From 90cb1f61d3327ec2b05500657494c3c94f1f2b891939481e3df4a0c3558972b4 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Tue, 3 Jan 2023 14:26:43 +0000 Subject: [PATCH] Accepting request 1046530 from home:david.anes:branches:Base:System - Updated to require libgpg-error-devel >= 1.46 - Rebased patches: * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-add_legacy_FIPS_mode_option.patch - GnuPG 2.4.0: * common: Fix translations in --help for gpgrt < 1.47. * gpg: Do not continue the export after a cancel for the primary key. * gpg: Replace use of PRIu64 in log_debug. * Update NEWS for 2.4.0. * tests: Fix make check with GPGME. * agent: Allow arguments to "scd serialno" in restricted mode. * scd:p15: Skip deleted records. * build: Remove Windows CE support. * wkd: Do not send/install/mirror expired user ids. * gpgsm: Print the revocation time also with --verify. * gpgsm: Fix "problem re-searching certificate" case. * gpgsm: Print revocation date and reason in cert listings. * gpgsm: Silence the "non-critical certificate policy not allowed". * gpgsm: Always use the chain model if the root-CA requests this. * gpg: New export option "mode1003". * gpg: Remove a mostly duplicated function. * tests: Simplify fake-pinentry to use the option only. * tests: Fix fake-pinentry for Windows. * tests: Fix make check-all. * agent: Fix import of protected v5 keys. * gpgsm: Change default algo to AES-256. * tests: Put a workaround for semihosted environment. * tests: More fix for semihosted environment. * tests: Support semihosted environment. * tests: Fix tests under cms. OBS-URL: https://build.opensuse.org/request/show/1046530 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=282 --- gnupg-2.3.8.tar.bz2 | 3 - gnupg-2.3.8.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.4.0.tar.bz2 | 3 + gnupg-2.4.0.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 20 ++-- ...viously-known-keys-even-without-UIDs.patch | 23 +++-- gpg2.changes | 88 ++++++++++++++++++ gpg2.spec | 8 +- 8 files changed, 116 insertions(+), 29 deletions(-) delete mode 100644 gnupg-2.3.8.tar.bz2 delete mode 100644 gnupg-2.3.8.tar.bz2.sig create mode 100644 gnupg-2.4.0.tar.bz2 create mode 100644 gnupg-2.4.0.tar.bz2.sig diff --git a/gnupg-2.3.8.tar.bz2 b/gnupg-2.3.8.tar.bz2 deleted file mode 100644 index ab87c26..0000000 --- a/gnupg-2.3.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed -size 7644926 diff --git a/gnupg-2.3.8.tar.bz2.sig b/gnupg-2.3.8.tar.bz2.sig deleted file mode 100644 index cf362c596cfba1af7147ffbb690b7138f5abc05793f0f1820b62731a3dd04f61..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$sX398MrtFU?TsXGcw$g zHrzS){lqH|j=sC^{zz)=GUgxqE<9fODU`Fi`QR(vH4OjL+3kNhsW=q1xCSl0)sZW8 VL0x~5P~&++&U?QfUNkLa0RYLSGll>F diff --git a/gnupg-2.4.0.tar.bz2 b/gnupg-2.4.0.tar.bz2 new file mode 100644 index 0000000..0389e0d --- /dev/null +++ b/gnupg-2.4.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483 +size 7666935 diff --git a/gnupg-2.4.0.tar.bz2.sig b/gnupg-2.4.0.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..d7f2d205d6e45dbbd930fd6fcb8beecff9d38d4e2540c2d8ae4990be9a8253c4 GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$#YiTVBq2ufQhiVGcqjC zlM4U$+1o?O*Su-k@n!eBqd)Dvth2gx>-wn5i(BLE82)Fp_}}43=C)%fU2`K$EX_mt UU9!o_0^P_ze%IvZt8jAw0QQ+KLjV8( literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 5bb103e..e9a7f38 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.5/doc/gpg.texi +Index: gnupg-2.4.0/doc/gpg.texi =================================================================== ---- gnupg-2.3.5.orig/doc/gpg.texi -+++ gnupg-2.3.5/doc/gpg.texi -@@ -2197,6 +2197,24 @@ implies, this option is for experts only +--- gnupg-2.4.0.orig/doc/gpg.texi ++++ gnupg-2.4.0/doc/gpg.texi +@@ -2218,6 +2218,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.3.5/doc/gpg.texi @end table -Index: gnupg-2.3.5/g10/gpg.c +Index: gnupg-2.4.0/g10/gpg.c =================================================================== ---- gnupg-2.3.5.orig/g10/gpg.c -+++ gnupg-2.3.5/g10/gpg.c +--- gnupg-2.4.0.orig/g10/gpg.c ++++ gnupg-2.4.0/g10/gpg.c @@ -443,6 +443,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, oRequireCompliance, + oSetLegacyFips, + oCompatibilityFlags, oNoop - }; -@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = { +@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.3.5/g10/gpg.c ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3737,6 +3739,14 @@ main (int argc, char **argv) +@@ -3711,6 +3713,14 @@ main (int argc, char **argv) opt.flags.require_compliance = 1; break; diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch index bf5711b..649e0d8 100644 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.3.0/g10/import.c +Index: gnupg-2.4.0/g10/import.c =================================================================== ---- gnupg-2.3.0.orig/g10/import.c -+++ gnupg-2.3.0/g10/import.c -@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.4.0.orig/g10/import.c ++++ gnupg-2.4.0/g10/import.c +@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,7 +29,7 @@ Index: gnupg-2.3.0/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, +@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -44,13 +44,12 @@ Index: gnupg-2.3.0/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, - xfree(user); +@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, } } -- + - /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) - { - if (!silent) - { @@ -64,11 +63,11 @@ Index: gnupg-2.3.0/g10/import.c + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options); ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, +@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -93,7 +92,7 @@ Index: gnupg-2.3.0/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, +@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gpg2.changes b/gpg2.changes index da1913e..caf850a 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,91 @@ +------------------------------------------------------------------- +Tue Dec 20 16:01:05 UTC 2022 - David Anes + +- Updated to require libgpg-error-devel >= 1.46 + +- Rebased patches: + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-add_legacy_FIPS_mode_option.patch + +- GnuPG 2.4.0: + * common: Fix translations in --help for gpgrt < 1.47. + * gpg: Do not continue the export after a cancel for the primary key. + * gpg: Replace use of PRIu64 in log_debug. + * Update NEWS for 2.4.0. + * tests: Fix make check with GPGME. + * agent: Allow arguments to "scd serialno" in restricted mode. + * scd:p15: Skip deleted records. + * build: Remove Windows CE support. + * wkd: Do not send/install/mirror expired user ids. + * gpgsm: Print the revocation time also with --verify. + * gpgsm: Fix "problem re-searching certificate" case. + * gpgsm: Print revocation date and reason in cert listings. + * gpgsm: Silence the "non-critical certificate policy not allowed". + * gpgsm: Always use the chain model if the root-CA requests this. + * gpg: New export option "mode1003". + * gpg: Remove a mostly duplicated function. + * tests: Simplify fake-pinentry to use the option only. + * tests: Fix fake-pinentry for Windows. + * tests: Fix make check-all. + * agent: Fix import of protected v5 keys. + * gpgsm: Change default algo to AES-256. + * tests: Put a workaround for semihosted environment. + * tests: More fix for semihosted environment. + * tests: Support semihosted environment. + * tests: Fix tests under cms. + * tests,w32: Fix for semihosted environment. + * w32: Fix for tests on semihosted environment. + * w32: Fix gnupg_unsetenv. + * wkd: New option --add-revocs and some fixes. + * wkd: Make use of --debug extprog. + * gpg: New export-filter export-revocs. + * gpg: Fix double-free in gpg --card-edit. + * gpg: Make --require-compliance work with out --status-fd. + * gpg: New option --list-filter. + * dirmngr: Silence ocsp debug output. + * tests: Fix to support --enable-all-tests and variants. + * tests:w32: Fix for non-dot file name for Windows. + * tests:gpgscm:w32: Fix for GetTempPath. + * tests: Keep .log files in objdir. + * tests: Use 233 for invalid value of FD. + * w32: Fix gnupg_tmpfile for possible failure. + * scd: Redact --debug cardio output of a VERIFY APDU. + * common: Remove Windows CE support in common. + * gpgsm: Fix colon outout of ECC encryption certificates. + * scd:nks: Fix ECC signing if key not given by keygrip. + * dirmngr: Fix verification of ECDSA signed CRLs. + * agent: Allow trustlist on Windows in Unicode homedirs. + * gpg: Fix verification of cleartext signatures with overlong lines. + * gpg: Move w32_system function. + * gpg: New option --quick-update-pref. + * gpg: New list-options show-pref and show-pref-verbose. + * tests: Add tests to check that OCB is only used for capable keys. + * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. + * tests: Add symmetric decryption tests. + * tests: Add tr:assert-same function. + * agent: Avoid blanks in the ssh key's comment. + * build: Update m4 files. + * gpg: Merge --rfc4880bis features into --gnupg. + * gpg: Allow only OCB for AEAD encryption. + * gpg: New option --compatibility-flags. + * gpgsm: Also announce AES256-CBC in signatures. + * gpg: Fix trusted introducer for user-ids with only the mbox. + * gpg: Import stray revocation certificates. + * agent: Automatically convert to extended key format by KEYATTR. + * card: New commands "gpg" and "gpgsm". + * card: Also show fingerprints of known X.509 certificates. + * scd:nks: Support non-ESIGN signing with the Signature Card v2. + * gpgsm: Allow ECC encryption keys with just keyAgreement specified. + * gpgsm: Use macro constants for cert_usage_p. + * build: Update gpg-error.m4. + * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. + * gpg: Move NETLIBS after GPG_ERROR_LIBS. + * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. + * common,w32: Fix struct stat on Windows. + * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. + * common: Don't use FD2INT for POSIX-only code. + * dirmngr: Fix build with no LDAP support. + ------------------------------------------------------------------- Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index 87c0390..c3f8e44 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.8 +Version: 2.4.0 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -45,8 +45,8 @@ BuildRequires: ibmswtpm2 BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.41 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgpg-error-devel >= 1.46 +BuildRequires: libksba-devel >= 1.6.3 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel