From 7bc0733e98473e893e7ece7788b6ec88ea584582cfabf0620492e1cb89a4e727 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 8 Feb 2008 17:45:44 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=16 --- gnupg-2.0.5.fixes-from-svn-20070812.diff | 44 ------- gnupg-2.0.8-from-upstream.diff | 142 +++++++++++++++++++++++ gnupg-2.0.8-warningfixes.diff | 31 +++++ gpg2.changes | 5 + gpg2.spec | 118 ++++++++++--------- 5 files changed, 238 insertions(+), 102 deletions(-) delete mode 100644 gnupg-2.0.5.fixes-from-svn-20070812.diff create mode 100644 gnupg-2.0.8-from-upstream.diff create mode 100644 gnupg-2.0.8-warningfixes.diff diff --git a/gnupg-2.0.5.fixes-from-svn-20070812.diff b/gnupg-2.0.5.fixes-from-svn-20070812.diff deleted file mode 100644 index c0a027a..0000000 --- a/gnupg-2.0.5.fixes-from-svn-20070812.diff +++ /dev/null @@ -1,44 +0,0 @@ -# This fixes the t-gettime testcase: ---- gnupg-2.0.5/common/ChangeLog 2007-07-05 11:57:28.000000000 +0200 -+++ gnupg/common/ChangeLog -@@ -1,3 +1,7 @@ -+2007-07-09 Werner Koch -+ -+ * t-gettime.c (test_isotime2epoch): Use time_t and not u32. -+ - 2007-07-05 Werner Koch - - * t-gettime.c: New. ---- gnupg-2.0.5/common/t-gettime.c 2007-07-05 12:05:01.000000000 +0200 -+++ gnupg/common/t-gettime.c 2007-08-12 18:32:51.000000000 +0200 -@@ -57,7 +57,7 @@ - { NULL, 0 } - }; - int idx; -- u32 val; -+ time_t val; - gnupg_isotime_t tbuf; - - for (idx=0; array[idx].string; idx++) -# Looks right....: ---- gnupg-2.0.5/tools/ChangeLog 2007-07-05 18:56:24.000000000 +0200 -+++ gnupg/tools/ChangeLog -@@ -1,3 +1,7 @@ -+2007-07-16 Marcus Brinkmann -+ -+ * gpg-connect-agent.c (main): Bail out if write fails. -+ - 2007-07-05 Marcus Brinkmann - - * symcryptrun.c (confucius_get_pass): Define orig_codeset if ---- gnupg-2.0.5/tools/gpg-connect-agent.c 2007-07-04 15:06:00.000000000 +0200 -+++ gnupg/tools/gpg-connect-agent.c -@@ -464,7 +463,7 @@ - if (rc) - { - log_info (_("sending line failed: %s\n"), gpg_strerror (rc) ); -- continue; -+ break; - } - if (*line == '#' || !*line) - continue; /* Don't expect a response for a comment line. */ diff --git a/gnupg-2.0.8-from-upstream.diff b/gnupg-2.0.8-from-upstream.diff new file mode 100644 index 0000000..37011c7 --- /dev/null +++ b/gnupg-2.0.8-from-upstream.diff @@ -0,0 +1,142 @@ + +This patch contains hand-selected fixes from upstream, some are needed +to make 'make check' of gpgme succeed without errors. - bk@suse.de + +--- gnupg-2.0.8//doc/qualified.txt 2007-12-13 16:13:10.000000000 +0100 ++++ gnupg-r4688//doc/qualified.txt 2008-02-06 16:58:10.000000000 +0100 +@@ -4,9 +4,9 @@ + # signatures are. Comments like this one and empty lines are allowed + # Lines do have a length limit but this is not a serious limitation as + # the format of the entries is fixed and checked by gpgsm: A +-# non-comment line starts with optional white spaces, followed by +-# exactly 40 hex character, white space and a lowercased 2 letter +-# country code. Additional data delimited with by a white space is ++# non-comment line starts with optional whitespaces, followed by ++# exactly 40 hex character, whitespace and a lowercased 2 letter ++# country code. Additional data delimited with by a whitespace is + # current ignored but might late be used for other purposes. + # + # Note: The subversion copy of this file carries a gpg:signature +@@ -193,7 +193,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:3 + #[checked: 2007-12-13 via received ZIP file with qualified signature from + # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag + # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg] +-C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA ++C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de + + # ID: 0x3A7D979B + # S/N: 00C4216083F35C54F67B09A80C3C55FE7D +@@ -208,7 +208,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:7 + #[checked: 2007-12-13 via received ZIP file with qualified signature from + # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag + # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"] +-D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B ++D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de + + + #******************************************* +--- gnupg-2.0.8//g10/card-util.c 2007-07-17 14:59:52.000000000 +0200 ++++ gnupg-r4688//g10/card-util.c 2008-02-06 16:58:14.000000000 +0100 +@@ -156,6 +156,8 @@ get_manufacturer (unsigned int no) + case 0x0001: return "PPC Card Systems"; + case 0x0002: return "Prism"; + case 0x0003: return "OpenFortress"; ++ case 0x0004: return "Wewid AB"; ++ + /* 0x00000 and 0xFFFF are defined as test cards per spec, + 0xFFF00 to 0xFFFE are assigned for use with randomly created + serial numbers. */ +--- gnupg-2.0.8//g10/gpg.c 2007-12-14 12:08:13.000000000 +0100 ++++ gnupg-r4688//g10/gpg.c 2008-02-06 16:58:14.000000000 +0100 +@@ -623,6 +623,7 @@ static ARGPARSE_OPTS opts[] = { + { oLockNever, "lock-never", 0, "@" }, + { oLoggerFD, "logger-fd",1, "@" }, + { oLoggerFile, "log-file",2, "@" }, ++ { oLoggerFile, "logger-file",2, "@" }, /* For 1.4 compatibility. */ + { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" }, + { oNoUseEmbeddedFilename, "no-use-embedded-filename", 0, "@" }, + { oUtf8Strings, "utf8-strings", 0, "@" }, +--- gnupg-2.0.8//tools/ChangeLog 2007-12-14 16:56:04.000000000 +0100 ++++ gnupg-r4688//tools/ChangeLog 2008-02-06 16:58:09.000000000 +0100 +@@ -1,3 +1,18 @@ ++2008-02-01 Marcus Brinkmann ++ ++ * gpgconf-comp.c (gc_component_list_options): Fix memcpy. ++ Reported by Marc Mutz. ++ ++2008-01-22 Werner Koch ++ ++ * gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make ++ "LDAP server list" group title translatable. ++ ++2008-01-17 Marcus Brinkmann ++ ++ * gpgconf-comp.c (change_options_program): Strip duplicated ++ utf8-strings entries for gnupg backend. Don't create them either. ++ + 2007-12-10 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Fix up expert level +--- gnupg-2.0.8//tools/gpgconf-comp.c 2007-12-14 16:56:04.000000000 +0100 ++++ gnupg-r4688//tools/gpgconf-comp.c 2008-02-06 16:58:10.000000000 +0100 +@@ -840,7 +840,7 @@ static gc_option_t gc_options_dirmngr[] + "dirmngr", "|URL|redirect all HTTP requests to URL", + GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR }, + { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, +- "dirmngr", N_("use system's HTTP proxy setting"), ++ "gnupg", N_("use system's HTTP proxy setting"), + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + + { "LDAP", +@@ -874,7 +874,7 @@ static gc_option_t gc_options_dirmngr[] + GC_BACKEND_DIRMNGR in this component, so that the entry for + "ldapserverlist-file will be initialized before this one. */ + { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC, +- NULL, "LDAP server list", ++ "gnupg", N_("LDAP server list"), + GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST }, + { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, + "dirmngr", "|N|do not return more than N items in one query", +@@ -1568,7 +1568,7 @@ gc_component_list_options (int component + gc_option_t opt_copy; + + /* Fix up the group level. */ +- memcpy (&opt_copy, option, sizeof (opt)); ++ memcpy (&opt_copy, option, sizeof (opt_copy)); + opt_copy.level = level; + list_one_option (&opt_copy, out); + } +@@ -2467,6 +2467,8 @@ change_options_program (gc_component_t c + char *src_filename; + char *dest_filename; + char *orig_filename; ++ /* Special hack for gpg, see below. */ ++ int utf8strings_seen = 0; + + /* FIXME. Throughout the function, do better error reporting. */ + dest_filename = xstrdup (get_config_pathname (component, backend)); +@@ -2526,6 +2528,15 @@ change_options_program (gc_component_t c + else + break; + } ++ else if (backend == GC_BACKEND_GPG && in_marker ++ && ! strcmp ("utf8-strings\n", line)) ++ { ++ /* Strip duplicated entries. */ ++ if (utf8strings_seen) ++ disable = 1; ++ else ++ utf8strings_seen = 1; ++ } + + start = line; + while (*start == ' ' || *start == '\t') +@@ -2591,7 +2602,7 @@ change_options_program (gc_component_t c + followed by the rest of the original file. */ + + /* We have to turn on UTF8 strings for GnuPG. */ +- if (backend == GC_BACKEND_GPG) ++ if (backend == GC_BACKEND_GPG && ! utf8strings_seen) + fprintf (src_file, "utf8-strings\n"); + + option = gc_component[component].options; diff --git a/gnupg-2.0.8-warningfixes.diff b/gnupg-2.0.8-warningfixes.diff new file mode 100644 index 0000000..a9b57c3 --- /dev/null +++ b/gnupg-2.0.8-warningfixes.diff @@ -0,0 +1,31 @@ +Fixes these two warnings: + +certdump.c:938: warning: the address of 't' will always evaluate as 'true' +dotlock.c:457: warning: 'pid' may be used uninitialized in this function + +Index: sm/certdump.c +=================================================================== +--- sm/certdump.c (revision 4688) ++++ sm/certdump.c (working copy) +@@ -935,7 +935,7 @@ + ksba_free (sexp); + + ksba_cert_get_validity (cert, 0, t); +- if (t && *t) ++ if (*t) + sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6); + else + *created = 0; +Index: jnlib/dotlock.c +=================================================================== +--- jnlib/dotlock.c (revision 4688) ++++ jnlib/dotlock.c (working copy) +@@ -454,7 +454,7 @@ + #else + char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node + name are usually shorter. */ +- int fd, pid; ++ int fd, pid = -1; + char *buffer, *p; + size_t expected_len; + int res, nread; diff --git a/gpg2.changes b/gpg2.changes index 3d64a73..699d539 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 6 18:16:34 CET 2008 - bk@suse.de + +- add selected upstream fixes and fix gcc and rpmlint warnings + ------------------------------------------------------------------- Tue Jan 8 10:48:30 CET 2008 - sassmann@suse.de diff --git a/gpg2.spec b/gpg2.spec index 705eecb..e0d0dbd 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -11,8 +11,12 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan-devel pth -BuildRequires: libgcrypt-devel libksba-devel opensc-devel pcsc-lite +Version: 2.0.8 +Release: 11 +#krb5 +BuildRequires: expect fdupes libassuan-devel pth +BuildRequires: libgcrypt-devel libksba-devel opensc-devel +#pcsc-lite BuildRequires: libusb-devel readline-devel zlib-devel BuildRequires: openldap2 openldap2-devel Url: http://www.gnupg.org/aegypten2/ @@ -21,14 +25,13 @@ Group: Productivity/Networking/Security PreReq: %install_info_prereq AutoReqProv: on Requires: pinentry, dirmngr -Provides: newpg gpg = 1.4.7 gnupg = %{version} -Obsoletes: newpg gpg <= 1.4.7 +Provides: newpg gpg = 1.4.8 gnupg = %{version} +Obsoletes: newpg gpg <= 1.4.8 Summary: GnuPG 2 -Version: 2.0.8 -Release: 1 Source: gnupg-2.0.8.tar.bz2 -Patch1: gnupg-2.0.5.fixes-from-svn-20070812.diff +Patch2: gnupg-2.0.8-from-upstream.diff Patch3: gnupg-2.0.4-oldkey.diff +Patch4: gnupg-2.0.8-warningfixes.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff @@ -48,20 +51,14 @@ Authors: %prep %setup -q -n gnupg-%version -#%patch1 -p1 -#included in upstream 2.0.8 +%patch2 -p1 %patch3 +%patch4 %patch5 %patch6 # Note: this patch only patches Makefile.am files, so it needs automake to run. %patch7 %patch9 -# Allow building GnuPG-2.05 with gettext-0.16, there fix why -# it was added was a small fix in gettext.m4, but gpg builds -# also find with gettext-0.16, and our gettext-0.16 should -# have # the fix also soon: -sed -i '/AM_GNU_GETTEXT_VERSION/s/0.16.1/0.16/' configure.ac -autoreconf -fi %build CFLAGS="%{optflags}" \ @@ -99,6 +96,9 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot %find_lang gnupg2 +%if 0%suse_version > 1020 +%fdupes %buildroot +%endif %check make check @@ -121,7 +121,9 @@ make check /usr/share/gnupg %changelog -* Tue Jan 08 2008 - sassmann@suse.de +* Wed Feb 06 2008 bk@suse.de +- add selected upstream fixes and fix gcc and rpmlint warnings +* Tue Jan 08 2008 sassmann@suse.de - update to GnuPG-2.0.8 - adapted patches to apply properly * gnupg-1.9.18-tmpdir.diff @@ -129,12 +131,12 @@ make check - gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, included in upstream 2.0.8 - use optflags during build -* Wed Sep 12 2007 - ltinkl@suse.cz +* Wed Sep 12 2007 ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key -* Mon Sep 10 2007 - ltinkl@suse.cz +* Mon Sep 10 2007 ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) - fix gpg doesn't work on the console (#302323) -* Fri Aug 10 2007 - bk@suse.de +* Fri Aug 10 2007 bk@suse.de - update to GnuPG-2.0.5 - requries libassuan-1.0.2! * Switched license to GPLv3. * Fixed bug when using the --p12-charset without --armor. @@ -148,35 +150,35 @@ make check - add opensc-devel to BuildRequrires to enanble smartcard support - del Makefile.in patches where we patch Makefile.am and run automake - cleanup the standrd GNU INSTALL and the empty VERSION from %%doc -* Thu Jul 26 2007 - sbrabec@suse.cz +* Thu Jul 26 2007 sbrabec@suse.cz - Build with libassuan-devel. -* Thu Jun 21 2007 - ro@suse.de +* Thu Jun 21 2007 ro@suse.de - install compat symlinks for gpg2 and gpgv2 - install gpg-zip and gpgsplit - added openldap2 to buildrequires (for gpgkeys_ldap) - added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit -* Wed May 23 2007 - dmueller@suse.de +* Wed May 23 2007 dmueller@suse.de - add libusb-devel build requires -* Wed May 16 2007 - ltinkl@suse.cz +* Wed May 16 2007 ltinkl@suse.cz - remove gpg from Require's (#273491) -* Fri May 11 2007 - ltinkl@suse.cz +* Fri May 11 2007 ltinkl@suse.cz - updated to 2.0.4 stable snapshot -* Wed Apr 04 2007 - ltinkl@suse.cz +* Wed Apr 04 2007 ltinkl@suse.cz - update to 2.0.3 - fixed #251605 - VUL-0: signing issues within GNUPG - removed outdated patches -* Fri Mar 30 2007 - ro@suse.de +* Fri Mar 30 2007 ro@suse.de - added zlib-devel to buildreq -* Wed Feb 14 2007 - ltinkl@suse.cz +* Wed Feb 14 2007 ltinkl@suse.cz - fix file conflicts with gpg (#242133) -* Tue Jan 30 2007 - ro@suse.de +* Tue Jan 30 2007 ro@suse.de - fix build (exclude possible debuginfo directory) -* Mon Jan 29 2007 - ltinkl@suse.cz +* Mon Jan 29 2007 ltinkl@suse.cz - fix #221212 - gpg2 is not updated and do not contain documentation - fix #233525 - gpg1/2: bug in vasprintf() implementation -* Thu Nov 30 2006 - anicka@suse.cz +* Thu Nov 30 2006 anicka@suse.cz - fix overflow in openfile.c (CVE-2006-6169, #224108) -* Mon Sep 11 2006 - pnemec@suse.cz +* Mon Sep 11 2006 pnemec@suse.cz - updated gnupg to new version 1.9.22 Enhanced pkcs#12 support Support for the CardMan 4040 PCMCIA @@ -186,75 +188,75 @@ make check - removed -cfb.diff -signature.patch -cap_large_uid.patch patches they are no longer needed - change patch -warnings-fix.diff -ccid-driver-fix.diff -* Thu Aug 17 2006 - pnemec@suse.de +* Thu Aug 17 2006 pnemec@suse.de - remove unused package in build requires -* Wed Aug 09 2006 - pnemec@suse.cz +* Wed Aug 09 2006 pnemec@suse.cz - fix spec file to build with new gettext 0.15 -* Mon Aug 07 2006 - pnemec@suse.cz +* Mon Aug 07 2006 pnemec@suse.cz - fixed security fix with large uid CVE-2006-3746 [#195569] -* Thu Feb 23 2006 - pnemec@suse.cz +* Thu Feb 23 2006 pnemec@suse.cz - fixed signature security problem CVE-2006-0455 (bugzilla#150742) -* Thu Feb 02 2006 - pnemec@suse.cz +* Thu Feb 02 2006 pnemec@suse.cz - fixed install info in spec file -* Thu Jan 26 2006 - sbrabec@suse.cz +* Thu Jan 26 2006 sbrabec@suse.cz - Added missing %%install_info. -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Fri Aug 05 2005 - postadal@suse.cz +* Fri Aug 05 2005 postadal@suse.cz - updated to version to 1.9.18 - removed obsoleted gcc patch - added patch tmpdir.diff for using $TMPDIR by gpg-agent [#bug95732] -* Tue Jul 12 2005 - postadal@suse.cz +* Tue Jul 12 2005 postadal@suse.cz - updated to version to 1.9.17 - updated pth to version 2.0.4 - removed obsoleted patch agent-cache-fix.diff - fixed ccid-driver.c - fixed gcc4 - explicitly enabled gpg building in configure -* Thu Mar 24 2005 - postadal@suse.cz +* Thu Mar 24 2005 postadal@suse.cz - fixed caching passphrase in gpg-agent [#71975] -* Tue Mar 22 2005 - postadal@suse.cz +* Tue Mar 22 2005 postadal@suse.cz - fixed on 64bit archs [#72440] -* Wed Feb 23 2005 - postadal@suse.cz +* Wed Feb 23 2005 postadal@suse.cz - security fix for cfb-cipher issue [#65862] -* Wed Jan 12 2005 - postadal@suse.cz +* Wed Jan 12 2005 postadal@suse.cz - update to version 1.9.14 - removed obsoleted patch automake-fixes.diff -* Tue Sep 28 2004 - adrian@suse.de +* Tue Sep 28 2004 adrian@suse.de - link against libpth staticaly to make S/MIME support in kmail usable. Hopefully we can convert this to a native thread implementation later. (#46260) -* Sat Jul 31 2004 - adrian@suse.de +* Sat Jul 31 2004 adrian@suse.de - update to version 1.9.10 -* Tue Jul 20 2004 - adrian@suse.de +* Tue Jul 20 2004 adrian@suse.de - remove openct and opensc packages from nfb (we will need thread support, when enabling card reader support, but it isn't anyway implemented yet in gpg2) -* Mon Jul 12 2004 - adrian@suse.de +* Mon Jul 12 2004 adrian@suse.de - use GnuPG 2 sources version 1.9.9 - opensc support misses some functions atm, support disabled for now - threading is disabled, since we do not have a pth package for now - prepare for nld -* Thu Feb 26 2004 - postadal@suse.cz +* Thu Feb 26 2004 postadal@suse.cz - adapted some functions to the libgcrypt version 1.1.91 [#34987] - added libgpg-error to needforbuild flag -* Wed Feb 18 2004 - kukuk@suse.de +* Wed Feb 18 2004 kukuk@suse.de - Don't build against libpth. -* Tue Feb 10 2004 - postadal@suse.cz +* Tue Feb 10 2004 postadal@suse.cz - fixed code that broke strict aliasing -* Fri Dec 05 2003 - garloff@suse.de +* Fri Dec 05 2003 garloff@suse.de - disable core dumpe in child after forking. [#33499] -* Mon Aug 11 2003 - adrian@suse.de +* Mon Aug 11 2003 adrian@suse.de - cleanup #neededforbuild and requires -* Mon Aug 04 2003 - ro@suse.de +* Mon Aug 04 2003 ro@suse.de - added openct to neededforbuild -* Fri Jul 18 2003 - mc@suse.de +* Fri Jul 18 2003 mc@suse.de - build against opensc -* Thu Jun 19 2003 - schwab@suse.de +* Thu Jun 19 2003 schwab@suse.de - Add %%install_info. -* Mon Mar 17 2003 - adrian@suse.de +* Mon Mar 17 2003 adrian@suse.de - add signal handler to check if the parent is still alive and exit if not - use pinentry-qt by default (/usr/bin/pinentry do not exist) -* Tue Feb 11 2003 - mc@suse.de +* Tue Feb 11 2003 mc@suse.de - initial release