pool/gpg2
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 260826 from home:vitezslav_cizek:branches:Base:System

Browse Source 
- upgrade to 2.1.0 (modern)
  - The file "secring.gpg" is not anymore used to store the secret
    keys.  Merging of secret keys is now supported.
  - All support for PGP-2 keys has been removed for security reasons.
  - The standard key generation interface is now much leaner.  This
    will help a new user to quickly generate a suitable key.
  - Support for Elliptic Curve Cryptography (ECC) is now available.
  - Commands to create and sign keys from the command line without any
    extra prompts are now available.
  - The Pinentry may now show the new passphrase entry and the
    passphrase confirmation entry in one dialog.
  - There is no more need to manually start the gpg-agent.  It is now
    started by any part of GnuPG as needed.
  - Problems with importing keys with the same long key id have been
    addressed.
  - The Dirmngr is now part of GnuPG proper and also takes care of
    accessing keyserver.
  - Keyserver pools are now handled in a smarter way.
  - A new format for locally storing the public keys is now used.
    This considerable speeds up operations on large keyrings.
  - Revocation certificates are now created by default.
  - Card support has been updated, new readers and token types are
    supported.
  - The format of the key listing has been changed to better identify
    the properties of a key.
  - The gpg-agent may now be used on Windows as a Pageant replacement
    for Putty in the same way it is used for years on Unix as
    ssh-agent replacement.
  - Creation of X.509 certificates has been improved.  It is now also
    possible to export them directly in PKCS#8 and PEM format for use

OBS-URL: https://build.opensuse.org/request/show/260826
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=79
This commit is contained in:
Marcus Meissner 2014-11-11 10:52:31 +00:00 committed by Git OBS Bridge
parent 94e5edb36b
commit b4e8b7fb1e
13 changed files with 170 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
gnupg-2.0.18-files-are-digests.patch
View File

@ -4,11 +4,11 @@
g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----
3 files changed, 66 insertions(+), 5 deletions(-) 3 files changed, 66 insertions(+), 5 deletions(-)
Index: gnupg-2.0.23/g10/gpg.c Index: gnupg-2.1.0/g10/gpg.c
=================================================================== ===================================================================
--- gnupg-2.0.23.orig/g10/gpg.c 2014-06-03 22:36:44.000000000 +0100 --- gnupg-2.1.0.orig/g10/gpg.c 2014-11-07 11:35:21.599605797 +0100
+++ gnupg-2.0.23/g10/gpg.c 2014-06-03 22:36:55.000000000 +0100 +++ gnupg-2.1.0/g10/gpg.c 2014-11-07 16:50:14.742067262 +0100
@@ -345,6 +345,7 @@ enum cmd_and_opt_values @@ -349,6 +349,7 @@ enum cmd_and_opt_values
oTTYtype, oTTYtype,
oLCctype, oLCctype,
oLCmessages, oLCmessages,
@ -16,35 +16,35 @@ Index: gnupg-2.0.23/g10/gpg.c
oXauthority, oXauthority,
oGroup, oGroup,
oUnGroup, oUnGroup,
@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = { @@ -733,6 +734,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
ARGPARSE_s_s (oPersonalCompressPreferences, ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"), "personal-compress-preferences", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
+ ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), + ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"),
/* Aliases. I constantly mistype these, and assume other people do /* Aliases. I constantly mistype these, and assume other people do
as well. */ as well. */
@@ -2001,6 +2003,7 @@ main (int argc, char **argv) @@ -2126,6 +2128,7 @@ main (int argc, char **argv)
opt.def_sig_expire="0"; opt.def_cert_expire = "0";
opt.def_cert_expire="0"; set_homedir (default_homedir ());
set_homedir ( default_homedir () ); opt.passphrase_repeat = 1;
+ opt.files_are_digests=0; + opt.files_are_digests=0;
opt.passphrase_repeat=1;
opt.emit_version = 1; /* Limit to the major number. */ opt.emit_version = 1; /* Limit to the major number. */
@@ -2491,6 +2494,7 @@ main (int argc, char **argv) /* Check whether we have a config file on the command line. */
@@ -2630,6 +2633,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceV3Sigs: opt.force_v3_sigs = 1; break;
case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
+ case oFilesAreDigests: opt.files_are_digests = 1; break; + case oFilesAreDigests: opt.files_are_digests = 1; break;
case oForceV4Certs: opt.force_v4_certs = 1; break;
case oNoForceV4Certs: opt.force_v4_certs = 0; break;
case oForceMDC: opt.force_mdc = 1; break; case oForceMDC: opt.force_mdc = 1; break;
Index: gnupg-2.0.23/g10/options.h case oNoForceMDC: opt.force_mdc = 0; break;
Index: gnupg-2.1.0/g10/options.h
=================================================================== ===================================================================
--- gnupg-2.0.23.orig/g10/options.h 2014-06-03 22:36:44.000000000 +0100 --- gnupg-2.1.0.orig/g10/options.h 2014-11-07 11:35:21.599605797 +0100
+++ gnupg-2.0.23/g10/options.h 2014-06-03 22:36:55.000000000 +0100 +++ gnupg-2.1.0/g10/options.h 2014-11-07 16:49:59.770885017 +0100
@@ -198,6 +198,7 @@ struct @@ -193,6 +193,7 @@ struct
int no_auto_check_trustdb; int no_auto_check_trustdb;
int preserve_permissions; int preserve_permissions;
int no_homedir_creation; int no_homedir_creation;
@ -52,24 +52,24 @@ Index: gnupg-2.0.23/g10/options.h
struct groupitem *grouplist; struct groupitem *grouplist;
int mangle_dos_filenames; int mangle_dos_filenames;
int enable_progress_filter; int enable_progress_filter;
Index: gnupg-2.0.23/g10/sign.c Index: gnupg-2.1.0/g10/sign.c
=================================================================== ===================================================================
--- gnupg-2.0.23.orig/g10/sign.c 2014-06-03 22:36:44.000000000 +0100 --- gnupg-2.1.0.orig/g10/sign.c 2014-11-07 11:35:21.599605797 +0100
+++ gnupg-2.0.23/g10/sign.c 2014-06-03 22:36:55.000000000 +0100 +++ gnupg-2.1.0/g10/sign.c 2014-11-07 17:13:40.128218081 +0100
@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list @@ -703,8 +703,12 @@ write_signature_packets (SK_LIST sk_list
mk_notation_policy_etc (sig, NULL, sk); build_sig_subpkt_from_sig (sig);
} mk_notation_policy_etc (sig, pk, NULL);
+ if (!opt.files_are_digests) { + if (!opt.files_are_digests) {
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
+ } else if (sig->version >= 4) { + } else if (sig->version >= 4) {
+ log_bug("files-are-digests doesn't work with v4 sigs\n"); + log_bug("files-are-digests doesn't work with v4 sigs\n");
+ } + }
rc = do_sign( sk, sig, md, hash_for (sk) ); rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md); gcry_md_close (md);
@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta @@ -762,6 +766,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL; SK_LIST sk_rover = NULL;
int multifile = 0; int multifile = 0;
u32 duration=0; u32 duration=0;
@ -78,7 +78,7 @@ Index: gnupg-2.0.23/g10/sign.c
pfx = new_progress_context (); pfx = new_progress_context ();
afx = new_armor_context (); afx = new_armor_context ();
@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta @@ -778,7 +784,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL; fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) ) if( fname && filenames->next && (!detached || encryptflag) )
@ -96,7 +96,7 @@ Index: gnupg-2.0.23/g10/sign.c
if(encryptflag==2 if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta @@ -799,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave; goto leave;
/* prepare iobufs */ /* prepare iobufs */
@ -105,16 +105,16 @@ Index: gnupg-2.0.23/g10/sign.c
inp = NULL; /* we do it later */ inp = NULL; /* we do it later */
else { else {
inp = iobuf_open(fname); inp = iobuf_open(fname);
@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta @@ -938,7 +953,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
gcry_md_enable (mfx.md, hash_for(sk)); for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
} gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
- if( !multifile ) - if( !multifile )
+ if( !multifile && !opt.files_are_digests ) + if( !multifile && !opt.files_are_digests )
iobuf_push_filter( inp, md_filter, &mfx ); iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag && !RFC1991 ) if( detached && !encryptflag)
@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta @@ -993,6 +1008,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md); write_status_begin_signing (mfx.md);
@ -123,7 +123,7 @@ Index: gnupg-2.0.23/g10/sign.c
/* Setup the inner packet. */ /* Setup the inner packet. */
if( detached ) { if( detached ) {
if( multifile ) { if( multifile ) {
@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta @@ -1033,6 +1050,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose ) if( opt.verbose )
putc( '\n', stderr ); putc( '\n', stderr );
} }
@ -169,14 +169,14 @@ Index: gnupg-2.0.23/g10/sign.c
else { else {
/* read, so that the filter can calculate the digest */ /* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 ) while( iobuf_get(inp) != -1 )
@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta @@ -1050,8 +1106,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */ /* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md, rc = write_signature_packets (sk_list, out, mfx.md,
- opt.textmode && !outfile? 0x01 : 0x00, - opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S'); - 0, duration, detached ? 'D':'S', NULL);
+ sigclass, + sigclass,
+ timestamp, duration, detached ? 'D':'S'); + timestamp, duration, detached ? 'D':'S', NULL);
if( rc ) if( rc )
goto leave; goto leave;

41
gnupg-2.0.18-tmpdir.diff
View File

@ -1,41 +0,0 @@
diff -rup gnupg-2.0.18.orig/agent/gpg-agent.c gnupg-2.0.18/agent/gpg-agent.c
--- gnupg-2.0.18.orig/agent/gpg-agent.c 2011-08-04 10:57:02.000000000 +0100
+++ gnupg-2.0.18/agent/gpg-agent.c 2011-08-06 21:01:32.000000000 +0100
@@ -1002,6 +1002,10 @@ main (int argc, char **argv )
gnupg_fd_t fd_ssh;
pid_t pid;
+ char *tmp1, *tmp;
+ char *tmp2 = "gpg-XXXXXX/S.gpg-agent";
+ size_t len;
+
/* Remove the DISPLAY variable so that a pinentry does not
default to a specific display. There is still a default
display when gpg-agent was started using --display or a
@@ -1013,13 +1017,23 @@ main (int argc, char **argv )
unsetenv ("DISPLAY");
#endif
+ if ((tmp1 = getenv("TMPDIR")) == NULL)
+ tmp1 = "/tmp";
+
+ len = strlen(tmp1) + strlen(tmp2) + 10;
+ tmp = malloc(len);
+
+ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2);
/* Create the sockets. */
socket_name = create_socket_name
- ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent");
- if (opt.ssh_support)
+ ("S.gpg-agent", tmp);
+ if (opt.ssh_support) {
+ snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2);
socket_name_ssh = create_socket_name
- ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh");
+ ("S.gpg-agent.ssh", tmp);
+ }
+ free(tmp);
fd = create_server_socket (socket_name, 0, &socket_nonce);
if (opt.ssh_support)

13
gnupg-2.0.20-automake113.diff
View File

@ -1,13 +0,0 @@
Index: gnupg-2.0.20/tests/openpgp/Makefile.am
===================================================================
--- gnupg-2.0.20.orig/tests/openpgp/Makefile.am
+++ gnupg-2.0.20/tests/openpgp/Makefile.am
@@ -25,7 +25,7 @@ required_pgms = ../../g10/gpg2 ../../age
TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \
- ../../agent/gpg-agent --quiet --daemon sh
+ ../../agent/gpg-agent --quiet --daemon
TESTS = version.test mds.test \

23
gnupg-2.0.4-install_tools.diff
View File

@ -1,8 +1,8 @@
Index: tools/Makefile.am Index: tools/Makefile.am
=================================================================== ===================================================================
--- tools/Makefile.am.orig --- tools/Makefile.am.orig 2014-11-06 18:12:17.743916141 +0100
+++ tools/Makefile.am +++ tools/Makefile.am 2014-11-06 18:13:17.073677366 +0100
@@ -32,8 +32,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde @@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde
bin_SCRIPTS = gpgsm-gencert.sh bin_SCRIPTS = gpgsm-gencert.sh
if HAVE_USTAR if HAVE_USTAR
@ -13,20 +13,21 @@ Index: tools/Makefile.am
endif endif
if BUILD_SYMCRYPTRUN if BUILD_SYMCRYPTRUN
@@ -51,14 +51,14 @@ endif @@ -55,7 +55,7 @@ endif
# Fixme: We should remove the gpgkey2ssh tool.
bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar} bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun}
if !HAVE_W32_SYSTEM if !HAVE_W32_SYSTEM
-bin_PROGRAMS += watchgnupg gpgparsemail -bin_PROGRAMS += watchgnupg gpgparsemail
+bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit +bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit
endif endif
if !HAVE_W32CE_SYSTEM
if !DISABLE_REGEX bin_PROGRAMS += gpgkey2ssh ${gpgtar}
libexec_PROGRAMS = gpg-check-pattern @@ -66,7 +66,7 @@ libexec_PROGRAMS = gpg-check-pattern
endif endif
if !HAVE_W32CE_SYSTEM
-noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit -noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit
+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert +noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert
endif
common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a common_libs = $(libcommon) ../gl/libgnu.a
pwquery_libs = ../common/libsimple-pwquery.a

10
gnupg-2.0.9-langinfo.patch
View File

@ -3,12 +3,12 @@
# jnlib/utf8conv.c | 1 + # jnlib/utf8conv.c | 1 +
# 1 file changed, 1 insertion(+) # 1 file changed, 1 insertion(+)
# #
Index: gnupg-2.0.21/jnlib/utf8conv.c Index: gnupg-2.1.0/common/utf8conv.c
=================================================================== ===================================================================
--- gnupg-2.0.21.orig/jnlib/utf8conv.c 2013-08-19 09:55:30.000000000 +0100 --- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200
+++ gnupg-2.0.21/jnlib/utf8conv.c 2013-08-19 18:53:22.000000000 +0100 +++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100
@@ -148,6 +148,7 @@ set_native_charset (const char *newset) @@ -198,6 +198,7 @@ set_native_charset (const char *newset)
#else /*!HAVE_W32_SYSTEM*/ #else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/
#ifdef HAVE_LANGINFO_CODESET #ifdef HAVE_LANGINFO_CODESET
+ setlocale(LC_ALL, ""); + setlocale(LC_ALL, "");

3
gnupg-2.1.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:16a8c3f50a15bf37d2dfb1c5e4bb3ec533e1d0b6a4043ff3680a376a3ad4058b
size 3111585

BIN
gnupg-2.1.0.tar.bz2.sig Normal file
View File

Binary file not shown.

24
gnupg-add_legacy_FIPS_mode_option.patch
View File

@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++ g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+) 2 files changed, 27 insertions(+)
Index: gnupg-2.0.23/doc/gpg.texi Index: gnupg-2.1.0/doc/gpg.texi
=================================================================== ===================================================================
--- gnupg-2.0.23.orig/doc/gpg.texi 2014-06-03 22:22:56.000000000 +0100 --- gnupg-2.1.0.orig/doc/gpg.texi 2014-11-06 18:31:32.218688065 +0100
+++ gnupg-2.0.23/doc/gpg.texi 2014-06-03 22:25:03.000000000 +0100 +++ gnupg-2.1.0/doc/gpg.texi 2014-11-06 18:31:33.871709178 +0100
@@ -1851,6 +1851,24 @@ implies, this option is for experts only @@ -1828,6 +1828,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option. off. @option{--no-expert} disables this option.
@ -32,19 +32,19 @@ Index: gnupg-2.0.23/doc/gpg.texi
@end table @end table
Index: gnupg-2.0.23/g10/gpg.c Index: gnupg-2.1.0/g10/gpg.c
=================================================================== ===================================================================
--- gnupg-2.0.23.orig/g10/gpg.c 2014-06-03 22:24:52.000000000 +0100 --- gnupg-2.1.0.orig/g10/gpg.c 2014-11-06 18:31:32.220688090 +0100
+++ gnupg-2.0.23/g10/gpg.c 2014-06-03 22:25:56.000000000 +0100 +++ gnupg-2.1.0/g10/gpg.c 2014-11-06 18:32:03.833091859 +0100
@@ -369,6 +369,7 @@ enum cmd_and_opt_values @@ -380,6 +380,7 @@ enum cmd_and_opt_values
oAllowMultipleMessages,
oNoAllowMultipleMessages, oNoAllowMultipleMessages,
oAllowWeakDigestAlgos, oAllowWeakDigestAlgos,
oFakedSystemTime,
+ oSetLegacyFips, + oSetLegacyFips,
oNoop oNoop
}; };
@@ -746,6 +747,7 @@ static ARGPARSE_OPTS opts[] = { @@ -772,6 +773,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@ -52,8 +52,8 @@ Index: gnupg-2.0.23/g10/gpg.c
/* These two are aliases to help users of the PGP command line /* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common product use gpg with minimal pain. Many commands are common
@@ -2959,6 +2961,13 @@ main (int argc, char **argv) @@ -3138,6 +3140,13 @@ main (int argc, char **argv)
opt.flags.allow_weak_digest_algos = 1; }
break; break;
+ case oSetLegacyFips: + case oSetLegacyFips:

43
gnupg-detect_FIPS_mode.patch
View File

@ -1,37 +1,24 @@
Index: gnupg-2.0.19/g10/encode.c Index: gnupg-2.1.0/g10/encrypt.c
=================================================================== ===================================================================
--- gnupg-2.0.19.orig/g10/encode.c 2013-03-14 14:23:58.009483967 +0100 --- gnupg-2.1.0.orig/g10/encrypt.c 2014-11-06 18:27:35.176659675 +0100
+++ gnupg-2.0.19/g10/encode.c 2013-03-14 15:49:50.524306304 +0100 +++ gnupg-2.1.0/g10/encrypt.c 2014-11-06 18:29:10.987883901 +0100
@@ -732,7 +732,10 @@ encrypt_filter( void *opaque, int contro @@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
if( efx->cfx.dek->algo == -1 ) { /* Because 3DES is implicitly in the prefs, this can
/* because 3DES is implicitly in the prefs, this can only only happen if we do not have any public keys in
* happen if we do not have any public keys in the list */ the list. */
- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; - efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+ /* Libgcrypt manual says that gcry_version_check must be called + /* Libgcrypt manual says that gcry_version_check must be called
+ before calling gcry_fips_mode_active. */ + before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL); + gcry_check_version (NULL);
+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO; + efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
} }
/* In case 3DES has been selected, print a warning if /* In case 3DES has been selected, print a warning if
Index: gnupg-2.0.19/g10/gpg.c Index: gnupg-2.1.0/g10/mainproc.c
=================================================================== ===================================================================
--- gnupg-2.0.19.orig/g10/gpg.c 2013-03-14 14:24:00.031545611 +0100 --- gnupg-2.1.0.orig/g10/mainproc.c 2014-11-06 18:27:33.243634973 +0100
+++ gnupg-2.0.19/g10/gpg.c 2013-03-14 14:24:37.495687612 +0100 +++ gnupg-2.1.0/g10/mainproc.c 2014-11-06 18:27:35.178659700 +0100
@@ -1975,7 +1975,7 @@ main (int argc, char **argv) @@ -690,9 +690,15 @@ proc_plaintext( CTX c, PACKET *pkt )
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_count = 0; /* Auto-calibrate when needed. */
- opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+ opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_CAST5;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
Index: gnupg-2.0.19/g10/mainproc.c
===================================================================
--- gnupg-2.0.19.orig/g10/mainproc.c 2013-03-14 14:23:58.011484028 +0100
+++ gnupg-2.0.19/g10/mainproc.c 2013-03-14 15:50:50.970127383 +0100
@@ -685,9 +685,15 @@ proc_plaintext( CTX c, PACKET *pkt )
often. There is no good way to specify what algorithms to often. There is no good way to specify what algorithms to
use in that case, so these three are the historical use in that case, so these three are the historical
answer. */ answer. */
@ -47,5 +34,5 @@ Index: gnupg-2.0.19/g10/mainproc.c
+ if( !gcry_fips_mode_active() ) + if( !gcry_fips_mode_active() )
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); + gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
} }
if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) { if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
/* This is a kludge to work around a bug in pgp2. It does only && opt.flags.allow_weak_digest_algos) {

8
gnupg-dont-fail-with-seahorse-agent.patch
View File

@ -2,11 +2,11 @@
g10/passphrase.c | 2 +- g10/passphrase.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
Index: gnupg-2.0.23/g10/passphrase.c Index: gnupg-2.1.0/g10/passphrase.c
=================================================================== ===================================================================
--- gnupg-2.0.23.orig/g10/passphrase.c 2014-06-03 07:59:18.000000000 +0100 --- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100
+++ gnupg-2.0.23/g10/passphrase.c 2014-06-03 22:37:30.000000000 +0100 +++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100
@@ -72,7 +72,7 @@ encode_s2k_iterations (int iterations) @@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations)
{ {
/* Don't print an error if an older agent is used. */ /* Don't print an error if an older agent is used. */
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)

35
gnupg-set_umask_before_open_outfile.patch
View File

@ -1,14 +1,14 @@
Index: gnupg-2.0.20/g10/plaintext.c Index: gnupg-2.1.0/g10/plaintext.c
=================================================================== ===================================================================
--- gnupg-2.0.20.orig/g10/plaintext.c 2013-05-13 14:26:49.290737159 +0200 --- gnupg-2.1.0.orig/g10/plaintext.c 2014-11-07 11:35:18.100563974 +0100
+++ gnupg-2.0.20/g10/plaintext.c 2013-05-13 14:43:21.740575875 +0200 +++ gnupg-2.1.0/g10/plaintext.c 2014-11-07 16:51:59.919347340 +0100
@@ -25,6 +25,7 @@ @@ -25,6 +25,7 @@
#include <errno.h> #include <errno.h>
#include <assert.h> #include <assert.h>
#include <sys/types.h> #include <sys/types.h>
+#include <sys/stat.h> +#include <sys/stat.h>
#ifdef HAVE_DOSISH_SYSTEM #ifdef HAVE_DOSISH_SYSTEM
#include <fcntl.h> /* for setmode() */ # include <fcntl.h> /* for setmode() */
#endif #endif
@@ -39,6 +40,9 @@ @@ -39,6 +40,9 @@
#include "status.h" #include "status.h"
@ -18,20 +18,21 @@ Index: gnupg-2.0.20/g10/plaintext.c
+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS) +#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS)
/**************** /* Handle a plaintext packet. If MFX is not NULL, update the MDs
* Handle a plaintext packet. If MFX is not NULL, update the MDs * Note: We should have used the filter stuff here, but we have to add
@@ -140,10 +144,15 @@ handle_plaintext( PKT_plaintext *pt, md_ @@ -169,11 +173,15 @@ handle_plaintext (PKT_plaintext * pt, md
log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
goto leave; goto leave;
} }
- else if( !(fp = fopen(fname,"wb")) ) { - else if (!(fp = es_fopen (fname, "wb")))
- rc = gpg_error_from_syserror (); - {
- log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); - err = gpg_error_from_syserror ();
- goto leave; - log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
- goto leave;
+ else { + else {
+ mode_t saved_umask = umask(GPG_SAFE_UMASK); + mode_t saved_umask = umask(GPG_SAFE_UMASK);
+ if( !(fp = fopen(fname,"wb")) ) { + if( !(fp = es_fopen(fname,"wb")) ) {
+ rc = gpg_error_from_syserror (); + err = gpg_error_from_syserror ();
+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); + log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+ umask(saved_umask); + umask(saved_umask);
+ goto leave; + goto leave;
@ -39,4 +40,4 @@ Index: gnupg-2.0.20/g10/plaintext.c
+ umask(saved_umask); + umask(saved_umask);
} }
#else /* __riscos__ */ #else /* __riscos__ */
/* If no output filename was given, i.e. we constructed it, /* If no output filename was given, i.e. we constructed it, convert

40
gpg2.changes
View File

@ -1,3 +1,43 @@
-------------------------------------------------------------------
Thu Nov 6 17:32:39 UTC 2014 - vcizek@suse.com
- upgrade to 2.1.0 (modern)
- The file "secring.gpg" is not anymore used to store the secret
keys. Merging of secret keys is now supported.
- All support for PGP-2 keys has been removed for security reasons.
- The standard key generation interface is now much leaner. This
will help a new user to quickly generate a suitable key.
- Support for Elliptic Curve Cryptography (ECC) is now available.
- Commands to create and sign keys from the command line without any
extra prompts are now available.
- The Pinentry may now show the new passphrase entry and the
passphrase confirmation entry in one dialog.
- There is no more need to manually start the gpg-agent. It is now
started by any part of GnuPG as needed.
- Problems with importing keys with the same long key id have been
addressed.
- The Dirmngr is now part of GnuPG proper and also takes care of
accessing keyserver.
- Keyserver pools are now handled in a smarter way.
- A new format for locally storing the public keys is now used.
This considerable speeds up operations on large keyrings.
- Revocation certificates are now created by default.
- Card support has been updated, new readers and token types are
supported.
- The format of the key listing has been changed to better identify
the properties of a key.
- The gpg-agent may now be used on Windows as a Pageant replacement
for Putty in the same way it is used for years on Unix as
ssh-agent replacement.
- Creation of X.509 certificates has been improved. It is now also
possible to export them directly in PKCS#8 and PEM format for use
on TLS servers.
- dropped patches:
* gnupg-2.0.20-automake113.diff
* gnupg-2.0.18-tmpdir.diff (socket is created in homedir now)
- refresh most of the remaining patches
- added new BuildRequires: gnutls-devel, pkg-config, npth-devel
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Aug 12 20:19:45 UTC 2014 - andreas.stieger@gmx.de Tue Aug 12 20:19:45 UTC 2014 - andreas.stieger@gmx.de

26
gpg2.spec
View File

@ -17,7 +17,7 @@
Name: gpg2 Name: gpg2
Version: 2.0.26 Version: 2.1.0
Release: 0 Release: 0
BuildRequires: automake >= 1.10 BuildRequires: automake >= 1.10
BuildRequires: expect BuildRequires: expect
@ -36,11 +36,14 @@ BuildRequires: makeinfo
BuildRequires: openldap2-devel BuildRequires: openldap2-devel
BuildRequires: readline-devel BuildRequires: readline-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
%if 0%{?suse_version} >= 1120 #% if 0%{?suse_version} >= 1120
BuildRequires: libpth-devel >= 1.3.7 #BuildRequires: libpth-devel >= 1.3.7
%else #% else
BuildRequires: pth >= 1.3.7 #BuildRequires: pth >= 1.3.7
%endif #% endif
BuildRequires: gnutls-devel
BuildRequires: npth-devel
BuildRequires: pkg-config
Url: http://www.gnupg.org/aegypten2/ Url: http://www.gnupg.org/aegypten2/
PreReq: %install_info_prereq PreReq: %install_info_prereq
Requires: dirmngr Requires: dirmngr
@ -59,7 +62,7 @@ Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
# https://www.gnupg.org/signature_key.html # https://www.gnupg.org/signature_key.html
Source3: %{name}.keyring Source3: %{name}.keyring
Patch1: gnupg-2.0.18-tmpdir.diff #Patch1: gnupg-2.0.18-tmpdir.diff
Patch2: gnupg-2.0.4-install_tools.diff Patch2: gnupg-2.0.4-install_tools.diff
Patch4: gnupg-2.0.9-langinfo.patch Patch4: gnupg-2.0.9-langinfo.patch
Patch5: gnupg-2.0.18-files-are-digests.patch Patch5: gnupg-2.0.18-files-are-digests.patch
@ -67,7 +70,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch Patch9: gnupg-detect_FIPS_mode.patch
# PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL
Patch10: gnupg-2.0.20-automake113.diff #Patch10: gnupg-2.0.20-automake113.diff
Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -79,14 +82,14 @@ gpg-agent, and a keybox library.
%lang_package %lang_package
%prep %prep
%setup -q -n gnupg-%version %setup -q -n gnupg-%version
%patch1 -p1 #%patch1 -p1
%patch2 %patch2
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 #%patch10 -p1
%patch11 -p1 %patch11 -p1
%build %build
@ -134,6 +137,7 @@ rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot
install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ $RPM_BUILD_ROOT/%{_docdir}/%{name} install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ $RPM_BUILD_ROOT/%{_docdir}/%{name}
# install scdaemon to %{_bindir} (bnc#863645) # install scdaemon to %{_bindir} (bnc#863645)
mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
%find_lang gnupg2 %find_lang gnupg2
%if 0%{?suse_version} > 1020 %if 0%{?suse_version} > 1020
%fdupes %buildroot %fdupes %buildroot
@ -142,8 +146,6 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
%check %check
%if ! 0%{?qemu_user_space_build} %if ! 0%{?qemu_user_space_build}
make check make check
$RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p pubsplit- --uncompress <tests/openpgp/pubring.gpg
$RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress <tests/openpgp/secring.gpg
%endif %endif
%post %post