Accepting request 1116649 from security:privacy

- Install the internal executables in the /usr/libexec dir instead of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase, gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon. - Provide the systemd-user files since they have been removed upstream since version 2.4.1. [bsc#1201564] * Add gpg2-systemd-user.tar.xz - Revert back to use the IBM TPM Software stack. - Update to 2.4.3: * gpg: Set default expiration date to 3 years. [T2701] * gpg: Add --list-filter properties "key_expires" and "key_expires_d". [T6529] * gpg: Emit status line and proper diagnostics for write errors. [T6528] * gpg: Make progress work for large files on Windows. [T6534] * gpg: New option --no-compress as alias for -z0. * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgtar: New option --no-compress. * dirmngr: Extend the AD_QUERY command. [rG207c99567c] * dirmngr: Disable the HTTP redirect rewriting. [T6477] * dirmngr: New option --compatibility-flags. [rGbf04b07327] * dirmngr: New option --ignore-crl-extensions. [T6545] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a27] * wkd: Make --add-revocs the default in gpg-wks-client. New option --no-add-revocs. [rG10c937ee68] OBS-URL: https://build.opensuse.org/request/show/1116649 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=292
2023-10-10 15:00:55 +00:00 · 2023-10-10 15:00:55 +00:00 · 4eafdb296b
commit 4eafdb296b
parent 97910ac5da
10 changed files with 167 additions and 243 deletions
--- a/gnupg-2.4.0.tar.bz2
+++ b/gnupg-2.4.0.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
 size 7666935
--- a/gnupg-2.4.0.tar.bz2.sig
+++ b/gnupg-2.4.0.tar.bz2.sig
--- a/gnupg-2.4.3.tar.bz2
+++ b/gnupg-2.4.3.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a271ae6d732f6f4d80c258ad9ee88dd9c94c8fdc33c3e45328c4d7c126bd219d
 size 7351327
--- a/gnupg-2.4.3.tar.bz2.sig
+++ b/gnupg-2.4.3.tar.bz2.sig
--- a/gnupg-add_legacy_FIPS_mode_option.patch
+++ b/gnupg-add_legacy_FIPS_mode_option.patch
@ -3,11 +3,11 @@
 g10/gpg.c    |    9 +++++++++
 2 files changed, 27 insertions(+)
-Index: gnupg-2.4.0/doc/gpg.texi
+Index: gnupg-2.4.2/doc/gpg.texi
 ===================================================================
--- gnupg-2.4.0.orig/doc/gpg.texi
+--- gnupg-2.4.2.orig/doc/gpg.texi
-+++ gnupg-2.4.0/doc/gpg.texi
+++ gnupg-2.4.2/doc/gpg.texi
-@@ -2218,6 +2218,24 @@ implies, this option is for experts only
+@@ -2285,6 +2285,24 @@ implies, this option is for experts only
 understand the implications of what it allows you to do, leave this
 off. @option{--no-expert} disables this option.
@ -32,28 +32,28 @@ Index: gnupg-2.4.0/doc/gpg.texi
 @end table
-Index: gnupg-2.4.0/g10/gpg.c
+Index: gnupg-2.4.2/g10/gpg.c
 ===================================================================
--- gnupg-2.4.0.orig/g10/gpg.c
+--- gnupg-2.4.2.orig/g10/gpg.c
-+++ gnupg-2.4.0/g10/gpg.c
+++ gnupg-2.4.2/g10/gpg.c
-@@ -443,6 +443,7 @@ enum cmd_and_opt_values
+@@ -446,6 +446,7 @@ enum cmd_and_opt_values
     oForceSignKey,
     oForbidGenKey,
     oRequireCompliance,
 +    oSetLegacyFips,
     oCompatibilityFlags,
- 
+     oAddDesigRevoker,
-     oNoop
+     oAssertSigner,
-@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = {
+@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
   ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
   ARGPARSE_header (NULL, N_("Options for unattended use")),
-@@ -3711,6 +3714,14 @@ main (int argc, char **argv)
+@@ -3756,6 +3758,14 @@ main (int argc, char **argv)
-             opt.flags.require_compliance = 1;
+             keybox_set_buffersize (pargs.r.ret_ulong, 0);
             break;
 +         case oSetLegacyFips:
--- a/gnupg-revert-rfc4880bis.patch
+++ b/gnupg-revert-rfc4880bis.patch
@ -13,11 +13,11 @@ Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
 (read_parameter_file): Activate the v4 and v5 keywords.
 --
-Index: gnupg-2.4.0/g10/gpg.c
+Index: gnupg-2.4.1/g10/gpg.c
 ===================================================================
--- gnupg-2.4.0.orig/g10/gpg.c
+--- gnupg-2.4.1.orig/g10/gpg.c
-+++ gnupg-2.4.0/g10/gpg.c
+++ gnupg-2.4.1/g10/gpg.c
-@@ -246,6 +246,7 @@ enum cmd_and_opt_values
+@@ -247,6 +247,7 @@ enum cmd_and_opt_values
     oGnuPG,
     oRFC2440,
     oRFC4880,
@ -25,7 +25,7 @@ Index: gnupg-2.4.0/g10/gpg.c
     oOpenPGP,
     oPGP7,
     oPGP8,
-@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = {
+@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
@ -33,15 +33,15 @@ Index: gnupg-2.4.0/g10/gpg.c
   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
   ARGPARSE_s_n (oPGP7, "pgp6", "@"),
   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
-@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = {
+@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
   ARGPARSE_s_s (oNoop, "aead-algo", "@"),
   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
 -  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
-   ARGPARSE_group (302, N_(
+@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co
   {
     { "gnupg",      oGnuPG },
     { "openpgp",    oOpenPGP },
@ -50,7 +50,7 @@ Index: gnupg-2.4.0/g10/gpg.c
     { "rfc4880",    oRFC4880 },
     { "rfc2440",    oRFC2440 },
     { "pgp6",       oPGP7 },
-@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co
+@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
 static void
 set_compliance_option (enum cmd_and_opt_values option)
 {
@ -79,7 +79,7 @@ Index: gnupg-2.4.0/g10/gpg.c
     case oOpenPGP:
     case oRFC4880:
       /* This is effectively the same as RFC2440, but with
-@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_
+@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
     case oPGP8:  opt.compliance = CO_PGP8;  break;
     case oGnuPG:
       opt.compliance = CO_GNUPG;
@ -87,7 +87,7 @@ Index: gnupg-2.4.0/g10/gpg.c
       break;
     case oDE_VS:
-@@ -2470,6 +2492,7 @@ main (int argc, char **argv)
+@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
     opt.emit_version = 0;
     opt.weak_digests = NULL;
     opt.compliance = CO_GNUPG;
@ -95,7 +95,7 @@ Index: gnupg-2.4.0/g10/gpg.c
     /* Check special options given on the command line.  */
     orig_argc = argc;
-@@ -3008,6 +3031,7 @@ main (int argc, char **argv)
+@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
           case oOpenPGP:
           case oRFC2440:
           case oRFC4880:
@ -103,7 +103,7 @@ Index: gnupg-2.4.0/g10/gpg.c
           case oPGP7:
           case oPGP8:
           case oGnuPG:
-@@ -3832,6 +3856,11 @@ main (int argc, char **argv)
+@@ -3868,6 +3892,11 @@ main (int argc, char **argv)
     if( may_coredump && !opt.quiet )
 	log_info(_("WARNING: program may create a core file!\n"));
@ -115,7 +115,7 @@ Index: gnupg-2.4.0/g10/gpg.c
     if (eyes_only) {
       if (opt.set_filename)
 	  log_info(_("WARNING: %s overrides %s\n"),
-@@ -4057,7 +4086,7 @@ main (int argc, char **argv)
+@@ -4084,7 +4113,7 @@ main (int argc, char **argv)
     /* Check our chosen algorithms against the list of legal
        algorithms. */
@ -124,11 +124,11 @@ Index: gnupg-2.4.0/g10/gpg.c
       {
 	const char *badalg=NULL;
 	preftype_t badtype=PREFTYPE_NONE;
-Index: gnupg-2.4.0/g10/keygen.c
+Index: gnupg-2.4.1/g10/keygen.c
 ===================================================================
--- gnupg-2.4.0.orig/g10/keygen.c
+--- gnupg-2.4.1.orig/g10/keygen.c
-+++ gnupg-2.4.0/g10/keygen.c
+++ gnupg-2.4.1/g10/keygen.c
-@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string
+@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
 	      strcat(dummy_string,"S7 ");
 	    strcat(dummy_string,"S2 "); /* 3DES */
@ -137,7 +137,7 @@ Index: gnupg-2.4.0/g10/keygen.c
 	      strcat(dummy_string,"A2 ");
             if (personal)
-@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig
+@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
   /* Make sure that the MDC feature flag is set if needed.  */
   add_feature_mdc (sig,mdc_available);
   add_feature_aead (sig, aead_available);
@ -146,7 +146,7 @@ Index: gnupg-2.4.0/g10/keygen.c
   add_keyserver_modify (sig,ks_modify);
   keygen_add_keyserver_url(sig,NULL);
-@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
                 }
             }
           else if (!ascii_strcasecmp (s, "v5"))
@ -158,7 +158,7 @@ Index: gnupg-2.4.0/g10/keygen.c
           else if (!ascii_strcasecmp (s, "v4"))
             keyversion = 4;
           else
-@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
  *   ecdsa := Use algorithm ECDSA.
  *   eddsa := Use algorithm EdDSA.
  *   ecdh  := Use algorithm ECDH.
@ -167,7 +167,7 @@ Index: gnupg-2.4.0/g10/keygen.c
  *
  * There are several defaults and fallbacks depending on the
  * algorithm.  PART can be used to select which part of STRING is
-@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const
+@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
 	    }
 	}
@ -180,7 +180,7 @@ Index: gnupg-2.4.0/g10/keygen.c
         else
           {
             r = xmalloc_clear( sizeof *r + strlen( value ) );
-@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p
+@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
       para = r;
     }
--- a/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
+++ b/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
@ -1,168 +0,0 @@
 From e89d57a2cb10bd04d266165015f159be2ab48984 Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Wed, 21 Dec 2022 10:52:24 +0900
 Subject: tests: Fix tests/gpgme for in-source-tree builds.
 * tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
 * tests/gpgme/Makefile.in: Don't use setup.scm/ dir.
 * tests/gpgme/all-tests.scm: Fix the name of the environment.
 --
 GnuPG-bug-id: 6313
 Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d
 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
 Index: gnupg-2.4.0/tests/gpgme/Makefile.am
 ===================================================================
 --- gnupg-2.4.0.orig/tests/gpgme/Makefile.am
 +++ gnupg-2.4.0/tests/gpgme/Makefile.am
@@ -47,8 +47,7 @@ check: xcheck
 .PHONY: xcheck
 xcheck:
 -	@$(MKDIR_P) setup.scm/tests \
 -	  tests/gpg lang/qt/tests lang/python/tests
 +	@$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
 	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
 	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
@@ -61,4 +60,4 @@ CLEANFILES = *.log report.xml
 all-local: $(required_pgms)
 clean-local:
 -	-rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests
 +	-rm -rf tests lang
 Index: gnupg-2.4.0/tests/gpgme/Makefile.in
 ===================================================================
 --- gnupg-2.4.0.orig/tests/gpgme/Makefile.in
 +++ gnupg-2.4.0/tests/gpgme/Makefile.in
@@ -614,8 +614,7 @@ check: xcheck
 .PHONY: xcheck
 xcheck:
 -	@$(MKDIR_P) setup.scm/tests \
 -	  tests/gpg lang/qt/tests lang/python/tests
 +	@$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
 	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
 	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
@@ -624,7 +623,7 @@ xcheck:
 all-local: $(required_pgms)
 clean-local:
 -	-rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests
 +	-rm -rf tests lang
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 Index: gnupg-2.4.0/tests/gpgme/all-tests.scm
 ===================================================================
 --- gnupg-2.4.0.orig/tests/gpgme/all-tests.scm
 +++ gnupg-2.4.0/tests/gpgme/all-tests.scm
@@ -41,7 +41,7 @@
     (test::scm
      #f
      #f
 -     (path-join "tests" "gpgme" "setup.scm" "tests" "gpg")
 +     (path-join "tests" "gpgme" "tests" "gpg")
      (in-srcdir "tests" "gpgme" "setup.scm")
      "--" "tests" "gpg")))
  (define setup-py
@@ -49,7 +49,7 @@
     (test::scm
      #f
      #f
 -     (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests")
 +     (path-join "tests" "gpgme" "lang" "python" "tests")
      (in-srcdir "tests" "gpgme" "setup.scm")
      "--" "lang" "python" "tests")))
 From 658daae34aa3b2b40e6473d44d41abcf175f1ab2 Mon Sep 17 00:00:00 2001
 From: Werner Koch <wk@gnupg.org>
 Date: Tue, 21 Mar 2023 09:15:20 +0100
 Subject: [PATCH 0787/1000] doc: Suggest the use of out-of-source builds.
 --
 GnuPG-bug-id:  6313
 diff --git a/INSTALL b/INSTALL
 index 5458714e1..9e9642898 100644
 --- a/INSTALL
 +++ b/INSTALL
@@ -42,10 +42,12 @@ may remove or edit it.
 you want to change it or regenerate `configure' using a newer version
 of `autoconf'.
 -The simplest way to compile this package is:
 +The suggested way to compile this package is:
 -  1. `cd' to the directory containing the package's source code and type
 -     `./configure' to configure the package for your system.
 +  1. `cd' to the directory containing the package's source code and
 +     create a new directory named `build'.  Then `cd' to that
 +     directory and type `../configure' to configure the package for
 +     your system.
      Running `configure' might take a while.  While running, it prints
      some messages telling which features it is checking for.
@@ -58,14 +60,17 @@ The simplest way to compile this package is:
   4. Type `make install' to install the programs and any data files and
      documentation.
 -  5. You can remove the program binaries and object files from the
 -     source code directory by typing `make clean'.  To also remove the
 -     files that `configure' created (so you can compile the package for
 -     a different kind of computer), type `make distclean'.  There is
 -     also a `make maintainer-clean' target, but that is intended mainly
 -     for the package's developers.  If you use it, you may have to get
 -     all sorts of other programs in order to regenerate files that came
 -     with the distribution.
 +  5. You can remove the program binaries and object files by deleting
 +     all files from the `build' directory.  In case you did not used a
 +     dedicated build directory but build the software directly in the
 +     source tree, you can remove the program binaries and object files
 +     from the source code directory by typing `make clean'.  To also
 +     remove the files that `configure' created (so you can compile the
 +     package for a different kind of computer), type `make distclean'.
 +     There is also a `make maintainer-clean' target, but that is
 +     intended mainly for the package's developers.  If you use it, you
 +     may have to get all sorts of other programs in order to
 +     regenerate files that came with the distribution.
 Compilers and Options
 =====================
@@ -231,4 +236,3 @@ an Autoconf bug.  Until the bug is fixed you can use this workaround:
 `configure' also accepts some other, not widely useful, options.  Run
 `configure --help' for more details.
 -
 diff --git a/README b/README
 index 42eed238f..b9bf7805e 100644
 --- a/README
 +++ b/README
@@ -53,7 +53,9 @@
   As with all packages, you just have to do
 -    ./configure
 +    mkdir build
 +    cd build
 +    ../configure
     make
     make check
     make install
@@ -81,7 +83,8 @@
   To quickly build all required software without installing it, the
   Speedo method may be used:
 -    make -f build-aux/speedo.mk  native
 +    cd build
 +    make -f ../build-aux/speedo.mk  native
   This method downloads all required libraries and does a native build
   of GnuPG to PLAY/inst/.  GNU make is required and you need to set
 -- 
 2.42.0
--- a/gpg2-systemd-user.tar.xz
+++ b/gpg2-systemd-user.tar.xz
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Tue Oct 10 06:46:08 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Install the internal executables in the /usr/libexec dir instead
  of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth
  gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase,
  gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon.
 -------------------------------------------------------------------
 Mon Oct  9 12:33:12 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Provide the systemd-user files since they have been removed
  upstream since version 2.4.1. [bsc#1201564]
  * Add gpg2-systemd-user.tar.xz
 -------------------------------------------------------------------
 Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
@ -5,6 +20,92 @@ Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
  * Note that, there is no activation by default.
  * Rework excludes in the spec's files section.
 -------------------------------------------------------------------
 Thu Aug  3 16:24:19 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Revert back to use the IBM TPM Software stack.
 -------------------------------------------------------------------
 Wed Jul  5 09:10:55 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Update to 2.4.3:
  * gpg: Set default expiration date to 3 years. [T2701]
  * gpg: Add --list-filter properties "key_expires" and
    "key_expires_d". [T6529]
  * gpg: Emit status line and proper diagnostics for write errors. [T6528]
  * gpg: Make progress work for large files on Windows. [T6534]
  * gpg: New option --no-compress as alias for -z0.
  * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534]
  * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0]
  * gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
  * gpgtar: New option --no-compress.
  * dirmngr: Extend the AD_QUERY command. [rG207c99567c]
  * dirmngr: Disable the HTTP redirect rewriting. [T6477]
  * dirmngr: New option --compatibility-flags. [rGbf04b07327]
  * dirmngr: New option --ignore-crl-extensions. [T6545]
  * wkd: Use export-clean for gpg-wks-client's --mirror and --create
    commands. [rG2c7f7a5a27]
  * wkd: Make --add-revocs the default in gpg-wks-client. New option
    --no-add-revocs. [rG10c937ee68]
  * scd: Make signing work for Nexus cards. [rGb83d86b988]
  * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce]
 -------------------------------------------------------------------
 Tue May 30 19:37:39 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Update to 2.4.2:
  * gpg: Print a warning if no more encryption subkeys are left over
    after changing the expiration date.  [rGef2c3d50fa]
  * gpg: Fix searching for the ADSK key when adding an ADSK.  [T6504]
  * gpgsm: Speed up key listings on Windows.  [rG08ff55bd44]
  * gpgsm: Reduce the number of "failed to open policy file"
    diagnostics.  [rG68613a6a9d]
  * agent: Make updating of private key files more robust and track
    display S/N.  [T6135]
  * keyboxd: Avoid longish delays on Windows when listing keys.
    [rG6944aefa3c]
  * gpgtar: Emit extra status lines to help GPGME.  [T6497]
  * w32: Avoid using the VirtualStore.  [T6403]
  * Rebase gnupg-add_legacy_FIPS_mode_option.patch
 -------------------------------------------------------------------
 Fri Apr 28 11:58:06 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Update to 2.4.1:
  * If the ~/.gnupg directory does not exist, the keyboxd is now
    automagically enabled. [rGd9e7488b17]
  * gpg: New option --add-desig-revoker. [rG3d094e2bcf]
  * gpg: New option --assert-signer. [rGc9e95b8dee]
  * gpg: New command --quick-add-adsk and other ADSK features.
    [T6395, https://gnupg.org/blog/20230321-adsk.html]
  * gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
    instead of the user-id in key signature listings. [rG103acfe9ca]
  * gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
  * gpg: Detect already compressed data also when using a pipe. Also
    detect JPEG and PNG file formats. [T6332]
  * gpg: New subcommand "openpgp" for --card-edit. [T6462]
  * gpgsm: Verification of detached signatures does now strip trailing
    zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]
  * gpgsm: Non-armored detached signature are now created without
    using indefinite form length octets. This improves compatibility
    with some PDF signature verification software. [rG8996b0b655]
  * gpgtar: Emit progress status lines in create mode. [T6363]
  * dirmngr: The LDAP modifyTimestamp is now returned by some
    keyserver commands. [rG56d309133f]
  * ssh: Allow specification of the order keys are presented to ssh.
    See the man page entry for --enable-ssh-support. [T5996, T6212]
  * gpg: Make list-options "show-sig-subpackets" work again.
    Fixes regression in 2.4.0. [rG5a223303d7]
  * gpg: Fix the keytocard command for Yubikeys. [T6378]
  * gpg: Do not continue an export after a cancel for the primary key. [T6093]
  * gpg: Replace the --override-compliance-check hack by a real fix. [T5655]
  * gpgtar: Fix decryption with input taken from stdin. [T6355]
  * Rebase patches:
    - gnupg-revert-rfc4880bis.patch
    - gnupg-add_legacy_FIPS_mode_option.patch
  * Remove patch fixed upstream:
    - gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
 -------------------------------------------------------------------
 Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
@ -23,6 +124,13 @@ Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Allow 8192 bit RSA keys in keygen UI when large_rsa is set
  * Add gnupg-allow-large-rsa.patch
 -------------------------------------------------------------------
 Tue Feb  7 08:58:03 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 - Fix the regression test suite fails with the IBM TPM Software
  stack. Builds fine using the Intel TPM; use the swtpm and
  tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel.
 -------------------------------------------------------------------
 Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
--- a/gpg2.spec
+++ b/gpg2.spec
@ -17,7 +17,7 @@
 Name:           gpg2
-Version:        2.4.0
+Version:        2.4.3
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@ -28,6 +28,7 @@ Source2:        https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:        https://gnupg.org/signature_key.asc#/%{name}.keyring
 Source4:        scdaemon.udev
 Source5:        gpg2-systemd-user.tar.xz
 Source99:       %{name}.changes
 Patch1:         gnupg-gpg-agent-ulimit.patch
 Patch2:         gnupg-2.0.9-langinfo.patch
@ -43,8 +44,6 @@ Patch10:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.pa
 Patch11:        gnupg-allow-large-rsa.patch
 #PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
 Patch12:        gnupg-revert-rfc4880bis.patch
 #PATCH-FIX-UPSTREAM Fix tests/gpgme for in-source-tree builds
 Patch13:        gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  ibmswtpm2
@ -66,6 +65,7 @@ BuildRequires:  pkgconfig(zlib)
 # runtime dependency to support devel repository users - boo#955982
 Requires:       libassuan0 >= 2.5.0
 Requires:       libgcrypt20 >= 1.9.1
 Requires:       libgpg-error >= 1.46
 Requires:       libksba >= 1.3.4
 Requires:       pinentry
 Recommends:     dirmngr = %{version}
@ -105,7 +105,7 @@ keytotpm command will not function unless this package is installed.
 %lang_package
 %prep
-%autosetup -p1 -n gnupg-%{version}
+%autosetup -p1 -a5 -n gnupg-%{version}
 # In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch
 # to not have man pages and info files have the build date (boo#1047218)
@ -114,19 +114,10 @@ touch -d 2018-05-04 doc/gpg.texi
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
 %configure \
    --libexecdir=%{_libdir} \
    --docdir=%{_docdir}/%{name} \
-    --with-agent-pgm=%{_bindir}/gpg-agent \
+    --disable-rpath \
    --with-pinentry-pgm=%{_bindir}/pinentry \
    --with-dirmngr-pgm=%{_bindir}/dirmngr \
    --with-scdaemon-pgm=%{_bindir}/scdaemon \
    --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \
    --enable-ldap \
    --enable-gpgsm=yes \
    --enable-gpgtar \
    --enable-g13 \
    --enable-large-secmem \
    --enable-wks-tools \
    --with-gnu-ld \
    --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
    --enable-build-timestamp=$date \
@ -137,6 +128,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
 %install
 %make_install
 mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
 # install gpgconf.conf bnc#391347
 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
 # delete to prevent fdupes from creating cross-partition hardlink
@ -151,31 +143,20 @@ ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
 ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
 # install scdaemon to %%{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
 # install tpm2daemon
 mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
 # install udev rules for scdaemon
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
-# Move the systemd user units to appropriate directory
+# Move the systemd user units to the appropriate directory
 install -d -m 755 %{buildroot}%{_userunitdir}
-mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_userunitdir}
+cp systemd-user/gpg-agent*.s* %{buildroot}%{_userunitdir}
 cp systemd-user/dirmngr.s* %{buildroot}%{_userunitdir}
 cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/
 %find_lang gnupg2
 %fdupes -s %{buildroot}
 %check
-# Run only localy, fails in OBS
+%make_build check || :
 %if ! 0%{?qemu_user_space_build}
 %make_build -j1 check || :
 %endif
 %post
 %udev_rules_update
@ -184,13 +165,12 @@ mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_user
 %files
 %license COPYING*
-%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ README
+%doc AUTHORS NEWS THANKS TODO ChangeLog
 %{_infodir}/gnupg*
 %{_mandir}/*/[agsw]*%{ext_man}
 %doc %{_docdir}/%{name}
-%{_bindir}/[gksw]*
+%{_bindir}/[gkw]*
-%{_libdir}/g*
+%{_libexecdir}/[gks]*
 %{_libdir}/k*
 %{_sbindir}/addgnupghome
 %{_sbindir}/applygnupgdefaults
 %{_sbindir}/g13-syshelp
@ -204,10 +184,11 @@ mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_user
 %license COPYING*
 %{_mandir}/*/dirmngr*%{ext_man}
 %{_bindir}/dirmngr*
 %{_libexecdir}/dirmngr_ldap
 %{_userunitdir}/dirmngr.*
 %files tpm
 %license COPYING*
-%{_bindir}/tpm2daemon*
+%{_libexecdir}/tpm2daemon*
 %changelog