Dominique Leuenberger 2023-06-07 21:06:41 +00:00 committed by Git OBS Bridge
parent 88bac69b31
commit 5fac642654
10 changed files with 47 additions and 449 deletions

3
gnupg-2.3.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed
size 7644926

BIN
gnupg-2.3.8.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49
size 7346587

Binary file not shown.

View File

@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++ g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+) 2 files changed, 27 insertions(+)
Index: gnupg-2.4.2/doc/gpg.texi Index: gnupg-2.3.5/doc/gpg.texi
=================================================================== ===================================================================
--- gnupg-2.4.2.orig/doc/gpg.texi --- gnupg-2.3.5.orig/doc/gpg.texi
+++ gnupg-2.4.2/doc/gpg.texi +++ gnupg-2.3.5/doc/gpg.texi
@@ -2285,6 +2285,24 @@ implies, this option is for experts only @@ -2197,6 +2197,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option. off. @option{--no-expert} disables this option.
@ -32,28 +32,28 @@ Index: gnupg-2.4.2/doc/gpg.texi
@end table @end table
Index: gnupg-2.4.2/g10/gpg.c Index: gnupg-2.3.5/g10/gpg.c
=================================================================== ===================================================================
--- gnupg-2.4.2.orig/g10/gpg.c --- gnupg-2.3.5.orig/g10/gpg.c
+++ gnupg-2.4.2/g10/gpg.c +++ gnupg-2.3.5/g10/gpg.c
@@ -446,6 +446,7 @@ enum cmd_and_opt_values @@ -443,6 +443,7 @@ enum cmd_and_opt_values
oForceSignKey, oForceSignKey,
oForbidGenKey, oForbidGenKey,
oRequireCompliance, oRequireCompliance,
+ oSetLegacyFips, + oSetLegacyFips,
oCompatibilityFlags,
oAddDesigRevoker, oNoop
oAssertSigner, };
@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = { @@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
ARGPARSE_header (NULL, N_("Options for unattended use")), ARGPARSE_header (NULL, N_("Options for unattended use")),
@@ -3756,6 +3758,14 @@ main (int argc, char **argv) @@ -3737,6 +3739,14 @@ main (int argc, char **argv)
keybox_set_buffersize (pargs.r.ret_ulong, 0); opt.flags.require_compliance = 1;
break; break;
+ case oSetLegacyFips: + case oSetLegacyFips:

View File

@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
g10/import.c | 49 +++++++++++-------------------------------------- g10/import.c | 49 +++++++++++--------------------------------------
1 file changed, 11 insertions(+), 38 deletions(-) 1 file changed, 11 insertions(+), 38 deletions(-)
Index: gnupg-2.4.0/g10/import.c Index: gnupg-2.3.0/g10/import.c
=================================================================== ===================================================================
--- gnupg-2.4.0.orig/g10/import.c --- gnupg-2.3.0.orig/g10/import.c
+++ gnupg-2.4.0/g10/import.c +++ gnupg-2.3.0/g10/import.c
@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, @@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl,
size_t an; size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE]; char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0; int merge_keys_done = 0;
@ -29,7 +29,7 @@ Index: gnupg-2.4.0/g10/import.c
KEYDB_HANDLE hd = NULL; KEYDB_HANDLE hd = NULL;
if (r_valid) if (r_valid)
@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, @@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n"); log_printf ("\n");
} }
@ -44,12 +44,13 @@ Index: gnupg-2.4.0/g10/import.c
if (screener && screener (keyblock, screener_arg)) if (screener && screener (keyblock, screener_arg))
{ {
log_error (_("key %s: %s\n"), keystr_from_pk (pk), log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, @@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl,
xfree(user);
} }
} }
-
- /* Delete invalid parts and bail out if there are no user ids left. */ - /* Delete invalid parts and bail out if there are no user ids left. */
- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) - if (!delete_inv_parts (ctrl, keyblock, keyid, options))
- { - {
- if (!silent) - if (!silent)
- { - {
@ -63,11 +64,11 @@ Index: gnupg-2.4.0/g10/import.c
+ /* Delete invalid parts, and note if we have any valid ones left. + /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains + * We will later abort import if this key is new but contains
+ * no valid uids. */ + * no valid uids. */
+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); + delete_inv_parts (ctrl, keyblock, keyid, options);
/* Get rid of deleted nodes. */ /* Get rid of deleted nodes. */
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, @@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl,
{ {
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
@ -92,7 +93,7 @@ Index: gnupg-2.4.0/g10/import.c
} }
/* The keyblock is valid and ready for real import. */ /* The keyblock is valid and ready for real import. */
@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, @@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl,
err = 0; err = 0;
stats->skipped_new_keys++; stats->skipped_new_keys++;
} }

View File

@ -1,13 +0,0 @@
Index: gnupg-2.4.0/g10/keygen.c
===================================================================
--- gnupg-2.4.0.orig/g10/keygen.c
+++ gnupg-2.4.0/g10/keygen.c
@@ -2461,7 +2461,7 @@ get_keysize_range (int algo, unsigned in
default:
*min = opt.compliance == CO_DE_VS ? 2048: 1024;
- *max = 4096;
+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
def = 3072;
break;
}

View File

@ -1,202 +0,0 @@
From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 31 Oct 2022 16:14:18 +0100
Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
* g10/gpg.c (oRFC4880bis): Remove.
(opts): Make --rfc4880bis a Noop.
(compliance_options): Make rfc4880bis to gnupg.
(set_compliance_option): Remove rfc4880bis stuff.
(main): Ditto. Note that this now activates the --mimemode option.
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
(keygen_upd_std_prefs): Always announce support for v5 keys.
(read_parameter_file): Activate the v4 and v5 keywords.
--
Index: gnupg-2.4.1/g10/gpg.c
===================================================================
--- gnupg-2.4.1.orig/g10/gpg.c
+++ gnupg-2.4.1/g10/gpg.c
@@ -247,6 +247,7 @@ enum cmd_and_opt_values
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP7,
oPGP8,
@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
{
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
- { "rfc4880bis", oGnuPG },
+ { "rfc4880bis", oRFC4880bis },
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
{ "pgp6", oPGP7 },
@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
static void
set_compliance_option (enum cmd_and_opt_values option)
{
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
+
switch (option)
{
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+ break;
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
break;
case oDE_VS:
@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
/* Check special options given on the command line. */
orig_argc = argc;
@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
case oOpenPGP:
case oRFC2440:
case oRFC4880:
+ case oRFC4880bis:
case oPGP7:
case oPGP8:
case oGnuPG:
@@ -3868,6 +3892,11 @@ main (int argc, char **argv)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (!opt.flags.rfc4880bis)
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
@@ -4084,7 +4113,7 @@ main (int argc, char **argv)
/* Check our chosen algorithms against the list of legal
algorithms. */
- if(!GNUPG)
+ if(!GNUPG && !opt.flags.rfc4880bis)
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
Index: gnupg-2.4.1/g10/keygen.c
===================================================================
--- gnupg-2.4.1.orig/g10/keygen.c
+++ gnupg-2.4.1/g10/keygen.c
@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
strcat(dummy_string,"S7 ");
strcat(dummy_string,"S2 "); /* 3DES */
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
strcat(dummy_string,"A2 ");
if (personal)
@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
/* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available);
add_feature_aead (sig, aead_available);
- add_feature_v5 (sig, 1);
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
add_keyserver_modify (sig,ks_modify);
keygen_add_keyserver_url(sig,NULL);
@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
}
}
else if (!ascii_strcasecmp (s, "v5"))
- keyversion = 5;
+ {
+ if (opt.flags.rfc4880bis)
+ keyversion = 5;
+ }
else if (!ascii_strcasecmp (s, "v4"))
keyversion = 4;
else
@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
* ecdsa := Use algorithm ECDSA.
* eddsa := Use algorithm EdDSA.
* ecdh := Use algorithm ECDH.
- * v5 := Create version 5 key
+ * v5 := Create version 5 key (requires option --rfc4880bis)
*
* There are several defaults and fallbacks depending on the
* algorithm. PART can be used to select which part of STRING is
@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
}
}
- if ((keywords[i].key == pVERSION
- || keywords[i].key == pSUBVERSION))
- ; /* Ignore version. */
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+ || keywords[i].key == pSUBVERSION))
+ ; /* Ignore version unless --rfc4880bis is active. */
else
{
r = xmalloc_clear( sizeof *r + strlen( value ) );
@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
para = r;
}
- r = xmalloc_clear (sizeof *r + 20);
- r->key = for_subkey? pSUBVERSION : pVERSION;
- snprintf (r->u.value, 20, "%d", version);
- r->next = para;
- para = r;
+ if (opt.flags.rfc4880bis)
+ {
+ r = xmalloc_clear (sizeof *r + 20);
+ r->key = for_subkey? pSUBVERSION : pVERSION;
+ snprintf (r->u.value, 20, "%d", version);
+ r->next = para;
+ para = r;
+ }
if (keytime)
{

View File

@ -1,180 +1,3 @@
-------------------------------------------------------------------
Tue May 30 19:37:39 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.2:
* gpg: Print a warning if no more encryption subkeys are left over
after changing the expiration date. [rGef2c3d50fa]
* gpg: Fix searching for the ADSK key when adding an ADSK. [T6504]
* gpgsm: Speed up key listings on Windows. [rG08ff55bd44]
* gpgsm: Reduce the number of "failed to open policy file"
diagnostics. [rG68613a6a9d]
* agent: Make updating of private key files more robust and track
display S/N. [T6135]
* keyboxd: Avoid longish delays on Windows when listing keys.
[rG6944aefa3c]
* gpgtar: Emit extra status lines to help GPGME. [T6497]
* w32: Avoid using the VirtualStore. [T6403]
* Rebase gnupg-add_legacy_FIPS_mode_option.patch
-------------------------------------------------------------------
Fri Apr 28 11:58:06 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Update to 2.4.1:
* If the ~/.gnupg directory does not exist, the keyboxd is now
automagically enabled. [rGd9e7488b17]
* gpg: New option --add-desig-revoker. [rG3d094e2bcf]
* gpg: New option --assert-signer. [rGc9e95b8dee]
* gpg: New command --quick-add-adsk and other ADSK features.
[T6395, https://gnupg.org/blog/20230321-adsk.html]
* gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
instead of the user-id in key signature listings. [rG103acfe9ca]
* gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
* gpg: Detect already compressed data also when using a pipe. Also
detect JPEG and PNG file formats. [T6332]
* gpg: New subcommand "openpgp" for --card-edit. [T6462]
* gpgsm: Verification of detached signatures does now strip trailing
zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]
* gpgsm: Non-armored detached signature are now created without
using indefinite form length octets. This improves compatibility
with some PDF signature verification software. [rG8996b0b655]
* gpgtar: Emit progress status lines in create mode. [T6363]
* dirmngr: The LDAP modifyTimestamp is now returned by some
keyserver commands. [rG56d309133f]
* ssh: Allow specification of the order keys are presented to ssh.
See the man page entry for --enable-ssh-support. [T5996, T6212]
* gpg: Make list-options "show-sig-subpackets" work again.
Fixes regression in 2.4.0. [rG5a223303d7]
* gpg: Fix the keytocard command for Yubikeys. [T6378]
* gpg: Do not continue an export after a cancel for the primary key. [T6093]
* gpg: Replace the --override-compliance-check hack by a real fix. [T5655]
* gpgtar: Fix decryption with input taken from stdin. [T6355]
* Rebase patches:
- gnupg-revert-rfc4880bis.patch
- gnupg-add_legacy_FIPS_mode_option.patch
* Remove patch fixed upstream:
- gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
-------------------------------------------------------------------
Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Temporarily revert back to the pre-2.4 default for key generation.
The new rfc4880bis has been set as the default in 2.4 version and
might create incompatible keys. Note that, rfc4880bis can still
be used with the option flag --rfc4880bis as in previous versions.
* More info in the gnupg-devel ML:
https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html
* Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9
* Add gnupg-revert-rfc4880bis.patch
-------------------------------------------------------------------
Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
* Add gnupg-allow-large-rsa.patch
-------------------------------------------------------------------
Tue Feb 7 08:58:03 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Fix the regression test suite fails with the IBM TPM Software
stack. Builds fine using the Intel TPM; use the swtpm and
tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel.
-------------------------------------------------------------------
Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313
* The original patch has been modified to expand the changes
also to the tests/gpgme/Makefile.in file.
* Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
-------------------------------------------------------------------
Tue Dec 20 16:01:05 UTC 2022 - David Anes <david.anes@suse.com>
- Updated to require libgpg-error-devel >= 1.46
- Rebased patches:
* gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
* gnupg-add_legacy_FIPS_mode_option.patch
- GnuPG 2.4.0:
* common: Fix translations in --help for gpgrt < 1.47.
* gpg: Do not continue the export after a cancel for the primary key.
* gpg: Replace use of PRIu64 in log_debug.
* Update NEWS for 2.4.0.
* tests: Fix make check with GPGME.
* agent: Allow arguments to "scd serialno" in restricted mode.
* scd:p15: Skip deleted records.
* build: Remove Windows CE support.
* wkd: Do not send/install/mirror expired user ids.
* gpgsm: Print the revocation time also with --verify.
* gpgsm: Fix "problem re-searching certificate" case.
* gpgsm: Print revocation date and reason in cert listings.
* gpgsm: Silence the "non-critical certificate policy not allowed".
* gpgsm: Always use the chain model if the root-CA requests this.
* gpg: New export option "mode1003".
* gpg: Remove a mostly duplicated function.
* tests: Simplify fake-pinentry to use the option only.
* tests: Fix fake-pinentry for Windows.
* tests: Fix make check-all.
* agent: Fix import of protected v5 keys.
* gpgsm: Change default algo to AES-256.
* tests: Put a workaround for semihosted environment.
* tests: More fix for semihosted environment.
* tests: Support semihosted environment.
* tests: Fix tests under cms.
* tests,w32: Fix for semihosted environment.
* w32: Fix for tests on semihosted environment.
* w32: Fix gnupg_unsetenv.
* wkd: New option --add-revocs and some fixes.
* wkd: Make use of --debug extprog.
* gpg: New export-filter export-revocs.
* gpg: Fix double-free in gpg --card-edit.
* gpg: Make --require-compliance work with out --status-fd.
* gpg: New option --list-filter.
* dirmngr: Silence ocsp debug output.
* tests: Fix to support --enable-all-tests and variants.
* tests:w32: Fix for non-dot file name for Windows.
* tests:gpgscm:w32: Fix for GetTempPath.
* tests: Keep .log files in objdir.
* tests: Use 233 for invalid value of FD.
* w32: Fix gnupg_tmpfile for possible failure.
* scd: Redact --debug cardio output of a VERIFY APDU.
* common: Remove Windows CE support in common.
* gpgsm: Fix colon outout of ECC encryption certificates.
* scd:nks: Fix ECC signing if key not given by keygrip.
* dirmngr: Fix verification of ECDSA signed CRLs.
* agent: Allow trustlist on Windows in Unicode homedirs.
* gpg: Fix verification of cleartext signatures with overlong lines.
* gpg: Move w32_system function.
* gpg: New option --quick-update-pref.
* gpg: New list-options show-pref and show-pref-verbose.
* tests: Add tests to check that OCB is only used for capable keys.
* gpg: Make --list-packets work w/o --no-armor for plain OCB packets.
* tests: Add symmetric decryption tests.
* tests: Add tr:assert-same function.
* agent: Avoid blanks in the ssh key's comment.
* build: Update m4 files.
* gpg: Merge --rfc4880bis features into --gnupg.
* gpg: Allow only OCB for AEAD encryption.
* gpg: New option --compatibility-flags.
* gpgsm: Also announce AES256-CBC in signatures.
* gpg: Fix trusted introducer for user-ids with only the mbox.
* gpg: Import stray revocation certificates.
* agent: Automatically convert to extended key format by KEYATTR.
* card: New commands "gpg" and "gpgsm".
* card: Also show fingerprints of known X.509 certificates.
* scd:nks: Support non-ESIGN signing with the Signature Card v2.
* gpgsm: Allow ECC encryption keys with just keyAgreement specified.
* gpgsm: Use macro constants for cert_usage_p.
* build: Update gpg-error.m4.
* agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.
* gpg: Move NETLIBS after GPG_ERROR_LIBS.
* gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future.
* common,w32: Fix struct stat on Windows.
* agent,w32: Support Win32-OpenSSH emulation by gpg-agent.
* common: Don't use FD2INT for POSIX-only code.
* dirmngr: Fix build with no LDAP support.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal <pmonreal@suse.com> Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal <pmonreal@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package gpg2 # spec file for package gpg2
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: gpg2 Name: gpg2
Version: 2.4.2 Version: 2.3.8
Release: 0 Release: 0
Summary: File encryption, decryption, signature creation and verification utility Summary: File encryption, decryption, signature creation and verification utility
License: GPL-3.0-or-later License: GPL-3.0-or-later
@ -39,23 +39,19 @@ Patch7: gnupg-2.2.16-secmem.patch
Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch
Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set
Patch11: gnupg-allow-large-rsa.patch
#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
Patch12: gnupg-revert-rfc4880bis.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: ibmswtpm2
BuildRequires: ibmtss-devel
BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libassuan-devel >= 2.5.0
BuildRequires: libgcrypt-devel >= 1.9.1 BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libgpg-error-devel >= 1.46 BuildRequires: libgpg-error-devel >= 1.41
BuildRequires: libksba-devel >= 1.6.3 BuildRequires: libksba-devel >= 1.3.4
BuildRequires: makeinfo BuildRequires: makeinfo
BuildRequires: npth-devel >= 1.2 BuildRequires: npth-devel >= 1.2
BuildRequires: openldap2-devel BuildRequires: openldap2-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: readline-devel BuildRequires: readline-devel
BuildRequires: swtpm
BuildRequires: tpm2-0-tss-devel
BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(gnutls) >= 3.0
BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(libusb-1.0)
@ -64,7 +60,6 @@ BuildRequires: pkgconfig(zlib)
# runtime dependency to support devel repository users - boo#955982 # runtime dependency to support devel repository users - boo#955982
Requires: libassuan0 >= 2.5.0 Requires: libassuan0 >= 2.5.0
Requires: libgcrypt20 >= 1.9.1 Requires: libgcrypt20 >= 1.9.1
Requires: libgpg-error >= 1.46
Requires: libksba >= 1.3.4 Requires: libksba >= 1.3.4
Requires: pinentry Requires: pinentry
Recommends: dirmngr = %{version} Recommends: dirmngr = %{version}
@ -120,7 +115,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
--with-dirmngr-pgm=%{_bindir}/dirmngr \ --with-dirmngr-pgm=%{_bindir}/dirmngr \
--with-scdaemon-pgm=%{_bindir}/scdaemon \ --with-scdaemon-pgm=%{_bindir}/scdaemon \
--with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \
--disable-rpath \
--enable-ldap \ --enable-ldap \
--enable-gpgsm=yes \ --enable-gpgsm=yes \
--enable-gpgtar \ --enable-gpgtar \
@ -129,8 +123,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
--enable-wks-tools \ --enable-wks-tools \
--with-gnu-ld \ --with-gnu-ld \
--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
--with-tss=intel \
--enable-all-tests \
--enable-build-timestamp=$date \ --enable-build-timestamp=$date \
--enable-gpg-is-gpg2 --enable-gpg-is-gpg2
@ -139,51 +131,47 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
%install %install
%make_install %make_install
mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
# install gpgconf.conf bnc#391347 # bnc#391347
install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
# delete to prevent fdupes from creating cross-partition hardlink # delete to prevent fdupes from creating cross-partition hardlink
rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
# remove info dir
rm %{buildroot}%{_infodir}/dir rm %{buildroot}%{_infodir}/dir
# compat symlinks # compat symlinks
ln -sf gpg2 %{buildroot}%{_bindir}/gpg ln -sf gpg2 %{buildroot}%{_bindir}/gpg
ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
# fix rpmlint invalid-lc-messages-dir: # fix rpmlint invalid-lc-messages-dir:
rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
# install scdaemon to %%{_bindir} (bnc#863645) # install scdaemon to %%{_bindir} (bnc#863645)
mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
# install tpm2daemon # install tpm2daemon
mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
# install udev rules for scdaemon # install udev rules for scdaemon
install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
%check
%make_build check || :
%find_lang gnupg2 %find_lang gnupg2
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
%check
# Run only localy, fails in OBS
#%%if ! 0%%{?qemu_user_space_build}
#make %%{?_smp_mflags} check
#%%endif
%post %post
%udev_rules_update %udev_rules_update
%files lang -f gnupg2.lang %files lang -f gnupg2.lang
%files %files
%license COPYING*
%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
%{_infodir}/gnupg* %{_infodir}/gnupg*
%exclude %{_mandir}/*/dirmngr*%{ext_man} %exclude %{_mandir}/*/dirmngr*%{ext_man}
%{_mandir}/*/*%{ext_man} %{_mandir}/*/*%{ext_man}
%license COPYING*
%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.*
%doc %{_docdir}/%{name} %doc %{_docdir}/%{name}
%exclude %{_bindir}/dirmngr* %exclude %{_bindir}/dirmngr*
%exclude %{_bindir}/tpm2daemon* %exclude %{_bindir}/tpm2daemon*
@ -200,6 +188,7 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
%files -n dirmngr %files -n dirmngr
%license COPYING* %license COPYING*
%{_mandir}/*/dirmngr*%{ext_man} %{_mandir}/*/dirmngr*%{ext_man}
%{_docdir}/%{name}/examples/systemd-user/dirmngr.*
%{_bindir}/dirmngr* %{_bindir}/dirmngr*
%files tpm %files tpm