +%doc AUTHORS NEWS THANKS TODO ChangeLog %{_infodir}/gnupg* %{_mandir}/*/[agsw]*%{ext_man} %doc %{_docdir}/%{name} -%{_bindir}/[gksw]* -%{_libdir}/g* -%{_libdir}/k* +%{_bindir}/[gkw]* +%{_libexecdir}/[gks]* %{_sbindir}/addgnupghome %{_sbindir}/applygnupgdefaults %{_sbindir}/g13-syshelp @@ -204,10 +184,11 @@ mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_user %license COPYING* %{_mandir}/*/dirmngr*%{ext_man} %{_bindir}/dirmngr* +%{_libexecdir}/dirmngr_ldap %{_userunitdir}/dirmngr.* %files tpm %license COPYING* -%{_bindir}/tpm2daemon* +%{_libexecdir}/tpm2daemon* %changelog